diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e44be54..2206e9e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,10 +6,57 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). This project does not follow semantic versioning. The **major** part of the version is aligned with the stable version of Debian. The **minor** part changes with big changes (probably incompatible). -The **patch** part changes incrmentally at each release. +The **patch** part changes incrementally at each release. ## [Unreleased] +### Added + +### Changed + +### Fixed + +### Security + +## [9.1.7] - 2018-04-06 + +### Added +* added a few become attributes where missing +* etc-git: add tags for Ansible +* evolinux-base: install ncurses-term package +* haproxy: install Munin plugins +* listupgrade: add service restart notification for Squid and libstdc++6 +* minifirewall: add "check_minifirewall" Nagios plugin (and `minifirewall_status` script) +* mysql-oracle: new role to install MySQL 5.7 with Oracle packages +* mysql: remount /usr before creating scripts directory +* nagios-nrpe: add "check_open_files" plugin +* nagios-nrpe: mark plugins as executable +* nodejs: Yarn package manager can be installed (default: `false`) +* packweb-apache: choose mysql variant (default: `debian`) +* postfix: add lines in /etc/.gitignore +* proftpd: use "proftpd_accounts" list to manage ftp accounts +* redmine: added missing tags + +### Changed +* elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`) +* elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). +* evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues) +* mongodb: allow unauthenticated packages for Jessie +* mongodb: configuration is forced by default but it's configurable (default: `false`) +* mongodb: rename logrotate script +* nagios-nrpe: mark plugins as executable +* nginx: don't debug variables in verbosity 0 +* nginx: package name can be specified (default: `nginx-full`) +* php: fix FPM custom file permissions +* php: more tasks notify FPM handler to restart if needed +* webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined + +### Fixed +* dovecot: fix support of plus sign +* mysql/mysql-oracle: mysqltuner cron task is executable +* nginx: fix basic auth for default vhost +* rbenv: fix become user issue with copy tasks + ## [9.1.6] - 2018-02-02 ### Added @@ -28,7 +75,7 @@ The **patch** part changes incrmentally at each release. ## [9.1.5] - 2018-01-18 ### Added -* There is changelog! +* There is a changelog! * redis: configuration variable for protected mode (v3.2+) * evolinux-users: users are in "adm" group for Debian 9 or later * evolinx-base: purge locate/mlocate packages diff --git a/amazon-ec2/amazon-ec2-evolinux.yml b/amazon-ec2/amazon-ec2-evolinux.yml index 5c7a5e4e..d9d79347 100644 --- a/amazon-ec2/amazon-ec2-evolinux.yml +++ b/amazon-ec2/amazon-ec2-evolinux.yml @@ -4,8 +4,8 @@ gather_facts: False vars: - aws_access_key: - aws_secret_key: + aws_access_key: + aws_secret_key: aws_region: ca-central-1 tasks: diff --git a/amazon-ec2/defaults/main.yml b/amazon-ec2/defaults/main.yml index c22b9df4..f1b0c52c 100644 --- a/amazon-ec2/defaults/main.yml +++ b/amazon-ec2/defaults/main.yml @@ -24,7 +24,7 @@ ec2_debian_base_ami: us-east-1: ami-ac5e55d7 us-east-2: ami-9fbb98fa us-west-1: ami-560c3836 - us-west-2: ami-fa18f282 + us-west-2: ami-fa18f282 ec2_evolinux_security_group: name: evolinux-default diff --git a/apache/templates/evolinux-default.conf.j2 b/apache/templates/evolinux-default.conf.j2 index e1c97911..3f058803 100644 --- a/apache/templates/evolinux-default.conf.j2 +++ b/apache/templates/evolinux-default.conf.j2 @@ -60,6 +60,10 @@ + + SecRuleEngine Off + + @@ -119,5 +123,9 @@ + + SecRuleEngine Off + + diff --git a/clamav/tasks/main.yml b/clamav/tasks/main.yml index 6e3058dd..b053fce4 100644 --- a/clamav/tasks/main.yml +++ b/clamav/tasks/main.yml @@ -108,4 +108,4 @@ replace: 'AllowSupplementaryGroups true' notify: restart clamav tags: - - clamav + - clamav diff --git a/elasticsearch/README.md b/elasticsearch/README.md index a6fa0b14..9f968ae2 100644 --- a/elasticsearch/README.md +++ b/elasticsearch/README.md @@ -20,8 +20,9 @@ Tasks are extracted in several files, included in `tasks/main.yml` : * `elasticsearch_network_publish_host`: which interface to publish ; * `elasticsearch_custom_datadir`: custom datadir ; * `elasticsearch_custom_tmpdir`: custom tmpdir ; -* `elasticsearch_jvm_xms`: mininum heap size reserved for the JVM (defaults to 2g). -* `elasticsearch_jvm_xmx`: maximum heap size reserved for the JVM (defaults to 2g). +* `elasticsearch_jvm_xms`: mininum heap size reserved for the JVM (default: `2g`). +* `elasticsearch_jvm_xmx`: maximum heap size reserved for the JVM (default: `2g`). +* `elasticsearch_restart_on_upgrade`: restart the service after package upgrade (default: `true`) By default, Elasticsearch will listen to the public interfaces (`_site_` cf. https://www.elastic.co/guide/en/elasticsearch/reference/5.0/important-settings.html#network.host), so you will have to secure it, with firewall rules for example. diff --git a/elasticsearch/defaults/main.yml b/elasticsearch/defaults/main.yml index 33310a2f..02dd0d5a 100644 --- a/elasticsearch/defaults/main.yml +++ b/elasticsearch/defaults/main.yml @@ -11,6 +11,7 @@ elasticsearch_default_tmpdir: /var/lib/elasticsearch/tmp elasticsearch_jvm_xms: 2g elasticsearch_jvm_xmx: 2g elasticsearch_log_rotate_days: 365 +elasticsearch_restart_on_upgrade: True elasticsearch_curator: False diff --git a/elasticsearch/tasks/configuration.yml b/elasticsearch/tasks/configuration.yml index 3852cb41..b9fecd47 100644 --- a/elasticsearch/tasks/configuration.yml +++ b/elasticsearch/tasks/configuration.yml @@ -39,12 +39,12 @@ tags: - config -- name: Restart on upgrade +- name: Configure RESTART_ON_UPGRADE lineinfile: dest: /etc/default/elasticsearch - line: "RESTART_ON_UPGRADE=true" + line: "RESTART_ON_UPGRADE={{ elasticsearch_restart_on_upgrade | bool | ternary('true','false') }}" regexp: "^RESTART_ON_UPGRADE=" - insertafter: "^# *RESTART_ON_UPGRADE=true" + insertafter: "^# *RESTART_ON_UPGRADE=" tags: - config diff --git a/elasticsearch/tasks/plugin_head.yml b/elasticsearch/tasks/plugin_head.yml index 29b2f1f7..81510fa0 100644 --- a/elasticsearch/tasks/plugin_head.yml +++ b/elasticsearch/tasks/plugin_head.yml @@ -31,6 +31,7 @@ environment: TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}" become_user: "{{ elasticsearch_plugin_head_owner }}" + become: yes - name: Elasticsearch HTTP/CORS are enabled lineinfile: diff --git a/elasticsearch/tasks/tmpdir.yml b/elasticsearch/tasks/tmpdir.yml index b6bd445a..d7046f02 100644 --- a/elasticsearch/tasks/tmpdir.yml +++ b/elasticsearch/tasks/tmpdir.yml @@ -18,10 +18,21 @@ tags: - elasticsearch + - name: check if ES_TMPDIR is available + lineinfile: + dest: /etc/default/elasticsearch + line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + regexp: "^ES_TMPDIR=" + insertafter: "JAVA_HOME" + notify: + - restart elasticsearch + tags: + - elasticsearch + - name: change JVM tmpdir lineinfile: dest: /etc/elasticsearch/jvm.options - line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + line: "-Djava.io.tmpdir=${ES_TMPDIR}" regexp: "^-Djava.io.tmpdir=" insertafter: "## JVM configuration" notify: diff --git a/etc-git/files/gitignore b/etc-git/files/gitignore index b25f7ef9..7f8a0e4a 100644 --- a/etc-git/files/gitignore +++ b/etc-git/files/gitignore @@ -1,2 +1,5 @@ aliases.db *.swp +postfix/sa-blacklist.access +postfix/*.db +postfix/spamd.cidr diff --git a/etc-git/tasks/commit.yml b/etc-git/tasks/commit.yml index 8c4fb539..85c36641 100644 --- a/etc-git/tasks/commit.yml +++ b/etc-git/tasks/commit.yml @@ -8,13 +8,15 @@ when: not ansible_check_mode ignore_errors: yes tags: - - commit-etc + - etc-git + - commit-etc - debug: var: git_status verbosity: 3 tags: - - commit-etc + - etc-git + - commit-etc - name: fetch current Git user.email git_config: @@ -22,11 +24,17 @@ repo: /etc register: git_config_user_email ignore_errors: yes + tags: + - etc-git + - commit-etc - name: "set commit author" set_fact: commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}' - commit_email: '{% if git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' + commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' + tags: + - etc-git + - commit-etc - name: "/etc modifications are committed" shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\"" @@ -36,10 +44,12 @@ when: not ansible_check_mode and git_status.stdout != "" ignore_errors: yes tags: - - commit-etc + - etc-git + - commit-etc - debug: var: etc_commit_end_run verbosity: 4 tags: - - commit-etc + - etc-git + - commit-etc diff --git a/etc-git/tasks/main.yml b/etc-git/tasks/main.yml index 58bf52f2..53b63825 100644 --- a/etc-git/tasks/main.yml +++ b/etc-git/tasks/main.yml @@ -4,6 +4,8 @@ apt: name: git state: present + tags: + - etc-git - name: /etc is versioned with git command: "git init ." @@ -12,6 +14,8 @@ creates: /etc/.git/ warn: no register: git_init + tags: + - etc-git - name: Git user.email is configured git_config: @@ -19,6 +23,8 @@ repo: /etc scope: local value: "root@{{ ansible_fqdn | default('localhost') }}" + tags: + - etc-git - name: /etc/.git is secure file: @@ -26,6 +32,8 @@ owner: root mode: "0700" state: directory + tags: + - etc-git - name: /etc/.gitignore is present copy: @@ -33,6 +41,8 @@ dest: /etc/.gitignore owner: root mode: "0600" + tags: + - etc-git - name: does /etc/ have any commit? command: "git log" @@ -43,6 +53,8 @@ failed_when: False register: git_log check_mode: no + tags: + - etc-git - name: initial commit is present? shell: "git add -A . && git commit -m \"Initial commit via Ansible\"" @@ -51,3 +63,5 @@ warn: no register: git_commit when: git_log.rc != 0 or (git_init is defined and git_init.changed) + tags: + - etc-git diff --git a/evoacme/files/evoacme.sh b/evoacme/files/evoacme.sh index 73523588..c4594ad1 100755 --- a/evoacme/files/evoacme.sh +++ b/evoacme/files/evoacme.sh @@ -204,6 +204,8 @@ main() { sudo -u acme test -w "${NEW_DIR}" || error "Directory ${NEW_DIR} is not writable by user 'acme'" # create a certificate with certbot + # we disable the set -e during the certbot call + set +e sudo -u acme \ "${CERTBOT_BIN}" \ certonly \ @@ -220,6 +222,11 @@ main() { 2>&1 \ | grep -v "certbot.crypto_util" + if [ "${PIPESTATUS[0]}" != "0" ]; then + error "Certbot has exited with a non-zero exit code when generating ${NEW_CERT}" + fi + set -e + if [ "${DRY_RUN}" = "1" ]; then debug "In dry-run mode, we stop here. Bye" exit 0 diff --git a/evoacme/tasks/nginx.yml b/evoacme/tasks/nginx.yml index e55374c8..44fc6656 100644 --- a/evoacme/tasks/nginx.yml +++ b/evoacme/tasks/nginx.yml @@ -13,3 +13,23 @@ owner: root group: root mode: "0644" + +- name: look for old path + command: grep -r /etc/nginx/letsencrypt.conf /etc/nginx + changed_when: False + failed_when: False + check_mode: no + register: grep_letsencrypt_old_path + +- name: Keep a symlink for vhosts with old path + file: + src: /etc/nginx/snippets/letsencrypt.conf + dest: /etc/nginx/letsencrypt.conf + state: link + when: grep_letsencrypt_old_path.rc == 0 + +- name: Remove symlink if no vhost with old path + file: + dest: /etc/nginx/letsencrypt.conf + state: absent + when: grep_letsencrypt_old_path.rc == 1 diff --git a/evoacme/templates/nginx.conf.j2 b/evoacme/templates/nginx.conf.j2 index 378d37cb..e32da1d5 100644 --- a/evoacme/templates/nginx.conf.j2 +++ b/evoacme/templates/nginx.conf.j2 @@ -1,5 +1,5 @@ location ~ /.well-known/acme-challenge { -{% if ansible_distribution_major_version > 8 %} +{% if ansible_distribution_major_version | version_compare('9', '>=') %} alias {{ evoacme_acme_dir }}/; {% else %} alias {{ evoacme_acme_dir }}/.well-known/acme-challenge; diff --git a/evolinux-base/tasks/main.yml b/evolinux-base/tasks/main.yml index f775fe13..ccf1372b 100644 --- a/evolinux-base/tasks/main.yml +++ b/evolinux-base/tasks/main.yml @@ -43,6 +43,11 @@ include: system.yml when: evolinux_system_include +- name: Minifirewall + include_role: + name: minifirewall + when: evolinux_minifirewall_include + - name: Evomaintenance include_role: name: evomaintenance @@ -90,11 +95,6 @@ include: log2mail.yml when: evolinux_log2mail_include -- name: Minifirewall - include_role: - name: minifirewall - when: evolinux_minifirewall_include - - name: Munin include_role: name: munin diff --git a/evolinux-base/tasks/packages.yml b/evolinux-base/tasks/packages.yml index 260a6387..74b41667 100644 --- a/evolinux-base/tasks/packages.yml +++ b/evolinux-base/tasks/packages.yml @@ -58,6 +58,7 @@ - rsync - bc - pinentry-curses + - ncurses-term when: evolinux_packages_common - name: Be sure that openntpd package is absent/purged diff --git a/evolinux-base/tasks/ssh.yml b/evolinux-base/tasks/ssh.yml index e4f51a81..773de28f 100644 --- a/evolinux-base/tasks/ssh.yml +++ b/evolinux-base/tasks/ssh.yml @@ -70,7 +70,7 @@ # we must double-escape caracters, because python - name: verify AllowUsers directive - shell: "grep -E '^AllowUsers' /etc/ssh/sshd_config" + command: "grep -E '^AllowUsers' /etc/ssh/sshd_config" changed_when: False failed_when: False register: grep_allowusers_ssh diff --git a/evolinux-users/tasks/profile.yml b/evolinux-users/tasks/profile.yml index 99af2512..6a046e52 100644 --- a/evolinux-users/tasks/profile.yml +++ b/evolinux-users/tasks/profile.yml @@ -4,6 +4,7 @@ command: 'grep -q "trap.*sudo.*evomaintenance.sh"' changed_when: False failed_when: False + check_mode: no register: grep_profile_evomaintenance # Don't add the trap if it is present or commented @@ -13,4 +14,5 @@ dest: '/home/{{ user.name }}/.profile' insertafter: EOF line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0' + create: yes when: grep_profile_evomaintenance.rc != 0 diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml index 8982dd6c..75b47ce2 100644 --- a/evolinux-users/tasks/ssh.yml +++ b/evolinux-users/tasks/ssh.yml @@ -26,57 +26,72 @@ loop_var: ssk_key when: user.ssh_keys is defined -# we must double-escape caracters, because python -- name: verify AllowUsers directive - shell: "grep -E '^AllowUsers' /etc/ssh/sshd_config" +- name: verify AllowGroups directive + command: "grep -E '^AllowGroups' /etc/ssh/sshd_config" changed_when: False failed_when: False - register: grep_allowusers_ssh + register: grep_allowgroups_ssh check_mode: no -- name: "Add AllowUsers sshd directive for '{{ user.name }}'" - lineinfile: - dest: /etc/ssh/sshd_config - line: "\nAllowUsers {{ user.name }}" - insertafter: 'Subsystem' - validate: '/usr/sbin/sshd -T -f %s' - notify: reload sshd - when: grep_allowusers_ssh.rc != 0 + # If AllowGroups is present, we don't change +- debug: + msg: "AllowGroups detected : You have to configure SSH manually" + when: grep_allowgroups_ssh.rc == 0 -- name: "Modify AllowUsers sshd directive for '{{ user.name }}'" - replace: - dest: /etc/ssh/sshd_config - regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$' - replace: '\1 {{ user.name }}' - validate: '/usr/sbin/sshd -T -f %s' - notify: reload sshd - when: grep_allowusers_ssh.rc == 0 +- block: + # If AllowGroups is not present, we proceed as usual + - name: verify AllowUsers directive + command: "grep -E '^AllowUsers' /etc/ssh/sshd_config" + changed_when: False + failed_when: False + register: grep_allowusers_ssh + check_mode: no -- name: "verify Match User directive" - command: "grep 'Match User' /etc/ssh/sshd_config" - changed_when: False - failed_when: False - register: grep_matchuser_ssh - check_mode: no + - name: "Add AllowUsers sshd directive for '{{ user.name }}'" + lineinfile: + dest: /etc/ssh/sshd_config + line: "\nAllowUsers {{ user.name }}" + insertafter: 'Subsystem' + validate: '/usr/sbin/sshd -T -f %s' + notify: reload sshd + when: grep_allowusers_ssh.rc != 0 -- name: "Add Match User sshd directive for '{{ user.name }}' (Jessie)" - lineinfile: - dest: /etc/ssh/sshd_config - line: "\nMatch User {{ user.name }}\n PasswordAuthentication no" - insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS" - validate: '/usr/sbin/sshd -T -f %s' - notify: reload sshd - when: - - ansible_distribution_release == "jessie" - - grep_matchuser_ssh.rc != 0 + - name: "Modify AllowUsers sshd directive for '{{ user.name }}'" + replace: + dest: /etc/ssh/sshd_config + regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$' + replace: '\1 {{ user.name }}' + validate: '/usr/sbin/sshd -T -f %s' + notify: reload sshd + when: grep_allowusers_ssh.rc == 0 -- name: "Modify Match User's sshd directive for '{{ user.name }}' (Jessie)" - replace: - dest: /etc/ssh/sshd_config - regexp: '^(Match User ((?!{{ user.name }}).)*)$' - replace: '\1,{{ user.name }}' - validate: '/usr/sbin/sshd -T -f %s' - notify: reload sshd - when: - - ansible_distribution_release == "jessie" - - grep_matchuser_ssh.rc == 0 + - name: "verify Match User directive" + command: "grep 'Match User' /etc/ssh/sshd_config" + changed_when: False + failed_when: False + register: grep_matchuser_ssh + check_mode: no + + - name: "Add Match User sshd directive for '{{ user.name }}' (Jessie)" + lineinfile: + dest: /etc/ssh/sshd_config + line: "\nMatch User {{ user.name }}\n PasswordAuthentication no" + insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS" + validate: '/usr/sbin/sshd -T -f %s' + notify: reload sshd + when: + - ansible_distribution_release == "jessie" + - grep_matchuser_ssh.rc != 0 + + - name: "Modify Match User's sshd directive for '{{ user.name }}' (Jessie)" + replace: + dest: /etc/ssh/sshd_config + regexp: '^(Match User ((?!{{ user.name }}).)*)$' + replace: '\1,{{ user.name }}' + validate: '/usr/sbin/sshd -T -f %s' + notify: reload sshd + when: + - ansible_distribution_release == "jessie" + - grep_matchuser_ssh.rc == 0 + + when: grep_allowgroups_ssh.rc != 0 diff --git a/evolinux-users/templates/sudoers_jessie.j2 b/evolinux-users/templates/sudoers_jessie.j2 index ab5a0b5c..ff50f482 100644 --- a/evolinux-users/templates/sudoers_jessie.j2 +++ b/evolinux-users/templates/sudoers_jessie.j2 @@ -4,6 +4,7 @@ Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts User_Alias ADMINS = {{ user.name }} nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs +nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_minifirewall nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt ADMINS ALL = (ALL:ALL) ALL diff --git a/evolinux-users/templates/sudoers_stretch.j2 b/evolinux-users/templates/sudoers_stretch.j2 index 289a65ee..82d9bc97 100644 --- a/evolinux-users/templates/sudoers_stretch.j2 +++ b/evolinux-users/templates/sudoers_stretch.j2 @@ -3,6 +3,7 @@ Defaults umask=0077 Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs +nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_minifirewall nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt %{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL diff --git a/evolix b/evolix new file mode 120000 index 00000000..945c9b46 --- /dev/null +++ b/evolix @@ -0,0 +1 @@ +. \ No newline at end of file diff --git a/haproxy/defaults/main.yml b/haproxy/defaults/main.yml index ea4a8e38..31f054ab 100644 --- a/haproxy/defaults/main.yml +++ b/haproxy/defaults/main.yml @@ -1,3 +1,3 @@ --- - haproxy_jessie_backports: False +haproxy_stats_url: "http://127.0.0.1:8080/" diff --git a/haproxy/handlers/main.yml b/haproxy/handlers/main.yml index 55af4ec5..9cf3b9cb 100644 --- a/haproxy/handlers/main.yml +++ b/haproxy/handlers/main.yml @@ -8,3 +8,8 @@ service: name: haproxy state: restarted + +- name: restart munin-node + service: + name: munin-node + state: restarted diff --git a/haproxy/tasks/main.yml b/haproxy/tasks/main.yml index 054aec1a..37afe8df 100644 --- a/haproxy/tasks/main.yml +++ b/haproxy/tasks/main.yml @@ -34,3 +34,4 @@ - config - include: nagios.yml +- include: munin.yml diff --git a/haproxy/tasks/munin.yml b/haproxy/tasks/munin.yml new file mode 100644 index 00000000..7d21db54 --- /dev/null +++ b/haproxy/tasks/munin.yml @@ -0,0 +1,29 @@ +--- +- name: Install Munin plugin and dependencies + apt: + name: "{{ item }}" + state: present + with_items: + - munin-plugins-extra + - liblwp-useragent-determined-perl + tags: + - haproxy + +- name: Enable Munin Haproxy plugins + file: + src: /usr/share/munin/plugins/haproxy_ng + dest: /etc/munin/plugins/haproxy_ng + force: yes + state: link + notify: restart munin-node + tags: + - haproxy + +- name: Copy Munin Haproxy config + template: + src: munin.conf.j2 + dest: /etc/munin/plugin-conf.d/haproxy + mode: "0644" + notify: restart munin-node + tags: + - haproxy diff --git a/haproxy/templates/munin.conf.j2 b/haproxy/templates/munin.conf.j2 new file mode 100644 index 00000000..c7500521 --- /dev/null +++ b/haproxy/templates/munin.conf.j2 @@ -0,0 +1,2 @@ +[haproxy_*] +env.url {{ haproxy_stats_url }};csv;norefresh diff --git a/kibana/tasks/main.yml b/kibana/tasks/main.yml index 55e0c848..7ee07b5f 100644 --- a/kibana/tasks/main.yml +++ b/kibana/tasks/main.yml @@ -76,7 +76,7 @@ # - block: # - include_role: # name: remount-usr -# +# # - name: Move kibana optimize directory # shell: "mv /usr/share/kibana/{{ item }} /var/lib/kibana/{{ item }} && ln -s /var/lib/kibana/{{ item }} /usr/share/kibana/{{ item }}" # args: diff --git a/listupgrade/templates/listupgrade.sh.j2 b/listupgrade/templates/listupgrade.sh.j2 index 46d5c005..c8e6f335 100644 --- a/listupgrade/templates/listupgrade.sh.j2 +++ b/listupgrade/templates/listupgrade.sh.j2 @@ -159,10 +159,15 @@ for pkg in $packagesParsable; do echo "HAProxy" >>$servicesToRestart elif [ "$pkg" = "varnish" ]; then echo "Varnish" >>$servicesToRestart + elif [ "$pkg" = "squid" ]; then + echo "Squid" >>$servicesToRestart elif [ "$pkg" = "libc6" ]; then echo "Tous les services (mise à jour de libc6)." >$servicesToRestart break + elif [ "$pkg" = "libstdc++6" ]; then + echo "Tous les services (mise à jour de libstdc++6)." >$servicesToRestart + break elif echo "$pkg" |grep -q "^libssl"; then echo "Tous les services (mise à jour de libssl)." >$servicesToRestart break diff --git a/memcached/files/check_memcached.pl b/memcached/files/check_memcached.pl new file mode 100644 index 00000000..3c16382a --- /dev/null +++ b/memcached/files/check_memcached.pl @@ -0,0 +1,2547 @@ +#!/usr/bin/perl -w +# +# ============================== SUMMARY ===================================== +# +# Program : check_memcached.pl +# Version : 0.83 +# Date : Mar 23, 2013 +# Author : William Leibzon - william@leibzon.org +# Licence : GPL (main code) summary below and full text at http://www.fsf.org/licenses/gpl.txt +# LGPL (library functions) full text at http://www.fsf.org/licenses/lgpl.txt +# +# =========================== PROGRAM LICENSE ================================= +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +# ===================== INFORMATION ABOUT THIS PLUGIN ========================= +# +# This is Memcached Check plugin. It gets stats variables and allows to set thresholds +# on their value or their rate of change. It can measure response time, calculate +# hitrate, memory utilization and other data. The plugin is based on check_mysqld.pl. +# +# It also returns status variables as perfomance data for further nagios 2.0 +# post-processing, you can find graph templates NagiosGrapher & PNP4Nagios at: +# http://william.leibzon.org/nagios/ +# +# This program is written and maintained by: +# William Leibzon - william(at)leibzon.org +# +# ============================= SETUP NOTES ==================================== +# +# Make sure to install perl Cache::Memcached library from CPAN first. +# +# This plugin checks Memcached and measures response which can be used for +# threshold checks. It also retrieves various statistics data available with +# memcache 'stats' command (what you get when you telnet to the port and +# do 'stats') and allows to set thresholds either on their direct values +# or on rate of change of those variables. Plugin also calculates other useful +# statistics like Hitrate (calculated on rate of change unlike all other plugins +# that do it based on totals for all the time) and Memory Utilization and allows +# to set thresholds on their values. All variables can be returned back as +# performance data for graphing and pnp4nagios template should be available +# with this plugin on the same site you downloaded it from. +# +# For help on what parameters this plugin accepts you can just do +# ./check_memcached.pl --help +# +# 1. Connection Parameters +# +# Plugin currently does not support authentication so the only connection +# parameters are "-H hostname" and "-p port". The default port is 11211 +# and you must specify the hostname (if localhost specify it as -H 127.0.0.1) +# +# 2. Response Time, HitRate, Memory Utilization +# +# To get response time you use "-T" or "--response_time" option. By itself +# it will cause output of respose time at the status line. You can also use +# it as "-T warn,crit" to specify warning and critical thresholds. +# +# To get hitrate the option is "-R" or "--hitrate". If previous performance +# data is not feed to plugin (-P option, see below) the plugin calculates +# it as total hitrate over life of memcached process. If -P is specified +# and previous performance data is feed back, the data is based on real +# hitrate with lifelong info also given in paramphesis. As with -T you +# can specify -R by itself or with thresholds as -R warn,crit +# +# Memory utilization corresponds to what some others call "size". This is +# percent of max memory currently in use. The option is -U or --utilization +# and as you probably guessed can be used by itself or as -U warn,crit +# +# 3. Options for Checking Variables +# +# All status variables from memcached can be checked with the plugin. For some +# status variables separate long option is provided to specify threshold. +# --curr_connections= +# +# You can also specify all variables together with -a (--variables) option. +# For example: +# -a curr_connections,evictions +# When you do above results are included in status output line and you +# are required to specify thresholds with -w or --warn and -c or --crit +# with exactly number of thresholds as a number of variables specified +# in -a. If you simply want variable values on status line without specifying +# any threshold, use ~ in place of threshold value or skip value but specify +# all apropriate commas. For example: +# -a curr_connections,evications -w ~,~ -c ~,~ +# OR -a curr_connections,evications -w , -c , +# +# If you use new syntax with a long option for specific stats variables, you can +# specify settings for how to handle them. With each option you can use one or more +# threshold specifiers: +# NAME: - Overrides name for this variable for use in status and PERF output +# PATTERN: - Regular Expression that allows to match multiple data results +# WARN:threshold - warning alert threshold +# CRIT:threshold - critical alert threshold +# Threshold is a value (usually numeric) which may have the following prefix: +# > - warn if data is above this value (default for numeric values) +# < - warn if data is below this value (must be followed by number) +# = - warn if data is equal to this value (default for non-numeric values) +# ! - warn if data is not equal to this value +# Threshold can also be specified as a range in two forms: +# num1:num2 - warn if data is outside range i.e. if datanum2 +# \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 +# ABSENT:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if data is absent +# ZERO:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if result is 0 +# DISPLAY:YES|NO - Specifies if data should be included in nagios status line output +# PERF:YES|NO - Output in performance data or not (always YES if -F option is used) +# UOM: - Unit Of Measurement symbol to add to perf data - 'c','%','s','B' +# This is used by prorams that graph perf data such as PNP +# +# These can be specified in any order separated by ",". For example: +# --curr_connectins=CRIT:>100,WARN:>50,ABSENT:CRITICAL,ZERO:OK,DISPLAY:YES,PERF:YES +# +# Variables that are not known to plugin and don't have specific long option (or even if +# they do) can be specified using general long option --check or --option or -o +# (all are aliases for same option): +# --check=NAME:curr_connections,CRIT:>100,WARN:>50,ABSENT:CRITICAL,DISPLAY:YES,PERF:YES +# +# Then NAME is used to specify what to match and multiple data vars maybe matched +# with PATTERN regex option (and please only use PATTERN with --check and not confuse +# plugin by using it in a named long option). Either NAME or PATTERN are required. +# Example of using regex to specify thresholds for slabs-specific data is: +# -s misc,malloc,slabs,items \ +# -o "PATTERN:slabs_\d+_chunks_per_page,DISPLAY:NO,PERF:YES,WARN:>5000,CRIT:>20000" +# +# 4. Memcache Statistics Variables and Calculating their Rate of Change +# +# All statistics variables from memcached 'stats' can be checked with the plugin. +# And as some people know there are actually several stats arrays in memcached. +# By default the plugin will get statistics for 'misc' and 'malloc'. You can +# specify a list of statistics array names (corresponding to 'stats name' +# command in memcached) with -s or --stats command. Known arrays are: +# misc, malloc, sizes, maps, cachedump, slabs, items +# And example of trying to retrieve all of them is: +# -s misc,malloc,sizes,maps,cachedump,slabs,items +# However not all of them will have data in your system and arrays like +# sizes provide too much data (how many items stored on each size) +# for standard use. +# +# To see stat variables in plugin status output line and or specify thresholds +# based on their values you would use -a or --variables argument. For example: +# -a curr_connections,evictions +# You must specify same number of warning and critical thresholds with +# -w or --warn and -c or --crit argument as a number of variables specified +# in -a. If you simply want variable values on status without checking their value +# then either use ~ in place of threshold value or nothing at all. For example: +# -a curr_connections,evictions -w ~,~ -c ~,~ +# OR -a curr_connections,evictions -w , -c , +# +# +# If you want to check rate of change rather than actual value you can do this +# by specifying it as '&variable' such as "&total_connections" or "variable_rate" +# which is "total_connections_rate" and is similar to 'curr_connections' variable. +# By default it would be reported in the output as 'variable_rate' though '&variable' +# is a format used internally by plugin. As an alternative you can specify how to +# label these with --rate_label option where you can specify prefix and/or suffix. +# For example '--rate_label=dt_' would have the output being "dt_total_connections' +# where as '---rate_label=,_rate' is plugin default giving 'total_connections_rate'. +# You can use these names with -a and -A such as: +# --rate_label=,_rate -a total_connections_rate -w 1000 -c ~ +# +# Now in order to be able to calculate rate of change, the plugin needs to +# know values of the variables from when it was run the last time. This +# is done by feeding it previous performance data with a -P option. +# In commands.cfg this would be specified as: +# -P "$SERVICEPERFDATA$" +# And don't forget the quotes, in this case they are not just for documentation. +# +# 5. Threshold Specification +# +# The plugin fully supports Nagios plug-in specification for specifying thresholds: +# http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT +# +# And it supports an easier format with the following one-letter prefix modifiers: +# >value : issue alert if data is above this value (default for numeric value) +# $number2 +# @number1:number2 issue alert if data is WITHIN range [number1..number2] +# i.e. alert if data>=$number and $data<=$number2 +# +# The plugin will attempt to check that WARNING values is less than CRITICAL +# (or greater for <). A special prefix modifier '^' can be used to disable these +# checks. A quick example of such special use is '--warn=^<100 --crit=>200' which +# means warning alert if value is < 100 and critical alert if its greater than 200. +# +# 6. Performance Data +# +# Using '-f' option causes values of all variables you specified in -a as +# well as response time from -T, hitrate from -R and memory use from -U +# to go out as performance data for Nagios graphing programs that can use it. +# +# You may also directly specify which variables are to be return as performance data +# with '-A' option. If you use '-A' by itself and not specify any variables or use +# special special value of '*' (as in '-A *') the plugin will output all variables, +# which is really useful for finding what data you can chck with this plugin. +# +# The plugin will output threshold values as part of performance data as specified at +# http://nagiosplug.sourceforge.net/developer-guidelines.html#AEN201 +# And don't worry about using non-standard >,<,=,~ prefixes, all of that would get +# converted into nagios threshold format for performance output +# +# The plugin is smart enough to add 'c' suffix for known COUNTER variables to +# values in performance data. Known variables are specifed in an array you can +# find at the top of the code (further below) and plugin author does not claim +# to have identified all variables correctly. Please email if you find an error +# or want to add more variables. +# +# As noted above performance data is also used to calcualte rate of change +# by feeding it back with -P option. In that regard even if you did not specify +# -f or -A but you have specified &variable, its actual data would be sent out +# in performance output. Additionally last time plugin was run is also in +# performance data as special _ptime variable. +# +# 7. Example of Nagios Config Definitions +# +# A. Sample command and service definitions using -a -c -w options (old style): +# +# define command { +# command_name check_memcached +# command_line $USER1$/check_memcached.pl -H $HOSTADDRESS$ -p $ARG1$ -T $ARG2$ -R $ARG3$ -U $ARG4$ -a curr_connections,evictions -w ~,~ -c ~,~ -f -A 'utilization,hitrate,response_time,curr_connections,evictions,cmd_set,bytes_written,curr_items,uptime,rusage_system,get_hits,total_connections,get_misses,bytes,time,connection_structures,total_items,limit_maxbytes,rusage_user,cmd_get,bytes_read,threads,rusage_user_ms,rusage_system_ms,cas_hits,conn_yields,incr_misses,decr_misses,delete_misses,incr_hits,decr_hits,delete_hits,cas_badval,cas_misses,cmd_flush,listen_disabled_num,accepting_conns,pointer_size,pid' -P "$SERVICEPERFDATA$" +# } +# +# Arguments and thresholds are: +# ARG1 : Port +# ARG2 : Hitrate Threshold. Below it is <60% for warning, <30% for critical +# ARG3 : Response Time Threshold. Below it is >0.1s for WARNING, >0.2s for critical +# ARG4 : Utilization/Size Threshold. Below it is >95% for warning, >98% for critical +# +# define service { +# use prod-service +# service_description Memcached: Port 11212 +# check_command check_memcached!11212!'>0.1,>0.2'!'<60,<30'!'>95,>98' +# hostgroups memcached +# } +# +# B. Command line definition using long option (new style) +# +# define command { +# command_name check_memcached +# command_line $USER1$/check_memcached.pl -H $HOSTADDRESS$ -p $ARG1$ -T $ARG2$ -R $ARG3$ -U $ARG4$ --curr_connections="ZERO:WARNING,DISPLAY:YES,PERF:YES,$ARG5$" --evictions="ZERO:OK,DISPLAY:YES,PERF:YES,$ARG6$" -f -A 'utilization,hitrate,response_time,curr_connections,evictions,cmd_set,bytes_written,curr_items,uptime,rusage_system,get_hits,total_connections,get_misses,bytes,time,connection_structures,total_items,limit_maxbytes,rusage_user,cmd_get,bytes_read,threads,rusage_user_ms,rusage_system_ms,cas_hits,conn_yields,incr_misses,decr_misses,delete_misses,incr_hits,decr_hits,delete_hits,cas_badval,cas_misses,cmd_flush,listen_disabled_num,accepting_conns,pointer_size' -P "$SERVICEPERFDATA$" +# } +# +# define service { +# use prod-service +# service_description Memcached: Port 11212 +# check_command check_memcached!11212!'WARN:>0.1,CRIT:>0.2'!'WARN:<60,CRIT:<30'!'WARN:>95,CRIT:>98'!'WARN:>200,CRIT:>500'!'WARN:>100' +# hostgroups memcached +# } +# +# C. Example of command-line use: +# /usr/lib/nagios/plugins/check_memcached.pl -H localhost -a 'curr_connections,evictions' -w ~,~ -c ~,~ -s misc,malloc,slabs -U -A -R -T -f -v +# +# In above the -v option means "verbose" and with it plugin will output some debugging +# information about what it is doing. The option is not intended to be used when plugin +# is called from nagios itself. +# +# ======================= VERSION HISTORY and TODO ================================ +# +# The plugins is written by reusing code my check_mysqld.pl which similarly to +# this plugin allows to get STATUS variables and use these for nagios tests. +# check_mysqld.pl has history going back to 2004. +# +# [0.5 - Mar 2012] First version of the code based on check_mysqld.pl 0.93 +# This is being released as 0.5 because its coming from +# a very mature code of check_mysqld and has a lot of options +# If there are no major issues found with this plugin, next +# version will be 1.0 +# +# [0.6 - Apr 2012] Added support for re-using old performance data to calculate +# rate of change for certain variables. This also changes how +# hitrate is calcualted as now if previous performance data +# is available, hitrate would be #misses/#total from last check +# rather than #misses/#total from start of statistics. +# [0.61 - Apr 2012] Documentation fixes and small bugs +# [0.62 - May 2012] Cache::Memcached library has bugs and not always provided hash of +# array with results for each statistics just giving raw memcached +# data. This effected 'items' and 'slabs' statistics and maybe others. +# Plugin can now handle parsing such data into separate variables. +# [0.63 - Jun 10 2012] Documentation fixes. +# Default rate variable name changed from &Delta_variable to +# variable_rate to be in sync with check_redis.pl. One of the reasons +# is that in the future I'll plan to add variables that are real +# delta i.e new_value-old_value and not (new_value-old_value)/time +# Also I've decided that specifying prefix & suffix or rate label +# variables will not be one-letter option and only long-name option +# As such -L option has been depreciated. I'm doing it all early +# because only few currently use this and its not too late to change +# [0.64 - Jun 16, 2012] Added support to specify filename to '-v' option +# for debug output and '--debug' as alias to '--verbose' +# +# [0.7 - July 18, 2012] Rewrote parts of thresholds checking code and moved code +# that checks and parses thresholds from main into separate +# functions that are to become part of plugin library. +# Added support for variable thresholds specified as: +# option=WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL,ZERO:.. +# which are to be used for stats-variable based long options such as +# --connected_clients=WARN:threshold,CRIT:threshold +# and added DISPLAY:YES|NO and PERF specifiers for above too. +# [0.71 - Aug 18, 2012] Fixed bug with hitrate perf output reported perf by daryl herzman +# +# [0.8 - Aug 28, 2012] A lot of internal rewrites in the library. Its now not just a +# a set of functions, but a proper object library with internal +# variables hidden from outside. Support has also been added for +# regex matching with PATTERN specifier and for generalized +# --check option that can be used where specific long option is +# not available. For use with that option also added UOM specifier. +# [0.81 - Sep 04, 2012] Fix bug in the library on handling absent data +# [0.82 - Nov 16, 2012] Bug fix in memory utilization, noticed and fixed by Herman van Rink +# [0.83 - Mar 23, 2013] Buf fix in parse_threshold function of the embedded library +# +# 1. Library Enhancements (will apply to multiple plugins that share common code) +# (a) Add '--extra-opts' to allow to read options from a file as specified +# at http://nagiosplugins.org/extra-opts. This is TODO for all my plugins +# (b) [DONE] +# In plans are to allow long options to specify thresholds for known variables. +# These would mean you specify '--connected_clients' in similar way to '--hitrate' +# Internally these would be convered into -A, -w, -c as appropriate an used +# together with these options. So in practice it will now allow to get any data +# just a different way to specify options for this plugin. +# (c) Allow regex when selecting variable name(s) with -a, this will be enabled with +# a special option and not be default +# [DONE] +# +# 2. Memcache Specific +# (a) Support SASL Authentication +# (b) There has been a request to allow to specify threshold checks both for each slab +# (which is possible to do now starting with 0.62 version of the plugin) and for +# all slabs as well. This applies to "items" and "slabs" statistics and will probably +# be implimented by allowing regex checks in place of specific variable name. +# [DONE] +# +# Others are welcome recommand a new feature to be added here. If so please email to +# william@leibzon.org. +# And don't worry, I'm not a company with some hidden agenda to use your idea +# but an actual person who you can easily get hold of by email, find on forums +# and on Nagios conferences. More info on my nagios work is at: +# http://william.leibzon.org/nagios/ +# Above site should also have PNP4Nagios template for this and other plugins. +# +# ============================ START OF PROGRAM CODE ============================= + +use strict; +use IO::Socket; +use Time::HiRes; +use Text::ParseWords; +use Cache::Memcached; +use Getopt::Long qw(:config no_ignore_case); + +# default hostname, port, database, user and password, see NOTES above +my $HOSTNAME= 'localhost'; +my $PORT= 11211; + +# Add path to additional libraries if necessary +use lib '/usr/lib/nagios/plugins'; +our $TIMEOUT; +our %ERRORS; +eval 'use utils qw(%ERRORS $TIMEOUT)'; +if ($@) { + $TIMEOUT = 20; + %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); +} + +my $Version='0.83'; + +# This is a list of known statistics variables (plus few variables added by plugin), +# used in order to designate COUNTER variables with 'c' in perfout for graphing programs +my %KNOWN_STATUS_VARS = ( + 'version' => [ 'misc', 'VERSION', '' ], # memcached version + 'utilization' => [ 'calculated', 'GAUGE', '%' ], # calculated by plugin + 'hitrate' => [ 'calculated', 'GAUGE', '%' ], # calculated by plugin + 'response_time' => [ 'time_measure', 'GAUGE', 's' ], # measured by plugin + 'curr_connections' => [ 'misc', 'GAUGE', '', "Number of Current Connections" ], + 'evictions' => [ 'misc', 'COUNTER', 'c', "Total Number of Evictions from Start" ], + 'reclaimed' => [ 'misc', 'COUNTER', 'c', "Total Number of Reclaimed Entries from Start" ], + 'bytes' => [ 'misc', 'GAUGE', 'B', "Amount of Data Stored in Bytes" ], + 'connection_structures' => [ 'misc', 'GAUGE', '', "Number of Connection Structures" ], + 'time' => [ 'misc', 'COUNTER', 's' ], + 'total_items' => [ 'misc', 'COUNTER', 'c', "Total Items Stored from Start" ], + 'cmd_set' => [ 'misc', 'COUNTER', 'c' ], + 'bytes_written' => [ 'misc', 'COUNTER', 'c', "Total Number of Bytes Written to Cache" ], + 'curr_items' => [ 'misc', 'GAUGE', '', "Number of Items Currently Stored" ], + 'limit_maxbytes' => [ 'misc', 'GAUGE', 'B', "Maximum memory available for storage" ], + 'uptime' => [ 'misc', 'COUNTER', 's', "Uptime in Seconds" ], + 'rusage_user' => [ 'misc', 'COUNTER', 's' ], + 'cmd_get' => [ 'misc', 'COUNTER', 'c', "Total Number of Get Commands from Start" ], + 'rusage_system' => [ 'misc', 'COUNTER', 's' ], + 'get_hits' => [ 'misc', 'COUNTER', 'c', "Total Number of Hits from Start" ], + 'bytes_read' => [ 'misc', 'COUNTER', 'c', "Total Number of Bytes Read from Cache" ], + 'threads' => [ 'misc', 'GAUGE', '', "Number of running Threads" ], + 'rusage_user_ms' => [ 'misc', 'COUNTER', 'c' ], # this is round(rusage_user*1000) + 'rusage_system_ms' => [ 'misc', 'COUNTER', 'c' ], # this is round(rusage_system*1000) + 'total_connections' => [ 'misc', 'COUNTER', 'c', "Number of Connections made from Start" ], + 'get_misses' => [ 'misc', 'COUNTER', 'c', "Total Misses from Start" ], + 'total_free' => [ 'malloc', 'GAUGE', 'B', "Amount of Free Memory in bytes" ], + 'releasable_space' => [ 'malloc', 'GAUGE', 'B' ], + 'free_chunks' => [ 'malloc', 'GAUGE', '' ], + 'fastbin_blocks' => [ 'malloc', 'GAUGE', '' ], + 'arena_size' => [ 'misc', 'GAUGE', '' ], + 'total_alloc' => [ 'malloc', 'GAUGE', 'B' ], + 'max_total_alloc' => [ 'malloc', 'GAUGE', '' ], + 'mmapped_regions' => [ 'malloc', 'GAUGE', '' ], + 'mmapped_space' => [ 'malloc', 'GAUGE', '' ], + 'fastbin_space' => [ 'malloc', 'GAUGE', '' ], + 'auth_cmds' => [ 'misc', 'COUNTER', 'c', "Total Number of Auth Commands from Start" ], + 'auth_errors' => [ 'misc', 'COUNTER', 'c', "Total Number of Auth Errors from Start" ], + 'pid' => [ 'misc', 'STATUSINFO', '' ], + ); + +# Here you can also specify which variables should go into perf data, +# For right now it is 'GAUGE', 'COUNTER', 'DATA' (but not 'TEXTDATA'), and 'BOOLEAN' +# you may want to remove BOOLEAN if you don't want too much data +my $PERF_OK_STATUS_REGEX = 'GAUGE|COUNTER|^DATA$|BOOLEAN'; + +# ============= MAIN PROGRAM CODE - DO NOT MODIFY BELOW THIS LINE ============== + +my $o_host= undef; # hostname +my $o_port= undef; # port +my $o_help= undef; # help option +my $o_verb= undef; # verbose mode +my $o_version= undef; # version info option +my $o_variables=undef; # list of variables for warn and critical +my $o_perfvars= undef; # list of variables to include in perfomance data +my $o_warn= undef; # warning level option +my $o_crit= undef; # Critical level option +my $o_perf= undef; # Performance data option +my @o_check= (); # General check option that maybe repeated more than once +my $o_timeout= undef; # Timeout to use - note that normally timeout is take from nagios anyway +my $o_mdsopt= undef; # Stat List to get data for +my @o_mdslist= ('misc','malloc'); # Default List, if -S option is entered, this is replaced +my $o_timecheck=undef; # threshold spec for connection time +my $o_hitrate= undef; # threshold spec for hitrate% +my $o_utilsize= undef; # threshold spec for utilization% +my $o_prevperf= undef; # performance data given with $SERVICEPERFDATA$ macro +my $o_prevtime= undef; # previous time plugin was run $LASTSERVICECHECK$ macro +my $o_ratelabel=undef; # prefix and suffix for creating rate variables +my $o_rsuffix='_rate'; # default rate variable name suffix +my $o_rprefix=""; + +## Additional global variables +my $memd= undef; # DB connection object + +sub p_version { print "check_memcached.pl version : $Version\n"; } + +sub print_usage_line { + print "Usage: $0 [-v [debugfilename]] -H [-p ] [-s ] [-a -w -c ] [-A ] [-T [contime_warn,contime_crit]] [-R [hitrate_warn,hitrate_crit]] [-U [utilization_size_warn,utilization_size_crit]] [-f] [-T ] [-V] [-P ] [-o ]\n"; +} + +sub print_usage { + print_usage_line(); + print "For more details on options do: $0 --help\n"; +} + +sub help { + my $nlib = shift; + + print "Memcache Check for Nagios version ",$Version,"\n"; + print " by William Leibzon - william(at)leibzon.org\n\n"; + print "This is memcache monitoring plugin, it lets you do threshold checks on status variables\n"; + print "and returns performance data for graphing and further processing. The plugin also measures\n"; + print "access time and calculates hitrate and memory utilization\n\n"; + print_usage_line(); + print < + This allows to list stat arrays that would be queried (separated by ','). + Supported memcache statistics array are: + misc, malloc, sizes, maps, cachedump, slabs, items + If this option is not specified, the plugin will check only 'misc' and 'malloc' + -V, --version + Prints version number + +Variables and Thresholds Set as List: + -a, --variables=STRING[,STRING[,STRING...]] + List of variables from memcache statistics data to do threshold checks on. + The default (if option is not used) is not to monitor any variable. + The variable name should be prefixed with '&' to check its rate of + change over time rather than actual value. + -w, --warn=STR[,STR[,STR[..]]] + This option can only be used if '--variables' (or '-a') option above + is used and number of values listed here must exactly match number + of variables specified with '-a'. The values specify warning threshold + for when Nagios should send WARNING alert. These values are usually + numbers and can have the following prefix modifiers: + > - warn if data is above this value (default for numeric values) + < - warn if data is below this value (must be followed by number) + = - warn if data is equal to this value (default for non-numeric values) + ! - warn if data is not equal to this value + ~ - do not check this data (must not be followed by number or ':') + ^ - for numeric values this disables check that warning < critical + Threshold values can also be specified as range in two forms: + num1:num2 - warn if data is outside range i.e. if datanum2 + \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 + -c, --crit=STR[,STR[,STR[..]]] + This option can only be used if '--variables' (or '-a') option above + is used and number of values listed here must exactly match number of + variables specified with '-a'. The values specify critical threshold + for when Nagios should send CRITICAL alert. The format is exactly same + as with -w option except no '^' prefix. + +Performance Data Processing Options: + -f, --perfparse + This should only be used with '-a' and causes variable data not only as part of + main status line but also as perfparse compatible output (for graphing, etc). + -A, --perfvars=[STRING[,STRING[,STRING...]]] + This allows to list variables which values will go only into perfparse + output (and not for threshold checking). The option by itself (emply value) + is same as a special value '*' and specify to output all variables. + -P, --prev_perfdata + Previous performance data (normally put '-P \$SERVICEPERFDATA\$' in nagios + command definition). This is used to calculate rate of change for counter + statistics variables and for proper calculation of hitrate. + --rate_label=[PREFIX_STRING[,SUFFIX_STRING]] + Prefix or Suffix label used to create a new variable which has rate of change + of another base variable. You can specify PREFIX or SUFFIX or both. Default + if not specified is '_rate' suffix string i.e. --rate_label=,_rate + +General Check Option (all 3 forms equivalent, can be repated more than once): + -o , --option=, --check= + where specifiers are separated by , and must include NAME or PATTERN: + NAME: - Default name for this variable as you'd have specified with -v + PATTERN: - Regular Expression that allows to match multiple data results + WARN:threshold - warning alert threshold + CRIT:threshold - critical alert threshold + Threshold is a value (usually numeric) which may have the following prefix: + > - warn if data is above this value (default for numeric values) + < - warn if data is below this value (must be followed by number) + = - warn if data is equal to this value (default for non-numeric values) + ! - warn if data is not equal to this value + Threshold can also be specified as a range in two forms: + num1:num2 - warn if data is outside range i.e. if datanum2 + \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 + ABSENT:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if data is absent + ZERO:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if result is 0 + DISPLAY:YES|NO - Specifies if data should be included in nagios status line output + PERF:YES|NO - Output results as performance data or not (always YES if asked for rate) + UOM: - Unit Of Measurement symbol to add to perf data - 'c','%','s','B' + +Measured/Calculated Data: + -T, --response_time=[WARN,CRIT] + If this is used as just -T the plugin will measure and output connection + response time in seconds. With -f this would also be provided on perf variables. + You can also specify values for this parameter, these are interprted as + WARNING and CRITICAL thresholds (separated by ','). + -R, --hitrate=[WARN,CRIT] + Calculates Hitrate %: cache_miss/(cache_hits+cache_miss). If this is used + as just -R then this info just goes to output line. With '-R -f' these + go as performance data. You can also specify values for this parameter, + these are interprted as WARNING and CRITICAL thresholds (separated by ','). + The format for WARN and CRIT is same as what you would use in -w and -c. + -U, --utilization=[WARN,CRIT] + This calculates percent of space in use, which is bytes/limit_maxbytes + In some other places this is called size, but since this plugin can + actually get objects of different size, utilization is more appropriate. + If you specify -U by itself, the plugin will just output this info, + with '-f' it will also include it in performance data. You can also specify + parameter value which are interpreted as WARNING and CRITICAL thresholds. + +EOT + + if (defined($nlib) && $nlib->{'enable_long_options'} == 1) { + my $long_opt_help = $nlib->additional_options_help(); + if ($long_opt_help) { + print "Stats Variable Options (this is alternative to specifying them as list with -a):\n"; + print $long_opt_help; + print "\n"; + } + } +} + +############################ START OF THE LIBRARY FUNCTIONS ##################################### +# +# THIS IS WORK IN PROGRESS, THE LIBRARY HAS NOT BEEN RELEASED YET AND INTERFACES MAY CHANGE +# +# ====================================== SUMMARY ================================================ +# +# Name : Naglio Perl Library For Developing Nagios Plugins +# Version : 0.2 +# Date : Aug 28, 2012 +# Author : William Leibzon - william@leibzon.org +# Licence : LGPL - full text at http://www.fsf.org/licenses/lgpl.txt +# +# ============================= LIBRARY HISTORY AND VERSIONS ==================================== +# +# Note: you may safely skip this section if you're looking at documentation about this library or plugin +# +# [2006-2008] The history of this library goes back to plugins such as check_snmp_temperature.pl, +# check_mysqld,pl and others released as early as 2006 with common functions to +# support prefixes "<,>,=,!" for specifying thresholds and checking data against +# these thresholds. Several of my plugins had common architecture supporting multiple +# variables or attributes to be checked using -a/--attributes/--variables option and +# --warn and --crit options with list of thresholds for these attributes and --perfvars +# specifying variables whose data would only go as PERFOUT for graphing. +# +# [2008-2011] Threshold parsing and check code had been rewritten and support added for specifying +# range per plugin guidelines: http://nagiosplug.sourceforge.net/developer-guidelines.html +# Internal structures had been changing and becoming more complex to various cases. +# In 2010-2012 plugins started to get support for ;warn;crit output of thresholds in perf, +# as specified in the guidelines. +# +# [Early 2012] Code from check_memcached had been used as a base for check_memcached and then +# check_redis plugins with some of the latest threshold code from check_netstat +# with more updates. Starting with check_redis the code from check_options() and +# from main part of plugin that was very similar across my plugins were separated +# into their own functions. KNOWN_STATS_VARS array was introduced as well to be +# able to properly add UOM symbol ('c', '%', 's', 'ms', 'B', 'KB') to perfout. +# check_memcached and check_redis also included support for calculating rate of +# variables in a similar way to how its been done in check_snmp_netint +# +# [0.1 - July 17, 2012] In 0.6 release of check_redis.pl support had been added for long options +# with special threshold line syntax: +# --option=WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN,DISPLAY:YES|NO,PERF:YES|NO +# This was extension from just doing --option=WARN,CRIT to have a more universal +# and extendable way to specify and alike parameters for checking. check_redis 0.6 +# also introduced support automatically adding long options with above syntax based +# on description in KNOWN_STATS_VARS. The functions for the library were all separated +# into their own section of the code. When inported to check_memcached global variables +# were added to that section and accessor functions written for some of them. +# This is considered 0.1 version of the library +# +# [0.2 - Aug 28, 2012] In August the library code in check_memcached had been re-written from +# just functions to object-oriented perl interface. All variables were hidden from +# direct access with accessor functions written. Documentation header had been added +# to each library function and the header for the library itself. This was major work +# taking over a week to do although functions and mainly sllllame as in 0.1. They are +# not stabilized and so library is only to be included within plugins. Support was +# also added for regex matching with PATTERN option spec. Also added NAME spec. +# License changed to LGPL from GPL for this code. +# [0.21 - Sep 3, 2012] Fix bug in handling absent data +# [0.22 - Mar 23, 2013] Fix bug in parse_threshold functon +# +# ================================== LIBRARY TODO ================================================= +# +# (a) Add library function to support '--extra-opts' to read plugin options from a file +# This is being to be compatible with http://nagiosplugins.org/extra-opts +# (b) Support regex matching and allowing multiple data for same threshold definition. +# [DONE] +# (c) Support for expressions in places of numeric values for thresholds. The idea is to allow +# to refer to another variable or to special macro. I know at least one person has extended +# my check_mysqld to support using mysql variables (not same as status data) for thresholds. +# I also previouslyhad planned such support with experimental check_snmp_attributes plugin +# library/base. The idea was also floated around on nagios-devel list. +# (d) Support specifying variables as expressions. This is straight out of check_snmp_atributes +# and maybe part of it can be reused for this +# (e) Add common SNMP functions into library as so many of my plugins use it# +# (f) Add more functions to make this library easier to use and stabilize its interfaces. +# Port my plugins to this library. +# (f) Add support for functions in Nagios-Plugins perl library. While its interfaces are +# different, I believe, it'd be possible to add "shim" code to support them too. +# (h) Write proper Perl-style documentation as well as web documentation (much of above maybe +# moved to web documentation) and move library to separate GITHUB project. Release it. +# (i) Port this library to Python and write one or two example plugins +# +# ================================================================================================ +{ +package Naglio; +use fields qw(); +use Text::ParseWords; + +my %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); +my $DEFAULT_PERF_OK_STATUS_REGEX = 'GAUGE|COUNTER|^DATA$|BOOLEAN'; + +# @DESCRIPTION : Library object constructor +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : Hash array of named config settings. All parameters are optiona. Currently supported are: +# plugin_name => string - short name of the plugin +# plugin_description => string - plugin longer description +# plugin_authors => string - list of plugin authors +# knownStatsVars => reference to hash - hash array defining known variables, what type they are, their description +# usage_function => &ref - function that would display helpful text in case of error with options for this plugin +# verbose => 1 or "" or "filename" - set to 1 or "" if verbose/debug or to filename to send data to (may not be called "0" or "1") +# output_comparison_symbols => 0 or 1 - 1 means library output in case threshold is met can use "<", ">", "=" +# 0 means output is something like "less than or equal", "more than", etc. +# all_variables_perf => 0 or 1 - 1 means data for all variables would go to PERF. This is what '-A *' or just -A do +# enable_long_options => 0 or 1 - 1 enables long options generated based on knownStatsVars. This is automatically enabled (from 0 +# to 1) when plugin references additional_options_list() unless this is set to -1 at library init +# enable_rate_of_change => 0 or 1 - enables support for calculating rate of change based on previously saved data, default is 1 +# enable_regex_match => 0 or 1 - when set to 1 each threshold-specified var name is treated as regex and can match +# to multiple collected data. this can also be enabled per-variable with PATTERN spec +# @RETURNS : Reference representing object instance of this library +# @PRIVACY & USE : PUBLIC, To be used when initializing the library +sub lib_init { + my $invocant = shift; + my $class = ref($invocant) || $invocant; + my %other_args = @_; + + # These used to be global variables, now these are object local variables in self with accessor + my @allVars = (); # all variables after options processing + my @perfVars = (); # performance variables list [renamed from @o_perfVarsL in earlier code] + my %thresholds=(); # hash array of thresholds for above variables, [this replaced @o_warnL and @o_critL in earlier code] + my %dataresults= (); # This is where data is loaded. It is a hash with variable names as keys and array array for value: + # $dataresults{$var}[0] - undef of value of this variable + # $dataresults{$var}[1] - 0 if variable not printed out to status line yet, 1 or more otherwise + # $dataresults{$var}[2] - 0 if variable data not yet put into PERF output, -1 if PERF output is preset, 1 after output + # $dataresults{$var}[3] - string, '' to start with, holds ready performance data output for this variable + # $dataresults{$var}[4] - only for regex matches. name of match var (which should be key in thresholds), otherwise undef + my %dataVars = (); # keys are variables from allVars and perfVars, values is array of data that matched i.e. keys in dataresults + my @ar_warnLv = (); # used during options processing + my @ar_critLv = (); # used during options processing + my @ar_varsL= (); # used during options processing + my @prev_time= (); # timestamps if more then one set of previois performance data + + my $self = { # library and nagios versions + _NaglioLibraryVersion => 0.2, # this library's version + _NagiosVersion => 3, # assume nagios core 3.x unless known otherwise + # library internal data structures + _allVars => \@allVars, + _perfVars => \@perfVars, + _thresholds => \%thresholds, + _dataresults => \%dataresults, + _datavars => \%dataVars, + _ar_warnLv => \@ar_warnLv, + _ar_critLv => \@ar_critLv, + _ar_varsL => \@ar_varsL, + _prevTime => \@prev_time, + _prevPerf => {}, # array that is populated with previous performance data + _checkTime => undef, # time when data was last checked + _statuscode => "OK", # final status code + _statusinfo => "", # if there is an error, this has human info about what it is + _statusdata => "", # if there is no error but we want some data in status line, this var gets it + _perfdata => "", # this variable collects performance data line + _saveddata => "", # collects saved data (for next plugin re-run, not implimented yet) + _init_args => \%other_args, + # copy of data from plugin option variables + o_variables => undef, # List of variables for warn and critical checks + o_crit => undef, # Comma-separated list of critical thresholds for each checked variable + o_warn => undef, # Comma-separated list of warning thresholds for each checked variable + o_perf => undef, # defined or undef. perf option means all data from variables also goes as PERFDATA + o_perfvars => undef, # List of variables only for PERFDATA + o_prevperf => undef, # previously saved performance data coming from $SERVICEPERFDATA$ macro + # library special input variables (similar to options) + o_rprefix => '', # prefix used to distinguish rate variables + o_rsuffix => '_rate', # suffix used to distinguish rate variables + knownStatusVars => {}, # Special HASH ARRAY with names and description of known variables + perfOKStatusRegex => $DEFAULT_PERF_OK_STATUS_REGEX, + verbose => 0, # verbose, same as debug, same as o_verb + plugin_name => '', # next 3 parameters are variables are currently not used + plugin_description => '', # but its still better if these are provided + plugin_authors => '', # in the future these maybe used for help & usage functions + # library setting variables + debug_file => "", # instead of setting file name in verbose, can also set it here + output_comparison_symbols => 1, # should plugin output >,<.=,! for threshold match + # if 0, it will say it in human form, i.e. "less" + all_variables_perf => 0, # should we all variables go to PERF (even those not listed in o_variables and o_perfvars) + # this is the option set to 1 when --perfvars '*' is used + enable_long_options => 0, # enable support for long options generated based on knownStatusVars description + enable_rate_of_change => 1, # enables support for calculatin rate of chane and for rate of change long options + enable_regex_match => 0, # 0 is not enabled, 1 means variables in o_variables and o_perfvars are considered regex to match actual data + # a value of 2 means its enabled, but for options with PATTERN specifier (this is not configurale value) + }; + + # bless to create an object + bless $self, $class; + + # deal with arguments that maybe passed to library when initalizing + if (exists($other_args{'KNOWN_STATUS_VARS'})) { + $self->{'knownStatusVars'} = $other_args{'KNOWN_STATUS_VARS'}; + } + $self->{'plugin_name'} = $other_args{'plugin_name'} if exists($other_args{'plugin_name'}); + $self->{'plugin_description'} = $other_args{'plugin_description'} if exists($other_args{'plugin_description'}); + $self->{'plugin_authors'} = $other_args{'plugin_authors'} if exists($other_args{'plugin_authors'}); + $self->{'usage_function'} = $other_args{'usage_gunction'} if exists($other_args{'usage_function'}); + $self->configure(%other_args); + + # return self object + return $self; +} + +# This is just an alias for object constructor lib_init function +sub new { + return lib_init(@_); +} + +# @DESCRIPTION : Allows to confiure some settings after initialization (all these can also be done as part of lib_init) +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : Hash array of named config settings. All parameters are optiona. Currently supported are: +# verbose => 1 or "" or "filename" - set to 1 or "" if verbose/debug or to filename to send data to (may not be called "0" or "1") +# output_comparison_symbols => 0 or 1 - 1 means library output in case threshold is met can use "<", ">", "=" +# 0 means output is something like "less than or equal", "more than", etc. +# all_variables_perf => 0 or 1 - 1 means data for all variables would go to PERF. This is what '-A *' or just -A do +# enable_long_options => 0 or 1 - 1 enables long options generated based on knownStatsVars. This is automatically enabled (from 0 +# to 1) when plugin references additional_options_list() unless this is set to -1 at library init +# enable_rate_of_change => 0 or 1 - enables support for calculating rate of change based on previously saved data, default is 1 +# enable_regex_match => 0 or 1 - when set to 1 each threshold-specified var name is treated as regex and can match +# to multiple collected data. this can also be enabled per-variable with PATTERN spec +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function. +sub configure { + my $self = shift; + my %args = @_; + + if (exists($args{'verbose'}) || exists($args{'debug'})) { + $self->{'verbose'} = 1; + if (exists($args{'verbose'}) && $args{'verbose'}) { + $self->{'debug_file'} = $args{'verbose'}; + } + if (exists($args{'debug_log_filename'})) { + $self->{'debug_file'} = $args{'debug_log_filename'}; + } + } + $self->{'all_variables_perf'} = $args{'all_variables_perf'} if exists($args{'all_variables_perf'}); + $self->{'enable_long_options'} = $args{'enable_long_options'} if exists($args{'enable_long_options'}); + $self->{'enable_rate_of_change'} = $args{'enable_rate_of_change'} if exists($args{'enable_rate_of_change'}); + $self->{'enable_regex_match'} = 1 if exists($args{'enable_regex_match'}) && $args{'enable_regex_match'}!=0; + $self->{'output_comparison_symbols'} = $args{'output_comparison_symbols'} if exists($args{'output_comparison_symbols'}); +} + +# @DESCRIPTION : Allows functions to take be used both directly and as object referenced functions +# In the 2nd case they get $self as 1st argument, in 1st they don't. this just adds +# $self if its if its not there so their argument list is known. +# Functions that allow both should still check if $self is defined +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : arbitrary list of arguments +# @RETURNS : arbitrary list of arguments with 1st being object hash or undef +# @PRIVACY & USE : PRIVATE +sub _self_args { + return @_ if ref($_[0]) && exists($_[0]->{'_NaglioLibraryVersion'}); + unshift @_,undef; + return @_; +} + +# @DESCRIPTION : Sets function to be called to display help text on using plugin in case of error +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : reference to usage function +# @RETURNS : nothing +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function : +sub set_usage_function { + my ($self, $usage_function) = @_; + $self->{'usage_function'} = $usage_function; +} + +# @DESCRIPTION : Usage function. For right now it just calls usage function given as a parameter +# In the future if it is not available, it'll print something standard. +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : nothing +# @PRIVACY & USE : PUBLIC, But primary for internal use. Must be used as an object instance function. +sub usage { + my $self = shift; + if (defined($self) && defined($self->{'usage_function'})) { &{$self->{'usage_function'}}(); } +} + +# @DESCRIPTION : This function converts uptime in seconds to nice & short output format +# @LAST_CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - uptime in seconds +# @RETURNS : string of uptime for human consumption +# @PRIVACY & USE : PUBLIC, Maybe used directly or as object instance function : +sub uptime_info { + my ($self,$uptime_seconds) = _self_args(@_); + my $upinfo = ""; + my ($secs,$mins,$hrs,$days) = (undef,undef,undef,undef); + + sub div_mod { return int( $_[0]/$_[1]) , ($_[0] % $_[1]); } + + ($mins,$secs) = div_mod($uptime_seconds,60); + ($hrs,$mins) = div_mod($mins,60); + ($days,$hrs) = div_mod($hrs,24); + $upinfo .= "$days days" if $days>0; + $upinfo .= (($upinfo ne '')?' ':'').$hrs." hours" if $hrs>0; + $upinfo .= (($upinfo ne '')?' ':'').$mins." minutes" if $mins>0 && ($days==0 || $hrs==0); + $upinfo .= (($upinfo ne '')?' ':'').$secs." seconds" if $secs>0 && $days==0 && $hrs==0; + return $upinfo; +} + +# @DESCRIPTION : If debug / verbose option is set, function prints its input out or to debug file +# @LAST_CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - string of debug text +# @RETURNS : nothing +# @PRIVACY & USE : PUBLIC, Maybe used directly or as object instance function +sub verb { + my ($self,$in) = _self_args(@_); + my $debug_file_name = ""; + + if (defined($o_verb) || (defined($self) && defined($self->{'verbose'}) && $self->{'verbose'} ne 0)) { + $debug_file_name = $self->{'debug_file'} if defined($self) && $self->{'debug_file'} ne ""; + $debug_file_name = $self->{'verbose'} if $debug_file_name ne "" && defined($self) && + ($self->{'verbose'} ne 0 && $self->{'verbose'} ne 1 && $self->{'verbose'} ne ''); + $debug_file_name = $o_verb if $debug_file_name ne "" && defined($o_verb) && $o_verb ne ""; + if ($debug_file_name ne "") { + if (!open (DEBUGFILE, ">>$debug_file_name")) { + print $in, "\n"; + } + else { + print DEBUGFILE $in,"\n"; + close DEBUGFILE; + } + } + else { + print $in, "\n"; + } + } +} + +# @DESCRIPTION : Check of string is a a number supporting integers, negative, decimal floats +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - string of text to be checked +# @RETURNS : 1 if its a number, 0 if its not a number +# @PRIVACY & USE : PUBLIC, To be used statically and not as an object instance reference +sub isnum { + my $num = shift; + if (defined($num) && $num =~ /^[-|+]?((\d+\.?\d*)|(^\.\d+))$/ ) { return 1 ;} + return 0; +} + +# @DESCRIPTION : Check of string is a a number supporting integers, negative, decimal floats +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - string of text to be checked +# @RETURNS : 1 if its a number, 0 if its not a number +# @PRIVACY & USE : PUBLIC, To be used statically and not as an object instance function +sub trim { + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} + +# @DESCRIPTION : Takes as input string from PERF or SAVED data from previous plugin invocation +# which should contain space-separated list of var=data pairs. The string is +# parsed and it returns back hash array of var=>data pairs. +# - Function written in 2007 for check_snmp_netint, first release 06/01/07 +# - Modified to use quotewords as suggested by Nicholas Scott, release of 05/20/12 +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : ARG1 - string of text passed from SERVICEPERFDATA OR SERVICESAVEDDATA MACRO +# @RETURNS : hash array (see description) +# @PRIVACY & USE : PUBLIC, Maybe used directly or as object instance function +# TODO: double-check this works when there are no single quotes as check_snmp_netint always did quotes +sub process_perf { + my ($self,$in) = _self_args(@_); + my %pdh; + my ($nm,$dt); + use Text::ParseWords; + foreach (quotewords('\s+',1,$in)) { + if (/(.*)=(.*)/) { + ($nm,$dt)=($1,$2); + if (defined($self)) { $self->verb("prev_perf: $nm = $dt"); } + else { verb("prev_perf: $nm = $dt"); } + # in some of my plugins time_ is to profile execution time for part of plugin + # $pdh{$nm}=$dt if $nm !~ /^time_/; + $pdh{$nm}=$dt; + $pdh{$nm}=$1 if $dt =~ /(\d+)[csB%]/; # 'c' or 's' or B or % maybe have been added + # support for more than one set of previously cached performance data + # push @prev_time,$1 if $nm =~ /.*\.(\d+)/ && (!defined($prev_time[0]) || $prev_time[0] ne $1); + } + } + return %pdh; +} + +# @DESCRIPTION : Converts variables with white-spaces with per-name enclosed with '' +# @LAST CHANGED : 08-24-12 by WL +# @INPUT : ARG1 - varible name +# @RETURNS : name for perf-out output +# @PRIVACY & USE : PUBLIC, but its use should be limited. To be used statically and not as an object instance function +sub perf_name { + my $in = shift; + my $out = $in; + $out =~ s/'\/\(\)/_/g; #' get rid of special characters in performance description name + if ($in !~ /\s/ && $in eq $out) { + return $in; + } + return "'".$out."'"; +} + +# @DESCRIPTION : Determines appropriate output name (for STATUS and PERF) taking into account +# rate variales prefix/suffix and 'NAME' override in long thresholds line specification +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - variable name (variable as found in dataresults) +# @RETURNS : name for output +# @PRIVACY & USE : PUBLIC, but its use should be limited. To be as an object instance function, +sub out_name { + my ($self,$dname) = @_; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self-> {'_dataresults'}; + my $vr = $self->data2varname($dname,1); + my $name_out; + + if (defined($vr) && exists($thresholds->{$vr}{'NAME'})) { + if (exists($thresholds->{$vr}{'PATTERN'}) || $self->{'enable_regex_match'} == 1) { + $thresholds->{$vr}{'NAMES_INDEX'} = {} if !exists($thresholds->{$vr}{'NAMES_INDEX'}); + if (!exists($thresholds->{$vr}{'NAMES_INDEX'}{$dname})) { + my $ncount = scalar(keys %{$thresholds->{$vr}{'NAMES_INDEX'}}); + $ncount++; + $thresholds->{$vr}{'NAMES_INDEX'}{$dname} = $ncount; + } + $name_out = $thresholds->{$vr}{'NAME'} .'_'. $thresholds->{$vr}{'NAMES_INDEX'}{$dname}; + } + else { + $name_out = $thresholds->{$vr}{'NAME'}; + } + } + else { + # this is for output of rate variables which name internally start with & + if ($dname =~ /^&(.*)/) { + $name_out = $self->{'o_rprefix'}.$1.$self->{'o_rsuffix'}; + } + else { + $name_out = $dname; + } + } + return $name_out; +} + +# @DESCRIPTION : Builds statusline. Adds info on error conditions that would preceed status data. +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - string argument for status info +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, but its direct use is discouraged. Must be used as an object instance function +sub addto_statusinfo_output { + my ($self, $var, $sline) = @_; + $self->{'_statusinfo'} .= ", " if $self->{'_statusinfo'}; + $self->{'_statusinfo'} .= trim($sline); + $self->{'_dataresults'}{$var}[1]++; +} + +# @DESCRIPTION : Accessor function for statusinfo +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : statusinfo (error conditions and messages) string +# @PRIVACY & USE : PUBLIC. Must be used as an object instance function +sub statusinfo { + my $self = shift; + if (defined($self) && defined($self->{'_statusinfo'})) { + return $self->{'_statusinfo'}; + } + return undef; +} + +# @DESCRIPTION : Builds Statuline. Adds variable data for status line output in non-error condition. +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - formatted for human consumption text of collected data for this variable +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, but its direct use is discouraged. Must be used as an object instance function +sub addto_statusdata_output { + my ($self,$dvar,$data) = @_; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self -> {'_dataresults'}; + my $avar = $self->data2varname($dvar,1); + + # $self->verb("debug: addto_statusdata_output - dvar is $dvar and avar is $avar"); + if ((!exists($thresholds->{$avar}{'DISPLAY'}) || $thresholds->{$avar}{'DISPLAY'} eq 'YES') && + (!exists($dataresults->{$dvar}[1]) || $dataresults->{$dvar}[1] == 0)) { + $self->{'_statusdata'} .= ", " if $self->{'_statusdata'}; + if (defined($data)) { + $self->{'_statusdata'} .= trim($data); + } + elsif (exists($dataresults->{$dvar}[0])) { + $self->{'_statusdata'} .= $self->out_name($dvar) ." is ".$dataresults->{$dvar}[0]; + } + $dataresults->{$dvar}[1]++; + } +} + +# @DESCRIPTION : Accessor function for statusdata +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : statusdata string (non-error data from some variables) +# @PRIVACY & USE : PUBLIC. Must be used as an object instance function +sub statusdata { + my $self = shift; + if (defined($self) && defined($self->{'_statusdata'})) { + return $self->{'_statusdata'}; + } + return undef; +} + +# @DESCRIPTION : This function sets text or data for data variable PERFORMANCE output +# (;warn;crit would be added to it later if thresholds were set for this variable) +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - either "var=data" text or just "data" (in which case var= is prepended to it) +# ARG3 - UOM symol ('c' for continous, '%' for percent, 's' for seconds) to added after data +# if undef then it is looked up in known variables and if one is present there, its used +# ARG4 - one of: "REPLACE" - if existing preset perfdata is present, it would be replaced with ARG2 +# "ADD" - if existing preset perfdata is there, ARG2 string would be added to it (DEFAULT) +# "IFNOTSET - only set perfdata to ARG2 if it is empty, otherwise keep existing +# @RETURNS : nothing (future: 0 on success, -1 on error) +# @PRIVACY & USE : PUBLIC, but its use should be limited to custom variables added by plugins to data +# Must be used as an object instance function +sub set_perfdata { + my ($self,$avar,$adata,$unit,$opt) = @_; + my $dataresults = $self->{'_dataresults'}; + my $thresholds = $self->{'_thresholds'}; + my $known_vars = $self->{'knownStatusVars'}; + my $bdata = $adata; + my $vr = undef; + + # default operation is ADD + if (!defined($opt)) { + $opt = "ADD"; + } + else { + $opt = uc $opt; + } + if (defined($adata)) { + # if only data wthout "var=" create proper perf line + $bdata = perf_name($self->out_name($avar)).'='.$adata if $adata !~ /=/; + if (defined($unit)) { + $bdata .= $unit; + } + else { + # appending UOM is done here + $vr = $self->data2varname($avar,1); + if (defined($vr)) { + if (exists($thresholds->{$vr}{'UOM'})) { + $bdata .= $thresholds->{$vr}{'UOM'}; + } + elsif (exists($known_vars->{$vr}[2])) { + $bdata .= $known_vars->{$vr}[2]; + } + } + } + # preset perfdata in dataresults array + $dataresults->{$avar}=[undef,0,0,''] if !defined($dataresults->{$avar}); + $dataresults->{$avar}[2]=-1; + if ($opt eq "REPLACE" || !exists($dataresults->{$avar}[3]) || $dataresults->{$avar}[3] eq '') { + $dataresults->{$avar}[3]=$bdata; + } + elsif (exists($dataresults->{$avar}[3]) && $dataresults->{$avar}[3] ne '' && $opt eq "ADD") { + $dataresults->{$avar}[3].=$adata; + } + } +} + +# @DESCRIPTION : This function is used when building performance output +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - optional data argument, if not present variable's dataresults are used +# ARG3 - one of: "REPLACE" - if existing preset perfdata is present, it would be replaced with ARG2 +# "ADD" - if existing preset perfdata is there, ARG2 string would be added to it +# "IFNOTSET - only set perfdata to ARG2 if it is empty, otherwise keep existing (DEFAULT) +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, but its direct use is discouraged. Must be used as an object instance function +sub addto_perfdata_output { + my ($self,$avar,$adata, $opt) = @_; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self-> {'_dataresults'}; + my $vr = undef; + + if (!defined($opt)) { + $opt = "IFNOTSET"; + } + else { + $opt = uc $opt; + } + $vr = $self->data2varname($avar,1); + if (defined($avar) && defined($vr) && + (!exists($thresholds->{$vr}{'PERF'}) || $thresholds->{$vr}{'PERF'} eq 'YES') && + (!defined($dataresults->{$avar}[2]) || $dataresults->{$avar}[2] < 1)) { + my $bdata = ''; + if (defined($adata)) { + $bdata .= trim($adata); + } + # this is how most perfdata gets added + elsif (defined($dataresults->{$avar}[0])) { + $bdata .= perf_name($self->out_name($avar)) .'='. $dataresults->{$avar}[0]; + } + # this would use existing preset data now if it was present due to default + # setting UOM from KNOWN_STATUS_VARS array is now in set_perfdata if 3rd arg is undef + $self->set_perfdata($avar,$bdata,undef,$opt); + # now we actually add to perfdata from [3] of dataresults + if (exists($dataresults->{$avar}[3]) && $dataresults->{$avar}[3] ne '') { + $bdata = trim($dataresults->{$avar}[3]); + $self->{'_perfdata'} .= " " if $self->{'_perfdata'}; + $self->{'_perfdata'} .= $bdata; + $dataresults->{$avar}[2]=0 if $dataresults->{$avar}[2] < 0; + $dataresults->{$avar}[2]++; + } + } +} + +# @DESCRIPTION : Accessor function for map from data collected to variable names specified in options and thresholds +# @LAST CHANGED : 08-22-13 by WL +# @INPUT : ARG1 - data variable name +# ARG2 - if undef or 0 return undef if no match for ARG1 found, if 1 return ARG1 +# @RETURNS : string of variable name as was specified with --variables or --thresholds +# @PRIVACY & USE : PUBLIC. Must be used as an object instance function +sub data2varname { + my ($self,$dname,$ropt) = @_; + my $dataresults = $self->{'_dataresults'}; + + return $dataresults->{$dname}[4] if defined($self) && defined($dataresults->{$dname}[4]); + return $dname if defined($ropt) && $ropt eq 1; + return undef; +} + +# @DESCRIPTION : Sets list and info on known variables and regex for acceptable data types. +# This function maybe called more than once. If called again, new vars in subsequent +# calls are added to existing ones and existing vars are replaced if they are there again. +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : ARG1 - ref to hash array of known vars. Keys are variable names. Data is an array. Example is: +# 'version' => [ 'misc', 'VERSION', '' ], +# 'utilization' => [ 'misc', 'GAUGE', '%' ], +# 'cmd_get' => [ 'misc', 'COUNTER', 'c', "Total Number of Get Commands from Start" ], +# The array elements are: +# 1st - string of source for this variable. not used by the library at all, but maybe used by code getting the data +# 2nd - type of data in a variable. May be "GAUGE", "VERSION", "COUNTER", "BOOLEAN", "TEXTINFO", "TEXTDATA", "SETTING" +# 3rd - either empty or one-character UOM to be added to perforance data - 'c' for continous, '%' percent, 's' seconds +# 4th - either empty or a description of this variable. If not empty, the variable becomes long-option and this is help text +# ARG2 - regex of acceptable types of data for performance output. Anything else is ignored (i.e. no no output to perf), but +# is still available for threshold checks. if this is undef, then default of 'GAUGE|COUNTER|^DATA$|BOOLEAN' is used +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Must be used as object instance function +sub set_knownvars { + my ($self, $known_vars_in, $vartypes_regex_in) = @_; + my $known_vars = $self->{'knownStatusVars'}; + + if (defined($known_vars_in)) { + foreach (keys %{$known_vars_in}) { + $known_vars->{$_} = $known_vars_in->{$_}; + } + } + if (defined($vartypes_regex_in)) { + $self->{'perfOKStatusRegex'} = $vartypes_regex_in; + } + else { + $self->{'perfOKStatusRegex'} = $DEFAULT_PERF_OK_STATUS_REGEX; + } +} + +# @DESCRIPTION : Adds known variables definition one at a time +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - string of source for this variable. not used by the library at all, but maybe used by code getting the data +# ARG3 - type of data in a variable. May be "GAUGE", "VERSION", "COUNTER", "BOOLEAN", "TEXTINFO", "TEXTDATA", "SETTING" +# ARG4 - either empty or one-character UOM symbol to be added to perforance data - 'c' for continous, '%' percent, 's' seconds +# ARG5 - either empty or a description of this variable. If not empty, the variable becomes long-option and this is help text +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Must be used as object instance function +sub add_knownvar { + my ($self, $varname, $source, $type, $unit, $description) = @_; + my $temp = { $varname => [ $source, $type, $unit, $description] }; + $self->set_knownvars($temp,undef); +} + +# @DESCRIPTION : This function is used for checking data values against critical and warning thresholds +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - variable name (used for text output in case it falls within threshold) +# ARG2 - data to be checked +# ARG3 - threshold to be checked, internal structure returned by parse_threshold() +# @RETURNS : Returns "" (empty string) if data is not within threshold range +# and text message for status line out about how data is within range otherwise +# @PRIVACY & USE : PUBLIC. Maybe used directly or as an object instance function +sub check_threshold { + my ($self,$attrib,$data,$th_array) = _self_args(@_); + my $mod = $th_array->[0]; + my $lv1 = $th_array->[1]; + my $lv2 = $th_array->[2]; + my $issymb = 1; + $issymb = 0 if defined($self) && $self->{'output_comparison_symbols'} eq 0; + + # verb("debug check_threshold: $mod : ".(defined($lv1)?$lv1:'')." : ".(defined($lv2)?$lv2:'')); + return "" if !defined($lv1) || ($mod eq '' && $lv1 eq ''); + return " " . $attrib . " is " . $data . ( ($issymb==1)?' = ':' equal to ' ). $lv1 if $mod eq '=' && $data eq $lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' != ':' not equal to ' ). $lv1 if $mod eq '!' && $data ne $lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' > ':' more than ' ) . $lv1 if $mod eq '>' && $data>$lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' > ':' more than ' ) . $lv2 if $mod eq ':' && $data>$lv2; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' >= ':' more than or equal to ' ) . $lv1 if $mod eq '>=' && $data>=$lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' < ':' less than ' ). $lv1 if ($mod eq '<' || $mod eq ':') && $data<$lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' <= ':' less than or equal to ' ) . $lv1 if $mod eq '<=' && $data<=$lv1; + return " " . $attrib . " is " . $data . " in range $lv1..$lv2" if $mod eq '@' && $data>=$lv1 && $data<=$lv2; + return ""; +} + +# @DESCRIPTION : This function is called to parse threshold string +# @LAST CHANGED : 03-23-13 by WL +# (the code in this function can be traced back to late 2006. It has not much changed from 2008) +# @INPUT : ARG1 - String for one variable WARN or CRIT threshold which can be as follows: +# data - warn if data is above this value if numeric data, or equal for non-numeric +# >data - warn if data is above this value (default for numeric values) +# num2 +# \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 +# @RETURNS : Returns reference to a hash array, this library's structure for holding processed threshold spec +# @PRIVACY & USE : PUBLIC. Maybe used directly or as an object instance function +sub parse_threshold { + my ($self,$thin) = _self_args(@_); + + # link to an array that holds processed threshold data + # array: 1st is type of check, 2nd is threshold value or value1 in range, 3rd is value2 in range, + # 4th is extra options such as ^, 5th is nagios spec string representation for perf out + my $th_array = [ '', undef, undef, '', '' ]; + my $th = $thin; + my $at = ''; + + $at = $1 if $th =~ s/^(\^?[@|>|<|=|!]?~?)//; # check mostly for my own threshold format + $th_array->[3]='^' if $at =~ s/\^//; # deal with ^ option + $at =~ s/~//; # ignore ~ if it was entered + if ($th =~ /^\:([-|+]?\d+\.?\d*)/) { # :number format per nagios spec + $th_array->[1]=$1; + $th_array->[0]=($at !~ /@/)?'>':'<='; + $th_array->[5]=($at !~ /@/)?('~:'.$th_array->[1]):($th_array->[1].':'); + } + elsif ($th =~ /([-|+]?\d+\.?\d*)\:$/) { # number: format per nagios spec + $th_array->[1]=$1; + $th_array->[0]=($at !~ /@/)?'<':'>='; + $th_array->[5]=($at !~ /@/)?'':'@'; + $th_array->[5].=$th_array->[1].':'; + } + elsif ($th =~ /([-|+]?\d+\.?\d*)\:([-|+]?\d+\.?\d*)/) { # nagios range format + $th_array->[1]=$1; + $th_array->[2]=$2; + if ($th_array->[1] > $th_array->[2]) { + print "Incorrect format in '$thin' - in range specification first number must be smaller then 2nd\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + $th_array->[0]=($at !~ /@/)?':':'@'; + $th_array->[5]=($at !~ /@/)?'':'@'; + $th_array->[5].=$th_array->[1].':'.$th_array->[2]; + } + if (!defined($th_array->[1])) { # my own format (<,>,=,!) + $th_array->[0] = ($at eq '@')?'<=':$at; + $th_array->[1] = $th; + $th_array->[5] = '~:'.$th_array->[1] if ($th_array->[0] eq '>' || $th_array->[0] eq '>='); + $th_array->[5] = $th_array->[1].':' if ($th_array->[0] eq '<' || $th_array->[0] eq '<='); + $th_array->[5] = '@'.$th_array->[1].':'.$th_array->[1] if $th_array->[0] eq '='; + $th_array->[5] = $th_array->[1].':'.$th_array->[1] if $th_array->[0] eq '!'; + } + if ($th_array->[0] =~ /[>|<]/ && !isnum($th_array->[1])) { + print "Numeric value required when '>' or '<' are used !\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + # verb("debug parse_threshold: $th_array->[0] and $th_array->[1]"); + $th_array->[0] = '=' if !$th_array->[0] && !isnum($th_array->[1]) && $th_array->[1] ne ''; + if (!$th_array->[0] && isnum($th_array->[1])) { # this is just the number by itself, becomes 0:number check per nagios guidelines + $th_array->[2]=$th_array->[1]; + $th_array->[1]=0; + $th_array->[0]=':'; + $th_array->[5]=$th_array->[2]; + } + return $th_array; +} + +# @DESCRIPTION : this function checks that for numeric data warn threshold is within range of critical +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - warhing threshold structure (reference to hash array) +# ARG2 - critical threshold structure (reference to hash array) +# @RETURNS : Returns 1 if warning does not fall within critical (there is an error) +# Returns 0 if everything is ok and warning is within critical +# @PRIVACY & USE : PUBLIC, but its use is discouraged. Maybe used directly or as an object instance function. +sub threshold_specok { + my ($self, $warn_thar,$crit_thar) = _self_args(@_); + + return 1 if defined($warn_thar) && defined($warn_thar->[1]) && + defined($crit_thar) && defined($crit_thar->[1]) && + isnum($warn_thar->[1]) && isnum($crit_thar->[1]) && + $warn_thar->[0] eq $crit_thar->[0] && + (!defined($warn_thar->[3]) || $warn_thar->[3] !~ /\^/) && + (!defined($crit_thar->[3]) || $crit_thar->[3] !~ /\^/) && + (($warn_thar->[1]>$crit_thar->[1] && ($warn_thar->[0] =~ />/ || $warn_thar->[0] eq '@')) || + ($warn_thar->[1]<$crit_thar->[1] && ($warn_thar->[0] =~ /[0] eq ':')) || + ($warn_thar->[0] eq ':' && $warn_thar->[2]>=$crit_thar->[2]) || + ($warn_thar->[0] eq '@' && $warn_thar->[2]<=$crit_thar->[2])); + return 0; # return with 0 means specs check out and are ok +} + +# @DESCRIPTION : this compares var names from data to names given as plugin options treating them regex +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - the name to search for +# @RETURNS : Keyname for what first one that matched from _thresholds +# Undef if nothing matched +# @PRIVACY & USE : PUBLIC, but its direct use should be rare. Must be used as an object instance function. +sub var_pattern_match { + my ($self, $name) = @_; + my $thresholds = $self->{'_thresholds'}; + my $allvars = $self->{'_allVars'}; + my $is_regex_match = $self->{'enable_regex_match'}; + my $v; + my $pattern; + + foreach $v (@{$allvars}) { + $pattern=''; + if ($is_regex_match eq 1 && !defined($thresholds->{$v}{'PATTERN'})) { + $pattern=$v; + } + elsif ($is_regex_match ne 0 && defined($thresholds->{$v}{'PATTERN'})) { + $pattern = $thresholds->{$v}{'PATTERN'}; + } + if ($pattern ne '' && $name =~ /$pattern/) { + $self->verb("Data name '".$name."' matches pattern '".$pattern."'"); + return $v; + } + } + return undef; +} + +# @DESCRIPTION : This function adds data results +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : ARG1 - name of data variable +# ARG2 - data for this variable +# ARG3 - name of checked variable/parameter corresponding to this data variable +# default undef, assumed to be same as ARG1 +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub add_data { + my ($self, $dnam, $dval, $anam) = @_; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self-> {'_dataresults'}; + my $datavars = $self -> {'_datavars'}; + my $perfVars = $self->{'_perfVars'}; + + # determine what plugin options-specified var & threshold this data corresponds to + if (!defined($anam)) { + if ($self->{'enable_regex_match'} == 0) { + $anam = $dnam; + } + else { + $anam = $self->var_pattern_match($dnam); + $anam = $dnam if !defined($anam); + } + } + # set dataresults + if (exists($dataresults->{$dnam})) { + $dataresults->{$dnam}[0] = $dval; + $dataresults->{$dnam}[4] = $anam if defined($anam); + } + else { + $dataresults->{$dnam} = [$dval, 0, 0, '', $anam]; + } + # reverse map array + $datavars->{$anam} = [] if !exists($datavars->{$anam}); + push @{$datavars->{$anam}}, $dnam; + # setperf if all variables go to perf + if ($self->{'all_variables_perf'} == 1) { + $thresholds->{$anam}={} if !exists($thresholds->{$anam}); + $thresholds->{$anam}{'PERF_DATALIST'} = [] if !exists($thresholds->{$anam}{'PERF_DATALIST'}); + push @{$thresholds->{$anam}{'PERF_DATALIST'}}, $dnam; + if (!defined($thresholds->{$anam}{'PERF'})) { + push @{$perfVars}, $anam; + $thresholds->{$anam}{'PERF'} = 'YES'; + } + } +} + +# @DESCRIPTION : Accessor function that gets variable data +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - name of data variable +# @RETURNS : undef if variable does not exist and data otherwise +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub vardata { + my ($self,$dnam) = @_; + my $dataresults = $self->{'_dataresults'}; + return undef if !exists($dataresults->{$dnam}); + return $dataresults->{$dnam}[0]; +} + +# @DESCRIPTION : This function parses "WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN" combined threshold string +# Parsing of actual threshold i.e. what is after WARN, CRIT is done by parse_threshold() function +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : ARG1 - String containing threshold line like "WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN" +# Acceptable comma-separated parts threshold specifiers are: +# WARN: - warning threshold +# CRIT: - critical threshold +# ABSENT:OK|WARNING|CRITICAL|UNKNOWN - nagios exit code if data for this variable is not found +# ZERO:OK|WARNING|CRITICAL|UNKNOWN - nagios exit code if data is 0 +# DISPLAY:YES|NO - output data in plugin status line +# PERF:YES|NO - output data as plugin performance data +# SAVED:YES|NO - put results in saved data (this really should not be set manually) +# PATTERN: - enables regex match allowing more than one real data name to match this threshold +# NAME: - overrides output status and perf name for this variable +# UOM: - unit of measurement symbol to add to perf +# @RETURNS : Returns reference to a hash array, a library's structure for holding processed MULTI-THRESHOLD spec +# Note that this is MULTI-THRESHOLD hash structure, it itself contains threshold hashes returned by parse_threshold() +# @PRIVACY & USE : PUBLIC, but its use is discouraged. Maybe used directly or as an object instance function. +sub parse_thresholds_list { + my ($self,$in) = _self_args(@_); + my $thres = {}; + my @tin = undef; + my $t = undef; + my $t2 = undef; + + @tin = split(',', $in); + $t = uc $tin[0] if exists($tin[0]); + # old format with =warn,crit thresolds without specifying which one + if (defined($t) && $t !~ /^WARN/ && $t !~ /^CRIT/ && $t !~ /^ABSENT/ && $t !~ /^ZERO/ && + $t !~ /^DISPLAY/ && $t !~ /^PERF/ && $t !~ /^SAVED/ && + $t !~ /^PATTERN/ && $t !~ /^NAME/ && $t !~ /^UOM/) { + if (scalar(@tin)==2) { + if (defined($self)) { + $thres->{'WARN'} = $self->parse_threshold($tin[0]); + $thres->{'CRIT'} = $self->parse_threshold($tin[1]); + } + else { + $thres->{'WARN'} = parse_threshold($tin[0]); + $thres->{'CRIT'} = parse_threshold($tin[1]); + } + } + else { + print "Can not parse. Unknown threshold specification: $in\n"; + print "Threshold line should be either both warning and critical thresholds separated by ',' or \n"; + print "new format of: WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN\n"; + print "which allows to specify all 3 (CRIT,WARN,ABSENT) or any one of them in any order\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + # new format with prefix specifying if its WARN or CRIT and support of ABSENT + else { + foreach $t (@tin) { + $t2 = uc $t; + if ($t2 =~ /^WARN\:(.*)/) { + if (defined($self)) { + $thres->{'WARN'} = $self->parse_threshold($1); + } + else { + $thres->{'WARN'} = parse_threshold($1); + } + } + elsif ($t2 =~ /^CRIT\:(.*)/) { + if (defined($self)) { + $thres->{'CRIT'} = $self->parse_threshold($1); + } + else { + $thres->{'CRIT'} = parse_threshold($1); + } + } + elsif ($t2 =~ /^ABSENT\:(.*)/) { + my $val = $1; + if (defined($ERRORS{$val})) { + $thres->{'ABSENT'} = $val; + } + else { + print "Invalid value $val after ABSENT. Acceptable values are: OK, WARNING, CRITICAL, UNKNOWN\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + elsif ($t2 =~ /^ZERO\:(.*)/) { + my $val = $1; + if (exists($ERRORS{$val})) { + $thres->{'ZERO'} = $val; + } + else { + print "Invalid value $val after ZERO. Acceptable values are: OK, WARNING, CRITICAL, UNKNOWN\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + elsif ($t2 =~ /^DISPLAY\:(.*)/) { + if ($1 eq 'YES' || $1 eq 'NO') { + $thres->{'DISPLAY'} = $1; + } + else { + print "Invalid value $1 after DISPLAY. Specify this as YES or NO.\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + elsif ($t2 =~ /^PERF\:(.*)/) { + if ($1 eq 'YES' || $1 eq 'NO') { + $thres->{'PERF'} = $1; + } + else { + print "Invalid value $1 after PERF. Specify this as YES or NO.\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + elsif ($t =~ /^PATTERN\:(.*)/i) { + $thres->{'PATTERN'} = $1; + $self->{'enable_regex_match'} = 2 if defined($self) && $self->{'enable_regex_match'} eq 0; + } + elsif ($t =~ /^NAME\:(.*)/i) { + $thres->{'NAME'} = $1; + } + elsif ($t =~ /^UOM\:(.*)/i) { + $thres->{'UOM'} = $1; + } + else { + print "Can not parse. Unknown threshold specification: $_\n"; + print "Threshold line should be WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN,ZERO:OK|WARNING|CRITICAL|UNKNOWN\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + } + if (exists($thres->{'WARN'}) && exists($thres->{'CRIT'})) { + my $check_warncrit = 0; + if (defined($self)) { + $check_warncrit = $self->threshold_specok($thres->{'WARN'},$thres->{'CRIT'}); + } + else { + $check_warncrit = threshold_specok($thres->{'WARN'},$thres->{'CRIT'}); + } + if ($check_warncrit) { + print "All numeric warning values must be less then critical (or greater then when '<' is used)\n"; + print "Note: to override this check prefix warning value with ^\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + return $thres; +} + +# @DESCRIPTION : Adds variable to those whose thresholds would be checked +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : ARG1 - name of the data variable +# ARG2 - either: +# 1) ref to combined thresholds hash array i.e. { 'WARN' => threshold array, 'CRIT' => threshold array, ABSENT => ... } +# such hash array is returned by by parse_thresholds_list function +# -- OR -- +# 2) a tet string with a list of thresholds in the format +# WARN:threshold,CRIT:thresholod,ABSENT:OK|WARNING|CRITICAL|UNKNOWN,ZERO:WARNING|CRITICAL|UNKNOWN,PATTERN:pattern,NAME:name +# which would get parsed y parse_thresholds_list function into ref array +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Recommend function for adding thresholds. Must be used as an object instance function +sub add_thresholds { + my ($self,$var,$th_in) = @_; + my $th; + if (ref($th_in) && (exists($th_in->{'WARN'}) || exists($th_in->{'CRIT'}) || exists($th_in->{'DISPLAY'}) || + exists($th_in->{'PERF'}) || exists($th_in->{'SAVED'}) || exists($th_in->{'ABSENT'}) || + exists($th_in->{'ZERO'}) || exists($th_in->{'PATTERN'}))) { + $th = $th_in; + } + else { + $th = $self->parse_thresholds_list($th_in); + } + if (!defined($var)) { + if (defined($th->{'NAME'})) { + $var = $th->{'NAME'}; + } + elsif (defined($th->{'PATTERN'})) { + $var = $th->{'PATTERN'}; + } + else { + print "Can not parse. No name or pattern in threshold: $th_in\n"; + print "Specify threshold line as: NAME:name,PATTERN:regex,WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN,ZERO:OK|WARNING|CRITICAL|UNKNOWN\n"; + $self->usage(); + exit $ERRORS{"UNKNOWN"}; + } + } + push @{$self->{'_allVars'}}, $var if !exists($self->{'_thresholds'}{$var}); + $self->{'_thresholds'}{$var}=$th; +} + +# @DESCRIPTION : Accessor function for thresholds and related variable settings on what and how to check +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - name of data variable +# ARG2 - name of the threshold or related data setting to return +# This can be: "WARN", "CRIT", "ABSENT", "ZERO", "DISPLAY", "PERF" +# @RETURNS : undef if variable does not exist +# if variable exists and "WARN" or "CRIT" thresholds are requested, it returns asociated +# threshold hash array structure for named threshold of the type returned by parse_threshold() +# for ABSENT, ZERO, DISPLAY, PERF and other, it returns a string for this check setting +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub get_threshold { + my ($self,$var,$thname) = @_; + return undef if !exists($self->{'_thresholds'}{$var}) || !exists($self->{'_thresholds'}{$var}{$thname}); + return $self->{'_thresholds'}{$var}{$thname}; +} + +# @DESCRIPTION : Modifier function for thresholds and related variable settings on how to check and display results +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - name of data variable +# ARG2 - type of the threshold or related data setting +# This can be: "WARN", "CRIT", "ABSENT", "ZERO", "DISPLAY", "PERF" +# ARG3 - what to set this to, for "WARN" and "CRIT" this must be hash array returned by parse_threshold() +# @RETURNS : 0 if type you want to set is not one of "WARN", "CRIT", "ZERO" or other acceptable settings +# 1 on success +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub set_threshold { + my ($self,$var,$thname,$thdata) = @_; + if ($thname ne 'WARN' && $thname ne 'CRIT' && $thname ne 'ZERO' && $thname ne 'PATTERN' && $thname ne 'NAME' && + $thname ne 'ABSENT' && $thname ne 'PERF' && $thname ne 'DISPLAY' && $thname ne 'SAVED' && $thname ne 'UOM') { + return 0; + } + $self->{'_thresholds'}{$var}={} if !exists($self->{'_thresholds'}{$var}); + $self->{'_thresholds'}{$var}{$thname}=$thdata; + return 1; +} + +# @DESCRIPTION : Returns list variables for GetOptions(..) that are long-options based on known/defined variable +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : none +# @RETURNS : Array of additional options based on KNOWN_STATS_VARS +# @PRIVACY & USE : PUBLIC, Special use case with GetOpt::Long. Must be used as an object instance function +sub additional_options_list { + my $self = shift; + + my $known_vars = $self->{'knownStatusVars'}; + my ($o_rprefix, $o_rsuffix, $v, $v2) = ('','','',''); + $o_rprefix = $self->{'o_rprefix'} if defined($self->{'o_rprefix'}); + $o_rsuffix = $self->{'o_rsuffix'} if defined($self->{'o_rsuffix'}); + my @VarOptions = (); + + if ($self->{'enable_long_options'} != -1) { + if (defined($self) && defined($known_vars)) { + foreach $v (keys %{$known_vars}) { + if (exists($known_vars->{$v}[3]) && $known_vars->{$v}[3] ne '') { + push @VarOptions,$v."=s"; + if ($self->{'enable_rate_of_change'} eq 1 && $known_vars->{$v}[1] eq 'COUNTER' && ($o_rprefix ne '' || $o_rsuffix ne '')) { + $v2 = $o_rprefix.$v.$o_rsuffix; + push @VarOptions,$v2."=s" + } + } + } + } + } + if (scalar(@VarOptions)>0) { + $self->{'enable_long_options'} = 1; + } + return @VarOptions; +} + +# @DESCRIPTION : Prints out help for generated long options +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : none +# @RETURNS : a string of text for help output +# @PRIVACY & USE : PUBLIC, Special use case with GetOpt::Long. Must be used as an object instance function +sub additional_options_help { + my $self = shift; + my $vname; + my $vname2; + my $counter = 0; + my $known_vars = $self->{'knownStatusVars'}; + + if ($self->{'enable_long_options'} != 1) { return ''; } + + my $out=" These options are all --long_name= + where specifiers are one or more of: + WARN:threshold - warning alert threshold + CRIT:threshold - critical alert threshold + Threshold is a value (usually numeric) which may have the following prefix: + > - warn if data is above this value (default for numeric values) + < - warn if data is below this value (must be followed by number) + = - warn if data is equal to this value (default for non-numeric values) + ! - warn if data is not equal to this value + Threshold can also be specified as a range in two forms: + num1:num2 - warn if data is outside range i.e. if datanum2 + \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 + ABSENT:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if data is absent + ZERO:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if result is 0 + DISPLAY:YES|NO - Specifies if data should be included in nagios status line output + PERF:YES|NO - Output results as performance data or not (always YES if asked for rate) + NAME: - Change the name to in status and PERF output\n\n"; + + # add more options based on KNOWN_STATUS_VARS array + foreach $vname (keys(%{$known_vars})) { + if (exists($known_vars->{$vname}[3])) { + $counter++; + $out .= ' --'.$vname."=WARN:threshold,CRIT:threshold,\n"; + $out .= " ".$known_vars->{$vname}[3]."\n"; + if ($known_vars->{$vname}[1] eq 'COUNTER' && $self->{'enable_rate_of_change'} eq 1) { + $vname2=$o_rprefix.$vname.$o_rsuffix; + $out .= ' --'.$vname2."=WARN:threshold,CRIT:threshold,\n"; + $out .= " Rate of Change of ".$known_vars->{$vname}[3]."\n"; + } + } + } + if ($counter>0) { return $out; } + return ""; +} + +# @DESCRIPTION : Processes standard options parsing out of them variables to be checked +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - Options data hash from GetOpt::Long +# ARG2 - option --verbose or -v or --debug : undef normally and "" or filename if debug enabled +# ARG3 - option --variables or -a in WL's plugins : comma-separated list of variables to check +# ARG4 - option --warn or -w : comma-separated warning thresholds for variables in ARG3 +# ARG5 - option --crit or -c : comma-separated critical thresholds for variables in ARG3 +# ARG6 - option --perf or -f in WL's plugin: all regular variables should also go to perf data +# ARG7 - option --perfvars or -A in WL's plugins: command-separated list of variables whose data goes to PERF output +# ARG8 - prefix to distinguish rate variables, maybe "" but usually this is "rate_" +# ARG9 - suffix to distinguish rate variables, only if ARG7 is "", otherwise optional and absent +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be used shortly after GetOptions. Must be used as an object instance function +sub options_startprocessing { + my ($self, $Options, $o_verb, $o_variables, $o_warn, $o_crit, $o_perf, $o_perfvars, $o_rprefix, $o_rsuffix) = @_; + + # Copy input parameters to object hash array, set them if not present + $o_rprefix="" if !defined($o_rprefix); + $o_rsuffix="" if !defined($o_rsuffix); + $o_crit="" if !defined($o_crit); + $o_warn="" if !defined($o_warn); + $o_variables="" if !defined($o_variables); + $self->{'o_variables'} = $o_variables; + $self->{'o_perfvars'} = $o_perfvars; + $self->{'o_crit'} = $o_crit; + $self->{'o_warn'} = $o_warn; + $self->{'o_perf'} = $o_perf; + $self->{'o_rprefix'} = $o_rprefix; + $self->{'o_rsuffix'} = $o_rsuffix; + $self->{'verbose'} = $o_verb if defined($o_verb); + # start processing + my $perfVars = $self->{'_perfVars'}; + my $ar_varsL = $self->{'_ar_varsL'}; + my $ar_critLv = $self->{'_ar_critLv'}; + my $ar_warnLv = $self->{'_ar_warnLv'}; + my $known_vars = $self->{'knownStatusVars'}; + $o_rprefix = lc $o_rprefix; + $o_rsuffix = lc $o_rsuffix; + # process o_perfvars option + if (defined($o_perfvars)) { + @{$perfVars} = split( /,/ , lc $o_perfvars ); + if (scalar(@{$perfVars})==0) { + $o_perfvars='*'; + $self->{'o_perfvars'}='*'; + } + if ($o_perfvars eq '*') { + $self->{'all_variables_perf'} = 1; + } + else { + # below loop converts rate variables to internal representation + for (my $i=0; $i[$i] = '&'.$1 if $perfVars->[$i] =~ /^$o_rprefix(.*)$o_rsuffix$/; + } + } + } + if (defined($o_warn) || defined($o_crit) || defined($o_variables)) { + if (defined($o_variables)) { + @{$ar_varsL}=split( /,/ , lc $o_variables ); + if (defined($o_warn)) { + $o_warn.="~" if $o_warn =~ /,$/; + @{$ar_warnLv}=split( /,/ , lc $o_warn ); + } + if (defined($o_crit)) { + $o_crit.="~" if $o_crit =~ /,$/; + @{$ar_critLv}=split( /,/ , lc $o_crit ); + } + } + else { + print "Specifying warning or critical thresholds requires specifying list of variables to be checked\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + # this is a special loop to check stats-variables options such as "connected_clients=WARN:warning,CRIT:critical" + # which are specified as long options (new extended threshold line spec introduced in check_redis and check_memcached) + my ($vname,$vname2) = (undef,undef); + foreach $vname (keys(%{$known_vars})) { + $vname2=$o_rprefix.$vname.$o_rsuffix; + if (exists($known_vars->{$vname}[3])) { + if (exists($Options->{$vname})) { + $self->verb("Option $vname found with spec parameter: ".$Options->{$vname}); + $self->add_thresholds($vname,$Options->{$vname}); + } + if (exists($Options->{$vname2})) { + $self->verb("Rate option $vname2 found with spec parameter: ".$Options->{$vname2}); + $self->add_thresholds('&'.$vname,$Options->{$vname2}); + } + } + } + $self->{'_called_options_startprocessing'}=1; +} + +# @DESCRIPTION : Internal function. Parses and sets thresholds for given list of variables after all options have been processed +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PRIVATE, Must be used as an object instance function +sub _options_setthresholds { + my $self = shift; + + my $perfVars = $self->{'_perfVars'}; + my $ar_varsL = $self->{'_ar_varsL'}; + my $ar_critLv = $self->{'_ar_critLv'}; + my $ar_warnLv = $self->{'_ar_warnLv'}; + my $known_vars = $self->{'knownStatusVars'}; + my $thresholds = $self->{'_thresholds'}; + my ($o_rprefix, $o_rsuffix) = ("", ""); + $o_rprefix = $self->{'o_rprefix'} if exists($self->{'o_rprefix'}); + $o_rsuffix = $self->{'o_rsuffix'} if exists($self->{'o_rsuffix'}); + + if (scalar(@{$ar_warnLv})!=scalar(@{$ar_varsL}) || scalar(@{$ar_critLv})!=scalar(@{$ar_varsL})) { + printf "Number of specified warning levels (%d) and critical levels (%d) must be equal to the number of attributes specified at '-a' (%d). If you need to ignore some attribute do it as ',,'\n", scalar(@{$ar_warnLv}), scalar(@{$ar_critLv}), scalar(@{$ar_varsL}); + $self->verb("Warning Levels: ".join(",",@{$ar_warnLv})); + $self->verb("Critical Levels: ".join(",",@{$ar_critLv})); + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + for (my $i=0; $i[$i] = '&'.$1 if $ar_varsL->[$i] =~ /^$o_rprefix(.*)$o_rsuffix$/; + if ($ar_varsL->[$i] =~ /^&(.*)/) { + if (!defined($self->{'o_prevperf'})) { + print "Calculating rate variable such as ".$ar_varsL->[$i]." requires previous performance data. Please add '-P \$SERVICEPERFDATA\$' to your nagios command line.\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + if (defined($known_vars->{$1}) && $known_vars->{$1}[0] ne 'COUNTER') { + print "$1 is not a COUNTER variable for which rate of change should be calculated\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + if (!exists($thresholds->{$ar_varsL->[$i]})) { + my $warn = $self->parse_threshold($ar_warnLv->[$i]); + my $crit = $self->parse_threshold($ar_critLv->[$i]); + if ($self->threshold_specok($warn,$crit)) { + print "All numeric warning values must be less then critical (or greater then when '<' is used)\n"; + print "Note: to override this check prefix warning value with ^\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + $self->add_thresholds($ar_varsL->[$i], {'WARN'=>$warn,'CRIT'=>$crit} ); + } + } +} + +# @DESCRIPTION : Internal helper function. Finds time when previous performance data was calculated/saved at +# @DEVNOTE : Right now this library and function only supports one previous performance data set, +# but check_snmp_netint plugin supports multiple sets and there the code is more complex, +# As this function originated there, that code is commented out right now. +# @LAST CHANGED : 08-21-12 by WL +# @INPUT : ARG1 - reference to previous performance data hash array. It looks for _ptime variable there. +# ARG2 - string with previous performance time in unix seconds. This may come from separate plugin option. +# @RETURNS : Time in unix seconds frm 1970 or undef if it was not located +# @PRIVACY & USE : PRIVATE, Maybe used directly or as an object instance function. +sub _set_prevtime { + my ($self,$prevperf,$o_prevtime) = _self_args(@_); + my $perfcheck_time; + + if (defined($o_prevtime)) { + # push @prev_time, $o_prevtime; + # $prev_perf{ptime}=$o_prevtime; + $perfcheck_time=$o_prevtime; + } + elsif (defined($prevperf) && defined($prevperf->{'_ptime'})) { + # push @prev_time, $prev_perf{ptime}; + $perfcheck_time=$prevperf->{'_ptime'}; + } + else { + # @prev_time=(); + $perfcheck_time=undef; + } + # numeric sort for timestamp array (this is from lowest time to highiest, i.e. to latest) + # my %ptimes=(); + # $ptimes{$_}=$_ foreach @prev_time; + # @prev_time = sort { $a <=> $b } keys(%ptimes); + return $perfcheck_time; +} + +# @DESCRIPTION : Processes standard options, setting up thresholds based on options that are to be checked +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be called after plugin finished processing its own custom options. Must be used as an object instance function +sub options_finishprocessing { + my $self = shift; + + if (!exists($self->{'_called_options_finishprocessing'})) { + # process previous performance data + my $prevperf = $self->{'_prevPerf'}; + if (defined($self->{'o_prevperf'})) { + if (defined($self->{'o_perf'}) || defined($self->{'o_perfvars'})) { + %{$prevperf}=$self->process_perf($self->{'o_prevperf'}); + $self->{'_perfcheck_time'} = $self->_set_prevtime($prevperf,$self->{'o_prevtime'}); + } + else { + print "--prevperf can only be used with --perf or --perfvars options\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + # set thresholds + $self->_options_setthresholds(); + # prepare data results arrays + my $dataresults = $self->{'_dataresults'}; + my $thresholds = $self->{'_thresholds'}; + $dataresults->{$_} = [undef, 0, 0] foreach(@{$self->{'_allVars'}}); + if (defined($self->{'_perfVars'})) { + foreach(@{$self->{'_perfVars'}}) { + $dataresults->{$_} = [undef, 0, 0] if !exists($dataresults->{$_}); + $thresholds->{$_} = {} if !exists($thresholds->{$_}); + $thresholds->{$_}{'PERF'} = 'YES'; + } + } + # mark as having finished + $self->{'_called_options_finishprocessing'}=1; + } +} + +# @DESCRIPTION : Accessor function for previously saved perfdata +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : ARG1 - varname +# @RETURNS : value of that variable on previous plugin run, undef if not known +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub prev_perf { + my ($self,$var) = @_; + if (defined($self) && defined($self->{'_prevPerf'}{$var})) { + return $self->{'_prevPerf'}{$var}; + } + return undef; +} + +# @DESCRIPTION : Accessor function for exit status code +# @LAST CHANGED : 08-21-12 by WL +# @INPUT : none +# @RETURNS : current expected exit status code +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub statuscode { + my $self = shift; + return $self->{'_statuscode'}; +} + +# @DESCRIPTION : Sets plugin exist status +# @LAST CHANGED : 08-21-12 by WL +# @INPUT : status code string - one of "WARNING", "CRITICAL", "UNKNOWN". +# @RETURNS : 0 on success, 1 if this status code is below level that plugin would exit with and as such it was not set +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub set_statuscode { + my ($self,$newcode) = @_; + + if ($newcode eq 'UNKNOWN') { + $self->{'_statuscode'} = 'UNKNOWN'; + return 0; + } + if ($self->{'_statuscode'} eq 'UNKNOWN') { return 1; } + elsif ($self->{'_statuscode'} eq 'CRITICAL') { + if ($newcode eq 'CRITICAL') { return 0;} + else { return 1; } + } + elsif ($self->{'_statuscode'} eq 'WARNING') { + if ($newcode eq 'CRITICAL') { + $self->{'_statuscode'} ='CRITICAL'; + return 0; + } + elsif ($newcode eq 'WARNING') { return 0; } + else { return 1; } + } + elsif ($self->{'_statuscode'} eq 'OK') { + if ($newcode eq 'CRITICAL' || $newcode eq 'WARNING') { + $self->{'_statuscode'} = $newcode; + return 0; + } + else { return 1; } + } + else { + printf "SYSTEM ERROR: status code $newcode not supported"; + exit $ERRORS{'UNKNOWN'}; + } + return 1; # should never get here +} + +# @DESCRIPTION : This function is called closer to end of the code after plugin retrieved data and +# assigned values to variables. This function checks variables against all thresholds. +# It prepares statusdata and statusinfo and exitcode. +# @LAST CHANGED : 09-03-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be called after variables have values. Must be used as an object instance function +sub main_checkvars { + my $self = shift; + + $self->options_finishprocessing() if !exists($self->{'_called_options_finshprocessing'}); + if (exists($self->{'_called_main_checkvars'})) { return; } + + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self->{'_dataresults'}; + my $allVars = $self->{'_allVars'}; + my $datavars = $self->{'_datavars'}; + + my ($dvar,$avar,$aname,$perf_str,$chk)=(undef,undef,undef,undef,undef); + + # main loop to check for warning & critical thresholds + for (my $i=0;$i[$i]; + if (!defined($datavars->{$avar}) || scalar(@{$datavars->{$avar}})==0) { + if (defined($thresholds->{$avar}{'ABSENT'})) { + $self->set_statuscode($thresholds->{$avar}{'ABSENT'}); + } + else { + $self->set_statuscode("CRITICAL"); + } + $aname = $self->out_name($avar); + $self->addto_statusinfo_output($avar, "$aname data is missing"); + } + foreach $dvar (@{$datavars->{$avar}}) { + $aname = $self->out_name($dvar); + if (defined($dataresults->{$dvar}[0])) { + # main check + if (defined($avar)) { + if ($dataresults->{$dvar}[0] eq 0 && exists($thresholds->{$avar}{'ZERO'})) { + $self->set_statuscode($thresholds->{$avar}{'ZERO'}); + $self->addto_statusinfo_output($dvar, "$aname is zero") if $self->statuscode() ne 'OK'; + } + else { + $chk=undef; + if (exists($thresholds->{$avar}{'CRIT'})) { + $chk = $self->check_threshold($aname,lc $dataresults->{$dvar}[0], $thresholds->{$avar}{'CRIT'}); + if ($chk) { + $self->set_statuscode("CRITICAL"); + $self->addto_statusinfo_output($dvar,$chk); + } + } + if (exists($thresholds->{$avar}{'WARN'}) && (!defined($chk) || !$chk)) { + $chk = $self->check_threshold($aname,lc $dataresults->{$dvar}[0], $thresholds->{$avar}{'WARN'}); + if ($chk) { + $self->set_statuscode("WARNING"); + $self->addto_statusinfo_output($dvar,$chk); + } + } + } + } + # if we did not output to status line yet, do so + $self->addto_statusdata_output($dvar,$aname." is ".$dataresults->{$dvar}[0]); + + # if we were asked to output performance, prepare it but do not output until later + if ((defined($self->{'o_perf'}) && defined($avar) && !exists($thresholds->{$avar}{'PERF'})) || + (exists($thresholds->{$avar}{'PERF'}) && $thresholds->{$avar}{'PERF'} eq 'YES')) { + $perf_str = perf_name($aname).'='.$dataresults->{$dvar}[0]; + $self->set_perfdata($dvar, $perf_str, undef, "IFNOTSET"); # with undef UOM would get added + $dataresults->{$dvar}[2]=0; # this would clear -1 from preset perf data, making it ready for output + # below is where threshold info gets added to perfdata + if ((exists($thresholds->{$avar}{'WARN'}[5]) && $thresholds->{$avar}{'WARN'}[5] ne '') || + (exists($thresholds->{$avar}{'CRIT'}[5]) && $thresholds->{$avar}{'CRIT'}[5] ne '')) { + $perf_str = ';'; + $perf_str .= $thresholds->{$avar}{'WARN'}[5] if exists($thresholds->{$avar}{'WARN'}[5]) && $thresholds->{$avar}{'WARN'}[5] ne ''; + $perf_str .= ';'.$thresholds->{$avar}{'CRIT'}[5] if exists($thresholds->{$avar}{'CRIT'}[5]) && $thresholds->{$avar}{'CRIT'}[5] ne ''; + $self->set_perfdata($dvar, $perf_str, '', "ADD"); + } + } + } + } + } + $self->{'_called_main_checkvars'}=1; + # $statusinfo=trim($statusinfo); + # $statusdata=trim($statusdata); +} + +# @DESCRIPTION : This function is at the end. It prepares PERFOUT for output collecting all perf variables data +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be called after variables have values. Must be used as an object instance function +# Calling this function direcly is optional, its automatically called on 1st call to perfdata() +sub main_perfvars { + my $self = shift; + + my $dataresults = $self->{'_dataresults'}; + my $PERF_OK_STATUS_REGEX = $self->{'perfOKStatusRegex'}; + my $perfVars = $self->{'_perfVars'}; + my $known_vars = $self->{'knownStatusVars'}; + my $datavars = $self->{'_datavars'}; + my $avar; + my $dvar; + + $self->main_checkvars() if !exists($self->{'_called_main_checkvars'}); + if (exists($self->{'_called_main_perfvars'})) { return; } + + for (my $i=0;$i[$i]; + if (!defined($datavars->{$avar}) || scalar(@{$datavars->{$avar}})==0) { + $self->verb("Perfvar: $avar selected for PERFOUT but data not available"); + } + else { + foreach $dvar (@{$datavars->{$avar}}) { + if (defined($dataresults->{$dvar}[0])) { + $self->verb("Perfvar: $dvar ($avar) = ".$dataresults->{$dvar}[0]); + if (!defined($known_vars->{$avar}[1]) || $known_vars->{$avar}[1] =~ /$PERF_OK_STATUS_REGEX/ ) { + $self->addto_perfdata_output($dvar); + } + else { + $self->verb(" -- not adding to perfdata because of it is '".$known_vars->{$avar}[1]."' type variable --"); + } + } + else { + $self->verb("Perfvar: $avar selected for PERFOUT but data not defined"); + } + } + } + } + if (defined($self->{'o_prevperf'})) { + $self->addto_perfdata_output('_ptime', "_ptime=".time(), "REPLACE"); + } + foreach $dvar (keys %{$dataresults}) { + if (defined($dataresults->{$dvar}[3]) && $dataresults->{$dvar}[3] ne '') { + $self->verb("Perfvar (Dataresults Loop): $dvar => ".$dataresults->{$dvar}[3]); + $self->addto_perfdata_output($dvar); + } + } + + $self->{'_called_main_perfvars'}=1; + # $perfdata = trim($perfdata); +} + +# @DESCRIPTION : This function should be called at the very very end, it returns perf data output +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : string of perfdata starting with "|" +# @PRIVACY & USE : PUBLIC, To be called during plugin output. Must be used as an object instance function +sub perfdata { + my $self=shift; + + $self->main_perfvars() if !exists($self->{'_called_main_perfvars'}); + my $perfdata = trim($self->{'_perfdata'}); + if ($perfdata ne '') { + return " | " . $perfdata; + } + return ""; +} + +# @DESCRIPTION : This function is called after data is available and calculates rate variables +# based on current and previous (saved in perfdata) values. +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be called after variables have values. Must be used as an object instance function +sub calculate_ratevars { + my $self = shift; + + my $prev_perf = $self->{'_prevPerf'}; + my $ptime = $self->{'_perfcheck_time'}; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self->{'_dataresults'}; + my $datavars = $self->{'_datavars'}; + my $allVars = $self->{'_allVars'}; + + my ($avar,$dvar,$nvar) = (undef,undef,undef); + my $timenow=time(); + if (defined($self->{'o_prevperf'}) && (defined($self->{'o_perf'}) || defined($self->{'o_perfvars'}))) { + for (my $i=0;$i[$i] =~ /^&(.*)/) { + $avar = $1; + if (defined($datavars->{$avar}) && scalar(@{$datavars->{$avar}})>0) { + foreach $dvar (@{$datavars->{$avar}}) { + $nvar = '&'.$dvar; + # this forces perfdata output if it was not already + if (defined($dataresults->{$dvar}) && $dataresults->{$dvar}[2]<1 && + (!defined($dataresults->{$dvar}[3]) || $dataresults->{$dvar}[3] eq '')) { + $self->set_perfdata($dvar, perf_name($self->out_name($dvar)).'='.$dataresults->{$dvar}[0], undef, "IFNOTSET"); + $self->set_threshold($dvar,'PERF','YES'); + $self->set_threshold($dvar,'SAVED','YES'); # will replace PERF in the future + } + if (defined($prev_perf->{$dvar}) && defined($ptime)) { + $self->add_data($nvar, + sprintf("%.2f",($dataresults->{$dvar}[0]-$prev_perf->{$dvar})/($timenow-$ptime))); + $self->verb("Calculating Rate of Change for $dvar ($avar) : ".$nvar."=". $self->vardata($nvar)); + } + } + } + } + } + } +} + +} +##################################### END OF THE LIBRARY FUNCTIONS ######################################### + +# parse command line options +sub check_options { + my $opt; + my $nlib = shift; + my %Options = (); + Getopt::Long::Configure("bundling"); + GetOptions(\%Options, + 'v:s' => \$o_verb, 'verbose:s' => \$o_verb, "debug:s" => \$o_verb, + 'h' => \$o_help, 'help' => \$o_help, + 'H:s' => \$o_host, 'hostname:s' => \$o_host, + 'p:i' => \$o_port, 'port:i' => \$o_port, + 't:i' => \$o_timeout, 'timeout:i' => \$o_timeout, + 'V' => \$o_version, 'version' => \$o_version, + 's:s' => \$o_mdsopt, 'stat:s' => \$o_mdsopt, + 'a:s' => \$o_variables, 'variables:s' => \$o_variables, + 'c:s' => \$o_crit, 'critical:s' => \$o_crit, + 'w:s' => \$o_warn, 'warn:s' => \$o_warn, + 'f:s' => \$o_perf, 'perfparse:s' => \$o_perf, + 'A:s' => \$o_perfvars, 'perfvars:s' => \$o_perfvars, + 'T:s' => \$o_timecheck, 'response_time:s' => \$o_timecheck, + 'R:s' => \$o_hitrate, 'hitrate:s' => \$o_hitrate, + 'U:s' => \$o_utilsize, 'utilization:s' => \$o_utilsize, + 'P:s' => \$o_prevperf, 'prev_perfdata:s' => \$o_prevperf, + 'E:s' => \$o_prevtime, 'prev_checktime:s'=> \$o_prevtime, + 'o=s' => \@o_check, 'check|option=s' => \@o_check, + 'rate_label:s' => \$o_ratelabel, + map { ($_) } $nlib->additional_options_list() + ); + + ($o_rprefix,$o_rsuffix)=split(/,/,$o_ratelabel) if defined($o_ratelabel) && $o_ratelabel ne ''; + + # Standard nagios plugin required options + if (defined($o_help)) { help($nlib); exit $ERRORS{"UNKNOWN"} }; + if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"} }; + + # access/connection options + if (!defined($o_host)) { print "Please specify hostname (-H)\n"; print_usage(); exit $ERRORS{"UNKNOWN"}; } + @o_mdslist=split(/,/, lc $o_mdsopt) if defined($o_mdsopt) && $o_mdsopt ne ''; + + # now start options processing in the library + $nlib->options_startprocessing(\%Options, $o_verb, $o_variables, $o_warn, $o_crit, $o_perf, $o_perfvars, $o_rprefix, $o_rsuffix); + + # additional variables/options calculated and added by this plugin + if (defined($o_timecheck) && $o_timecheck ne '') { + $nlib->verb("Processing timecheck thresholds: $o_timecheck"); + $nlib->add_thresholds('response_time',$o_timecheck); + } + if (defined($o_hitrate) && $o_hitrate ne '') { + $nlib->verb("Processing hitrate thresholds: $o_hitrate"); + $nlib->add_thresholds('hitrate',$o_hitrate); + $nlib->set_threshold('hitrate','ZERO','OK') if !defined($nlib->get_threshold('hitrate','ZERO')); # except case of hitrate=0, don't remember why I added it + } + if (defined($o_utilsize) && $o_utilsize ne '') { + $nlib->verb("Processing memory utilization thresholds: $o_utilsize"); + $nlib->add_thresholds('utilization',$o_utilsize); + } + # general check option, allows to specify everything, can be repeated more than once + foreach $opt (@o_check) { + $nlib->verb("Processing general check option: ".$opt); + $nlib->add_thresholds(undef,$opt); + } + + # finish it up + $nlib->options_finishprocessing(); + + $HOSTNAME = $o_host if defined($o_host); + $PORT = $o_port if defined($o_port); + $TIMEOUT = $o_timeout if defined($o_timeout); +} + +# Get the alarm signal (just in case nagios screws up) +$SIG{'ALRM'} = sub { + $memd->disconnect_all if defined($memd); + print ("ERROR: Alarm signal (Nagios time-out)\n"); + exit $ERRORS{"UNKNOWN"}; +}; + +########## MAIN ####### + +my $nlib = Naglio->lib_init('plugin_name' => 'check_memcached.pl', + 'plugins_authors' => 'William Leibzon', + 'plugin_description' => 'Memcached Monitoring Plugin for Nagios', + 'usage_function' => \&print_usage, + 'enable_long_options' => 1, + 'enable_rate_of_change' => 1); +$nlib->set_knownvars(\%KNOWN_STATUS_VARS, $PERF_OK_STATUS_REGEX); + +check_options($nlib); +$nlib->verb("check_memcached.pl plugin version ".$Version); + +# Check global timeout if plugin screws up +if (defined($TIMEOUT)) { + $nlib->verb("Alarm at $TIMEOUT"); + alarm($TIMEOUT); +} +else { + $nlib->verb("no timeout defined : $o_timeout + 10"); + alarm ($o_timeout+10); +} + +my $sock = new IO::Socket::INET( + PeerAddr => $HOSTNAME, + PeerPort => $PORT, + Proto => 'tcp', +); +if (!$sock) { + print "CRITICAL ERROR - Can not connect to '$HOSTNAME' on port $PORT\n"; + exit $ERRORS{'CRITICAL'}; +} +close($sock); + +my $start_time; +my $dsn = $HOSTNAME.":".$PORT; +$nlib->verb("connecting to $dsn"); +$start_time = [ Time::HiRes::gettimeofday() ] if defined($o_timecheck); +$memd = new Cache::Memcached { 'servers' => [ $dsn ] }; + +if (!$memd) { + print "CRITICAL ERROR - Memcache error connecting to '$HOSTNAME' on port $PORT\n"; + exit $ERRORS{'CRITICAL'}; +} + +# This returns hashref of various statistics data on memcached +# Basically results of 'stats', 'stats malloc', 'stats sizes', etc. +$nlib->verb("Requesting statistics on: ".join(',',@o_mdslist)); +my $stats = $memd->stats(\@o_mdslist); + +# some more variables for processing of the results +my $memdversion = ""; +my $vstat; +my $vnam; +my $vval; +my $dnam; +my $avar; + +# load all data into internal hash array +foreach $vstat (keys %{$stats->{'hosts'}{$dsn}}) { + $nlib->verb("Stats Data: vstat=$vstat reftype=".ref($stats->{'hosts'}{$dsn}{$vstat})); + if (defined($stats->{'hosts'}{$dsn}{$vstat})) { + if (ref($stats->{'hosts'}{$dsn}{$vstat}) eq 'HASH') { + foreach $vnam (keys %{$stats->{'hosts'}{$dsn}{$vstat}}) { + $vval = $stats->{'hosts'}{$dsn}{$vstat}{$vnam}; + if (defined($vval)) { + $nlib->verb("Stats Data: $vstat($vnam) = $vval"); + if (exists($KNOWN_STATUS_VARS{$vnam}) && $KNOWN_STATUS_VARS{$vnam}[1] eq 'VERSION') { + $memdversion = $vval; + } + else { + if ($vstat eq 'misc' || $vstat eq 'malloc') { + $dnam = $vnam; + } + else { + $dnam = $vstat.'_'.$vnam; + } + $nlib->add_data($dnam, $vval); + } + } + else { + $nlib->verb("Stats Data: $vstat($vnam) = NULL"); + } + } + } + elsif ($stats->{'hosts'}{$dsn}{$vstat} =~ /ERROR/) { + $nlib->verb("Memcached Perl Library ERROR getting stats for $vstat"); + } + else { + $vval = $stats->{'hosts'}{$dsn}{$vstat}; + chop($vval); + my @lines = split("\n",$vval); + my $count=0; + foreach my $ln (@lines) { + $count++; + if ($ln =~ /STAT\s+(.*)\s+(\d+)/) { + $vval = $2; + $dnam = $1; + $dnam =~ s/\:/_/g; + $dnam = $vstat.'_'.$dnam if $dnam !~ /^$vstat/; + } + else { + $dnam = $vstat."_".$count; + $vval = $ln; + $vval =~ s/\s/_/g; + } + $nlib->verb("Stats Data: $vstat($dnam) = $vval"); + $nlib->add_data($dnam, $vval); + } + } + } +} +$memd->disconnect_all; + +# Response Time +if (defined($o_timecheck)) { + $nlib->add_data('response_time',Time::HiRes::tv_interval($start_time)); + $nlib->addto_statusdata_output('response_time',sprintf("response in %.3fs",$nlib->vardata('response_time'))); + if (defined($o_perf)) { + $nlib->set_perfdata('response_time','response_time='.$nlib->vardata('response_time'),'s'); + } +} + +# calculate rate variables +$nlib->calculate_ratevars(); + +# Memory Use Utilization +my $bytes = $nlib->vardata('bytes'); +my $maxbytes = $nlib->vardata('limit_maxbytes'); +my $utilization = 0; +if (defined($o_utilsize) && defined($bytes) && defined($maxbytes)) { + if (defined($maxbytes) && $maxbytes!=0) { + $utilization = $bytes / $maxbytes * 100; + } + $nlib->add_data('utilization',$utilization); + $nlib->addto_statusdata_output('utilization',sprintf(" in use %.2f%% of space", $utilization)); + if (defined($o_perf)) { + $nlib->set_perfdata('utilization',sprintf("utilization=%.5f", $utilization), '%'); + } +} + +# CPU Use - Converts floating seconds to integer ms +if (defined($nlib->vardata('rusage_user'))) { + $nlib->add_data('rusage_user_ms',int($nlib->vardata('rusage_user')*100+0.5)); +} +if (defined($nlib->vardata('rusage_system'))) { + $nlib->add_data('rusage_system_ms',int($nlib->vardata('rusage_system')*100+0.5)); +} + +# Hitrate +my $hits_total=0; +my $hitrate=0; +my $hitrate_all=0; +my $hits_hits = $nlib->vardata('get_hits'); +my $get_misses = $nlib->vardata('get_misses'); +if (defined($o_hitrate) && defined($get_misses) && defined($hits_hits)) { + if (defined($o_prevperf) && defined($o_perf)) { + $nlib->set_perfdata('get_misses','get_misses='.$get_misses,'c'); + $nlib->set_perfdata('get_hits','get_hits='.$hits_hits,'c'); + } + $hits_total = $hits_hits + $get_misses; + $nlib->verb("Calculating Hitrate : total=".$hits_total." hits=".$hits_hits); + if (defined($hits_hits) && defined($nlib->prev_perf('get_hits')) && defined($nlib->prev_perf('get_misses')) && $hits_hits > $nlib->prev_perf('get_hits')) { + $hitrate_all = $hits_hits/$hits_total*100 if $hits_total!=0; + $hits_hits -= $nlib->prev_perf('get_hits'); + $hits_total -= $nlib->prev_perf('get_misses'); + $hits_total -= $nlib->prev_perf('get_hits'); + $nlib->verb("Calculating Hitrate. Adjusted based on previous values. total=".$hits_total." hits=".$hits_hits); + } + if (defined($hits_hits)) { + if ($hits_total!=0) { + $hitrate= sprintf("%.4f", $hits_hits/$hits_total*100); + } + $nlib->add_data('hitrate',$hitrate); + my $sdata .= sprintf(" hitrate is %.2f%%", $hitrate); + $sdata .= sprintf(" (%.2f%% from launch)", $hitrate_all) if ($hitrate_all!=0); + $nlib->addto_statusdata_output('hitrate',$sdata); + if (defined($o_perf)) { + $nlib->set_perfdata('hitrate',"hitrate=$hitrate",'%'); + } + } +} + +# Check thresholds in all variables and prepare status and performance data for output +$nlib->main_checkvars(); +$nlib->main_perfvars(); + +# now output the results +print "MEMCACHE "; +print $nlib->statuscode() .': '. $nlib->statusinfo(); +print " - " if $nlib->statusinfo(); +# print "MEMCACHED " . $memdversion . ' on ' . $HOSTNAME. ':'. $PORT ' is '. $statuscode . $statusinfo; +print "memcached " . $memdversion . ' on ' . $HOSTNAME. ':'. $PORT; +print ', up '.$nlib->uptime_info($nlib->vardata('uptime')) if defined($nlib->vardata('uptime')); +print " - " . $nlib->statusdata() if $nlib->statusdata(); +print $nlib->perfdata(); +print "\n"; + +# end exit +exit $ERRORS{$nlib->statuscode()}; diff --git a/memcached/handlers/main.yml b/memcached/handlers/main.yml index 4514db94..136c39d7 100644 --- a/memcached/handlers/main.yml +++ b/memcached/handlers/main.yml @@ -8,3 +8,8 @@ service: name: munin-node state: restarted + +- name: restart nagios-nrpe-server + service: + name: nagios-nrpe-server + state: restarted diff --git a/memcached/tasks/main.yml b/memcached/tasks/main.yml index b21142cd..083c0134 100644 --- a/memcached/tasks/main.yml +++ b/memcached/tasks/main.yml @@ -23,3 +23,4 @@ - memcached - include: munin.yml +- include: nrpe.yml diff --git a/memcached/tasks/nrpe.yml b/memcached/tasks/nrpe.yml new file mode 100644 index 00000000..139a3a10 --- /dev/null +++ b/memcached/tasks/nrpe.yml @@ -0,0 +1,26 @@ +--- +- name: Is nrpe present ? + stat: + path: /etc/nagios/nrpe.d/evolix.cfg + register: nrpe_evolix_config + +- block: + - name: Install dependencies + apt: + name: libcache-memcached-perl + + - name: Copy Nagios check for memcached + copy: + src: check_memcached.pl + dest: /usr/local/lib/nagios/plugins/ + mode: "0755" + + - name: Add NRPE check + lineinfile: + name: /etc/nagios/nrpe.d/evolix.cfg + regexp: '^command\[check_memcached\]=' + line: 'command[check_memcached]=/usr/local/lib/nagios/plugins/check_memcached.pl -H 127.0.0.1' + notify: restart nagios-nrpe-server + + when: nrpe_evolix_config.stat.exists + diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml index 4f82138d..a6eaa2fc 100644 --- a/minifirewall/defaults/main.yml +++ b/minifirewall/defaults/main.yml @@ -25,3 +25,5 @@ minifirewall_private_ports_udp: [] minifirewall_autostart: "no" evomaintenance_hosts: [] + +nagios_plugins_directory: "/usr/local/lib/nagios/plugins" diff --git a/minifirewall/files/check_minifirewall b/minifirewall/files/check_minifirewall new file mode 100644 index 00000000..632f3e8a --- /dev/null +++ b/minifirewall/files/check_minifirewall @@ -0,0 +1,78 @@ +#!/bin/sh + +is_alert5_enabled() { + # It's not very clear how to reliably detect if a SysVinit script + # wrapped in a systemd unit is enabled or not. + # Even when the script is not started in any run level, systemd says "active". + # So we test the SysVinit script path: + # if present, we test for an rc2.d symlink + # if missing, we ask systemd if a unit is active or not. + if test -f /etc/init.d/alert5; then + test -f /etc/rc2.d/S*alert5 + else + systemctl is-active alert5 | grep -q "^active$" + fi +} + +is_minifirewall_enabled() { + # TODO: instead of nested conditionals, we could loop with many possible paths + # and grep the first found, or error if none is found + if test -f /etc/rc2.d/S*alert5; then + grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 + else + if test -f /usr/share/scripts/alert5.sh; then + grep -q "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh + else + return_critical "No Alert5 scripts has been found." + fi + fi +} + +is_minifirewall_started() { + if test -x /usr/share/scripts/minifirewall_status; then + /usr/share/scripts/minifirewall_status > /dev/null + else + /sbin/iptables -L -n | grep -q -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$" + fi +} + +return_critical() { + echo "CRITICAL: $1" + exit 2 +} + +return_warning() { + echo "WARNING: $1" + exit 1 +} + +return_ok() { + echo "OK: $1" + exit 0 +} + +main() { + if is_alert5_enabled; then + if is_minifirewall_enabled; then + if is_minifirewall_started; then + return_ok "Minifirewall is started." + else + return_critical "Minifirewall is not started." + fi + else + if is_minifirewall_started; then + return_warning "Minifirewall is started, but disabled in alert5." + else + return_ok "Minifirewall is not started, but disabled in alert5." + fi + fi + else + if is_minifirewall_started; then + return_warning "Minifirewall is started, but Alert5 script is not enabled." + else + return_ok "Minifirewall is not started and Alert5 script is not enabled." + fi + fi +} + +main diff --git a/minifirewall/files/minifirewall_status b/minifirewall/files/minifirewall_status new file mode 100644 index 00000000..7bf09285 --- /dev/null +++ b/minifirewall/files/minifirewall_status @@ -0,0 +1,16 @@ +#!/bin/sh + +is_started() { + /sbin/iptables -L -n \ + | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$" +} +return_started() { + echo "started" + exit 0 +} +return_stopped() { + echo "stopped" + exit 1 +} + +is_started && return_started || return_stopped diff --git a/minifirewall/handlers/main.yml b/minifirewall/handlers/main.yml new file mode 100644 index 00000000..5ba1926c --- /dev/null +++ b/minifirewall/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: restart nagios-nrpe-server + service: + name: nagios-nrpe-server + state: restarted diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml index 851d1917..1e135780 100644 --- a/minifirewall/tasks/main.yml +++ b/minifirewall/tasks/main.yml @@ -4,6 +4,8 @@ - include: config.yml +- include: nrpe.yml + - include: activate.yml - include: tail.yml diff --git a/minifirewall/tasks/nrpe.yml b/minifirewall/tasks/nrpe.yml new file mode 100644 index 00000000..3893e5c9 --- /dev/null +++ b/minifirewall/tasks/nrpe.yml @@ -0,0 +1,65 @@ +--- + +- include_role: + name: remount-usr + +- name: /usr/share/scripts exists + file: + dest: /usr/share/scripts + mode: "0700" + owner: root + group: root + state: directory + +- name: minifirewall_status is installed + copy: + src: minifirewall_status + dest: /usr/share/scripts/minifirewall_status + force: no + mode: "0700" + owner: root + group: root + +- name: /usr/local/lib/nagios/plugins/ exists + file: + dest: "{{ nagios_plugins_directory }}" + mode: "02755" + owner: root + group: staff + state: directory + +- name: check_minifirewall is installed + copy: + src: check_minifirewall + dest: "{{ nagios_plugins_directory }}/check_minifirewall" + force: no + mode: "0755" + owner: root + group: staff + +- name: Is NRPE installed? + stat: + path: /etc/nagios/nrpe.d/evolix.cfg + register: nrpe_evolix_cfg + +- name: check_minifirewall is available for NRPE + lineinfile: + dest: /etc/nagios/nrpe.d/evolix.cfg + regexp: 'command\[check_minifirewall\]' + line: 'command[check_minifirewall]=sudo {{ nagios_plugins_directory }}/check_minifirewall' + notify: restart nagios-nrpe-server + when: nrpe_evolix_cfg.stat.exists + +- name: Is evolinux sudoers installed? + stat: + path: /etc/sudoers.d/evolinux + register: sudoers_evolinux + +- name: sudo without password for nagios + lineinfile: + dest: /etc/sudoers.d/evolinux + regexp: 'check_minifirewall' + line: 'nagios ALL = NOPASSWD: {{ nagios_plugins_directory }}/check_minifirewall' + insertafter: '^nagios' + validate: "visudo -cf %s" + when: sudoers_evolinux.stat.exists diff --git a/mongodb/README.md b/mongodb/README.md index 5362827c..e876fe7c 100644 --- a/mongodb/README.md +++ b/mongodb/README.md @@ -12,5 +12,6 @@ Everything is in the `tasks/main.yml` file. * `mongodb_port`: port to listen to (default: `27017`) * `mongodb_bind`: IP to bind to (default: `127.0.0.1`) +* `mongodb_force_config`: force copy the configuration (default: `false`) The full list of variables (with default values) can be found in `defaults/main.yml`. diff --git a/mongodb/defaults/main.yml b/mongodb/defaults/main.yml index 273db2ab..ec255349 100644 --- a/mongodb/defaults/main.yml +++ b/mongodb/defaults/main.yml @@ -2,3 +2,7 @@ mongodb_port: 27017 mongodb_bind: 127.0.0.1 + +# Warning: config must not be overwritten by default +# otherwise it can disable important settings, like authorization :/ +mongodb_force_config: False diff --git a/mongodb/tasks/main_jessie.yml b/mongodb/tasks/main_jessie.yml index 220ad3c5..0cec9f2c 100644 --- a/mongodb/tasks/main_jessie.yml +++ b/mongodb/tasks/main_jessie.yml @@ -15,6 +15,7 @@ - name: Install packages apt: name: mongodb-org + allow_unauthenticated: yes state: installed - name: install dependency for monitoring @@ -26,8 +27,7 @@ template: src: mongod_jessie.conf.j2 dest: "/etc/mongod.conf" - force: yes - backup: no + force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}" notify: restart mongod - name: Configure logrotate diff --git a/mongodb/tasks/main_stretch.yml b/mongodb/tasks/main_stretch.yml index 8674455d..3f553c41 100644 --- a/mongodb/tasks/main_stretch.yml +++ b/mongodb/tasks/main_stretch.yml @@ -17,8 +17,7 @@ template: src: mongodb_stretch.conf.j2 dest: "/etc/mongodb.conf" - force: yes - backup: no + force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}" notify: restart mongodb - name: enable service @@ -29,6 +28,12 @@ - name: Configure logrotate template: src: logrotate_stretch.j2 - dest: /etc/logrotate.d/mongodb + dest: /etc/logrotate.d/mongodb-server force: yes backup: no + +- name: disable previous logrotate + command: mv /etc/logrotate.d/mongodb /etc/logrotate.d/mongodb.disabled + args: + removes: /etc/logrotate.d/mongodb + creates: /etc/logrotate.d/mongodb.disabled diff --git a/munin/tasks/main.yml b/munin/tasks/main.yml index cec24e62..ae1644fe 100644 --- a/munin/tasks/main.yml +++ b/munin/tasks/main.yml @@ -57,6 +57,9 @@ - meminfo - netstat_multi - tcp + - postfix_mailqueue + - postfix_mailstats + - postfix_mailvolume notify: restart munin-node tags: - munin diff --git a/mysql-oracle/.kitchen.yml b/mysql-oracle/.kitchen.yml new file mode 100644 index 00000000..b21cc3db --- /dev/null +++ b/mysql-oracle/.kitchen.yml @@ -0,0 +1,28 @@ +--- +driver: + name: docker + privileged: true + use_sudo: false + +provisioner: + name: ansible_playbook + hosts: test-kitchen + roles_path: ../ + ansible_verbose: true + require_ansible_source: false + require_chef_for_busser: false + idempotency_test: true + +platforms: + - name: debian + driver_config: + image: evolix/ansible:2.2.1 + +suites: + - name: default + provisioner: + name: ansible_playbook + playbook: ./tests/test.yml + +transport: + max_ssh_sessions: 6 diff --git a/mysql-oracle/README.md b/mysql-oracle/README.md new file mode 100644 index 00000000..5d09720e --- /dev/null +++ b/mysql-oracle/README.md @@ -0,0 +1,40 @@ +# mysql + +Install MySQL (from Oracle) + +## Tasks + +Tasks are extracted in several files, included in `tasks/main.yml` : + +* `packages.yml` : packages installation ; +* `users.yml` : replacement of `root` user by `mysqladmin` user ; +* `config.yml` : configurations ; +* `datadir.yml` : data directory customization ; +* `tmpdir.yml` : temporary directory customization ; +* `nrpe.yml` : `nrpe` user for Nagios checks ; +* `munin.yml` : Munin plugins ; +* `log2mail.yml` : log2mail patterns ; +* `utils.yml` : useful tools. + +## Available variables + +* `mysql_replace_root_with_mysqladmin`: switch from `root` to `mysqladmin` user or not ; +* `mysql_thread_cache_size`: number of threads for the cache ; +* `mysql_innodb_buffer_pool_size`: amount of RAM dedicated to InnoDB ; +* `mysql_custom_datadir`: custom datadir +* `mysql_custom_tmpdir`: custom tmpdir. +* `general_alert_email`: email address to send various alert messages (default: `root@localhost`). +* `log2mail_alert_email`: email address to send Log2mail messages to (default: `general_alert_email`). +* `general_scripts_dir`: general directory for scripts installation (default: `/usr/local/bin`). +* `mysql_scripts_dir`: email address to send Log2mail messages to (default: `general_scripts_dir`). +* `mysql_force_new_nrpe_password` : change the password for NRPE even if it exists already (default: `False`). + +NB : changing the _datadir_ location can be done multiple times, as long as it is not restored to the default initial location, (because a symlink is created and can't be switched back, yet). + +## Misc + +We use the `mysql-apt-config` package from Oracle to configure APT sources. It is used right from the role since there is no apparent stable URL to download it from Oracle servers. We should verify from time to time if a new version is available to update the .deb in the role. + +The MySQL debian package made by Oracle doesn't work with systemd out of the box. We've used the `mysql-systemd-start` script and the systemd unit made by Debian for the "mysql-5.7" package (currently only available for Sid). + +On Stretch, "mytop" is not packages anymore (only provided by "mariadb-client-10.1"). We're using the version from the "mytop" package (currently only available for Sid). diff --git a/mysql-oracle/defaults/main.yml b/mysql-oracle/defaults/main.yml new file mode 100644 index 00000000..e79fe036 --- /dev/null +++ b/mysql-oracle/defaults/main.yml @@ -0,0 +1,22 @@ +--- +general_alert_email: "root@localhost" +log2mail_alert_email: Null + +general_scripts_dir: "/usr/share/scripts" +mysql_scripts_dir: Null + +mysql_replace_root_with_mysqladmin: True + +mysql_custom_datadir: '' +mysql_custom_tmpdir: '' + +mysql_thread_cache_size: '{{ ansible_processor_cores }}' +mysql_innodb_buffer_pool_size: '{{ (ansible_memtotal_mb * 0.3) | int }}M' + +mysql_cron_optimize: True +mysql_cron_optimize_frequency: weekly + +mysql_cron_mysqltuner: True +mysql_cron_mysqltuner_frequency: monthly + +mysql_force_new_nrpe_password: False diff --git a/mysql-oracle/files/debian/mysql-server-5.7.mysql.service b/mysql-oracle/files/debian/mysql-server-5.7.mysql.service new file mode 100644 index 00000000..258d7f57 --- /dev/null +++ b/mysql-oracle/files/debian/mysql-server-5.7.mysql.service @@ -0,0 +1,22 @@ +# MySQL systemd service file + +[Unit] +Description=MySQL Community Server +After=network.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=forking +User=mysql +Group=mysql +PIDFile=/run/mysqld/mysqld.pid +PermissionsStartOnly=true +ExecStartPre=/usr/share/mysql/mysql-systemd-start pre +ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/run/mysqld/mysqld.pid +TimeoutSec=600 +Restart=on-failure +RuntimeDirectory=mysqld +RuntimeDirectoryMode=755 +LimitNOFILE=5000 diff --git a/mysql-oracle/files/debian/mysql-systemd-start b/mysql-oracle/files/debian/mysql-systemd-start new file mode 100755 index 00000000..946efb51 --- /dev/null +++ b/mysql-oracle/files/debian/mysql-systemd-start @@ -0,0 +1,56 @@ +#!/bin/bash +# +# Scripts to run by MySQL systemd service +# +# Needed argument: pre +# +# pre mode : try to perform sanity check for configuration, log, data + +# Read a config option from mysql. Note that this will only work if a config +# file actually specifies the option, so it's important to specify a default +# $1 is application (e.g. mysqld for server) +# $2 is option +# $3 is default value used if no config value is found +get_mysql_option() { + result=$(my_print_defaults "$1" | sed -n "s/^--$2=//p" | tail -n 1) + if [ -z "$result" ]; + then + result="$3" + fi + echo "$result" +} +sanity () { + if [ ! -r /etc/mysql/my.cnf ]; then + echo "MySQL configuration not found at /etc/mysql/my.cnf. Please create one." + exit 1 + fi + datadir=$(get_mysql_option mysqld datadir "/var/lib/mysql") + if [ ! -d "${datadir}" ] && [ ! -L "${datadir}" ]; then + echo "MySQL data dir not found at ${datadir}. Please create one." + exit 1 + fi + + if [ ! -d "${datadir}/mysql" ] && [ ! -L "${datadir}/mysql" ]; then + echo "MySQL system database not found in ${datadir}. Please run mysqld --initialize." + exit 1 + fi + + # Do a test start to make sure there are no configuration issues or similar + # mysqld --verbose --help will output a full listing of settings and plugins. + # To do so it needs to initialize the database, so it can be used as a test + # for whether or not the server can start. We redirect stdout to /dev/null so + # only the error messages are left. + result=0 + output=$(mysqld --verbose --help --innodb-read-only 2>&1 > /dev/null) || result=$? + if [ ! "$result" = "0" ]; then + echo "ERROR: Unable to start MySQL server:" >&2 + echo "$output" >&2 + echo "Please take a look at https://wiki.debian.org/Teams/MySQL/FAQ for tips on fixing common upgrade issues." >&2 + echo "Once the problem is resolved, restart the service." >&2 + exit 1 + fi +} + +case $1 in + "pre") sanity ;; +esac diff --git a/mysql-oracle/files/evolinux-defaults.cnf b/mysql-oracle/files/evolinux-defaults.cnf new file mode 100644 index 00000000..395ccac4 --- /dev/null +++ b/mysql-oracle/files/evolinux-defaults.cnf @@ -0,0 +1,62 @@ +[mysqld] + +###### Connexions +# Maximum de connexions concurrentes (defaut = 100)... provoque un "Too many connections" +max_connections = 250 +# Maximum de connexions en attente en cas de max_connections atteint (defaut = 50) +back_log = 100 +# Maximum d'erreurs avant de blacklister un hote +max_connect_errors = 10 +# Loguer les requetes trop longues +slow_query_log = 1 +slow_query_log_file = /var/log/mysql/mysql-slow.log +long_query_time = 10 + +###### Tailles +# Taille reservee au buffer des index MyIsam +# A ajuster selon les resultats +key_buffer_size = 512M +# Taille max des paquets envoyés/reçus … provoque un "Packet too large" +max_allowed_packet = 64M +# Taille de la memoire reserve pour un thread +thread_stack = 192K +# A mettre le nombre de threads CPU alloues pour MySQL +thread_cache_size = 1 +# Taille maximum des tables de type MEMORY +max_heap_table_size = 64M + +###### Cache +# max_connections x nbre max de tables dans une jointure (defaut = 64) +table_open_cache = 4096 +table_definition_cache = 4096 +# Taille max des requetes cachees (defaut = 1M) +query_cache_limit = 8M +# Taille reservee pour le cache (defaut = 0) +query_cache_size = 256M +# Type de requetes a cacher (defaut = 1 : tout peut etre cache) +query_cache_type = 1 +# Cache tables +max_heap_table_size = 128M +tmp_table_size = 128M + +###### InnoDB +# Si InnoDB n'est pas utilise... le desactiver +#skip-innodb +# En general, il est plus optimum d'avoir un fichier par table +innodb_file_per_table +# Taille memoire allouee pour le cache des datas et index +# A ajuster en fonction de sa RAM (si serveur dedie a MySQL, on peut aller jusqu'a 80%) +innodb_buffer_pool_size = 512M +# Nombre maximum de threads systeme concurents +innodb_thread_concurrency = 16 +# Ajuste la valeur des logs InnoDB +# (attention, il faut ensuite stopper MySQL et effacer les fichiers ib_logfile*) +#innodb_log_file_size = 128M +#innodb_log_files_in_group = 2 + +###### Misc +# charset utf8 par defaut +character-set-server=utf8 +collation-server=utf8_general_ci +# Patch MySQL 5.5.53 +secure-file-priv = "" diff --git a/mysql-oracle/files/my-add.sh b/mysql-oracle/files/my-add.sh new file mode 100755 index 00000000..b649a209 --- /dev/null +++ b/mysql-oracle/files/my-add.sh @@ -0,0 +1,160 @@ +#!/bin/sh + +usage() { + echo "Usage: $0 [ -d -u [-p ] [-f] ]" +} + +interactive() { + echo "Add an account / database in MySQL" + echo "Enter the name of the new database" + read db + + if ( is_db $db ); then + echo "Database $db already exist !" >&2 + exit 1 + fi + + echo "Enter account with all right on this new database" + echo "(you can use existant account)" + read user + + if ( is_user $user ); then + echo "Warning, account already exists, update password ? [N/y]" + read confirm + if [ "${confirm}" = "y" ] || [ "${confirm}" = "Y" ]; then + echo -n "Enter new password for existant MySQL account (empty for random): " + read password + if [ -z "${password}" ]; then + password=$(apg -n1) + fi + fi + else + echo -n "Enter new password for new MySQL account (empty for random): " + read password + if [ -z "${password}" ]; then + password=$(apg -n1) + fi + fi + mysql_add $db $user $password +} + +cli() { + while getopts ":d:u:p:f" opt; do + case "$opt" in + d) + db=$OPTARG + ;; + u) + user=$OPTARG + ;; + p) + password=$OPTARG + ;; + f) + force="true" + ;; + *) + usage + exit 1 + ;; + esac + done + shift $((OPTIND-1)) + + if [ -z "${db}" ]; then + usage + exit 1 + fi + + if [ -z "${user}" ]; then + usage + exit 1 + fi + + if ( is_db $db ); then + echo "Database $db already exist !" >&2 + exit 1 + fi + + if ( is_user $user ); then + if [ -z "${force}" ]; then + if [ -n "${password}" ]; then + echo "User $user already exist, update password with -f !" >&2 + exit 1 + fi + else + if [ -z "${password}" ]; then + password=$(apg -n1) + fi + fi + else + if [ -z "${password}" ]; then + password=$(apg -n1) + fi + fi + mysql_add $db $user $password >/dev/null +} + +is_db() { + db=$1 + mysql mysql -Ne "SHOW DATABASES;"|grep -q "^${db}$" + exit $? +} + +is_user() { + user=$1 + nb_user=$(mysql mysql -Ne "SELECT COUNT(User) from user WHERE User='${user}';") + if [ $nb_user -gt 0 ]; then + exit 0 + else + exit 1 + fi +} + +mysql_add() { + db=$1 + user=$2 + password=$3 + + echo -n "Create '${db}' database ..." + mysql -e "CREATE DATABASE ${db};" + if [ $? -eq 0 ]; then + echo "OK" + else + echo "KO" + exit 1 + fi + if [ -z "${password}" ]; then + password=$(mysql mysql -Ne "SELECT Password FROM user WHERE User='${user}' AND Host='localhost';") + echo -n "Grant '${user}' to '${db}' database ..." + mysql -e "GRANT ALL PRIVILEGES ON ${db}.* TO ${user}@localhost IDENTIFIED BY PASSWORD '${password}';" + grant=$? + else + echo -n "Grant '${user}' to '${db}' database with password '${password}' ..." + mysql -e "GRANT ALL PRIVILEGES ON ${db}.* TO ${user}@localhost IDENTIFIED BY '${password}';" + grant=$? + fi + if [ $grant -eq 0 ]; then + echo "OK" + else + echo "KO" + exit 1 + fi + echo -n "Flush Mysql privileges ..." + mysql -e "FLUSH PRIVILEGES;" + if [ $? -eq 0 ]; then + echo "OK" + else + echo "KO" + exit 1 + fi +} + +main() { + if [ $# = 0 ]; then + interactive + else + cli $@ + fi +} +main $@ diff --git a/mysql-oracle/files/mysql-apt-config_0.8.9-1_all.deb b/mysql-oracle/files/mysql-apt-config_0.8.9-1_all.deb new file mode 100644 index 00000000..f9cedd31 Binary files /dev/null and b/mysql-oracle/files/mysql-apt-config_0.8.9-1_all.deb differ diff --git a/mysql-oracle/files/mysql-optimize.sh b/mysql-oracle/files/mysql-optimize.sh new file mode 100644 index 00000000..0c89d74e --- /dev/null +++ b/mysql-oracle/files/mysql-optimize.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +# Do some weekly optimizations. +# Reset the cache to avoid fragmentation. +mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "RESET QUERY CACHE;" diff --git a/mysql-oracle/files/mysqltuner.cron.sh b/mysql-oracle/files/mysqltuner.cron.sh new file mode 100644 index 00000000..5424aa90 --- /dev/null +++ b/mysql-oracle/files/mysqltuner.cron.sh @@ -0,0 +1,50 @@ +#!/bin/bash +set -e +export TERM=screen + +mem=$(free -m | grep Mem: | tr -s ' ' | cut -d ' ' -f2) +swap=$(free -m | grep Swap: | tr -s ' ' | cut -d ' ' -f2) +template=$(mktemp --tmpdir=/tmp evomysqltuner.XXX) +body=$(mktemp --tmpdir=/tmp evomysqltuner.XXX) +clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2) +hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2) +hostname=${hostname%%.evolix.net} +# If hostname is composed with -, remove the first part. +if [[ $hostname =~ "-" ]]; then + hostname=$(echo $hostname | cut -d'-' -f2-) +fi + +# Remove temporary files on exit. +trap "rm $template $body" EXIT + +# Add port here if you have more than one instance! +instances="3306" +for instance in $instances; do + mysqltuner --port $instance --host 127.0.0.1 --forcemem $mem --forceswap $swap \ + | aha > /var/www/mysqlreport_${instance}.html + cat << EOT > $template +Content-Type: text/plain; charset="utf-8" +Reply-To: Équipe Evolix +From: Équipe Evolix +To: $clientmail +Subject: Rapport MySQL instance $instance pour votre serveur $hostname +EOT + cat << EOT > $body +Bonjour, + +Veuillez trouver ci-joint un rapport MySQL. +Celui-ci permet d'identifier aisément si des optimisations MySQL sont possibles. + +N'hésitez pas à nous indiquer par mail ou ticket quelles variables vous souhaiter +optimiser. + +Veuillez noter qu'il faudra redémarrer MySQL pour appliquer de nouveaux paramètres. + +Bien à vous, +-- +Rapport automatique Evolix +EOT + mutt -x -e 'set send_charset="utf-8"' -H $template \ + -a /var/www/mysqlreport_${instance}.html < $body +done +chmod 644 /var/www/mysqlreport*html diff --git a/mysql-oracle/files/mytop b/mysql-oracle/files/mytop new file mode 100755 index 00000000..1dd8820b --- /dev/null +++ b/mysql-oracle/files/mytop @@ -0,0 +1,2328 @@ +#!/usr/bin/perl -w +# +# $Id: mytop,v 1.91 2012/01/18 16:49:12 mgrennan Exp $ + +=pod + +=head1 NAME + +mytop - display MySQL server performance info like `top' + +=cut + +## most of the POD is at the bottom of the file + +use 5.005; +use strict; +use DBI; +use Getopt::Long; +use DBD::mysql; +use Socket; + +$main::VERSION = "1.91"; + +$|=1; +$0 = 'mytop'; + +my $WIN = ($^O eq 'MSWin32') ? 1 : 0; + +## Test for color support. + +eval { require Term::ANSIColor; }; + +my $HAS_COLOR = $@ ? 0 : 1; + +$HAS_COLOR = 0 if $WIN; + +## Test of Time::HiRes support + +eval { require Time::HiRes }; + +my $HAS_TIME = $@ ? 0 : 1; + +my $debug = 0; + +## Try to lower our priority (which, who, pri) + +setpriority(0,0,10) unless $WIN; + +## Prototypes + +sub Clear(); +sub GetData(); +sub GetQPS(); +sub FullQueryInfo($); +sub Explain($); +sub PrintTable(@); +sub PrintHelp(); +sub Sum(@); +sub commify($); +sub make_short($); +sub Hashes($); +sub Execute($); +sub StringOrRegex($); +sub GetInnoDBStatus(); +sub GetCmdSummary(); +sub GetShowVariables(); +sub GetShowStatus(); +sub cmd_s; +sub cmd_S; +sub cmd_q; +sub FindProg($); + +## Default Config Values + +my %config = ( + batchmode => 0, + color => 1, + db => 'test', + delay => 5, + filter_user => qr/.?/, + filter_db => qr/.?/, + filter_host => qr/.?/, + filter_state => qr/.?/, + header => 1, + help => 0, + host => 'localhost', + idle => 1, + long => 120, + long_nums => 0, + mode => 'top', + prompt => 0, + pass => '', + port => 3306, + resolve => 0, + slow => 10, # slow query time + socket => '', + sort => 1, # default or reverse sort ("s") + user => 'root' +); + +my %qcache = (); ## The query cache--used for full query info support. +my %ucache = (); ## The user cache--used for full killing by user +my %dbcache = (); ## The db cache. This should be merged at some point. +my %statcache = (); ## The show status cache for GetShowStatus() + +my (%STATUS, %OLD_STATUS); # header stuff. + +my $CLEAR = $WIN ? '': `clear`; + +## Term::ReadKey values + +my $RM_RESET = 0; +my $RM_NOBLKRD = 3; ## using 4 traps Ctrl-C :-( + +## Read the user's config file, if it exists. + +my $config = "$ENV{HOME}/.mytop"; + +if (-e $config) +{ + if (open CFG, "<$config") + { + while () + { + next if /^\s*$/; ## skip blanks + next if /^\s*#/; ## skip comments + + chomp; + + if (/(\S+)\s*=\s*(.*\S)/) + { + $config{lc $1} = $2 if exists $config{lc $1}; + } + } + close CFG; + } +} + +## Command-line args. + +use vars qw($opt_foo); + +Getopt::Long::Configure('no_ignore_case', 'bundling'); + +GetOptions( + "color!" => \$config{color}, + "user|u=s" => \$config{user}, + "pass|password|p=s" => \$config{pass}, + "database|db|d=s" => \$config{db}, + "host|h=s" => \$config{host}, + "port|P=i" => \$config{port}, + "socket|S=s" => \$config{socket}, + "delay|s=i" => \$config{delay}, + "batch|batchmode|b" => \$config{batchmode}, + "header!" => \$config{header}, + "idle|i!" => \$config{idle}, + "resolve|r!" => \$config{resolve}, + "prompt!" => \$config{prompt}, + "long=i" => \$config{long}, + "long_nums!" => \$config{long_nums}, + "mode|m=s" => \$config{mode}, + "slow=i" => \$config{slow}, + "sort=s" => \$config{sort} +); + +## User may have put the port with the host. + +if ($config{host} =~ s/:(\d+)$//) +{ + $config{port} = $1; +} + +## Don't use Term::ReadKey unless running interactively. + +if (not $config{batchmode}) +{ + require Term::ReadKey; + Term::ReadKey->import(); +} + +## User may want to disable color. + +if ($HAS_COLOR and not $config{color}) +{ + $HAS_COLOR = 0; +} + +if ($HAS_COLOR) +{ + import Term::ANSIColor ':constants'; +} +else +{ + *RESET = sub { }; + *YELLOW = sub { }; + *RED = sub { }; + *MAGENTA = sub { }; + *GREEN = sub { }; + *BLUE = sub { }; + *WHITE = sub { }; + *BOLD = sub { }; +} + +my $RESET = RESET() || ''; +my $YELLOW = YELLOW() || ''; +my $RED = RED() || ''; +my $MAGENTA = MAGENTA() || ''; +my $GREEN = GREEN() || ''; +my $BLUE = BLUE() || ''; +my $WHITE = WHITE() || ''; +my $BOLD = BOLD() || ''; + +## Connect + +my $dsn; + +## Socket takes precedence. + +$dsn ="DBI:mysql:database=$config{db};mysql_read_default_group=mytop;"; + +if ($config{socket} and -S $config{socket}) +{ + $dsn .= "mysql_socket=$config{socket}"; +} +else +{ + $dsn .= "host=$config{host};port=$config{port}"; +} + +if ($config{prompt}) +{ + print "Password: "; + ReadMode(2); + chomp($config{pass} = ); + ReadMode(0); + print "\n"; +} + +my $dbh = DBI->connect($dsn, $config{user}, $config{pass}, + { PrintError => 0 }); + +if (not ref $dbh) +{ + my $Error = <{Variable_name} eq "version") + { + $db_version = $_->{Value}; + $db_release = int(sprintf("%d",$db_version)); + next; + } + if ($_->{Variable_name} eq "have_query_cache") + { +# if ($_->{Value} eq 'YES') + if ($_->{Value} eq 'YES' or $_->{Value} eq 'DEMAND') # http://freshmeat.net/users/jerjones + { + $have_query_cache = 1; + } + else + { + $have_query_cache = 0; + } + next; + } +} + +######################################################################### +## +## The main loop +## +######################################################################### + +ReadMode($RM_NOBLKRD) unless $config{batchmode}; + +while (1) +{ + my $key; + + if ($config{mode} eq 'qps') + { + GetQPS(); + $key = ReadKey(1); + + next unless $key; + + if ($key =~ /t/i) + { + $config{mode} = 'top'; + } + if ($key =~ /q/) + { + cmd_q(); + } + next; + } + if ($config{mode} eq 'top') + { + GetData(); + last if $config{batchmode}; + $key = ReadKey($config{delay}); + next unless $key; + } + elsif ($config{mode} eq 'cmd') + { + GetCmdSummary(); + last if $config{batchmode}; + $key = ReadKey($config{delay}); + next unless $key; + } + elsif ($config{mode} eq 'innodb') + { + GetInnoDBStatus(); + last if $config{batchmode}; + $key = ReadKey($config{delay}); + next unless $key; + } + elsif ($config{mode} eq 'status') + { + GetShowStatus(); + last if $config{batchmode}; + $key = ReadKey($config{delay}); + next unless $key; + } + + ## + ## keystroke command processing (if we get this far) + ## + + if ($key eq '!') + { + Execute("stop slave"); + Execute("set global sql_slave_skip_counter=1"); + Execute("start slave"); + } + + # t - top + + if ($key =~ /t/i) + { + $config{mode} = 'top'; + } + + ## q - quit + + if ($key eq 'q') + { + cmd_q(); + } + + if ($key eq 'D') + { + require Data::Dumper; + print Data::Dumper::Dumper([\%config]); + ReadKey(0); + } + + ## l - change long running hightling + + if ($key eq 'l') + { + cmd_l(); + next; + } + + ## m - mode swtich to qps + + if ($key eq 'm') + { + $config{mode} = 'qps'; + Clear() unless $config{batchmode}; + print "Queries Per Second [hit q to exit this mode]\n"; + next; + } + + ## c - mode swtich to command summary + + if ($key eq 'c') + { + $config{mode} = 'cmd'; + Clear() unless $config{batchmode}; + print "Command Summary [hit q to exit this mode]\n"; + next; + } + + ## C - change Color on and off + + if ($key eq 'C') + { + if ( $HAS_COLOR ) + { + $HAS_COLOR = 0; + } + else + { + $HAS_COLOR = 1; + } + } + + ## s - seconds of delay + + if ($key eq 's') + { + cmd_s(); + next; + } + + if ($key eq 'S') + { + cmd_S(); + next; + } + + ## R - resolve hostnames + if ($key eq 'R') + { + if ($config{resolve}) + { + $config{resolve} = 0; + } + else + { + $config{resolve} = 1; + } + } + + ## t - username based filter + + if ($key eq 't') + { + ReadMode($RM_RESET); + print RED(), "Which state (blank for all, /.../ for regex): ", RESET(); + $config{filter_state} = StringOrRegex(ReadLine(0)); + ReadMode($RM_NOBLKRD); + next; + } + + ## u - username based filter + + if ($key eq 'u') + { + ReadMode($RM_RESET); + print RED(), "Which user (blank for all, /.../ for regex): ", RESET(); + $config{filter_user} = StringOrRegex(ReadLine(0)); + ReadMode($RM_NOBLKRD); + next; + } + + ## d - database name based filter + + if ($key eq 'd') + { + ReadMode($RM_RESET); + print RED(), "Which database (blank for all, /.../ for regex): ", + RESET(); + $config{filter_db} = StringOrRegex(ReadLine(0)); + ReadMode($RM_NOBLKRD); + next; + } + + ## h - hostname based filter + + if ($key eq 'h') + { + ReadMode($RM_RESET); + print RED(), "Which hostname (blank for all, /.../ for regex): ", + RESET(); + $config{filter_host} = StringOrRegex(ReadLine(0)); + ReadMode($RM_NOBLKRD); + next; + } + + ## E - Show full Replication Error + + if ($key eq 'E') + { + my($data) = Hashes('SHOW SLAVE STATUS'); + Clear(); + print "Error is: $data->{Last_Error}\n"; + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + next; + } + ## F - remove all filters + + if ($key eq 'F') + { + $config{filter_host} = qr/.?/; + $config{filter_db} = qr/.?/; + $config{filter_user} = qr/.?/; + $config{filter_state} = qr/.?/; + print RED(), "-- display unfiltered --", RESET(); + sleep 1; + next; + } + + ## p - pause + + if ($key eq 'p') + { + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + next; + } + + ## i - idle toggle + + if ($key =~ /i/) + { + if ($config{idle}) + { + $config{idle} = 0; + $config{sort} = 1; + print RED(), "-- idle (sleeping) processed filtered --", RESET(); + sleep 1; + } + else + { + $config{idle} = 1; + $config{sort} = 0; + print RED(), "-- idle (sleeping) processed unfiltered --", RESET(); + sleep 1; + } + } + + ## I - InnoDB status + + if ($key =~ 'I') + { + $config{mode} = 'innodb'; + Clear() unless $config{batchmode}; + print "InnoDB Status [hit q to exit this mode]\n"; + next; + } + + ## o - sort order + + if ($key =~ /o/) + { + if ($config{sort}) + { + $config{sort} = 0; + print RED(), "-- sort order reversed --", RESET(); + sleep 1; + } + else + { + $config{sort} = 1; + print RED(), "-- sort order reversed --", RESET(); + sleep 1; + } + } + + ## ? - help + + if ($key eq '?') + { + Clear(); + PrintHelp(); + ReadKey(0); + next; + } + + ## k - kill + + if ($key eq 'k') + { + ReadMode($RM_RESET); + + print RED(), "Thread id to kill: ", RESET(); + my $id = ReadLine(0); + + $id =~ s/\s//g; + + if ($id =~ /^\d+$/) + { + Execute("KILL $id"); + } + else + { + print RED(), "-- invalid thread id --", RESET(); + sleep 1; + } + + ReadMode($RM_NOBLKRD); + next; + } + + ## K - kill based on a username + if ($key =~ /K/) + { + ReadMode($RM_RESET); + + print RED(), "User to kill: ", RESET(); + my $user = ReadLine(0); + + $user =~ s/\s//g; + + if ($user =~ /^\S+$/) + { + for my $pid (keys %ucache) + { + next unless $ucache{$pid} eq $user; + Execute("KILL $pid"); + select(undef, undef, undef, 0.2); + } + } + else + { + print RED(), "-- invalid thread id --", RESET(); + sleep 1; + } + + ReadMode($RM_NOBLKRD); + } + + ## f - full info + + if ($key =~ /f/) + { + ReadMode($RM_RESET); + print RED(), "Full query for which thread id: ", RESET(); + my $id = ReadLine(0); + chomp $id; + FullQueryInfo($id); + ReadMode($RM_NOBLKRD); + print RED(), "-- paused. press any key to resume or (e) to explain --", + RESET(); + my $key = ReadKey(0); + + if ($key eq 'e') + { + Explain($id); + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + } + + next; + } + + ## e - explain + + if ($key =~ /e/) + { + ReadMode($RM_RESET); + print RED(), "Explain which query (id): ", RESET(); + my $id = ReadLine(0); + chomp $id; + Explain($id); + ReadMode($RM_NOBLKRD); + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + next; + } + + ## r - reset status counters + + if ($key =~ /r/) + { + Execute("FLUSH STATUS"); + print RED(), "-- counters reset --", RESET(); + sleep 1; + next; + } + + ## H - header toggle + + if ($key eq 'H') + { + if ($config{header}) + { + $config{header} = 0; + } + else + { + $config{header}++; + } + } + + ## # - magic debug key + + if ($key eq '#') + { + $debug = 1; + } + + if ($key eq 'V') + { + GetShowVariables(); + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + } + + if ($key eq 'S') + { + $config{mode} = 'status'; + } +} + +ReadMode($RM_RESET) unless $config{batchmode}; + +exit; + +####################################################################### + +sub Clear() +{ + if (not $WIN) + { + print "$CLEAR" + } + else + { + print "\n" x 90; ## dumb hack for now. Anyone know how to + ## clear the screen in dos window on a Win32 + ## system?? + } +} + +my $last_time; + +sub GetData() +{ + ## Get terminal info + my $now_time; + %qcache = (); ## recycle memory + %dbcache = (); + + my ($width, $height, $wpx, $hpx, $lines_left); + + if (not $config{batchmode}) + { + ($width, $height, $wpx, $hpx) = GetTerminalSize(); + $lines_left = $height - 2; + } + else + { + $height = 999_999; ## I hope you don't have more than that! + $lines_left = 999_999; + $width = 80; + } + + ## + ## Header stuff. + ## + if ($config{header}) + { + my @recs = ""; + if ( $db_release > 4 ) + { + @recs = Hashes("show global status"); + } + else + { + @recs = Hashes("show status"); + } + + ## if the server died or we lost connectivity + if (not @recs) + { + ReadMode($RM_RESET); + exit 1; + } + + ## get high-res or low-res time + my ($t_delta); + + if ($HAS_TIME) + { + $now_time = Time::HiRes::gettimeofday(); + } + else + { + $now_time = time; + } + + if ($last_time and $last_time != $now_time) + { + $t_delta = $now_time - $last_time; + } + + %OLD_STATUS = %STATUS; + + foreach my $ref (@recs) + { + my $key = $ref->{Variable_name}; + my $val = $ref->{Value}; + + $STATUS{$key} = $val; + } + + ## Compute Key Cache Hit Stats + + $STATUS{Key_read_requests} ||= 1; ## can't divide by zero next + + my $cache_hits_percent = (100-($STATUS{Key_reads}/$STATUS{Key_read_requests}) * 100); + $cache_hits_percent = sprintf("%2.2f",$cache_hits_percent); + + ## Query Cache info for <= Ver. 4.1 + ## + ## mysql> show status like 'qcache%'; + ## +-------------------------+----------+ + ## | Variable_name | Value | + ## +-------------------------+----------+ + ## | Qcache_queries_in_cache | 81 | + ## | Qcache_inserts | 4961668 | + ## | Qcache_hits | 1374170 | + ## | Qcache_not_cached | 5656249 | + ## | Qcache_free_memory | 33164800 | + ## | Qcache_free_blocks | 2 | + ## | Qcache_total_blocks | 168 | + ## +-------------------------+----------+ + ## + ## Query Cache info for => Ver. 5.0 + ## + ## mysql> show status like 'qcache%'; + ## +-------------------------+------------+ + ## | Variable_name | Value | + ## +-------------------------+------------+ + ## | Qcache_free_blocks | 37652 | + ## | Qcache_free_memory | 110289712 | + ## | Qcache_hits | 1460617356 | + ## | Qcache_inserts | 390563495 | + ## | Qcache_lowmem_prunes | 6414172 | + ## | Qcache_not_cached | 93002420 | + ## | Qcache_queries_in_cache | 66558 | + ## | Qcache_total_blocks | 192031 | + ## +-------------------------+------------+ + + my $query_cache_hits = 0; + my $query_cache_hits_per_sec = 0; + my $now_query_cache_hits_per_sec = 0; + + if ($have_query_cache) + { + $query_cache_hits = $STATUS{Qcache_hits}; + $query_cache_hits_per_sec = $STATUS{Qcache_hits} / $STATUS{Uptime}; + + if (defined $last_time and $last_time != $now_time) + { + my $q_delta = $STATUS{Qcache_hits} - $OLD_STATUS{Qcache_hits}; + $now_query_cache_hits_per_sec = sprintf "%.2f", $q_delta / $t_delta; + } + } + + open L, "; + close L; + chomp $l; + + $last_time = $now_time; + + ## Server Uptime in meaningful terms... + + my $time = $STATUS{Uptime}; + my ($d,$h,$m,$s) = (0, 0, 0, 0); + + $d += int($time / (60*60*24)); $time -= $d * (60*60*24); + $h += int($time / (60*60)); $time -= $h * (60*60); + $m += int($time / (60)); $time -= $m * (60); + $s += int($time); + + my $uptime = sprintf("%d+%02d:%02d:%02d", $d, $h, $m, $s); + + ## Queries per second... + + my $avg_queries_per_sec = sprintf("%.2f", $STATUS{Questions} / $STATUS{Uptime}); + my $num_queries = $STATUS{Questions}; + + my @t = localtime(time); + + my $current_time = sprintf "[%02d:%02d:%02d]", $t[2], $t[1], $t[0]; + + my $host_width = 75; + my $up_width = $width - $host_width; + + Clear() unless $config{batchmode}; + print RESET(); + + printf "%-${host_width}s%${up_width}s\n", + "MySQL on $config{host} ($db_version)", + "load $l up $uptime $current_time"; + $lines_left--; + + + printf " Queries: %-6s qps: %4.0f Slow: %7s Se/In/Up/De(%%): %02.0f/%02.0f/%02.0f/%02.0f \n", + make_short( $STATUS{Questions} ), # q total + $STATUS{Questions} / $STATUS{Uptime}, # qps, average + make_short( $STATUS{Slow_queries} ), # slow + + # hmm. a Qcache hit is really a select and should be counted. + 100 * ($STATUS{Com_select} + ($STATUS{Qcache_hits}||0) ) / $STATUS{Questions}, + 100 * ($STATUS{Com_insert} + $STATUS{Com_replace} ) / $STATUS{Questions}, + 100 * ($STATUS{Com_update} ) / $STATUS{Questions}, + 100 * $STATUS{Com_delete} / $STATUS{Questions}; + + $lines_left--; + + if ($t_delta) + { + my $q_diff = ( $STATUS{Questions} - $OLD_STATUS{Questions} ); +# print("q_diff: $STATUS{Questions} - $OLD_STATUS{Questions} / $t_delta = $q_diff\n"); + + printf(" Sorts: %5.0f qps now: %4.0f Slow qps: %3.1f Threads: %4.0f (%4.0f/%4.0f) %02.0f/%02.0f/%02.0f/%02.0f \n", + ( $STATUS{Sort_rows} - $OLD_STATUS{Sort_rows} ) / $t_delta, + ( $STATUS{Questions} - $OLD_STATUS{Questions} ) / $t_delta, + ( # slow now (qps) + ($STATUS{Slow_queries} ) ? + ( $STATUS{Slow_queries} - $OLD_STATUS{Slow_queries} ) / $t_delta : + 0 + ), + $STATUS{Threads_connected}, + $STATUS{Threads_running}, + $STATUS{Threads_cached}, + + (100 * ($STATUS{Com_select} - $OLD_STATUS{Com_select} + + ($STATUS{Qcache_hits}||0) - ($OLD_STATUS{Qcache_hits}||0) + ) ) / ($q_diff ), + (100 * ($STATUS{Com_insert} - $OLD_STATUS{Com_insert} + + $STATUS{Com_replace} - $OLD_STATUS{Com_replace} + ) ) / ($q_diff ), + (100 * ($STATUS{Com_update} - $OLD_STATUS{Com_update}) ) / ($q_diff ), + (100 * ($STATUS{Com_delete} - $OLD_STATUS{Com_delete}) ) / ($q_diff ), + ); + } + else + { + print "\n"; + } + $lines_left--; + + if ($have_query_cache and $STATUS{Com_select} and $query_cache_hits) + { + printf(" Cache Hits: %-5s Hits/s: %4.1f Hits now: %5.1f Ratio: ", + make_short($STATUS{Qcache_hits}), # cache hits + $STATUS{Qcache_hits} / $STATUS{Uptime}, # hits / sec + ($t_delta) ? ($STATUS{Qcache_hits} - $OLD_STATUS{Qcache_hits}) / $t_delta : 0, # Hits Now + ); + + my($Ratio) = 100 * ($STATUS{Qcache_hits}) / ($STATUS{Qcache_hits} + $STATUS{Com_select} ); + if ($HAS_COLOR) + { + print YELLOW() if ($Ratio < 80.0); + print RED() if ($Ratio < 50.0); + print MAGENTA() if ($Ratio < 20.0); + } + printf("%4.1f%% ",$Ratio); + if ($HAS_COLOR) + { + print RESET(); + } + + print " Ratio now: "; + my($Ratio_now) = ($t_delta) ? # ratio now + 100 * ($STATUS{Qcache_hits} - $OLD_STATUS{Qcache_hits} ) / + ( ($STATUS{Com_select} + $STATUS{Qcache_hits} - + ($OLD_STATUS{Qcache_hits} + $OLD_STATUS{Com_select}) + ) || 1) : 0; + if ($HAS_COLOR) + { + print GREEN() if ($Ratio_now => 80.0); + print YELLOW() if ($Ratio_now < 80.0); + print RED() if ($Ratio_now < 50.0); + print MAGENTA() if ($Ratio_now < 20.0); + } + printf("%4.1f%% \n",$Ratio_now); + if ($HAS_COLOR) + { + print RESET(); + } + } + $lines_left--; + + + printf(" Key Efficiency: %2.1f%% Bps in/out: %5s/%5s ", + $cache_hits_percent, + make_short($STATUS{Bytes_received} / $STATUS{Uptime} ), + make_short($STATUS{Bytes_sent} / $STATUS{Uptime})); + printf("Now in/out: %5s/%5s", + make_short(($STATUS{Bytes_received} - $OLD_STATUS{Bytes_received}) / $t_delta ), + make_short(($STATUS{Bytes_sent} - $OLD_STATUS{Bytes_sent}) / $t_delta )) + if ($t_delta); + print "\n"; + + $lines_left--; + + my($data) = Hashes('show global variables like "read_only"'); + if ($data->{Value} ne "OFF") + { + print RED() if ($HAS_COLOR) ; + print " ReadOnly"; + RESET() if ($HAS_COLOR); + } + + my($data) = Hashes('SHOW SLAVE STATUS'); + if (defined($data->{Master_Host})) + { + if (defined($data->{Seconds_Behind_Master})) + { + if ($HAS_COLOR) { + print GREEN(); + print YELLOW() if ($data->{Seconds_Behind_Master} > 60); + print MAGENTA() if ($data->{Seconds_Behind_Master} > 360); + } + } + print " Replication "; + print "IO:$data->{Slave_IO_Running} "; + print "SQL:$data->{Slave_SQL_Running} "; + print RESET() if ($HAS_COLOR); + + if (defined($data->{Seconds_Behind_Master})) + { + if ($HAS_COLOR) { + print GREEN(); + print YELLOW() if ($data->{Seconds_Behind_Master} > 60); + print MAGENTA() if ($data->{Seconds_Behind_Master} > 360); + } + print "Delay: $data->{Seconds_Behind_Master} sec."; + } else { + my $free = $width - 45; + my $Err = substr $data->{Last_Error},0 ,$free; + printf(" ERR: %-${free}s", $Err) if ( $Err ne "" ); + } + print WHITE() if ($HAS_COLOR); + print "\n"; + $lines_left--; + } + print "\n"; + } + + if (not $config{batchmode} and not $config{header}) + { + Clear(); + print RESET(); + } + + ## + ## Threads + ## + + #my $sz = $width - 52; + my @sz = (9, 9, 15, 10, 10, 6, 8); + my $used = scalar(@sz) + Sum(@sz); + my $free = $width - $used; + + print BOLD() if ($HAS_COLOR); + + printf "%9s %9s %15s %10s %10s %6s %8s %-${free}s\n", + 'Id','User','Host/IP','DB','Time', 'Cmd', 'State', 'Query'; + + print RESET() if ($HAS_COLOR); + + ## Id User Host DB + printf "%9s %9s %15s %10s %10s %6s %8s %-${free}s\n", + '--','----','-------','--','----', '---', '-----', '----------'; + + $lines_left -= 2; + + my $proc_cmd = "show full processlist"; + + my @data = Hashes($proc_cmd); + + foreach my $thread (@data) + { + last if not $lines_left; + + ## Drop Domain Name, unless it looks like an IP address. If + ## it's an IP, we'll strip the port number because it's rarely + ## interesting. + + my $is_ip = 0; + + if ($thread->{Host} =~ /^(\d{1,3}\.){3}(\d{1,3})(:\d+)?$/) + { + $thread->{Host} =~ s/:.*$//; + $is_ip = 1; + } + else + { + $thread->{Host} =~ s/^([^.]+).*/$1/; + } + + ## Otherwise, look up the IP (if resolve is set) and strip the + ## name + if ($is_ip and $config{resolve}) + { + $thread->{Host} =~ s/:\d+$//; +# my $host = $thread->{Host}; + my $host = gethostbyaddr(inet_aton($thread->{Host}), AF_INET); +# $host =~ s/^([^.]+).*/$1/; + $thread->{Host} = $host; + } + + ## Fix possible undefs + + $thread->{db} ||= ''; + $thread->{Info} ||= ''; + $thread->{Time} ||= 0 ; + $thread->{Id} ||= 0 ; + $thread->{User} ||= ''; + $thread->{Command} ||= ''; + $thread->{Host} ||= ''; + $thread->{State} ||= ""; + + ## alter double hyphen comments so they don't break + ## the query when newlines are removed - http://freshmeat.net/users/jerjones + $thread->{Info} =~ s~\s--(.*)$~ /* $1 */ ~mg; + + ## Normalize spaces -- mostly disabled for now. This can + ## break EXPLAIN if you try to explain a mangled query. It + ## may be re-enabled later as an option. + + ## leading space removal + $thread->{Info} =~ s/^\s*//; + + if (1) + { + ## remove newlines and carriage returns + $thread->{Info} =~ s/[\n\r]//g; + + ## collpase whitespace + $thread->{Info} =~ s/\s+/ /g; + } + + ## stow it in the cache + + $qcache{$thread->{Id}} = $thread->{Info}; + $dbcache{$thread->{Id}} = $thread->{db}; + $ucache{$thread->{Id}} = $thread->{User}; + + } + + ## Sort by idle time (closest thing to CPU usage I can think of). + + my @sorted; + + if (not $config{sort}) + { + @sorted = sort { $a->{Time} <=> $b->{Time} } @data + } + else + { + @sorted = sort { $b->{Time} <=> $a->{Time} } @data + } + + foreach my $thread (@sorted) + { + # Check to see if we can skip out. We skip out if we know the + # given line doesn't match. + + next if (($thread->{Command} eq "Sleep") + and + (not $config{idle})); + + next if (($thread->{Command} eq "Binlog Dump") + and + (not $config{idle})); + + next if (($thread->{Command} eq "Daemon") + and + (not $config{idle})); + + next if ($thread->{User} !~ $config{filter_user}); + next if ($thread->{db} !~ $config{filter_db}); + next if ($thread->{Host} !~ $config{filter_host}); + next if ($thread->{State} !~ $config{filter_state}); + + $thread->{State} = trim(sprintf("%8.8s",$thread->{State})); + + # Otherwise, print. + + my $smInfo; + + if ($thread->{Info}) + { + $smInfo = substr $thread->{Info}, 0, $free; + } +# if ($thread->{State}) +# { +# $smInfo = substr $thread->{State}, 0, $free; +# } + else + { + $smInfo = ""; + } + + if ($HAS_COLOR) + { + print YELLOW() if $thread->{Command} eq 'Query'; + print WHITE() if $thread->{Command} eq 'Sleep'; + print GREEN() if $thread->{Command} eq 'Connect'; + print BOLD() if $thread->{Time} > $config{slow}; + print MAGENTA() if $thread->{Time} > $config{long}; + } + + printf "%9d %9.9s %15.15s %10.10s %10d %6.6s %8.8s %-${free}.${free}s\n", + $thread->{Id}, $thread->{User}, $thread->{Host}, $thread->{db}, + $thread->{Time}, $thread->{Command}, $thread->{State}, $smInfo; + + print RESET() if $HAS_COLOR; + + $lines_left--; + + last if $lines_left == 0; + + } + +} + +########################################################################### + +my $questions; + +sub GetQPS() +{ + my($data) = Hashes('SHOW STATUS LIKE "Questions"'); + my $num = $data->{Value}; + + if (not defined $questions) ## first time? + { + $questions = $num; + return; + } + + my $qps = $num - $questions; + $questions = $num; + print "$qps\n"; +} + +########################################################################### + +sub GetQcacheSummary() +{ +} + +########################################################################### + +sub GetInnoDBStatus() +{ + if (not $config{pager}) + { + if (not $config{pager} = FindProg('less')) + { + $config{pager} = FindProg('more'); + } + } + + my @data = Hashes("SHOW INNODB STATUS"); + + open P, "|$config{pager}" or die "$!"; + print keys %{$data[0]}; + print $data[0]->{Status},"\n"; + close P; +} + +########################################################################### + +my %prev_data; + +sub GetCmdSummary() +{ + my ($width, $height, $wpx, $hpx, $lines_left); + + if (not $config{batchmode}) + { + ($width, $height, $wpx, $hpx) = GetTerminalSize(); + + $lines_left = $height - 2; + } + else + { + $height = 999_999; ## I hope you don't have more than that! + $lines_left = 999_999; + $width = 80; + } + + # Variable_name and Value pairs come back... + my @data = Hashes("SHOW STATUS LIKE 'Com_%'"); + my %cmd_data; + my %cmd_delta; + my %cmd_pct; + my %cmd_delta_pct; + my $total; + my $delta_total; + + for my $item (@data) + { + next unless $item->{Value}; + $item->{Variable_name} =~ s/^Com_//; + $item->{Variable_name} =~ s/_/ /g; + $cmd_data{$item->{Variable_name}} = $item->{Value}; + $total += $item->{Value}; + } + + ## Populate other stats + + for my $item (keys %cmd_data) + { + $cmd_delta{$item} = $cmd_data{$item} - + ($prev_data{$item} || $cmd_data{$item} - 1); + + $delta_total += $cmd_delta{$item}; + + $cmd_pct{$item} = int(($cmd_data{$item} / $total) * 100); + } + + for my $item (keys %cmd_data) + { + $cmd_delta_pct{$item} = int(($cmd_delta{$item} / $delta_total) * 100); + } + + + ## Display + + Clear() unless $config{batchmode}; + print RESET(); + printf "%18s %10s %4s | %5s %4s\n", 'Command', 'Total', 'Pct', 'Last', 'Pct'; + printf "%18s %10s %4s | %5s %4s\n", '-------', '-----', '---', '----', '---'; + $lines_left -= 2; + + for my $item (sort { $cmd_data{$b} <=> $cmd_data{$a} } keys %cmd_data) + { + printf "%18s %10d %4s | %5d %4s\n", + $item, + $cmd_data{$item}, + $cmd_pct{$item} . "%", + $cmd_delta{$item}, + $cmd_delta_pct{$item} . "%"; + + last if not $lines_left; + $lines_left -= 1; + } + + %prev_data = %cmd_data; +} + +########################################################################### + +sub GetShowVariables() +{ + if (not $config{pager}) + { + if (not $config{pager} = FindProg('less')) + { + $config{pager} = FindProg('more'); + } + } + + my @rows = Hashes("SHOW VARIABLES"); + + open P, "|$config{pager}" or die "$!"; + + for my $row (@rows) + { + my $name = $row->{Variable_name}; + my $value = $row->{Value}; + printf P "%32s: %s\n", $name, $value; + } + + close P; +} + +########################################################################### + +sub GetShowStatus() +{ + Clear() unless $config{batchmode}; + my @rows = Hashes("SHOW STATUS"); + + printf "%32s %10s %10s\n", 'Counter', 'Total', 'Change'; + printf "%32s %10s %10s\n", '-------', '-----', '------'; + + for my $row (@rows) + { + my $name = $row->{Variable_name}; + my $value = $row->{Value}; + my $old = $statcache{$name}; + my $delta = 0; + + next if $name =~ m/^Com_/; ## skip Com_ stats + next if $value =~ m/^[^0-9]*$/; ## skip non-numeric + + ## TODO: if Qcache is off, we should skip Qcache_ values + + if ($HAS_COLOR and defined $old and $old =~ /^\d/) + { + if ($value > $old) + { + print YELLOW(); + $delta = $value - $old; + } + elsif ($value < $old) + { + print RED(); + $delta = $value - $old; + } + + if (not $config{idle} and $value == $old) + { + # filter unchanging stats, maybe + print RESET(); + next; + } + } + + printf "%32s: %10s %10s\n", $name, $value, $delta; + print RESET() if $HAS_COLOR; + + $statcache{$name} = $value; + } + +} + +########################################################################### + +sub FullQueryInfo($) +{ + my $id = shift; + + if (not exists $qcache{$id} or not defined $qcache{$id}) + { + print "*** Invalid id. ***\n"; + return; + } + + my $sql = $qcache{$id}; + print $CLEAR; + print "Thread $id was executing following query:\n\n"; + print YELLOW(), $sql,"\n\n", RESET(); +} + +########################################################################### + +sub Explain($) +{ + my $id = shift; + + if (not exists $qcache{$id} or not defined $qcache{$id}) + { + print "*** Invalid id. ***\n"; + return; + } + + my $sql = $qcache{$id}; + my $db = $dbcache{$id}; + + Execute("USE $db"); + my @info = Hashes("EXPLAIN $sql"); + print $CLEAR; + print "EXPLAIN $sql:\n\n"; + PrintTable(@info); +} + +########################################################################### + +sub PrintTable(@) +{ + my $cnt = 1; + my @cols = qw(table type possible_keys key key_len ref rows Extra); + + for my $row (@_) + { + print "*** row $cnt ***\n"; + for my $key (@cols) + { + my $val = $row->{$key} || 'NULL'; + printf "%15s: %s\n", $key, $val; + } + $cnt++; + } +} + +########################################################################### + +sub StringOrRegex($) +{ + my $input = shift; + chomp $input; + if (defined $input) + { + # regex, strip /.../ and use via qr// + if ($input =~ m{^/} and $input =~ m{/$}) + { + $input =~ s{^/}{} if $config{filter_user}; + $input =~ s{/$}{} if $config{filter_user}; + $input = qr/$input/; + } + + + # reset to match anything + elsif ($input eq '') + { + $input = qr/.*/; + } + + # string, build a simple regex + else + { + $input = '^' . $input . '$'; + $input = qr/$input/; + } + } + + # reset to match anything + else + { + $input = qr/.*/; + } + return $input; +} + +########################################################################### + +sub cmd_l +{ + ReadMode($RM_RESET); + + print RED(), "Seconds for long queries: ", RESET(); + my $secs = ReadLine(0); + + if ($secs =~ /^\s*(\d+)/) + { + $config{long} = $1; + if ($config{long} < 1) + { + $config{long} = 1; + } + } + ReadMode($RM_NOBLKRD); +} + +sub cmd_s +{ + ReadMode($RM_RESET); + + print RED(), "Seconds of Delay: ", RESET(); + my $secs = ReadLine(0); + + if ($secs =~ /^\s*(\d+)/) + { + $config{delay} = $1; + if ($config{delay} < 1) + { + $config{delay} = 1; + } + } + ReadMode($RM_NOBLKRD); +} + +sub cmd_S +{ + ReadMode($RM_RESET); + + print RED(), "Seconds for Slow queries: ", RESET(); + my $secs = ReadLine(0); + + if ($secs =~ /^\s*(\d+)/) + { + $config{slow} = $1; + if ($config{slow} < 1) + { + $config{slow} = 1; + } + } + ReadMode($RM_NOBLKRD); +} + +sub cmd_q +{ + ReadMode($RM_RESET); + print "\n"; + exit; +} + +sub trim($) +{ + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} + +########################################################################### + +sub PrintHelp() +{ + my $help = qq[ +Help for mytop version $main::VERSION by Jeremy D. Zawodny <${YELLOW}Jeremy\@Zawodny.com${RESET}> + with updates by Mark Grennan <${YELLOW}mark\@grennan.com${RESET}> + + ? - display this screen + # - toggle short/long numbers (not yet implemented) + c - command summary view (based on Com_* counters) + C - turn color on and off + d - show only a specific database + e - explain the query that a thread is running + E - display current replication error + f - show full query info for a given thread + F - unFilter the dispaly + h - show only a specifc host's connections + H - toggle the mytop header + i - toggle the display of idle (sleeping) threads + I - show innodb status + k - kill a thread + p - pause the display + l - change long running queries hightlighing + m - switch [mode] to qps (queries/sec) scrolling view + o - reverse the sort order (toggle) + q - quit + r - reset the status counters (via FLUSH STATUS on your server) + R - change reverse IP lookup + s - change the delay between screen updates + S - change slow quiery hightlighting + t - switch to thread view (default) + u - show only a specific user + : - enter a command (not yet implemented) + ! - Skip an error that has stopped replications (at your own risk) + +${GREEN}http://jeremy.zawodny.com/mysql/mytop/${RESET} +${GREEN}http://www.mysqlfanboy.com/mytop/${RESET} +]; + + print $help; +} + +sub Sum(@) +{ + my $sum; + while (my $val = shift @_) { $sum += $val; } + return $sum; +} + +## A useful routine from perlfaq + +sub commify($) +{ + local $_ = shift; + return 0 unless defined $_; + 1 while s/^([-+]?\d+)(\d{3})/$1,$2/; + return $_; +} + +## Compact numeric representation (10,000 -> 10.0k) + +sub make_short($) +{ + my $number = shift; + return commify($number) if $config{long_nums}; + my $n = 0; + while ($number > 1_025) { $number /= 1024; $n++; }; + return sprintf "%.1f%s", $number, ('','k','M','G', 'T')[$n]; +} + + + +## Run a query and return the records has an array of hashes. + +sub Hashes($) +{ + my $sql = shift; + my @records; + + if (my $sth = Execute($sql)) + { + while (my $ref = $sth->fetchrow_hashref) + { + print "record\n" if $debug; + push @records, $ref; + } + } + return @records; +} + +## Execute an SQL query and return the statement handle. + +sub Execute($) +{ + my $sql = shift; + my $sth = $dbh->prepare($sql); + + if (not $sth) { ReadMode($RM_RESET); die $DBI::errstr; } + + my $ReturnCode = $sth->execute; + + if (not $ReturnCode) + { + if ($debug) + { + print "query failed\n"; + sleep 10; + } + return undef; + } + + return $sth; +} + +sub FindProg($) +{ + my $prog = shift; + my $found = undef; + my @search_dirs = ("/bin", "/usr/bin", "/usr/sbin", + "/usr/local/bin", "/usr/local/sbin"); + + for (@search_dirs) + { + my $loc = "$_/$prog"; + if (-e $loc) + { + $found = $loc; + last; + } + } + return $found; +} + +=pod + +=head1 SYNOPSIS + +B [options] + +=head1 AVAILABILITY + +The latest version of B is available from +http://jeremy.zawodny.com/mysql/mytop/ it B also be on CPAN as +well. + +=head1 REQUIREMENTS + +In order for B to function properly, you must have the +following: + + * Perl 5.005 or newer + * Getopt::Long + * DBI and DBD::mysql + * Term::ReadKey from CPAN + +Most systems are likely to have all of those installed--except for +Term::ReadKey. You will need to pick that up from the CPAN. You can +pick up Term::ReadKey here: + + http://search.cpan.org/search?dist=TermReadKey + +And you obviously need access to a MySQL server (version 3.22.x or +3.23.x) with the necessary security to run the I and +I commands. + +If you are a Windows user, using ActiveState's Perl, you can use PPM +(the Perl Package Manager) to install the MySQL and Term::ReadKey +modules. + +=head2 Optional Color Support + +In additon, if you want a color B (recommended), install +Term::ANSIColor from the CPAN: + + http://search.cpan.org/search?dist=ANSIColor + +Once you do, B will automatically use it. However, color is not +yet working on Windows. Patches welcome. :-) + +=head2 Optional Hi-Res Timing + +If you want B to provide more accurate real-time +queries-per-second statistics, install the Time::HiRes module from +CPAN. B will automatically notice that you have it and use it +rather than the standard timing mechanism. + +=head2 Platforms + +B is known to work on: + + * Linux (2.2.x, 2.4.x) + * FreeBSD (2.2, 3.x, 4.x) + * Mac OS X + * BSDI 4.x + * Solaris 2.x + * Windows NT 4.x (ActivePerl) + +If you find that it works on another platform, please let me +know. Given that it is all Perl code, I expect it to be rather +portable to Unix and Unix-like systems. Heck, it I even work on +Win32 systems. + +=head1 DESCRIPTION + +Help is always welcome in improving this software. Feel free to +contact the author (see L<"AUTHOR"> below) with bug reports, fixes, +suggestions, and comments. Additionally L<"BUGS"> will provide a list +of things this software is not able to do yet. + +Having said that, here are the details on how it works and what you can +do with it. + +=head2 The Basics + +B was inspired by the system monitoring tool B. I +routinely use B on Linux, FreeBSD, and Solaris. You are likely to +notice features from each of them here. + +B will connect to a MySQL server and periodically run the +I and I commands and attempt to +summarize the information from them in a useful format. + +=head2 The Display + +The B display screen is really broken into two parts. The top 4 +lines (header) contain summary information about your MySQL +server. For example, you might see something like: + +MySQL on localhost (4.0.13-log) up 1+11:13:00 [23:29:11] + Queries: 19.3M qps: 160 Slow: 1.0 Se/In/Up/De(%): 00/80/03/17 + qps now: 219 Slow qps: 0.0 Threads: 1 ( 1/ 16) 00/74/00/25 + Key Efficiency: 99.3% Bps in/out: 30.5k/162.8 Now in/out: 32.7k/ 3.3k + +The first line identifies the hostname of the server (localhost) and +the version of MySQL it is running. The right had side shows the +uptime of the MySQL server process in days+hours:minutes:seconds +format (much like FreeBSD's top) as well as the current time. + +The second line displays the total number of queries the server has +processed, the average number of queries per second, the number of +slow queries, and the percentage of Select, Insert, Update, and Delete +queries. + +The third real-time values. First is the number of queries per second, +then the number of slow queries, followed by query precentages (like +on the previous line). + +And the fourth line displays key buffer efficiency (how often keys are +read from the buffer rather than disk) and the number of bytes that +MySQL has sent and received, both over all and in the last cycle. + +You can toggle the header by hitting B when running B. + +The second part of the display lists as many threads as can fit on +screen. By default they are sorted according to their idle time (least +idle first). The display looks like: + + Id User Host Dbase Time Cmd Query or State + -- ---- ---- ----- ---- --- -------------- + 61 jzawodn localhost music 0 Query show processlist + +As you can see, the thread id, username, host from which the user is +connecting, database to which the user is connected, number of seconds +of idle time, the command the thread is executing, and the query info +are all displayed. + +Often times the query info is what you are really interested in, so it +is good to run B in an xterm that is wider than the normal 80 +columns if possible. + +The thread display color-codes the threads if you have installed color +support. The current color scheme only works well in a window with a +dark (like black) background. The colors are selected according to the +C column of the display: + + Query - Yellow + Sleep - White + Connect - Green + Slow - Bright + Long - Magenta + +Those are purely arbitrary and will be customizable in a future +release. If they annoy you just start B with the B<--nocolor> +flag or adjust your config file appropriately. + +=head2 Arguments + +B handles long and short command-line arguments. Not all +options have both long and short formats, however. The long arguments +have two dashes `--'. Short arguments only have one '-'. + +=over + +=item B<-u> or B<-user> username + +Username to use when logging in to the MySQL server. Default: ``root''. + +=item B<-p> or B<-pass> or B<-password> password + +Password to use when logging in to the MySQL server. Default: none. + +=item B<-h> or B<--host> hostname[:port] + +Hostname of the MySQL server. The hostname may be followed by an +option port number. Note that the port is specified separate from the +host when using a config file. Default: ``localhost''. + +=item B<--port> or B<-P> port + +If you're running MySQL on a non-standard port, use this to specify +the port number. Default: 3306. + +=item B<-s> or B<--delay> seconds + +How long between display refreshes. Default: 5 + +=item B<-d> or B<--db> or B<--database> database + +Use if you'd like B to connect to a specific database by +default. Default: ``test''. + +=item B<-b> or B<--batch> or B<--batchmode> + +In batch mode, mytop runs only once, does not clear the screen, and +places no limit on the number of lines it will print. This is suitable +for running periodically (perhaps from cron) to capture the +information into a file for later viewing. You might use batch mode in +a CGI script to occasionally display your MySQL server status on the +web. + +Default: unset. + +=item B<-S> or B<--socket> /path/to/socket + +If you're running B on the same host as MySQL, you may wish to +have it use the MySQL socket directly rather than a standard TCP/IP +connection. If you do,just specify one. + +Note that specifying a socket will make B ignore any host +and/or port that you might have specified. If the socket does not +exist (or the file specified is not a socket), this option will be +ignored and B will use the hostname and port number instead. + +Default: none. + +=item B<--header> or B<--noheader> + +Sepcify if you want the header to display or not. You can toggle this +with the B key while B is running. + +Default: header. + +=item B<--color> or B<--nocolor> + +Specify if you want a color display. This has no effect if you don't +have color support available. + +Default: If you have color support, B will try color unless you +tell it not to. + +=item B<-i> or B<--idle> or B<--noi> or B<--noidle> + +Specify if you want idle (sleeping) threads to appear in the list. If +sleeping threads are omitted, the default sorting order is reversed so +that the longest running queries appear at the top of the list. + +Default: idle. + +=item B<--prompt> or B<--noprompt> + +Specify if you want to be prompted to type in your database password. +This provides a little bit more security since it not only prevents +the password from viewable in a process list, but also doesn't require +the password to be stored in plain text in your ~/.mytop config file. +You will B be prompted if a password has not been specified in +your config file or through another command line option. + +Default: noprompt. + +=item B<--resolve> + +If you have skip-resolve set on MySQL (to keep it from doing a reverse +DNS lookup on each inbound connection), mytop can replace IP addresses +with hostnames but toggling this option. + +Default: noresolve + +=back + +Command-line arguments will always take precedence over config file +options. That happens because the config file is read I the +command-line arguments are applied. + +=head2 Config File + +Instead of always using bulky command-line parameters, you can also +use a config file in your home directory (C<~/.mytop>). If present, +B will read it automatically. It is read I any of your +command-line arguments are processed, so your command-line arguments +will override directives in the config file. + +Here is a sample config file C<~/.mytop> which implements the defaults +described above. + + user=root + pass= + host=localhost + db=test + delay=5 + port=3306 + slow=10 + socket= + batchmode=0 + header=1 + color=1 + idle=1 + long=120 + +Using a config file will help to ensure that your database password +isn't visible to users on the command-line. Just make sure that the +permissions on C<~/.mytop> are such that others cannot read it (unless +you want them to, of course). + +You may have white space on either side of the C<=> in lines of the +config file. + +=head2 Shortcut Keys + +The following keys perform various actions while B is +running. Those which have not been implemented are listed as +such. They are included to give the user idea of what is coming. + +=over + +=item B + +Display help. + +=item B + +Show "command counters" based on the Com_* values in SHOW STATUS. +This is a new feature. Feedback welcome. + +=item B + +Turn display color on and off. Default is on. + +=item B + +Show only threads connected to a particular database. + +=item B + +Given a thread id, display the entire query that thread was (and still +may be) running. + +=item B + +Disable all filtering (host, user, and db). + +=item B + +Only show queries from a particular host. + +=item B + +Toggle the header display. You can also specify either C or +C in your config file to set the default behavior. + +=item B + +Toggle the display of idle (sleeping) threads. If sleeping threads are +filtered, the default sorting order is reversed so that the longest +running queries appear at the top of the list. + +=item B + +Switch to InnoDB Status mode. The output of "SHOW INNODB STATUS" will +be displayed every cycle. In a future version, this may actually +summarize that data rather than producing raw output. + +=item B + +Kill a thread. + +=item B + +Toggle modes. Currently this switches from `top' mode to `qps' +(Queries Per Second Mode). In this mode, mytop will write out one +integer per second. The number written reflects the number of queries +executed by the server in the previous one second interval. + +More modes may be added in the future. + +=item B + +Reverse the default sort order. + +=item B

+ +Pause display. + +=item B + +Quit B + +=item B + +Reset the server's status counters via a I command. + +=item B + +Togle IP reverse lookup. Default is on. + +=item B + +Change the sleep time (number of seconds between display refreshes). + +=item B + +Set the number of seconds a query will need to run before it is +considered old and will be highlighted. + +=item B + +Show only threads owned by a giver user. + +=back + +The B key has a command-line counterpart: B<-s>. + +The B key has two command-line counterparts: B<-header> and +B<-noheader>. + +=head1 BUGS + +This is more of a BUGS + WishList. + +Some performance information is not available when talking to a +version 3.22.x MySQL server. Additional information (about threads +mostly) was added to the output of I in MySQL 3.23.x and +B makes use of it. If the information is not available, you +will simply see zeros where the real numbers should be. + +Simply running this program will increase your overall counters (such +as the number of queries run). But you may or may not view that as a +bug. + +B consumes too much CPU time when running (verified on older +versions of Linux and FreeBSD). It's likely a problem related to +Term::ReadKey. I haven't had time to investigate yet, so B now +automatically lowers its priority when you run it. You may also think +about running B on another workstation instead of your database +server. However, C on Solaris does B have this problem. +Newer versions of Linux and FreeBSD seem to have fixed this. + +You can't specify the maximum number of threads to list. If you have +many threads and a tall xterm, B will always try to display as +many as it can fit. + +The size of most of the columns in the display has a small maximum +width. If you have fairly long database/user/host names the display +may appear odd. I have no good idea as to how best to deal with that +yet. Suggestions are welcome. + +It'd be nice if you could just add B configuration directives +in your C file instead of having a separate config file. + +You should be able to specify the columns you'd like to see in the +display and the order in which they appear. If you only have one +username that connects to your database, it's probably not worth +having the User column appear, for example. + +=head1 AUTHOR + +mytop was developed and is maintained by Jeremy D. Zawodny +(Jeremy@Zawodny.com). + +If you wish to e-mail me regarding this software, B subscribe +to the B mailing list. See the B homepage for details. + +=head1 DISCLAIMER + +While I use this software in my job at Yahoo!, I am solely responsible +for it. Yahoo! does not necessarily support this software in any +way. It is merely a personal idea which happened to be very useful in +my job. + +=head1 RECRUITING + +If you hack Perl and grok MySQL, come work at Yahoo! Contact me for +details. Or just send me your resume. Er, unless we just had layoffs, +in which case we're not hiring. :-( + +=head1 SEE ALSO + +Please check the MySQL manual if you're not sure where some of the +output of B is coming from. + +=head1 COPYRIGHT + +Copyright (C) 2000-2010, Jeremy D. Zawodny. + +=head1 CREDITS + +Fix a bug. Add a feature. See your name here! + +Many thanks go to these fine folks: + +=over + +=item Mark Grennan (mark@grennan.com) www.linuxfangoy.com + +Added updates for MySQL 5.x. Added 'S' (slow) highlighting. +Added 'C' to turn on and off Color. Added 'l' command to change +color for long running queries. Fixed a few documentation issues. +Monitors Slave status. Added color to Queue hit ratio. +Added number of rows sorted per second. +Created release 1.7. + +=item Sami Ahlroos (sami@avis-net.de) + +Suggested the idle/noidle stuff. + +=item Jan Willamowius (jan@janhh.shnet.org) + +Mirnor bug report. Documentation fixes. + +=item Alex Osipov (alex@acky.net) + +Long command-line options, Unix socket support. + +=item Stephane Enten (tuf@grolier.fr) + +Suggested batch mode. + +=item Richard Ellerbrock (richarde@eskom.co.za) + +Bug reports and usability suggestions. + +=item William R. Mattil (wrm@newton.irngtx.tel.gte.com) + +Bug report about empty passwords not working. + +=item Benjamin Pflugmann (philemon@spin.de) + +Suggested -P command-line flag as well as other changes. + +=item Justin Mecham + +Suggested setting $0 to `mytop'. + +=item Thorsten Kunz + +Provided a fix for cases when we try remove the domain name from the +display even if it is actually an IP address. + +=item Sasha Pachev + +Provided the idea of real-time queries per second in the main display. + +=item Paul DuBois + +Pointed out some option-handling bugs. + +=item Mike Wexler + +Suggested that we don't mangle (normalize) whitespace in query info by +default. + +=item Mark Zweifel + +Make the --idle command-line argument negatable. + +=item Axel Schwenke + +Noticed the inccorect formula for query cache hit percentages in +version 1.2. + +=item Steven Roussey + +Supplied a patch to help filter binary junk in queries so that +terminals don't freak out. + +=item jon r. luini + +Supplied a patch that formed the basis for C<-prompt> support. Sean +Leach submitted a similar patch. + +=item Yogish Baliga + +Supplied a patch that formed the basis for C<-resolve> support. + +=item Per Andreas Buer + +Supplied an excellent patch to tidy up the top display. This includes +showing most values in short form, such as 10k rather than 10000. + +=back + +See the Changes file on the B distribution page for more +details on what has changed. + +=head1 LICENSE + +B is licensed under the GNU General Public License version +2. For the full license information, please visit +http://www.gnu.org/copyleft/gpl.html + +=cut + +__END__ diff --git a/mysql-oracle/handlers/main.yml b/mysql-oracle/handlers/main.yml new file mode 100644 index 00000000..7571ebc5 --- /dev/null +++ b/mysql-oracle/handlers/main.yml @@ -0,0 +1,21 @@ +--- +- name: restart munin-node + service: + name: munin-node + state: restarted + +- name: restart nagios-nrpe-server + service: + name: nagios-nrpe-server + state: restarted + +- name: restart mysql + service: + name: mysql + state: restarted + +- name: reload systemd + command: systemctl daemon-reload + +- name: Restart minifirewall + command: /etc/init.d/minifirewall restart diff --git a/mysql-oracle/meta/main.yml b/mysql-oracle/meta/main.yml new file mode 100644 index 00000000..8cb59054 --- /dev/null +++ b/mysql-oracle/meta/main.yml @@ -0,0 +1,20 @@ +galaxy_info: + author: Evolix + description: Install and configure MySQL 5.7 (with Oracle packages) + + issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues + + license: GPLv2 + + min_ansible_version: 2.2 + + platforms: + - name: Debian + versions: + - jessie + - stretch + +dependencies: [] + # List your role dependencies here, one per line. + # Be sure to remove the '[]' above if you add dependencies + # to this list. diff --git a/mysql-oracle/tasks/config.yml b/mysql-oracle/tasks/config.yml new file mode 100644 index 00000000..09131f92 --- /dev/null +++ b/mysql-oracle/tasks/config.yml @@ -0,0 +1,23 @@ +--- + +- name: "Copy MySQL defaults config file" + copy: + src: evolinux-defaults.cnf + dest: "/etc/mysql/conf.d/z-evolinux-defaults.cnf" + owner: root + group: root + mode: "0644" + force: yes + tags: + - mysql + +- name: "Copy MySQL custom config file" + template: + src: evolinux-custom.cnf.j2 + dest: "/etc/mysql/conf.d/zzz-evolinux-custom.cnf" + owner: root + group: root + mode: "0644" + force: no + tags: + - mysql diff --git a/mysql-oracle/tasks/datadir.yml b/mysql-oracle/tasks/datadir.yml new file mode 100644 index 00000000..28beb1ed --- /dev/null +++ b/mysql-oracle/tasks/datadir.yml @@ -0,0 +1,45 @@ +--- + +- block: + - name: "Is {{ mysql_custom_datadir }} present ?" + stat: + path: "{{ mysql_custom_datadir }}" + check_mode: no + register: mysql_custom_datadir_test + + - name: "read the real datadir" + command: readlink -f /var/lib/mysql + changed_when: False + check_mode: no + register: mysql_current_real_datadir_test + tags: + - mysql + when: mysql_custom_datadir != '' + +- block: + - name: MySQL is stopped + service: + name: mysql + state: stopped + + - name: Move MySQL datadir to {{ mysql_custom_datadir }} + command: mv {{ mysql_current_real_datadir_test.stdout }} {{ mysql_custom_datadir }} + args: + creates: "{{ mysql_custom_datadir }}" + + - name: Symlink {{ mysql_custom_datadir }} to /var/lib/mysql + file: + src: "{{ mysql_custom_datadir }}" + dest: '/var/lib/mysql' + state: link + + - name: MySQL is started + service: + name: mysql + state: started + tags: + - mysql + when: + - mysql_custom_datadir != '' + - mysql_custom_datadir != mysql_current_real_datadir_test.stdout + - not mysql_custom_datadir_test.stat.exists diff --git a/mysql-oracle/tasks/log2mail.yml b/mysql-oracle/tasks/log2mail.yml new file mode 100644 index 00000000..568b6649 --- /dev/null +++ b/mysql-oracle/tasks/log2mail.yml @@ -0,0 +1,22 @@ +--- + +- name: Is log2mail present ? + stat: + path: /etc/log2mail/config + check_mode: no + register: log2mail_config_dir + tags: + - mysql + - log2mail + +- name: Copy log2mail config + template: + src: log2mail.j2 + dest: /etc/log2mail/config/mysql.conf + owner: log2mail + group: adm + mode: "0640" + when: log2mail_config_dir.stat.exists + tags: + - mysql + - log2mail diff --git a/mysql-oracle/tasks/main.yml b/mysql-oracle/tasks/main.yml new file mode 100644 index 00000000..273960a9 --- /dev/null +++ b/mysql-oracle/tasks/main.yml @@ -0,0 +1,19 @@ +--- + +- include: packages.yml + +- include: users.yml + +- include: config.yml + +- include: datadir.yml + +- include: tmpdir.yml + +- include: nrpe.yml + +- include: munin.yml + +- include: log2mail.yml + +- include: utils.yml diff --git a/mysql-oracle/tasks/munin.yml b/mysql-oracle/tasks/munin.yml new file mode 100644 index 00000000..52b6eed4 --- /dev/null +++ b/mysql-oracle/tasks/munin.yml @@ -0,0 +1,64 @@ +--- + +- name: is Munin present ? + stat: + path: /etc/munin/plugin-conf.d/munin-node + check_mode: no + register: munin_node_plugins_config + tags: + - mysql + - munin + +- block: + - name: Install perl libraries for Munin + apt: + name: "{{ item }}" + state: present + with_items: + - libdbd-mysql-perl + - libcache-cache-perl + + - name: Enable core Munin plugins + file: + src: '/usr/share/munin/plugins/{{ item }}' + dest: /etc/munin/plugins/{{ item }} + state: link + with_items: + - mysql_bytes + - mysql_queries + - mysql_slowqueries + - mysql_threads + notify: restart munin-node + + - name: Enable contributed Munin plugins + file: + src: /usr/share/munin/plugins/mysql_ + dest: '/etc/munin/plugins/mysql_{{ item }}' + state: link + with_items: + - commands + - connections + - files_tables + - innodb_bpool + - innodb_bpool_act + - innodb_insert_buf + - innodb_io + - innodb_io_pend + - innodb_log + - innodb_rows + - innodb_semaphores + - myisam_indexes + - network_traffic + - qcache + - qcache_mem + - select_types + - slow + - sorts + - table_locks + - tmp_tables + notify: restart munin-node + + when: munin_node_plugins_config.stat.exists + tags: + - mysql + - munin diff --git a/mysql-oracle/tasks/nrpe.yml b/mysql-oracle/tasks/nrpe.yml new file mode 100644 index 00000000..c02fc007 --- /dev/null +++ b/mysql-oracle/tasks/nrpe.yml @@ -0,0 +1,55 @@ +--- + +- name: is NRPE present ? + stat: + path: /etc/nagios/nrpe.d/evolix.cfg + check_mode: no + register: nrpe_evolix_config + tags: + - mysql + - nrpe + +- name: NRPE user exists for MySQL ? + stat: + path: ~nagios/.my.cnf + check_mode: no + register: nrpe_my_cnf + tags: + - mysql + - nrpe + +- block: + - name: Create a password for NRPE + command: "apg -n 1 -m 16 -M lcN" + register: mysql_nrpe_password + check_mode: no + changed_when: False + + - name: Create nrpe user + mysql_user: + name: nrpe + password: '{{ mysql_nrpe_password.stdout }}' + priv: "*.*:REPLICATION CLIENT" + config_file: /root/.my.cnf + update_password: always + state: present + register: create_nrpe_user + + - name: Store credentials in nagios home + ini_file: + dest: "~nagios/.my.cnf" + owner: nagios + group: nagios + mode: "0600" + section: client + option: '{{ item.option }}' + value: '{{ item.value }}' + with_items: + - { option: 'user', value: 'nrpe' } + - { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' } + when: create_nrpe_user.changed + + when: nrpe_evolix_config.stat.exists and (not nrpe_my_cnf.stat.exists or mysql_force_new_nrpe_password) + tags: + - mysql + - nrpe diff --git a/mysql-oracle/tasks/packages.yml b/mysql-oracle/tasks/packages.yml new file mode 100644 index 00000000..76128f59 --- /dev/null +++ b/mysql-oracle/tasks/packages.yml @@ -0,0 +1,86 @@ +--- + +- name: MySQL APT config package is available + copy: + src: mysql-apt-config_0.8.9-1_all.deb + dest: /root/mysql-apt-config_0.8.9-1_all.deb + +- include_role: + name: remount-usr + +- name: MySQL APT config package is installed + apt: + deb: /root/mysql-apt-config_0.8.9-1_all.deb + state: installed + register: mysql_apt_config_deb + +- name: Open firewall for MySQL.com repository + replace: + name: /etc/default/minifirewall + regexp: "^(HTTPSITES='((?!(repo\\.mysql\\.com|0\\.0\\.0\\.0)).)*)'$" + replace: "\\1 repo.mysql.com'" + notify: Restart minifirewall + +- meta: flush_handlers + +- name: APT cache is up-to-date + apt: + update_cache: yes + when: mysql_apt_config_deb | changed + +- name: Install MySQL packages + apt: + name: '{{ item }}' + update_cache: yes + state: present + with_items: + - mysql-server + - mysql-client + - libmysqlclient20 + tags: + - mysql + - packages + +- include_role: + name: remount-usr + +- name: mysql-systemd-start scripts is installed + copy: + src: debian/mysql-systemd-start + dest: /usr/share/mysql/mysql-systemd-start + mode: "0755" + owner: root + group: root + force: yes + +- name: systemd unit is installed + copy: + src: debian/mysql-server-5.7.mysql.service + dest: /etc/systemd/system/mysql.service + mode: "0755" + owner: root + group: root + force: yes + register: mysql_systemd_unit + +# - name: systemd daemon is reloaded +# systemd: +# daemon_reload: yes +# when: mysql_systemd_unit | changed + +- name: MySQL is started + service: + name: mysql + daemon_reload: yes + state: started + tags: + - mysql + - services + +- name: apg package is installed + apt: + name: apg + state: present + tags: + - mysql + - packages diff --git a/mysql-oracle/tasks/tmpdir.yml b/mysql-oracle/tasks/tmpdir.yml new file mode 100644 index 00000000..2c2c0d91 --- /dev/null +++ b/mysql-oracle/tasks/tmpdir.yml @@ -0,0 +1,23 @@ +--- + +- block: + - name: "Create {{ mysql_custom_tmpdir }}" + file: + path: "{{ mysql_custom_tmpdir }}" + owner: mysql + group: mysql + mode: "0700" + state: directory + tags: + - mysql + + - name: Configure tmpdir + ini_file: + dest: "/etc/mysql/conf.d/zzz-evolinux-custom.cnf" + section: mysqld + option: tmpdir + value: "{{ mysql_custom_tmpdir }}" + notify: restart mysql + tags: + - mysql + when: mysql_custom_tmpdir != '' diff --git a/mysql-oracle/tasks/users.yml b/mysql-oracle/tasks/users.yml new file mode 100644 index 00000000..bab76418 --- /dev/null +++ b/mysql-oracle/tasks/users.yml @@ -0,0 +1,89 @@ +--- + +# dependency for mysql_user and mysql_db +- name: python-mysqldb is installed (Ansible dependency) + apt: + name: python-mysqldb + state: present + tags: + - mysql + +- name: create a password for mysqladmin + command: "apg -n 1 -m 16 -M lcN" + register: mysql_admin_password + changed_when: False + tags: + - mysql + +- name: there is a mysqladmin user + mysql_user: + name: mysqladmin + password: '{{ mysql_admin_password.stdout }}' + priv: "*.*:ALL,GRANT" + update_password: on_create + state: present + config_file: "/etc/mysql/debian.cnf" + register: create_mysqladmin_user + tags: + - mysql + +- name: mysqladmin is the default user + ini_file: + dest: /root/.my.cnf + mode: "0600" + section: client + option: '{{ item.option }}' + value: '{{ item.value }}' + create: yes + with_items: + - { option: 'user', value: 'mysqladmin' } + - { option: password, value: '{{ mysql_admin_password.stdout }}' } + when: create_mysqladmin_user | changed + tags: + - mysql + + +- name: create a password for debian-sys-maint + command: "apg -n 1 -m 16 -M lcN" + register: mysql_debian_password + changed_when: False + tags: + - mysql + +- name: there is a debian-sys-maint user + mysql_user: + name: debian-sys-maint + password: '{{ mysql_debian_password.stdout }}' + priv: "*.*:ALL,GRANT" + update_password: on_create + state: present + config_file: "/root/.my.cnf" + register: create_debian_user + tags: + - mysql + +- name: store debian-sys-maint user credentials + ini_file: + dest: /etc/mysql/debian.cnf + mode: "0600" + section: "{{ item[0] }}" + option: '{{ item[1].option }}' + value: '{{ item[1].value }}' + create: yes + with_nested: + - [ "client", "mysql_upgrade" ] + - [ { option: 'user', value: 'debian-sys-maint' }, + { option: password, value: '{{ mysql_debian_password.stdout }}' } + ] + when: create_debian_user | changed + tags: + - mysql + +- name: remove root user + mysql_user: + name: root + host_all: yes + config_file: "/root/.my.cnf" + state: absent + tags: + - mysql diff --git a/mysql-oracle/tasks/utils.yml b/mysql-oracle/tasks/utils.yml new file mode 100644 index 00000000..c5979ede --- /dev/null +++ b/mysql-oracle/tasks/utils.yml @@ -0,0 +1,198 @@ +--- + +- include_role: + name: remount-usr + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + +- name: Scripts directory exists + file: + dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}" + mode: "0700" + state: directory + tags: + - mysql + +# mytop + +- name: "mytop is installed (jessie)" + apt: + name: mytop + state: present + tags: + - packages + - mytop + - mysql + when: ansible_distribution_release == "jessie" + +# - name: "mysql-utilities are installed (Debian 9 or later)" +# apt: +# name: "{{ item }}" +# with_items: +# - mysql-utilities +# when: ansible_distribution_major_version | version_compare('9', '>=') + +- name: "mytop dependencies are installed (Debian 9 or later)" + apt: + name: "{{ item }}" + with_items: + - libconfig-inifiles-perl + - libdbd-mysql-perl + - libdbi-perl + - libterm-readkey-perl + - libtime-hires-perl + tags: + - packages + - mytop + - mysql + when: ansible_distribution_major_version | version_compare('9', '>=') + +- include_role: + name: remount-usr + tags: + - mytop + - mysql + +- name: "mytop is installed (Debian 9 or later)" + copy: + src: mytop + dest: /usr/local/bin/mytop + mode: "0755" + owner: root + group: staff + force: yes + tags: + - mytop + - mysql + when: ansible_distribution_major_version | version_compare('9', '>=') + +- name: Read debian-sys-maint password + shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3' + register: mysql_debian_password + changed_when: False + check_mode: no + tags: + - mytop + - mysql + +- name: mytop configuration is copied + template: + src: mytop-config.j2 + dest: /root/.mytop + mode: "0600" + force: yes + tags: + - mytop + - mysql + +# mysqltuner + +- include_role: + name: remount-usr + tags: + - mysql + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + +- name: mysqltuner is installed + # copy: + # src: mysqltuner.pl + # dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl" + # mode: "0700" + apt: + name: mysqltuner + state: present + tags: + - mysql + - mysqltuner + +- name: aha is installed + apt: + name: aha + tags: + - mysql + +# automatic optimizations + +- include_role: + name: remount-usr + tags: + - mysql + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + +- name: mysql-optimize.sh is installed + copy: + src: mysql-optimize.sh + dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh" + mode: "0700" + tags: + - mysql + +- name: "Cron dir for optimize is present" + file: + path: "/etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}" + state: directory + mode: "0755" + owner: root + group: root + tags: + - mysql + +- name: "Enable cron to optimize MySQL" + file: + src: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh" + dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh + state: link + when: mysql_cron_optimize | bool + tags: + - mysql + +- name: "Disable cron to optimize MySQL" + file: + dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh + state: absent + when: not (mysql_cron_optimize | bool) + tags: + - mysql + +- name: "Cron dir for mysqltuner is present" + file: + path: "/etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}" + state: directory + mode: "0755" + owner: root + group: root + tags: + - mysql + - mysqltuner + +- name: "Enable mysqltuner in cron" + copy: + src: mysqltuner.cron.sh + dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh + mode: "0700" + when: mysql_cron_mysqltuner | bool + tags: + - mysql + - mysqltuner + +- name: "Disable mysqltuner in cron" + file: + dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh + state: absent + when: not (mysql_cron_mysqltuner | bool) + tags: + - mysql + - mysqltuner + +# my-add.sh + +- include_role: + name: remount-usr + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + +- name: Install my-add.sh + copy: + src: my-add.sh + dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh" + mode: "0700" + tags: + - mysql diff --git a/mysql-oracle/templates/evolinux-custom.cnf.j2 b/mysql-oracle/templates/evolinux-custom.cnf.j2 new file mode 100644 index 00000000..fa818eaf --- /dev/null +++ b/mysql-oracle/templates/evolinux-custom.cnf.j2 @@ -0,0 +1,4 @@ +[mysqld] +#bind-address = 0.0.0.0 +thread_cache_size = {{ mysql_thread_cache_size }} +innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }} diff --git a/mysql-oracle/templates/log2mail.j2 b/mysql-oracle/templates/log2mail.j2 new file mode 100644 index 00000000..8a1ad3c3 --- /dev/null +++ b/mysql-oracle/templates/log2mail.j2 @@ -0,0 +1,29 @@ +file = /var/log/syslog +pattern = "is marked as crashed and should be repaired" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "init function returned error" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "try to repair it" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "InnoDB: Fatal error" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "as a STORAGE ENGINE failed" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "The total blob data length" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail diff --git a/mysql-oracle/templates/mytop-config.j2 b/mysql-oracle/templates/mytop-config.j2 new file mode 100644 index 00000000..507ab99d --- /dev/null +++ b/mysql-oracle/templates/mytop-config.j2 @@ -0,0 +1,3 @@ +user = debian-sys-maint +pass = {{ mysql_debian_password.stdout }} +db = mysql diff --git a/mysql-oracle/tests/test.yml b/mysql-oracle/tests/test.yml new file mode 100644 index 00000000..d75783bf --- /dev/null +++ b/mysql-oracle/tests/test.yml @@ -0,0 +1,4 @@ +--- +- hosts: test-kitchen + roles: + - role: mysql-oracle diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index a6fc307c..114f614b 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -1,5 +1,9 @@ --- +- include_role: + name: remount-usr + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + - name: Ensure scripts directory exists file: dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}" @@ -74,7 +78,7 @@ # automatic optimizations - include_role: - name: remount-usr + name: remount-usr when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") - name: Optimize script for MySQL @@ -122,6 +126,7 @@ copy: src: mysqltuner.cron.sh dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh + mode: "0700" when: mysql_cron_mysqltuner tags: - mysql diff --git a/nagios-nrpe/files/plugins/check_ftp_login.pl b/nagios-nrpe/files/plugins/check_ftp_login.pl old mode 100644 new mode 100755 diff --git a/nagios-nrpe/files/plugins/check_http_many b/nagios-nrpe/files/plugins/check_http_many old mode 100644 new mode 100755 diff --git a/nagios-nrpe/files/plugins/check_open_files b/nagios-nrpe/files/plugins/check_open_files new file mode 100755 index 00000000..33e52744 --- /dev/null +++ b/nagios-nrpe/files/plugins/check_open_files @@ -0,0 +1,25 @@ +#!/bin/bash + +exitCode=0 + +for user in $(getent passwd | grep -ve root -e www-data | cut -d: -f1); do + openFiles=$(lsof -n -u "$user" | wc -l) + if [[ $openFiles -ge 3200 ]]; then + echo "CRITICAL: $user has more than 3200 files opened!" + exitCode=2 + elif [[ $openFiles -ge 2000 ]]; then + echo "WARNING: $user has more than 2000 files opened!" + if [[ $exitCode -ne 2 ]]; then + exitCode=1 + fi + fi +done + +if [[ $exitCode -eq 1 || $exitCode -eq 2 ]]; then + exit $exitCode +else + echo "OK" + exit 0 +fi + + diff --git a/nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh b/nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh new file mode 100644 index 00000000..59619030 --- /dev/null +++ b/nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# timestamp modulo 1 day. +time=$(($(date +"%s") %86400)) + +# pour trouver les valeurs : prendre l'heure en *UTC* +# et faire H * 3600 + M * 60 + S +if [ $time -ge 7200 ] && [ $time -lt 10800 ]; then + echo "In excluded time slot." + exit 0 +else + $@ + exit $? +fi diff --git a/nagios-nrpe/files/plugins_bsd/check_carp_if b/nagios-nrpe/files/plugins_bsd/check_carp_if deleted file mode 100755 index 3fe1dc54..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_carp_if +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2012, Claudiu Vasadi -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, this -# list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR -# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# The views and conclusions contained in the software and documentation are those -# of the authors and should not be interpreted as representing official policies, -# either expressed or implied, of the FreeBSD Project. - - -# -# Script to check the state (master/backup) of a carp internface -# $1 - carp if -# $2 - state -# - -. /usr/local/libexec/nagios/utils.sh - -# check if $1 and $2 is set -if [ -z "$1" ];then - echo "carp interface not set. Exiting ..." - exit "$STATE_CRITICAL" -fi - -if [ -z "$2" ];then - echo "Interface status not set. Exiting ..." - exit "$STATE_CRITICAL" -fi - -# check if the carp interface exists or not -ifconfig $1 > /dev/null -if [ $? != "0" ];then - echo "carp interface $1 does not exist. Exiting ...." - exit "$STATE_CRITICAL" -fi - -# check state -ifconfig $1 | grep -i $2 > /dev/null -if [ $? != "0" ];then - echo "NOT_OK - $1 should be $2" - exit "$STATE_CRITICAL" -else - echo "OK - $1 is $2" - exit "$STATE_OK" -fi diff --git a/nagios-nrpe/files/plugins_bsd/check_free_mem.sh b/nagios-nrpe/files/plugins_bsd/check_free_mem.sh deleted file mode 100755 index f0b79c8a..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_free_mem.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/bin/ksh - -################################################################################ -# Sample Nagios plugin to monitor free memory on the local machine # -# Author: Daniele Mazzocchio (http://www.kernel-panic.it/) # -################################################################################ - -VERSION="Version 1.0" -AUTHOR="(c) 2007-2009 Daniele Mazzocchio (danix@kernel-panic.it)" - -PROGNAME=`/usr/bin/basename $0` - -# Constants -BYTES_IN_MB=$(( 1024 * 1024 )) -KB_IN_MB=1024 - -# Exit codes -STATE_OK=0 -STATE_WARNING=1 -STATE_CRITICAL=2 -STATE_UNKNOWN=3 - -# Helper functions ############################################################# - -function print_revision { - # Print the revision number - echo "$PROGNAME - $VERSION" -} - -function print_usage { - # Print a short usage statement - echo "Usage: $PROGNAME [-v] -w -c " -} - -function print_help { - # Print detailed help information - print_revision - echo "$AUTHOR\n\nCheck free memory on local machine\n" - print_usage - - /bin/cat <<__EOT - -Options: --h - Print detailed help screen --V - Print version information - --w INTEGER - Exit with WARNING status if less than INTEGER MB of memory are free --w PERCENT% - Exit with WARNING status if less than PERCENT of memory is free --c INTEGER - Exit with CRITICAL status if less than INTEGER MB of memory are free --c PERCENT% - Exit with CRITICAL status if less than PERCENT of memory is free --v - Verbose output -__EOT -} - -# Main ######################################################################### - -# Total memory size (in MB) -tot_mem=$(( `/sbin/sysctl -n hw.physmem` / BYTES_IN_MB)) -# Free memory size (in MB) -free_mem=$(/usr/bin/vmstat | /usr/bin/tail -1 | /usr/bin/awk '{ print $4 }' | tr -d 'M') -# Free memory size (in percentage) -free_mem_perc=$(( free_mem * 100 / tot_mem )) - -# Verbosity level -verbosity=0 -# Warning threshold -thresh_warn= -# Critical threshold -thresh_crit= - -# Parse command line options -while [ "$1" ]; do - case "$1" in - -h | --help) - print_help - exit $STATE_OK - ;; - -V | --version) - print_revision - exit $STATE_OK - ;; - -v | --verbose) - : $(( verbosity++ )) - shift - ;; - -w | --warning | -c | --critical) - if [[ -z "$2" || "$2" = -* ]]; then - # Threshold not provided - echo "$PROGNAME: Option '$1' requires an argument" - print_usage - exit $STATE_UNKNOWN - elif [[ "$2" = +([0-9]) ]]; then - # Threshold is a number (MB) - thresh=$2 - elif [[ "$2" = +([0-9])% ]]; then - # Threshold is a percentage - thresh=$(( tot_mem * ${2%\%} / 100 )) - else - # Threshold is neither a number nor a percentage - echo "$PROGNAME: Threshold must be integer or percentage" - print_usage - exit $STATE_UNKNOWN - fi - [[ "$1" = *-w* ]] && thresh_warn=$thresh || thresh_crit=$thresh - shift 2 - ;; - -?) - print_usage - exit $STATE_OK - ;; - *) - echo "$PROGNAME: Invalid option '$1'" - print_usage - exit $STATE_UNKNOWN - ;; - esac -done - -if [[ -z "$thresh_warn" || -z "$thresh_crit" ]]; then - # One or both thresholds were not specified - echo "$PROGNAME: Threshold not set" - print_usage - exit $STATE_UNKNOWN -elif [[ "$thresh_crit" -gt "$thresh_warn" ]]; then - # The warning threshold must be greater than the critical threshold - echo "$PROGNAME: Warning free space should be more than critical free space" - print_usage - exit $STATE_UNKNOWN -fi - -if [[ "$verbosity" -ge 2 ]]; then - # Print debugging information - /bin/cat <<__EOT -Debugging information: - Warning threshold: $thresh_warn MB - Critical threshold: $thresh_crit MB - Verbosity level: $verbosity - Total memory: $tot_mem MB - Free memory: $free_mem MB ($free_mem_perc%) -__EOT -fi - -if [[ "$free_mem" -lt "$thresh_crit" ]]; then - # Free memory is less than the critical threshold - echo "MEMORY CRITICAL - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)" - exit $STATE_CRITICAL -elif [[ "$free_mem" -lt "$thresh_warn" ]]; then - # Free memory is less than the warning threshold - echo "MEMORY WARNING - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)" - exit $STATE_WARNING -else - # There's enough free memory! - echo "MEMORY OK - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)" - exit $STATE_OK -fi diff --git a/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh b/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh deleted file mode 100755 index 4cdeaa94..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -IPSECCTL="/sbin/ipsecctl -s sa" -STATUS=0 - -LINE1=`$IPSECCTL | grep "from $1 to $2" ` -if [ $? -eq 1 ]; then - STATUS=2; - OUTPUT1="No VPN from $1 to $2 " -fi - -LINE2=`$IPSECCTL | grep "from $2 to $1" ` -if [ $? -eq 1 ]; then - STATUS=2; - OUTPUT2="No VPN from $2 to $1" -fi - -if [ $STATUS -eq 0 ]; then - echo "VPN OK - $3 is up" - exit $STATUS -else - echo "VPN DOWN - $3 is down ($OUTPUT1 $OUTPUT2)" - exit $STATUS -fi diff --git a/nagios-nrpe/files/plugins_bsd/check_openvpn b/nagios-nrpe/files/plugins_bsd/check_openvpn deleted file mode 100755 index 4ae14acd..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_openvpn +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -if netstat -an|grep '.1194' >/dev/null; then - echo "VPN OK" - return 0 -else - echo "PROCESS NOT LISTENING" - return 2 -fi diff --git a/nagios-nrpe/files/plugins_bsd/check_pf_states b/nagios-nrpe/files/plugins_bsd/check_pf_states deleted file mode 100755 index fa93e50f..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_pf_states +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -# Script writen by Evolix - -_WARNING_STATES_LIMIT=130000 -_CRTICAL_STATES_LIMIT=150000 - -. /usr/local/libexec/nagios/utils.sh - -_CHECK_STATES=$(/sbin/pfctl -si | /usr/bin/grep current | /usr/bin/sed s,\ current\ entries\ ,,g | /usr/bin/sed -e 's,^[ \t]*,,' | /usr/bin/sed 's, *$,,') - -if [ $_CHECK_STATES -lt $_WARNING_STATES_LIMIT ];then - echo "OK: States number ($_CHECK_STATES) is below threshold ($_WARNING_STATES_LIMIT / $_CRTICAL_STATES_LIMIT)" - exit "$STATE_OK" -elif [ $_CHECK_STATES -ge $_WARNING_STATES_LIMIT ] && [ $_CHECK_STATES -lt $_CRTICAL_STATES_LIMIT ];then - echo "WARNING: States number is $_CHECK_STATES (threshold WARNING = $_WARNING_STATES_LIMIT)" - exit "$_STATE_WARNING" -else - echo "CRITICAL: States number is $_CHECK_STATES (threshold CRITICAL = $_CRTICAL_STATES_LIMIT)" - exit "$_STATE_CRITICAL" -fi diff --git a/nagios-nrpe/templates/evolix.cfg.j2 b/nagios-nrpe/templates/evolix.cfg.j2 index 3d07600e..0be4e38e 100644 --- a/nagios-nrpe/templates/evolix.cfg.j2 +++ b/nagios-nrpe/templates/evolix.cfg.j2 @@ -66,6 +66,7 @@ command[check_glusterfs]={{ nagios_plugins_directory }}/check_glusterfs -v all - command[check_supervisord_status]={{ nagios_plugins_directory }}/check_supervisord command[check_varnish]={{ nagios_plugins_directory }}/check_varnish_health -i 127.0.0.1 -p 6082 -s /etc/varnish/secret -w 2 -c 4 command[check_haproxy]={{ nagios_plugins_directory }}/check_haproxy_stats -s /var/run/haproxy.sock -w 80 -c 90 +command[check_minifirewall]=sudo {{ nagios_plugins_directory }}/check_minifirewall # Check HTTP "many". Use this to check many websites (http, https, ports, sockets and SSL certificates). # Beware! All checks must not take more than 10s! diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml index 61700738..0591945d 100644 --- a/nginx/defaults/main.yml +++ b/nginx/defaults/main.yml @@ -3,6 +3,8 @@ nginx_minimal: False nginx_jessie_backports: False +nginx_package_name: "nginx-full" + nginx_default_ipaddr_whitelist_ips: [] nginx_additional_ipaddr_whitelist_ips: [] nginx_ipaddr_whitelist_present: "{{ nginx_default_ipaddr_whitelist_ips | union(nginx_additional_ipaddr_whitelist_ips) | unique }}" diff --git a/nginx/tasks/packages_jessie.yml b/nginx/tasks/packages_jessie.yml index 356b0b5e..25cc18ed 100644 --- a/nginx/tasks/packages_jessie.yml +++ b/nginx/tasks/packages_jessie.yml @@ -3,7 +3,7 @@ - name: Ensure Nginx is installed apt: - name: nginx-full + name: "{{ nginx_package_name }}" state: present notify: restart nginx tags: diff --git a/nginx/tasks/packages_stretch.yml b/nginx/tasks/packages_stretch.yml index 637cb044..565b9b1d 100644 --- a/nginx/tasks/packages_stretch.yml +++ b/nginx/tasks/packages_stretch.yml @@ -3,7 +3,7 @@ - name: Ensure Nginx is installed apt: - name: nginx-full + name: "{{ nginx_package_name }}" state: present notify: restart nginx tags: diff --git a/nginx/tasks/server_status.yml b/nginx/tasks/server_status.yml index 702d0082..4eeed7e7 100644 --- a/nginx/tasks/server_status.yml +++ b/nginx/tasks/server_status.yml @@ -29,6 +29,7 @@ - debug: var: nginx_serverstatus_suffix + verbosity: 1 - name: replace server-status suffix in default site index replace: diff --git a/nginx/templates/evolinux-default.conf.j2 b/nginx/templates/evolinux-default.conf.j2 index 8ea1bd88..eeffa686 100644 --- a/nginx/templates/evolinux-default.conf.j2 +++ b/nginx/templates/evolinux-default.conf.j2 @@ -1,12 +1,11 @@ server { - listen [::]:80; listen 80; server_name {{ ansible_fqdn }}; + return 301 https://{{ ansible_fqdn }}$request_uri; } server { - listen 443 ssl; # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 @@ -23,10 +22,12 @@ server { root /var/www; # Auth. + satisfy any; include /etc/nginx/snippets/ipaddr_whitelist; + deny all; + auth_basic "Reserved {{ ansible_fqdn }}"; auth_basic_user_file /etc/nginx/snippets/private_htpasswd; - satisfy any; location / { index index.html index.htm; diff --git a/nodejs/README.md b/nodejs/README.md index 8170f4ae..bd3ec15e 100644 --- a/nodejs/README.md +++ b/nodejs/README.md @@ -8,4 +8,4 @@ Everything is in the `tasks/main.yml` file. ## Variables -* `nodejs_apt_version`: version for the repository (default: `node_6.x`). +* `nodejs_apt_version`: version for the repository (default: `node_8.x`). diff --git a/nodejs/defaults/main.yml b/nodejs/defaults/main.yml index f51e88aa..bae84bfa 100644 --- a/nodejs/defaults/main.yml +++ b/nodejs/defaults/main.yml @@ -1,2 +1,3 @@ --- -nodejs_apt_version: 'node_6.x' +nodejs_apt_version: 'node_8.x' +nodejs_install_yarn: False diff --git a/nodejs/files/yarnpkg.gpg.key b/nodejs/files/yarnpkg.gpg.key new file mode 100644 index 00000000..800c737d --- /dev/null +++ b/nodejs/files/yarnpkg.gpg.key @@ -0,0 +1,152 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFf0j5oBEADS6cItqCbf4lOLICohq2aHqM5I1jsz3DC4ddIU5ONbKXP1t0wk +FEUPRzd6m80cTo7Q02Bw7enh4J6HvM5XVBSSGKENP6XAsiOZnY9nkXlcQAPFRnCn +CjEfoOPZ0cBKjn2IpIXXcC+7xh4p1yruBpOsCbT6BuzA+Nm9j4cpRjdRdWSSmdID +TyMZClmYm/NIfCPduYvNZxZXhW3QYeieP7HIonhZSHVu/jauEUyHLVsieUIvAOJI +cXYpwLlrw0yy4flHe1ORJzuA7EZ4eOWCuKf1PgowEnVSS7Qp7lksCuljtfXgWelB +XGJlAMD90mMbsNpQPF8ywQ2wjECM8Q6BGUcQuGMDBtFihobb+ufJxpUOm4uDt0y4 +zaw+MVSi+a56+zvY0VmMGVyJstldPAcUlFYBDsfC9+zpzyrAqRY+qFWOT2tj29R5 +ZNYvUUjEmA/kXPNIwmEr4oj7PVjSTUSpwoKamFFE6Bbha1bzIHpdPIRYc6cEulp3 +dTOWfp+Cniiblp9gwz3HeXOWu7npTTvJBnnyRSVtQgRnZrrtRt3oLZgmj2fpZFCE +g8VcnQOb0iFcIM7VlWL0QR4SOz36/GFyezZkGsMlJwIGjXkqGhcEHYVDpg0nMoq1 +qUvizxv4nKLanZ5jKrV2J8V09PbL+BERIi6QSeXhXQIui/HfV5wHXC6DywARAQAB +tBxZYXJuIFBhY2thZ2luZyA8eWFybkBkYW4uY3g+iQI5BBMBCAAjBQJX9I+aAhsD +BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQFkawG4blAxB52Q/9FcyGIEK2 +QamDhookuoUGGYjIeN+huQPWmc6mLPEKS2Vahk5jnJKVtAFiaqINiUtt/1jZuhF2 +bVGITvZK79kM6lg42xQcnhypzQPgkN7GQ/ApYqeKqCh1wV43KzT/CsJ9TrI0SC34 +qYHTEXXUprAuwQitgAJNi5QMdMtauCmpK+Xtl/72aetvL8jMFElOobeGwKgfLo9+ +We2EkKhSwyiy3W5TYI1UlV+evyyT+N0pmhRUSH6sJpzDnVYYPbCWa2b+0D/PHjXi +edKcely/NvqyVGoWZ+j41wkp5Q0wK2ybURS1ajfaKt0OcMhRf9XCfeXAQvU98mEk +FlfPaq0CXsjOy8eJXDeoc1dwxjDi2YbfHel0CafjrNp6qIFG9v3JxPUU19hG9lxD +Iv7VXftvMpjJCo/J4Qk+MOv7KsabgXg1iZHmllyyH3TY4AA4VA+mlceiiOHdXbKk +Q3BfS1jdXPV+2kBfqM4oWANArlrFTqtop8PPsDNqh/6SrVsthr7WTvC5q5h/Lmxy +Krm4Laf7JJMvdisfAsBbGZcR0Xv/Vw9cf2OIEzeOWbj5xul0kHT1vHhVNrBNanfe +t79RTDGESPbqz+bTS7olHWctl6TlwxA0/qKlI/PzXfOg63Nqy15woq9buca+uTcS +ccYO5au+g4Z70IEeQHsq5SC56qDR5/FvYyu5Ag0EV/SPmgEQANDSEMBKp6ER86y+ +udfKdSLP9gOv6hPsAgCHhcvBsks+ixeX9U9KkK7vj/1q6wodKf9oEbbdykHgIIB1 +lzY1l7u7/biAtQhTjdEZPh/dt3vjogrJblUEC0rt+fZe325ociocS4Bt9I75Ttkd +nWgkE4uOBJsSllpUbqfLBfYR58zz2Rz1pkBqRTkmJFetVNYErYi2tWbeJ59GjUN7 +w1K3GhxqbMbgx4dF5+rjGs+KI9k6jkGeeQHqhDk+FU70oLVLuH2Dmi9IFjklKmGa +3BU7VpNxvDwdoV7ttRYEBcBnPOmL24Sn4Xhe2MDCqgJwwyohd9rk8neV7GtavVea +Tv6bnzi1iJRgDld51HFWG8X+y55i5cYWaiXHdHOAG1+t35QUrczm9+sgkiKSk1II +TlEFsfwRl16NTCMGzjP5kGCm/W+yyyvBMw7CkENQcd23fMsdaQ/2UNYJau2PoRH/ +m+IoRehIcmE0npKeLVTDeZNCzpmfY18T542ibK49kdjZiK6G/VyBhIbWEFVu5Ll9 ++8GbcO9ucYaaeWkFS8Hg0FZafMk59VxKiICKLZ5he/C4f0UssXdyRYU6C5BH8UTC +QLg0z8mSSL+Wb2iFVPrn39Do7Zm8ry6LBCmfCf3pI99Q/1VaLDauorooJV3rQ5kC +JEiAeqQtLOvyoXIex1VbzlRUXmElABEBAAGJAh8EGAEIAAkFAlf0j5oCGwwACgkQ +FkawG4blAxAUUQ//afD0KLHjClHsA/dFiW+5qVzI8kPMHwO1QcUjeXrB6I3SluOT +rLSPhOsoS72yAaU9hFuq8g9ecmFrl3Skp/U4DHZXioEmozyZRp7eVsaHTewlfaOb +6g7+v52ktYdomcp3BM5v/pPZCnB5rLrH2KaUWbpY6V6tqtCHbF7zftDqcBENJDXf +hiCqS19J08GZFjDEqGDrEj3YEmEXZMN7PcXEISPIz6NYI6rw4yVH8AXfQW6vpPzm +ycHwI0QsVW2NQdcZ6zZt+phm6shNUbN2iDdg3BJICmIvQf8qhO3bOh0Bwc11FLHu +MKuGVxnWN82HyIsuUB7WDLBHEOtg61Zf1nAF1PQK52YuQz3EWI4LL9OqVqfSTY1J +jqIfj+u1PY2UHrxZfxlz1M8pXb1grozjKQ5aNqBKRrcMZNx71itR5rv18qGjGR2i +Sciu/xah7zAroEQrx72IjYt03tbk/007CvUlUqFIFB8kY1bbfX8JAA+TxelUniUR +2CY8eom5HnaPpKE3kGXZ0jWkudbWb7uuWcW1FE/bO+VtexpBL3SoXmwbVMGnJIEi +Uvy8m6ez0kzLXzJ/4K4b8bDO4NjFX2ocKdzLA89Z95KcZUxEG0O7kaDCu0x3BEge +uArJLecD5je2/2HXAdvkOAOUi6Gc/LiJrtInc0vUFsdqWCUK5Ao/MKvdMFW5Ag0E +V/SP2AEQALRcYv/hiv1n3VYuJbFnEfMkGwkdBYLGo3hiHKY8xrsFVePl9SkL8aqd +C310KUFNI42gGY/lz54RUHOqfMszTdafFrmwU18ECWGo4oG9qEutIKG7fkxcvk2M +tgsOMZFJqVDS1a9I4QTIkv1ellLBhVub9S7vhe/0jDjXs9IyOBpYQrpCXAm6SypC +fpqkDJ4qt/yFheATcm3s8ZVTsk2hiz2jnbqfvpte3hr3XArDjZXr3mGAp3YY9JFT +zVBOhyhT/92e6tURz8a/+IrMJzhSyIDel9L+2sHHo9E+fA3/h3lg2mo6EZmRTuvE +v9GXf5xeP5lSCDwS6YBXevJ8OSPlocC8Qm8ziww6dy/23XTxPg4YTkdf42i7VOpS +pa7EvBGne8YrmUzfbrxyAArK05lo56ZWb9ROgTnqM62wfvrCbEqSHidN3WQQEhMH +N7vtXeDPhAd8vaDhYBk4A/yWXIwgIbMczYf7Pl7oY3bXlQHb0KW/y7N3OZCr5mPW +94VLLH/v+T5R4DXaqTWeWtDGXLih7uXrG9vdlyrULEW+FDSpexKFUQe83a+Vkp6x +GX7FdMC9tNKYnPeRYqPF9UQEJg+MSbfkHSAJgky+bbacz+eqacLXMNCEk2LXFV1B +66u2EvSkGZiH7+6BNOar84I3qJrU7LBD7TmKBDHtnRr9JXrAxee3ABEBAAGJBEQE +GAEIAA8FAlf0j9gCGwIFCQHhM4ACKQkQFkawG4blAxDBXSAEGQEIAAYFAlf0j9gA +CgkQ0QH3iZ1B88PaoA//VuGdF5sjxRIOAOYqXypOD9/Kd7lYyxmtCwnvKdM7f8O5 +iD8oR2Pk1RhYHjpkfMRVjMkaLfxIRXfGQsWfKN2Zsa4zmTuNy7H6X26XW3rkFWpm +dECz1siGRvcpL6NvwLPIPQe7tST72q03u1H7bcyLGk0sTppgMoBND7yuaBTBZkAO +WizR+13x7FV+Y2j430Ft/DOe/NTc9dAlp6WmF5baOZClULfFzCTf9OcS2+bo68oP +gwWwnciJHSSLm6WRjsgoDxo5f3xBJs0ELKCr4jMwpSOTYqbDgEYOQTmHKkX8ZeQA +7mokc9guA0WK+DiGZis85lU95mneyJ2RuYcz6/VDwvT84ooe1swVkC2palDqBMwg +jZSTzbcUVqZRRnSDCe9jtpvF48WK4ZRiqtGO6Avzg1ZwMmWSr0zHQrLrUMTq/62W +KxLyj2oPxgptRg589hIwXVxJRWQjFijvK/xSjRMLgg73aNTq6Ojh98iyKAQ3HfzW +6iXBLLuGfvxflFednUSdWorr38MspcFvjFBOly+NDSjPHamNQ2h19iHLrYT7t4ve +nU9PvC+ORvXGxTN8mQR9btSdienQ8bBuU/mg/c417w6WbY7tkkqHqUuQC9LoaVdC +QFeE/SKGNe+wWN/EKi0QhXR9+UgWA41Gddi83Bk5deuTwbUeYkMDeUlOq3yyemcG +VxAA0PSktXnJgUj63+cdXu7ustVqzMjVJySCKSBtwJOge5aayonCNxz7KwoPO34m +Gdr9P4iJfc9kjawNV79aQ5aUH9uU2qFlbZOdO8pHOTjy4E+J0wbJb3VtzCJc1Eaa +83kZLFtJ45Fv2WQQ2Nv3Fo+yqAtkOkaBZv9Yq0UTaDkSYE9MMzHDVFx11TT21NZD +xu2QiIiqBcZfqJtIFHN5jONjwPG08xLAQKfUNROzclZ1h4XYUT+TWouopmpNeay5 +JSNcp5LsC2Rn0jSFuZGPJ1rBwB9vSFVA/GvOj8qEdfhjN3XbqPLVdOeChKuhlK0/ +sOLZZG91SHmT5SjP2zM6QKKSwNgHX4xZt4uugSZiY13+XqnrOGO9zRH8uumhsQmI +eFEdT27fsXTDTkWPI2zlHTltQjH1iebqqM9gfa2KUt671WyoL1yLhWrgePvDE+He +r002OslvvW6aAIIBki3FntPDqdIH89EEB4UEGqiA1eIZ6hGaQfinC7/IOkkm/mEa +qdeoI6NRS521/yf7i34NNj3IaL+rZQFbVWdbTEzAPtAs+bMJOHQXSGZeUUFrEQ/J +ael6aNg7mlr7cacmDwZWYLoCfY4w9GW6JHi6i63np8EA34CXecfor7cAX4XfaokB +XjyEkrnfV6OWYS7f01JJOcqYANhndxz1Ph8bxoRPelf5q+W5Ag0EWBU7dwEQAL1p +wH4prFMFMNV7MJPAwEug0Mxf3OsTBtCBnBYNvgFB+SFwKQLyDXUujuGQudjqQPCz +/09MOJPwGCOi0uA0BQScJ5JAfOq33qXi1iXCj9akeCfZXCOWtG3Izc3ofS6uee7K +fWUF1hNyA3PUwpRtM2pll+sQEO3y/EN7xYGUOM0mlCawrYGtxSNMlWBlMk/y5HK9 +upz+iHwUaEJ4PjV+P4YmDq0PnPvXE4qhTIvxx0kO5oZF0tAJCoTg1HE7o99/xq9Z +rejDR1JJj6btNw1YFQsRDLxRZv4rL9He10lmLhiQE8QN7zOWzyJbRP++tWY2d2zE +yFzvsOsGPbBqLDNkbb9d8Bfvp+udG13sHAEtRzI2UWe5SEdVHobAgu5l+m10WlsN +TG/L0gJe1eD1bwceWlnSrbqw+y+pam9YKWqdu18ETN6CeAbNo4w7honRkcRdZyoG +p9zZf3o1bGBBMla6RbLuJBoRDOy2Ql7B+Z87N0td6KlHI6X8fNbatbtsXR7qLUBP +5oRb6nXX4+DnTMDbvFpE2zxnkg+C354Tw5ysyHhM6abB2+zCXcZ3holeyxC+BUrO +gGPyLH/s01mg2zmttwC1UbkaGkQ6SwCoQoFEVq9Dp96B6PgZxhEw0GMrKRw53LoX +4rZif9Exv6qUFsGY8U9daEdDPF5UHYe7t/nPpfW3ABEBAAGJBEQEGAEIAA8CGwIF +AlokZSMFCQQWmKMCKcFdIAQZAQgABgUCWBU7dwAKCRBGwhMN/SSX9XKdD/4/dWSy +7h+ejbq8DuaX1vNXea79f+DNTUerJKpi/1nDOTajnXZnhCShP/yVF6kgbu8AVFDM ++fno/P++kx+IwNp/q2HGzzCm/jLeb6txAhAo7iw3fDAU89u8zzAahjp8Zq8iQsoo +hfLUGnNEaW0Z25/Rzb37Jy/NxxCnK5OtmThmXveQvIFLx8K34xlZ6MwyiUO64smI +dtdyLr492LciZpvJK1s2cliZLKu40dwseWAhvK6BOIBx1PLQGL/Pwx95jCNUDASR +fhvY3C27B5gvO6kE5O/RKpgKYF25k5uRLkscxn7liH0d+t3Ti4x07lwiLLQCwZ6F +NELdfJp5rtCT33es1wYTNfss0HUYHYFdKr0Vg9v6rR7B/yTwuv0TRYbR28M5olKR +IZ52B0DVDO9OCkACRVaxeWSxKFV/g1WyTE1QYNFo8t5EH4hX/mM76RGwW46DlOWS +fpyC7X4GfmAh+/SfL0rtN4Lr3uBFAhwrx1vW3xeJ2BIptGaxJgRpELLdz3HDb83s +MtT8mzeBXwVR3txmlpg36T96sx3J+osDugV34ctsDkO7/3vXIXz/oGh/zOmMH35A +9EgBGlxE4RxBfPT122XzBbwzSvT3Gmdr7QmTonEX6y0P3v6HOKRBcjFS0JePfmmz +1RJLG/Vy7PQxoV1YZbXc66C03htDYM2B6VtMNQkQFkawG4blAxCiVRAAhq/1L5Yl +smItiC6MROtPP+lfAWRmMSkoIuAtzkV/orqPetwWzjYLgApOvVXBuf9FdJ5vAx1I +XG3mDx6mQQWkr4t9onwCUuQ7lE29qmvCHB3FpKVJPKiGC6xK38t5dGAJtbUMZBQb +1vDuQ7new8dVLzBSH1VZ7gx9AT+WEptWznb1US1AbejO0uT8jsVc/McK4R3LQmVy +9+hbTYZFz1zCImuv9SCNZPSdLpDe41QxcMfKiW7XU4rshJULKd4HYG92KjeJU80z +gCyppOm85ENiMz91tPT7+A4O7XMlOaJEH8t/2SZGBE/dmHjSKcWIpJYrIZKXTrNv +7rSQGvweNG5alvCAvnrLJ2cRpU1Rziw7auEU1YiSse+hQ1ZBIzWhPMunIdnkL/BJ +unBTVE7hPMMG7alOLy5Z0ikNytVewasZlm/dj5tEsfvF7tisVTZWVjWCvEMTP5fe +cNMEAwbZdBDyQBAN00y7xp4Pwc/kPLuaqESyTTt8jGek/pe7/+6fu0GQmR2gZKGa +gAxeZEvXWrxSJp/q81XSQGcO6QYMff7VexY3ncdjSVLro+Z3ZtYt6aVIGAEEA5UE +341yCGIeN+nr27CXD4fHF28aPh+AJzYh+uVjQhHbL8agwcyCMLgU88u1U0tT5Qtj +wnw+w+3UNhROvn495REpeEwD60iVeiuF5FW5Ag0EWbWWowEQALCiEk5Ic40W7/v5 +hqYNjrRlxTE/1axOhhzt8eCB7eOeNOMQKwabYxqBceNmol/guzlnFqLtbaA6yZQk +zz/K3eNwWQg7CfXO3+p/dN0HtktPfdCk+kY/t7StKRjINW6S9xk9KshiukmdiDq8 +JKS0HgxqphBB3tDjmo6/RiaOEFMoUlXKSU+BYYpBpLKg53P8F/8nIsK2aZJyk8Xu +Bd0UXKI+N1gfCfzoDWnYHs73LQKcjrTaZQauT81J7+TeWoLI28vkVxyjvTXAyjSB +nhxTYfwUNGSoawEXyJ1uKCwhIpklxcCMI9Hykg7sKNsvmJ4uNcRJ7cSRfb0g5DR9 +dLhR+eEvFd+o4PblKk16AI48N8Zg1dLlJuV2cAtl0oBPk+tnbZukvkS5n1IzTSmi +iPIXvK2t506VtfFEw4iZrJWf2Q9//TszBM3r1FPATLH7EAeG5P8RV+ri7L7NvzP6 +ZQClRDUsxeimCSe8v/t0OpheCVMlM9TpVcKGMw8ig/WEodoLOP4iqBs4BKR7fuyd +jDqbU0k/sdJTltp7IIdK1e49POIQ7pt+SUrsq/HnPW4woLC1WjouBWyr2M7/a0Sl +dPidZ2BUAK7O9oXosidZMJT7dBp3eHrspY4bdkSxsd0nshj0ndtqNktxkrSFRkoF +pMz0J/M3Q93CjdHuTLpTHQEWjm/7ABEBAAGJBEQEGAEIAA8FAlm1lqMCGwIFCQJ2 +LQACKQkQFkawG4blAxDBXSAEGQEIAAYFAlm1lqMACgkQ4HTRbrb/TeMpDQ//eOIs +CWY2gYOGACw42JzMVvuTDrgRT4hMhgHCGeKzn1wFL1EsbSQV4Z6pYvnNayuEakgI +z14wf4UFs5u1ehfBwatmakSQJn32ANcAvI0INAkLEoqqy81mROjMc9FFrOkdqjcN +7yN0BzH9jNYL/gsvmOOwOu+dIH3C1Lgei844ZR1BZK1900mohuRwcji0sdROMcrK +rGjqd4yb6f7yl0wbdAxA3IHT3TFGczC7Y41P2OEpaJeVIZZgxkgQsJ14qK/QGpdK +vmZAQpjHBipeO/H+qxyOT5Y+f15VLWGOOVL090+ZdtF7h3m4X2+L7xWsFIgdOprf +O60gq3e79YFfgNBYU5BGtJGFGlJ0sGtnpzx5QCRka0j/1E5lIu00sW3WfGItFd48 +hW6wHCloyoi7pBR7xqSEoU/U5o7+nC8wHFrDYyqcyO9Q3mZDw4LvlgnyMOM+qLv/ +fNgO9USE4T30eSvc0t/5p1hCKNvyxHFghdRSJqn70bm6MQY+kd6+B/k62Oy8eCwR +t4PR+LQEIPnxN7xGuNpVO1oMyhhO41osYruMrodzw81icBRKYFlSuDOQ5jlcSajc +6TvF22y+VXy7nx1q/CN4tzB/ryUASU+vXS8/QNM6qI/QbbgBy7VtHqDbs2KHp4cP +0j9KYQzMrKwtRwfHqVrwFLkCp61EHwSlPsEFiglpMg/8DQ92O4beY0n7eSrilwEd +Jg89IeepTBm1QYiLM33qWLR9CABYAIiDG7qxviHozVfX6kUwbkntVpyHAXSbWrM3 +kD6jPs3u/dimLKVyd29AVrBSn9FC04EjtDWsj1KB7HrFN4oo9o0JLSnXeJb8FnPf +3MitaKltvj/kZhegozIs+zvpzuri0LvoB4fNA0T4eAmxkGkZBB+mjNCrUHIakyPZ +VzWGL0QGsfK1Q9jvw0OErqHJYX8A1wLre/HkBne+e5ezS6Mc7kFW33Y1arfbHFNA +e12juPsOxqK76qNilUbQpPtNvWP3FTpbkAdodMLq/gQ+M5yHwPe8SkpZ8wYCfcwE +emz/P+4QhQB8tbYbpcPxJ+aQjVjcHpsLdrlSY3JL/gqockR7+97GrCzqXbgvsqiW +r16Zyn6mxYWEHn9HXMh3b+2IYKFFXHffbIBq/mfibDnZtQBrZpn2uyh6F2ZuOsZh +0LTD7RL53KV3fi90nS00Gs1kbMkPycL1JLqvYQDpllE2oZ1dKDYkwivGyDQhRNfE +RL6JkjyiSxfZ2c84r2HPgnJTi/WBplloQkM+2NfXrBo6kLHSC6aBndRKk2UmUhrU +luGcQUyfzYRFH5kVueIYfDaBPus9gb+sjnViFRpqVjefwlXSJEDHWP3Cl2cuo2mJ +jeDghj400U6pjSUW3bIC/PI= +=gZNT +-----END PGP PUBLIC KEY BLOCK----- diff --git a/nodejs/tasks/main.yml b/nodejs/tasks/main.yml index dc024cbd..bad66d95 100644 --- a/nodejs/tasks/main.yml +++ b/nodejs/tasks/main.yml @@ -1,6 +1,5 @@ --- - - name: APT https transport is enabled apt: name: apt-transport-https @@ -9,16 +8,16 @@ - system - packages -- name: Node GPG key is installed +- name: NodeJS GPG key is installed apt_key: - #url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key + # url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key data: "{{ lookup('file', 'nodesource.gpg.key') }}" tags: - system - packages - nodejs -- name: Node sources list ({{ nodejs_apt_version }}) is available +- name: NodeJS sources list ({{ nodejs_apt_version }}) is available apt_repository: repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main" filename: nodesource @@ -29,10 +28,13 @@ - packages - nodejs -- name: Node is installed +- name: NodeJS is installed apt: name: nodejs state: present tags: - packages - nodejs + +- include: yarn.yml + when: nodejs_install_yarn diff --git a/nodejs/tasks/yarn.yml b/nodejs/tasks/yarn.yml new file mode 100644 index 00000000..47af5c50 --- /dev/null +++ b/nodejs/tasks/yarn.yml @@ -0,0 +1,32 @@ +--- + +- name: yarn GPG key is installed + apt_key: + # url: https://dl.yarnpkg.com/debian/pubkey.gpg + data: "{{ lookup('file', 'yarnpkg.gpg.key') }}" + tags: + - system + - packages + - nodejs + - yarn + +- name: yarn sources list is available + apt_repository: + repo: "deb https://dl.yarnpkg.com/debian/ stable main" + filename: yarn + update_cache: yes + state: present + tags: + - system + - packages + - nodejs + - yarn + +- name: yarn is installed + apt: + name: yarn + state: present + tags: + - packages + - nodejs + - yarn diff --git a/opendkim/files/opendkim-add.sh b/opendkim/files/opendkim-add.sh index a7da1ce0..fa663a59 100644 --- a/opendkim/files/opendkim-add.sh +++ b/opendkim/files/opendkim-add.sh @@ -1,5 +1,13 @@ #!/bin/sh + +dpkg -l |grep -e 'opendkim-tools' -e 'opendkim' -q + +if [ "$?" -ne 0 ]; then + echo "Require opendkim-tools and opendkim" + exit 1 +fi + if [ "$#" -ne 1 ]; then echo "Usage : $0 example.com" >&2 exit 1 diff --git a/opendkim/tasks/main.yml b/opendkim/tasks/main.yml index 8c81b686..7196ef46 100644 --- a/opendkim/tasks/main.yml +++ b/opendkim/tasks/main.yml @@ -62,7 +62,7 @@ systemd: name: opendkim state: started - enabled: True + enabled: True tags: - opendkim diff --git a/packweb-apache/README.md b/packweb-apache/README.md index 99e25da1..e99c285e 100644 --- a/packweb-apache/README.md +++ b/packweb-apache/README.md @@ -11,5 +11,6 @@ See `tasks/main.yml`. Main variables are : * `packweb_enable_evoadmin_vhost` : enable VirtualHost for evoadmin (web interface to create web accounts) +* `packweb_mysql_variant`: which Variant to use for MySQL (`debian` or `oracle`, default: `debian`) The full list of variables (with default values) can be found in `defaults/main.yml`. diff --git a/packweb-apache/defaults/main.yml b/packweb-apache/defaults/main.yml index 8282d081..7f79e90d 100644 --- a/packweb-apache/defaults/main.yml +++ b/packweb-apache/defaults/main.yml @@ -8,3 +8,5 @@ packweb_apache_modphp: True packweb_apache_fpm: False packweb_phpmyadmin_suffix: "" + +packweb_mysql_variant: "debian" diff --git a/packweb-apache/meta/main.yml b/packweb-apache/meta/main.yml index 914dbebb..47348f1a 100644 --- a/packweb-apache/meta/main.yml +++ b/packweb-apache/meta/main.yml @@ -16,4 +16,5 @@ galaxy_info: dependencies: - { role: squid, squid_localproxy_enable: True } - - mysql + - { role: mysql, when: packweb_mysql_variant == "debian" } + - { role: mysql-oracle, when: packweb_mysql_variant == "oracle" } diff --git a/php/tasks/fpm.yml b/php/tasks/fpm.yml index 06dc4202..6736f971 100644 --- a/php/tasks/fpm.yml +++ b/php/tasks/fpm.yml @@ -5,8 +5,8 @@ name: '{{ item }}' state: present with_items: - - php5-fpm - - php5 + - php5-fpm + - php5 when: ansible_distribution_release == "jessie" - name: "Install PHP FPM packages (Debian 9 or later)" @@ -14,8 +14,8 @@ name: '{{ item }}' state: present with_items: - - php-fpm - - php + - php-fpm + - php when: ansible_distribution_major_version | version_compare('9', '>=') - name: "Set config files for FPM (jessie)" @@ -43,12 +43,13 @@ mode: "0644" create: yes with_items: - - { option: "short_open_tag", value: "Off" } - - { option: "expose_php", value: "Off" } - - { option: "display_errors", value: "Off" } - - { option: "log_errors", value: "On" } - - { option: "html_errors", value: "Off" } - - { option: "allow_url_fopen", value: "Off" } + - { option: "short_open_tag", value: "Off" } + - { option: "expose_php", value: "Off" } + - { option: "display_errors", value: "Off" } + - { option: "log_errors", value: "On" } + - { option: "html_errors", value: "Off" } + - { option: "allow_url_fopen", value: "Off" } + notify: restart php-fpm - name: Disable PHP functions for FPM ini_file: @@ -56,6 +57,7 @@ section: PHP option: disable_functions value: "exec,shell-exec,system,passthru,putenv,popen" + notify: restart php-fpm - name: Custom php.ini for FPM copy: @@ -63,6 +65,7 @@ content: | ; Put customized values here. force: no + notify: restart php-fpm - name: Set default PHP FPM values ini_file: @@ -73,14 +76,15 @@ mode: "0644" create: yes with_items: - - { option: "pm", value: "ondemand" } - - { option: "pm.max_children", value: "100" } - - { option: "pm.process_idle_timeout", value: "10s" } - - { option: "slowlog", value: "log/$pool.log.slow" } - - { option: "request_slowlog_timeout", value: "5s" } - - { option: "pm.status_path", value: "/fpm_status" } - - { option: "request_terminate_timeout", value: "60s" } - - { option: "chroot", value: "/var/www/html" } + - { option: "pm", value: "ondemand" } + - { option: "pm.max_children", value: "100" } + - { option: "pm.process_idle_timeout", value: "10s" } + - { option: "slowlog", value: "log/$pool.log.slow" } + - { option: "request_slowlog_timeout", value: "5s" } + - { option: "pm.status_path", value: "/fpm_status" } + - { option: "request_terminate_timeout", value: "60s" } + - { option: "chroot", value: "/var/www/html" } + notify: restart php-fpm when: ansible_distribution_major_version | version_compare('9', '>=') - name: Custom PHP FPM values @@ -89,7 +93,9 @@ content: | ; Put customized values here. ; default_charset = "ISO-8859-1" + mode: "0644" force: no + notify: restart php-fpm - name: "Set custom values for PHP to enable Symfony" ini_file: @@ -99,6 +105,6 @@ value: "{{ item.value }}" mode: "0644" with_items: - - { option: "date.timezone", value: "Europe/Paris" } + - { option: "date.timezone", value: "Europe/Paris" } + notify: restart php-fpm when: php_symfony_requirements - diff --git a/postfix/tasks/common.yml b/postfix/tasks/common.yml new file mode 100644 index 00000000..08ee6a56 --- /dev/null +++ b/postfix/tasks/common.yml @@ -0,0 +1,22 @@ +--- + +- name: check if main.cf is default + shell: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -' + changed_when: False + check_mode: no + register: default_main_cf + tags: + - postfix + +- name: add lines in /etc/.gitignore + lineinfile: + dest: /etc/.gitignore + line: '{{ item }}' + state: present + create: no + with_items: + - "postfix/sa-blacklist.access" + - "postfix/*.db" + tags: + - postfix + - etc-git diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml index a1b5a424..0e0fff2d 100644 --- a/postfix/tasks/main.yml +++ b/postfix/tasks/main.yml @@ -1,11 +1,6 @@ --- -- name: check if main.cf is default - shell: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -' - changed_when: False - check_mode: no - register: default_main_cf - tags: - - postfix + +- include: common.yml - include: minimal.yml when: postfix_packmail == False diff --git a/postfix/templates/packmail_master.cf.j2 b/postfix/templates/packmail_master.cf.j2 index 7326cb35..50aeeec4 100644 --- a/postfix/templates/packmail_master.cf.j2 +++ b/postfix/templates/packmail_master.cf.j2 @@ -120,7 +120,7 @@ policyd-spf unix - n n - 0 spawn user=policyd-spf argv=/usr/bin/policyd-spf dovecot unix - n n - - pipe - flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} + flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -a ${recipient} -d ${user}@${nexthop} scan unix - - y - 10 smtp localhost:10026 inet n - y - 10 smtpd diff --git a/postgresql/tasks/config.yml b/postgresql/tasks/config.yml index 6a606165..128812af 100644 --- a/postgresql/tasks/config.yml +++ b/postgresql/tasks/config.yml @@ -15,7 +15,7 @@ - name: Copy PostgreSQL config file template: - src: postgresql.conf + src: postgresql.conf.j2 dest: "/etc/postgresql/{{postgresql_version}}/main/conf.d/evolinux.conf" owner: postgres group: postgres diff --git a/postgresql/tasks/pgdg-repo.yml b/postgresql/tasks/pgdg-repo.yml index ee42591e..489f8068 100644 --- a/postgresql/tasks/pgdg-repo.yml +++ b/postgresql/tasks/pgdg-repo.yml @@ -20,6 +20,6 @@ - name: Add APT preference file template: - src: postgresql.pref + src: postgresql.pref.j2 dest: /etc/apt/preferences.d/ mode: "0644" diff --git a/postgresql/templates/postgresql.conf b/postgresql/templates/postgresql.conf.j2 similarity index 100% rename from postgresql/templates/postgresql.conf rename to postgresql/templates/postgresql.conf.j2 diff --git a/postgresql/templates/postgresql.pref b/postgresql/templates/postgresql.pref.j2 similarity index 100% rename from postgresql/templates/postgresql.pref rename to postgresql/templates/postgresql.pref.j2 diff --git a/proftpd/README.md b/proftpd/README.md index 1fcb4910..dae8abef 100644 --- a/proftpd/README.md +++ b/proftpd/README.md @@ -16,3 +16,30 @@ Main variables are : * `proftpd_port` : port for the control socket (default: `21`) The full list of variables (with default values) can be found in `defaults/main.yml`. + +## Accounts management + +Proftpd accounts can be maintened with the `proftpd_accounts` var, it can be set in inventory/host_vars/inventory_hostname : + +~~~ +proftpd_accounts: +- { name: 'ftp1', home: '/srv/data/ftp1', uid: 116, gid: 65534 } +- { name: 'ftp2', home: '/srv/data/ftp2', uid: 116, gid: 65534 } +~~~ + +The password will be randomly generated and printed to the screen the first time you run the task. + +You can force is value by set the `password` field with the hashed version of your password. + +eg. for "test" password hashed with sha512 : + +~~~ +proftpd_accounts: +- { name: 'ftp1', home: '/srv/data/ftp1', uid: 116, gid: 65534, password: '$6$/Yy0b0No3GWh$3ZY1GZFI25eyQDBrANyHw.NFPqPqdg6sCi89nM/aNitmESZ2jGfROveS5xowy.WjX9tMC7.KPoabKPyxOpBJY0' } +~~~ + +For generate the sha512 version of yours password : + +~~~ +echo "test" | mkpasswd --method=sha-512 - +~~~ diff --git a/proftpd/defaults/main.yml b/proftpd/defaults/main.yml index 3dc9511c..8bba4c29 100644 --- a/proftpd/defaults/main.yml +++ b/proftpd/defaults/main.yml @@ -3,3 +3,5 @@ proftpd_hostname: "{{ ansible_hostname }}" proftpd_fqdn: "{{ ansible_fqdn }}" proftpd_default_address: [] proftpd_port: "21" +proftpd_accounts: [] +proftpd_accounts_final: [] diff --git a/proftpd/tasks/account.yml b/proftpd/tasks/account.yml index 7f3cbe58..a03fd1f1 100644 --- a/proftpd/tasks/account.yml +++ b/proftpd/tasks/account.yml @@ -65,7 +65,7 @@ dest: /etc/proftpd/conf.d/z-evolinux.conf state: present line: " AllowUser {{ proftpd_name }}" - insertbefore: "DenyAll" + insertbefore: "DenyAll" notify: restart proftpd tags: - proftpd diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml new file mode 100644 index 00000000..b1563eaf --- /dev/null +++ b/proftpd/tasks/accounts.yml @@ -0,0 +1,37 @@ +--- +- include: accounts_password.yml + when: item.password is undefined + with_items: "{{ proftpd_accounts }}" + tags: + - proftpd + +- set_fact: + proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}" + when: item.password is defined + with_items: "{{ proftpd_accounts }}" + tags: + - proftpd + +- name: Create FTP account + lineinfile: + dest: /etc/proftpd/vpasswd + state: present + create: yes + mode: "0440" + line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false" + regexp: "^{{ item.name }}:.*" + with_items: "{{ proftpd_accounts_final }}" + notify: restart proftpd + tags: + - proftpd + +- name: Allow FTP account + lineinfile: + dest: /etc/proftpd/conf.d/z-evolinux.conf + state: present + line: "\tAllowUser {{ item.name }}" + insertbefore: "DenyAll" + with_items: "{{ proftpd_accounts_final }}" + notify: restart proftpd + tags: + - proftpd diff --git a/proftpd/tasks/accounts_password.yml b/proftpd/tasks/accounts_password.yml new file mode 100644 index 00000000..01517083 --- /dev/null +++ b/proftpd/tasks/accounts_password.yml @@ -0,0 +1,42 @@ +--- +- name: Check if FTP account exist + command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd + failed_when: false + check_mode: no + changed_when: check_ftp_account.rc != 0 + register: check_ftp_account + +- block: + + - name: Get current FTP password + shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2 + register: protftpd_cur_password + check_mode: no + changed_when: false + + - name: Set password for this account + set_fact: + protftpd_password: "{{ protftpd_cur_password.stdout }}" + + when: check_ftp_account.rc == 0 + +- block: + + - name: Generate FTP password + command: "apg -n 1 -m 16 -M lcN" + register: proftpd_apg_password + check_mode: no + + - name: Print generated password + debug: + msg: "{{ proftpd_apg_password.stdout }}" + + - name: Hash generated password + set_fact: + protftpd_password: "{{ proftpd_apg_password.stdout | password_hash('sha512') }}" + + when: check_ftp_account.rc != 0 + +- name: Update proftpd_accounts with password + set_fact: + proftpd_accounts_final: "{{ proftpd_accounts_final + [ item | combine({ 'password': protftpd_password }) ] }}" diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml index a48c9836..5fe33dbb 100644 --- a/proftpd/tasks/main.yml +++ b/proftpd/tasks/main.yml @@ -55,3 +55,6 @@ notify: restart proftpd tags: - proftpd + +- include: accounts.yml + when: proftpd_accounts != "[]" diff --git a/rbenv/tasks/main.yml b/rbenv/tasks/main.yml index 7b680e83..aa914508 100644 --- a/rbenv/tasks/main.yml +++ b/rbenv/tasks/main.yml @@ -18,76 +18,106 @@ - rbenv - packages -- block: - - name: Rbenv repository is checked out for {{ username }} - git: - repo: '{{ rbenv_repo }}' - dest: '{{ rbenv_root }}' - version: '{{ rbenv_version }}' - accept_hostkey: yes - force: yes - - - name: plugins directory for {{ username }} - file: - path: '{{ rbenv_root }}/plugins' - state: directory - - - name: plugins are installed for {{ username }} - git: - repo: '{{ item.repo }}' - dest: '{{ rbenv_root }}/plugins/{{ item.name }}' - version: '{{ item.version }}' - accept_hostkey: yes - force: yes - with_items: - - "{{ rbenv_plugins }}" - - - name: Rbenv is initialized in profile for {{ username }} - blockinfile: - dest: '~{{ username }}/.profile' - block: | - export PATH="{{ rbenv_root }}/bin:$PATH" - eval "$(rbenv init -)" - marker: "# {mark} ANSIBLE MANAGED RBENV INIT" - - - name: default gems are installed for {{ username }} - copy: - src: default-gems - dest: '{{ rbenv_root }}/default-gems' - - - name: gemrc for {{ username }} - copy: - src: gemrc - dest: ~/.gemrc - - - name: is Ruby {{ rbenv_ruby_version }} available for {{ username }} ? - shell: /bin/bash -lc "rbenv versions | grep {{ rbenv_ruby_version }}" - args: - warn: no - failed_when: False - changed_when: False - register: ruby_installed - - - name: Ruby {{ rbenv_ruby_version }} is available for {{ username }} (be patient... could be long) - shell: /bin/bash -lc "TMPDIR=~/tmp rbenv install {{ rbenv_ruby_version }}" - args: - warn: no - when: ruby_installed.rc != 0 - - - name: is Ruby {{ rbenv_ruby_version }} selected for {{ username }} ? - shell: /bin/bash -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv_ruby_version }}'" - args: - warn: no - register: ruby_selected - changed_when: False - failed_when: False - - - name: select Ruby {{ rbenv_ruby_version }} for {{ username }} - shell: /bin/bash -lc "rbenv global {{ rbenv_ruby_version }} && rbenv rehash" - args: - warn: no - when: ruby_selected.rc != 0 +- name: gemrc for {{ username }} + copy: + src: gemrc + dest: "~{{ username }}/.gemrc" + owner: '{{ username }}' + group: '{{ username }}' +- name: Rbenv repository is checked out for {{ username }} + git: + repo: '{{ rbenv_repo }}' + dest: '{{ rbenv_root }}' + version: '{{ rbenv_version }}' + accept_hostkey: yes + force: yes + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: default gems are installed for {{ username }} + copy: + src: default-gems + dest: '{{ rbenv_root }}/default-gems' + owner: '{{ username }}' + group: '{{ username }}' + +- name: plugins directory for {{ username }} + file: + path: '{{ rbenv_root }}/plugins' + state: directory + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: plugins are installed for {{ username }} + git: + repo: '{{ item.repo }}' + dest: '{{ rbenv_root }}/plugins/{{ item.name }}' + version: '{{ item.version }}' + accept_hostkey: yes + force: yes + with_items: + - "{{ rbenv_plugins }}" + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: Rbenv is initialized in profile for {{ username }} + blockinfile: + dest: '~{{ username }}/.profile' + block: | + export PATH="{{ rbenv_root }}/bin:$PATH" + eval "$(rbenv init -)" + marker: "# {mark} ANSIBLE MANAGED RBENV INIT" + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: is Ruby {{ rbenv_ruby_version }} available for {{ username }} ? + shell: /bin/bash -lc "rbenv versions | grep {{ rbenv_ruby_version }}" + args: + warn: no + failed_when: False + changed_when: False + register: ruby_installed + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: Ruby {{ rbenv_ruby_version }} is available for {{ username }} (be patient... could be long) + shell: /bin/bash -lc "TMPDIR=~/tmp rbenv install {{ rbenv_ruby_version }}" + args: + warn: no + when: ruby_installed.rc != 0 + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: is Ruby {{ rbenv_ruby_version }} selected for {{ username }} ? + shell: /bin/bash -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv_ruby_version }}'" + args: + warn: no + register: ruby_selected + changed_when: False + failed_when: False + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: select Ruby {{ rbenv_ruby_version }} for {{ username }} + shell: /bin/bash -lc "rbenv global {{ rbenv_ruby_version }} && rbenv rehash" + args: + warn: no + when: ruby_selected.rc != 0 become_user: "{{ username }}" become: yes tags: diff --git a/redmine/tasks/main.yml b/redmine/tasks/main.yml index 5270a5aa..7864fa51 100644 --- a/redmine/tasks/main.yml +++ b/redmine/tasks/main.yml @@ -4,26 +4,26 @@ name: "{{ item }}" state: present with_items: - - libpam-systemd - - ruby - - ruby-dev - - bundler - - imagemagick - - git-core - - git-svn - - gcc - - build-essential - - libxml2-dev - - libxslt1-dev - - libssl-dev - - libmagickwand-dev - - libmagickcore-dev - - libmysqlclient-dev - - python-mysqldb + - libpam-systemd + - ruby + - ruby-dev + - bundler + - imagemagick + - git-core + - git-svn + - gcc + - build-essential + - libxml2-dev + - libxslt1-dev + - libssl-dev + - libmagickwand-dev + - libmagickcore-dev + - libmysqlclient-dev + - python-mysqldb tags: - - redmine + - redmine -#- name: +#- name: # lineinfile: # with_items: # - 'https://github.com/.*' @@ -38,7 +38,7 @@ dest: /etc/systemd/user/puma.service mode: "0644" tags: - - redmine + - redmine - name: Create puma config dir file: @@ -47,14 +47,14 @@ mode: "0755" owner: root tags: - - redmine + - redmine - name: Create redmine group group: name: "{{ redmine_user }}" state: present tags: - - redmine + - redmine - name: Add www-data to redmine group user: @@ -62,7 +62,7 @@ groups: "{{ redmine_user }}" append: yes tags: - - redmine + - redmine - name: Create redmine user user: @@ -73,7 +73,7 @@ home: "/home/{{ redmine_user }}" shell: /bin/bash tags: - - redmine + - redmine - name: Create required directory file: @@ -83,11 +83,11 @@ group: "{{ redmine_user }}" mode: "0750" with_items: - - "/home/{{ redmine_user }}" - - "/home/{{ redmine_user }}/files" - - "/home/{{ redmine_user }}/log" + - "/home/{{ redmine_user }}" + - "/home/{{ redmine_user }}/files" + - "/home/{{ redmine_user }}/log" tags: - - redmine + - redmine - name: Touch Nginx logs file file: @@ -98,10 +98,10 @@ mode: "0640" changed_when: false with_items: - - nginx_access.log - - nginx_error.log + - nginx_access.log + - nginx_error.log tags: - - redmine + - redmine - name: Enable systemd user mode command: "loginctl enable-linger {{ redmine_user }}" @@ -115,7 +115,7 @@ group: "{{ redmine_user }}" mode: "0640" tags: - - redmine + - redmine - name: Update or clone Redmine git git: @@ -125,9 +125,10 @@ umask: "027" update: yes become_user: "{{ redmine_user }}" + become: yes register: redmine_git_task tags: - - redmine + - redmine - name: Deploy custom Gemfile copy: @@ -137,6 +138,8 @@ group: "{{ redmine_user }}" mode: "0640" register: redmine_local_gemfile_task + tags: + - redmine - name: Get actual Mysql password shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'" @@ -145,7 +148,7 @@ changed_when: False failed_when: false tags: - - redmine + - redmine - name: Generate Mysql password shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)' @@ -160,7 +163,7 @@ set_fact: redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}" tags: - - redmine + - redmine - name: Create Mysql database mysql_db: @@ -168,7 +171,7 @@ config_file: "/root/.my.cnf" state: present tags: - - redmine + - redmine - name: Create Mysql user mysql_user: @@ -179,7 +182,7 @@ update_password: always state: present tags: - - redmine + - redmine - name: Store credentials in my.cnf ini_file: @@ -195,7 +198,7 @@ - { option: 'database', value: "{{ redmine_db_name }}" } - { option: 'password', value: '{{ redmine_db_pass }}' } tags: - - redmine + - redmine - name: Copy configurations file template: @@ -205,23 +208,23 @@ group: "{{ redmine_user }}" mode: "0640" with_items: - - 'configuration.yml' - - 'database.yml' - - 'additional_environment.rb' + - 'configuration.yml' + - 'database.yml' + - 'additional_environment.rb' tags: - - redmine + - redmine - name: Install Redmine plugins include: plugins.yml with_items: "{{ redmine_plugins }}" tags: - - redmine + - redmine - name: Install Redmine themes include: themes.yml with_items: "{{ redmine_themes }}" tags: - - redmine + - redmine - name: Update local gems with bundle bundler: @@ -230,14 +233,20 @@ gem_path: "/home/{{ redmine_user }}/.gems" user_install: yes become_user: "{{ redmine_user }}" + become: yes when: redmine_git_task.changed or redmine_local_gemfile_task.changed or redmine_plugin_install.changed + tags: + - redmine - name: Migrate database with rake shell: bundle exec rake -qf ~/www/Rakefile db:migrate become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes when: redmine_git_task.changed + tags: + - redmine - name: Populate Mysql database shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated @@ -246,13 +255,19 @@ become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes + tags: + - redmine - name: Migrate plugins shell: bundle exec rake -qf ~/www/Rakefile redmine:plugins:migrate become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes when: redmine_plugin_install.changed + tags: + - redmine - name: Generate secret token shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token @@ -261,8 +276,9 @@ become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes tags: - - redmine + - redmine - name: Copy puma config template: @@ -285,8 +301,9 @@ become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes tags: - - redmine + - redmine - name: Reload puma service systemd: @@ -297,4 +314,5 @@ become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes when: redmine_puma_config_task.changed diff --git a/redmine/tasks/plugins.yml b/redmine/tasks/plugins.yml index aacb2a27..479ffeaf 100644 --- a/redmine/tasks/plugins.yml +++ b/redmine/tasks/plugins.yml @@ -2,7 +2,7 @@ - name: Copy/Update plugin from archive unarchive: src: "{{ item.zip }}" - dest: "/home/{{ redmine_user }}/www/plugins/" + dest: "/home/{{ redmine_user }}/www/plugins/" remote_src: yes owner: "{{ redmine_user }}" group: "{{ redmine_user }}" @@ -17,10 +17,10 @@ version: "{{ item.tree | default('master') }}" register: redmine_plugin_install when: item.git is defined - + - name: Fix rights on plugin dir file: - path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}" + path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}" owner: "{{ redmine_user }}" group: "{{ redmine_user }}" mode: "u=rwX,g=rX,o=" diff --git a/redmine/tasks/themes.yml b/redmine/tasks/themes.yml index ea5046de..510e2038 100644 --- a/redmine/tasks/themes.yml +++ b/redmine/tasks/themes.yml @@ -2,7 +2,7 @@ - name: Copy/Update theme from archive unarchive: src: "{{ item.zip }}" - dest: "/home/{{ redmine_user }}/www/public/themes/" + dest: "/home/{{ redmine_user }}/www/public/themes/" remote_src: yes owner: "{{ redmine_user }}" group: "{{ redmine_user }}" @@ -15,10 +15,10 @@ dest: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" version: "{{ item.tree | default('master') }}" when: item.git is defined - + - name: Fix rights on theme dir file: - path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" + path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" owner: "{{ redmine_user }}" group: "{{ redmine_user }}" mode: "0750" diff --git a/squid/files/evolinux-whitelist-defaults.conf b/squid/files/evolinux-whitelist-defaults.conf index ada4fcdc..125eda7d 100644 --- a/squid/files/evolinux-whitelist-defaults.conf +++ b/squid/files/evolinux-whitelist-defaults.conf @@ -9,6 +9,7 @@ ^spamassassin\.apache\.org$ ^.*sa-update.*$ ^pear\.php\.net$ +^repo\.mysql\.com$ # Let's Encrypt ^.*\.letsencrypt.org$ diff --git a/squid/files/whitelist-evolinux.conf b/squid/files/whitelist-evolinux.conf index 10bcd779..5c22f4a7 100644 --- a/squid/files/whitelist-evolinux.conf +++ b/squid/files/whitelist-evolinux.conf @@ -9,6 +9,7 @@ http://.*clamav.net/.* http://spamassassin.apache.org/.* http://.*sa-update.* http://pear.php.net/.* +http://repo.mysql.com/.* # Let's Encrypt http://.*.letsencrypt.org/.* diff --git a/tomcat-instance/tasks/user.yml b/tomcat-instance/tasks/user.yml index 56fb76ff..2c9a634d 100644 --- a/tomcat-instance/tasks/user.yml +++ b/tomcat-instance/tasks/user.yml @@ -37,7 +37,7 @@ - name: Run newaliases command: newaliases - when: tomcat_instance_mail_alias | changed + when: tomcat_instance_mail_alias | changed - name: Enable sudo right lineinfile: diff --git a/webapps/evoadmin-mail/tasks/user.yml b/webapps/evoadmin-mail/tasks/user.yml index 5b267e72..5ec87f78 100644 --- a/webapps/evoadmin-mail/tasks/user.yml +++ b/webapps/evoadmin-mail/tasks/user.yml @@ -55,7 +55,7 @@ dest: "{{ evoadminmail_document_root }}/htdocs/config/connect.php" owner: "www-{{ evoadminmail_username }}" group: "{{ evoadminmail_username }}" - when: ldap_admin_password is defined + when: ldap_admin_password is defined - name: "Copy conf.php" template: diff --git a/webapps/evoadmin-web/tasks/main.yml b/webapps/evoadmin-web/tasks/main.yml index 185549aa..46c04f13 100644 --- a/webapps/evoadmin-web/tasks/main.yml +++ b/webapps/evoadmin-web/tasks/main.yml @@ -1,5 +1,9 @@ --- +- fail: + msg: Please configure var evoadmin_contact_email + when: evoadmin_contact_email is none + - include: packages.yml - include: user.yml @@ -18,4 +22,3 @@ marker: "" block: |

  • Interface admin web (EvoAdmin-web)
    • - diff --git a/webapps/wordpress/tasks/main.yml b/webapps/wordpress/tasks/main.yml index d8a4598b..6b6a67e2 100644 --- a/webapps/wordpress/tasks/main.yml +++ b/webapps/wordpress/tasks/main.yml @@ -28,7 +28,7 @@ changed_when: false - name: Read mysql config from .my.cnf - set_fact: + set_fact: db_host: "{{ lookup('ini', 'host section=client file=/tmp/wordpress-{{ ansible_user }}.cnf default=127.0.0.1') }}" db_user: "{{ lookup('ini', 'user section=client file=/tmp/wordpress-{{ ansible_user }}.cnf default={{ ansible_user }}') }}" db_pwd: "{{ lookup('ini', 'password section=client file=/tmp/wordpress-{{ ansible_user }}.cnf') }}" @@ -44,7 +44,7 @@ - name: Configure Wordpress (wp-config.php) shell: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}' args: - creates: "{{ ansible_env.HOME }}/www/wp-config.php" + creates: "{{ ansible_env.HOME }}/www/wp-config.php" - name: Configure site shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email' @@ -90,7 +90,7 @@ Votre nouveau site WordPress a bien été installé à l’adresse : http://{{ wordpress_host }} - + Vous pouvez vous y connecter en tant qu’administrateur avec les informations suivantes : Identifiant : admin