From 02fdbb91261ae194742dee1e15d1ca62564d6c7f Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sun, 4 Feb 2018 11:34:05 +0100 Subject: [PATCH 01/82] postgresql: use ".j2" extension for jinja templates --- postgresql/tasks/config.yml | 2 +- postgresql/tasks/pgdg-repo.yml | 2 +- postgresql/templates/{postgresql.conf => postgresql.conf.j2} | 0 postgresql/templates/{postgresql.pref => postgresql.pref.j2} | 0 4 files changed, 2 insertions(+), 2 deletions(-) rename postgresql/templates/{postgresql.conf => postgresql.conf.j2} (100%) rename postgresql/templates/{postgresql.pref => postgresql.pref.j2} (100%) diff --git a/postgresql/tasks/config.yml b/postgresql/tasks/config.yml index 6a606165..128812af 100644 --- a/postgresql/tasks/config.yml +++ b/postgresql/tasks/config.yml @@ -15,7 +15,7 @@ - name: Copy PostgreSQL config file template: - src: postgresql.conf + src: postgresql.conf.j2 dest: "/etc/postgresql/{{postgresql_version}}/main/conf.d/evolinux.conf" owner: postgres group: postgres diff --git a/postgresql/tasks/pgdg-repo.yml b/postgresql/tasks/pgdg-repo.yml index ee42591e..489f8068 100644 --- a/postgresql/tasks/pgdg-repo.yml +++ b/postgresql/tasks/pgdg-repo.yml @@ -20,6 +20,6 @@ - name: Add APT preference file template: - src: postgresql.pref + src: postgresql.pref.j2 dest: /etc/apt/preferences.d/ mode: "0644" diff --git a/postgresql/templates/postgresql.conf b/postgresql/templates/postgresql.conf.j2 similarity index 100% rename from postgresql/templates/postgresql.conf rename to postgresql/templates/postgresql.conf.j2 diff --git a/postgresql/templates/postgresql.pref b/postgresql/templates/postgresql.pref.j2 similarity index 100% rename from postgresql/templates/postgresql.pref rename to postgresql/templates/postgresql.pref.j2 From 8a498bb3a3ad90bbcf3714476ec589573414fce6 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sun, 4 Feb 2018 11:49:14 +0100 Subject: [PATCH 02/82] postfix: add lines in /etc/.gitignore --- CHANGELOG.md | 3 +++ postfix/tasks/common.yml | 22 ++++++++++++++++++++++ postfix/tasks/main.yml | 9 ++------- 3 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 postfix/tasks/common.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 4e44be54..82dedcab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,9 @@ The **patch** part changes incrmentally at each release. ## [Unreleased] +### Added +* postfix: add lines in /etc/.gitignore + ## [9.1.6] - 2018-02-02 ### Added diff --git a/postfix/tasks/common.yml b/postfix/tasks/common.yml new file mode 100644 index 00000000..08ee6a56 --- /dev/null +++ b/postfix/tasks/common.yml @@ -0,0 +1,22 @@ +--- + +- name: check if main.cf is default + shell: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -' + changed_when: False + check_mode: no + register: default_main_cf + tags: + - postfix + +- name: add lines in /etc/.gitignore + lineinfile: + dest: /etc/.gitignore + line: '{{ item }}' + state: present + create: no + with_items: + - "postfix/sa-blacklist.access" + - "postfix/*.db" + tags: + - postfix + - etc-git diff --git a/postfix/tasks/main.yml b/postfix/tasks/main.yml index a1b5a424..0e0fff2d 100644 --- a/postfix/tasks/main.yml +++ b/postfix/tasks/main.yml @@ -1,11 +1,6 @@ --- -- name: check if main.cf is default - shell: 'grep -v -E "^(myhostname|mydestination|mailbox_command)" /etc/postfix/main.cf | md5sum -' - changed_when: False - check_mode: no - register: default_main_cf - tags: - - postfix + +- include: common.yml - include: minimal.yml when: postfix_packmail == False From f9c06f3e47adb0d0ad7a7dab062a4b694466ca32 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Sun, 4 Feb 2018 16:42:10 +0100 Subject: [PATCH 03/82] etc-git: add postfix db files in default gitignore --- etc-git/files/gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/etc-git/files/gitignore b/etc-git/files/gitignore index b25f7ef9..89f524f6 100644 --- a/etc-git/files/gitignore +++ b/etc-git/files/gitignore @@ -1,2 +1,4 @@ aliases.db *.swp +postfix/sa-blacklist.access +postfix/*.db From 23062e7b18f048c925c2daeecc969b19321618a1 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 7 Feb 2018 17:36:04 +0100 Subject: [PATCH 04/82] elasticsearch: ES_TMPDIR variable for custom tmpdir --- CHANGELOG.md | 3 +++ elasticsearch/tasks/tmpdir.yml | 13 ++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 82dedcab..9bd8b65b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,9 @@ The **patch** part changes incrmentally at each release. ### Added * postfix: add lines in /etc/.gitignore +### Changed +* elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). + ## [9.1.6] - 2018-02-02 ### Added diff --git a/elasticsearch/tasks/tmpdir.yml b/elasticsearch/tasks/tmpdir.yml index b6bd445a..d7046f02 100644 --- a/elasticsearch/tasks/tmpdir.yml +++ b/elasticsearch/tasks/tmpdir.yml @@ -18,10 +18,21 @@ tags: - elasticsearch + - name: check if ES_TMPDIR is available + lineinfile: + dest: /etc/default/elasticsearch + line: "ES_TMPDIR={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + regexp: "^ES_TMPDIR=" + insertafter: "JAVA_HOME" + notify: + - restart elasticsearch + tags: + - elasticsearch + - name: change JVM tmpdir lineinfile: dest: /etc/elasticsearch/jvm.options - line: "-Djava.io.tmpdir={{ elasticsearch_custom_tmpdir or elasticsearch_default_tmpdir | mandatory }}" + line: "-Djava.io.tmpdir=${ES_TMPDIR}" regexp: "^-Djava.io.tmpdir=" insertafter: "## JVM configuration" notify: From c6d3b804d9ec6c7062fda5aed9b1de42f5955675 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 8 Feb 2018 11:10:30 +0100 Subject: [PATCH 05/82] nginx: fix basic auth for default vhost --- CHANGELOG.md | 3 +++ nginx/templates/evolinux-default.conf.j2 | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9bd8b65b..8b280d27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,9 @@ The **patch** part changes incrmentally at each release. ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). +### Fixed +* nginx: fix basic auth for default vhost + ## [9.1.6] - 2018-02-02 ### Added diff --git a/nginx/templates/evolinux-default.conf.j2 b/nginx/templates/evolinux-default.conf.j2 index 8ea1bd88..6d328455 100644 --- a/nginx/templates/evolinux-default.conf.j2 +++ b/nginx/templates/evolinux-default.conf.j2 @@ -23,10 +23,12 @@ server { root /var/www; # Auth. + satisfy any; include /etc/nginx/snippets/ipaddr_whitelist; + deny all; + auth_basic "Reserved {{ ansible_fqdn }}"; auth_basic_user_file /etc/nginx/snippets/private_htpasswd; - satisfy any; location / { index index.html index.htm; From 6cb1a5765a199478dddacd95785caff9548233a0 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 8 Feb 2018 11:10:38 +0100 Subject: [PATCH 06/82] whitespaces --- nginx/templates/evolinux-default.conf.j2 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/nginx/templates/evolinux-default.conf.j2 b/nginx/templates/evolinux-default.conf.j2 index 6d328455..eeffa686 100644 --- a/nginx/templates/evolinux-default.conf.j2 +++ b/nginx/templates/evolinux-default.conf.j2 @@ -1,12 +1,11 @@ server { - listen [::]:80; listen 80; server_name {{ ansible_fqdn }}; + return 301 https://{{ ansible_fqdn }}$request_uri; } server { - listen 443 ssl; # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 From c18b83d9740de0130f62e7d4453e1378225b23aa Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 8 Feb 2018 15:29:53 +0100 Subject: [PATCH 07/82] evolinux-users: deal with AllowGroups and AllowUsers differently --- evolinux-users/tasks/ssh.yml | 107 ++++++++++++++++++++--------------- 1 file changed, 61 insertions(+), 46 deletions(-) diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml index 8982dd6c..16cb1f30 100644 --- a/evolinux-users/tasks/ssh.yml +++ b/evolinux-users/tasks/ssh.yml @@ -26,57 +26,72 @@ loop_var: ssk_key when: user.ssh_keys is defined -# we must double-escape caracters, because python -- name: verify AllowUsers directive - shell: "grep -E '^AllowUsers' /etc/ssh/sshd_config" +- name: verify AllowGroups directive + shell: "grep -E '^AllowGroups' /etc/ssh/sshd_config" changed_when: False failed_when: False - register: grep_allowusers_ssh + register: grep_allowgroups_ssh check_mode: no -- name: "Add AllowUsers sshd directive for '{{ user.name }}'" - lineinfile: - dest: /etc/ssh/sshd_config - line: "\nAllowUsers {{ user.name }}" - insertafter: 'Subsystem' - validate: '/usr/sbin/sshd -T -f %s' - notify: reload sshd - when: grep_allowusers_ssh.rc != 0 + # If AllowGroups is present, we don't change +- debug: + msg: "AllowGroups detected : You have to configure SSH manually" + when: grep_allowgroups_ssh.rc == 0 -- name: "Modify AllowUsers sshd directive for '{{ user.name }}'" - replace: - dest: /etc/ssh/sshd_config - regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$' - replace: '\1 {{ user.name }}' - validate: '/usr/sbin/sshd -T -f %s' - notify: reload sshd - when: grep_allowusers_ssh.rc == 0 +- block: + # If AllowGroups is not present, we proceed as usual + - name: verify AllowUsers directive + shell: "grep -E '^AllowUsers' /etc/ssh/sshd_config" + changed_when: False + failed_when: False + register: grep_allowusers_ssh + check_mode: no -- name: "verify Match User directive" - command: "grep 'Match User' /etc/ssh/sshd_config" - changed_when: False - failed_when: False - register: grep_matchuser_ssh - check_mode: no + - name: "Add AllowUsers sshd directive for '{{ user.name }}'" + lineinfile: + dest: /etc/ssh/sshd_config + line: "\nAllowUsers {{ user.name }}" + insertafter: 'Subsystem' + validate: '/usr/sbin/sshd -T -f %s' + notify: reload sshd + when: grep_allowusers_ssh.rc != 0 -- name: "Add Match User sshd directive for '{{ user.name }}' (Jessie)" - lineinfile: - dest: /etc/ssh/sshd_config - line: "\nMatch User {{ user.name }}\n PasswordAuthentication no" - insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS" - validate: '/usr/sbin/sshd -T -f %s' - notify: reload sshd - when: - - ansible_distribution_release == "jessie" - - grep_matchuser_ssh.rc != 0 + - name: "Modify AllowUsers sshd directive for '{{ user.name }}'" + replace: + dest: /etc/ssh/sshd_config + regexp: '^(AllowUsers ((?!\b{{ user.name }}\b).)*)$' + replace: '\1 {{ user.name }}' + validate: '/usr/sbin/sshd -T -f %s' + notify: reload sshd + when: grep_allowusers_ssh.rc == 0 -- name: "Modify Match User's sshd directive for '{{ user.name }}' (Jessie)" - replace: - dest: /etc/ssh/sshd_config - regexp: '^(Match User ((?!{{ user.name }}).)*)$' - replace: '\1,{{ user.name }}' - validate: '/usr/sbin/sshd -T -f %s' - notify: reload sshd - when: - - ansible_distribution_release == "jessie" - - grep_matchuser_ssh.rc == 0 + - name: "verify Match User directive" + command: "grep 'Match User' /etc/ssh/sshd_config" + changed_when: False + failed_when: False + register: grep_matchuser_ssh + check_mode: no + + - name: "Add Match User sshd directive for '{{ user.name }}' (Jessie)" + lineinfile: + dest: /etc/ssh/sshd_config + line: "\nMatch User {{ user.name }}\n PasswordAuthentication no" + insertafter: "# END EVOLINUX PASSWORD RESTRICTIONS BY ADDRESS" + validate: '/usr/sbin/sshd -T -f %s' + notify: reload sshd + when: + - ansible_distribution_release == "jessie" + - grep_matchuser_ssh.rc != 0 + + - name: "Modify Match User's sshd directive for '{{ user.name }}' (Jessie)" + replace: + dest: /etc/ssh/sshd_config + regexp: '^(Match User ((?!{{ user.name }}).)*)$' + replace: '\1,{{ user.name }}' + validate: '/usr/sbin/sshd -T -f %s' + notify: reload sshd + when: + - ansible_distribution_release == "jessie" + - grep_matchuser_ssh.rc == 0 + + when: grep_allowgroups_ssh.rc != 0 From 097f73292272dda4338ee975982a8bb68f68218e Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 8 Feb 2018 15:32:52 +0100 Subject: [PATCH 08/82] evolinux-users: evomaintenance trap detection also with check_mode --- evolinux-users/tasks/profile.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/evolinux-users/tasks/profile.yml b/evolinux-users/tasks/profile.yml index 99af2512..177d7628 100644 --- a/evolinux-users/tasks/profile.yml +++ b/evolinux-users/tasks/profile.yml @@ -4,6 +4,7 @@ command: 'grep -q "trap.*sudo.*evomaintenance.sh"' changed_when: False failed_when: False + check_mode: no register: grep_profile_evomaintenance # Don't add the trap if it is present or commented From 2727a6dfa1eb8d8aea76dface67af865cc71ae90 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Tue, 13 Feb 2018 16:35:55 +0100 Subject: [PATCH 09/82] haproxy: add Munin graphes --- haproxy/defaults/main.yml | 2 +- haproxy/handlers/main.yml | 5 +++++ haproxy/tasks/main.yml | 1 + haproxy/tasks/munin.yml | 18 ++++++++++++++++++ haproxy/templates/munin.conf.j2 | 2 ++ 5 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 haproxy/tasks/munin.yml create mode 100644 haproxy/templates/munin.conf.j2 diff --git a/haproxy/defaults/main.yml b/haproxy/defaults/main.yml index ea4a8e38..31f054ab 100644 --- a/haproxy/defaults/main.yml +++ b/haproxy/defaults/main.yml @@ -1,3 +1,3 @@ --- - haproxy_jessie_backports: False +haproxy_stats_url: "http://127.0.0.1:8080/" diff --git a/haproxy/handlers/main.yml b/haproxy/handlers/main.yml index 55af4ec5..9cf3b9cb 100644 --- a/haproxy/handlers/main.yml +++ b/haproxy/handlers/main.yml @@ -8,3 +8,8 @@ service: name: haproxy state: restarted + +- name: restart munin-node + service: + name: munin-node + state: restarted diff --git a/haproxy/tasks/main.yml b/haproxy/tasks/main.yml index 054aec1a..37afe8df 100644 --- a/haproxy/tasks/main.yml +++ b/haproxy/tasks/main.yml @@ -34,3 +34,4 @@ - config - include: nagios.yml +- include: munin.yml diff --git a/haproxy/tasks/munin.yml b/haproxy/tasks/munin.yml new file mode 100644 index 00000000..4dacd11f --- /dev/null +++ b/haproxy/tasks/munin.yml @@ -0,0 +1,18 @@ +--- +- name: Enable Munin Haproxy plugins + file: + src: /usr/share/munin/plugins/haproxy_ng + dest: /etc/munin/plugins/haproxy_ng + state: link + notify: restart munin-node + tags: + - haproxy + +- name: Copy Munin Haproxy config + template: + src: munin.conf.j2 + dest: /etc/munin/plugin-conf.d/haproxy + mode: "0644" + notify: restart munin-node + tags: + - haproxy diff --git a/haproxy/templates/munin.conf.j2 b/haproxy/templates/munin.conf.j2 new file mode 100644 index 00000000..c7500521 --- /dev/null +++ b/haproxy/templates/munin.conf.j2 @@ -0,0 +1,2 @@ +[haproxy_*] +env.url {{ haproxy_stats_url }};csv;norefresh From cbf64417bfc53f7fa4aba469722caa9febd97a38 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Tue, 13 Feb 2018 16:49:24 +0100 Subject: [PATCH 10/82] haproxy: Munin plugin need a Debian Package --- haproxy/tasks/munin.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/haproxy/tasks/munin.yml b/haproxy/tasks/munin.yml index 4dacd11f..dcd96a10 100644 --- a/haproxy/tasks/munin.yml +++ b/haproxy/tasks/munin.yml @@ -1,8 +1,16 @@ --- +- name: Install Munin plugin + apt: + name: munin-plugins-extra + state: present + tags: + - haproxy + - name: Enable Munin Haproxy plugins file: src: /usr/share/munin/plugins/haproxy_ng dest: /etc/munin/plugins/haproxy_ng + force: yes state: link notify: restart munin-node tags: From df891f6aee75832fad8857c2e331d3b17e91c749 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Wed, 14 Feb 2018 14:10:00 +0100 Subject: [PATCH 11/82] haproxy: fix Munin plugin dependencies --- haproxy/tasks/munin.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/haproxy/tasks/munin.yml b/haproxy/tasks/munin.yml index dcd96a10..7d21db54 100644 --- a/haproxy/tasks/munin.yml +++ b/haproxy/tasks/munin.yml @@ -1,8 +1,11 @@ --- -- name: Install Munin plugin +- name: Install Munin plugin and dependencies apt: - name: munin-plugins-extra + name: "{{ item }}" state: present + with_items: + - munin-plugins-extra + - liblwp-useragent-determined-perl tags: - haproxy From 90a517af2dabb8e962cd9e2ec948d613e60edeb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Mon, 19 Feb 2018 14:17:53 +0100 Subject: [PATCH 12/82] Added a new nagios-nrpe plugin: check_open_files --- nagios-nrpe/files/plugins/check_open_files | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 nagios-nrpe/files/plugins/check_open_files diff --git a/nagios-nrpe/files/plugins/check_open_files b/nagios-nrpe/files/plugins/check_open_files new file mode 100644 index 00000000..33e52744 --- /dev/null +++ b/nagios-nrpe/files/plugins/check_open_files @@ -0,0 +1,25 @@ +#!/bin/bash + +exitCode=0 + +for user in $(getent passwd | grep -ve root -e www-data | cut -d: -f1); do + openFiles=$(lsof -n -u "$user" | wc -l) + if [[ $openFiles -ge 3200 ]]; then + echo "CRITICAL: $user has more than 3200 files opened!" + exitCode=2 + elif [[ $openFiles -ge 2000 ]]; then + echo "WARNING: $user has more than 2000 files opened!" + if [[ $exitCode -ne 2 ]]; then + exitCode=1 + fi + fi +done + +if [[ $exitCode -eq 1 || $exitCode -eq 2 ]]; then + exit $exitCode +else + echo "OK" + exit 0 +fi + + From 9bf70a57f436ea92354ae0913c156f46a15c2ecc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Mon, 19 Feb 2018 14:18:58 +0100 Subject: [PATCH 13/82] Set +x on theses executables plugins --- nagios-nrpe/files/plugins/check_ftp_login.pl | 0 nagios-nrpe/files/plugins/check_http_many | 0 nagios-nrpe/files/plugins/check_open_files | 0 3 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 nagios-nrpe/files/plugins/check_ftp_login.pl mode change 100644 => 100755 nagios-nrpe/files/plugins/check_http_many mode change 100644 => 100755 nagios-nrpe/files/plugins/check_open_files diff --git a/nagios-nrpe/files/plugins/check_ftp_login.pl b/nagios-nrpe/files/plugins/check_ftp_login.pl old mode 100644 new mode 100755 diff --git a/nagios-nrpe/files/plugins/check_http_many b/nagios-nrpe/files/plugins/check_http_many old mode 100644 new mode 100755 diff --git a/nagios-nrpe/files/plugins/check_open_files b/nagios-nrpe/files/plugins/check_open_files old mode 100644 new mode 100755 From 62a85ef72af836b7b6715fc388f14f8a5f840b1d Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 20 Feb 2018 15:05:58 +0100 Subject: [PATCH 14/82] elasticsearch: RESTART_ON_UPGRADE is configurable --- CHANGELOG.md | 1 + elasticsearch/README.md | 5 +++-- elasticsearch/defaults/main.yml | 1 + elasticsearch/tasks/configuration.yml | 5 ++--- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b280d27..44cd2006 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The **patch** part changes incrmentally at each release. ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). +* elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`) ### Fixed * nginx: fix basic auth for default vhost diff --git a/elasticsearch/README.md b/elasticsearch/README.md index a6fa0b14..9f968ae2 100644 --- a/elasticsearch/README.md +++ b/elasticsearch/README.md @@ -20,8 +20,9 @@ Tasks are extracted in several files, included in `tasks/main.yml` : * `elasticsearch_network_publish_host`: which interface to publish ; * `elasticsearch_custom_datadir`: custom datadir ; * `elasticsearch_custom_tmpdir`: custom tmpdir ; -* `elasticsearch_jvm_xms`: mininum heap size reserved for the JVM (defaults to 2g). -* `elasticsearch_jvm_xmx`: maximum heap size reserved for the JVM (defaults to 2g). +* `elasticsearch_jvm_xms`: mininum heap size reserved for the JVM (default: `2g`). +* `elasticsearch_jvm_xmx`: maximum heap size reserved for the JVM (default: `2g`). +* `elasticsearch_restart_on_upgrade`: restart the service after package upgrade (default: `true`) By default, Elasticsearch will listen to the public interfaces (`_site_` cf. https://www.elastic.co/guide/en/elasticsearch/reference/5.0/important-settings.html#network.host), so you will have to secure it, with firewall rules for example. diff --git a/elasticsearch/defaults/main.yml b/elasticsearch/defaults/main.yml index 33310a2f..02dd0d5a 100644 --- a/elasticsearch/defaults/main.yml +++ b/elasticsearch/defaults/main.yml @@ -11,6 +11,7 @@ elasticsearch_default_tmpdir: /var/lib/elasticsearch/tmp elasticsearch_jvm_xms: 2g elasticsearch_jvm_xmx: 2g elasticsearch_log_rotate_days: 365 +elasticsearch_restart_on_upgrade: True elasticsearch_curator: False diff --git a/elasticsearch/tasks/configuration.yml b/elasticsearch/tasks/configuration.yml index 3852cb41..9046687c 100644 --- a/elasticsearch/tasks/configuration.yml +++ b/elasticsearch/tasks/configuration.yml @@ -39,12 +39,11 @@ tags: - config -- name: Restart on upgrade +- name: Configure RESTART_ON_UPGRADE lineinfile: dest: /etc/default/elasticsearch - line: "RESTART_ON_UPGRADE=true" regexp: "^RESTART_ON_UPGRADE=" - insertafter: "^# *RESTART_ON_UPGRADE=true" + insertafter: "^# *RESTART_ON_UPGRADE=" tags: - config From 41f7b029b2a0204699b82b2bfa0141347211a887 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 20 Feb 2018 15:08:40 +0100 Subject: [PATCH 15/82] Update changelog for commits on nagios-nrpe --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 44cd2006..65fa6da4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,10 +12,13 @@ The **patch** part changes incrmentally at each release. ### Added * postfix: add lines in /etc/.gitignore +* nagios-nrpe: add "check_open_files" plugin +* nagios-nrpe: mark plugins as executable ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). * elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`) +* nagios-nrpe: mark plugins as executable ### Fixed * nginx: fix basic auth for default vhost From 40939dd6bda2ad6578a00274227f5c74ac8abb5d Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 20 Feb 2018 15:21:18 +0100 Subject: [PATCH 16/82] fixup! elasticsearch: RESTART_ON_UPGRADE is configurable --- elasticsearch/tasks/configuration.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/elasticsearch/tasks/configuration.yml b/elasticsearch/tasks/configuration.yml index 9046687c..b9fecd47 100644 --- a/elasticsearch/tasks/configuration.yml +++ b/elasticsearch/tasks/configuration.yml @@ -42,6 +42,7 @@ - name: Configure RESTART_ON_UPGRADE lineinfile: dest: /etc/default/elasticsearch + line: "RESTART_ON_UPGRADE={{ elasticsearch_restart_on_upgrade | bool | ternary('true','false') }}" regexp: "^RESTART_ON_UPGRADE=" insertafter: "^# *RESTART_ON_UPGRADE=" tags: From 1ac3300ade641341c36d247bf38a764fbaa632e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Thu, 22 Feb 2018 00:10:14 +0100 Subject: [PATCH 17/82] nginx: package name can be specified (default: nginx-full) --- CHANGELOG.md | 1 + nginx/defaults/main.yml | 2 ++ nginx/tasks/packages_jessie.yml | 2 +- nginx/tasks/packages_stretch.yml | 2 +- 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 65fa6da4..e4668336 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ The **patch** part changes incrmentally at each release. * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). * elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`) * nagios-nrpe: mark plugins as executable +* nginx: package name can be specified (default: `nginx-full`) ### Fixed * nginx: fix basic auth for default vhost diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml index 61700738..0591945d 100644 --- a/nginx/defaults/main.yml +++ b/nginx/defaults/main.yml @@ -3,6 +3,8 @@ nginx_minimal: False nginx_jessie_backports: False +nginx_package_name: "nginx-full" + nginx_default_ipaddr_whitelist_ips: [] nginx_additional_ipaddr_whitelist_ips: [] nginx_ipaddr_whitelist_present: "{{ nginx_default_ipaddr_whitelist_ips | union(nginx_additional_ipaddr_whitelist_ips) | unique }}" diff --git a/nginx/tasks/packages_jessie.yml b/nginx/tasks/packages_jessie.yml index 356b0b5e..25cc18ed 100644 --- a/nginx/tasks/packages_jessie.yml +++ b/nginx/tasks/packages_jessie.yml @@ -3,7 +3,7 @@ - name: Ensure Nginx is installed apt: - name: nginx-full + name: "{{ nginx_package_name }}" state: present notify: restart nginx tags: diff --git a/nginx/tasks/packages_stretch.yml b/nginx/tasks/packages_stretch.yml index 637cb044..565b9b1d 100644 --- a/nginx/tasks/packages_stretch.yml +++ b/nginx/tasks/packages_stretch.yml @@ -3,7 +3,7 @@ - name: Ensure Nginx is installed apt: - name: nginx-full + name: "{{ nginx_package_name }}" state: present notify: restart nginx tags: From 54159f8e879ffeb878141ad1af62bff30843546b Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 23 Feb 2018 18:41:07 +0100 Subject: [PATCH 18/82] mongodb: configuration is forced by default but it's configurable --- CHANGELOG.md | 1 + mongodb/README.md | 1 + mongodb/defaults/main.yml | 2 ++ mongodb/tasks/main_jessie.yml | 3 +-- mongodb/tasks/main_stretch.yml | 3 +-- 5 files changed, 6 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e4668336..c60147cc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ The **patch** part changes incrmentally at each release. * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). * elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`) * nagios-nrpe: mark plugins as executable +* mongodb: configuration is forced by default but it's configurable (default: `true`) * nginx: package name can be specified (default: `nginx-full`) ### Fixed diff --git a/mongodb/README.md b/mongodb/README.md index 5362827c..8796089a 100644 --- a/mongodb/README.md +++ b/mongodb/README.md @@ -12,5 +12,6 @@ Everything is in the `tasks/main.yml` file. * `mongodb_port`: port to listen to (default: `27017`) * `mongodb_bind`: IP to bind to (default: `127.0.0.1`) +* `mongodb_force_config`: force copy the configuration (default: `true`) The full list of variables (with default values) can be found in `defaults/main.yml`. diff --git a/mongodb/defaults/main.yml b/mongodb/defaults/main.yml index 273db2ab..e920d99d 100644 --- a/mongodb/defaults/main.yml +++ b/mongodb/defaults/main.yml @@ -2,3 +2,5 @@ mongodb_port: 27017 mongodb_bind: 127.0.0.1 + +mongodb_force_config: True diff --git a/mongodb/tasks/main_jessie.yml b/mongodb/tasks/main_jessie.yml index 220ad3c5..3aa7775a 100644 --- a/mongodb/tasks/main_jessie.yml +++ b/mongodb/tasks/main_jessie.yml @@ -26,8 +26,7 @@ template: src: mongod_jessie.conf.j2 dest: "/etc/mongod.conf" - force: yes - backup: no + force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}" notify: restart mongod - name: Configure logrotate diff --git a/mongodb/tasks/main_stretch.yml b/mongodb/tasks/main_stretch.yml index 8674455d..416ea727 100644 --- a/mongodb/tasks/main_stretch.yml +++ b/mongodb/tasks/main_stretch.yml @@ -17,8 +17,7 @@ template: src: mongodb_stretch.conf.j2 dest: "/etc/mongodb.conf" - force: yes - backup: no + force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}" notify: restart mongodb - name: enable service From 01379f5a29f2d5d30ed2af6860952f89e0176f23 Mon Sep 17 00:00:00 2001 From: Gregory Colpart Date: Tue, 27 Feb 2018 00:12:50 +0100 Subject: [PATCH 19/82] follow https://wiki.evolix.org/HowtoNodeJS and default to node_8.x version --- nodejs/README.md | 2 +- nodejs/defaults/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nodejs/README.md b/nodejs/README.md index 8170f4ae..bd3ec15e 100644 --- a/nodejs/README.md +++ b/nodejs/README.md @@ -8,4 +8,4 @@ Everything is in the `tasks/main.yml` file. ## Variables -* `nodejs_apt_version`: version for the repository (default: `node_6.x`). +* `nodejs_apt_version`: version for the repository (default: `node_8.x`). diff --git a/nodejs/defaults/main.yml b/nodejs/defaults/main.yml index f51e88aa..95f2b009 100644 --- a/nodejs/defaults/main.yml +++ b/nodejs/defaults/main.yml @@ -1,2 +1,2 @@ --- -nodejs_apt_version: 'node_6.x' +nodejs_apt_version: 'node_8.x' From d0fcd1c2d18c65371b48e61bde89cc6ba5d02723 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Tue, 27 Feb 2018 17:10:25 +0100 Subject: [PATCH 20/82] proftpd: use proftpd_accounts list for create ftp accounts * need documentation * faster, easier, more robust and reliable than loop on include_role with account.yml task * account.yml task will be removed in future release --- proftpd/defaults/main.yml | 2 ++ proftpd/tasks/accounts.yml | 37 +++++++++++++++++++++++++ proftpd/tasks/accounts_password.yml | 42 +++++++++++++++++++++++++++++ proftpd/tasks/main.yml | 3 +++ 4 files changed, 84 insertions(+) create mode 100644 proftpd/tasks/accounts.yml create mode 100644 proftpd/tasks/accounts_password.yml diff --git a/proftpd/defaults/main.yml b/proftpd/defaults/main.yml index 3dc9511c..8bba4c29 100644 --- a/proftpd/defaults/main.yml +++ b/proftpd/defaults/main.yml @@ -3,3 +3,5 @@ proftpd_hostname: "{{ ansible_hostname }}" proftpd_fqdn: "{{ ansible_fqdn }}" proftpd_default_address: [] proftpd_port: "21" +proftpd_accounts: [] +proftpd_accounts_final: [] diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml new file mode 100644 index 00000000..b7e42236 --- /dev/null +++ b/proftpd/tasks/accounts.yml @@ -0,0 +1,37 @@ +--- +- include: accounts_password.yml + when: item.password is undefined + with_items: "{{ proftpd_accounts }}" + tags: + - proftpd + +- set_fact: + proftpd_accounts_final: "{{ proftpd_accounts_final + item }}" + when: item.password is defined + with_items: "{{ proftpd_accounts }}" + tags: + - proftpd + +- name: Create FTP account + lineinfile: + dest: /etc/proftpd/vpasswd + state: present + create: yes + mode: "0440" + line: "{{ item.name | mandatory }}:{{ item.password }}:{{ item.uid }}:{{ item.gid }}::{{ item.home | mandatory }}:/bin/false" + regexp: "^{{ item.name }}:.*" + with_items: "{{ proftpd_accounts_final }}" + notify: restart proftpd + tags: + - proftpd + +- name: Allow FTP account + lineinfile: + dest: /etc/proftpd/conf.d/z-evolinux.conf + state: present + line: " AllowUser {{ item.name }}" + insertbefore: "DenyAll" + with_items: "{{ proftpd_accounts_final }}" + notify: restart proftpd + tags: + - proftpd diff --git a/proftpd/tasks/accounts_password.yml b/proftpd/tasks/accounts_password.yml new file mode 100644 index 00000000..01517083 --- /dev/null +++ b/proftpd/tasks/accounts_password.yml @@ -0,0 +1,42 @@ +--- +- name: Check if FTP account exist + command: grep "^{{ item.name }}:" /etc/proftpd/vpasswd + failed_when: false + check_mode: no + changed_when: check_ftp_account.rc != 0 + register: check_ftp_account + +- block: + + - name: Get current FTP password + shell: grep "^{{ item.name }}:" /etc/proftpd/vpasswd | cut -d':' -f2 + register: protftpd_cur_password + check_mode: no + changed_when: false + + - name: Set password for this account + set_fact: + protftpd_password: "{{ protftpd_cur_password.stdout }}" + + when: check_ftp_account.rc == 0 + +- block: + + - name: Generate FTP password + command: "apg -n 1 -m 16 -M lcN" + register: proftpd_apg_password + check_mode: no + + - name: Print generated password + debug: + msg: "{{ proftpd_apg_password.stdout }}" + + - name: Hash generated password + set_fact: + protftpd_password: "{{ proftpd_apg_password.stdout | password_hash('sha512') }}" + + when: check_ftp_account.rc != 0 + +- name: Update proftpd_accounts with password + set_fact: + proftpd_accounts_final: "{{ proftpd_accounts_final + [ item | combine({ 'password': protftpd_password }) ] }}" diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml index a48c9836..5fe33dbb 100644 --- a/proftpd/tasks/main.yml +++ b/proftpd/tasks/main.yml @@ -55,3 +55,6 @@ notify: restart proftpd tags: - proftpd + +- include: accounts.yml + when: proftpd_accounts != "[]" From ef3287f7a255bd99c5317eee333ae80fecbd8141 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Tue, 27 Feb 2018 17:24:21 +0100 Subject: [PATCH 21/82] proftpd: missing tab --- proftpd/tasks/accounts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml index b7e42236..26ff0ae5 100644 --- a/proftpd/tasks/accounts.yml +++ b/proftpd/tasks/accounts.yml @@ -29,7 +29,7 @@ lineinfile: dest: /etc/proftpd/conf.d/z-evolinux.conf state: present - line: " AllowUser {{ item.name }}" + line: "\tAllowUser {{ item.name }}" insertbefore: "DenyAll" with_items: "{{ proftpd_accounts_final }}" notify: restart proftpd From 738d56db68492a1d9d0c4ffb0297b4c2e517b747 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 28 Feb 2018 17:11:47 +0100 Subject: [PATCH 22/82] Add mysql-oracle role Install and configure MySQL 5.7 with packages from Oracle --- CHANGELOG.md | 1 + mysql-oracle/.kitchen.yml | 28 + mysql-oracle/README.md | 40 + mysql-oracle/defaults/main.yml | 22 + .../debian/mysql-server-5.7.mysql.service | 22 + mysql-oracle/files/debian/mysql-systemd-start | 56 + mysql-oracle/files/evolinux-defaults.cnf | 62 + mysql-oracle/files/my-add.sh | 160 ++ .../files/mysql-apt-config_0.8.9-1_all.deb | Bin 0 -> 35950 bytes mysql-oracle/files/mysql-optimize.sh | 5 + mysql-oracle/files/mysqltuner.cron.sh | 50 + mysql-oracle/files/mytop | 2328 +++++++++++++++++ mysql-oracle/handlers/main.yml | 19 + mysql-oracle/meta/main.yml | 20 + mysql-oracle/tasks/config.yml | 23 + mysql-oracle/tasks/datadir.yml | 45 + mysql-oracle/tasks/log2mail.yml | 22 + mysql-oracle/tasks/main.yml | 19 + mysql-oracle/tasks/munin.yml | 64 + mysql-oracle/tasks/nrpe.yml | 55 + mysql-oracle/tasks/packages.yml | 74 + mysql-oracle/tasks/tmpdir.yml | 23 + mysql-oracle/tasks/users.yml | 89 + mysql-oracle/tasks/utils.yml | 193 ++ mysql-oracle/templates/evolinux-custom.cnf.j2 | 4 + mysql-oracle/templates/log2mail.j2 | 29 + mysql-oracle/templates/mytop-config.j2 | 3 + mysql-oracle/tests/test.yml | 4 + 28 files changed, 3460 insertions(+) create mode 100644 mysql-oracle/.kitchen.yml create mode 100644 mysql-oracle/README.md create mode 100644 mysql-oracle/defaults/main.yml create mode 100644 mysql-oracle/files/debian/mysql-server-5.7.mysql.service create mode 100755 mysql-oracle/files/debian/mysql-systemd-start create mode 100644 mysql-oracle/files/evolinux-defaults.cnf create mode 100755 mysql-oracle/files/my-add.sh create mode 100644 mysql-oracle/files/mysql-apt-config_0.8.9-1_all.deb create mode 100644 mysql-oracle/files/mysql-optimize.sh create mode 100644 mysql-oracle/files/mysqltuner.cron.sh create mode 100755 mysql-oracle/files/mytop create mode 100644 mysql-oracle/handlers/main.yml create mode 100644 mysql-oracle/meta/main.yml create mode 100644 mysql-oracle/tasks/config.yml create mode 100644 mysql-oracle/tasks/datadir.yml create mode 100644 mysql-oracle/tasks/log2mail.yml create mode 100644 mysql-oracle/tasks/main.yml create mode 100644 mysql-oracle/tasks/munin.yml create mode 100644 mysql-oracle/tasks/nrpe.yml create mode 100644 mysql-oracle/tasks/packages.yml create mode 100644 mysql-oracle/tasks/tmpdir.yml create mode 100644 mysql-oracle/tasks/users.yml create mode 100644 mysql-oracle/tasks/utils.yml create mode 100644 mysql-oracle/templates/evolinux-custom.cnf.j2 create mode 100644 mysql-oracle/templates/log2mail.j2 create mode 100644 mysql-oracle/templates/mytop-config.j2 create mode 100644 mysql-oracle/tests/test.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index c60147cc..66e7da49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The **patch** part changes incrmentally at each release. * postfix: add lines in /etc/.gitignore * nagios-nrpe: add "check_open_files" plugin * nagios-nrpe: mark plugins as executable +* mysql-oracle: new role to install MySQL 5.7 with Oracle packages ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). diff --git a/mysql-oracle/.kitchen.yml b/mysql-oracle/.kitchen.yml new file mode 100644 index 00000000..b21cc3db --- /dev/null +++ b/mysql-oracle/.kitchen.yml @@ -0,0 +1,28 @@ +--- +driver: + name: docker + privileged: true + use_sudo: false + +provisioner: + name: ansible_playbook + hosts: test-kitchen + roles_path: ../ + ansible_verbose: true + require_ansible_source: false + require_chef_for_busser: false + idempotency_test: true + +platforms: + - name: debian + driver_config: + image: evolix/ansible:2.2.1 + +suites: + - name: default + provisioner: + name: ansible_playbook + playbook: ./tests/test.yml + +transport: + max_ssh_sessions: 6 diff --git a/mysql-oracle/README.md b/mysql-oracle/README.md new file mode 100644 index 00000000..5d09720e --- /dev/null +++ b/mysql-oracle/README.md @@ -0,0 +1,40 @@ +# mysql + +Install MySQL (from Oracle) + +## Tasks + +Tasks are extracted in several files, included in `tasks/main.yml` : + +* `packages.yml` : packages installation ; +* `users.yml` : replacement of `root` user by `mysqladmin` user ; +* `config.yml` : configurations ; +* `datadir.yml` : data directory customization ; +* `tmpdir.yml` : temporary directory customization ; +* `nrpe.yml` : `nrpe` user for Nagios checks ; +* `munin.yml` : Munin plugins ; +* `log2mail.yml` : log2mail patterns ; +* `utils.yml` : useful tools. + +## Available variables + +* `mysql_replace_root_with_mysqladmin`: switch from `root` to `mysqladmin` user or not ; +* `mysql_thread_cache_size`: number of threads for the cache ; +* `mysql_innodb_buffer_pool_size`: amount of RAM dedicated to InnoDB ; +* `mysql_custom_datadir`: custom datadir +* `mysql_custom_tmpdir`: custom tmpdir. +* `general_alert_email`: email address to send various alert messages (default: `root@localhost`). +* `log2mail_alert_email`: email address to send Log2mail messages to (default: `general_alert_email`). +* `general_scripts_dir`: general directory for scripts installation (default: `/usr/local/bin`). +* `mysql_scripts_dir`: email address to send Log2mail messages to (default: `general_scripts_dir`). +* `mysql_force_new_nrpe_password` : change the password for NRPE even if it exists already (default: `False`). + +NB : changing the _datadir_ location can be done multiple times, as long as it is not restored to the default initial location, (because a symlink is created and can't be switched back, yet). + +## Misc + +We use the `mysql-apt-config` package from Oracle to configure APT sources. It is used right from the role since there is no apparent stable URL to download it from Oracle servers. We should verify from time to time if a new version is available to update the .deb in the role. + +The MySQL debian package made by Oracle doesn't work with systemd out of the box. We've used the `mysql-systemd-start` script and the systemd unit made by Debian for the "mysql-5.7" package (currently only available for Sid). + +On Stretch, "mytop" is not packages anymore (only provided by "mariadb-client-10.1"). We're using the version from the "mytop" package (currently only available for Sid). diff --git a/mysql-oracle/defaults/main.yml b/mysql-oracle/defaults/main.yml new file mode 100644 index 00000000..e79fe036 --- /dev/null +++ b/mysql-oracle/defaults/main.yml @@ -0,0 +1,22 @@ +--- +general_alert_email: "root@localhost" +log2mail_alert_email: Null + +general_scripts_dir: "/usr/share/scripts" +mysql_scripts_dir: Null + +mysql_replace_root_with_mysqladmin: True + +mysql_custom_datadir: '' +mysql_custom_tmpdir: '' + +mysql_thread_cache_size: '{{ ansible_processor_cores }}' +mysql_innodb_buffer_pool_size: '{{ (ansible_memtotal_mb * 0.3) | int }}M' + +mysql_cron_optimize: True +mysql_cron_optimize_frequency: weekly + +mysql_cron_mysqltuner: True +mysql_cron_mysqltuner_frequency: monthly + +mysql_force_new_nrpe_password: False diff --git a/mysql-oracle/files/debian/mysql-server-5.7.mysql.service b/mysql-oracle/files/debian/mysql-server-5.7.mysql.service new file mode 100644 index 00000000..258d7f57 --- /dev/null +++ b/mysql-oracle/files/debian/mysql-server-5.7.mysql.service @@ -0,0 +1,22 @@ +# MySQL systemd service file + +[Unit] +Description=MySQL Community Server +After=network.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=forking +User=mysql +Group=mysql +PIDFile=/run/mysqld/mysqld.pid +PermissionsStartOnly=true +ExecStartPre=/usr/share/mysql/mysql-systemd-start pre +ExecStart=/usr/sbin/mysqld --daemonize --pid-file=/run/mysqld/mysqld.pid +TimeoutSec=600 +Restart=on-failure +RuntimeDirectory=mysqld +RuntimeDirectoryMode=755 +LimitNOFILE=5000 diff --git a/mysql-oracle/files/debian/mysql-systemd-start b/mysql-oracle/files/debian/mysql-systemd-start new file mode 100755 index 00000000..946efb51 --- /dev/null +++ b/mysql-oracle/files/debian/mysql-systemd-start @@ -0,0 +1,56 @@ +#!/bin/bash +# +# Scripts to run by MySQL systemd service +# +# Needed argument: pre +# +# pre mode : try to perform sanity check for configuration, log, data + +# Read a config option from mysql. Note that this will only work if a config +# file actually specifies the option, so it's important to specify a default +# $1 is application (e.g. mysqld for server) +# $2 is option +# $3 is default value used if no config value is found +get_mysql_option() { + result=$(my_print_defaults "$1" | sed -n "s/^--$2=//p" | tail -n 1) + if [ -z "$result" ]; + then + result="$3" + fi + echo "$result" +} +sanity () { + if [ ! -r /etc/mysql/my.cnf ]; then + echo "MySQL configuration not found at /etc/mysql/my.cnf. Please create one." + exit 1 + fi + datadir=$(get_mysql_option mysqld datadir "/var/lib/mysql") + if [ ! -d "${datadir}" ] && [ ! -L "${datadir}" ]; then + echo "MySQL data dir not found at ${datadir}. Please create one." + exit 1 + fi + + if [ ! -d "${datadir}/mysql" ] && [ ! -L "${datadir}/mysql" ]; then + echo "MySQL system database not found in ${datadir}. Please run mysqld --initialize." + exit 1 + fi + + # Do a test start to make sure there are no configuration issues or similar + # mysqld --verbose --help will output a full listing of settings and plugins. + # To do so it needs to initialize the database, so it can be used as a test + # for whether or not the server can start. We redirect stdout to /dev/null so + # only the error messages are left. + result=0 + output=$(mysqld --verbose --help --innodb-read-only 2>&1 > /dev/null) || result=$? + if [ ! "$result" = "0" ]; then + echo "ERROR: Unable to start MySQL server:" >&2 + echo "$output" >&2 + echo "Please take a look at https://wiki.debian.org/Teams/MySQL/FAQ for tips on fixing common upgrade issues." >&2 + echo "Once the problem is resolved, restart the service." >&2 + exit 1 + fi +} + +case $1 in + "pre") sanity ;; +esac diff --git a/mysql-oracle/files/evolinux-defaults.cnf b/mysql-oracle/files/evolinux-defaults.cnf new file mode 100644 index 00000000..395ccac4 --- /dev/null +++ b/mysql-oracle/files/evolinux-defaults.cnf @@ -0,0 +1,62 @@ +[mysqld] + +###### Connexions +# Maximum de connexions concurrentes (defaut = 100)... provoque un "Too many connections" +max_connections = 250 +# Maximum de connexions en attente en cas de max_connections atteint (defaut = 50) +back_log = 100 +# Maximum d'erreurs avant de blacklister un hote +max_connect_errors = 10 +# Loguer les requetes trop longues +slow_query_log = 1 +slow_query_log_file = /var/log/mysql/mysql-slow.log +long_query_time = 10 + +###### Tailles +# Taille reservee au buffer des index MyIsam +# A ajuster selon les resultats +key_buffer_size = 512M +# Taille max des paquets envoyés/reçus … provoque un "Packet too large" +max_allowed_packet = 64M +# Taille de la memoire reserve pour un thread +thread_stack = 192K +# A mettre le nombre de threads CPU alloues pour MySQL +thread_cache_size = 1 +# Taille maximum des tables de type MEMORY +max_heap_table_size = 64M + +###### Cache +# max_connections x nbre max de tables dans une jointure (defaut = 64) +table_open_cache = 4096 +table_definition_cache = 4096 +# Taille max des requetes cachees (defaut = 1M) +query_cache_limit = 8M +# Taille reservee pour le cache (defaut = 0) +query_cache_size = 256M +# Type de requetes a cacher (defaut = 1 : tout peut etre cache) +query_cache_type = 1 +# Cache tables +max_heap_table_size = 128M +tmp_table_size = 128M + +###### InnoDB +# Si InnoDB n'est pas utilise... le desactiver +#skip-innodb +# En general, il est plus optimum d'avoir un fichier par table +innodb_file_per_table +# Taille memoire allouee pour le cache des datas et index +# A ajuster en fonction de sa RAM (si serveur dedie a MySQL, on peut aller jusqu'a 80%) +innodb_buffer_pool_size = 512M +# Nombre maximum de threads systeme concurents +innodb_thread_concurrency = 16 +# Ajuste la valeur des logs InnoDB +# (attention, il faut ensuite stopper MySQL et effacer les fichiers ib_logfile*) +#innodb_log_file_size = 128M +#innodb_log_files_in_group = 2 + +###### Misc +# charset utf8 par defaut +character-set-server=utf8 +collation-server=utf8_general_ci +# Patch MySQL 5.5.53 +secure-file-priv = "" diff --git a/mysql-oracle/files/my-add.sh b/mysql-oracle/files/my-add.sh new file mode 100755 index 00000000..b649a209 --- /dev/null +++ b/mysql-oracle/files/my-add.sh @@ -0,0 +1,160 @@ +#!/bin/sh + +usage() { + echo "Usage: $0 [ -d -u [-p ] [-f] ]" +} + +interactive() { + echo "Add an account / database in MySQL" + echo "Enter the name of the new database" + read db + + if ( is_db $db ); then + echo "Database $db already exist !" >&2 + exit 1 + fi + + echo "Enter account with all right on this new database" + echo "(you can use existant account)" + read user + + if ( is_user $user ); then + echo "Warning, account already exists, update password ? [N/y]" + read confirm + if [ "${confirm}" = "y" ] || [ "${confirm}" = "Y" ]; then + echo -n "Enter new password for existant MySQL account (empty for random): " + read password + if [ -z "${password}" ]; then + password=$(apg -n1) + fi + fi + else + echo -n "Enter new password for new MySQL account (empty for random): " + read password + if [ -z "${password}" ]; then + password=$(apg -n1) + fi + fi + mysql_add $db $user $password +} + +cli() { + while getopts ":d:u:p:f" opt; do + case "$opt" in + d) + db=$OPTARG + ;; + u) + user=$OPTARG + ;; + p) + password=$OPTARG + ;; + f) + force="true" + ;; + *) + usage + exit 1 + ;; + esac + done + shift $((OPTIND-1)) + + if [ -z "${db}" ]; then + usage + exit 1 + fi + + if [ -z "${user}" ]; then + usage + exit 1 + fi + + if ( is_db $db ); then + echo "Database $db already exist !" >&2 + exit 1 + fi + + if ( is_user $user ); then + if [ -z "${force}" ]; then + if [ -n "${password}" ]; then + echo "User $user already exist, update password with -f !" >&2 + exit 1 + fi + else + if [ -z "${password}" ]; then + password=$(apg -n1) + fi + fi + else + if [ -z "${password}" ]; then + password=$(apg -n1) + fi + fi + mysql_add $db $user $password >/dev/null +} + +is_db() { + db=$1 + mysql mysql -Ne "SHOW DATABASES;"|grep -q "^${db}$" + exit $? +} + +is_user() { + user=$1 + nb_user=$(mysql mysql -Ne "SELECT COUNT(User) from user WHERE User='${user}';") + if [ $nb_user -gt 0 ]; then + exit 0 + else + exit 1 + fi +} + +mysql_add() { + db=$1 + user=$2 + password=$3 + + echo -n "Create '${db}' database ..." + mysql -e "CREATE DATABASE ${db};" + if [ $? -eq 0 ]; then + echo "OK" + else + echo "KO" + exit 1 + fi + if [ -z "${password}" ]; then + password=$(mysql mysql -Ne "SELECT Password FROM user WHERE User='${user}' AND Host='localhost';") + echo -n "Grant '${user}' to '${db}' database ..." + mysql -e "GRANT ALL PRIVILEGES ON ${db}.* TO ${user}@localhost IDENTIFIED BY PASSWORD '${password}';" + grant=$? + else + echo -n "Grant '${user}' to '${db}' database with password '${password}' ..." + mysql -e "GRANT ALL PRIVILEGES ON ${db}.* TO ${user}@localhost IDENTIFIED BY '${password}';" + grant=$? + fi + if [ $grant -eq 0 ]; then + echo "OK" + else + echo "KO" + exit 1 + fi + echo -n "Flush Mysql privileges ..." + mysql -e "FLUSH PRIVILEGES;" + if [ $? -eq 0 ]; then + echo "OK" + else + echo "KO" + exit 1 + fi +} + +main() { + if [ $# = 0 ]; then + interactive + else + cli $@ + fi +} +main $@ diff --git a/mysql-oracle/files/mysql-apt-config_0.8.9-1_all.deb b/mysql-oracle/files/mysql-apt-config_0.8.9-1_all.deb new file mode 100644 index 0000000000000000000000000000000000000000..f9cedd31a923210497ed0250089ad4966962ab09 GIT binary patch literal 35950 zcmafXV{9f2&~4kTy|r!I?$$P++P2NDxwY-5wr$(C?cVp^-0$~yGMQw4%w&?2lgt@n zK0_yC3jtUYQzJ`5J9;BaJ3}W=A|fJYb|x-vZcZi^4k99^|LXtA%uGxiY-~hC|Hc1@ z0W1px6Rfelor{yb4TFoJ6N9zyYfo zpRAaCKVno0MYbuB4JY|~^0WK!{d3|DE=q-0%!DG*=Nl<9=dX$UbDMj6wlQss z5#?`DQSs5{*7NxBQ=E(B0B8cJd}6*6<|CiW{E$MogMI6NZT!h87%t?DfVF;xntm8+ z(C@J5=dcN5dIk9+MfQ-LcT?h2+iV>I^NGn|(rr{*jIl%g_GDK3>UWo!rIr-ND$&~s z6?)CgD1e=}05j^X?uPF-n%ki?1Tn%r$~{-+J=O9*b~c!FlD+4J(<@r*mLrm|8$3{nTov z?G2P6KmMe*MdmahP>@0Ma!zfeGV}KG)7R1=VMOqT^ve0Af$cDCh9Z$1rTT)Hw0f!y z&-@N*&Mmo}iDJ`ER(ts}vQgfBta)GO&3mEz@##U9`5AbD0|SlOyw3=h;uLl#jtQ_J z238z@K>X^xoKwxmj6#njsw70V38kY;3d`fT#1ITY27mkp4k69$^KxDKtXA{3R=*EJ z8N!Pce<1e`EpFeR47o@3d}4!{{hPhX*q=K|?f7)3lGb{xa%J5K=Rn&ZO>_ka89!T!7h_RLNIgKAx( zZdG~+ZMT_*g5T?YWEe67ZGWEU_klaU<3v5)D$n7aPkuK2d@g~d{vZOcFJdcn-zUoT@$X~FjKv>Um9@F}+B=7FO4yxluX8MigxKqc{*KDp zc>_0orxi5zxz7D?jpT&>d<2N~Z`R%`a$H4wub%!>yS52}U)nGV9@YYwx6`zWOP}k6trJt3vj`L*tVCKz+^4lz z17g|lD<>Iu4;2VHAQ`_j+iIW`-{mM3-z<g&Ri{YlC-`0p z$8hr?9Gn#O4~CGgQk%PUU)7WzP1oi0cMx#}T?IKLeq2E@wn0+)1BU(e2Z_)yo}dI^L4^*&h*v`D{lKk^493-3tma zK3$AV90wSJ4lT|gt@>L&4_G(oa|C=|LB{t?2drR&j9q9jQT#=A73hXB zp?v|hGmz1em4dLt!u+%C+=jZ;bk@Klr8gYLHVJU_U@8iMxM$Px}SY4LamR4 z0|B_SljI%HEdakL#`~7ezc1c}`Nm*J@W5{t!d{rJl~lkEyFsyBRBDvBW)S$D*B%Fc z-Z&7``PBl#L;F0%7$xjsLky$Y7N=VegfcLZ?+x+2diygo`^^AqX=2=G@Z#p@sxt7~ z^^WmpXCLY3ribzSRcS}V>HF6E_FewBVh7dgRrmUO zg!=TczJ8;3SYnExYzcPWpilj|LkM1nr0*pt{vjv-n6w4TUcacYV02sJrYK12L1=hY zs@-Lfc>$V!qy8>>aB z4IS=}@&jx3k9qd@w{ErB4}2=#4JJCwgpZIp{qrZD!JX9$Q;(jyg^k_r%jeypp5E56po-VCZl2uDM*JBUvxX z=zcmscSmEhLDl0Zk`)=x_6@s3g#N*x>lcsKHU6##xAv+($Ah^{yIL(i6A3-h=!|n< zw|C}PTOXx1GX|dt8kUe%=?ZAq8iHirL$jELf~mLSU_0y{d;a>AD7_GZnZx>lin%5} zFSN%3R2hWgEuiSGpHmS(PjMLf8e0nT8#|F~Hz#NIiO-Pi`W{dAs82A~+cD3;Szz2F zX8O%Vj6UlMBY!UFvmLh&fj(m#YPWWk|J%bpVI0(TE%HVxAmU_N1^~))akTgIX*1>} zcdGaEi318sl}dc-?|jxd^p(osAqgRVtHu9v?*}vc z2aF@=o$W`k^G9L-m2<|QpW|ca>c^Ps`Q_{9Cwhif4{l)^>GH{%5`7<&x+9fa*`~yW6 zfVA{bG$1vt;Ix8L`L;E}V>(|4|4gr(?6Ib^k-orsNcvES#vlFbfV zK&h|W=$=BrYbUMMH*DUgSntZe55`CjN0JbSiZ93;e@+%?S5g>EC-g7)ps{`jRP4Mk;%5>x`hYJMYMxui`}X_$xs20t zYA!PRY4ah?ioo$;=^AL?juQ30#jyt33ACfWW(3eZp-Qh0k=hBj`w(Nssp|ckEd;F7 zRn+MQfD;Csh4^s~>KEMM{{DteXUu{7dHNVCEO{-D_jErz0ZexCfc=?#pxaAT`Esjg za@-if?yRK-5rxs)eEabC{=s_yM$Lc+m?2|*h-x%gP}YJ(-Q-U06JIF#pTs4lD;NSp zb{`zPF1eeiHJuhR6#{q%PmSaGrsFI zfn5ThJc9miK4*J>X5Y`O3{tgSfs}MTe4C&if#z2(SPv{~Ap=YDd72|KzMy9~AJve?>P;b|V7XV>L?v7xm{t^)fVW3Xe z6#M5K+$>NEpz!zSD)#Gg8hCrT5nQ`+^uTK8yK`@USDPLZ$NsXh^|kv%q~){trMW3~ z+TBKD(-CeBs`yKSFWG<67)c5!Rq6|xBH`u*uw|s$?XvoMOM5?Op5DPwyD`5LBrozi z&l}(byErl#-#2~u`e>O*?YfUk1%9mV^yIi{b=vXzclxc#e0#jr&wSk7oAN#%968&g z!{0bs?5m*l0Q~fTkbNfsNECYwj$OyGKWzaym`dZom>iIogTZ42# zPV4l3UX?t`eN%Jj<)-oZyRl#PF4OA=DA7(?5~Kd^IkE4|+2Q?hh3M2+x*iGf;BpMD3>^|}!t zY3V6FCLr`XNoH2i>2dw|-+lDN)qQJp{XmTS-B-T!Kxe&sfBn3?^n8DRuk7snyw7<5 zOxS~zg$oK0{QZ8Fl@J_u{WN~$!hZ-CWca>vT&&mmjQi;$3>oTS@QV`?fFFhW{8jh*D~&}{e&YLE0-EO0cHH5$9!DZL zUkiLEG6B5~btc`Y4B-=o)v^!vSytn$17G*Lc%q1~+~mNr&DDr`l*=LAE(Dd9Acg{~ zRJ^`<7gSc990?#2vi%LXyLTMJ$M z?z{shXTEA@DD|>ajf{+u1H`2Quro@Tui&Qr6V#jf1DgE8W4>%0O^)?v;;zr2=6I=c zAvo%P5uU13RkwnY5;3c{wrB09YqUp3J{$xq+ZDvTC7Ow0wp>@lAJ|~=hf`9~D5Wyg zsOt16?F&1%bTe%fnq_4hk{~w-{uQlzD2#@6DDKxC=2xoZ_FZC@YU@;f94yhlDjTa{ zcBzJM1r{#VHP_(8MyM`3iEXNFA9c3?DPq`_oL_0$j_>)m=Yei2_R>vx6)@QVCf}fwy;FanW+EPH ziXvn5lvXTp@n-~9bOFOV(MPzb`isH#IbLW1;{wRL?kyR$HE zP_=caSi8|Yvml!hM}1RW%f_PaS|{jl%8TVWo)!8wnoG^Or6*EgRAW(84i^v0Ynk;K+_lvmUjwTmy6UGQyyngn@Clgd7=`6Qx;zTMl5Rd?{ zt9)R<&sf0f6QvxUvLoIs7W;Sk|5 zfb96sgzUw|yZN?hu0_i$7iyTaxNx5Luv=htu5*tCe%*F`-Euy=Lw0O9eeyx93Q3Br zRN6C($~Bw-GCX^6jm=OHJ@B7VW3ZBIOU@E$UjRv;?BgykcwLt7PJL@RR^ zJmjP^<;l=xm{zLTh>+@RGJgB4^o{{L(2?v zqeZwlLYyn23!PeI0V;ufYO@`EsM6nmrp|l> z9L?uS6~fpVSgYihg&WS8RW9$V2E`%osRe;wx;&O$e0b(GJHyU)td(xrm$%+N>}N-G zGu&&aCQ3Ta-sny=B7dTvIX7&pcW0%E!wQ%<#?qWe8CqR7Mh{XB*eC2A*UOzuUpIRH z?iPz}X=K_OWuT!Nu9jTM+{re>qUFkAq%tQDm@%OKMPqwWU$KcevN1+`%IFQc`eUrr zm|m6Kw(TqBI>J+YiG46jRGarsWDwn~TbYP)fYWY+OWh5t7jQG*iz%0VRXf}V_2O{^ ztVaV%|D&Mq)Z)JDD;B?lPQL<-PRJ{nt^9?Ny(wCnZ@X4k_GhlGZZIq30l0bcy(QTy zhEl1jCY^WAFtH8HKRyRamaZbIE0FCo@?ZDep|=!Wh_CgDuPJrjSf{s{!!#Qzu9KKR z9j%*{hi3eJ&VkI<7FeyB%S<=jSeF^x(&jMM%zU!ykO@svMoV4zUJp#heyxK?2@PK- zt(+&F05%LT1XNY#+%92hh~*)6B(F(z$PVo360OV&%OEjnZ{nY5FTxIGkz9@=qqR`3 z8b|hdw<%LwVB9Xr+3a~Wfrb>}P1VFY&sqwHgFWo6Z%vbY!eA z(`}F+r_Y`(ga0{w;e3;pcP`2P^_b<*f!e_x>ndNuiu_+aoIox-V9;9iZjk3wF4TKZ~m7HR$qUojHd?x(>TByMct6s_CrKSHa9?%ezi; zHV}=J&s!Gym!XBEv;|R$fj1nNLFQRtI&gu}J*#UCeM;bd3=h!kx&zR=C$ft}GbwX8DzvW6V~)X>M5}czfSWJs2oehNaB*k~An1o?YYmp*Oia zVT!lZ5!*tQ&@la1%kaBI*HRdtB{=t2yD~0$<@QrjD5mVvo`!g|E527R3Y6qPo%CF_ zog-U=#3|;q1LWIO=6!9{A>34N=6EYV%AlF;86F>)2DS>Ps3~ z$l2WG%*0~i=u>r)?wi@DWogx{=>xMh%(cCIjb{CJU!@os6gCV= zxs@;(DT-SOzZ2j?4e2F5?kl8Uf5b!o*$^X*98mfQst_AY(dTh0;!PWJB9WL2r&j7&hyhb<0Q zXW0G+5Nc~8eNr)CV;QBaPJN>*E|r7z<7 zgAzXt)pmzZKM+}u7X;*26pYv{u9gp|%Huzq^RypG=_wbmR+UC>8xB?xku*^d3$&X( z-}Y=*&ASdc#;bQ$`_!;q54LU?m-GQSSe4WU>7gSERFN%n8Xw&qn~5-vRtR?ns<1=r z*>Xt1rM8k?bMvd)L26hIJ+`4$ggHKeriKeM(Z=Z7KdB>D4UTx_S3+*fcGy(LEVTQS zHPAQVHtCH|>$g&uJi0@?;_J~-gsKC-`z>TBQA&&IqIq2QNta#WTvx8@QlqlAVhiMs zMaKbLldBTo;=h{}+dBfmmiEhb))MqtUg(Fl#goKdCc9`yMCS4$whQF?m;SgmzU~ck zSGZS0UtHrw4o^aYVje$uz~KrA-c(nzXO30WP#<&~8<3gb;4LcSkq}7{z)A?(^x?p_?gMFhZQ{lpN?Hm(oTRGxZdniNp2c3++c*6_Q$E)CD>o0R2Fb0UI!$ ztKhXD;hG&cbEV+jVA|FpZp38X?8AR_9>?;=j4NY0)#rn5D-+&S>$;@Gyk_l<6&^VT z3(3nE(ivrD`b3Q)x2J591XyO5HEM|$3W$@{?2VGliVP)RLZWFf+6nlSLGiP6@*mn>w?DNq=+zt@+BAne)ZfN9_gR$I z+cT78?L@n7Uz_;oJd`j>?vDeGBy<}s=Y$a~J3`Rf#RdR%^(5tlE%XUTU5;y5oaJ{? zMXu`RTid;hx;(hkqN7~gz*}E8dL(5y3GMb0p(h3awr0-~ z=A{qn;e{^5ijT6Py?Q~PVy)_l4{Qr;$3u>@O*4vl4P2`&($Vd8&)uZKq$GMgZh}d% zh#d+YQt-nY6m2wN{(V=+P-u*40~;WX5m4YtJ#x6=0gu(UoZ6t~pVmdJgbll$$-zv`U|Jbx077V5t8=4HOa*bX0xE(M9iJ5C zgNiQCIqhUW^>QU|XvIBOay7PkaHD9o_|pFhQ=G?W5NQS}RI(be`MS18VNa>J(1@io z!W0dxCy|t0?=F24z-Mz(@aUqvB(lrh7~u^h-4r78aM~=0-hRoC-9gT*p1QJJyZi*v zWJOD@W+t8DpMA0g%K)a)2>C)UJU5?Nm>H*$davofbcmYc%En81ICgo2(Bhe69wwMM zcg0f@p^4N_1l`v|^JPI^|Y2g|Z2MJ)(qB*zfP&ZQg&iHZg@d zikj_?1M=g|6F0+bIj{XP)Q?o@x8Fq7EZqFy!Tj`10B7b8bSQk=?E4p(el+cisYSk> zhJMTlA1UVKKiC};*N}NBNwjlM;?qy8k=#hpjRnH_ffow|U}%E84U4vIdQlVY3tdi#z)~*Sf09AHT3oZwEy}L0C1#rj{6@IvvO4v?g=iZPm7J#u%8WXO@gF zp8e?J6B>R$eLr)ZfzHPU0HH|5dF-ZH%!RP_N$ywLrw4c_H%(@kILCq6hge)i&Vcj> zs~!SkfxjecE=%6VkCbi9i3>h;WnKp`&WC-Ah9`xRwT#$S$&md7?P>aEy^nnks`nHj9YFn->d#j1-H(}gb>{5mmGSmnHqSU7_DwUbr zK9z^YoEStZ=r|+Z5?Xcl*}$fyWo?~#;=U9nHcaSJWv{>b_-v-Upyke%r5z)!q#=A9 zntgIJ-TaEBp1cDhTAP*gLidW(sTxAdBQW!g^(cn#MRllE1P&aOMJ(1+1qfV~0v-nt zsaYJ74^hHvXWbGT%y~nte5}i>hr`}_wwyDC0sniq8KQZbB@YcC=xcL@$XEmQB%8ptIU zM?cKVaRI{H5}eg0G~4O5Htrd7kEE&5>WTj&L-CfI%hBXRe43g5~0_vk-|G z=(9NOJBU!qetcJ2ZN2*C$QU!BWb?V*dN#2wcy;jQ_UP$@=)N|DkoSeptpnkt$C4vy z=v(n(%WEoCu+eO##6!row%F3`9q7L5HCd$u0qS+a28p@Sk|UO9T@Dm?UQw)5rIqnh zp(u~obv50jGucwHZrv)3EY6n6rhtJ*1qJF4)HiRBaGH%3@eJZkxid9U8&Cds1#Y

I0i}T4HDM9OZjEXXGvS$l)YY?2 zE6MQDqz7!YoEl$<$pG}wBw7PmD=FH1aBk9U2VrO53;4(;o8EVe>P7d=veyFb4f@1g z3GB+wv5b5jQVfv+T0|sL3%{e4a$!lzW%T8IrX%pSBxbn@PTJn0w1=$dYQ=2LYQhFd zV)1%@VJF0a2i4dYh8=rNWB}mjJk}n z>|MxET;#cwX{Tvkme67YPyb)V&5?uin|`8OHHvsFrlpJ>GL-54E;%yoarj-g$G!wr z^emehUgi4eKBiD)R)E6*Jz6clMA`U17P{j3{}@SLH&L=1w@%T&mM~n%*jWd4k1?;g$rFonCDU{4BV|IrsSM^3AcL8CB zA8f7K%+Ut$YS5|N<#n4l*&E|HAKb{m&AN7~*chUPLZs*&CpW1@;(|qzw-89U{EY3k z8d5d(PnBC00r#&dl;aSkyygRJ6IS!jA#KBVbtO?rB(Fu<_Zhp_kCokzc?LI&VbzeC zK5hqHVTpgk(q){T|5Q7eLxuCB<_>O%-)ZwPGCq{kGbY4NTy;7%>HG!eUt3itIckZw zaoTdc%Hb`E`h|WJL!WpnWJjbsb4V_|pA;q(rpIiiX*vxj@b6GUPH-r)tu=virR!~X z9*mibEn^&-?(hM)J$Heb^3kuZjWj@MkE?AG6yIK=U`40aR0Y7KmgU^;-7ShIW`~{Q z)N473M~q5liW^R*heaO;IZi|(=4bsB=~;Qh{n@-1h_Y%6~E zL1}x?7O;P09fVtepbgvTw7u5IulRH(sL=M|sUa-{Zs(&#RNnG3K=_7GU)P#isz-jx z&P;hbk9$@+X2}4Uafa?>C`X5E^&tkw=}UoiT1 zxlO2$O^zIN&%#&J3(*w6UZ5DO4XMv6WsR!~xJcSUql65ESr8LcMV zATzW(Ec6;apSQI)>vmh)u7+=0N@=9ni~GK2sYcgUrXh!PQTW@^mKi}N6n~pZKCWiO zP+!L=Y1_soz63aY;d+azxW{`aVf8Q9_;jv^e*;(e(tYArK!{UZa>DL8(pRi9J^cch z(d}+Wr%X42&6ViMQp#6(t7nt5CkPr_4_90i%jp;O5*rl2!x{P(LH*%!9nF}$_1UG= zt>bJY0#v1jlRFOgpUTL#wT*uC&=N=5zh85j$DWMo>}rz`%;=SlJ1E_5g-n0wm7y}X zRM_b1F0{*H!CA^5ETOS;yTrjl#? z73VQQZ3~Bx3ai6EXE^n;KE&uLhPq!djN*=IKYdz1Y5+XI8nqntaxONW6E0(k;e9GI z%Wj25Ya3zK$QlT6b!!o=xmGp{wXdgzM&?s)mZh+<(>@U$I*&Yfk%C3`@E4#Cv_jva zYO)c@eW5tU`&5k>;$7RqyU>J;35z;Juq-(KPfwg_>v+FEbWE&zu*J0hI5DrLMULEn zD<@5h|3&tg7H!f&wanLa=;k+@m>Lqq^lYqAtX59$A21+jV|a@?3ZqcLkDSzPu;7Cn z)WV9PAhbkeae}F78EpG^7lH+c9wS7&peolOh}41~tDIqTI&YQ{>=?z!*+J^uYW}aS z8xWg`6M&cJnVOyhrrjoIYjJ7Rq>V71HX;|Lq1Ckc-mkvH4o1&(56*&pVudU^PDd2f95x>a}VwB5fI6+(#BM9VgQ&Z&Ed zuZ!yUs><7EFK`md%5gZX%_8~8%YQv2jXY$0y=g7+6 zm41Da-$xxt%3z3rp~Q`ac;YEz%gEQ6f=C`z!o$Jj>UrdI))7ko(a`Qtc^T2il#WE3quF8R7;dkExFsz!!tH+Rjd5F9I= z)d^QzWS#b848{Lycn4|x_U%Kk9ey~N!^-sGK!qf(HUcX z;@~ff=fJI*NzEaQ4W?!ym+MGQ^B}Ze>{4fp_8H!ngQ?qlL8Q;#{*pMM4J+1iz$)=I zD^c6*aVRsHw!Wt0-?^;tXu2eGSn+7lLS|0WPWAVr7217TN>vG+7Mo!Thh&!p<9T8l zb6ct@sFjIWV<~SkO;8?`2&|J$W9|Q=k5-8W%1f6-O0p<6!U8uLritE9PfuD8B`W@c z+q-tVj3A+%V*Dh z)2W|Hmrgj}nk8IoZImh+L9N9yd^}_FW#4(!d^{ zcSomnpdjoyhiGROWl>^d$XLIdM4iME(FV;!?8#;Os15ej0qi}Hy}S^uFjg@19tlve z7iZrkq@|*i+qFPMR(2kLpk*M+%m>gB+Les-3GH0p9SYImnuKD8TA?Q4y|)J#eA|h< z1fWE8G?*Q~91Ov|n4i0KJS-|H5EbAlt3(A~c&RY|p-6M*6YoFGip|clR=sw7^Tm8r zV?O(`W8H$iD)3nGZ8>Ai>gk@0-*3d@JQf)GOT1@WO!doz23ue0+|h5rMMl`CK!xeX z4kPgRTMjV{E6g`zg=km0UqG6&S2#49Re1kwdEy@%)MkXUuMSr6*Loi9AK@wM=`9&Y zs+00A@UpH-nBKrVv{d|O<=@=y2$}MfM{`Rz0)7-xQcezUl1boRw;?*#;*RxgIVsl! zCXLiCsB-!Zcu@4&cta_XqR}H91NQjjVhKD7i(c{krHvDPv&?BvG`w9vS>sp@5;w_m z6k~PI4EPfml6|Z7q7|F&5YaShpJcK8zF{?1xy)#$ur0en7|q5O-pY+S3Ickdd)w_J zzf*U4)|9Xm!{l0LO_gWZ%Cu+ye2^mE`TULp0wE}Uenuq~)!H2M1vX;%$I>(qGIR&g z)aQ>iRK5FsW6$<*2+_hn?`PJd#Ap6(w@LD8ZJHIEC)s z6(gMUa}vQ*X9#SsG|L?fxb{Y3IPe(RoKoHH9#OXMbUbdd)#r2f5Y#N4$u*>XTWlVy z25Q6mzZ_(1G#L3p9Cw`PVQzD8d?UwuCC#*@@=4PqXH*S%srII?DCG=n6 zb00~&PAsCa7AsEGrARd1~qs;DPBjW(7BDsmJzIA zq@#lfYj_;TJqA}F{p#I+?~W2_JZ*NHf%S%%G1?a3<-+_uY`5x~quGoW^~rYZP|I$o z@BRg2zOt=gZK5*$$1T0(8^8cD!1Py@Z#~t;Iddahygc5VeD!KOcQw1MZRV^^;PrS& z>)_(UlZ-ihwAEL2hX3`KOh>fINkc=6$G5tDawo8v0GyR>!rIwEOKrdf^Ibj=d*DUN zZg=c?6sC44lgbFsPD#+s`@Y#-{=^h9ksCUXcz|{ky7SHM$gu3`AtpPj?)MD9HC~>U zbjBeGA#`dmHl-i0g%XTGt5^8eAR75B1P5n)B=3}^b322o3lAZtcGag1Wop9DiSD<- zEDsGE^Xx`#LlHtIy(>v2wu?7`XYZS|5(%ng(AcFe;~Tv{hkf8E>Z%YNF?rk^!;(R) zB2|beDvIr|J4H>16wE~ccQWjp6nE0P4D`%%i5eTVH`!cULHtsp?9o+qEgj{_L)PMX zzP3V_P7W}(5B6i7jeUGsoxmBDvCc1qz+UFkIEp_-KyxClg`$cdXzBbVW3SNJO$FN3 zMQ!NH1&B~i0sq~kZO_q{xDLlDdtAm1Pw6Oj!RnZ_29|3Jo*L}QWfoJtTE%Em+&B;BF%A(sIPfXZSVfNgMw8?XM<@ zz8nOvvv^wbz zbF{~qkepv@#a18Lu*1<5RgFqcZrbh<)v=7GkVZl1T_(&RxM8(8%wnI(uN~M@9a2=) zz`M+`h-KT7UmrVz?~6+()F{B-NuT zgspp9AQW)FQLp57zBliM*QK9LGo|N7sdUYtW8-4SO#H%Y8Y)&Z9j0uLWCMC0Rid5X zj!2hyfL)&n7sS}2Z!w$TN1?CRm7tV@g~pva(}AF=NZZv#4(iK0uQ6#d{)sWW4~uOCbzA@qZwCzvNAM;WmJ5yL>tKAXQX;nIW_P)} z1D}(n12yZE3{-D?P}$8@!?_(>D|ai%s{}7Cy}>RE-^5xdp#>xgT4h0-|!AI_58%Vn&Hr^ZU{+ zGgQ8rdB&oufzPVq1&A(8^Hp&6sGQAwfXp7iTDYP**;}-RVRX@A){V{f?Z)%m90C^@oR{ z^L*hZGi!LEwPcHOqI>3OZP;p+@%5ZoP0wt*CfOnu$!nEI{cqoyOg;H;wgVl8M%0=*2zK=38zz{ z{v+`dG#Irw2Z2bR{PcYpPGcum;5^ss|U-s;*#?p`qXo`O zhuv->NKnTEKBhPnu))*TIkOz$N$8HBjx{yclJlDD=Z~?}u74z@|7cgL5ZWM3WUK#c4(EX}{K|X$NT^4XjY@DrNU| zh>#DqMn>Yvj3hPrl)_becBv!9AJ1sD%MgFt9p}qVp`s0I;|=fcRvs4H3o@4I>(EGt zeOQd`R9wo)jGArkccY{T9Hul7t3M>YB%6iswP6{VGboN~l&@bLJi=*>_wd2dzBZ#z zaCxQ|8woKu!C-492LnqL$Oo3ws!y=qkF#DQeue0M!)M6*1Bd8}a;~?Dh`S20-!wGr zK9`3&aPJLc#wkt)lzxpS`Xc^Pv-wybrQ)I5Xq)CNZ)=5Ivy00+cokeQ~q~j7dp8D zFqspLjvs)c`_E>2LeMo^=%>(rM_C0YKkl7ZoFK-CZZn=+Zi;UOB5SquottHW47O;Z zDBep6OyOdu+ze&pMhGs~9@INMp%?QjB%8I9b@h8Xy&v|R;or{j?--Rpw_*PNfWUpv z@r=;%P82)$b#soT=&xtz97ThACB}D&=^IyvVx4Uagm{` zH{y=8QUR^A4Wc}-P8nV3KK97AVSbmCE|2aL+t_F2!2uw<>}sqB*Od$*Ags8V8BCX& zF-|$u(1j$U(lEakTyGkOCCJCQtJ~^fNlN0rkG7ct#=II+gFWfP!s*Z%Uw5^|2K7Mx z1Q?SaMOS(A5bBj{s=O%Mq|CH#+apPlF3_;A%+Siex2$3Ix%l(x=%l3|oX;P{VBleW zogWP0{=l3yzyK;?K|zI zHaEYyG7Fg_Qhw7Jb3A@NgjpMqZrSs@e;9nrsZc7Ww9i>eY;Y-V=Y(&tM6Z$AUU0%B zqA7F`guoE&(2jYmgB@Xsro-roV%xUp!r7kjt;*tNI(Jzjf;p|eQVBdvhmtQviWI;! zgP0e&?O8!_vv;e&6|xOI{^x=15hl2IsjF?(_x}KCK$gE=>S`RxxD%{7M(76XrYUcB zX*KY4vY$a$xrsDHn}wr4pi2X522E5s^0@5Jd1QuxMV5?Xz!j_tFJ!%anpMlaG|y;- zA~?AM7>?PYZaaioPIr`g@yH>p%IXu*mX%v%D^BZcEjGFe&FhLLb2DeoGg6RBSa5pO z0x0X&uP~`LoUriq5<_hV?hf^S=FX1$cE&;kNop7Au6kMOa07Wn^cOY1eOB|2W2$Vo z_3^3a0u#Kp&w75ZST=7$MaUlV6MH}ieyoodS?+^F;$=ReqdDA|nVBjO!1KH;>6dvjKL>RrujgW=X@U<;e zOWjQLu3l3#A_DMq58^eZZL%i?xEA-yJp^nexl8{dED(@;GhtxngeI4|hgI!8qhO9f zC<-C=KDju|%-ImH{#{vZEDE~m;#&iqbGjaOOp%ixzcYD{hTEm90-+Q|bhvV_psvRI zDoe=D&r%3~R$1fT%hxhr=YYsYzAi6YbA3JU(F!;edr380xmjMu1#fA#y|#Q%oO*vv zOU&9Sqq?T54c#PZwdTK*NltBr1mjYTLEbF@Vds7D)(}YS(cytJi%V&wD&3DD$kGD} zlrSo3(|8G4rEhfC7KcKOAo%1}Q{zYK3e2G`QxMrXkM()gI_4GMQ1Y2v6Xl9h{<=tL z+0aA#cx*WAuX!W$DaP17hmSa7r9%vmp3!gpBI*m{Ve3R3xhpI_4NX)UWnw6A;G!fD ze)SrvX|4m#=EcB3@A<;Vslayvz|xfwpLLo2bvSkeDS4mgnXj+?YKxBE@n?U*zBfO$ zcMe}&?##)I$*CbvECKl`yamTVWfMZ(nK%aKM)&t(>Y>;p9Xp#4=GY(WDq83p#0~2A z4cHsd&0kv3Wvsbscc$^{w~(_D6K{BahRCq_+W~3{vfhwP&R^`xe}yN2bpWEYyM&%(AKDHL6aR7ZQPb)jKIl|T zqinj@++14x9L2XN@OLng*t z+lfezJ-JSA+4~i2vF7z{1IK17+>`MK`uFJTXYlpyTbzXL&mpo`bDlU#MehJ{*Z25^ zK79RXkKfdlSHXx~3@G`1ey|o&tT&ab}27-Nv-(SVT93i&&%=o`cpT z|LqL?EO6lW61Q0krI*0?{6_EX8sE%7NP}mN#ML^ZGNTxgvkv4GBQFuE3B_%d&e&1b z^?tq-l4Lj2Q}$?k+yPJ<@`niA7exx&rzE0D_4@Kk!Mh1?XXFy zO@AC@sS?x%!*_j3dc}wDA$)%d?K2vr9ECll2gK`XO8h)V!KczC;L9)k63^dExeJg+ z)=>R$9*0M{u%B&g5pYxX+~AUPT5;E>t-J%(VfAoRxC42GI$lFzwP+~1VA+c&+|7-2 z1Am}`%V2wwq#z?ln_-%)FICd3!#sNgB>UAwj{95UcBE}G)}S^nE?oXJBPTjtq|tyS zhXVJ3Xk5rZHORr~#fImy-`;e@Xu#v)kIZ$a))@(6&mtK8O5bIiSxOH$vB?>zYJ1vq`7WBi z*^X>kufC^k4*2_9X!KJ#*w+Kpoq%X0D8Bn3N}w?&be0T57XI)om}c@M!2m{ZO~F-1 zmq|TFjL9j;B>iystv(#;TE3;|m7GDFPS-q*>CVHw+-?HfHqu@q69wG?WwgfU!^sR? z!ZVX9I^rxcK>Rsba_?OPwI|jtxph*|okmy&ADpMf$;~(Nrt**C3GBRyt-cT2>O!Wq zH5K+7J9LlmEM?z@hrPZga+sj!+E=mwuAH*wf-gCBzFOc^yhuPVpmfivRpp;dliMV5 zMj%56S$9MmO-LykIMfnYgi8a2HmP;|#ISEd$Oc;tG3q@8yvNas!N)EJ^B(!(g}U`b z5%Xv@5!bH3{o5|Ad-Tk6XTj=3sK43hrvf+lDt~Vajevb@^y^MYC`(x;-fFV)%N+}X zC-HKx^y}TrAaJMTH;GG_29l#=jC1^y-UIB^@g3bB);4Fsbl3s}50C4EoHXUGT$p*3 zc1<_^N_n(EzNYD0dK@&;E6ufR2lvFmE{P!7yYiv%*orj}j=fzYK>j9xae?t^auS0)f&n@`qgr*C@hjC zq(lI;`7Fedr`-@wFkUyi@A)T(nB>i#5^(Q~Da)Yx`Z9EFFTu*@C)XOGa%k74zUBeO z0k5=Ws--w>LbEG=WrrRWv>iTyeI{U{u$zO|`$R(p;LP4A+Czz^y;{GX?E=2+^n3Af z-hc0)Jkp+4$~5X%d%J=7NFLpeJYOa)N+rGl^}Hs+-mH&MXIvg3@7(qrUvYmMda6F? za#?w!a_(gjJ&?<0qV?JtBzDGi65KW{A_L3&9p(9J*bd!pK(~Z@aIMLJhG{slX4kxv z%h09llw7=S;L^*u4lD*yZy!O>S!-#aeyj(M)giKal$a=Jz2Dq)D^8uTG`60N*E_f2 zWU0g_Hz;#g!*0wJjzB$0qFGTF0a7t}lxcHFHa?GDdg`@MA(sTdig+NXWZVRspFaJ8e< zSi7S92|y93@hJ(%HtV!f!0*gdxFZZHs>ycMQosyqY91byG-QxCX$){4O2 z$as{i2je7q?p=^QwEeTMu^~TAN3!z#$TE(`8N*BM#XTcj%wXW|2lC%AgIvsFntZkBo76NWJ+$a4~ z4eE?{q>>rl;O(La>2V!6(Pj}n@Wv*Om!iz=yK1WQhp`Dh zbLz+>*vk!Dg3aM0B?qH5%^PmwtU2PEET>1$(jXWNYoHNg>02{(u5A8$R%(>s(@L>% z$zk@@4^FerRIqp_Aa5q|%S;JwAGdMHg2TLcT`d%^#;fzHzs!2@SC2ZnNZMT%Law@Bt5307VlPNyNy;0P6-P< zAGlQ6%_fah`%KAw3D)X5>Cgs0FnW-0d&N>N@p@7N+-D-9TF-4JHX$lte2PTO1`J7&2t{OUU!P9R9+MUps$26ok+2e)d>u1Ar!7Wg^+vy|P zB6Jz^Qru|teSM)}$l7m3Rse?YQt!y$Hnj}w?!8!oOz&4f%l zNBszC819|7ZK?0E&;=#l-E}o{M17%y$0gND?ZA8E^Fnp@n3o-IzMJbS8qAM#4u{O| zt8K(J&fPA~mYIC&%l)2D7>wdB%@xiq>2d?G5OF3Sh#Q_#Ci$Qc#Qf@!>Z~{1l|00# z50w-yD#YPpP>De`smzQ=GZ#O7K$$>2z}0pryVsdP-P()b{K`Q{G4e{}p+y=dY$2%@ zb4CG)ZcPuYV1al(UHvO{jUbVYq`pox^KjFY{nkqLj3WI#D+PR* zsar!z(1jyOD2HBDW;y+cxeM+#wU>y6@x6ntC&5VWOW za{cMrP^SKJcT*ED{+p__G)8>1v*!qb+bjM8WhYflB%~gadrC3j94gWM2OtJvq}KW+ zZnV_Zocu*;W)*;RYKmY}NyB7o-q>G~E#0&y1LZj-BWr$NuZg<9)zd0>H%J_ZK%<}Z zfT(@QLko0m4pRu^Bj~ib3JTIAz|I04a;4h@|$*+nW;k)l3pcj+l$K_IGFY9`_?n)!X|XQA)C3 zZh|{aZ-CXA2f~GKMSZr_Iz0Fo^7TsZxBiY#3RHDi>sZfqZO-^lE6voJuA;@#)y>)O zMCw}rq`!x&yj&D6R@Rmw?}%IObTHFSE|5A+u&$>%--di+cY5?MRtoqVGxcDL(@HHo zJC~OvNbidrkknnP zIPQk;V?n~Ng_G&m-WwX%%VU8)FZCE+?0R}f`B=d-1WgCB}K9CfpoFTUJG&YUyU81?0>?!Xd7AqB%Z}LG{I`pow zGi0>CwNhwaeca&q_rX+E^Afm4aIjJbu^ahIyY-v1FoNMMByWNuM?qL| zc1vQ4hE)xf=q{J`k`;?MBiZS&3(LN0hgYH3aZ*hmM;kGqjA9)Gdp0Bh^&&(zG+ALW zTdhQ-vMe@<7aH0rGTL6qO6V{;c0`x3*5%4>US~RJo*MnVe3|Oa0=TeJAFp7&m}PJ- z>)Yw|Bhs}t6i0Tq*W-Q3vZ|SMep?k1w|J4I18Q#NrVjL&pi98e@7!9JR7BE#VO(KT zHdt7CAhcz*D(p~*lM0VrYU%fh>Wn-%S5@TfdDqQE|Ge`H;F#Xs2M4$6-Y`U4o3_dF=a`@$62o%Ndf zs98zd@vU=!6tmjrD{_zL=57Qy)I@?cRMEI|BDb=ooAUkWi43#O$v6}b5##b6dPOLi zJpsOP9SEX@L@FbKsn9Sgs4FAYUxt0K$3A-UEyykYfhx8Uw8&$6#FA!_tw+WCIx2P- zKSZGOcn9Xpa3C(0=yI=du2&{{T}zY41M%qhQ9ka%G92)}fI!*I zdh560JG;AdyR^$j-Q#6*Z_Qj>Z!scic z#MW)ZT^_{Cc)?v3PnLsWfj25lU8VRUT7_CC={oiHya+Gg+J5S0W~<3ckC%KGK3w-4 zxP#b-k4Go6HJT05SdTejTg)HUZ z1m{SxI@(=vmS(YmzI3%zqRH}p;%ygmpNSSx%OGzn%YHN?#8#)m_N zH4m=7Fwo`cfX25sIBL8vj^DFVT_{TsGEB9bV+W0MgXKuvezzMY!5Vt(*Cmgg{0 z_ePCxQ;5mS^3WMr;4=8tfx2Ksd`=mg49nm#|V6eC8S>3D#4 z3(Y%b#fM&PPZXMMb}XNDgs$MBR;Eb7hfw%*99JE&fkdSmWn2x{VKKxDFCiWVK-O}7 zO_zq#22qlVQgP9s*bOVzg0@I#e=3kc#KZ?=yQoolA`xFNGbo{bv${DFkHB_Di@Ole zc}<`8mD*#;6#|7fQm^l$Ys?0E6xy9+oxrMPuM^(byXS{U)M|u*+6)F@DtmA%okfq+ z3+o$I!$X8N@#S*t;3_8XK!{q*JR?c%@q*ST9HC-kMUg-?_C?ga0&v1tG3J6064#`y zGKsBE_~+5JdT}h-hQfzPr&+Q*g^onEDs88Z?#@f7p;k!Spqm!vW#>GJxz*ES_Rv1jVWg2Zzv zZVZ_pzbb7sR>re{+FEzMoag9mCM%eN6&`@nTdGQt>}Z40uEU#3rNQ7aFd_0YF5#Xv zF^N=g^IwI@M?fYmSi63Vl;SpC0YV&&sTf2LD2+^)z7PE9=hA6{F zCG%4>1G=uhh;2tg59Ds>of1%H4rQM_EnM97?Y$*Y>ptaeJ_b$oGMd@$?t@(1ZzQ+8 z3{VDK-NEzu<5y^wVDr>@I&bq^E2WFx^4%L8n+B6A8jamN(Gbj1%H?J~C~BRDdKZ%_G!q&qT>AB;@@DIij9f6G#cz zq|ikh5hVg8EC^lr_~_L-a|~z$^yiKAF1x!mzB}v)T0`6<#tS!54UOc)Z6`QuU}mQZ zpLItS@IgNhPvh$LfmyWeR6rb%=m`siF~!}kJc26m8s>JxbvE5!xch34x1^m8o)J{6 z;@fVjaTYPV{{155^|0Ow~VUSENb-O@Fzo)lP38hC%)1k%(JO?Uh@YJg{J8RA_BJ(2fA)tB%- zkW<;k&&8XUNPpCc&@hZf?}R$^knny-MQxh`AFuq|Y4Z#~Rm~w}x%8mS*Rr0yu?nQc zEd@1=B`}wcys!E7>Loaea%wMCOUj|uJG|3Q(0U)?}ygK_Z0Cbno?2+#ESK?Nx1Vu_4a}S zFiB;s8rab=HQrsVrPB3n@Swv$@%TkFTl0XW=!0A0rn>^xhX`_A`b&y!(?uy_5D-uv zqF=1}7MOvt6Ai|T@MUO8Is31PspO<-8c$xY*t%|l!)c+trnwy%u*mIo7PpN}fC z>h-Xw+H%hTwJ`FI;Z)vNUQUqnm+6ipqt9L@E)~;qQTOJkoPMQlx5B@;r zVC;4hTe|MtXm@U;+|}Pee^hzj1_4u>8kx*2H&Q-xiz_@nVgnsst)?Wemsh9^SSt=v z+Fr)pEWz6pY|}D%0!ZQBc^fI=Hhk%sT9hDlxpuimIok~0Dqosex85jYNo_UgxFzwZ zK|VBEp22pro(n)em zUW@db$)H>U-00P@uOiZ1A8|yeedMr<&UDc=3TKZt9Y`dn4eX9gxm>dmIv)t02z_lq zWgKcOX#nAZHI)_}m#dB|qWz%9_Z<5=Xsx%y30o;bEc;hu8I&|OA`%kbE3L)Mk<$T^qyCV%aC+V(cJ5{5NTcbnBk z28g^m)iHV`d=ac>%S6#*xEJUfuMOC*eKaxPt+;km18xQ8$+8cjPdjktHc?WWF(p80 zGUqP%VS*IiC0_&?CGPLbqYr3d+I14iL63o~lpG;&iq7~&zbA1br-C~2s8DG$AXj%I z-q~wI8HoNSRc;rdW3>Yj1tq*h=fu3d#k^g(YktOuqNhu~-M85zCr8>^S}sh8H6bGFrz}2CUIPTTr)*j=RJ;^f$SuCC~TCAsX2{-si7e2vIn?D zz8ewRQ*%1qfGt5KsSfQ*7X$1OT+YV+YnitKCE_J$Bt5+FFPKow7GPK|uM@+o#c`?- z_t*$}gPvmIx^>$juRS6eb1CsSivvMFQRX_n%d7BG7Hx?=iogLdb$lG|61RSMwQ`XJ ztOO-xGY1|yn(_{r(rv;tCEh$^T`LYlc^;+pYg#%&#DN11(8+EKy`E}Oquv?mArjm} zr1sN+l=xWl;M22;ePRd!K8PSult33@Md#XnC*)~1p1>K!+0=qv`gia=y~Cpv%0%hq zfGvmW~yv0)@_ADDqta%g*7t z(Q}>NTPTsKp5#65FQrXcvO^pG&)d{Lj;jI0$HpCKViuaV7{rlmKBj4d|J^1gL7C`w zb5&|>H&cP$RQ~J~^5JGM;{aoCf1KH9e7Xo059#dtCShyCD~7}keu%$~pMC;bhqA zbe4LUyd(4OPYCcs68+_aG5#Nswto6=|LqeeTTfH}>EBHL`A^FHOv3t6>Y>q3K{s#z zO1WihK8l$9L;s6yYJXv9i~m~gvl#yCDTV*@r5k_!@zYPAe*8ij`{SoShkyIs7be-? z$t;bF{?m{4Zy0!gAr<`KA^f%cFV8;vuXL}?`zx31&n(El;Z^;gpI%=GPRFJDl)UQv z&mVN8U%BG{W~iSl-^=+E{CVnr_<6KHo&Epa$o~rc(jn+a;QONcO1}MtsQ!l^P61lH z#6>@%e?>fKmUpFf6L1L`wBj*%fDLwD{1TRYxt^Xztq9;%x^pPBkP9OeJ z5B~1pzSEh1)|Kznb!zrkS^rj)UuWoxB)`&u{~byGGLipWjGuM(TPgff{!jmU1%JQ8 zzbMZ?>+)~3>|bp2=jHNk=YLbvpZ@==`aF!^@@7Km9DndkLsP$uaXS5bbDF$=PoOU( z)E^&!KmF-XpPrIzeG+7i|8)MP?WcaDpE65pn*WK_?}9AaCeM93pZv;F`h}7HgK~NP z^qEPun?JLHM`_b<|MN5TYS_I$^{0@&(#n=!n5%yw4sZIiA7^d$2Q&0p(+8XLfB&b} z^S^(v%zkhKe`QepO~wBX{Bv>rS`ly>*WWFfzy6Z*vzGpn@v9bm$@*rI{Pl}x|M0e8 z`r(V?4`=Y%VV9?d{4$vTaZZi+5dZQa=AZs|TYotH|9yV{eHzq%`}uL;hmW4u>HAZd zB)`r62l(OFr_R3p795uvgyc~T2mB1ZJK6w?w%qF8*Fe5SnqcvTn9Z3THAe*I&>!L@7l%qM{ z!|1&MTqgGuwLc$-rj`bwfKk+fa9`6%{5XmyVk{Ew$Tiv>iM<>sNS_Qv7Ud(&>OEF) z(edZ(5GIi>F#khuF)EIGWz=+I#UBKV8wyzak_P1jlu5oxf|m%B=dh*H)Z+e(^qP1> zswem6s1Z1-p=y_H0EMU%=E9~@;o6N=jmU>)l4qn4eVp^yt_Ypk)kZ&T`Vfv7nx$5l zYu4pu%XMqD!p2LC5)r_` zyBZ5rK1=G(<~PT5pG*A;^_I2A`gc-~?QevmBK+K?D=Pi#&T9+Eu&emMY+a`i>@)p} zJ`G3nJWm9b+(>(*qXJ@hljN-)UOvv0%z9*1uxk;N{-evcOR@Mejb{25og$h2kes5z z`edjfIXlCei_D!E6$Sc!NEx>hRJ0OrI2d=b^N%hJcEt%Ej=zB;%Phx!%S{}blB{^Z zGiPoLzmDrV=y@8e2=+~wJJZf*KRR5@iL;apxJqZc1v1cB;rR52^xAB3xiw_4btWfm zm*SN58y%gD_!!EbSaGiBz6G*>Z6bfQ_&Uoj#5{;Ag(z@BtWn#WJV;02!-T?v(KFg{ zFFmCpQDjw)-1IVqxK!P;?qC>*Y0B;94n%mt4+5dj#&XJfwDm^V6S_B5jEOCzPIc4a zYe|Y;V5Zim*tLTiluGYgX9MWV8AVQ2lO#!sg0%yo_RPlRv>IOQgs2?^&k7R%uWK-6 zFzIN3x$u?i`6_&n`)N-z3>4b@LMC_g|GLft!3n&e{9KXv%498BcMt6Si?*XS20^Y- z!9>WX9#%_TvwA>Gwg<162d+_jm5at8@ITnBVs`B^-W@betd2F_)r6?+n zIb!A>uJPHr-grECn0VZODuzMTTdI@y0E#w)_u9Eu1W)ghMT2gGcf~r%H~6s3Dy++T zY6&1BNp@8^xZbZ?H7cPrgGswS70pfIwcSEa0Jak0_a;C#OzJ=3BhAS949)L7dkJfp z%q+C*jR!R7ekdV<(r=(VAohAx7^p@_z85MVT;)E#i@tqdBX;zwH0$g|j5C`!6^c_W z_KsH+dKg8#ZLvl@vB+y5#-A|JbJe^sr7x?BMYj-I8zkDRP+0h41dV!Sw*NndVmEb) zBy&S5E;+Zk>CW7Kgeq#~6|5K?o-r4Dx2o?b*FB(#)mf%+%mp%wauNN|Hi*QRsdpM*7g z0Z7=(_G`_ZdZE}cuteY{xFJ0MrauLs1f0sGA1vc8ik_uYD@Y@UL&>#0M?ZD)+=DGg z1gn|IR|fOd2O2jZnBI9_;6Jlo7&X*oT`!BQ_wMvjb=rNP$qJ_C$z1}=wDIqF7UMa> zps<$+ym(8)g`t>?vF$ns$T~iwDb!xnSlQVblOM|u*DzHN7p4{3h=m@?-kXp3bON`m zUcOv{m4ev7r3k*YV_*R&GB6W&@)g=r#%wZ<=m*$Y#&bu?nJZBFvWuylISZ7>-?Ns= z6bx`GgOvh6Wywa!Azw^e@XiBoIY57gsWG4h(8~JLkk8~(D7)+2QF)KI)wBxZlDGu5 z;JB?|*&agj0mS)Z*8A+TEw!iPJ!AMjhyKA41vh-JNG94W%$KiY)ITe{y6z$(wZ^&B zI&}oHD_?=?QSc$%*juBEdWvO$d;5O-w7(-$5dC2kZ~lJYe?%>jPxIqCZtg*fmJEd& z_d=Ds?GuV`z9o`rc(CY%gZAY=fbds_il49Es0p9&4%RPLFrg?~C4$xv^h`O)j$t^Fa<#YUSCNAKsR@5^= z>|fYXvk`ZIxd9=W)mtVzH~xMxr8o;*Mz|%JDt^dwaCMz|H6{OdCCer9$pP|sf{qP< z_1=r+%M}{sVR|%=g~|W3Mpu>h6f!5m1#_?ZLC#+y zEU{9-a>9#0Z>JplX{!!M?N5%1HoYJ*Ob8F}|8f0Lo1j1u5LnGPnVY`HYK>2yJLKNi zxgk`iiv<|0s$YuK&pf`ax;QAKfe+hY8F$L3+NIa%K<%A7Xo8_aRP7W{%yF8aIBRja zW4Q>sm`zN$348ohjR+&9J>aQP{w3T#Zib=Hqpq*x*Ej%fAgS+xEI-)-qH3A<(uuM~ zVH?a4YR>M*Nbsg<3;!dIP8RP6evc*va3VeheKI54v~`Cq)eu4>=w2ikRd&Kn;h-UC z^xk3wY+4`kyT{r-F<8$Z_Zw7*Aus{q6xax717`(C@xa2?OhbN^U3$TypVBJ7DRIQ) z)~hVGd|4!xOwuG!n>ANCL-0G7R3l~3#r<+tWK5-JWl-TB=_{pV?N||{<&BrEA`?A; z{&0pY+8|%uS`23TxRVOvAC^ELlac#4DbAn7~B8%y3_CSU32QGqaiC4;glV?a;O z@XWX)`h5!D>Y4eIM)@8ELxNy4Vr$Kyndj88c-09$U=6$@9W zjBr~^SyC_PqjLTXJSFm@hLy#~1X z@T2C`xM7LkQj4A*?YibUxuK(0(TA3A_W5>}A1N&2@=@YRi8@42WXTK8HLq4_a(Tk0 z)|WZW&MI0N>*%jF@I`wro@swEbuOol?|uky+r%l`hs!h8g0n%2Ts8N?zxj+k*e=iY zKI4LY zp15>9%iFMJwNa4{JfudR??(|!nuBLSR&2w#?uXoraFrC^?;ydGqtE1)Ur-tj>~!5O zYOUxU+M|1i9 zxe^Ubdu`#poZUfl&P=bVTq`-goNbmSj+8;h6$6h&3UCMlmHAIyJ5PXTpayg;c0!VF zZaX?L`{7)rQ_pdbza!l{4uJQDgR2z?M7fT%tOe^!Ve}+H$r{x>E*H&=BlAb(CapT4 z0kd!Nv-;{ClHe2%EE;FxTE-8Uw}q}TV(WFi2Qb<;jUCB| zl@qoBTgOk|%f_*$Z2A$i|NqsWfG5NGN75{ag z7VUXOV6!vx6V?4y_w80D4_H~9KCKt$Di)RCiaWe$#?9R+D?{K;)lq<`^7Rd^Mzx4< z>I4bKibu_<6ElKhv}N>@07?UTGcuXde-HZX_5?sdegfjpK@%ePsZi8FnE;My)kEwx zp7B=Jbf!C*Dx|V)aCFOM04ayYr8(v06X8v0L{3eF3m+K>38!^22t9wT(57Iu3uc7^ zcRlI1;}qAF(RN6BBRkFuD`I%I8K!hK54CWgpK)2$PpdKyYEdp2n|;j?PAEEh3+&{)ULEyJarM0li+e=G%oo`N_|Nc0|&njA`tlMbo4J#zo{>XGIoWly`9%t1z|>se*Bu&uwi!!EXujOr5B@ z9&tl8=&h-Imn*_TBv}8{!}c+oOWtfu89^45YS6-;;CHm(O<&^t#{QxvhJlOSCSNdI z!0dRmy{LO2HF~j*vBuXME}J!jW5xW@)=r61TnzpdCc;vX%f>uGVs>d5I05+?8l6|V z6+B#z&;k#{Wc!!6H#SGBg|g!Gj{cDdhEl^4VX!E+jnb*zLDx=)=(Ng!3WMT;)+rz@ z!RyPG%${b^^ZL5>x0`bnV?)PPbihI&1_%dY9%OUEKLne;Hjap}klu zB>C*l4=<`5COz*k2Q2cq3bC7d?m(%A=kOk3AU2x})fm*(z*rhmnYfTA>Xu0)KxW+}OTlL|rg%nba@GyHLmTg4&GxlG|sWZBk1 zzKQU9D>=MLM!RbPhh50ah1|SsG@01w5^QHUR%$ofQnk@?-d)J4AL{aPC7$-vMOIzv zxxHLPvy?Me1uwrESVqNgNrB0}?j3AhNr(P7m}?oQvVGq)B^;lVpjAaN-OVQ=AIm0M z+M&-L)XysXv?JBeIGJxil`2k4@iGI3#_BLlGnLHDqkS3xg&i`C;jpi(tW_$@_>?Zk zU=MoYN-AQll}3JQcC#;Tc<0`wYs&De=M*N`Z1VR0Rn|5AUX>3fb=j@lq|8fu7F`X` z&3j7pM09s^TM?&B(UWKeer!*;v-BDuAd|Ju))kYdP25phSb7ULsz5R;Y?1wRq^@Ju zy9M`qbUX>o`=k(UjqMBtJ0UmXhA%BQ^Qq#5o_;D4ojZ2-28QSh0bc_=srru{z!b_3 zNwTYe(~eCv-XiU@dFC{NSrNv}5)_s(Hl=wSjP$X}qmI}ndeh?*iQVMZa$oN#t7w~gs60lV&FGCA883Jti&VpRfz79ypesZ z?*)kwl9$i}lu0aPyx!K1H?>OZTXAfk+k@?By]f->RkC2APWEO#1cW2tc;L*civ z{%Qtqqm_FmdKQmz;JT}gY!2nJ#s{L5?m)J%^=`_yd*_+c&0tyOaLwX2^VJt9LWVbb z8F)(mZ_|=(47&ft{#0tf;gs#&(6Q@Ae(ET9<(bLm0>z=@<|doaB7T+X&{=0@1G)@p z-?p-HnuMbImQ&LJH8r)+rRsZ0CdLYxys!f++wAFy(xbzBjr;!Rt%CJt{fQ2)FrUJ& z4T}|AG%Mh?wD5=Ovg?6@-%kbT0fbk^mOJo6TR8<*v+X(^UpN{`*f*?~NMp26059Y) zF{u3Z4Ic(nqzh*`a~C2jvU2E0@#!~E+Rfv&%(K;CzoWfAS^Fa+jFnSDr*EzZX(NW( zi?0kWJyLIeectZ01#GHIke;wk8SA+wbwtE}b}Kj$Gng2%S!JX>C%J-O;~G0bXO0$F zkw8NE)I)w_drI7k><9z9^9s)YXjEge3wf@b-I9GBp^`Y%Qct`~tXYxYxl#sN2b%J# z6eWgW2`E@>E4(?R0Cg@l$jO&Hxo-g;E8ECizh8RXeN+d2!bX@)yoXSk1efn1xYT42Eot zFdC1`e`LC`Qd|%h5p3u?nQrri61gs|F!ii!8y+K~1E+(L?YLsQ|Ep&it5|!jH8>dY z9;s9wgl;Yh(I~C%msLY?h=8V+l`xd>M^xnTAwgr0S;%?N#k3a~wg^Oj!m35F!g3eg z4VGb0G{fs5`-y4wO|_?HH%}=h@L+>xq;s1<+J;J3L4$ciy9*U!0KJ6&ptox(daXC2 zHg=Z+^}+x;6JsEdEW-^Qn(Q2dZ#Yx=U&}+34SbE#k(*;ds;etLs&zIuL#>hlE8NxH z_`jY(L{IC|AD*4f2HW!KvXgfLxagTslAW)l1GVO06J@P8xVa^eUL~WZQ)DT|^eMXe zgi-Kf`nHr3SCduq$r9zeR2ZB@n-buJSQRF=Ha&MU#ao88|K5-L!VM$REqEM_?OYw^ z*qz4A93{*gZ=v?QQGB0VP`dZP#$x99Mb%5VyzP;9Qt*eCJS!xEehLQZ40FrD^9VFj z0w0Ej$7}ydQ1gg`_fqFbrjOf9yhSOim`j!gR)>wG;&w2KA(y#!n17H?zQew)ccx%~ z>5C!#!la#HzexzsRP#IqIcl;YAQZ@OF(~?Vu+quw@q(?H{ZQO59JGuvy_I>R^x=vg-p2PIkKuXw9a`>ly z^cEwETjpXyJ z{xd%8P00vEf-^xo3Y=n^60noObm^_=8w0#}jm2sw^ddxE3^k+pU2;;U)A`gSlr@kj z96IL%n{UrG*6bj)_)&bUc5GK@k{3~ZnjAn^s9o6eTF^vXb*v&mgKH6?hw&yka)t#! z1FY3GX8`@fl|dL2ndV_TOfNTdY)9+Bbf+PJt$pT{6)1{sr265bt$;#~#lFS;C-szq>8_cQ0cSg?f{quLlgj8_NsLoi3A_;2 z29nRE;i=jy7hUVB9qxk|e$o+nnv(ur==$8$n6(ap%iwG@6)*}Pii^id`dZXyKZ|AL za>Dt!YZ#5W}1kLgJ_)j|hyLQ*?_EXb*@`^7xi4eg0p<>}Jl=R&UQ zw4=+wjP~){{Fw~>R%y1>==P0~#hK^fJ6(SE)Tk z{Ss2FR5KlGLWT0cMv>PH2~aFkLNA9p7XoH}$KHWh!gQx3e%!l}Z8IZa>`wNIrV>#% zPQ3P^^;Y1zfN_&y96HpO%%}q0Qz-II=OH~vG zOEDtO4unZ#ngdU-Zzj$8*e^TUs9glqL3@S6dNEd>(&VMlloVk~tL+?)sWJa3#2BCH`9^nSHXTgAtYC4=4})vR}&xa^R=BZey0w%3)Q_sO=as-JkeYL0N+lmp(=e!FJ0q4)f84Q1`LSGxuFXPxV>@2h_ zy8jE*7@!jOnqsT?>G{_F%Rl&oo;KTJ8wyEil65TT1Pvy-*DyC)Sz-jf(!bVFT^RS8 zIdJj@Wgi)nyR9`)QSfoj;Q-lMxsh9am=w?M%AluT{O}#XM_Vk$m&rSyt*Vm#So_4Nh@#UWV#q^$>7y6(xk?%o3U?E+=CgmlYCDGZ z>;N!mhYAVTh!N^ln+hVz$7y$>9_BJZ+Y3kNasIn&%AkJd52In9*y1(Y?2YH4>ZId0 z#(~cC`z>vz!e;9RS*ggGL?K5};Q<(prgowv#ok*uNASEVhd2J(kH+*PLqkFV@pymR z+`Pw8r)w~+ji$DdX4S%(L9tl?z{%=PiV1yOx>Z1(go_^p<#@;ctZ}{U7!YTIsPVwk z@v)B+@D3DNf^+xIjpadJDuzCz9$fdo+c>{~9`fjh6KFNUHAM#xd|`$!L=3bU_{$Dr~!m^_2BwmGO(&iZ`50%pfxsfBT8k zT<+NClcl2R;QA!EmBKIii}?{M%w5g=nM*Vh?nPea-rb0c^jGmp?G4n{0y~y-v2z1} zqu4)_MxbI^*?*ADE`9inlq^PrCAKmaiZJ(FS5ZAlnf1Z4G{>*-0lN!C^po0^>Hr|& zB_Hs!C)J6HCNJJDcqrOdBe=u&w?H{mt7=fA2RUOPd4cv%ss6JqXDI1JA#{=7OG?L= z5%{#47rdPE1cxzRNP6y&%qk?}ZSN-3Vrs zrDH)b@5(QGZ#Clf7NQ_vcG5wQ+=puLdC0@_1)Z+@n!mwAJ?tZ6-C<0Q42;zOV}So1 z70)DKVZ8DcYK`lnrC?wI(~ILdvDgrczhm(t7fBTu4tLtg+9N$RJ#Bk) zF8PXh-uaABy6Bp8xTqTNo2YJC@5wV3e3Rs--M&FhzO^K=<~D*fPUvzD@EZ~pJ=BUq zYtzZc;A%R*Jni$NQrkr8L2uSrOS^FfbK}k-lkU-IlWP^nE;E>7EJ~dnSwvW%4@-E} zXGJ(k-Kzm{gG6h+&wp^rBpyLt6H)IS44#~wVqPr$#Vb2A~58eB-;5ID;t zN{;5!du;-^xe6;2^>W7DO7^J%MLNP#mH3buPC8|)+uHFTwT$@13)Cc^_Fe+sC-o)I zgFVon2G>k8Bj_v!ttAkKjrQ>ECO?!NW&!kw8(FiX3uYK(iU{`CE{KS}A+yWqPZO46 zLxxrV2Mf@6*>GdL|INTRh7@i!t(i#?au7VZ_6d~_rw}qk867+irm^9eK+5p=n&Kw~ zxSAe4)@d2bMG`+sJt_prhry_e+yqQ7l^}iNtkJC zM}JeVzCSogw<6<1hJ>@`kuht+Zi)h>$c8-xAZPFYk%>usauN{voUcKSo_bsyxoWYg znVM1if)XK+UX>qPq|`A;5jGSEU;gP*DGr5HAuJCYZe#2rwjFiEvx53Xg(;7>jeHn! zX)}fppxUv7(62geHSuDBPp48#{^UHW1^$xVlFca-_+s$(L(XuRvdi{PKG(AvR~6xj z18j%C;U~=~aB_t3dzHHy!G(f;qJtAI07XHIvQM>!Ls9pxO~S1QR|i_FWf@`jD242$2k7f#lrR!Qh>~{%8+7BZ5eY@8t(NNxPC-dB*kCwKnOr|N=fx2PiIn^Gx2qc znp#QT^(|Gr@d3&6&NgewHvbDyxM@Ifi2EC&*thJTBk2?hvv3MbCncsE0f)Y{5=E^c zpSe#Goip3SidQ8YM^M{Qsf{rH34m==J_CoHV3-U_B=xOYKPBUx{EUHPm;ENWRGFK0;G9-poLpA z?W%r}dB*6XqpKz6d)o`^!w|~lNgYcry#Xc-5KsvbN&;can{XB>r!tgpz@1PnKV+eG ztlazt2z0XJJasst5Jo=m!@pwXJ(aJ@zv2I$lTuBm?;!KXHtV-G97fSMgEb%Q1;g^r zqJ>Pyi(*Nz2a#!YUgPb5qo=*&0l%R(Nqy8I>l47f_szk+EQzjF=-*b{Gt&ayE1r>Y zdl#>)L~I44#?ffw#v0#NTxnnIX}*)e7pDOj2ZXZ^&1G=B z3uY*^*4}f>QUXsY-B$%Kri8YH5jC>qr+xJE5layA9J>us>{)R2Lp8@AkV5x-Jl|lr zM(*Yj)fS?!XJN!tvW4C(JMW9&(Kja_=3BAafAKulo)0^q>I2AGhj6CoW6IX_6AE&F z%!M2h{%t>m4?!n0*A8!y*>S(7ebuF&suFI+%1lZzs+z>)G>Y+#e?ynAzI6EH`Bgqv zy>&ZYAa!^^nsGMVMCc`ytV1{tqA2uKXt`Mg7M!Ye2=`-3N0|Dewj4Qh%GL;A`zDO| zv@|UQSN(@{B9AAxi#q1rJm_MflMc^>2_x_$S-Ey~z4 zE5ea+o%Clu$U+q=b|lLly~(tfMgd*5D0**JTGy;6F1THHey$$mYkU8^%PK-Tp6|58 zIv6aeRqxH31AH3LVY8a*W)GH3?Cc|n9L(K)A}>SI#>N}02bI7t522g{A0aYqzkmw> z|2mN}z5$o&WCFd)!Ue&kLF_`R4gfn5VX6IBM`HCWxu-VXz-s!lx)R7-@I^De`O%MH zaG|Z+g5`*l!dov2#NqrU5EVvBw*&c=Tp((|0c8Ka!bVyh2!o!>``?W6W(U05>xT|^_~u0ZJO?=IkPSUvbK>=Z_; zh#ySt?V1@bwSF|zlYFN1Oo6r!ud+t>YyY7@U!h{Slt5pBs_U&TgR>1qzJV{jxcuxM zY!HPE7h&-CbntC-A~K*mTVyD{sMdJtx%WN^fPA$CaV?}7R)3dzw|9U&>uJYQSy3h| zYM_OIHUpwNf50M&msz5ENOCF+=>c*|`m;&n#=+Ve#xGwDoU4#caW~~Jh?7Xbe)+P{ z#nU@V7Log_g)W1Xw!%ju;9VsaCgY;ltqDiD@cU-&6=XNGmDY70dEC!~(AS@-B5ydP!gJ`fciNSY*rd=(n@Y zva*_V@akJFc)_}rglr0a4RASsFmtfgUVfvFzd=-%8zM_k-V=_))ZP>5K|k}F36uEt z6a?f;%-G;qp-^5zrzDR8Kvkb1uGP*{uMfCgGG=+?2abC~?g%MIG>7d%o{-tA1}hbq z#~_BFt^tCn>IsjR%&W6>_&`RTjs-0~5?;7{F45%nd?;L&Mw5Qd9fV7yHeSnz*Iot21q{*%b5k7a#7Q~wYF=jTA4<9KbC;v4M`oeM=df}L!Q7o?#o0L z&);Pi6`z*^=Qu*RIKGj~o*$Kc7C~zCEN-TpFW@EFdW`hpLbV1bLc>2)fVtYK$R=Ha zih8fdaja;TfMhGnBH3KU_g7dT9O>c8VQAuzABR7YOXs?TRVYW69sMo|m4Z_M00000 j6AOXvqSj;+00EU$fS>^YJm6PuvBYQl0ssI200dcDRR{sJ literal 0 HcmV?d00001 diff --git a/mysql-oracle/files/mysql-optimize.sh b/mysql-oracle/files/mysql-optimize.sh new file mode 100644 index 00000000..0c89d74e --- /dev/null +++ b/mysql-oracle/files/mysql-optimize.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +# Do some weekly optimizations. +# Reset the cache to avoid fragmentation. +mysql --defaults-extra-file=/etc/mysql/debian.cnf -e "RESET QUERY CACHE;" diff --git a/mysql-oracle/files/mysqltuner.cron.sh b/mysql-oracle/files/mysqltuner.cron.sh new file mode 100644 index 00000000..5424aa90 --- /dev/null +++ b/mysql-oracle/files/mysqltuner.cron.sh @@ -0,0 +1,50 @@ +#!/bin/bash +set -e +export TERM=screen + +mem=$(free -m | grep Mem: | tr -s ' ' | cut -d ' ' -f2) +swap=$(free -m | grep Swap: | tr -s ' ' | cut -d ' ' -f2) +template=$(mktemp --tmpdir=/tmp evomysqltuner.XXX) +body=$(mktemp --tmpdir=/tmp evomysqltuner.XXX) +clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2) +hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2) +hostname=${hostname%%.evolix.net} +# If hostname is composed with -, remove the first part. +if [[ $hostname =~ "-" ]]; then + hostname=$(echo $hostname | cut -d'-' -f2-) +fi + +# Remove temporary files on exit. +trap "rm $template $body" EXIT + +# Add port here if you have more than one instance! +instances="3306" +for instance in $instances; do + mysqltuner --port $instance --host 127.0.0.1 --forcemem $mem --forceswap $swap \ + | aha > /var/www/mysqlreport_${instance}.html + cat << EOT > $template +Content-Type: text/plain; charset="utf-8" +Reply-To: Équipe Evolix +From: Équipe Evolix +To: $clientmail +Subject: Rapport MySQL instance $instance pour votre serveur $hostname +EOT + cat << EOT > $body +Bonjour, + +Veuillez trouver ci-joint un rapport MySQL. +Celui-ci permet d'identifier aisément si des optimisations MySQL sont possibles. + +N'hésitez pas à nous indiquer par mail ou ticket quelles variables vous souhaiter +optimiser. + +Veuillez noter qu'il faudra redémarrer MySQL pour appliquer de nouveaux paramètres. + +Bien à vous, +-- +Rapport automatique Evolix +EOT + mutt -x -e 'set send_charset="utf-8"' -H $template \ + -a /var/www/mysqlreport_${instance}.html < $body +done +chmod 644 /var/www/mysqlreport*html diff --git a/mysql-oracle/files/mytop b/mysql-oracle/files/mytop new file mode 100755 index 00000000..1dd8820b --- /dev/null +++ b/mysql-oracle/files/mytop @@ -0,0 +1,2328 @@ +#!/usr/bin/perl -w +# +# $Id: mytop,v 1.91 2012/01/18 16:49:12 mgrennan Exp $ + +=pod + +=head1 NAME + +mytop - display MySQL server performance info like `top' + +=cut + +## most of the POD is at the bottom of the file + +use 5.005; +use strict; +use DBI; +use Getopt::Long; +use DBD::mysql; +use Socket; + +$main::VERSION = "1.91"; + +$|=1; +$0 = 'mytop'; + +my $WIN = ($^O eq 'MSWin32') ? 1 : 0; + +## Test for color support. + +eval { require Term::ANSIColor; }; + +my $HAS_COLOR = $@ ? 0 : 1; + +$HAS_COLOR = 0 if $WIN; + +## Test of Time::HiRes support + +eval { require Time::HiRes }; + +my $HAS_TIME = $@ ? 0 : 1; + +my $debug = 0; + +## Try to lower our priority (which, who, pri) + +setpriority(0,0,10) unless $WIN; + +## Prototypes + +sub Clear(); +sub GetData(); +sub GetQPS(); +sub FullQueryInfo($); +sub Explain($); +sub PrintTable(@); +sub PrintHelp(); +sub Sum(@); +sub commify($); +sub make_short($); +sub Hashes($); +sub Execute($); +sub StringOrRegex($); +sub GetInnoDBStatus(); +sub GetCmdSummary(); +sub GetShowVariables(); +sub GetShowStatus(); +sub cmd_s; +sub cmd_S; +sub cmd_q; +sub FindProg($); + +## Default Config Values + +my %config = ( + batchmode => 0, + color => 1, + db => 'test', + delay => 5, + filter_user => qr/.?/, + filter_db => qr/.?/, + filter_host => qr/.?/, + filter_state => qr/.?/, + header => 1, + help => 0, + host => 'localhost', + idle => 1, + long => 120, + long_nums => 0, + mode => 'top', + prompt => 0, + pass => '', + port => 3306, + resolve => 0, + slow => 10, # slow query time + socket => '', + sort => 1, # default or reverse sort ("s") + user => 'root' +); + +my %qcache = (); ## The query cache--used for full query info support. +my %ucache = (); ## The user cache--used for full killing by user +my %dbcache = (); ## The db cache. This should be merged at some point. +my %statcache = (); ## The show status cache for GetShowStatus() + +my (%STATUS, %OLD_STATUS); # header stuff. + +my $CLEAR = $WIN ? '': `clear`; + +## Term::ReadKey values + +my $RM_RESET = 0; +my $RM_NOBLKRD = 3; ## using 4 traps Ctrl-C :-( + +## Read the user's config file, if it exists. + +my $config = "$ENV{HOME}/.mytop"; + +if (-e $config) +{ + if (open CFG, "<$config") + { + while () + { + next if /^\s*$/; ## skip blanks + next if /^\s*#/; ## skip comments + + chomp; + + if (/(\S+)\s*=\s*(.*\S)/) + { + $config{lc $1} = $2 if exists $config{lc $1}; + } + } + close CFG; + } +} + +## Command-line args. + +use vars qw($opt_foo); + +Getopt::Long::Configure('no_ignore_case', 'bundling'); + +GetOptions( + "color!" => \$config{color}, + "user|u=s" => \$config{user}, + "pass|password|p=s" => \$config{pass}, + "database|db|d=s" => \$config{db}, + "host|h=s" => \$config{host}, + "port|P=i" => \$config{port}, + "socket|S=s" => \$config{socket}, + "delay|s=i" => \$config{delay}, + "batch|batchmode|b" => \$config{batchmode}, + "header!" => \$config{header}, + "idle|i!" => \$config{idle}, + "resolve|r!" => \$config{resolve}, + "prompt!" => \$config{prompt}, + "long=i" => \$config{long}, + "long_nums!" => \$config{long_nums}, + "mode|m=s" => \$config{mode}, + "slow=i" => \$config{slow}, + "sort=s" => \$config{sort} +); + +## User may have put the port with the host. + +if ($config{host} =~ s/:(\d+)$//) +{ + $config{port} = $1; +} + +## Don't use Term::ReadKey unless running interactively. + +if (not $config{batchmode}) +{ + require Term::ReadKey; + Term::ReadKey->import(); +} + +## User may want to disable color. + +if ($HAS_COLOR and not $config{color}) +{ + $HAS_COLOR = 0; +} + +if ($HAS_COLOR) +{ + import Term::ANSIColor ':constants'; +} +else +{ + *RESET = sub { }; + *YELLOW = sub { }; + *RED = sub { }; + *MAGENTA = sub { }; + *GREEN = sub { }; + *BLUE = sub { }; + *WHITE = sub { }; + *BOLD = sub { }; +} + +my $RESET = RESET() || ''; +my $YELLOW = YELLOW() || ''; +my $RED = RED() || ''; +my $MAGENTA = MAGENTA() || ''; +my $GREEN = GREEN() || ''; +my $BLUE = BLUE() || ''; +my $WHITE = WHITE() || ''; +my $BOLD = BOLD() || ''; + +## Connect + +my $dsn; + +## Socket takes precedence. + +$dsn ="DBI:mysql:database=$config{db};mysql_read_default_group=mytop;"; + +if ($config{socket} and -S $config{socket}) +{ + $dsn .= "mysql_socket=$config{socket}"; +} +else +{ + $dsn .= "host=$config{host};port=$config{port}"; +} + +if ($config{prompt}) +{ + print "Password: "; + ReadMode(2); + chomp($config{pass} = ); + ReadMode(0); + print "\n"; +} + +my $dbh = DBI->connect($dsn, $config{user}, $config{pass}, + { PrintError => 0 }); + +if (not ref $dbh) +{ + my $Error = <{Variable_name} eq "version") + { + $db_version = $_->{Value}; + $db_release = int(sprintf("%d",$db_version)); + next; + } + if ($_->{Variable_name} eq "have_query_cache") + { +# if ($_->{Value} eq 'YES') + if ($_->{Value} eq 'YES' or $_->{Value} eq 'DEMAND') # http://freshmeat.net/users/jerjones + { + $have_query_cache = 1; + } + else + { + $have_query_cache = 0; + } + next; + } +} + +######################################################################### +## +## The main loop +## +######################################################################### + +ReadMode($RM_NOBLKRD) unless $config{batchmode}; + +while (1) +{ + my $key; + + if ($config{mode} eq 'qps') + { + GetQPS(); + $key = ReadKey(1); + + next unless $key; + + if ($key =~ /t/i) + { + $config{mode} = 'top'; + } + if ($key =~ /q/) + { + cmd_q(); + } + next; + } + if ($config{mode} eq 'top') + { + GetData(); + last if $config{batchmode}; + $key = ReadKey($config{delay}); + next unless $key; + } + elsif ($config{mode} eq 'cmd') + { + GetCmdSummary(); + last if $config{batchmode}; + $key = ReadKey($config{delay}); + next unless $key; + } + elsif ($config{mode} eq 'innodb') + { + GetInnoDBStatus(); + last if $config{batchmode}; + $key = ReadKey($config{delay}); + next unless $key; + } + elsif ($config{mode} eq 'status') + { + GetShowStatus(); + last if $config{batchmode}; + $key = ReadKey($config{delay}); + next unless $key; + } + + ## + ## keystroke command processing (if we get this far) + ## + + if ($key eq '!') + { + Execute("stop slave"); + Execute("set global sql_slave_skip_counter=1"); + Execute("start slave"); + } + + # t - top + + if ($key =~ /t/i) + { + $config{mode} = 'top'; + } + + ## q - quit + + if ($key eq 'q') + { + cmd_q(); + } + + if ($key eq 'D') + { + require Data::Dumper; + print Data::Dumper::Dumper([\%config]); + ReadKey(0); + } + + ## l - change long running hightling + + if ($key eq 'l') + { + cmd_l(); + next; + } + + ## m - mode swtich to qps + + if ($key eq 'm') + { + $config{mode} = 'qps'; + Clear() unless $config{batchmode}; + print "Queries Per Second [hit q to exit this mode]\n"; + next; + } + + ## c - mode swtich to command summary + + if ($key eq 'c') + { + $config{mode} = 'cmd'; + Clear() unless $config{batchmode}; + print "Command Summary [hit q to exit this mode]\n"; + next; + } + + ## C - change Color on and off + + if ($key eq 'C') + { + if ( $HAS_COLOR ) + { + $HAS_COLOR = 0; + } + else + { + $HAS_COLOR = 1; + } + } + + ## s - seconds of delay + + if ($key eq 's') + { + cmd_s(); + next; + } + + if ($key eq 'S') + { + cmd_S(); + next; + } + + ## R - resolve hostnames + if ($key eq 'R') + { + if ($config{resolve}) + { + $config{resolve} = 0; + } + else + { + $config{resolve} = 1; + } + } + + ## t - username based filter + + if ($key eq 't') + { + ReadMode($RM_RESET); + print RED(), "Which state (blank for all, /.../ for regex): ", RESET(); + $config{filter_state} = StringOrRegex(ReadLine(0)); + ReadMode($RM_NOBLKRD); + next; + } + + ## u - username based filter + + if ($key eq 'u') + { + ReadMode($RM_RESET); + print RED(), "Which user (blank for all, /.../ for regex): ", RESET(); + $config{filter_user} = StringOrRegex(ReadLine(0)); + ReadMode($RM_NOBLKRD); + next; + } + + ## d - database name based filter + + if ($key eq 'd') + { + ReadMode($RM_RESET); + print RED(), "Which database (blank for all, /.../ for regex): ", + RESET(); + $config{filter_db} = StringOrRegex(ReadLine(0)); + ReadMode($RM_NOBLKRD); + next; + } + + ## h - hostname based filter + + if ($key eq 'h') + { + ReadMode($RM_RESET); + print RED(), "Which hostname (blank for all, /.../ for regex): ", + RESET(); + $config{filter_host} = StringOrRegex(ReadLine(0)); + ReadMode($RM_NOBLKRD); + next; + } + + ## E - Show full Replication Error + + if ($key eq 'E') + { + my($data) = Hashes('SHOW SLAVE STATUS'); + Clear(); + print "Error is: $data->{Last_Error}\n"; + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + next; + } + ## F - remove all filters + + if ($key eq 'F') + { + $config{filter_host} = qr/.?/; + $config{filter_db} = qr/.?/; + $config{filter_user} = qr/.?/; + $config{filter_state} = qr/.?/; + print RED(), "-- display unfiltered --", RESET(); + sleep 1; + next; + } + + ## p - pause + + if ($key eq 'p') + { + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + next; + } + + ## i - idle toggle + + if ($key =~ /i/) + { + if ($config{idle}) + { + $config{idle} = 0; + $config{sort} = 1; + print RED(), "-- idle (sleeping) processed filtered --", RESET(); + sleep 1; + } + else + { + $config{idle} = 1; + $config{sort} = 0; + print RED(), "-- idle (sleeping) processed unfiltered --", RESET(); + sleep 1; + } + } + + ## I - InnoDB status + + if ($key =~ 'I') + { + $config{mode} = 'innodb'; + Clear() unless $config{batchmode}; + print "InnoDB Status [hit q to exit this mode]\n"; + next; + } + + ## o - sort order + + if ($key =~ /o/) + { + if ($config{sort}) + { + $config{sort} = 0; + print RED(), "-- sort order reversed --", RESET(); + sleep 1; + } + else + { + $config{sort} = 1; + print RED(), "-- sort order reversed --", RESET(); + sleep 1; + } + } + + ## ? - help + + if ($key eq '?') + { + Clear(); + PrintHelp(); + ReadKey(0); + next; + } + + ## k - kill + + if ($key eq 'k') + { + ReadMode($RM_RESET); + + print RED(), "Thread id to kill: ", RESET(); + my $id = ReadLine(0); + + $id =~ s/\s//g; + + if ($id =~ /^\d+$/) + { + Execute("KILL $id"); + } + else + { + print RED(), "-- invalid thread id --", RESET(); + sleep 1; + } + + ReadMode($RM_NOBLKRD); + next; + } + + ## K - kill based on a username + if ($key =~ /K/) + { + ReadMode($RM_RESET); + + print RED(), "User to kill: ", RESET(); + my $user = ReadLine(0); + + $user =~ s/\s//g; + + if ($user =~ /^\S+$/) + { + for my $pid (keys %ucache) + { + next unless $ucache{$pid} eq $user; + Execute("KILL $pid"); + select(undef, undef, undef, 0.2); + } + } + else + { + print RED(), "-- invalid thread id --", RESET(); + sleep 1; + } + + ReadMode($RM_NOBLKRD); + } + + ## f - full info + + if ($key =~ /f/) + { + ReadMode($RM_RESET); + print RED(), "Full query for which thread id: ", RESET(); + my $id = ReadLine(0); + chomp $id; + FullQueryInfo($id); + ReadMode($RM_NOBLKRD); + print RED(), "-- paused. press any key to resume or (e) to explain --", + RESET(); + my $key = ReadKey(0); + + if ($key eq 'e') + { + Explain($id); + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + } + + next; + } + + ## e - explain + + if ($key =~ /e/) + { + ReadMode($RM_RESET); + print RED(), "Explain which query (id): ", RESET(); + my $id = ReadLine(0); + chomp $id; + Explain($id); + ReadMode($RM_NOBLKRD); + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + next; + } + + ## r - reset status counters + + if ($key =~ /r/) + { + Execute("FLUSH STATUS"); + print RED(), "-- counters reset --", RESET(); + sleep 1; + next; + } + + ## H - header toggle + + if ($key eq 'H') + { + if ($config{header}) + { + $config{header} = 0; + } + else + { + $config{header}++; + } + } + + ## # - magic debug key + + if ($key eq '#') + { + $debug = 1; + } + + if ($key eq 'V') + { + GetShowVariables(); + print RED(), "-- paused. press any key to resume --", RESET(); + ReadKey(0); + } + + if ($key eq 'S') + { + $config{mode} = 'status'; + } +} + +ReadMode($RM_RESET) unless $config{batchmode}; + +exit; + +####################################################################### + +sub Clear() +{ + if (not $WIN) + { + print "$CLEAR" + } + else + { + print "\n" x 90; ## dumb hack for now. Anyone know how to + ## clear the screen in dos window on a Win32 + ## system?? + } +} + +my $last_time; + +sub GetData() +{ + ## Get terminal info + my $now_time; + %qcache = (); ## recycle memory + %dbcache = (); + + my ($width, $height, $wpx, $hpx, $lines_left); + + if (not $config{batchmode}) + { + ($width, $height, $wpx, $hpx) = GetTerminalSize(); + $lines_left = $height - 2; + } + else + { + $height = 999_999; ## I hope you don't have more than that! + $lines_left = 999_999; + $width = 80; + } + + ## + ## Header stuff. + ## + if ($config{header}) + { + my @recs = ""; + if ( $db_release > 4 ) + { + @recs = Hashes("show global status"); + } + else + { + @recs = Hashes("show status"); + } + + ## if the server died or we lost connectivity + if (not @recs) + { + ReadMode($RM_RESET); + exit 1; + } + + ## get high-res or low-res time + my ($t_delta); + + if ($HAS_TIME) + { + $now_time = Time::HiRes::gettimeofday(); + } + else + { + $now_time = time; + } + + if ($last_time and $last_time != $now_time) + { + $t_delta = $now_time - $last_time; + } + + %OLD_STATUS = %STATUS; + + foreach my $ref (@recs) + { + my $key = $ref->{Variable_name}; + my $val = $ref->{Value}; + + $STATUS{$key} = $val; + } + + ## Compute Key Cache Hit Stats + + $STATUS{Key_read_requests} ||= 1; ## can't divide by zero next + + my $cache_hits_percent = (100-($STATUS{Key_reads}/$STATUS{Key_read_requests}) * 100); + $cache_hits_percent = sprintf("%2.2f",$cache_hits_percent); + + ## Query Cache info for <= Ver. 4.1 + ## + ## mysql> show status like 'qcache%'; + ## +-------------------------+----------+ + ## | Variable_name | Value | + ## +-------------------------+----------+ + ## | Qcache_queries_in_cache | 81 | + ## | Qcache_inserts | 4961668 | + ## | Qcache_hits | 1374170 | + ## | Qcache_not_cached | 5656249 | + ## | Qcache_free_memory | 33164800 | + ## | Qcache_free_blocks | 2 | + ## | Qcache_total_blocks | 168 | + ## +-------------------------+----------+ + ## + ## Query Cache info for => Ver. 5.0 + ## + ## mysql> show status like 'qcache%'; + ## +-------------------------+------------+ + ## | Variable_name | Value | + ## +-------------------------+------------+ + ## | Qcache_free_blocks | 37652 | + ## | Qcache_free_memory | 110289712 | + ## | Qcache_hits | 1460617356 | + ## | Qcache_inserts | 390563495 | + ## | Qcache_lowmem_prunes | 6414172 | + ## | Qcache_not_cached | 93002420 | + ## | Qcache_queries_in_cache | 66558 | + ## | Qcache_total_blocks | 192031 | + ## +-------------------------+------------+ + + my $query_cache_hits = 0; + my $query_cache_hits_per_sec = 0; + my $now_query_cache_hits_per_sec = 0; + + if ($have_query_cache) + { + $query_cache_hits = $STATUS{Qcache_hits}; + $query_cache_hits_per_sec = $STATUS{Qcache_hits} / $STATUS{Uptime}; + + if (defined $last_time and $last_time != $now_time) + { + my $q_delta = $STATUS{Qcache_hits} - $OLD_STATUS{Qcache_hits}; + $now_query_cache_hits_per_sec = sprintf "%.2f", $q_delta / $t_delta; + } + } + + open L, "; + close L; + chomp $l; + + $last_time = $now_time; + + ## Server Uptime in meaningful terms... + + my $time = $STATUS{Uptime}; + my ($d,$h,$m,$s) = (0, 0, 0, 0); + + $d += int($time / (60*60*24)); $time -= $d * (60*60*24); + $h += int($time / (60*60)); $time -= $h * (60*60); + $m += int($time / (60)); $time -= $m * (60); + $s += int($time); + + my $uptime = sprintf("%d+%02d:%02d:%02d", $d, $h, $m, $s); + + ## Queries per second... + + my $avg_queries_per_sec = sprintf("%.2f", $STATUS{Questions} / $STATUS{Uptime}); + my $num_queries = $STATUS{Questions}; + + my @t = localtime(time); + + my $current_time = sprintf "[%02d:%02d:%02d]", $t[2], $t[1], $t[0]; + + my $host_width = 75; + my $up_width = $width - $host_width; + + Clear() unless $config{batchmode}; + print RESET(); + + printf "%-${host_width}s%${up_width}s\n", + "MySQL on $config{host} ($db_version)", + "load $l up $uptime $current_time"; + $lines_left--; + + + printf " Queries: %-6s qps: %4.0f Slow: %7s Se/In/Up/De(%%): %02.0f/%02.0f/%02.0f/%02.0f \n", + make_short( $STATUS{Questions} ), # q total + $STATUS{Questions} / $STATUS{Uptime}, # qps, average + make_short( $STATUS{Slow_queries} ), # slow + + # hmm. a Qcache hit is really a select and should be counted. + 100 * ($STATUS{Com_select} + ($STATUS{Qcache_hits}||0) ) / $STATUS{Questions}, + 100 * ($STATUS{Com_insert} + $STATUS{Com_replace} ) / $STATUS{Questions}, + 100 * ($STATUS{Com_update} ) / $STATUS{Questions}, + 100 * $STATUS{Com_delete} / $STATUS{Questions}; + + $lines_left--; + + if ($t_delta) + { + my $q_diff = ( $STATUS{Questions} - $OLD_STATUS{Questions} ); +# print("q_diff: $STATUS{Questions} - $OLD_STATUS{Questions} / $t_delta = $q_diff\n"); + + printf(" Sorts: %5.0f qps now: %4.0f Slow qps: %3.1f Threads: %4.0f (%4.0f/%4.0f) %02.0f/%02.0f/%02.0f/%02.0f \n", + ( $STATUS{Sort_rows} - $OLD_STATUS{Sort_rows} ) / $t_delta, + ( $STATUS{Questions} - $OLD_STATUS{Questions} ) / $t_delta, + ( # slow now (qps) + ($STATUS{Slow_queries} ) ? + ( $STATUS{Slow_queries} - $OLD_STATUS{Slow_queries} ) / $t_delta : + 0 + ), + $STATUS{Threads_connected}, + $STATUS{Threads_running}, + $STATUS{Threads_cached}, + + (100 * ($STATUS{Com_select} - $OLD_STATUS{Com_select} + + ($STATUS{Qcache_hits}||0) - ($OLD_STATUS{Qcache_hits}||0) + ) ) / ($q_diff ), + (100 * ($STATUS{Com_insert} - $OLD_STATUS{Com_insert} + + $STATUS{Com_replace} - $OLD_STATUS{Com_replace} + ) ) / ($q_diff ), + (100 * ($STATUS{Com_update} - $OLD_STATUS{Com_update}) ) / ($q_diff ), + (100 * ($STATUS{Com_delete} - $OLD_STATUS{Com_delete}) ) / ($q_diff ), + ); + } + else + { + print "\n"; + } + $lines_left--; + + if ($have_query_cache and $STATUS{Com_select} and $query_cache_hits) + { + printf(" Cache Hits: %-5s Hits/s: %4.1f Hits now: %5.1f Ratio: ", + make_short($STATUS{Qcache_hits}), # cache hits + $STATUS{Qcache_hits} / $STATUS{Uptime}, # hits / sec + ($t_delta) ? ($STATUS{Qcache_hits} - $OLD_STATUS{Qcache_hits}) / $t_delta : 0, # Hits Now + ); + + my($Ratio) = 100 * ($STATUS{Qcache_hits}) / ($STATUS{Qcache_hits} + $STATUS{Com_select} ); + if ($HAS_COLOR) + { + print YELLOW() if ($Ratio < 80.0); + print RED() if ($Ratio < 50.0); + print MAGENTA() if ($Ratio < 20.0); + } + printf("%4.1f%% ",$Ratio); + if ($HAS_COLOR) + { + print RESET(); + } + + print " Ratio now: "; + my($Ratio_now) = ($t_delta) ? # ratio now + 100 * ($STATUS{Qcache_hits} - $OLD_STATUS{Qcache_hits} ) / + ( ($STATUS{Com_select} + $STATUS{Qcache_hits} - + ($OLD_STATUS{Qcache_hits} + $OLD_STATUS{Com_select}) + ) || 1) : 0; + if ($HAS_COLOR) + { + print GREEN() if ($Ratio_now => 80.0); + print YELLOW() if ($Ratio_now < 80.0); + print RED() if ($Ratio_now < 50.0); + print MAGENTA() if ($Ratio_now < 20.0); + } + printf("%4.1f%% \n",$Ratio_now); + if ($HAS_COLOR) + { + print RESET(); + } + } + $lines_left--; + + + printf(" Key Efficiency: %2.1f%% Bps in/out: %5s/%5s ", + $cache_hits_percent, + make_short($STATUS{Bytes_received} / $STATUS{Uptime} ), + make_short($STATUS{Bytes_sent} / $STATUS{Uptime})); + printf("Now in/out: %5s/%5s", + make_short(($STATUS{Bytes_received} - $OLD_STATUS{Bytes_received}) / $t_delta ), + make_short(($STATUS{Bytes_sent} - $OLD_STATUS{Bytes_sent}) / $t_delta )) + if ($t_delta); + print "\n"; + + $lines_left--; + + my($data) = Hashes('show global variables like "read_only"'); + if ($data->{Value} ne "OFF") + { + print RED() if ($HAS_COLOR) ; + print " ReadOnly"; + RESET() if ($HAS_COLOR); + } + + my($data) = Hashes('SHOW SLAVE STATUS'); + if (defined($data->{Master_Host})) + { + if (defined($data->{Seconds_Behind_Master})) + { + if ($HAS_COLOR) { + print GREEN(); + print YELLOW() if ($data->{Seconds_Behind_Master} > 60); + print MAGENTA() if ($data->{Seconds_Behind_Master} > 360); + } + } + print " Replication "; + print "IO:$data->{Slave_IO_Running} "; + print "SQL:$data->{Slave_SQL_Running} "; + print RESET() if ($HAS_COLOR); + + if (defined($data->{Seconds_Behind_Master})) + { + if ($HAS_COLOR) { + print GREEN(); + print YELLOW() if ($data->{Seconds_Behind_Master} > 60); + print MAGENTA() if ($data->{Seconds_Behind_Master} > 360); + } + print "Delay: $data->{Seconds_Behind_Master} sec."; + } else { + my $free = $width - 45; + my $Err = substr $data->{Last_Error},0 ,$free; + printf(" ERR: %-${free}s", $Err) if ( $Err ne "" ); + } + print WHITE() if ($HAS_COLOR); + print "\n"; + $lines_left--; + } + print "\n"; + } + + if (not $config{batchmode} and not $config{header}) + { + Clear(); + print RESET(); + } + + ## + ## Threads + ## + + #my $sz = $width - 52; + my @sz = (9, 9, 15, 10, 10, 6, 8); + my $used = scalar(@sz) + Sum(@sz); + my $free = $width - $used; + + print BOLD() if ($HAS_COLOR); + + printf "%9s %9s %15s %10s %10s %6s %8s %-${free}s\n", + 'Id','User','Host/IP','DB','Time', 'Cmd', 'State', 'Query'; + + print RESET() if ($HAS_COLOR); + + ## Id User Host DB + printf "%9s %9s %15s %10s %10s %6s %8s %-${free}s\n", + '--','----','-------','--','----', '---', '-----', '----------'; + + $lines_left -= 2; + + my $proc_cmd = "show full processlist"; + + my @data = Hashes($proc_cmd); + + foreach my $thread (@data) + { + last if not $lines_left; + + ## Drop Domain Name, unless it looks like an IP address. If + ## it's an IP, we'll strip the port number because it's rarely + ## interesting. + + my $is_ip = 0; + + if ($thread->{Host} =~ /^(\d{1,3}\.){3}(\d{1,3})(:\d+)?$/) + { + $thread->{Host} =~ s/:.*$//; + $is_ip = 1; + } + else + { + $thread->{Host} =~ s/^([^.]+).*/$1/; + } + + ## Otherwise, look up the IP (if resolve is set) and strip the + ## name + if ($is_ip and $config{resolve}) + { + $thread->{Host} =~ s/:\d+$//; +# my $host = $thread->{Host}; + my $host = gethostbyaddr(inet_aton($thread->{Host}), AF_INET); +# $host =~ s/^([^.]+).*/$1/; + $thread->{Host} = $host; + } + + ## Fix possible undefs + + $thread->{db} ||= ''; + $thread->{Info} ||= ''; + $thread->{Time} ||= 0 ; + $thread->{Id} ||= 0 ; + $thread->{User} ||= ''; + $thread->{Command} ||= ''; + $thread->{Host} ||= ''; + $thread->{State} ||= ""; + + ## alter double hyphen comments so they don't break + ## the query when newlines are removed - http://freshmeat.net/users/jerjones + $thread->{Info} =~ s~\s--(.*)$~ /* $1 */ ~mg; + + ## Normalize spaces -- mostly disabled for now. This can + ## break EXPLAIN if you try to explain a mangled query. It + ## may be re-enabled later as an option. + + ## leading space removal + $thread->{Info} =~ s/^\s*//; + + if (1) + { + ## remove newlines and carriage returns + $thread->{Info} =~ s/[\n\r]//g; + + ## collpase whitespace + $thread->{Info} =~ s/\s+/ /g; + } + + ## stow it in the cache + + $qcache{$thread->{Id}} = $thread->{Info}; + $dbcache{$thread->{Id}} = $thread->{db}; + $ucache{$thread->{Id}} = $thread->{User}; + + } + + ## Sort by idle time (closest thing to CPU usage I can think of). + + my @sorted; + + if (not $config{sort}) + { + @sorted = sort { $a->{Time} <=> $b->{Time} } @data + } + else + { + @sorted = sort { $b->{Time} <=> $a->{Time} } @data + } + + foreach my $thread (@sorted) + { + # Check to see if we can skip out. We skip out if we know the + # given line doesn't match. + + next if (($thread->{Command} eq "Sleep") + and + (not $config{idle})); + + next if (($thread->{Command} eq "Binlog Dump") + and + (not $config{idle})); + + next if (($thread->{Command} eq "Daemon") + and + (not $config{idle})); + + next if ($thread->{User} !~ $config{filter_user}); + next if ($thread->{db} !~ $config{filter_db}); + next if ($thread->{Host} !~ $config{filter_host}); + next if ($thread->{State} !~ $config{filter_state}); + + $thread->{State} = trim(sprintf("%8.8s",$thread->{State})); + + # Otherwise, print. + + my $smInfo; + + if ($thread->{Info}) + { + $smInfo = substr $thread->{Info}, 0, $free; + } +# if ($thread->{State}) +# { +# $smInfo = substr $thread->{State}, 0, $free; +# } + else + { + $smInfo = ""; + } + + if ($HAS_COLOR) + { + print YELLOW() if $thread->{Command} eq 'Query'; + print WHITE() if $thread->{Command} eq 'Sleep'; + print GREEN() if $thread->{Command} eq 'Connect'; + print BOLD() if $thread->{Time} > $config{slow}; + print MAGENTA() if $thread->{Time} > $config{long}; + } + + printf "%9d %9.9s %15.15s %10.10s %10d %6.6s %8.8s %-${free}.${free}s\n", + $thread->{Id}, $thread->{User}, $thread->{Host}, $thread->{db}, + $thread->{Time}, $thread->{Command}, $thread->{State}, $smInfo; + + print RESET() if $HAS_COLOR; + + $lines_left--; + + last if $lines_left == 0; + + } + +} + +########################################################################### + +my $questions; + +sub GetQPS() +{ + my($data) = Hashes('SHOW STATUS LIKE "Questions"'); + my $num = $data->{Value}; + + if (not defined $questions) ## first time? + { + $questions = $num; + return; + } + + my $qps = $num - $questions; + $questions = $num; + print "$qps\n"; +} + +########################################################################### + +sub GetQcacheSummary() +{ +} + +########################################################################### + +sub GetInnoDBStatus() +{ + if (not $config{pager}) + { + if (not $config{pager} = FindProg('less')) + { + $config{pager} = FindProg('more'); + } + } + + my @data = Hashes("SHOW INNODB STATUS"); + + open P, "|$config{pager}" or die "$!"; + print keys %{$data[0]}; + print $data[0]->{Status},"\n"; + close P; +} + +########################################################################### + +my %prev_data; + +sub GetCmdSummary() +{ + my ($width, $height, $wpx, $hpx, $lines_left); + + if (not $config{batchmode}) + { + ($width, $height, $wpx, $hpx) = GetTerminalSize(); + + $lines_left = $height - 2; + } + else + { + $height = 999_999; ## I hope you don't have more than that! + $lines_left = 999_999; + $width = 80; + } + + # Variable_name and Value pairs come back... + my @data = Hashes("SHOW STATUS LIKE 'Com_%'"); + my %cmd_data; + my %cmd_delta; + my %cmd_pct; + my %cmd_delta_pct; + my $total; + my $delta_total; + + for my $item (@data) + { + next unless $item->{Value}; + $item->{Variable_name} =~ s/^Com_//; + $item->{Variable_name} =~ s/_/ /g; + $cmd_data{$item->{Variable_name}} = $item->{Value}; + $total += $item->{Value}; + } + + ## Populate other stats + + for my $item (keys %cmd_data) + { + $cmd_delta{$item} = $cmd_data{$item} - + ($prev_data{$item} || $cmd_data{$item} - 1); + + $delta_total += $cmd_delta{$item}; + + $cmd_pct{$item} = int(($cmd_data{$item} / $total) * 100); + } + + for my $item (keys %cmd_data) + { + $cmd_delta_pct{$item} = int(($cmd_delta{$item} / $delta_total) * 100); + } + + + ## Display + + Clear() unless $config{batchmode}; + print RESET(); + printf "%18s %10s %4s | %5s %4s\n", 'Command', 'Total', 'Pct', 'Last', 'Pct'; + printf "%18s %10s %4s | %5s %4s\n", '-------', '-----', '---', '----', '---'; + $lines_left -= 2; + + for my $item (sort { $cmd_data{$b} <=> $cmd_data{$a} } keys %cmd_data) + { + printf "%18s %10d %4s | %5d %4s\n", + $item, + $cmd_data{$item}, + $cmd_pct{$item} . "%", + $cmd_delta{$item}, + $cmd_delta_pct{$item} . "%"; + + last if not $lines_left; + $lines_left -= 1; + } + + %prev_data = %cmd_data; +} + +########################################################################### + +sub GetShowVariables() +{ + if (not $config{pager}) + { + if (not $config{pager} = FindProg('less')) + { + $config{pager} = FindProg('more'); + } + } + + my @rows = Hashes("SHOW VARIABLES"); + + open P, "|$config{pager}" or die "$!"; + + for my $row (@rows) + { + my $name = $row->{Variable_name}; + my $value = $row->{Value}; + printf P "%32s: %s\n", $name, $value; + } + + close P; +} + +########################################################################### + +sub GetShowStatus() +{ + Clear() unless $config{batchmode}; + my @rows = Hashes("SHOW STATUS"); + + printf "%32s %10s %10s\n", 'Counter', 'Total', 'Change'; + printf "%32s %10s %10s\n", '-------', '-----', '------'; + + for my $row (@rows) + { + my $name = $row->{Variable_name}; + my $value = $row->{Value}; + my $old = $statcache{$name}; + my $delta = 0; + + next if $name =~ m/^Com_/; ## skip Com_ stats + next if $value =~ m/^[^0-9]*$/; ## skip non-numeric + + ## TODO: if Qcache is off, we should skip Qcache_ values + + if ($HAS_COLOR and defined $old and $old =~ /^\d/) + { + if ($value > $old) + { + print YELLOW(); + $delta = $value - $old; + } + elsif ($value < $old) + { + print RED(); + $delta = $value - $old; + } + + if (not $config{idle} and $value == $old) + { + # filter unchanging stats, maybe + print RESET(); + next; + } + } + + printf "%32s: %10s %10s\n", $name, $value, $delta; + print RESET() if $HAS_COLOR; + + $statcache{$name} = $value; + } + +} + +########################################################################### + +sub FullQueryInfo($) +{ + my $id = shift; + + if (not exists $qcache{$id} or not defined $qcache{$id}) + { + print "*** Invalid id. ***\n"; + return; + } + + my $sql = $qcache{$id}; + print $CLEAR; + print "Thread $id was executing following query:\n\n"; + print YELLOW(), $sql,"\n\n", RESET(); +} + +########################################################################### + +sub Explain($) +{ + my $id = shift; + + if (not exists $qcache{$id} or not defined $qcache{$id}) + { + print "*** Invalid id. ***\n"; + return; + } + + my $sql = $qcache{$id}; + my $db = $dbcache{$id}; + + Execute("USE $db"); + my @info = Hashes("EXPLAIN $sql"); + print $CLEAR; + print "EXPLAIN $sql:\n\n"; + PrintTable(@info); +} + +########################################################################### + +sub PrintTable(@) +{ + my $cnt = 1; + my @cols = qw(table type possible_keys key key_len ref rows Extra); + + for my $row (@_) + { + print "*** row $cnt ***\n"; + for my $key (@cols) + { + my $val = $row->{$key} || 'NULL'; + printf "%15s: %s\n", $key, $val; + } + $cnt++; + } +} + +########################################################################### + +sub StringOrRegex($) +{ + my $input = shift; + chomp $input; + if (defined $input) + { + # regex, strip /.../ and use via qr// + if ($input =~ m{^/} and $input =~ m{/$}) + { + $input =~ s{^/}{} if $config{filter_user}; + $input =~ s{/$}{} if $config{filter_user}; + $input = qr/$input/; + } + + + # reset to match anything + elsif ($input eq '') + { + $input = qr/.*/; + } + + # string, build a simple regex + else + { + $input = '^' . $input . '$'; + $input = qr/$input/; + } + } + + # reset to match anything + else + { + $input = qr/.*/; + } + return $input; +} + +########################################################################### + +sub cmd_l +{ + ReadMode($RM_RESET); + + print RED(), "Seconds for long queries: ", RESET(); + my $secs = ReadLine(0); + + if ($secs =~ /^\s*(\d+)/) + { + $config{long} = $1; + if ($config{long} < 1) + { + $config{long} = 1; + } + } + ReadMode($RM_NOBLKRD); +} + +sub cmd_s +{ + ReadMode($RM_RESET); + + print RED(), "Seconds of Delay: ", RESET(); + my $secs = ReadLine(0); + + if ($secs =~ /^\s*(\d+)/) + { + $config{delay} = $1; + if ($config{delay} < 1) + { + $config{delay} = 1; + } + } + ReadMode($RM_NOBLKRD); +} + +sub cmd_S +{ + ReadMode($RM_RESET); + + print RED(), "Seconds for Slow queries: ", RESET(); + my $secs = ReadLine(0); + + if ($secs =~ /^\s*(\d+)/) + { + $config{slow} = $1; + if ($config{slow} < 1) + { + $config{slow} = 1; + } + } + ReadMode($RM_NOBLKRD); +} + +sub cmd_q +{ + ReadMode($RM_RESET); + print "\n"; + exit; +} + +sub trim($) +{ + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} + +########################################################################### + +sub PrintHelp() +{ + my $help = qq[ +Help for mytop version $main::VERSION by Jeremy D. Zawodny <${YELLOW}Jeremy\@Zawodny.com${RESET}> + with updates by Mark Grennan <${YELLOW}mark\@grennan.com${RESET}> + + ? - display this screen + # - toggle short/long numbers (not yet implemented) + c - command summary view (based on Com_* counters) + C - turn color on and off + d - show only a specific database + e - explain the query that a thread is running + E - display current replication error + f - show full query info for a given thread + F - unFilter the dispaly + h - show only a specifc host's connections + H - toggle the mytop header + i - toggle the display of idle (sleeping) threads + I - show innodb status + k - kill a thread + p - pause the display + l - change long running queries hightlighing + m - switch [mode] to qps (queries/sec) scrolling view + o - reverse the sort order (toggle) + q - quit + r - reset the status counters (via FLUSH STATUS on your server) + R - change reverse IP lookup + s - change the delay between screen updates + S - change slow quiery hightlighting + t - switch to thread view (default) + u - show only a specific user + : - enter a command (not yet implemented) + ! - Skip an error that has stopped replications (at your own risk) + +${GREEN}http://jeremy.zawodny.com/mysql/mytop/${RESET} +${GREEN}http://www.mysqlfanboy.com/mytop/${RESET} +]; + + print $help; +} + +sub Sum(@) +{ + my $sum; + while (my $val = shift @_) { $sum += $val; } + return $sum; +} + +## A useful routine from perlfaq + +sub commify($) +{ + local $_ = shift; + return 0 unless defined $_; + 1 while s/^([-+]?\d+)(\d{3})/$1,$2/; + return $_; +} + +## Compact numeric representation (10,000 -> 10.0k) + +sub make_short($) +{ + my $number = shift; + return commify($number) if $config{long_nums}; + my $n = 0; + while ($number > 1_025) { $number /= 1024; $n++; }; + return sprintf "%.1f%s", $number, ('','k','M','G', 'T')[$n]; +} + + + +## Run a query and return the records has an array of hashes. + +sub Hashes($) +{ + my $sql = shift; + my @records; + + if (my $sth = Execute($sql)) + { + while (my $ref = $sth->fetchrow_hashref) + { + print "record\n" if $debug; + push @records, $ref; + } + } + return @records; +} + +## Execute an SQL query and return the statement handle. + +sub Execute($) +{ + my $sql = shift; + my $sth = $dbh->prepare($sql); + + if (not $sth) { ReadMode($RM_RESET); die $DBI::errstr; } + + my $ReturnCode = $sth->execute; + + if (not $ReturnCode) + { + if ($debug) + { + print "query failed\n"; + sleep 10; + } + return undef; + } + + return $sth; +} + +sub FindProg($) +{ + my $prog = shift; + my $found = undef; + my @search_dirs = ("/bin", "/usr/bin", "/usr/sbin", + "/usr/local/bin", "/usr/local/sbin"); + + for (@search_dirs) + { + my $loc = "$_/$prog"; + if (-e $loc) + { + $found = $loc; + last; + } + } + return $found; +} + +=pod + +=head1 SYNOPSIS + +B [options] + +=head1 AVAILABILITY + +The latest version of B is available from +http://jeremy.zawodny.com/mysql/mytop/ it B also be on CPAN as +well. + +=head1 REQUIREMENTS + +In order for B to function properly, you must have the +following: + + * Perl 5.005 or newer + * Getopt::Long + * DBI and DBD::mysql + * Term::ReadKey from CPAN + +Most systems are likely to have all of those installed--except for +Term::ReadKey. You will need to pick that up from the CPAN. You can +pick up Term::ReadKey here: + + http://search.cpan.org/search?dist=TermReadKey + +And you obviously need access to a MySQL server (version 3.22.x or +3.23.x) with the necessary security to run the I and +I commands. + +If you are a Windows user, using ActiveState's Perl, you can use PPM +(the Perl Package Manager) to install the MySQL and Term::ReadKey +modules. + +=head2 Optional Color Support + +In additon, if you want a color B (recommended), install +Term::ANSIColor from the CPAN: + + http://search.cpan.org/search?dist=ANSIColor + +Once you do, B will automatically use it. However, color is not +yet working on Windows. Patches welcome. :-) + +=head2 Optional Hi-Res Timing + +If you want B to provide more accurate real-time +queries-per-second statistics, install the Time::HiRes module from +CPAN. B will automatically notice that you have it and use it +rather than the standard timing mechanism. + +=head2 Platforms + +B is known to work on: + + * Linux (2.2.x, 2.4.x) + * FreeBSD (2.2, 3.x, 4.x) + * Mac OS X + * BSDI 4.x + * Solaris 2.x + * Windows NT 4.x (ActivePerl) + +If you find that it works on another platform, please let me +know. Given that it is all Perl code, I expect it to be rather +portable to Unix and Unix-like systems. Heck, it I even work on +Win32 systems. + +=head1 DESCRIPTION + +Help is always welcome in improving this software. Feel free to +contact the author (see L<"AUTHOR"> below) with bug reports, fixes, +suggestions, and comments. Additionally L<"BUGS"> will provide a list +of things this software is not able to do yet. + +Having said that, here are the details on how it works and what you can +do with it. + +=head2 The Basics + +B was inspired by the system monitoring tool B. I +routinely use B on Linux, FreeBSD, and Solaris. You are likely to +notice features from each of them here. + +B will connect to a MySQL server and periodically run the +I and I commands and attempt to +summarize the information from them in a useful format. + +=head2 The Display + +The B display screen is really broken into two parts. The top 4 +lines (header) contain summary information about your MySQL +server. For example, you might see something like: + +MySQL on localhost (4.0.13-log) up 1+11:13:00 [23:29:11] + Queries: 19.3M qps: 160 Slow: 1.0 Se/In/Up/De(%): 00/80/03/17 + qps now: 219 Slow qps: 0.0 Threads: 1 ( 1/ 16) 00/74/00/25 + Key Efficiency: 99.3% Bps in/out: 30.5k/162.8 Now in/out: 32.7k/ 3.3k + +The first line identifies the hostname of the server (localhost) and +the version of MySQL it is running. The right had side shows the +uptime of the MySQL server process in days+hours:minutes:seconds +format (much like FreeBSD's top) as well as the current time. + +The second line displays the total number of queries the server has +processed, the average number of queries per second, the number of +slow queries, and the percentage of Select, Insert, Update, and Delete +queries. + +The third real-time values. First is the number of queries per second, +then the number of slow queries, followed by query precentages (like +on the previous line). + +And the fourth line displays key buffer efficiency (how often keys are +read from the buffer rather than disk) and the number of bytes that +MySQL has sent and received, both over all and in the last cycle. + +You can toggle the header by hitting B when running B. + +The second part of the display lists as many threads as can fit on +screen. By default they are sorted according to their idle time (least +idle first). The display looks like: + + Id User Host Dbase Time Cmd Query or State + -- ---- ---- ----- ---- --- -------------- + 61 jzawodn localhost music 0 Query show processlist + +As you can see, the thread id, username, host from which the user is +connecting, database to which the user is connected, number of seconds +of idle time, the command the thread is executing, and the query info +are all displayed. + +Often times the query info is what you are really interested in, so it +is good to run B in an xterm that is wider than the normal 80 +columns if possible. + +The thread display color-codes the threads if you have installed color +support. The current color scheme only works well in a window with a +dark (like black) background. The colors are selected according to the +C column of the display: + + Query - Yellow + Sleep - White + Connect - Green + Slow - Bright + Long - Magenta + +Those are purely arbitrary and will be customizable in a future +release. If they annoy you just start B with the B<--nocolor> +flag or adjust your config file appropriately. + +=head2 Arguments + +B handles long and short command-line arguments. Not all +options have both long and short formats, however. The long arguments +have two dashes `--'. Short arguments only have one '-'. + +=over + +=item B<-u> or B<-user> username + +Username to use when logging in to the MySQL server. Default: ``root''. + +=item B<-p> or B<-pass> or B<-password> password + +Password to use when logging in to the MySQL server. Default: none. + +=item B<-h> or B<--host> hostname[:port] + +Hostname of the MySQL server. The hostname may be followed by an +option port number. Note that the port is specified separate from the +host when using a config file. Default: ``localhost''. + +=item B<--port> or B<-P> port + +If you're running MySQL on a non-standard port, use this to specify +the port number. Default: 3306. + +=item B<-s> or B<--delay> seconds + +How long between display refreshes. Default: 5 + +=item B<-d> or B<--db> or B<--database> database + +Use if you'd like B to connect to a specific database by +default. Default: ``test''. + +=item B<-b> or B<--batch> or B<--batchmode> + +In batch mode, mytop runs only once, does not clear the screen, and +places no limit on the number of lines it will print. This is suitable +for running periodically (perhaps from cron) to capture the +information into a file for later viewing. You might use batch mode in +a CGI script to occasionally display your MySQL server status on the +web. + +Default: unset. + +=item B<-S> or B<--socket> /path/to/socket + +If you're running B on the same host as MySQL, you may wish to +have it use the MySQL socket directly rather than a standard TCP/IP +connection. If you do,just specify one. + +Note that specifying a socket will make B ignore any host +and/or port that you might have specified. If the socket does not +exist (or the file specified is not a socket), this option will be +ignored and B will use the hostname and port number instead. + +Default: none. + +=item B<--header> or B<--noheader> + +Sepcify if you want the header to display or not. You can toggle this +with the B key while B is running. + +Default: header. + +=item B<--color> or B<--nocolor> + +Specify if you want a color display. This has no effect if you don't +have color support available. + +Default: If you have color support, B will try color unless you +tell it not to. + +=item B<-i> or B<--idle> or B<--noi> or B<--noidle> + +Specify if you want idle (sleeping) threads to appear in the list. If +sleeping threads are omitted, the default sorting order is reversed so +that the longest running queries appear at the top of the list. + +Default: idle. + +=item B<--prompt> or B<--noprompt> + +Specify if you want to be prompted to type in your database password. +This provides a little bit more security since it not only prevents +the password from viewable in a process list, but also doesn't require +the password to be stored in plain text in your ~/.mytop config file. +You will B be prompted if a password has not been specified in +your config file or through another command line option. + +Default: noprompt. + +=item B<--resolve> + +If you have skip-resolve set on MySQL (to keep it from doing a reverse +DNS lookup on each inbound connection), mytop can replace IP addresses +with hostnames but toggling this option. + +Default: noresolve + +=back + +Command-line arguments will always take precedence over config file +options. That happens because the config file is read I the +command-line arguments are applied. + +=head2 Config File + +Instead of always using bulky command-line parameters, you can also +use a config file in your home directory (C<~/.mytop>). If present, +B will read it automatically. It is read I any of your +command-line arguments are processed, so your command-line arguments +will override directives in the config file. + +Here is a sample config file C<~/.mytop> which implements the defaults +described above. + + user=root + pass= + host=localhost + db=test + delay=5 + port=3306 + slow=10 + socket= + batchmode=0 + header=1 + color=1 + idle=1 + long=120 + +Using a config file will help to ensure that your database password +isn't visible to users on the command-line. Just make sure that the +permissions on C<~/.mytop> are such that others cannot read it (unless +you want them to, of course). + +You may have white space on either side of the C<=> in lines of the +config file. + +=head2 Shortcut Keys + +The following keys perform various actions while B is +running. Those which have not been implemented are listed as +such. They are included to give the user idea of what is coming. + +=over + +=item B + +Display help. + +=item B + +Show "command counters" based on the Com_* values in SHOW STATUS. +This is a new feature. Feedback welcome. + +=item B + +Turn display color on and off. Default is on. + +=item B + +Show only threads connected to a particular database. + +=item B + +Given a thread id, display the entire query that thread was (and still +may be) running. + +=item B + +Disable all filtering (host, user, and db). + +=item B + +Only show queries from a particular host. + +=item B + +Toggle the header display. You can also specify either C or +C in your config file to set the default behavior. + +=item B + +Toggle the display of idle (sleeping) threads. If sleeping threads are +filtered, the default sorting order is reversed so that the longest +running queries appear at the top of the list. + +=item B + +Switch to InnoDB Status mode. The output of "SHOW INNODB STATUS" will +be displayed every cycle. In a future version, this may actually +summarize that data rather than producing raw output. + +=item B + +Kill a thread. + +=item B + +Toggle modes. Currently this switches from `top' mode to `qps' +(Queries Per Second Mode). In this mode, mytop will write out one +integer per second. The number written reflects the number of queries +executed by the server in the previous one second interval. + +More modes may be added in the future. + +=item B + +Reverse the default sort order. + +=item B

+ +Pause display. + +=item B + +Quit B + +=item B + +Reset the server's status counters via a I command. + +=item B + +Togle IP reverse lookup. Default is on. + +=item B + +Change the sleep time (number of seconds between display refreshes). + +=item B + +Set the number of seconds a query will need to run before it is +considered old and will be highlighted. + +=item B + +Show only threads owned by a giver user. + +=back + +The B key has a command-line counterpart: B<-s>. + +The B key has two command-line counterparts: B<-header> and +B<-noheader>. + +=head1 BUGS + +This is more of a BUGS + WishList. + +Some performance information is not available when talking to a +version 3.22.x MySQL server. Additional information (about threads +mostly) was added to the output of I in MySQL 3.23.x and +B makes use of it. If the information is not available, you +will simply see zeros where the real numbers should be. + +Simply running this program will increase your overall counters (such +as the number of queries run). But you may or may not view that as a +bug. + +B consumes too much CPU time when running (verified on older +versions of Linux and FreeBSD). It's likely a problem related to +Term::ReadKey. I haven't had time to investigate yet, so B now +automatically lowers its priority when you run it. You may also think +about running B on another workstation instead of your database +server. However, C on Solaris does B have this problem. +Newer versions of Linux and FreeBSD seem to have fixed this. + +You can't specify the maximum number of threads to list. If you have +many threads and a tall xterm, B will always try to display as +many as it can fit. + +The size of most of the columns in the display has a small maximum +width. If you have fairly long database/user/host names the display +may appear odd. I have no good idea as to how best to deal with that +yet. Suggestions are welcome. + +It'd be nice if you could just add B configuration directives +in your C file instead of having a separate config file. + +You should be able to specify the columns you'd like to see in the +display and the order in which they appear. If you only have one +username that connects to your database, it's probably not worth +having the User column appear, for example. + +=head1 AUTHOR + +mytop was developed and is maintained by Jeremy D. Zawodny +(Jeremy@Zawodny.com). + +If you wish to e-mail me regarding this software, B subscribe +to the B mailing list. See the B homepage for details. + +=head1 DISCLAIMER + +While I use this software in my job at Yahoo!, I am solely responsible +for it. Yahoo! does not necessarily support this software in any +way. It is merely a personal idea which happened to be very useful in +my job. + +=head1 RECRUITING + +If you hack Perl and grok MySQL, come work at Yahoo! Contact me for +details. Or just send me your resume. Er, unless we just had layoffs, +in which case we're not hiring. :-( + +=head1 SEE ALSO + +Please check the MySQL manual if you're not sure where some of the +output of B is coming from. + +=head1 COPYRIGHT + +Copyright (C) 2000-2010, Jeremy D. Zawodny. + +=head1 CREDITS + +Fix a bug. Add a feature. See your name here! + +Many thanks go to these fine folks: + +=over + +=item Mark Grennan (mark@grennan.com) www.linuxfangoy.com + +Added updates for MySQL 5.x. Added 'S' (slow) highlighting. +Added 'C' to turn on and off Color. Added 'l' command to change +color for long running queries. Fixed a few documentation issues. +Monitors Slave status. Added color to Queue hit ratio. +Added number of rows sorted per second. +Created release 1.7. + +=item Sami Ahlroos (sami@avis-net.de) + +Suggested the idle/noidle stuff. + +=item Jan Willamowius (jan@janhh.shnet.org) + +Mirnor bug report. Documentation fixes. + +=item Alex Osipov (alex@acky.net) + +Long command-line options, Unix socket support. + +=item Stephane Enten (tuf@grolier.fr) + +Suggested batch mode. + +=item Richard Ellerbrock (richarde@eskom.co.za) + +Bug reports and usability suggestions. + +=item William R. Mattil (wrm@newton.irngtx.tel.gte.com) + +Bug report about empty passwords not working. + +=item Benjamin Pflugmann (philemon@spin.de) + +Suggested -P command-line flag as well as other changes. + +=item Justin Mecham + +Suggested setting $0 to `mytop'. + +=item Thorsten Kunz + +Provided a fix for cases when we try remove the domain name from the +display even if it is actually an IP address. + +=item Sasha Pachev + +Provided the idea of real-time queries per second in the main display. + +=item Paul DuBois + +Pointed out some option-handling bugs. + +=item Mike Wexler + +Suggested that we don't mangle (normalize) whitespace in query info by +default. + +=item Mark Zweifel + +Make the --idle command-line argument negatable. + +=item Axel Schwenke + +Noticed the inccorect formula for query cache hit percentages in +version 1.2. + +=item Steven Roussey + +Supplied a patch to help filter binary junk in queries so that +terminals don't freak out. + +=item jon r. luini + +Supplied a patch that formed the basis for C<-prompt> support. Sean +Leach submitted a similar patch. + +=item Yogish Baliga + +Supplied a patch that formed the basis for C<-resolve> support. + +=item Per Andreas Buer + +Supplied an excellent patch to tidy up the top display. This includes +showing most values in short form, such as 10k rather than 10000. + +=back + +See the Changes file on the B distribution page for more +details on what has changed. + +=head1 LICENSE + +B is licensed under the GNU General Public License version +2. For the full license information, please visit +http://www.gnu.org/copyleft/gpl.html + +=cut + +__END__ diff --git a/mysql-oracle/handlers/main.yml b/mysql-oracle/handlers/main.yml new file mode 100644 index 00000000..80375330 --- /dev/null +++ b/mysql-oracle/handlers/main.yml @@ -0,0 +1,19 @@ +--- +- name: restart munin-node + service: + name: munin-node + state: restarted + +- name: restart nagios-nrpe-server + service: + name: nagios-nrpe-server + state: restarted + +- name: restart mysql + service: + name: mysql + state: restarted + +- name: reload systemd + command: systemctl daemon-reload + diff --git a/mysql-oracle/meta/main.yml b/mysql-oracle/meta/main.yml new file mode 100644 index 00000000..8cb59054 --- /dev/null +++ b/mysql-oracle/meta/main.yml @@ -0,0 +1,20 @@ +galaxy_info: + author: Evolix + description: Install and configure MySQL 5.7 (with Oracle packages) + + issue_tracker_url: https://forge.evolix.org/projects/ansible-roles/issues + + license: GPLv2 + + min_ansible_version: 2.2 + + platforms: + - name: Debian + versions: + - jessie + - stretch + +dependencies: [] + # List your role dependencies here, one per line. + # Be sure to remove the '[]' above if you add dependencies + # to this list. diff --git a/mysql-oracle/tasks/config.yml b/mysql-oracle/tasks/config.yml new file mode 100644 index 00000000..09131f92 --- /dev/null +++ b/mysql-oracle/tasks/config.yml @@ -0,0 +1,23 @@ +--- + +- name: "Copy MySQL defaults config file" + copy: + src: evolinux-defaults.cnf + dest: "/etc/mysql/conf.d/z-evolinux-defaults.cnf" + owner: root + group: root + mode: "0644" + force: yes + tags: + - mysql + +- name: "Copy MySQL custom config file" + template: + src: evolinux-custom.cnf.j2 + dest: "/etc/mysql/conf.d/zzz-evolinux-custom.cnf" + owner: root + group: root + mode: "0644" + force: no + tags: + - mysql diff --git a/mysql-oracle/tasks/datadir.yml b/mysql-oracle/tasks/datadir.yml new file mode 100644 index 00000000..28beb1ed --- /dev/null +++ b/mysql-oracle/tasks/datadir.yml @@ -0,0 +1,45 @@ +--- + +- block: + - name: "Is {{ mysql_custom_datadir }} present ?" + stat: + path: "{{ mysql_custom_datadir }}" + check_mode: no + register: mysql_custom_datadir_test + + - name: "read the real datadir" + command: readlink -f /var/lib/mysql + changed_when: False + check_mode: no + register: mysql_current_real_datadir_test + tags: + - mysql + when: mysql_custom_datadir != '' + +- block: + - name: MySQL is stopped + service: + name: mysql + state: stopped + + - name: Move MySQL datadir to {{ mysql_custom_datadir }} + command: mv {{ mysql_current_real_datadir_test.stdout }} {{ mysql_custom_datadir }} + args: + creates: "{{ mysql_custom_datadir }}" + + - name: Symlink {{ mysql_custom_datadir }} to /var/lib/mysql + file: + src: "{{ mysql_custom_datadir }}" + dest: '/var/lib/mysql' + state: link + + - name: MySQL is started + service: + name: mysql + state: started + tags: + - mysql + when: + - mysql_custom_datadir != '' + - mysql_custom_datadir != mysql_current_real_datadir_test.stdout + - not mysql_custom_datadir_test.stat.exists diff --git a/mysql-oracle/tasks/log2mail.yml b/mysql-oracle/tasks/log2mail.yml new file mode 100644 index 00000000..568b6649 --- /dev/null +++ b/mysql-oracle/tasks/log2mail.yml @@ -0,0 +1,22 @@ +--- + +- name: Is log2mail present ? + stat: + path: /etc/log2mail/config + check_mode: no + register: log2mail_config_dir + tags: + - mysql + - log2mail + +- name: Copy log2mail config + template: + src: log2mail.j2 + dest: /etc/log2mail/config/mysql.conf + owner: log2mail + group: adm + mode: "0640" + when: log2mail_config_dir.stat.exists + tags: + - mysql + - log2mail diff --git a/mysql-oracle/tasks/main.yml b/mysql-oracle/tasks/main.yml new file mode 100644 index 00000000..273960a9 --- /dev/null +++ b/mysql-oracle/tasks/main.yml @@ -0,0 +1,19 @@ +--- + +- include: packages.yml + +- include: users.yml + +- include: config.yml + +- include: datadir.yml + +- include: tmpdir.yml + +- include: nrpe.yml + +- include: munin.yml + +- include: log2mail.yml + +- include: utils.yml diff --git a/mysql-oracle/tasks/munin.yml b/mysql-oracle/tasks/munin.yml new file mode 100644 index 00000000..52b6eed4 --- /dev/null +++ b/mysql-oracle/tasks/munin.yml @@ -0,0 +1,64 @@ +--- + +- name: is Munin present ? + stat: + path: /etc/munin/plugin-conf.d/munin-node + check_mode: no + register: munin_node_plugins_config + tags: + - mysql + - munin + +- block: + - name: Install perl libraries for Munin + apt: + name: "{{ item }}" + state: present + with_items: + - libdbd-mysql-perl + - libcache-cache-perl + + - name: Enable core Munin plugins + file: + src: '/usr/share/munin/plugins/{{ item }}' + dest: /etc/munin/plugins/{{ item }} + state: link + with_items: + - mysql_bytes + - mysql_queries + - mysql_slowqueries + - mysql_threads + notify: restart munin-node + + - name: Enable contributed Munin plugins + file: + src: /usr/share/munin/plugins/mysql_ + dest: '/etc/munin/plugins/mysql_{{ item }}' + state: link + with_items: + - commands + - connections + - files_tables + - innodb_bpool + - innodb_bpool_act + - innodb_insert_buf + - innodb_io + - innodb_io_pend + - innodb_log + - innodb_rows + - innodb_semaphores + - myisam_indexes + - network_traffic + - qcache + - qcache_mem + - select_types + - slow + - sorts + - table_locks + - tmp_tables + notify: restart munin-node + + when: munin_node_plugins_config.stat.exists + tags: + - mysql + - munin diff --git a/mysql-oracle/tasks/nrpe.yml b/mysql-oracle/tasks/nrpe.yml new file mode 100644 index 00000000..c02fc007 --- /dev/null +++ b/mysql-oracle/tasks/nrpe.yml @@ -0,0 +1,55 @@ +--- + +- name: is NRPE present ? + stat: + path: /etc/nagios/nrpe.d/evolix.cfg + check_mode: no + register: nrpe_evolix_config + tags: + - mysql + - nrpe + +- name: NRPE user exists for MySQL ? + stat: + path: ~nagios/.my.cnf + check_mode: no + register: nrpe_my_cnf + tags: + - mysql + - nrpe + +- block: + - name: Create a password for NRPE + command: "apg -n 1 -m 16 -M lcN" + register: mysql_nrpe_password + check_mode: no + changed_when: False + + - name: Create nrpe user + mysql_user: + name: nrpe + password: '{{ mysql_nrpe_password.stdout }}' + priv: "*.*:REPLICATION CLIENT" + config_file: /root/.my.cnf + update_password: always + state: present + register: create_nrpe_user + + - name: Store credentials in nagios home + ini_file: + dest: "~nagios/.my.cnf" + owner: nagios + group: nagios + mode: "0600" + section: client + option: '{{ item.option }}' + value: '{{ item.value }}' + with_items: + - { option: 'user', value: 'nrpe' } + - { option: 'password', value: '{{ mysql_nrpe_password.stdout }}' } + when: create_nrpe_user.changed + + when: nrpe_evolix_config.stat.exists and (not nrpe_my_cnf.stat.exists or mysql_force_new_nrpe_password) + tags: + - mysql + - nrpe diff --git a/mysql-oracle/tasks/packages.yml b/mysql-oracle/tasks/packages.yml new file mode 100644 index 00000000..233e700b --- /dev/null +++ b/mysql-oracle/tasks/packages.yml @@ -0,0 +1,74 @@ +--- + +- name: MySQL APT config package is available + copy: + src: mysql-apt-config_0.8.9-1_all.deb + dest: /root/mysql-apt-config_0.8.9-1_all.deb + +- name: MySQL APT config package is installed + apt: + deb: /root/mysql-apt-config_0.8.9-1_all.deb + state: installed + register: mysql_apt_config_deb + +- name: APT cache is up-to-date + apt: + update_cache: yes + when: mysql_apt_config_deb | changed + +- name: Install MySQL packages + apt: + name: '{{ item }}' + update_cache: yes + state: present + with_items: + - mysql-server + - mysql-client + - libmysqlclient20 + tags: + - mysql + - packages + +- include_role: + name: remount-usr + +- name: mysql-systemd-start scripts is installed + copy: + src: debian/mysql-systemd-start + dest: /usr/share/mysql/mysql-systemd-start + mode: "0755" + owner: root + group: root + force: yes + +- name: systemd unit is installed + copy: + src: debian/mysql-server-5.7.mysql.service + dest: /etc/systemd/system/mysql.service + mode: "0755" + owner: root + group: root + force: yes + register: mysql_systemd_unit + +# - name: systemd daemon is reloaded +# systemd: +# daemon_reload: yes +# when: mysql_systemd_unit | changed + +- name: MySQL is started + service: + name: mysql + daemon_reload: yes + state: started + tags: + - mysql + - services + +- name: apg package is installed + apt: + name: apg + state: present + tags: + - mysql + - packages diff --git a/mysql-oracle/tasks/tmpdir.yml b/mysql-oracle/tasks/tmpdir.yml new file mode 100644 index 00000000..2c2c0d91 --- /dev/null +++ b/mysql-oracle/tasks/tmpdir.yml @@ -0,0 +1,23 @@ +--- + +- block: + - name: "Create {{ mysql_custom_tmpdir }}" + file: + path: "{{ mysql_custom_tmpdir }}" + owner: mysql + group: mysql + mode: "0700" + state: directory + tags: + - mysql + + - name: Configure tmpdir + ini_file: + dest: "/etc/mysql/conf.d/zzz-evolinux-custom.cnf" + section: mysqld + option: tmpdir + value: "{{ mysql_custom_tmpdir }}" + notify: restart mysql + tags: + - mysql + when: mysql_custom_tmpdir != '' diff --git a/mysql-oracle/tasks/users.yml b/mysql-oracle/tasks/users.yml new file mode 100644 index 00000000..bab76418 --- /dev/null +++ b/mysql-oracle/tasks/users.yml @@ -0,0 +1,89 @@ +--- + +# dependency for mysql_user and mysql_db +- name: python-mysqldb is installed (Ansible dependency) + apt: + name: python-mysqldb + state: present + tags: + - mysql + +- name: create a password for mysqladmin + command: "apg -n 1 -m 16 -M lcN" + register: mysql_admin_password + changed_when: False + tags: + - mysql + +- name: there is a mysqladmin user + mysql_user: + name: mysqladmin + password: '{{ mysql_admin_password.stdout }}' + priv: "*.*:ALL,GRANT" + update_password: on_create + state: present + config_file: "/etc/mysql/debian.cnf" + register: create_mysqladmin_user + tags: + - mysql + +- name: mysqladmin is the default user + ini_file: + dest: /root/.my.cnf + mode: "0600" + section: client + option: '{{ item.option }}' + value: '{{ item.value }}' + create: yes + with_items: + - { option: 'user', value: 'mysqladmin' } + - { option: password, value: '{{ mysql_admin_password.stdout }}' } + when: create_mysqladmin_user | changed + tags: + - mysql + + +- name: create a password for debian-sys-maint + command: "apg -n 1 -m 16 -M lcN" + register: mysql_debian_password + changed_when: False + tags: + - mysql + +- name: there is a debian-sys-maint user + mysql_user: + name: debian-sys-maint + password: '{{ mysql_debian_password.stdout }}' + priv: "*.*:ALL,GRANT" + update_password: on_create + state: present + config_file: "/root/.my.cnf" + register: create_debian_user + tags: + - mysql + +- name: store debian-sys-maint user credentials + ini_file: + dest: /etc/mysql/debian.cnf + mode: "0600" + section: "{{ item[0] }}" + option: '{{ item[1].option }}' + value: '{{ item[1].value }}' + create: yes + with_nested: + - [ "client", "mysql_upgrade" ] + - [ { option: 'user', value: 'debian-sys-maint' }, + { option: password, value: '{{ mysql_debian_password.stdout }}' } + ] + when: create_debian_user | changed + tags: + - mysql + +- name: remove root user + mysql_user: + name: root + host_all: yes + config_file: "/root/.my.cnf" + state: absent + tags: + - mysql diff --git a/mysql-oracle/tasks/utils.yml b/mysql-oracle/tasks/utils.yml new file mode 100644 index 00000000..4e0e4aa9 --- /dev/null +++ b/mysql-oracle/tasks/utils.yml @@ -0,0 +1,193 @@ +--- + +- name: Scripts directory exists + file: + dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}" + mode: "0700" + state: directory + tags: + - mysql + +# mytop + +- name: "mytop is installed (jessie)" + apt: + name: mytop + state: present + tags: + - packages + - mytop + - mysql + when: ansible_distribution_release == "jessie" + +# - name: "mysql-utilities are installed (Debian 9 or later)" +# apt: +# name: "{{ item }}" +# with_items: +# - mysql-utilities +# when: ansible_distribution_major_version | version_compare('9', '>=') + +- name: "mytop dependencies are installed (Debian 9 or later)" + apt: + name: "{{ item }}" + with_items: + - libconfig-inifiles-perl + - libdbd-mysql-perl + - libdbi-perl + - libterm-readkey-perl + - libtime-hires-perl + tags: + - packages + - mytop + - mysql + when: ansible_distribution_major_version | version_compare('9', '>=') + +- include_role: + name: remount-usr + tags: + - mytop + - mysql + +- name: "mytop is installed (Debian 9 or later)" + copy: + src: mytop + dest: /usr/local/bin/mytop + mode: "0755" + owner: root + group: staff + force: yes + tags: + - mytop + - mysql + when: ansible_distribution_major_version | version_compare('9', '>=') + +- name: Read debian-sys-maint password + shell: 'cat /etc/mysql/debian.cnf | grep -m1 "password = .*" | cut -d" " -f3' + register: mysql_debian_password + changed_when: False + check_mode: no + tags: + - mytop + - mysql + +- name: mytop configuration is copied + template: + src: mytop-config.j2 + dest: /root/.mytop + mode: "0600" + force: yes + tags: + - mytop + - mysql + +# mysqltuner + +- include_role: + name: remount-usr + tags: + - mysql + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + +- name: mysqltuner is installed + # copy: + # src: mysqltuner.pl + # dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysqltuner.pl" + # mode: "0700" + apt: + name: mysqltuner + state: present + tags: + - mysql + - mysqltuner + +- name: aha is installed + apt: + name: aha + tags: + - mysql + +# automatic optimizations + +- include_role: + name: remount-usr + tags: + - mysql + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + +- name: mysql-optimize.sh is installed + copy: + src: mysql-optimize.sh + dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh" + mode: "0700" + tags: + - mysql + +- name: "Cron dir for optimize is present" + file: + path: "/etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}" + state: directory + mode: "0755" + owner: root + group: root + tags: + - mysql + +- name: "Enable cron to optimize MySQL" + file: + src: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/mysql-optimize.sh" + dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh + state: link + when: mysql_cron_optimize | bool + tags: + - mysql + +- name: "Disable cron to optimize MySQL" + file: + dest: /etc/cron.{{ mysql_cron_optimize_frequency | mandatory }}/mysql-optimize.sh + state: absent + when: not (mysql_cron_optimize | bool) + tags: + - mysql + +- name: "Cron dir for mysqltuner is present" + file: + path: "/etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}" + state: directory + mode: "0755" + owner: root + group: root + tags: + - mysql + - mysqltuner + +- name: "Enable mysqltuner in cron" + copy: + src: mysqltuner.cron.sh + dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh + when: mysql_cron_mysqltuner | bool + tags: + - mysql + - mysqltuner + +- name: "Disable mysqltuner in cron" + file: + dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh + state: absent + when: not (mysql_cron_mysqltuner | bool) + tags: + - mysql + - mysqltuner + +# my-add.sh + +- include_role: + name: remount-usr + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + +- name: Install my-add.sh + copy: + src: my-add.sh + dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}/my-add.sh" + mode: "0700" + tags: + - mysql diff --git a/mysql-oracle/templates/evolinux-custom.cnf.j2 b/mysql-oracle/templates/evolinux-custom.cnf.j2 new file mode 100644 index 00000000..fa818eaf --- /dev/null +++ b/mysql-oracle/templates/evolinux-custom.cnf.j2 @@ -0,0 +1,4 @@ +[mysqld] +#bind-address = 0.0.0.0 +thread_cache_size = {{ mysql_thread_cache_size }} +innodb_buffer_pool_size = {{ mysql_innodb_buffer_pool_size }} diff --git a/mysql-oracle/templates/log2mail.j2 b/mysql-oracle/templates/log2mail.j2 new file mode 100644 index 00000000..8a1ad3c3 --- /dev/null +++ b/mysql-oracle/templates/log2mail.j2 @@ -0,0 +1,29 @@ +file = /var/log/syslog +pattern = "is marked as crashed and should be repaired" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "init function returned error" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "try to repair it" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "InnoDB: Fatal error" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "as a STORAGE ENGINE failed" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail + +file = /var/log/syslog +pattern = "The total blob data length" +mailto = {{ (log2mail_alert_email or general_alert_email) | mandatory }} +template = /etc/log2mail/mail diff --git a/mysql-oracle/templates/mytop-config.j2 b/mysql-oracle/templates/mytop-config.j2 new file mode 100644 index 00000000..507ab99d --- /dev/null +++ b/mysql-oracle/templates/mytop-config.j2 @@ -0,0 +1,3 @@ +user = debian-sys-maint +pass = {{ mysql_debian_password.stdout }} +db = mysql diff --git a/mysql-oracle/tests/test.yml b/mysql-oracle/tests/test.yml new file mode 100644 index 00000000..d75783bf --- /dev/null +++ b/mysql-oracle/tests/test.yml @@ -0,0 +1,4 @@ +--- +- hosts: test-kitchen + roles: + - role: mysql-oracle From ace68db4b4421362c4ea8ad07777a8f07bb265b0 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 28 Feb 2018 17:24:44 +0100 Subject: [PATCH 23/82] packweb-apache can use MySQL from Oracle. --- CHANGELOG.md | 1 + packweb-apache/README.md | 1 + packweb-apache/defaults/main.yml | 2 ++ packweb-apache/meta/main.yml | 3 ++- 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 66e7da49..d7862465 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The **patch** part changes incrmentally at each release. * nagios-nrpe: add "check_open_files" plugin * nagios-nrpe: mark plugins as executable * mysql-oracle: new role to install MySQL 5.7 with Oracle packages +* packweb-apache: choose mysql variant (default: `debian`) ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). diff --git a/packweb-apache/README.md b/packweb-apache/README.md index 99e25da1..e99c285e 100644 --- a/packweb-apache/README.md +++ b/packweb-apache/README.md @@ -11,5 +11,6 @@ See `tasks/main.yml`. Main variables are : * `packweb_enable_evoadmin_vhost` : enable VirtualHost for evoadmin (web interface to create web accounts) +* `packweb_mysql_variant`: which Variant to use for MySQL (`debian` or `oracle`, default: `debian`) The full list of variables (with default values) can be found in `defaults/main.yml`. diff --git a/packweb-apache/defaults/main.yml b/packweb-apache/defaults/main.yml index 8282d081..7f79e90d 100644 --- a/packweb-apache/defaults/main.yml +++ b/packweb-apache/defaults/main.yml @@ -8,3 +8,5 @@ packweb_apache_modphp: True packweb_apache_fpm: False packweb_phpmyadmin_suffix: "" + +packweb_mysql_variant: "debian" diff --git a/packweb-apache/meta/main.yml b/packweb-apache/meta/main.yml index 914dbebb..47348f1a 100644 --- a/packweb-apache/meta/main.yml +++ b/packweb-apache/meta/main.yml @@ -16,4 +16,5 @@ galaxy_info: dependencies: - { role: squid, squid_localproxy_enable: True } - - mysql + - { role: mysql, when: packweb_mysql_variant == "debian" } + - { role: mysql-oracle, when: packweb_mysql_variant == "oracle" } From 9d349133f2c1ec41a2aa3922a7fe0f6d77b439c9 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Wed, 28 Feb 2018 17:37:24 +0100 Subject: [PATCH 24/82] proftpd: fix when password was predefined --- proftpd/tasks/accounts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proftpd/tasks/accounts.yml b/proftpd/tasks/accounts.yml index 26ff0ae5..b1563eaf 100644 --- a/proftpd/tasks/accounts.yml +++ b/proftpd/tasks/accounts.yml @@ -6,7 +6,7 @@ - proftpd - set_fact: - proftpd_accounts_final: "{{ proftpd_accounts_final + item }}" + proftpd_accounts_final: "{{ proftpd_accounts_final + [ item ] }}" when: item.password is defined with_items: "{{ proftpd_accounts }}" tags: From 23ae74d422869268b57f234f4d391589561e0383 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 28 Feb 2018 17:41:54 +0100 Subject: [PATCH 25/82] update changelog --- CHANGELOG.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d7862465..ca3d69f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,7 +6,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/). This project does not follow semantic versioning. The **major** part of the version is aligned with the stable version of Debian. The **minor** part changes with big changes (probably incompatible). -The **patch** part changes incrmentally at each release. +The **patch** part changes incrementally at each release. ## [Unreleased] @@ -16,6 +16,7 @@ The **patch** part changes incrmentally at each release. * nagios-nrpe: mark plugins as executable * mysql-oracle: new role to install MySQL 5.7 with Oracle packages * packweb-apache: choose mysql variant (default: `debian`) +* haproxy: install Munin plugins ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). @@ -45,7 +46,7 @@ The **patch** part changes incrmentally at each release. ## [9.1.5] - 2018-01-18 ### Added -* There is changelog! +* There is a changelog! * redis: configuration variable for protected mode (v3.2+) * evolinux-users: users are in "adm" group for Debian 9 or later * evolinx-base: purge locate/mlocate packages From 09674fa489b31e759d4e84a3510b1b4ebadc4714 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Fri, 2 Mar 2018 15:18:49 +0100 Subject: [PATCH 26/82] Squid: Add repo.mysql.com to default whitelist --- squid/files/evolinux-whitelist-defaults.conf | 1 + squid/files/whitelist-evolinux.conf | 1 + 2 files changed, 2 insertions(+) diff --git a/squid/files/evolinux-whitelist-defaults.conf b/squid/files/evolinux-whitelist-defaults.conf index ada4fcdc..125eda7d 100644 --- a/squid/files/evolinux-whitelist-defaults.conf +++ b/squid/files/evolinux-whitelist-defaults.conf @@ -9,6 +9,7 @@ ^spamassassin\.apache\.org$ ^.*sa-update.*$ ^pear\.php\.net$ +^repo\.mysql\.com$ # Let's Encrypt ^.*\.letsencrypt.org$ diff --git a/squid/files/whitelist-evolinux.conf b/squid/files/whitelist-evolinux.conf index 10bcd779..5c22f4a7 100644 --- a/squid/files/whitelist-evolinux.conf +++ b/squid/files/whitelist-evolinux.conf @@ -9,6 +9,7 @@ http://.*clamav.net/.* http://spamassassin.apache.org/.* http://.*sa-update.* http://pear.php.net/.* +http://repo.mysql.com/.* # Let's Encrypt http://.*.letsencrypt.org/.* From 3488ec758dc3a297309e1ed13778279c2aaa26f9 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Fri, 2 Mar 2018 15:22:36 +0100 Subject: [PATCH 27/82] mysql-oracle: Add missing remount-usr --- mysql-oracle/tasks/packages.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mysql-oracle/tasks/packages.yml b/mysql-oracle/tasks/packages.yml index 233e700b..477f9bef 100644 --- a/mysql-oracle/tasks/packages.yml +++ b/mysql-oracle/tasks/packages.yml @@ -5,6 +5,9 @@ src: mysql-apt-config_0.8.9-1_all.deb dest: /root/mysql-apt-config_0.8.9-1_all.deb +- include_role: + name: remount-usr + - name: MySQL APT config package is installed apt: deb: /root/mysql-apt-config_0.8.9-1_all.deb From 77cc1cce7d215f2ead99b7138abd874a28156deb Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Fri, 2 Mar 2018 15:49:47 +0100 Subject: [PATCH 28/82] mysql-oracle: Add repo.mysql.com to minifw if needed --- mysql-oracle/handlers/main.yml | 2 ++ mysql-oracle/tasks/packages.yml | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/mysql-oracle/handlers/main.yml b/mysql-oracle/handlers/main.yml index 80375330..7571ebc5 100644 --- a/mysql-oracle/handlers/main.yml +++ b/mysql-oracle/handlers/main.yml @@ -17,3 +17,5 @@ - name: reload systemd command: systemctl daemon-reload +- name: Restart minifirewall + command: /etc/init.d/minifirewall restart diff --git a/mysql-oracle/tasks/packages.yml b/mysql-oracle/tasks/packages.yml index 477f9bef..76128f59 100644 --- a/mysql-oracle/tasks/packages.yml +++ b/mysql-oracle/tasks/packages.yml @@ -14,6 +14,15 @@ state: installed register: mysql_apt_config_deb +- name: Open firewall for MySQL.com repository + replace: + name: /etc/default/minifirewall + regexp: "^(HTTPSITES='((?!(repo\\.mysql\\.com|0\\.0\\.0\\.0)).)*)'$" + replace: "\\1 repo.mysql.com'" + notify: Restart minifirewall + +- meta: flush_handlers + - name: APT cache is up-to-date apt: update_cache: yes From cdaad871b3d50c85dfc41ccaec715e117ce9a855 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Mon, 5 Mar 2018 14:44:21 +0100 Subject: [PATCH 29/82] Be sure to check the exit code of certbot If we use set -e but no -o pipefail with a pipe, the last command exit code is used by set -e. certbot | grep -v something If the grep exit with a non-zero exit code, set -e stop the execution of the script. We don't care about that grep, so we now use the PIPESTATUS. --- evoacme/files/evoacme.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/evoacme/files/evoacme.sh b/evoacme/files/evoacme.sh index 73523588..814d4553 100755 --- a/evoacme/files/evoacme.sh +++ b/evoacme/files/evoacme.sh @@ -204,6 +204,8 @@ main() { sudo -u acme test -w "${NEW_DIR}" || error "Directory ${NEW_DIR} is not writable by user 'acme'" # create a certificate with certbot + # we disable the set -e during the certbot call + set +e sudo -u acme \ "${CERTBOT_BIN}" \ certonly \ @@ -220,6 +222,11 @@ main() { 2>&1 \ | grep -v "certbot.crypto_util" + if [ "${PIPESTATUS[0]}" != "0" ]; then + error "Certbot has exited with a non-zero exit code" + fi + set -e + if [ "${DRY_RUN}" = "1" ]; then debug "In dry-run mode, we stop here. Bye" exit 0 From a4a3569630c8421f072c879e046a5c60cd4fdfe0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Tue, 6 Mar 2018 10:34:55 +0100 Subject: [PATCH 30/82] Show the certificate path when exiting with an error --- evoacme/files/evoacme.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/evoacme/files/evoacme.sh b/evoacme/files/evoacme.sh index 814d4553..c4594ad1 100755 --- a/evoacme/files/evoacme.sh +++ b/evoacme/files/evoacme.sh @@ -223,7 +223,7 @@ main() { | grep -v "certbot.crypto_util" if [ "${PIPESTATUS[0]}" != "0" ]; then - error "Certbot has exited with a non-zero exit code" + error "Certbot has exited with a non-zero exit code when generating ${NEW_CERT}" fi set -e From 1558bfe8c3081c8c6713defb05deab11b574a608 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 8 Mar 2018 14:59:37 +0100 Subject: [PATCH 31/82] Patch dovecot deliver to handle + sign in address. This is mandatory to handle the plus sign in email address like foo+bar@example.com --- postfix/templates/packmail_master.cf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postfix/templates/packmail_master.cf.j2 b/postfix/templates/packmail_master.cf.j2 index 7326cb35..50aeeec4 100644 --- a/postfix/templates/packmail_master.cf.j2 +++ b/postfix/templates/packmail_master.cf.j2 @@ -120,7 +120,7 @@ policyd-spf unix - n n - 0 spawn user=policyd-spf argv=/usr/bin/policyd-spf dovecot unix - n n - - pipe - flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient} + flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -a ${recipient} -d ${user}@${nexthop} scan unix - - y - 10 smtp localhost:10026 inet n - y - 10 smtpd From 94118b253637f120ff17265df5489256204c3e98 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Mon, 12 Mar 2018 11:00:53 +0100 Subject: [PATCH 32/82] Apache: Don't turn on modsec if it's available on default vhost --- apache/templates/evolinux-default.conf.j2 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apache/templates/evolinux-default.conf.j2 b/apache/templates/evolinux-default.conf.j2 index e1c97911..3f058803 100644 --- a/apache/templates/evolinux-default.conf.j2 +++ b/apache/templates/evolinux-default.conf.j2 @@ -60,6 +60,10 @@ + + SecRuleEngine Off + + @@ -119,5 +123,9 @@ + + SecRuleEngine Off + + From 84924c38f424e428db090dbd76185c206a701d67 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 13 Mar 2018 09:37:27 +0100 Subject: [PATCH 33/82] evolinux-users: create .profile for evomaintenance if missing --- evolinux-users/tasks/profile.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/evolinux-users/tasks/profile.yml b/evolinux-users/tasks/profile.yml index 177d7628..6a046e52 100644 --- a/evolinux-users/tasks/profile.yml +++ b/evolinux-users/tasks/profile.yml @@ -14,4 +14,5 @@ dest: '/home/{{ user.name }}/.profile' insertafter: EOF line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0' + create: yes when: grep_profile_evomaintenance.rc != 0 From ad4714856b5e1ad3afc4c7133af777002ce81595 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 13 Mar 2018 09:40:37 +0100 Subject: [PATCH 34/82] mongodb: don't overwrite config by default --- CHANGELOG.md | 2 +- mongodb/README.md | 2 +- mongodb/defaults/main.yml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ca3d69f5..7bb4aaa2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -22,7 +22,7 @@ The **patch** part changes incrementally at each release. * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). * elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`) * nagios-nrpe: mark plugins as executable -* mongodb: configuration is forced by default but it's configurable (default: `true`) +* mongodb: configuration is forced by default but it's configurable (default: `false`) * nginx: package name can be specified (default: `nginx-full`) ### Fixed diff --git a/mongodb/README.md b/mongodb/README.md index 8796089a..e876fe7c 100644 --- a/mongodb/README.md +++ b/mongodb/README.md @@ -12,6 +12,6 @@ Everything is in the `tasks/main.yml` file. * `mongodb_port`: port to listen to (default: `27017`) * `mongodb_bind`: IP to bind to (default: `127.0.0.1`) -* `mongodb_force_config`: force copy the configuration (default: `true`) +* `mongodb_force_config`: force copy the configuration (default: `false`) The full list of variables (with default values) can be found in `defaults/main.yml`. diff --git a/mongodb/defaults/main.yml b/mongodb/defaults/main.yml index e920d99d..ec255349 100644 --- a/mongodb/defaults/main.yml +++ b/mongodb/defaults/main.yml @@ -3,4 +3,6 @@ mongodb_port: 27017 mongodb_bind: 127.0.0.1 -mongodb_force_config: True +# Warning: config must not be overwritten by default +# otherwise it can disable important settings, like authorization :/ +mongodb_force_config: False From 5e3c33eb7ab80040fcd1816a389f6f8d75b3afe1 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Tue, 13 Mar 2018 10:25:26 +0100 Subject: [PATCH 35/82] proftpd: update README and CHANGELOG --- CHANGELOG.md | 2 ++ proftpd/README.md | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bb4aaa2..bfbe297a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ The **patch** part changes incrementally at each release. * mysql-oracle: new role to install MySQL 5.7 with Oracle packages * packweb-apache: choose mysql variant (default: `debian`) * haproxy: install Munin plugins +* proftpd: use proftpd_accounts list for manage ftp accounts + ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). diff --git a/proftpd/README.md b/proftpd/README.md index 1fcb4910..dae8abef 100644 --- a/proftpd/README.md +++ b/proftpd/README.md @@ -16,3 +16,30 @@ Main variables are : * `proftpd_port` : port for the control socket (default: `21`) The full list of variables (with default values) can be found in `defaults/main.yml`. + +## Accounts management + +Proftpd accounts can be maintened with the `proftpd_accounts` var, it can be set in inventory/host_vars/inventory_hostname : + +~~~ +proftpd_accounts: +- { name: 'ftp1', home: '/srv/data/ftp1', uid: 116, gid: 65534 } +- { name: 'ftp2', home: '/srv/data/ftp2', uid: 116, gid: 65534 } +~~~ + +The password will be randomly generated and printed to the screen the first time you run the task. + +You can force is value by set the `password` field with the hashed version of your password. + +eg. for "test" password hashed with sha512 : + +~~~ +proftpd_accounts: +- { name: 'ftp1', home: '/srv/data/ftp1', uid: 116, gid: 65534, password: '$6$/Yy0b0No3GWh$3ZY1GZFI25eyQDBrANyHw.NFPqPqdg6sCi89nM/aNitmESZ2jGfROveS5xowy.WjX9tMC7.KPoabKPyxOpBJY0' } +~~~ + +For generate the sha512 version of yours password : + +~~~ +echo "test" | mkpasswd --method=sha-512 - +~~~ From 61ee8052e5a4d709ee740b597898259944746f46 Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Tue, 13 Mar 2018 10:25:45 +0100 Subject: [PATCH 36/82] dovecot: update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bfbe297a..c0b5c392 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ The **patch** part changes incrementally at each release. ### Fixed * nginx: fix basic auth for default vhost +* dovecot: fix support of plus sign ## [9.1.6] - 2018-02-02 From b81ef36f92a48c4fda5488322b0b9c6a78366ec6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 14 Mar 2018 09:33:14 +0100 Subject: [PATCH 37/82] mysql: remount /usr (if needed) before creating scripts directory --- CHANGELOG.md | 1 + mysql-oracle/tasks/utils.yml | 6 +++++- mysql/tasks/utils.yml | 6 +++++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c0b5c392..5a0227fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The **patch** part changes incrementally at each release. * nagios-nrpe: add "check_open_files" plugin * nagios-nrpe: mark plugins as executable * mysql-oracle: new role to install MySQL 5.7 with Oracle packages +* mysql: remount /usr before creating scripts directory * packweb-apache: choose mysql variant (default: `debian`) * haproxy: install Munin plugins * proftpd: use proftpd_accounts list for manage ftp accounts diff --git a/mysql-oracle/tasks/utils.yml b/mysql-oracle/tasks/utils.yml index 4e0e4aa9..b0b3284b 100644 --- a/mysql-oracle/tasks/utils.yml +++ b/mysql-oracle/tasks/utils.yml @@ -1,5 +1,9 @@ --- +- include_role: + name: remount-usr + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + - name: Scripts directory exists file: dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}" @@ -35,7 +39,7 @@ - libdbd-mysql-perl - libdbi-perl - libterm-readkey-perl - - libtime-hires-perl + - libtime-hires-perl tags: - packages - mytop diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index a6fc307c..499afaa8 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -1,5 +1,9 @@ --- +- include_role: + name: remount-usr + when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") + - name: Ensure scripts directory exists file: dest: "{{ mysql_scripts_dir or general_scripts_dir | mandatory }}" @@ -74,7 +78,7 @@ # automatic optimizations - include_role: - name: remount-usr + name: remount-usr when: (mysql_scripts_dir or general_scripts_dir) | search ("/usr") - name: Optimize script for MySQL From a12dca0b70bde363ac1d294a3d9bb711026c8db3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 14 Mar 2018 09:35:26 +0100 Subject: [PATCH 38/82] mysql/mysql-oracle: mysqltuner cron task is executable --- CHANGELOG.md | 1 + mysql-oracle/tasks/utils.yml | 1 + mysql/tasks/utils.yml | 1 + 3 files changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a0227fe..c92df47f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ The **patch** part changes incrementally at each release. ### Fixed * nginx: fix basic auth for default vhost * dovecot: fix support of plus sign +* mysql/mysql-oracle: mysqltuner cron task is executable ## [9.1.6] - 2018-02-02 diff --git a/mysql-oracle/tasks/utils.yml b/mysql-oracle/tasks/utils.yml index b0b3284b..c5979ede 100644 --- a/mysql-oracle/tasks/utils.yml +++ b/mysql-oracle/tasks/utils.yml @@ -168,6 +168,7 @@ copy: src: mysqltuner.cron.sh dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh + mode: "0700" when: mysql_cron_mysqltuner | bool tags: - mysql diff --git a/mysql/tasks/utils.yml b/mysql/tasks/utils.yml index 499afaa8..114f614b 100644 --- a/mysql/tasks/utils.yml +++ b/mysql/tasks/utils.yml @@ -126,6 +126,7 @@ copy: src: mysqltuner.cron.sh dest: /etc/cron.{{ mysql_cron_mysqltuner_frequency | mandatory }}/mysqltuner.sh + mode: "0700" when: mysql_cron_mysqltuner tags: - mysql From 8c0fadb8fe89f92dc345e8a49da3c88225a11d64 Mon Sep 17 00:00:00 2001 From: Romain Dessort Date: Wed, 14 Mar 2018 10:46:54 -0400 Subject: [PATCH 39/82] Ensure munin plugins for Postfix are enabled munin plugins for Postfix could be absent on some servers. This commit fixes evoqa issue #2584. --- munin/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/munin/tasks/main.yml b/munin/tasks/main.yml index cec24e62..ae1644fe 100644 --- a/munin/tasks/main.yml +++ b/munin/tasks/main.yml @@ -57,6 +57,9 @@ - meminfo - netstat_multi - tcp + - postfix_mailqueue + - postfix_mailstats + - postfix_mailvolume notify: restart munin-node tags: - munin From 3c2443181ba0de4dfe971dc9bfef60d2d33d9af0 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Thu, 15 Mar 2018 12:04:24 +0100 Subject: [PATCH 40/82] evolinux-base: Exec the firewall tasks sooner to avoid dependency issues --- CHANGELOG.md | 1 + evolinux-base/tasks/main.yml | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c92df47f..e8b5ab46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,7 @@ The **patch** part changes incrementally at each release. * nagios-nrpe: mark plugins as executable * mongodb: configuration is forced by default but it's configurable (default: `false`) * nginx: package name can be specified (default: `nginx-full`) +* evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues) ### Fixed * nginx: fix basic auth for default vhost diff --git a/evolinux-base/tasks/main.yml b/evolinux-base/tasks/main.yml index f775fe13..ccf1372b 100644 --- a/evolinux-base/tasks/main.yml +++ b/evolinux-base/tasks/main.yml @@ -43,6 +43,11 @@ include: system.yml when: evolinux_system_include +- name: Minifirewall + include_role: + name: minifirewall + when: evolinux_minifirewall_include + - name: Evomaintenance include_role: name: evomaintenance @@ -90,11 +95,6 @@ include: log2mail.yml when: evolinux_log2mail_include -- name: Minifirewall - include_role: - name: minifirewall - when: evolinux_minifirewall_include - - name: Munin include_role: name: munin From 236b65f54a5f2ceb9bf4da30cd93cb2f42486fbc Mon Sep 17 00:00:00 2001 From: Romain Dessort Date: Thu, 15 Mar 2018 10:33:20 -0400 Subject: [PATCH 41/82] Exclude postfix/spamd.cidr from git This commit refer to evoqa #2748. --- etc-git/files/gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/etc-git/files/gitignore b/etc-git/files/gitignore index 89f524f6..7f8a0e4a 100644 --- a/etc-git/files/gitignore +++ b/etc-git/files/gitignore @@ -2,3 +2,4 @@ aliases.db *.swp postfix/sa-blacklist.access postfix/*.db +postfix/spamd.cidr From b92d697db1ae22f46d52f557f422706a6b1b5ab3 Mon Sep 17 00:00:00 2001 From: Romain Dessort Date: Thu, 15 Mar 2018 11:18:04 -0400 Subject: [PATCH 42/82] Make commit tasks work on squeeze On squeeze machines, the task fetching the user.email variable fails and therefore git_config_user_email.config_value ansible variable is undefined in the next task. I added a condition to handle this case. --- etc-git/tasks/commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc-git/tasks/commit.yml b/etc-git/tasks/commit.yml index 8c4fb539..3843d66a 100644 --- a/etc-git/tasks/commit.yml +++ b/etc-git/tasks/commit.yml @@ -26,7 +26,7 @@ - name: "set commit author" set_fact: commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}' - commit_email: '{% if git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' + commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' - name: "/etc modifications are committed" shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\"" From 98486fd7711536a8b9947b6821ec2494f136ae39 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 16 Mar 2018 14:20:25 +0100 Subject: [PATCH 43/82] etc-git: add tags for Ansible --- CHANGELOG.md | 2 +- etc-git/tasks/commit.yml | 18 ++++++++++++++---- etc-git/tasks/main.yml | 14 ++++++++++++++ 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e8b5ab46..f42c9241 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,7 +19,7 @@ The **patch** part changes incrementally at each release. * packweb-apache: choose mysql variant (default: `debian`) * haproxy: install Munin plugins * proftpd: use proftpd_accounts list for manage ftp accounts - +* etc-git: add tags for Ansible ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). diff --git a/etc-git/tasks/commit.yml b/etc-git/tasks/commit.yml index 3843d66a..85c36641 100644 --- a/etc-git/tasks/commit.yml +++ b/etc-git/tasks/commit.yml @@ -8,13 +8,15 @@ when: not ansible_check_mode ignore_errors: yes tags: - - commit-etc + - etc-git + - commit-etc - debug: var: git_status verbosity: 3 tags: - - commit-etc + - etc-git + - commit-etc - name: fetch current Git user.email git_config: @@ -22,11 +24,17 @@ repo: /etc register: git_config_user_email ignore_errors: yes + tags: + - etc-git + - commit-etc - name: "set commit author" set_fact: commit_author: '{% if ansible_env.SUDO_USER is not defined %}root{% else %}{{ ansible_env.SUDO_USER }}{% endif %}' commit_email: '{% if git_config_user_email.config_value is not defined or git_config_user_email.config_value == "" %}root@localhost{% else %}{{ git_config_user_email.config_value }}{% endif %}' + tags: + - etc-git + - commit-etc - name: "/etc modifications are committed" shell: "git add -A . && git commit -m \"{{ commit_message | mandatory }}\" --author \"{{ commit_author | mandatory }} <{{ commit_email | mandatory }}>\"" @@ -36,10 +44,12 @@ when: not ansible_check_mode and git_status.stdout != "" ignore_errors: yes tags: - - commit-etc + - etc-git + - commit-etc - debug: var: etc_commit_end_run verbosity: 4 tags: - - commit-etc + - etc-git + - commit-etc diff --git a/etc-git/tasks/main.yml b/etc-git/tasks/main.yml index 58bf52f2..53b63825 100644 --- a/etc-git/tasks/main.yml +++ b/etc-git/tasks/main.yml @@ -4,6 +4,8 @@ apt: name: git state: present + tags: + - etc-git - name: /etc is versioned with git command: "git init ." @@ -12,6 +14,8 @@ creates: /etc/.git/ warn: no register: git_init + tags: + - etc-git - name: Git user.email is configured git_config: @@ -19,6 +23,8 @@ repo: /etc scope: local value: "root@{{ ansible_fqdn | default('localhost') }}" + tags: + - etc-git - name: /etc/.git is secure file: @@ -26,6 +32,8 @@ owner: root mode: "0700" state: directory + tags: + - etc-git - name: /etc/.gitignore is present copy: @@ -33,6 +41,8 @@ dest: /etc/.gitignore owner: root mode: "0600" + tags: + - etc-git - name: does /etc/ have any commit? command: "git log" @@ -43,6 +53,8 @@ failed_when: False register: git_log check_mode: no + tags: + - etc-git - name: initial commit is present? shell: "git add -A . && git commit -m \"Initial commit via Ansible\"" @@ -51,3 +63,5 @@ warn: no register: git_commit when: git_log.rc != 0 or (git_init is defined and git_init.changed) + tags: + - etc-git From 4c36fd075c85e30c13b86447ec91dd673dc654dd Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Mon, 19 Mar 2018 16:47:28 +0100 Subject: [PATCH 44/82] webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined --- CHANGELOG.md | 1 + webapps/evoadmin-web/tasks/main.yml | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f42c9241..b852b93b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ The **patch** part changes incrementally at each release. * mongodb: configuration is forced by default but it's configurable (default: `false`) * nginx: package name can be specified (default: `nginx-full`) * evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues) +* webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined ### Fixed * nginx: fix basic auth for default vhost diff --git a/webapps/evoadmin-web/tasks/main.yml b/webapps/evoadmin-web/tasks/main.yml index 185549aa..00df6cc4 100644 --- a/webapps/evoadmin-web/tasks/main.yml +++ b/webapps/evoadmin-web/tasks/main.yml @@ -1,5 +1,9 @@ --- +- fail: + msg: Please configure var evoadmin_contact_email +when: evoadmin_contact_email is none + - include: packages.yml - include: user.yml @@ -18,4 +22,3 @@ marker: "" block: |

  • Interface admin web (EvoAdmin-web)
    • - From d2207b60e105b4fe98ea6ba5c3038593f7e634ff Mon Sep 17 00:00:00 2001 From: Victor LABORIE Date: Tue, 20 Mar 2018 13:28:20 +0100 Subject: [PATCH 45/82] Add an evolix symlink for prefixed roles * permit to use evolix/role_name with working include_role --- evolix | 1 + 1 file changed, 1 insertion(+) create mode 120000 evolix diff --git a/evolix b/evolix new file mode 120000 index 00000000..945c9b46 --- /dev/null +++ b/evolix @@ -0,0 +1 @@ +. \ No newline at end of file From 521b196ba31760642ae5e0fcec4a1acdd16b7d51 Mon Sep 17 00:00:00 2001 From: Romain Dessort Date: Thu, 22 Mar 2018 15:15:24 -0400 Subject: [PATCH 46/82] memcached: add Nagios check for memcached (evoqa #3498) --- memcached/files/check_memcached.pl | 2547 ++++++++++++++++++++++++++++ memcached/handlers/main.yml | 5 + memcached/tasks/main.yml | 1 + memcached/tasks/nrpe.yml | 26 + 4 files changed, 2579 insertions(+) create mode 100644 memcached/files/check_memcached.pl create mode 100644 memcached/tasks/nrpe.yml diff --git a/memcached/files/check_memcached.pl b/memcached/files/check_memcached.pl new file mode 100644 index 00000000..3c16382a --- /dev/null +++ b/memcached/files/check_memcached.pl @@ -0,0 +1,2547 @@ +#!/usr/bin/perl -w +# +# ============================== SUMMARY ===================================== +# +# Program : check_memcached.pl +# Version : 0.83 +# Date : Mar 23, 2013 +# Author : William Leibzon - william@leibzon.org +# Licence : GPL (main code) summary below and full text at http://www.fsf.org/licenses/gpl.txt +# LGPL (library functions) full text at http://www.fsf.org/licenses/lgpl.txt +# +# =========================== PROGRAM LICENSE ================================= +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +# ===================== INFORMATION ABOUT THIS PLUGIN ========================= +# +# This is Memcached Check plugin. It gets stats variables and allows to set thresholds +# on their value or their rate of change. It can measure response time, calculate +# hitrate, memory utilization and other data. The plugin is based on check_mysqld.pl. +# +# It also returns status variables as perfomance data for further nagios 2.0 +# post-processing, you can find graph templates NagiosGrapher & PNP4Nagios at: +# http://william.leibzon.org/nagios/ +# +# This program is written and maintained by: +# William Leibzon - william(at)leibzon.org +# +# ============================= SETUP NOTES ==================================== +# +# Make sure to install perl Cache::Memcached library from CPAN first. +# +# This plugin checks Memcached and measures response which can be used for +# threshold checks. It also retrieves various statistics data available with +# memcache 'stats' command (what you get when you telnet to the port and +# do 'stats') and allows to set thresholds either on their direct values +# or on rate of change of those variables. Plugin also calculates other useful +# statistics like Hitrate (calculated on rate of change unlike all other plugins +# that do it based on totals for all the time) and Memory Utilization and allows +# to set thresholds on their values. All variables can be returned back as +# performance data for graphing and pnp4nagios template should be available +# with this plugin on the same site you downloaded it from. +# +# For help on what parameters this plugin accepts you can just do +# ./check_memcached.pl --help +# +# 1. Connection Parameters +# +# Plugin currently does not support authentication so the only connection +# parameters are "-H hostname" and "-p port". The default port is 11211 +# and you must specify the hostname (if localhost specify it as -H 127.0.0.1) +# +# 2. Response Time, HitRate, Memory Utilization +# +# To get response time you use "-T" or "--response_time" option. By itself +# it will cause output of respose time at the status line. You can also use +# it as "-T warn,crit" to specify warning and critical thresholds. +# +# To get hitrate the option is "-R" or "--hitrate". If previous performance +# data is not feed to plugin (-P option, see below) the plugin calculates +# it as total hitrate over life of memcached process. If -P is specified +# and previous performance data is feed back, the data is based on real +# hitrate with lifelong info also given in paramphesis. As with -T you +# can specify -R by itself or with thresholds as -R warn,crit +# +# Memory utilization corresponds to what some others call "size". This is +# percent of max memory currently in use. The option is -U or --utilization +# and as you probably guessed can be used by itself or as -U warn,crit +# +# 3. Options for Checking Variables +# +# All status variables from memcached can be checked with the plugin. For some +# status variables separate long option is provided to specify threshold. +# --curr_connections= +# +# You can also specify all variables together with -a (--variables) option. +# For example: +# -a curr_connections,evictions +# When you do above results are included in status output line and you +# are required to specify thresholds with -w or --warn and -c or --crit +# with exactly number of thresholds as a number of variables specified +# in -a. If you simply want variable values on status line without specifying +# any threshold, use ~ in place of threshold value or skip value but specify +# all apropriate commas. For example: +# -a curr_connections,evications -w ~,~ -c ~,~ +# OR -a curr_connections,evications -w , -c , +# +# If you use new syntax with a long option for specific stats variables, you can +# specify settings for how to handle them. With each option you can use one or more +# threshold specifiers: +# NAME: - Overrides name for this variable for use in status and PERF output +# PATTERN: - Regular Expression that allows to match multiple data results +# WARN:threshold - warning alert threshold +# CRIT:threshold - critical alert threshold +# Threshold is a value (usually numeric) which may have the following prefix: +# > - warn if data is above this value (default for numeric values) +# < - warn if data is below this value (must be followed by number) +# = - warn if data is equal to this value (default for non-numeric values) +# ! - warn if data is not equal to this value +# Threshold can also be specified as a range in two forms: +# num1:num2 - warn if data is outside range i.e. if datanum2 +# \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 +# ABSENT:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if data is absent +# ZERO:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if result is 0 +# DISPLAY:YES|NO - Specifies if data should be included in nagios status line output +# PERF:YES|NO - Output in performance data or not (always YES if -F option is used) +# UOM: - Unit Of Measurement symbol to add to perf data - 'c','%','s','B' +# This is used by prorams that graph perf data such as PNP +# +# These can be specified in any order separated by ",". For example: +# --curr_connectins=CRIT:>100,WARN:>50,ABSENT:CRITICAL,ZERO:OK,DISPLAY:YES,PERF:YES +# +# Variables that are not known to plugin and don't have specific long option (or even if +# they do) can be specified using general long option --check or --option or -o +# (all are aliases for same option): +# --check=NAME:curr_connections,CRIT:>100,WARN:>50,ABSENT:CRITICAL,DISPLAY:YES,PERF:YES +# +# Then NAME is used to specify what to match and multiple data vars maybe matched +# with PATTERN regex option (and please only use PATTERN with --check and not confuse +# plugin by using it in a named long option). Either NAME or PATTERN are required. +# Example of using regex to specify thresholds for slabs-specific data is: +# -s misc,malloc,slabs,items \ +# -o "PATTERN:slabs_\d+_chunks_per_page,DISPLAY:NO,PERF:YES,WARN:>5000,CRIT:>20000" +# +# 4. Memcache Statistics Variables and Calculating their Rate of Change +# +# All statistics variables from memcached 'stats' can be checked with the plugin. +# And as some people know there are actually several stats arrays in memcached. +# By default the plugin will get statistics for 'misc' and 'malloc'. You can +# specify a list of statistics array names (corresponding to 'stats name' +# command in memcached) with -s or --stats command. Known arrays are: +# misc, malloc, sizes, maps, cachedump, slabs, items +# And example of trying to retrieve all of them is: +# -s misc,malloc,sizes,maps,cachedump,slabs,items +# However not all of them will have data in your system and arrays like +# sizes provide too much data (how many items stored on each size) +# for standard use. +# +# To see stat variables in plugin status output line and or specify thresholds +# based on their values you would use -a or --variables argument. For example: +# -a curr_connections,evictions +# You must specify same number of warning and critical thresholds with +# -w or --warn and -c or --crit argument as a number of variables specified +# in -a. If you simply want variable values on status without checking their value +# then either use ~ in place of threshold value or nothing at all. For example: +# -a curr_connections,evictions -w ~,~ -c ~,~ +# OR -a curr_connections,evictions -w , -c , +# +# +# If you want to check rate of change rather than actual value you can do this +# by specifying it as '&variable' such as "&total_connections" or "variable_rate" +# which is "total_connections_rate" and is similar to 'curr_connections' variable. +# By default it would be reported in the output as 'variable_rate' though '&variable' +# is a format used internally by plugin. As an alternative you can specify how to +# label these with --rate_label option where you can specify prefix and/or suffix. +# For example '--rate_label=dt_' would have the output being "dt_total_connections' +# where as '---rate_label=,_rate' is plugin default giving 'total_connections_rate'. +# You can use these names with -a and -A such as: +# --rate_label=,_rate -a total_connections_rate -w 1000 -c ~ +# +# Now in order to be able to calculate rate of change, the plugin needs to +# know values of the variables from when it was run the last time. This +# is done by feeding it previous performance data with a -P option. +# In commands.cfg this would be specified as: +# -P "$SERVICEPERFDATA$" +# And don't forget the quotes, in this case they are not just for documentation. +# +# 5. Threshold Specification +# +# The plugin fully supports Nagios plug-in specification for specifying thresholds: +# http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT +# +# And it supports an easier format with the following one-letter prefix modifiers: +# >value : issue alert if data is above this value (default for numeric value) +# $number2 +# @number1:number2 issue alert if data is WITHIN range [number1..number2] +# i.e. alert if data>=$number and $data<=$number2 +# +# The plugin will attempt to check that WARNING values is less than CRITICAL +# (or greater for <). A special prefix modifier '^' can be used to disable these +# checks. A quick example of such special use is '--warn=^<100 --crit=>200' which +# means warning alert if value is < 100 and critical alert if its greater than 200. +# +# 6. Performance Data +# +# Using '-f' option causes values of all variables you specified in -a as +# well as response time from -T, hitrate from -R and memory use from -U +# to go out as performance data for Nagios graphing programs that can use it. +# +# You may also directly specify which variables are to be return as performance data +# with '-A' option. If you use '-A' by itself and not specify any variables or use +# special special value of '*' (as in '-A *') the plugin will output all variables, +# which is really useful for finding what data you can chck with this plugin. +# +# The plugin will output threshold values as part of performance data as specified at +# http://nagiosplug.sourceforge.net/developer-guidelines.html#AEN201 +# And don't worry about using non-standard >,<,=,~ prefixes, all of that would get +# converted into nagios threshold format for performance output +# +# The plugin is smart enough to add 'c' suffix for known COUNTER variables to +# values in performance data. Known variables are specifed in an array you can +# find at the top of the code (further below) and plugin author does not claim +# to have identified all variables correctly. Please email if you find an error +# or want to add more variables. +# +# As noted above performance data is also used to calcualte rate of change +# by feeding it back with -P option. In that regard even if you did not specify +# -f or -A but you have specified &variable, its actual data would be sent out +# in performance output. Additionally last time plugin was run is also in +# performance data as special _ptime variable. +# +# 7. Example of Nagios Config Definitions +# +# A. Sample command and service definitions using -a -c -w options (old style): +# +# define command { +# command_name check_memcached +# command_line $USER1$/check_memcached.pl -H $HOSTADDRESS$ -p $ARG1$ -T $ARG2$ -R $ARG3$ -U $ARG4$ -a curr_connections,evictions -w ~,~ -c ~,~ -f -A 'utilization,hitrate,response_time,curr_connections,evictions,cmd_set,bytes_written,curr_items,uptime,rusage_system,get_hits,total_connections,get_misses,bytes,time,connection_structures,total_items,limit_maxbytes,rusage_user,cmd_get,bytes_read,threads,rusage_user_ms,rusage_system_ms,cas_hits,conn_yields,incr_misses,decr_misses,delete_misses,incr_hits,decr_hits,delete_hits,cas_badval,cas_misses,cmd_flush,listen_disabled_num,accepting_conns,pointer_size,pid' -P "$SERVICEPERFDATA$" +# } +# +# Arguments and thresholds are: +# ARG1 : Port +# ARG2 : Hitrate Threshold. Below it is <60% for warning, <30% for critical +# ARG3 : Response Time Threshold. Below it is >0.1s for WARNING, >0.2s for critical +# ARG4 : Utilization/Size Threshold. Below it is >95% for warning, >98% for critical +# +# define service { +# use prod-service +# service_description Memcached: Port 11212 +# check_command check_memcached!11212!'>0.1,>0.2'!'<60,<30'!'>95,>98' +# hostgroups memcached +# } +# +# B. Command line definition using long option (new style) +# +# define command { +# command_name check_memcached +# command_line $USER1$/check_memcached.pl -H $HOSTADDRESS$ -p $ARG1$ -T $ARG2$ -R $ARG3$ -U $ARG4$ --curr_connections="ZERO:WARNING,DISPLAY:YES,PERF:YES,$ARG5$" --evictions="ZERO:OK,DISPLAY:YES,PERF:YES,$ARG6$" -f -A 'utilization,hitrate,response_time,curr_connections,evictions,cmd_set,bytes_written,curr_items,uptime,rusage_system,get_hits,total_connections,get_misses,bytes,time,connection_structures,total_items,limit_maxbytes,rusage_user,cmd_get,bytes_read,threads,rusage_user_ms,rusage_system_ms,cas_hits,conn_yields,incr_misses,decr_misses,delete_misses,incr_hits,decr_hits,delete_hits,cas_badval,cas_misses,cmd_flush,listen_disabled_num,accepting_conns,pointer_size' -P "$SERVICEPERFDATA$" +# } +# +# define service { +# use prod-service +# service_description Memcached: Port 11212 +# check_command check_memcached!11212!'WARN:>0.1,CRIT:>0.2'!'WARN:<60,CRIT:<30'!'WARN:>95,CRIT:>98'!'WARN:>200,CRIT:>500'!'WARN:>100' +# hostgroups memcached +# } +# +# C. Example of command-line use: +# /usr/lib/nagios/plugins/check_memcached.pl -H localhost -a 'curr_connections,evictions' -w ~,~ -c ~,~ -s misc,malloc,slabs -U -A -R -T -f -v +# +# In above the -v option means "verbose" and with it plugin will output some debugging +# information about what it is doing. The option is not intended to be used when plugin +# is called from nagios itself. +# +# ======================= VERSION HISTORY and TODO ================================ +# +# The plugins is written by reusing code my check_mysqld.pl which similarly to +# this plugin allows to get STATUS variables and use these for nagios tests. +# check_mysqld.pl has history going back to 2004. +# +# [0.5 - Mar 2012] First version of the code based on check_mysqld.pl 0.93 +# This is being released as 0.5 because its coming from +# a very mature code of check_mysqld and has a lot of options +# If there are no major issues found with this plugin, next +# version will be 1.0 +# +# [0.6 - Apr 2012] Added support for re-using old performance data to calculate +# rate of change for certain variables. This also changes how +# hitrate is calcualted as now if previous performance data +# is available, hitrate would be #misses/#total from last check +# rather than #misses/#total from start of statistics. +# [0.61 - Apr 2012] Documentation fixes and small bugs +# [0.62 - May 2012] Cache::Memcached library has bugs and not always provided hash of +# array with results for each statistics just giving raw memcached +# data. This effected 'items' and 'slabs' statistics and maybe others. +# Plugin can now handle parsing such data into separate variables. +# [0.63 - Jun 10 2012] Documentation fixes. +# Default rate variable name changed from &Delta_variable to +# variable_rate to be in sync with check_redis.pl. One of the reasons +# is that in the future I'll plan to add variables that are real +# delta i.e new_value-old_value and not (new_value-old_value)/time +# Also I've decided that specifying prefix & suffix or rate label +# variables will not be one-letter option and only long-name option +# As such -L option has been depreciated. I'm doing it all early +# because only few currently use this and its not too late to change +# [0.64 - Jun 16, 2012] Added support to specify filename to '-v' option +# for debug output and '--debug' as alias to '--verbose' +# +# [0.7 - July 18, 2012] Rewrote parts of thresholds checking code and moved code +# that checks and parses thresholds from main into separate +# functions that are to become part of plugin library. +# Added support for variable thresholds specified as: +# option=WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL,ZERO:.. +# which are to be used for stats-variable based long options such as +# --connected_clients=WARN:threshold,CRIT:threshold +# and added DISPLAY:YES|NO and PERF specifiers for above too. +# [0.71 - Aug 18, 2012] Fixed bug with hitrate perf output reported perf by daryl herzman +# +# [0.8 - Aug 28, 2012] A lot of internal rewrites in the library. Its now not just a +# a set of functions, but a proper object library with internal +# variables hidden from outside. Support has also been added for +# regex matching with PATTERN specifier and for generalized +# --check option that can be used where specific long option is +# not available. For use with that option also added UOM specifier. +# [0.81 - Sep 04, 2012] Fix bug in the library on handling absent data +# [0.82 - Nov 16, 2012] Bug fix in memory utilization, noticed and fixed by Herman van Rink +# [0.83 - Mar 23, 2013] Buf fix in parse_threshold function of the embedded library +# +# 1. Library Enhancements (will apply to multiple plugins that share common code) +# (a) Add '--extra-opts' to allow to read options from a file as specified +# at http://nagiosplugins.org/extra-opts. This is TODO for all my plugins +# (b) [DONE] +# In plans are to allow long options to specify thresholds for known variables. +# These would mean you specify '--connected_clients' in similar way to '--hitrate' +# Internally these would be convered into -A, -w, -c as appropriate an used +# together with these options. So in practice it will now allow to get any data +# just a different way to specify options for this plugin. +# (c) Allow regex when selecting variable name(s) with -a, this will be enabled with +# a special option and not be default +# [DONE] +# +# 2. Memcache Specific +# (a) Support SASL Authentication +# (b) There has been a request to allow to specify threshold checks both for each slab +# (which is possible to do now starting with 0.62 version of the plugin) and for +# all slabs as well. This applies to "items" and "slabs" statistics and will probably +# be implimented by allowing regex checks in place of specific variable name. +# [DONE] +# +# Others are welcome recommand a new feature to be added here. If so please email to +# william@leibzon.org. +# And don't worry, I'm not a company with some hidden agenda to use your idea +# but an actual person who you can easily get hold of by email, find on forums +# and on Nagios conferences. More info on my nagios work is at: +# http://william.leibzon.org/nagios/ +# Above site should also have PNP4Nagios template for this and other plugins. +# +# ============================ START OF PROGRAM CODE ============================= + +use strict; +use IO::Socket; +use Time::HiRes; +use Text::ParseWords; +use Cache::Memcached; +use Getopt::Long qw(:config no_ignore_case); + +# default hostname, port, database, user and password, see NOTES above +my $HOSTNAME= 'localhost'; +my $PORT= 11211; + +# Add path to additional libraries if necessary +use lib '/usr/lib/nagios/plugins'; +our $TIMEOUT; +our %ERRORS; +eval 'use utils qw(%ERRORS $TIMEOUT)'; +if ($@) { + $TIMEOUT = 20; + %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); +} + +my $Version='0.83'; + +# This is a list of known statistics variables (plus few variables added by plugin), +# used in order to designate COUNTER variables with 'c' in perfout for graphing programs +my %KNOWN_STATUS_VARS = ( + 'version' => [ 'misc', 'VERSION', '' ], # memcached version + 'utilization' => [ 'calculated', 'GAUGE', '%' ], # calculated by plugin + 'hitrate' => [ 'calculated', 'GAUGE', '%' ], # calculated by plugin + 'response_time' => [ 'time_measure', 'GAUGE', 's' ], # measured by plugin + 'curr_connections' => [ 'misc', 'GAUGE', '', "Number of Current Connections" ], + 'evictions' => [ 'misc', 'COUNTER', 'c', "Total Number of Evictions from Start" ], + 'reclaimed' => [ 'misc', 'COUNTER', 'c', "Total Number of Reclaimed Entries from Start" ], + 'bytes' => [ 'misc', 'GAUGE', 'B', "Amount of Data Stored in Bytes" ], + 'connection_structures' => [ 'misc', 'GAUGE', '', "Number of Connection Structures" ], + 'time' => [ 'misc', 'COUNTER', 's' ], + 'total_items' => [ 'misc', 'COUNTER', 'c', "Total Items Stored from Start" ], + 'cmd_set' => [ 'misc', 'COUNTER', 'c' ], + 'bytes_written' => [ 'misc', 'COUNTER', 'c', "Total Number of Bytes Written to Cache" ], + 'curr_items' => [ 'misc', 'GAUGE', '', "Number of Items Currently Stored" ], + 'limit_maxbytes' => [ 'misc', 'GAUGE', 'B', "Maximum memory available for storage" ], + 'uptime' => [ 'misc', 'COUNTER', 's', "Uptime in Seconds" ], + 'rusage_user' => [ 'misc', 'COUNTER', 's' ], + 'cmd_get' => [ 'misc', 'COUNTER', 'c', "Total Number of Get Commands from Start" ], + 'rusage_system' => [ 'misc', 'COUNTER', 's' ], + 'get_hits' => [ 'misc', 'COUNTER', 'c', "Total Number of Hits from Start" ], + 'bytes_read' => [ 'misc', 'COUNTER', 'c', "Total Number of Bytes Read from Cache" ], + 'threads' => [ 'misc', 'GAUGE', '', "Number of running Threads" ], + 'rusage_user_ms' => [ 'misc', 'COUNTER', 'c' ], # this is round(rusage_user*1000) + 'rusage_system_ms' => [ 'misc', 'COUNTER', 'c' ], # this is round(rusage_system*1000) + 'total_connections' => [ 'misc', 'COUNTER', 'c', "Number of Connections made from Start" ], + 'get_misses' => [ 'misc', 'COUNTER', 'c', "Total Misses from Start" ], + 'total_free' => [ 'malloc', 'GAUGE', 'B', "Amount of Free Memory in bytes" ], + 'releasable_space' => [ 'malloc', 'GAUGE', 'B' ], + 'free_chunks' => [ 'malloc', 'GAUGE', '' ], + 'fastbin_blocks' => [ 'malloc', 'GAUGE', '' ], + 'arena_size' => [ 'misc', 'GAUGE', '' ], + 'total_alloc' => [ 'malloc', 'GAUGE', 'B' ], + 'max_total_alloc' => [ 'malloc', 'GAUGE', '' ], + 'mmapped_regions' => [ 'malloc', 'GAUGE', '' ], + 'mmapped_space' => [ 'malloc', 'GAUGE', '' ], + 'fastbin_space' => [ 'malloc', 'GAUGE', '' ], + 'auth_cmds' => [ 'misc', 'COUNTER', 'c', "Total Number of Auth Commands from Start" ], + 'auth_errors' => [ 'misc', 'COUNTER', 'c', "Total Number of Auth Errors from Start" ], + 'pid' => [ 'misc', 'STATUSINFO', '' ], + ); + +# Here you can also specify which variables should go into perf data, +# For right now it is 'GAUGE', 'COUNTER', 'DATA' (but not 'TEXTDATA'), and 'BOOLEAN' +# you may want to remove BOOLEAN if you don't want too much data +my $PERF_OK_STATUS_REGEX = 'GAUGE|COUNTER|^DATA$|BOOLEAN'; + +# ============= MAIN PROGRAM CODE - DO NOT MODIFY BELOW THIS LINE ============== + +my $o_host= undef; # hostname +my $o_port= undef; # port +my $o_help= undef; # help option +my $o_verb= undef; # verbose mode +my $o_version= undef; # version info option +my $o_variables=undef; # list of variables for warn and critical +my $o_perfvars= undef; # list of variables to include in perfomance data +my $o_warn= undef; # warning level option +my $o_crit= undef; # Critical level option +my $o_perf= undef; # Performance data option +my @o_check= (); # General check option that maybe repeated more than once +my $o_timeout= undef; # Timeout to use - note that normally timeout is take from nagios anyway +my $o_mdsopt= undef; # Stat List to get data for +my @o_mdslist= ('misc','malloc'); # Default List, if -S option is entered, this is replaced +my $o_timecheck=undef; # threshold spec for connection time +my $o_hitrate= undef; # threshold spec for hitrate% +my $o_utilsize= undef; # threshold spec for utilization% +my $o_prevperf= undef; # performance data given with $SERVICEPERFDATA$ macro +my $o_prevtime= undef; # previous time plugin was run $LASTSERVICECHECK$ macro +my $o_ratelabel=undef; # prefix and suffix for creating rate variables +my $o_rsuffix='_rate'; # default rate variable name suffix +my $o_rprefix=""; + +## Additional global variables +my $memd= undef; # DB connection object + +sub p_version { print "check_memcached.pl version : $Version\n"; } + +sub print_usage_line { + print "Usage: $0 [-v [debugfilename]] -H [-p ] [-s ] [-a -w -c ] [-A ] [-T [contime_warn,contime_crit]] [-R [hitrate_warn,hitrate_crit]] [-U [utilization_size_warn,utilization_size_crit]] [-f] [-T ] [-V] [-P ] [-o ]\n"; +} + +sub print_usage { + print_usage_line(); + print "For more details on options do: $0 --help\n"; +} + +sub help { + my $nlib = shift; + + print "Memcache Check for Nagios version ",$Version,"\n"; + print " by William Leibzon - william(at)leibzon.org\n\n"; + print "This is memcache monitoring plugin, it lets you do threshold checks on status variables\n"; + print "and returns performance data for graphing and further processing. The plugin also measures\n"; + print "access time and calculates hitrate and memory utilization\n\n"; + print_usage_line(); + print < + This allows to list stat arrays that would be queried (separated by ','). + Supported memcache statistics array are: + misc, malloc, sizes, maps, cachedump, slabs, items + If this option is not specified, the plugin will check only 'misc' and 'malloc' + -V, --version + Prints version number + +Variables and Thresholds Set as List: + -a, --variables=STRING[,STRING[,STRING...]] + List of variables from memcache statistics data to do threshold checks on. + The default (if option is not used) is not to monitor any variable. + The variable name should be prefixed with '&' to check its rate of + change over time rather than actual value. + -w, --warn=STR[,STR[,STR[..]]] + This option can only be used if '--variables' (or '-a') option above + is used and number of values listed here must exactly match number + of variables specified with '-a'. The values specify warning threshold + for when Nagios should send WARNING alert. These values are usually + numbers and can have the following prefix modifiers: + > - warn if data is above this value (default for numeric values) + < - warn if data is below this value (must be followed by number) + = - warn if data is equal to this value (default for non-numeric values) + ! - warn if data is not equal to this value + ~ - do not check this data (must not be followed by number or ':') + ^ - for numeric values this disables check that warning < critical + Threshold values can also be specified as range in two forms: + num1:num2 - warn if data is outside range i.e. if datanum2 + \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 + -c, --crit=STR[,STR[,STR[..]]] + This option can only be used if '--variables' (or '-a') option above + is used and number of values listed here must exactly match number of + variables specified with '-a'. The values specify critical threshold + for when Nagios should send CRITICAL alert. The format is exactly same + as with -w option except no '^' prefix. + +Performance Data Processing Options: + -f, --perfparse + This should only be used with '-a' and causes variable data not only as part of + main status line but also as perfparse compatible output (for graphing, etc). + -A, --perfvars=[STRING[,STRING[,STRING...]]] + This allows to list variables which values will go only into perfparse + output (and not for threshold checking). The option by itself (emply value) + is same as a special value '*' and specify to output all variables. + -P, --prev_perfdata + Previous performance data (normally put '-P \$SERVICEPERFDATA\$' in nagios + command definition). This is used to calculate rate of change for counter + statistics variables and for proper calculation of hitrate. + --rate_label=[PREFIX_STRING[,SUFFIX_STRING]] + Prefix or Suffix label used to create a new variable which has rate of change + of another base variable. You can specify PREFIX or SUFFIX or both. Default + if not specified is '_rate' suffix string i.e. --rate_label=,_rate + +General Check Option (all 3 forms equivalent, can be repated more than once): + -o , --option=, --check= + where specifiers are separated by , and must include NAME or PATTERN: + NAME: - Default name for this variable as you'd have specified with -v + PATTERN: - Regular Expression that allows to match multiple data results + WARN:threshold - warning alert threshold + CRIT:threshold - critical alert threshold + Threshold is a value (usually numeric) which may have the following prefix: + > - warn if data is above this value (default for numeric values) + < - warn if data is below this value (must be followed by number) + = - warn if data is equal to this value (default for non-numeric values) + ! - warn if data is not equal to this value + Threshold can also be specified as a range in two forms: + num1:num2 - warn if data is outside range i.e. if datanum2 + \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 + ABSENT:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if data is absent + ZERO:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if result is 0 + DISPLAY:YES|NO - Specifies if data should be included in nagios status line output + PERF:YES|NO - Output results as performance data or not (always YES if asked for rate) + UOM: - Unit Of Measurement symbol to add to perf data - 'c','%','s','B' + +Measured/Calculated Data: + -T, --response_time=[WARN,CRIT] + If this is used as just -T the plugin will measure and output connection + response time in seconds. With -f this would also be provided on perf variables. + You can also specify values for this parameter, these are interprted as + WARNING and CRITICAL thresholds (separated by ','). + -R, --hitrate=[WARN,CRIT] + Calculates Hitrate %: cache_miss/(cache_hits+cache_miss). If this is used + as just -R then this info just goes to output line. With '-R -f' these + go as performance data. You can also specify values for this parameter, + these are interprted as WARNING and CRITICAL thresholds (separated by ','). + The format for WARN and CRIT is same as what you would use in -w and -c. + -U, --utilization=[WARN,CRIT] + This calculates percent of space in use, which is bytes/limit_maxbytes + In some other places this is called size, but since this plugin can + actually get objects of different size, utilization is more appropriate. + If you specify -U by itself, the plugin will just output this info, + with '-f' it will also include it in performance data. You can also specify + parameter value which are interpreted as WARNING and CRITICAL thresholds. + +EOT + + if (defined($nlib) && $nlib->{'enable_long_options'} == 1) { + my $long_opt_help = $nlib->additional_options_help(); + if ($long_opt_help) { + print "Stats Variable Options (this is alternative to specifying them as list with -a):\n"; + print $long_opt_help; + print "\n"; + } + } +} + +############################ START OF THE LIBRARY FUNCTIONS ##################################### +# +# THIS IS WORK IN PROGRESS, THE LIBRARY HAS NOT BEEN RELEASED YET AND INTERFACES MAY CHANGE +# +# ====================================== SUMMARY ================================================ +# +# Name : Naglio Perl Library For Developing Nagios Plugins +# Version : 0.2 +# Date : Aug 28, 2012 +# Author : William Leibzon - william@leibzon.org +# Licence : LGPL - full text at http://www.fsf.org/licenses/lgpl.txt +# +# ============================= LIBRARY HISTORY AND VERSIONS ==================================== +# +# Note: you may safely skip this section if you're looking at documentation about this library or plugin +# +# [2006-2008] The history of this library goes back to plugins such as check_snmp_temperature.pl, +# check_mysqld,pl and others released as early as 2006 with common functions to +# support prefixes "<,>,=,!" for specifying thresholds and checking data against +# these thresholds. Several of my plugins had common architecture supporting multiple +# variables or attributes to be checked using -a/--attributes/--variables option and +# --warn and --crit options with list of thresholds for these attributes and --perfvars +# specifying variables whose data would only go as PERFOUT for graphing. +# +# [2008-2011] Threshold parsing and check code had been rewritten and support added for specifying +# range per plugin guidelines: http://nagiosplug.sourceforge.net/developer-guidelines.html +# Internal structures had been changing and becoming more complex to various cases. +# In 2010-2012 plugins started to get support for ;warn;crit output of thresholds in perf, +# as specified in the guidelines. +# +# [Early 2012] Code from check_memcached had been used as a base for check_memcached and then +# check_redis plugins with some of the latest threshold code from check_netstat +# with more updates. Starting with check_redis the code from check_options() and +# from main part of plugin that was very similar across my plugins were separated +# into their own functions. KNOWN_STATS_VARS array was introduced as well to be +# able to properly add UOM symbol ('c', '%', 's', 'ms', 'B', 'KB') to perfout. +# check_memcached and check_redis also included support for calculating rate of +# variables in a similar way to how its been done in check_snmp_netint +# +# [0.1 - July 17, 2012] In 0.6 release of check_redis.pl support had been added for long options +# with special threshold line syntax: +# --option=WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN,DISPLAY:YES|NO,PERF:YES|NO +# This was extension from just doing --option=WARN,CRIT to have a more universal +# and extendable way to specify and alike parameters for checking. check_redis 0.6 +# also introduced support automatically adding long options with above syntax based +# on description in KNOWN_STATS_VARS. The functions for the library were all separated +# into their own section of the code. When inported to check_memcached global variables +# were added to that section and accessor functions written for some of them. +# This is considered 0.1 version of the library +# +# [0.2 - Aug 28, 2012] In August the library code in check_memcached had been re-written from +# just functions to object-oriented perl interface. All variables were hidden from +# direct access with accessor functions written. Documentation header had been added +# to each library function and the header for the library itself. This was major work +# taking over a week to do although functions and mainly sllllame as in 0.1. They are +# not stabilized and so library is only to be included within plugins. Support was +# also added for regex matching with PATTERN option spec. Also added NAME spec. +# License changed to LGPL from GPL for this code. +# [0.21 - Sep 3, 2012] Fix bug in handling absent data +# [0.22 - Mar 23, 2013] Fix bug in parse_threshold functon +# +# ================================== LIBRARY TODO ================================================= +# +# (a) Add library function to support '--extra-opts' to read plugin options from a file +# This is being to be compatible with http://nagiosplugins.org/extra-opts +# (b) Support regex matching and allowing multiple data for same threshold definition. +# [DONE] +# (c) Support for expressions in places of numeric values for thresholds. The idea is to allow +# to refer to another variable or to special macro. I know at least one person has extended +# my check_mysqld to support using mysql variables (not same as status data) for thresholds. +# I also previouslyhad planned such support with experimental check_snmp_attributes plugin +# library/base. The idea was also floated around on nagios-devel list. +# (d) Support specifying variables as expressions. This is straight out of check_snmp_atributes +# and maybe part of it can be reused for this +# (e) Add common SNMP functions into library as so many of my plugins use it# +# (f) Add more functions to make this library easier to use and stabilize its interfaces. +# Port my plugins to this library. +# (f) Add support for functions in Nagios-Plugins perl library. While its interfaces are +# different, I believe, it'd be possible to add "shim" code to support them too. +# (h) Write proper Perl-style documentation as well as web documentation (much of above maybe +# moved to web documentation) and move library to separate GITHUB project. Release it. +# (i) Port this library to Python and write one or two example plugins +# +# ================================================================================================ +{ +package Naglio; +use fields qw(); +use Text::ParseWords; + +my %ERRORS = ('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4); +my $DEFAULT_PERF_OK_STATUS_REGEX = 'GAUGE|COUNTER|^DATA$|BOOLEAN'; + +# @DESCRIPTION : Library object constructor +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : Hash array of named config settings. All parameters are optiona. Currently supported are: +# plugin_name => string - short name of the plugin +# plugin_description => string - plugin longer description +# plugin_authors => string - list of plugin authors +# knownStatsVars => reference to hash - hash array defining known variables, what type they are, their description +# usage_function => &ref - function that would display helpful text in case of error with options for this plugin +# verbose => 1 or "" or "filename" - set to 1 or "" if verbose/debug or to filename to send data to (may not be called "0" or "1") +# output_comparison_symbols => 0 or 1 - 1 means library output in case threshold is met can use "<", ">", "=" +# 0 means output is something like "less than or equal", "more than", etc. +# all_variables_perf => 0 or 1 - 1 means data for all variables would go to PERF. This is what '-A *' or just -A do +# enable_long_options => 0 or 1 - 1 enables long options generated based on knownStatsVars. This is automatically enabled (from 0 +# to 1) when plugin references additional_options_list() unless this is set to -1 at library init +# enable_rate_of_change => 0 or 1 - enables support for calculating rate of change based on previously saved data, default is 1 +# enable_regex_match => 0 or 1 - when set to 1 each threshold-specified var name is treated as regex and can match +# to multiple collected data. this can also be enabled per-variable with PATTERN spec +# @RETURNS : Reference representing object instance of this library +# @PRIVACY & USE : PUBLIC, To be used when initializing the library +sub lib_init { + my $invocant = shift; + my $class = ref($invocant) || $invocant; + my %other_args = @_; + + # These used to be global variables, now these are object local variables in self with accessor + my @allVars = (); # all variables after options processing + my @perfVars = (); # performance variables list [renamed from @o_perfVarsL in earlier code] + my %thresholds=(); # hash array of thresholds for above variables, [this replaced @o_warnL and @o_critL in earlier code] + my %dataresults= (); # This is where data is loaded. It is a hash with variable names as keys and array array for value: + # $dataresults{$var}[0] - undef of value of this variable + # $dataresults{$var}[1] - 0 if variable not printed out to status line yet, 1 or more otherwise + # $dataresults{$var}[2] - 0 if variable data not yet put into PERF output, -1 if PERF output is preset, 1 after output + # $dataresults{$var}[3] - string, '' to start with, holds ready performance data output for this variable + # $dataresults{$var}[4] - only for regex matches. name of match var (which should be key in thresholds), otherwise undef + my %dataVars = (); # keys are variables from allVars and perfVars, values is array of data that matched i.e. keys in dataresults + my @ar_warnLv = (); # used during options processing + my @ar_critLv = (); # used during options processing + my @ar_varsL= (); # used during options processing + my @prev_time= (); # timestamps if more then one set of previois performance data + + my $self = { # library and nagios versions + _NaglioLibraryVersion => 0.2, # this library's version + _NagiosVersion => 3, # assume nagios core 3.x unless known otherwise + # library internal data structures + _allVars => \@allVars, + _perfVars => \@perfVars, + _thresholds => \%thresholds, + _dataresults => \%dataresults, + _datavars => \%dataVars, + _ar_warnLv => \@ar_warnLv, + _ar_critLv => \@ar_critLv, + _ar_varsL => \@ar_varsL, + _prevTime => \@prev_time, + _prevPerf => {}, # array that is populated with previous performance data + _checkTime => undef, # time when data was last checked + _statuscode => "OK", # final status code + _statusinfo => "", # if there is an error, this has human info about what it is + _statusdata => "", # if there is no error but we want some data in status line, this var gets it + _perfdata => "", # this variable collects performance data line + _saveddata => "", # collects saved data (for next plugin re-run, not implimented yet) + _init_args => \%other_args, + # copy of data from plugin option variables + o_variables => undef, # List of variables for warn and critical checks + o_crit => undef, # Comma-separated list of critical thresholds for each checked variable + o_warn => undef, # Comma-separated list of warning thresholds for each checked variable + o_perf => undef, # defined or undef. perf option means all data from variables also goes as PERFDATA + o_perfvars => undef, # List of variables only for PERFDATA + o_prevperf => undef, # previously saved performance data coming from $SERVICEPERFDATA$ macro + # library special input variables (similar to options) + o_rprefix => '', # prefix used to distinguish rate variables + o_rsuffix => '_rate', # suffix used to distinguish rate variables + knownStatusVars => {}, # Special HASH ARRAY with names and description of known variables + perfOKStatusRegex => $DEFAULT_PERF_OK_STATUS_REGEX, + verbose => 0, # verbose, same as debug, same as o_verb + plugin_name => '', # next 3 parameters are variables are currently not used + plugin_description => '', # but its still better if these are provided + plugin_authors => '', # in the future these maybe used for help & usage functions + # library setting variables + debug_file => "", # instead of setting file name in verbose, can also set it here + output_comparison_symbols => 1, # should plugin output >,<.=,! for threshold match + # if 0, it will say it in human form, i.e. "less" + all_variables_perf => 0, # should we all variables go to PERF (even those not listed in o_variables and o_perfvars) + # this is the option set to 1 when --perfvars '*' is used + enable_long_options => 0, # enable support for long options generated based on knownStatusVars description + enable_rate_of_change => 1, # enables support for calculatin rate of chane and for rate of change long options + enable_regex_match => 0, # 0 is not enabled, 1 means variables in o_variables and o_perfvars are considered regex to match actual data + # a value of 2 means its enabled, but for options with PATTERN specifier (this is not configurale value) + }; + + # bless to create an object + bless $self, $class; + + # deal with arguments that maybe passed to library when initalizing + if (exists($other_args{'KNOWN_STATUS_VARS'})) { + $self->{'knownStatusVars'} = $other_args{'KNOWN_STATUS_VARS'}; + } + $self->{'plugin_name'} = $other_args{'plugin_name'} if exists($other_args{'plugin_name'}); + $self->{'plugin_description'} = $other_args{'plugin_description'} if exists($other_args{'plugin_description'}); + $self->{'plugin_authors'} = $other_args{'plugin_authors'} if exists($other_args{'plugin_authors'}); + $self->{'usage_function'} = $other_args{'usage_gunction'} if exists($other_args{'usage_function'}); + $self->configure(%other_args); + + # return self object + return $self; +} + +# This is just an alias for object constructor lib_init function +sub new { + return lib_init(@_); +} + +# @DESCRIPTION : Allows to confiure some settings after initialization (all these can also be done as part of lib_init) +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : Hash array of named config settings. All parameters are optiona. Currently supported are: +# verbose => 1 or "" or "filename" - set to 1 or "" if verbose/debug or to filename to send data to (may not be called "0" or "1") +# output_comparison_symbols => 0 or 1 - 1 means library output in case threshold is met can use "<", ">", "=" +# 0 means output is something like "less than or equal", "more than", etc. +# all_variables_perf => 0 or 1 - 1 means data for all variables would go to PERF. This is what '-A *' or just -A do +# enable_long_options => 0 or 1 - 1 enables long options generated based on knownStatsVars. This is automatically enabled (from 0 +# to 1) when plugin references additional_options_list() unless this is set to -1 at library init +# enable_rate_of_change => 0 or 1 - enables support for calculating rate of change based on previously saved data, default is 1 +# enable_regex_match => 0 or 1 - when set to 1 each threshold-specified var name is treated as regex and can match +# to multiple collected data. this can also be enabled per-variable with PATTERN spec +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function. +sub configure { + my $self = shift; + my %args = @_; + + if (exists($args{'verbose'}) || exists($args{'debug'})) { + $self->{'verbose'} = 1; + if (exists($args{'verbose'}) && $args{'verbose'}) { + $self->{'debug_file'} = $args{'verbose'}; + } + if (exists($args{'debug_log_filename'})) { + $self->{'debug_file'} = $args{'debug_log_filename'}; + } + } + $self->{'all_variables_perf'} = $args{'all_variables_perf'} if exists($args{'all_variables_perf'}); + $self->{'enable_long_options'} = $args{'enable_long_options'} if exists($args{'enable_long_options'}); + $self->{'enable_rate_of_change'} = $args{'enable_rate_of_change'} if exists($args{'enable_rate_of_change'}); + $self->{'enable_regex_match'} = 1 if exists($args{'enable_regex_match'}) && $args{'enable_regex_match'}!=0; + $self->{'output_comparison_symbols'} = $args{'output_comparison_symbols'} if exists($args{'output_comparison_symbols'}); +} + +# @DESCRIPTION : Allows functions to take be used both directly and as object referenced functions +# In the 2nd case they get $self as 1st argument, in 1st they don't. this just adds +# $self if its if its not there so their argument list is known. +# Functions that allow both should still check if $self is defined +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : arbitrary list of arguments +# @RETURNS : arbitrary list of arguments with 1st being object hash or undef +# @PRIVACY & USE : PRIVATE +sub _self_args { + return @_ if ref($_[0]) && exists($_[0]->{'_NaglioLibraryVersion'}); + unshift @_,undef; + return @_; +} + +# @DESCRIPTION : Sets function to be called to display help text on using plugin in case of error +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : reference to usage function +# @RETURNS : nothing +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function : +sub set_usage_function { + my ($self, $usage_function) = @_; + $self->{'usage_function'} = $usage_function; +} + +# @DESCRIPTION : Usage function. For right now it just calls usage function given as a parameter +# In the future if it is not available, it'll print something standard. +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : nothing +# @PRIVACY & USE : PUBLIC, But primary for internal use. Must be used as an object instance function. +sub usage { + my $self = shift; + if (defined($self) && defined($self->{'usage_function'})) { &{$self->{'usage_function'}}(); } +} + +# @DESCRIPTION : This function converts uptime in seconds to nice & short output format +# @LAST_CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - uptime in seconds +# @RETURNS : string of uptime for human consumption +# @PRIVACY & USE : PUBLIC, Maybe used directly or as object instance function : +sub uptime_info { + my ($self,$uptime_seconds) = _self_args(@_); + my $upinfo = ""; + my ($secs,$mins,$hrs,$days) = (undef,undef,undef,undef); + + sub div_mod { return int( $_[0]/$_[1]) , ($_[0] % $_[1]); } + + ($mins,$secs) = div_mod($uptime_seconds,60); + ($hrs,$mins) = div_mod($mins,60); + ($days,$hrs) = div_mod($hrs,24); + $upinfo .= "$days days" if $days>0; + $upinfo .= (($upinfo ne '')?' ':'').$hrs." hours" if $hrs>0; + $upinfo .= (($upinfo ne '')?' ':'').$mins." minutes" if $mins>0 && ($days==0 || $hrs==0); + $upinfo .= (($upinfo ne '')?' ':'').$secs." seconds" if $secs>0 && $days==0 && $hrs==0; + return $upinfo; +} + +# @DESCRIPTION : If debug / verbose option is set, function prints its input out or to debug file +# @LAST_CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - string of debug text +# @RETURNS : nothing +# @PRIVACY & USE : PUBLIC, Maybe used directly or as object instance function +sub verb { + my ($self,$in) = _self_args(@_); + my $debug_file_name = ""; + + if (defined($o_verb) || (defined($self) && defined($self->{'verbose'}) && $self->{'verbose'} ne 0)) { + $debug_file_name = $self->{'debug_file'} if defined($self) && $self->{'debug_file'} ne ""; + $debug_file_name = $self->{'verbose'} if $debug_file_name ne "" && defined($self) && + ($self->{'verbose'} ne 0 && $self->{'verbose'} ne 1 && $self->{'verbose'} ne ''); + $debug_file_name = $o_verb if $debug_file_name ne "" && defined($o_verb) && $o_verb ne ""; + if ($debug_file_name ne "") { + if (!open (DEBUGFILE, ">>$debug_file_name")) { + print $in, "\n"; + } + else { + print DEBUGFILE $in,"\n"; + close DEBUGFILE; + } + } + else { + print $in, "\n"; + } + } +} + +# @DESCRIPTION : Check of string is a a number supporting integers, negative, decimal floats +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - string of text to be checked +# @RETURNS : 1 if its a number, 0 if its not a number +# @PRIVACY & USE : PUBLIC, To be used statically and not as an object instance reference +sub isnum { + my $num = shift; + if (defined($num) && $num =~ /^[-|+]?((\d+\.?\d*)|(^\.\d+))$/ ) { return 1 ;} + return 0; +} + +# @DESCRIPTION : Check of string is a a number supporting integers, negative, decimal floats +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - string of text to be checked +# @RETURNS : 1 if its a number, 0 if its not a number +# @PRIVACY & USE : PUBLIC, To be used statically and not as an object instance function +sub trim { + my $string = shift; + $string =~ s/^\s+//; + $string =~ s/\s+$//; + return $string; +} + +# @DESCRIPTION : Takes as input string from PERF or SAVED data from previous plugin invocation +# which should contain space-separated list of var=data pairs. The string is +# parsed and it returns back hash array of var=>data pairs. +# - Function written in 2007 for check_snmp_netint, first release 06/01/07 +# - Modified to use quotewords as suggested by Nicholas Scott, release of 05/20/12 +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : ARG1 - string of text passed from SERVICEPERFDATA OR SERVICESAVEDDATA MACRO +# @RETURNS : hash array (see description) +# @PRIVACY & USE : PUBLIC, Maybe used directly or as object instance function +# TODO: double-check this works when there are no single quotes as check_snmp_netint always did quotes +sub process_perf { + my ($self,$in) = _self_args(@_); + my %pdh; + my ($nm,$dt); + use Text::ParseWords; + foreach (quotewords('\s+',1,$in)) { + if (/(.*)=(.*)/) { + ($nm,$dt)=($1,$2); + if (defined($self)) { $self->verb("prev_perf: $nm = $dt"); } + else { verb("prev_perf: $nm = $dt"); } + # in some of my plugins time_ is to profile execution time for part of plugin + # $pdh{$nm}=$dt if $nm !~ /^time_/; + $pdh{$nm}=$dt; + $pdh{$nm}=$1 if $dt =~ /(\d+)[csB%]/; # 'c' or 's' or B or % maybe have been added + # support for more than one set of previously cached performance data + # push @prev_time,$1 if $nm =~ /.*\.(\d+)/ && (!defined($prev_time[0]) || $prev_time[0] ne $1); + } + } + return %pdh; +} + +# @DESCRIPTION : Converts variables with white-spaces with per-name enclosed with '' +# @LAST CHANGED : 08-24-12 by WL +# @INPUT : ARG1 - varible name +# @RETURNS : name for perf-out output +# @PRIVACY & USE : PUBLIC, but its use should be limited. To be used statically and not as an object instance function +sub perf_name { + my $in = shift; + my $out = $in; + $out =~ s/'\/\(\)/_/g; #' get rid of special characters in performance description name + if ($in !~ /\s/ && $in eq $out) { + return $in; + } + return "'".$out."'"; +} + +# @DESCRIPTION : Determines appropriate output name (for STATUS and PERF) taking into account +# rate variales prefix/suffix and 'NAME' override in long thresholds line specification +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - variable name (variable as found in dataresults) +# @RETURNS : name for output +# @PRIVACY & USE : PUBLIC, but its use should be limited. To be as an object instance function, +sub out_name { + my ($self,$dname) = @_; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self-> {'_dataresults'}; + my $vr = $self->data2varname($dname,1); + my $name_out; + + if (defined($vr) && exists($thresholds->{$vr}{'NAME'})) { + if (exists($thresholds->{$vr}{'PATTERN'}) || $self->{'enable_regex_match'} == 1) { + $thresholds->{$vr}{'NAMES_INDEX'} = {} if !exists($thresholds->{$vr}{'NAMES_INDEX'}); + if (!exists($thresholds->{$vr}{'NAMES_INDEX'}{$dname})) { + my $ncount = scalar(keys %{$thresholds->{$vr}{'NAMES_INDEX'}}); + $ncount++; + $thresholds->{$vr}{'NAMES_INDEX'}{$dname} = $ncount; + } + $name_out = $thresholds->{$vr}{'NAME'} .'_'. $thresholds->{$vr}{'NAMES_INDEX'}{$dname}; + } + else { + $name_out = $thresholds->{$vr}{'NAME'}; + } + } + else { + # this is for output of rate variables which name internally start with & + if ($dname =~ /^&(.*)/) { + $name_out = $self->{'o_rprefix'}.$1.$self->{'o_rsuffix'}; + } + else { + $name_out = $dname; + } + } + return $name_out; +} + +# @DESCRIPTION : Builds statusline. Adds info on error conditions that would preceed status data. +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - string argument for status info +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, but its direct use is discouraged. Must be used as an object instance function +sub addto_statusinfo_output { + my ($self, $var, $sline) = @_; + $self->{'_statusinfo'} .= ", " if $self->{'_statusinfo'}; + $self->{'_statusinfo'} .= trim($sline); + $self->{'_dataresults'}{$var}[1]++; +} + +# @DESCRIPTION : Accessor function for statusinfo +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : statusinfo (error conditions and messages) string +# @PRIVACY & USE : PUBLIC. Must be used as an object instance function +sub statusinfo { + my $self = shift; + if (defined($self) && defined($self->{'_statusinfo'})) { + return $self->{'_statusinfo'}; + } + return undef; +} + +# @DESCRIPTION : Builds Statuline. Adds variable data for status line output in non-error condition. +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - formatted for human consumption text of collected data for this variable +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, but its direct use is discouraged. Must be used as an object instance function +sub addto_statusdata_output { + my ($self,$dvar,$data) = @_; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self -> {'_dataresults'}; + my $avar = $self->data2varname($dvar,1); + + # $self->verb("debug: addto_statusdata_output - dvar is $dvar and avar is $avar"); + if ((!exists($thresholds->{$avar}{'DISPLAY'}) || $thresholds->{$avar}{'DISPLAY'} eq 'YES') && + (!exists($dataresults->{$dvar}[1]) || $dataresults->{$dvar}[1] == 0)) { + $self->{'_statusdata'} .= ", " if $self->{'_statusdata'}; + if (defined($data)) { + $self->{'_statusdata'} .= trim($data); + } + elsif (exists($dataresults->{$dvar}[0])) { + $self->{'_statusdata'} .= $self->out_name($dvar) ." is ".$dataresults->{$dvar}[0]; + } + $dataresults->{$dvar}[1]++; + } +} + +# @DESCRIPTION : Accessor function for statusdata +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : statusdata string (non-error data from some variables) +# @PRIVACY & USE : PUBLIC. Must be used as an object instance function +sub statusdata { + my $self = shift; + if (defined($self) && defined($self->{'_statusdata'})) { + return $self->{'_statusdata'}; + } + return undef; +} + +# @DESCRIPTION : This function sets text or data for data variable PERFORMANCE output +# (;warn;crit would be added to it later if thresholds were set for this variable) +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - either "var=data" text or just "data" (in which case var= is prepended to it) +# ARG3 - UOM symol ('c' for continous, '%' for percent, 's' for seconds) to added after data +# if undef then it is looked up in known variables and if one is present there, its used +# ARG4 - one of: "REPLACE" - if existing preset perfdata is present, it would be replaced with ARG2 +# "ADD" - if existing preset perfdata is there, ARG2 string would be added to it (DEFAULT) +# "IFNOTSET - only set perfdata to ARG2 if it is empty, otherwise keep existing +# @RETURNS : nothing (future: 0 on success, -1 on error) +# @PRIVACY & USE : PUBLIC, but its use should be limited to custom variables added by plugins to data +# Must be used as an object instance function +sub set_perfdata { + my ($self,$avar,$adata,$unit,$opt) = @_; + my $dataresults = $self->{'_dataresults'}; + my $thresholds = $self->{'_thresholds'}; + my $known_vars = $self->{'knownStatusVars'}; + my $bdata = $adata; + my $vr = undef; + + # default operation is ADD + if (!defined($opt)) { + $opt = "ADD"; + } + else { + $opt = uc $opt; + } + if (defined($adata)) { + # if only data wthout "var=" create proper perf line + $bdata = perf_name($self->out_name($avar)).'='.$adata if $adata !~ /=/; + if (defined($unit)) { + $bdata .= $unit; + } + else { + # appending UOM is done here + $vr = $self->data2varname($avar,1); + if (defined($vr)) { + if (exists($thresholds->{$vr}{'UOM'})) { + $bdata .= $thresholds->{$vr}{'UOM'}; + } + elsif (exists($known_vars->{$vr}[2])) { + $bdata .= $known_vars->{$vr}[2]; + } + } + } + # preset perfdata in dataresults array + $dataresults->{$avar}=[undef,0,0,''] if !defined($dataresults->{$avar}); + $dataresults->{$avar}[2]=-1; + if ($opt eq "REPLACE" || !exists($dataresults->{$avar}[3]) || $dataresults->{$avar}[3] eq '') { + $dataresults->{$avar}[3]=$bdata; + } + elsif (exists($dataresults->{$avar}[3]) && $dataresults->{$avar}[3] ne '' && $opt eq "ADD") { + $dataresults->{$avar}[3].=$adata; + } + } +} + +# @DESCRIPTION : This function is used when building performance output +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - optional data argument, if not present variable's dataresults are used +# ARG3 - one of: "REPLACE" - if existing preset perfdata is present, it would be replaced with ARG2 +# "ADD" - if existing preset perfdata is there, ARG2 string would be added to it +# "IFNOTSET - only set perfdata to ARG2 if it is empty, otherwise keep existing (DEFAULT) +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, but its direct use is discouraged. Must be used as an object instance function +sub addto_perfdata_output { + my ($self,$avar,$adata, $opt) = @_; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self-> {'_dataresults'}; + my $vr = undef; + + if (!defined($opt)) { + $opt = "IFNOTSET"; + } + else { + $opt = uc $opt; + } + $vr = $self->data2varname($avar,1); + if (defined($avar) && defined($vr) && + (!exists($thresholds->{$vr}{'PERF'}) || $thresholds->{$vr}{'PERF'} eq 'YES') && + (!defined($dataresults->{$avar}[2]) || $dataresults->{$avar}[2] < 1)) { + my $bdata = ''; + if (defined($adata)) { + $bdata .= trim($adata); + } + # this is how most perfdata gets added + elsif (defined($dataresults->{$avar}[0])) { + $bdata .= perf_name($self->out_name($avar)) .'='. $dataresults->{$avar}[0]; + } + # this would use existing preset data now if it was present due to default + # setting UOM from KNOWN_STATUS_VARS array is now in set_perfdata if 3rd arg is undef + $self->set_perfdata($avar,$bdata,undef,$opt); + # now we actually add to perfdata from [3] of dataresults + if (exists($dataresults->{$avar}[3]) && $dataresults->{$avar}[3] ne '') { + $bdata = trim($dataresults->{$avar}[3]); + $self->{'_perfdata'} .= " " if $self->{'_perfdata'}; + $self->{'_perfdata'} .= $bdata; + $dataresults->{$avar}[2]=0 if $dataresults->{$avar}[2] < 0; + $dataresults->{$avar}[2]++; + } + } +} + +# @DESCRIPTION : Accessor function for map from data collected to variable names specified in options and thresholds +# @LAST CHANGED : 08-22-13 by WL +# @INPUT : ARG1 - data variable name +# ARG2 - if undef or 0 return undef if no match for ARG1 found, if 1 return ARG1 +# @RETURNS : string of variable name as was specified with --variables or --thresholds +# @PRIVACY & USE : PUBLIC. Must be used as an object instance function +sub data2varname { + my ($self,$dname,$ropt) = @_; + my $dataresults = $self->{'_dataresults'}; + + return $dataresults->{$dname}[4] if defined($self) && defined($dataresults->{$dname}[4]); + return $dname if defined($ropt) && $ropt eq 1; + return undef; +} + +# @DESCRIPTION : Sets list and info on known variables and regex for acceptable data types. +# This function maybe called more than once. If called again, new vars in subsequent +# calls are added to existing ones and existing vars are replaced if they are there again. +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : ARG1 - ref to hash array of known vars. Keys are variable names. Data is an array. Example is: +# 'version' => [ 'misc', 'VERSION', '' ], +# 'utilization' => [ 'misc', 'GAUGE', '%' ], +# 'cmd_get' => [ 'misc', 'COUNTER', 'c', "Total Number of Get Commands from Start" ], +# The array elements are: +# 1st - string of source for this variable. not used by the library at all, but maybe used by code getting the data +# 2nd - type of data in a variable. May be "GAUGE", "VERSION", "COUNTER", "BOOLEAN", "TEXTINFO", "TEXTDATA", "SETTING" +# 3rd - either empty or one-character UOM to be added to perforance data - 'c' for continous, '%' percent, 's' seconds +# 4th - either empty or a description of this variable. If not empty, the variable becomes long-option and this is help text +# ARG2 - regex of acceptable types of data for performance output. Anything else is ignored (i.e. no no output to perf), but +# is still available for threshold checks. if this is undef, then default of 'GAUGE|COUNTER|^DATA$|BOOLEAN' is used +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Must be used as object instance function +sub set_knownvars { + my ($self, $known_vars_in, $vartypes_regex_in) = @_; + my $known_vars = $self->{'knownStatusVars'}; + + if (defined($known_vars_in)) { + foreach (keys %{$known_vars_in}) { + $known_vars->{$_} = $known_vars_in->{$_}; + } + } + if (defined($vartypes_regex_in)) { + $self->{'perfOKStatusRegex'} = $vartypes_regex_in; + } + else { + $self->{'perfOKStatusRegex'} = $DEFAULT_PERF_OK_STATUS_REGEX; + } +} + +# @DESCRIPTION : Adds known variables definition one at a time +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : ARG1 - variable name +# ARG2 - string of source for this variable. not used by the library at all, but maybe used by code getting the data +# ARG3 - type of data in a variable. May be "GAUGE", "VERSION", "COUNTER", "BOOLEAN", "TEXTINFO", "TEXTDATA", "SETTING" +# ARG4 - either empty or one-character UOM symbol to be added to perforance data - 'c' for continous, '%' percent, 's' seconds +# ARG5 - either empty or a description of this variable. If not empty, the variable becomes long-option and this is help text +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Must be used as object instance function +sub add_knownvar { + my ($self, $varname, $source, $type, $unit, $description) = @_; + my $temp = { $varname => [ $source, $type, $unit, $description] }; + $self->set_knownvars($temp,undef); +} + +# @DESCRIPTION : This function is used for checking data values against critical and warning thresholds +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - variable name (used for text output in case it falls within threshold) +# ARG2 - data to be checked +# ARG3 - threshold to be checked, internal structure returned by parse_threshold() +# @RETURNS : Returns "" (empty string) if data is not within threshold range +# and text message for status line out about how data is within range otherwise +# @PRIVACY & USE : PUBLIC. Maybe used directly or as an object instance function +sub check_threshold { + my ($self,$attrib,$data,$th_array) = _self_args(@_); + my $mod = $th_array->[0]; + my $lv1 = $th_array->[1]; + my $lv2 = $th_array->[2]; + my $issymb = 1; + $issymb = 0 if defined($self) && $self->{'output_comparison_symbols'} eq 0; + + # verb("debug check_threshold: $mod : ".(defined($lv1)?$lv1:'')." : ".(defined($lv2)?$lv2:'')); + return "" if !defined($lv1) || ($mod eq '' && $lv1 eq ''); + return " " . $attrib . " is " . $data . ( ($issymb==1)?' = ':' equal to ' ). $lv1 if $mod eq '=' && $data eq $lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' != ':' not equal to ' ). $lv1 if $mod eq '!' && $data ne $lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' > ':' more than ' ) . $lv1 if $mod eq '>' && $data>$lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' > ':' more than ' ) . $lv2 if $mod eq ':' && $data>$lv2; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' >= ':' more than or equal to ' ) . $lv1 if $mod eq '>=' && $data>=$lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' < ':' less than ' ). $lv1 if ($mod eq '<' || $mod eq ':') && $data<$lv1; + return " " . $attrib . " is " . $data . ( ($issymb==1)?' <= ':' less than or equal to ' ) . $lv1 if $mod eq '<=' && $data<=$lv1; + return " " . $attrib . " is " . $data . " in range $lv1..$lv2" if $mod eq '@' && $data>=$lv1 && $data<=$lv2; + return ""; +} + +# @DESCRIPTION : This function is called to parse threshold string +# @LAST CHANGED : 03-23-13 by WL +# (the code in this function can be traced back to late 2006. It has not much changed from 2008) +# @INPUT : ARG1 - String for one variable WARN or CRIT threshold which can be as follows: +# data - warn if data is above this value if numeric data, or equal for non-numeric +# >data - warn if data is above this value (default for numeric values) +# num2 +# \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 +# @RETURNS : Returns reference to a hash array, this library's structure for holding processed threshold spec +# @PRIVACY & USE : PUBLIC. Maybe used directly or as an object instance function +sub parse_threshold { + my ($self,$thin) = _self_args(@_); + + # link to an array that holds processed threshold data + # array: 1st is type of check, 2nd is threshold value or value1 in range, 3rd is value2 in range, + # 4th is extra options such as ^, 5th is nagios spec string representation for perf out + my $th_array = [ '', undef, undef, '', '' ]; + my $th = $thin; + my $at = ''; + + $at = $1 if $th =~ s/^(\^?[@|>|<|=|!]?~?)//; # check mostly for my own threshold format + $th_array->[3]='^' if $at =~ s/\^//; # deal with ^ option + $at =~ s/~//; # ignore ~ if it was entered + if ($th =~ /^\:([-|+]?\d+\.?\d*)/) { # :number format per nagios spec + $th_array->[1]=$1; + $th_array->[0]=($at !~ /@/)?'>':'<='; + $th_array->[5]=($at !~ /@/)?('~:'.$th_array->[1]):($th_array->[1].':'); + } + elsif ($th =~ /([-|+]?\d+\.?\d*)\:$/) { # number: format per nagios spec + $th_array->[1]=$1; + $th_array->[0]=($at !~ /@/)?'<':'>='; + $th_array->[5]=($at !~ /@/)?'':'@'; + $th_array->[5].=$th_array->[1].':'; + } + elsif ($th =~ /([-|+]?\d+\.?\d*)\:([-|+]?\d+\.?\d*)/) { # nagios range format + $th_array->[1]=$1; + $th_array->[2]=$2; + if ($th_array->[1] > $th_array->[2]) { + print "Incorrect format in '$thin' - in range specification first number must be smaller then 2nd\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + $th_array->[0]=($at !~ /@/)?':':'@'; + $th_array->[5]=($at !~ /@/)?'':'@'; + $th_array->[5].=$th_array->[1].':'.$th_array->[2]; + } + if (!defined($th_array->[1])) { # my own format (<,>,=,!) + $th_array->[0] = ($at eq '@')?'<=':$at; + $th_array->[1] = $th; + $th_array->[5] = '~:'.$th_array->[1] if ($th_array->[0] eq '>' || $th_array->[0] eq '>='); + $th_array->[5] = $th_array->[1].':' if ($th_array->[0] eq '<' || $th_array->[0] eq '<='); + $th_array->[5] = '@'.$th_array->[1].':'.$th_array->[1] if $th_array->[0] eq '='; + $th_array->[5] = $th_array->[1].':'.$th_array->[1] if $th_array->[0] eq '!'; + } + if ($th_array->[0] =~ /[>|<]/ && !isnum($th_array->[1])) { + print "Numeric value required when '>' or '<' are used !\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + # verb("debug parse_threshold: $th_array->[0] and $th_array->[1]"); + $th_array->[0] = '=' if !$th_array->[0] && !isnum($th_array->[1]) && $th_array->[1] ne ''; + if (!$th_array->[0] && isnum($th_array->[1])) { # this is just the number by itself, becomes 0:number check per nagios guidelines + $th_array->[2]=$th_array->[1]; + $th_array->[1]=0; + $th_array->[0]=':'; + $th_array->[5]=$th_array->[2]; + } + return $th_array; +} + +# @DESCRIPTION : this function checks that for numeric data warn threshold is within range of critical +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - warhing threshold structure (reference to hash array) +# ARG2 - critical threshold structure (reference to hash array) +# @RETURNS : Returns 1 if warning does not fall within critical (there is an error) +# Returns 0 if everything is ok and warning is within critical +# @PRIVACY & USE : PUBLIC, but its use is discouraged. Maybe used directly or as an object instance function. +sub threshold_specok { + my ($self, $warn_thar,$crit_thar) = _self_args(@_); + + return 1 if defined($warn_thar) && defined($warn_thar->[1]) && + defined($crit_thar) && defined($crit_thar->[1]) && + isnum($warn_thar->[1]) && isnum($crit_thar->[1]) && + $warn_thar->[0] eq $crit_thar->[0] && + (!defined($warn_thar->[3]) || $warn_thar->[3] !~ /\^/) && + (!defined($crit_thar->[3]) || $crit_thar->[3] !~ /\^/) && + (($warn_thar->[1]>$crit_thar->[1] && ($warn_thar->[0] =~ />/ || $warn_thar->[0] eq '@')) || + ($warn_thar->[1]<$crit_thar->[1] && ($warn_thar->[0] =~ /[0] eq ':')) || + ($warn_thar->[0] eq ':' && $warn_thar->[2]>=$crit_thar->[2]) || + ($warn_thar->[0] eq '@' && $warn_thar->[2]<=$crit_thar->[2])); + return 0; # return with 0 means specs check out and are ok +} + +# @DESCRIPTION : this compares var names from data to names given as plugin options treating them regex +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : ARG1 - the name to search for +# @RETURNS : Keyname for what first one that matched from _thresholds +# Undef if nothing matched +# @PRIVACY & USE : PUBLIC, but its direct use should be rare. Must be used as an object instance function. +sub var_pattern_match { + my ($self, $name) = @_; + my $thresholds = $self->{'_thresholds'}; + my $allvars = $self->{'_allVars'}; + my $is_regex_match = $self->{'enable_regex_match'}; + my $v; + my $pattern; + + foreach $v (@{$allvars}) { + $pattern=''; + if ($is_regex_match eq 1 && !defined($thresholds->{$v}{'PATTERN'})) { + $pattern=$v; + } + elsif ($is_regex_match ne 0 && defined($thresholds->{$v}{'PATTERN'})) { + $pattern = $thresholds->{$v}{'PATTERN'}; + } + if ($pattern ne '' && $name =~ /$pattern/) { + $self->verb("Data name '".$name."' matches pattern '".$pattern."'"); + return $v; + } + } + return undef; +} + +# @DESCRIPTION : This function adds data results +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : ARG1 - name of data variable +# ARG2 - data for this variable +# ARG3 - name of checked variable/parameter corresponding to this data variable +# default undef, assumed to be same as ARG1 +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub add_data { + my ($self, $dnam, $dval, $anam) = @_; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self-> {'_dataresults'}; + my $datavars = $self -> {'_datavars'}; + my $perfVars = $self->{'_perfVars'}; + + # determine what plugin options-specified var & threshold this data corresponds to + if (!defined($anam)) { + if ($self->{'enable_regex_match'} == 0) { + $anam = $dnam; + } + else { + $anam = $self->var_pattern_match($dnam); + $anam = $dnam if !defined($anam); + } + } + # set dataresults + if (exists($dataresults->{$dnam})) { + $dataresults->{$dnam}[0] = $dval; + $dataresults->{$dnam}[4] = $anam if defined($anam); + } + else { + $dataresults->{$dnam} = [$dval, 0, 0, '', $anam]; + } + # reverse map array + $datavars->{$anam} = [] if !exists($datavars->{$anam}); + push @{$datavars->{$anam}}, $dnam; + # setperf if all variables go to perf + if ($self->{'all_variables_perf'} == 1) { + $thresholds->{$anam}={} if !exists($thresholds->{$anam}); + $thresholds->{$anam}{'PERF_DATALIST'} = [] if !exists($thresholds->{$anam}{'PERF_DATALIST'}); + push @{$thresholds->{$anam}{'PERF_DATALIST'}}, $dnam; + if (!defined($thresholds->{$anam}{'PERF'})) { + push @{$perfVars}, $anam; + $thresholds->{$anam}{'PERF'} = 'YES'; + } + } +} + +# @DESCRIPTION : Accessor function that gets variable data +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - name of data variable +# @RETURNS : undef if variable does not exist and data otherwise +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub vardata { + my ($self,$dnam) = @_; + my $dataresults = $self->{'_dataresults'}; + return undef if !exists($dataresults->{$dnam}); + return $dataresults->{$dnam}[0]; +} + +# @DESCRIPTION : This function parses "WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN" combined threshold string +# Parsing of actual threshold i.e. what is after WARN, CRIT is done by parse_threshold() function +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : ARG1 - String containing threshold line like "WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN" +# Acceptable comma-separated parts threshold specifiers are: +# WARN: - warning threshold +# CRIT: - critical threshold +# ABSENT:OK|WARNING|CRITICAL|UNKNOWN - nagios exit code if data for this variable is not found +# ZERO:OK|WARNING|CRITICAL|UNKNOWN - nagios exit code if data is 0 +# DISPLAY:YES|NO - output data in plugin status line +# PERF:YES|NO - output data as plugin performance data +# SAVED:YES|NO - put results in saved data (this really should not be set manually) +# PATTERN: - enables regex match allowing more than one real data name to match this threshold +# NAME: - overrides output status and perf name for this variable +# UOM: - unit of measurement symbol to add to perf +# @RETURNS : Returns reference to a hash array, a library's structure for holding processed MULTI-THRESHOLD spec +# Note that this is MULTI-THRESHOLD hash structure, it itself contains threshold hashes returned by parse_threshold() +# @PRIVACY & USE : PUBLIC, but its use is discouraged. Maybe used directly or as an object instance function. +sub parse_thresholds_list { + my ($self,$in) = _self_args(@_); + my $thres = {}; + my @tin = undef; + my $t = undef; + my $t2 = undef; + + @tin = split(',', $in); + $t = uc $tin[0] if exists($tin[0]); + # old format with =warn,crit thresolds without specifying which one + if (defined($t) && $t !~ /^WARN/ && $t !~ /^CRIT/ && $t !~ /^ABSENT/ && $t !~ /^ZERO/ && + $t !~ /^DISPLAY/ && $t !~ /^PERF/ && $t !~ /^SAVED/ && + $t !~ /^PATTERN/ && $t !~ /^NAME/ && $t !~ /^UOM/) { + if (scalar(@tin)==2) { + if (defined($self)) { + $thres->{'WARN'} = $self->parse_threshold($tin[0]); + $thres->{'CRIT'} = $self->parse_threshold($tin[1]); + } + else { + $thres->{'WARN'} = parse_threshold($tin[0]); + $thres->{'CRIT'} = parse_threshold($tin[1]); + } + } + else { + print "Can not parse. Unknown threshold specification: $in\n"; + print "Threshold line should be either both warning and critical thresholds separated by ',' or \n"; + print "new format of: WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN\n"; + print "which allows to specify all 3 (CRIT,WARN,ABSENT) or any one of them in any order\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + # new format with prefix specifying if its WARN or CRIT and support of ABSENT + else { + foreach $t (@tin) { + $t2 = uc $t; + if ($t2 =~ /^WARN\:(.*)/) { + if (defined($self)) { + $thres->{'WARN'} = $self->parse_threshold($1); + } + else { + $thres->{'WARN'} = parse_threshold($1); + } + } + elsif ($t2 =~ /^CRIT\:(.*)/) { + if (defined($self)) { + $thres->{'CRIT'} = $self->parse_threshold($1); + } + else { + $thres->{'CRIT'} = parse_threshold($1); + } + } + elsif ($t2 =~ /^ABSENT\:(.*)/) { + my $val = $1; + if (defined($ERRORS{$val})) { + $thres->{'ABSENT'} = $val; + } + else { + print "Invalid value $val after ABSENT. Acceptable values are: OK, WARNING, CRITICAL, UNKNOWN\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + elsif ($t2 =~ /^ZERO\:(.*)/) { + my $val = $1; + if (exists($ERRORS{$val})) { + $thres->{'ZERO'} = $val; + } + else { + print "Invalid value $val after ZERO. Acceptable values are: OK, WARNING, CRITICAL, UNKNOWN\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + elsif ($t2 =~ /^DISPLAY\:(.*)/) { + if ($1 eq 'YES' || $1 eq 'NO') { + $thres->{'DISPLAY'} = $1; + } + else { + print "Invalid value $1 after DISPLAY. Specify this as YES or NO.\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + elsif ($t2 =~ /^PERF\:(.*)/) { + if ($1 eq 'YES' || $1 eq 'NO') { + $thres->{'PERF'} = $1; + } + else { + print "Invalid value $1 after PERF. Specify this as YES or NO.\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + elsif ($t =~ /^PATTERN\:(.*)/i) { + $thres->{'PATTERN'} = $1; + $self->{'enable_regex_match'} = 2 if defined($self) && $self->{'enable_regex_match'} eq 0; + } + elsif ($t =~ /^NAME\:(.*)/i) { + $thres->{'NAME'} = $1; + } + elsif ($t =~ /^UOM\:(.*)/i) { + $thres->{'UOM'} = $1; + } + else { + print "Can not parse. Unknown threshold specification: $_\n"; + print "Threshold line should be WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN,ZERO:OK|WARNING|CRITICAL|UNKNOWN\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + } + if (exists($thres->{'WARN'}) && exists($thres->{'CRIT'})) { + my $check_warncrit = 0; + if (defined($self)) { + $check_warncrit = $self->threshold_specok($thres->{'WARN'},$thres->{'CRIT'}); + } + else { + $check_warncrit = threshold_specok($thres->{'WARN'},$thres->{'CRIT'}); + } + if ($check_warncrit) { + print "All numeric warning values must be less then critical (or greater then when '<' is used)\n"; + print "Note: to override this check prefix warning value with ^\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + return $thres; +} + +# @DESCRIPTION : Adds variable to those whose thresholds would be checked +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : ARG1 - name of the data variable +# ARG2 - either: +# 1) ref to combined thresholds hash array i.e. { 'WARN' => threshold array, 'CRIT' => threshold array, ABSENT => ... } +# such hash array is returned by by parse_thresholds_list function +# -- OR -- +# 2) a tet string with a list of thresholds in the format +# WARN:threshold,CRIT:thresholod,ABSENT:OK|WARNING|CRITICAL|UNKNOWN,ZERO:WARNING|CRITICAL|UNKNOWN,PATTERN:pattern,NAME:name +# which would get parsed y parse_thresholds_list function into ref array +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, Recommend function for adding thresholds. Must be used as an object instance function +sub add_thresholds { + my ($self,$var,$th_in) = @_; + my $th; + if (ref($th_in) && (exists($th_in->{'WARN'}) || exists($th_in->{'CRIT'}) || exists($th_in->{'DISPLAY'}) || + exists($th_in->{'PERF'}) || exists($th_in->{'SAVED'}) || exists($th_in->{'ABSENT'}) || + exists($th_in->{'ZERO'}) || exists($th_in->{'PATTERN'}))) { + $th = $th_in; + } + else { + $th = $self->parse_thresholds_list($th_in); + } + if (!defined($var)) { + if (defined($th->{'NAME'})) { + $var = $th->{'NAME'}; + } + elsif (defined($th->{'PATTERN'})) { + $var = $th->{'PATTERN'}; + } + else { + print "Can not parse. No name or pattern in threshold: $th_in\n"; + print "Specify threshold line as: NAME:name,PATTERN:regex,WARN:threshold,CRIT:threshold,ABSENT:OK|WARNING|CRITICAL|UNKNOWN,ZERO:OK|WARNING|CRITICAL|UNKNOWN\n"; + $self->usage(); + exit $ERRORS{"UNKNOWN"}; + } + } + push @{$self->{'_allVars'}}, $var if !exists($self->{'_thresholds'}{$var}); + $self->{'_thresholds'}{$var}=$th; +} + +# @DESCRIPTION : Accessor function for thresholds and related variable settings on what and how to check +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - name of data variable +# ARG2 - name of the threshold or related data setting to return +# This can be: "WARN", "CRIT", "ABSENT", "ZERO", "DISPLAY", "PERF" +# @RETURNS : undef if variable does not exist +# if variable exists and "WARN" or "CRIT" thresholds are requested, it returns asociated +# threshold hash array structure for named threshold of the type returned by parse_threshold() +# for ABSENT, ZERO, DISPLAY, PERF and other, it returns a string for this check setting +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub get_threshold { + my ($self,$var,$thname) = @_; + return undef if !exists($self->{'_thresholds'}{$var}) || !exists($self->{'_thresholds'}{$var}{$thname}); + return $self->{'_thresholds'}{$var}{$thname}; +} + +# @DESCRIPTION : Modifier function for thresholds and related variable settings on how to check and display results +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - name of data variable +# ARG2 - type of the threshold or related data setting +# This can be: "WARN", "CRIT", "ABSENT", "ZERO", "DISPLAY", "PERF" +# ARG3 - what to set this to, for "WARN" and "CRIT" this must be hash array returned by parse_threshold() +# @RETURNS : 0 if type you want to set is not one of "WARN", "CRIT", "ZERO" or other acceptable settings +# 1 on success +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub set_threshold { + my ($self,$var,$thname,$thdata) = @_; + if ($thname ne 'WARN' && $thname ne 'CRIT' && $thname ne 'ZERO' && $thname ne 'PATTERN' && $thname ne 'NAME' && + $thname ne 'ABSENT' && $thname ne 'PERF' && $thname ne 'DISPLAY' && $thname ne 'SAVED' && $thname ne 'UOM') { + return 0; + } + $self->{'_thresholds'}{$var}={} if !exists($self->{'_thresholds'}{$var}); + $self->{'_thresholds'}{$var}{$thname}=$thdata; + return 1; +} + +# @DESCRIPTION : Returns list variables for GetOptions(..) that are long-options based on known/defined variable +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : none +# @RETURNS : Array of additional options based on KNOWN_STATS_VARS +# @PRIVACY & USE : PUBLIC, Special use case with GetOpt::Long. Must be used as an object instance function +sub additional_options_list { + my $self = shift; + + my $known_vars = $self->{'knownStatusVars'}; + my ($o_rprefix, $o_rsuffix, $v, $v2) = ('','','',''); + $o_rprefix = $self->{'o_rprefix'} if defined($self->{'o_rprefix'}); + $o_rsuffix = $self->{'o_rsuffix'} if defined($self->{'o_rsuffix'}); + my @VarOptions = (); + + if ($self->{'enable_long_options'} != -1) { + if (defined($self) && defined($known_vars)) { + foreach $v (keys %{$known_vars}) { + if (exists($known_vars->{$v}[3]) && $known_vars->{$v}[3] ne '') { + push @VarOptions,$v."=s"; + if ($self->{'enable_rate_of_change'} eq 1 && $known_vars->{$v}[1] eq 'COUNTER' && ($o_rprefix ne '' || $o_rsuffix ne '')) { + $v2 = $o_rprefix.$v.$o_rsuffix; + push @VarOptions,$v2."=s" + } + } + } + } + } + if (scalar(@VarOptions)>0) { + $self->{'enable_long_options'} = 1; + } + return @VarOptions; +} + +# @DESCRIPTION : Prints out help for generated long options +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : none +# @RETURNS : a string of text for help output +# @PRIVACY & USE : PUBLIC, Special use case with GetOpt::Long. Must be used as an object instance function +sub additional_options_help { + my $self = shift; + my $vname; + my $vname2; + my $counter = 0; + my $known_vars = $self->{'knownStatusVars'}; + + if ($self->{'enable_long_options'} != 1) { return ''; } + + my $out=" These options are all --long_name= + where specifiers are one or more of: + WARN:threshold - warning alert threshold + CRIT:threshold - critical alert threshold + Threshold is a value (usually numeric) which may have the following prefix: + > - warn if data is above this value (default for numeric values) + < - warn if data is below this value (must be followed by number) + = - warn if data is equal to this value (default for non-numeric values) + ! - warn if data is not equal to this value + Threshold can also be specified as a range in two forms: + num1:num2 - warn if data is outside range i.e. if datanum2 + \@num1:num2 - warn if data is in range i.e. data>=num1 && data<=num2 + ABSENT:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if data is absent + ZERO:OK|WARNING|CRITICAL|UNKNOWN - Nagios alert (or lock of thereof) if result is 0 + DISPLAY:YES|NO - Specifies if data should be included in nagios status line output + PERF:YES|NO - Output results as performance data or not (always YES if asked for rate) + NAME: - Change the name to in status and PERF output\n\n"; + + # add more options based on KNOWN_STATUS_VARS array + foreach $vname (keys(%{$known_vars})) { + if (exists($known_vars->{$vname}[3])) { + $counter++; + $out .= ' --'.$vname."=WARN:threshold,CRIT:threshold,\n"; + $out .= " ".$known_vars->{$vname}[3]."\n"; + if ($known_vars->{$vname}[1] eq 'COUNTER' && $self->{'enable_rate_of_change'} eq 1) { + $vname2=$o_rprefix.$vname.$o_rsuffix; + $out .= ' --'.$vname2."=WARN:threshold,CRIT:threshold,\n"; + $out .= " Rate of Change of ".$known_vars->{$vname}[3]."\n"; + } + } + } + if ($counter>0) { return $out; } + return ""; +} + +# @DESCRIPTION : Processes standard options parsing out of them variables to be checked +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : ARG1 - Options data hash from GetOpt::Long +# ARG2 - option --verbose or -v or --debug : undef normally and "" or filename if debug enabled +# ARG3 - option --variables or -a in WL's plugins : comma-separated list of variables to check +# ARG4 - option --warn or -w : comma-separated warning thresholds for variables in ARG3 +# ARG5 - option --crit or -c : comma-separated critical thresholds for variables in ARG3 +# ARG6 - option --perf or -f in WL's plugin: all regular variables should also go to perf data +# ARG7 - option --perfvars or -A in WL's plugins: command-separated list of variables whose data goes to PERF output +# ARG8 - prefix to distinguish rate variables, maybe "" but usually this is "rate_" +# ARG9 - suffix to distinguish rate variables, only if ARG7 is "", otherwise optional and absent +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be used shortly after GetOptions. Must be used as an object instance function +sub options_startprocessing { + my ($self, $Options, $o_verb, $o_variables, $o_warn, $o_crit, $o_perf, $o_perfvars, $o_rprefix, $o_rsuffix) = @_; + + # Copy input parameters to object hash array, set them if not present + $o_rprefix="" if !defined($o_rprefix); + $o_rsuffix="" if !defined($o_rsuffix); + $o_crit="" if !defined($o_crit); + $o_warn="" if !defined($o_warn); + $o_variables="" if !defined($o_variables); + $self->{'o_variables'} = $o_variables; + $self->{'o_perfvars'} = $o_perfvars; + $self->{'o_crit'} = $o_crit; + $self->{'o_warn'} = $o_warn; + $self->{'o_perf'} = $o_perf; + $self->{'o_rprefix'} = $o_rprefix; + $self->{'o_rsuffix'} = $o_rsuffix; + $self->{'verbose'} = $o_verb if defined($o_verb); + # start processing + my $perfVars = $self->{'_perfVars'}; + my $ar_varsL = $self->{'_ar_varsL'}; + my $ar_critLv = $self->{'_ar_critLv'}; + my $ar_warnLv = $self->{'_ar_warnLv'}; + my $known_vars = $self->{'knownStatusVars'}; + $o_rprefix = lc $o_rprefix; + $o_rsuffix = lc $o_rsuffix; + # process o_perfvars option + if (defined($o_perfvars)) { + @{$perfVars} = split( /,/ , lc $o_perfvars ); + if (scalar(@{$perfVars})==0) { + $o_perfvars='*'; + $self->{'o_perfvars'}='*'; + } + if ($o_perfvars eq '*') { + $self->{'all_variables_perf'} = 1; + } + else { + # below loop converts rate variables to internal representation + for (my $i=0; $i[$i] = '&'.$1 if $perfVars->[$i] =~ /^$o_rprefix(.*)$o_rsuffix$/; + } + } + } + if (defined($o_warn) || defined($o_crit) || defined($o_variables)) { + if (defined($o_variables)) { + @{$ar_varsL}=split( /,/ , lc $o_variables ); + if (defined($o_warn)) { + $o_warn.="~" if $o_warn =~ /,$/; + @{$ar_warnLv}=split( /,/ , lc $o_warn ); + } + if (defined($o_crit)) { + $o_crit.="~" if $o_crit =~ /,$/; + @{$ar_critLv}=split( /,/ , lc $o_crit ); + } + } + else { + print "Specifying warning or critical thresholds requires specifying list of variables to be checked\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + # this is a special loop to check stats-variables options such as "connected_clients=WARN:warning,CRIT:critical" + # which are specified as long options (new extended threshold line spec introduced in check_redis and check_memcached) + my ($vname,$vname2) = (undef,undef); + foreach $vname (keys(%{$known_vars})) { + $vname2=$o_rprefix.$vname.$o_rsuffix; + if (exists($known_vars->{$vname}[3])) { + if (exists($Options->{$vname})) { + $self->verb("Option $vname found with spec parameter: ".$Options->{$vname}); + $self->add_thresholds($vname,$Options->{$vname}); + } + if (exists($Options->{$vname2})) { + $self->verb("Rate option $vname2 found with spec parameter: ".$Options->{$vname2}); + $self->add_thresholds('&'.$vname,$Options->{$vname2}); + } + } + } + $self->{'_called_options_startprocessing'}=1; +} + +# @DESCRIPTION : Internal function. Parses and sets thresholds for given list of variables after all options have been processed +# @LAST CHANGED : 08-20-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PRIVATE, Must be used as an object instance function +sub _options_setthresholds { + my $self = shift; + + my $perfVars = $self->{'_perfVars'}; + my $ar_varsL = $self->{'_ar_varsL'}; + my $ar_critLv = $self->{'_ar_critLv'}; + my $ar_warnLv = $self->{'_ar_warnLv'}; + my $known_vars = $self->{'knownStatusVars'}; + my $thresholds = $self->{'_thresholds'}; + my ($o_rprefix, $o_rsuffix) = ("", ""); + $o_rprefix = $self->{'o_rprefix'} if exists($self->{'o_rprefix'}); + $o_rsuffix = $self->{'o_rsuffix'} if exists($self->{'o_rsuffix'}); + + if (scalar(@{$ar_warnLv})!=scalar(@{$ar_varsL}) || scalar(@{$ar_critLv})!=scalar(@{$ar_varsL})) { + printf "Number of specified warning levels (%d) and critical levels (%d) must be equal to the number of attributes specified at '-a' (%d). If you need to ignore some attribute do it as ',,'\n", scalar(@{$ar_warnLv}), scalar(@{$ar_critLv}), scalar(@{$ar_varsL}); + $self->verb("Warning Levels: ".join(",",@{$ar_warnLv})); + $self->verb("Critical Levels: ".join(",",@{$ar_critLv})); + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + for (my $i=0; $i[$i] = '&'.$1 if $ar_varsL->[$i] =~ /^$o_rprefix(.*)$o_rsuffix$/; + if ($ar_varsL->[$i] =~ /^&(.*)/) { + if (!defined($self->{'o_prevperf'})) { + print "Calculating rate variable such as ".$ar_varsL->[$i]." requires previous performance data. Please add '-P \$SERVICEPERFDATA\$' to your nagios command line.\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + if (defined($known_vars->{$1}) && $known_vars->{$1}[0] ne 'COUNTER') { + print "$1 is not a COUNTER variable for which rate of change should be calculated\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + if (!exists($thresholds->{$ar_varsL->[$i]})) { + my $warn = $self->parse_threshold($ar_warnLv->[$i]); + my $crit = $self->parse_threshold($ar_critLv->[$i]); + if ($self->threshold_specok($warn,$crit)) { + print "All numeric warning values must be less then critical (or greater then when '<' is used)\n"; + print "Note: to override this check prefix warning value with ^\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + $self->add_thresholds($ar_varsL->[$i], {'WARN'=>$warn,'CRIT'=>$crit} ); + } + } +} + +# @DESCRIPTION : Internal helper function. Finds time when previous performance data was calculated/saved at +# @DEVNOTE : Right now this library and function only supports one previous performance data set, +# but check_snmp_netint plugin supports multiple sets and there the code is more complex, +# As this function originated there, that code is commented out right now. +# @LAST CHANGED : 08-21-12 by WL +# @INPUT : ARG1 - reference to previous performance data hash array. It looks for _ptime variable there. +# ARG2 - string with previous performance time in unix seconds. This may come from separate plugin option. +# @RETURNS : Time in unix seconds frm 1970 or undef if it was not located +# @PRIVACY & USE : PRIVATE, Maybe used directly or as an object instance function. +sub _set_prevtime { + my ($self,$prevperf,$o_prevtime) = _self_args(@_); + my $perfcheck_time; + + if (defined($o_prevtime)) { + # push @prev_time, $o_prevtime; + # $prev_perf{ptime}=$o_prevtime; + $perfcheck_time=$o_prevtime; + } + elsif (defined($prevperf) && defined($prevperf->{'_ptime'})) { + # push @prev_time, $prev_perf{ptime}; + $perfcheck_time=$prevperf->{'_ptime'}; + } + else { + # @prev_time=(); + $perfcheck_time=undef; + } + # numeric sort for timestamp array (this is from lowest time to highiest, i.e. to latest) + # my %ptimes=(); + # $ptimes{$_}=$_ foreach @prev_time; + # @prev_time = sort { $a <=> $b } keys(%ptimes); + return $perfcheck_time; +} + +# @DESCRIPTION : Processes standard options, setting up thresholds based on options that are to be checked +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be called after plugin finished processing its own custom options. Must be used as an object instance function +sub options_finishprocessing { + my $self = shift; + + if (!exists($self->{'_called_options_finishprocessing'})) { + # process previous performance data + my $prevperf = $self->{'_prevPerf'}; + if (defined($self->{'o_prevperf'})) { + if (defined($self->{'o_perf'}) || defined($self->{'o_perfvars'})) { + %{$prevperf}=$self->process_perf($self->{'o_prevperf'}); + $self->{'_perfcheck_time'} = $self->_set_prevtime($prevperf,$self->{'o_prevtime'}); + } + else { + print "--prevperf can only be used with --perf or --perfvars options\n"; + if (defined($self)) { $self->usage(); } + exit $ERRORS{"UNKNOWN"}; + } + } + # set thresholds + $self->_options_setthresholds(); + # prepare data results arrays + my $dataresults = $self->{'_dataresults'}; + my $thresholds = $self->{'_thresholds'}; + $dataresults->{$_} = [undef, 0, 0] foreach(@{$self->{'_allVars'}}); + if (defined($self->{'_perfVars'})) { + foreach(@{$self->{'_perfVars'}}) { + $dataresults->{$_} = [undef, 0, 0] if !exists($dataresults->{$_}); + $thresholds->{$_} = {} if !exists($thresholds->{$_}); + $thresholds->{$_}{'PERF'} = 'YES'; + } + } + # mark as having finished + $self->{'_called_options_finishprocessing'}=1; + } +} + +# @DESCRIPTION : Accessor function for previously saved perfdata +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : ARG1 - varname +# @RETURNS : value of that variable on previous plugin run, undef if not known +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub prev_perf { + my ($self,$var) = @_; + if (defined($self) && defined($self->{'_prevPerf'}{$var})) { + return $self->{'_prevPerf'}{$var}; + } + return undef; +} + +# @DESCRIPTION : Accessor function for exit status code +# @LAST CHANGED : 08-21-12 by WL +# @INPUT : none +# @RETURNS : current expected exit status code +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub statuscode { + my $self = shift; + return $self->{'_statuscode'}; +} + +# @DESCRIPTION : Sets plugin exist status +# @LAST CHANGED : 08-21-12 by WL +# @INPUT : status code string - one of "WARNING", "CRITICAL", "UNKNOWN". +# @RETURNS : 0 on success, 1 if this status code is below level that plugin would exit with and as such it was not set +# @PRIVACY & USE : PUBLIC, Must be used as an object instance function +sub set_statuscode { + my ($self,$newcode) = @_; + + if ($newcode eq 'UNKNOWN') { + $self->{'_statuscode'} = 'UNKNOWN'; + return 0; + } + if ($self->{'_statuscode'} eq 'UNKNOWN') { return 1; } + elsif ($self->{'_statuscode'} eq 'CRITICAL') { + if ($newcode eq 'CRITICAL') { return 0;} + else { return 1; } + } + elsif ($self->{'_statuscode'} eq 'WARNING') { + if ($newcode eq 'CRITICAL') { + $self->{'_statuscode'} ='CRITICAL'; + return 0; + } + elsif ($newcode eq 'WARNING') { return 0; } + else { return 1; } + } + elsif ($self->{'_statuscode'} eq 'OK') { + if ($newcode eq 'CRITICAL' || $newcode eq 'WARNING') { + $self->{'_statuscode'} = $newcode; + return 0; + } + else { return 1; } + } + else { + printf "SYSTEM ERROR: status code $newcode not supported"; + exit $ERRORS{'UNKNOWN'}; + } + return 1; # should never get here +} + +# @DESCRIPTION : This function is called closer to end of the code after plugin retrieved data and +# assigned values to variables. This function checks variables against all thresholds. +# It prepares statusdata and statusinfo and exitcode. +# @LAST CHANGED : 09-03-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be called after variables have values. Must be used as an object instance function +sub main_checkvars { + my $self = shift; + + $self->options_finishprocessing() if !exists($self->{'_called_options_finshprocessing'}); + if (exists($self->{'_called_main_checkvars'})) { return; } + + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self->{'_dataresults'}; + my $allVars = $self->{'_allVars'}; + my $datavars = $self->{'_datavars'}; + + my ($dvar,$avar,$aname,$perf_str,$chk)=(undef,undef,undef,undef,undef); + + # main loop to check for warning & critical thresholds + for (my $i=0;$i[$i]; + if (!defined($datavars->{$avar}) || scalar(@{$datavars->{$avar}})==0) { + if (defined($thresholds->{$avar}{'ABSENT'})) { + $self->set_statuscode($thresholds->{$avar}{'ABSENT'}); + } + else { + $self->set_statuscode("CRITICAL"); + } + $aname = $self->out_name($avar); + $self->addto_statusinfo_output($avar, "$aname data is missing"); + } + foreach $dvar (@{$datavars->{$avar}}) { + $aname = $self->out_name($dvar); + if (defined($dataresults->{$dvar}[0])) { + # main check + if (defined($avar)) { + if ($dataresults->{$dvar}[0] eq 0 && exists($thresholds->{$avar}{'ZERO'})) { + $self->set_statuscode($thresholds->{$avar}{'ZERO'}); + $self->addto_statusinfo_output($dvar, "$aname is zero") if $self->statuscode() ne 'OK'; + } + else { + $chk=undef; + if (exists($thresholds->{$avar}{'CRIT'})) { + $chk = $self->check_threshold($aname,lc $dataresults->{$dvar}[0], $thresholds->{$avar}{'CRIT'}); + if ($chk) { + $self->set_statuscode("CRITICAL"); + $self->addto_statusinfo_output($dvar,$chk); + } + } + if (exists($thresholds->{$avar}{'WARN'}) && (!defined($chk) || !$chk)) { + $chk = $self->check_threshold($aname,lc $dataresults->{$dvar}[0], $thresholds->{$avar}{'WARN'}); + if ($chk) { + $self->set_statuscode("WARNING"); + $self->addto_statusinfo_output($dvar,$chk); + } + } + } + } + # if we did not output to status line yet, do so + $self->addto_statusdata_output($dvar,$aname." is ".$dataresults->{$dvar}[0]); + + # if we were asked to output performance, prepare it but do not output until later + if ((defined($self->{'o_perf'}) && defined($avar) && !exists($thresholds->{$avar}{'PERF'})) || + (exists($thresholds->{$avar}{'PERF'}) && $thresholds->{$avar}{'PERF'} eq 'YES')) { + $perf_str = perf_name($aname).'='.$dataresults->{$dvar}[0]; + $self->set_perfdata($dvar, $perf_str, undef, "IFNOTSET"); # with undef UOM would get added + $dataresults->{$dvar}[2]=0; # this would clear -1 from preset perf data, making it ready for output + # below is where threshold info gets added to perfdata + if ((exists($thresholds->{$avar}{'WARN'}[5]) && $thresholds->{$avar}{'WARN'}[5] ne '') || + (exists($thresholds->{$avar}{'CRIT'}[5]) && $thresholds->{$avar}{'CRIT'}[5] ne '')) { + $perf_str = ';'; + $perf_str .= $thresholds->{$avar}{'WARN'}[5] if exists($thresholds->{$avar}{'WARN'}[5]) && $thresholds->{$avar}{'WARN'}[5] ne ''; + $perf_str .= ';'.$thresholds->{$avar}{'CRIT'}[5] if exists($thresholds->{$avar}{'CRIT'}[5]) && $thresholds->{$avar}{'CRIT'}[5] ne ''; + $self->set_perfdata($dvar, $perf_str, '', "ADD"); + } + } + } + } + } + $self->{'_called_main_checkvars'}=1; + # $statusinfo=trim($statusinfo); + # $statusdata=trim($statusdata); +} + +# @DESCRIPTION : This function is at the end. It prepares PERFOUT for output collecting all perf variables data +# @LAST CHANGED : 08-26-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be called after variables have values. Must be used as an object instance function +# Calling this function direcly is optional, its automatically called on 1st call to perfdata() +sub main_perfvars { + my $self = shift; + + my $dataresults = $self->{'_dataresults'}; + my $PERF_OK_STATUS_REGEX = $self->{'perfOKStatusRegex'}; + my $perfVars = $self->{'_perfVars'}; + my $known_vars = $self->{'knownStatusVars'}; + my $datavars = $self->{'_datavars'}; + my $avar; + my $dvar; + + $self->main_checkvars() if !exists($self->{'_called_main_checkvars'}); + if (exists($self->{'_called_main_perfvars'})) { return; } + + for (my $i=0;$i[$i]; + if (!defined($datavars->{$avar}) || scalar(@{$datavars->{$avar}})==0) { + $self->verb("Perfvar: $avar selected for PERFOUT but data not available"); + } + else { + foreach $dvar (@{$datavars->{$avar}}) { + if (defined($dataresults->{$dvar}[0])) { + $self->verb("Perfvar: $dvar ($avar) = ".$dataresults->{$dvar}[0]); + if (!defined($known_vars->{$avar}[1]) || $known_vars->{$avar}[1] =~ /$PERF_OK_STATUS_REGEX/ ) { + $self->addto_perfdata_output($dvar); + } + else { + $self->verb(" -- not adding to perfdata because of it is '".$known_vars->{$avar}[1]."' type variable --"); + } + } + else { + $self->verb("Perfvar: $avar selected for PERFOUT but data not defined"); + } + } + } + } + if (defined($self->{'o_prevperf'})) { + $self->addto_perfdata_output('_ptime', "_ptime=".time(), "REPLACE"); + } + foreach $dvar (keys %{$dataresults}) { + if (defined($dataresults->{$dvar}[3]) && $dataresults->{$dvar}[3] ne '') { + $self->verb("Perfvar (Dataresults Loop): $dvar => ".$dataresults->{$dvar}[3]); + $self->addto_perfdata_output($dvar); + } + } + + $self->{'_called_main_perfvars'}=1; + # $perfdata = trim($perfdata); +} + +# @DESCRIPTION : This function should be called at the very very end, it returns perf data output +# @LAST CHANGED : 08-22-12 by WL +# @INPUT : none +# @RETURNS : string of perfdata starting with "|" +# @PRIVACY & USE : PUBLIC, To be called during plugin output. Must be used as an object instance function +sub perfdata { + my $self=shift; + + $self->main_perfvars() if !exists($self->{'_called_main_perfvars'}); + my $perfdata = trim($self->{'_perfdata'}); + if ($perfdata ne '') { + return " | " . $perfdata; + } + return ""; +} + +# @DESCRIPTION : This function is called after data is available and calculates rate variables +# based on current and previous (saved in perfdata) values. +# @LAST CHANGED : 08-27-12 by WL +# @INPUT : none +# @RETURNS : nothing (future: 1 on success, 0 on error) +# @PRIVACY & USE : PUBLIC, To be called after variables have values. Must be used as an object instance function +sub calculate_ratevars { + my $self = shift; + + my $prev_perf = $self->{'_prevPerf'}; + my $ptime = $self->{'_perfcheck_time'}; + my $thresholds = $self->{'_thresholds'}; + my $dataresults = $self->{'_dataresults'}; + my $datavars = $self->{'_datavars'}; + my $allVars = $self->{'_allVars'}; + + my ($avar,$dvar,$nvar) = (undef,undef,undef); + my $timenow=time(); + if (defined($self->{'o_prevperf'}) && (defined($self->{'o_perf'}) || defined($self->{'o_perfvars'}))) { + for (my $i=0;$i[$i] =~ /^&(.*)/) { + $avar = $1; + if (defined($datavars->{$avar}) && scalar(@{$datavars->{$avar}})>0) { + foreach $dvar (@{$datavars->{$avar}}) { + $nvar = '&'.$dvar; + # this forces perfdata output if it was not already + if (defined($dataresults->{$dvar}) && $dataresults->{$dvar}[2]<1 && + (!defined($dataresults->{$dvar}[3]) || $dataresults->{$dvar}[3] eq '')) { + $self->set_perfdata($dvar, perf_name($self->out_name($dvar)).'='.$dataresults->{$dvar}[0], undef, "IFNOTSET"); + $self->set_threshold($dvar,'PERF','YES'); + $self->set_threshold($dvar,'SAVED','YES'); # will replace PERF in the future + } + if (defined($prev_perf->{$dvar}) && defined($ptime)) { + $self->add_data($nvar, + sprintf("%.2f",($dataresults->{$dvar}[0]-$prev_perf->{$dvar})/($timenow-$ptime))); + $self->verb("Calculating Rate of Change for $dvar ($avar) : ".$nvar."=". $self->vardata($nvar)); + } + } + } + } + } + } +} + +} +##################################### END OF THE LIBRARY FUNCTIONS ######################################### + +# parse command line options +sub check_options { + my $opt; + my $nlib = shift; + my %Options = (); + Getopt::Long::Configure("bundling"); + GetOptions(\%Options, + 'v:s' => \$o_verb, 'verbose:s' => \$o_verb, "debug:s" => \$o_verb, + 'h' => \$o_help, 'help' => \$o_help, + 'H:s' => \$o_host, 'hostname:s' => \$o_host, + 'p:i' => \$o_port, 'port:i' => \$o_port, + 't:i' => \$o_timeout, 'timeout:i' => \$o_timeout, + 'V' => \$o_version, 'version' => \$o_version, + 's:s' => \$o_mdsopt, 'stat:s' => \$o_mdsopt, + 'a:s' => \$o_variables, 'variables:s' => \$o_variables, + 'c:s' => \$o_crit, 'critical:s' => \$o_crit, + 'w:s' => \$o_warn, 'warn:s' => \$o_warn, + 'f:s' => \$o_perf, 'perfparse:s' => \$o_perf, + 'A:s' => \$o_perfvars, 'perfvars:s' => \$o_perfvars, + 'T:s' => \$o_timecheck, 'response_time:s' => \$o_timecheck, + 'R:s' => \$o_hitrate, 'hitrate:s' => \$o_hitrate, + 'U:s' => \$o_utilsize, 'utilization:s' => \$o_utilsize, + 'P:s' => \$o_prevperf, 'prev_perfdata:s' => \$o_prevperf, + 'E:s' => \$o_prevtime, 'prev_checktime:s'=> \$o_prevtime, + 'o=s' => \@o_check, 'check|option=s' => \@o_check, + 'rate_label:s' => \$o_ratelabel, + map { ($_) } $nlib->additional_options_list() + ); + + ($o_rprefix,$o_rsuffix)=split(/,/,$o_ratelabel) if defined($o_ratelabel) && $o_ratelabel ne ''; + + # Standard nagios plugin required options + if (defined($o_help)) { help($nlib); exit $ERRORS{"UNKNOWN"} }; + if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"} }; + + # access/connection options + if (!defined($o_host)) { print "Please specify hostname (-H)\n"; print_usage(); exit $ERRORS{"UNKNOWN"}; } + @o_mdslist=split(/,/, lc $o_mdsopt) if defined($o_mdsopt) && $o_mdsopt ne ''; + + # now start options processing in the library + $nlib->options_startprocessing(\%Options, $o_verb, $o_variables, $o_warn, $o_crit, $o_perf, $o_perfvars, $o_rprefix, $o_rsuffix); + + # additional variables/options calculated and added by this plugin + if (defined($o_timecheck) && $o_timecheck ne '') { + $nlib->verb("Processing timecheck thresholds: $o_timecheck"); + $nlib->add_thresholds('response_time',$o_timecheck); + } + if (defined($o_hitrate) && $o_hitrate ne '') { + $nlib->verb("Processing hitrate thresholds: $o_hitrate"); + $nlib->add_thresholds('hitrate',$o_hitrate); + $nlib->set_threshold('hitrate','ZERO','OK') if !defined($nlib->get_threshold('hitrate','ZERO')); # except case of hitrate=0, don't remember why I added it + } + if (defined($o_utilsize) && $o_utilsize ne '') { + $nlib->verb("Processing memory utilization thresholds: $o_utilsize"); + $nlib->add_thresholds('utilization',$o_utilsize); + } + # general check option, allows to specify everything, can be repeated more than once + foreach $opt (@o_check) { + $nlib->verb("Processing general check option: ".$opt); + $nlib->add_thresholds(undef,$opt); + } + + # finish it up + $nlib->options_finishprocessing(); + + $HOSTNAME = $o_host if defined($o_host); + $PORT = $o_port if defined($o_port); + $TIMEOUT = $o_timeout if defined($o_timeout); +} + +# Get the alarm signal (just in case nagios screws up) +$SIG{'ALRM'} = sub { + $memd->disconnect_all if defined($memd); + print ("ERROR: Alarm signal (Nagios time-out)\n"); + exit $ERRORS{"UNKNOWN"}; +}; + +########## MAIN ####### + +my $nlib = Naglio->lib_init('plugin_name' => 'check_memcached.pl', + 'plugins_authors' => 'William Leibzon', + 'plugin_description' => 'Memcached Monitoring Plugin for Nagios', + 'usage_function' => \&print_usage, + 'enable_long_options' => 1, + 'enable_rate_of_change' => 1); +$nlib->set_knownvars(\%KNOWN_STATUS_VARS, $PERF_OK_STATUS_REGEX); + +check_options($nlib); +$nlib->verb("check_memcached.pl plugin version ".$Version); + +# Check global timeout if plugin screws up +if (defined($TIMEOUT)) { + $nlib->verb("Alarm at $TIMEOUT"); + alarm($TIMEOUT); +} +else { + $nlib->verb("no timeout defined : $o_timeout + 10"); + alarm ($o_timeout+10); +} + +my $sock = new IO::Socket::INET( + PeerAddr => $HOSTNAME, + PeerPort => $PORT, + Proto => 'tcp', +); +if (!$sock) { + print "CRITICAL ERROR - Can not connect to '$HOSTNAME' on port $PORT\n"; + exit $ERRORS{'CRITICAL'}; +} +close($sock); + +my $start_time; +my $dsn = $HOSTNAME.":".$PORT; +$nlib->verb("connecting to $dsn"); +$start_time = [ Time::HiRes::gettimeofday() ] if defined($o_timecheck); +$memd = new Cache::Memcached { 'servers' => [ $dsn ] }; + +if (!$memd) { + print "CRITICAL ERROR - Memcache error connecting to '$HOSTNAME' on port $PORT\n"; + exit $ERRORS{'CRITICAL'}; +} + +# This returns hashref of various statistics data on memcached +# Basically results of 'stats', 'stats malloc', 'stats sizes', etc. +$nlib->verb("Requesting statistics on: ".join(',',@o_mdslist)); +my $stats = $memd->stats(\@o_mdslist); + +# some more variables for processing of the results +my $memdversion = ""; +my $vstat; +my $vnam; +my $vval; +my $dnam; +my $avar; + +# load all data into internal hash array +foreach $vstat (keys %{$stats->{'hosts'}{$dsn}}) { + $nlib->verb("Stats Data: vstat=$vstat reftype=".ref($stats->{'hosts'}{$dsn}{$vstat})); + if (defined($stats->{'hosts'}{$dsn}{$vstat})) { + if (ref($stats->{'hosts'}{$dsn}{$vstat}) eq 'HASH') { + foreach $vnam (keys %{$stats->{'hosts'}{$dsn}{$vstat}}) { + $vval = $stats->{'hosts'}{$dsn}{$vstat}{$vnam}; + if (defined($vval)) { + $nlib->verb("Stats Data: $vstat($vnam) = $vval"); + if (exists($KNOWN_STATUS_VARS{$vnam}) && $KNOWN_STATUS_VARS{$vnam}[1] eq 'VERSION') { + $memdversion = $vval; + } + else { + if ($vstat eq 'misc' || $vstat eq 'malloc') { + $dnam = $vnam; + } + else { + $dnam = $vstat.'_'.$vnam; + } + $nlib->add_data($dnam, $vval); + } + } + else { + $nlib->verb("Stats Data: $vstat($vnam) = NULL"); + } + } + } + elsif ($stats->{'hosts'}{$dsn}{$vstat} =~ /ERROR/) { + $nlib->verb("Memcached Perl Library ERROR getting stats for $vstat"); + } + else { + $vval = $stats->{'hosts'}{$dsn}{$vstat}; + chop($vval); + my @lines = split("\n",$vval); + my $count=0; + foreach my $ln (@lines) { + $count++; + if ($ln =~ /STAT\s+(.*)\s+(\d+)/) { + $vval = $2; + $dnam = $1; + $dnam =~ s/\:/_/g; + $dnam = $vstat.'_'.$dnam if $dnam !~ /^$vstat/; + } + else { + $dnam = $vstat."_".$count; + $vval = $ln; + $vval =~ s/\s/_/g; + } + $nlib->verb("Stats Data: $vstat($dnam) = $vval"); + $nlib->add_data($dnam, $vval); + } + } + } +} +$memd->disconnect_all; + +# Response Time +if (defined($o_timecheck)) { + $nlib->add_data('response_time',Time::HiRes::tv_interval($start_time)); + $nlib->addto_statusdata_output('response_time',sprintf("response in %.3fs",$nlib->vardata('response_time'))); + if (defined($o_perf)) { + $nlib->set_perfdata('response_time','response_time='.$nlib->vardata('response_time'),'s'); + } +} + +# calculate rate variables +$nlib->calculate_ratevars(); + +# Memory Use Utilization +my $bytes = $nlib->vardata('bytes'); +my $maxbytes = $nlib->vardata('limit_maxbytes'); +my $utilization = 0; +if (defined($o_utilsize) && defined($bytes) && defined($maxbytes)) { + if (defined($maxbytes) && $maxbytes!=0) { + $utilization = $bytes / $maxbytes * 100; + } + $nlib->add_data('utilization',$utilization); + $nlib->addto_statusdata_output('utilization',sprintf(" in use %.2f%% of space", $utilization)); + if (defined($o_perf)) { + $nlib->set_perfdata('utilization',sprintf("utilization=%.5f", $utilization), '%'); + } +} + +# CPU Use - Converts floating seconds to integer ms +if (defined($nlib->vardata('rusage_user'))) { + $nlib->add_data('rusage_user_ms',int($nlib->vardata('rusage_user')*100+0.5)); +} +if (defined($nlib->vardata('rusage_system'))) { + $nlib->add_data('rusage_system_ms',int($nlib->vardata('rusage_system')*100+0.5)); +} + +# Hitrate +my $hits_total=0; +my $hitrate=0; +my $hitrate_all=0; +my $hits_hits = $nlib->vardata('get_hits'); +my $get_misses = $nlib->vardata('get_misses'); +if (defined($o_hitrate) && defined($get_misses) && defined($hits_hits)) { + if (defined($o_prevperf) && defined($o_perf)) { + $nlib->set_perfdata('get_misses','get_misses='.$get_misses,'c'); + $nlib->set_perfdata('get_hits','get_hits='.$hits_hits,'c'); + } + $hits_total = $hits_hits + $get_misses; + $nlib->verb("Calculating Hitrate : total=".$hits_total." hits=".$hits_hits); + if (defined($hits_hits) && defined($nlib->prev_perf('get_hits')) && defined($nlib->prev_perf('get_misses')) && $hits_hits > $nlib->prev_perf('get_hits')) { + $hitrate_all = $hits_hits/$hits_total*100 if $hits_total!=0; + $hits_hits -= $nlib->prev_perf('get_hits'); + $hits_total -= $nlib->prev_perf('get_misses'); + $hits_total -= $nlib->prev_perf('get_hits'); + $nlib->verb("Calculating Hitrate. Adjusted based on previous values. total=".$hits_total." hits=".$hits_hits); + } + if (defined($hits_hits)) { + if ($hits_total!=0) { + $hitrate= sprintf("%.4f", $hits_hits/$hits_total*100); + } + $nlib->add_data('hitrate',$hitrate); + my $sdata .= sprintf(" hitrate is %.2f%%", $hitrate); + $sdata .= sprintf(" (%.2f%% from launch)", $hitrate_all) if ($hitrate_all!=0); + $nlib->addto_statusdata_output('hitrate',$sdata); + if (defined($o_perf)) { + $nlib->set_perfdata('hitrate',"hitrate=$hitrate",'%'); + } + } +} + +# Check thresholds in all variables and prepare status and performance data for output +$nlib->main_checkvars(); +$nlib->main_perfvars(); + +# now output the results +print "MEMCACHE "; +print $nlib->statuscode() .': '. $nlib->statusinfo(); +print " - " if $nlib->statusinfo(); +# print "MEMCACHED " . $memdversion . ' on ' . $HOSTNAME. ':'. $PORT ' is '. $statuscode . $statusinfo; +print "memcached " . $memdversion . ' on ' . $HOSTNAME. ':'. $PORT; +print ', up '.$nlib->uptime_info($nlib->vardata('uptime')) if defined($nlib->vardata('uptime')); +print " - " . $nlib->statusdata() if $nlib->statusdata(); +print $nlib->perfdata(); +print "\n"; + +# end exit +exit $ERRORS{$nlib->statuscode()}; diff --git a/memcached/handlers/main.yml b/memcached/handlers/main.yml index 4514db94..136c39d7 100644 --- a/memcached/handlers/main.yml +++ b/memcached/handlers/main.yml @@ -8,3 +8,8 @@ service: name: munin-node state: restarted + +- name: restart nagios-nrpe-server + service: + name: nagios-nrpe-server + state: restarted diff --git a/memcached/tasks/main.yml b/memcached/tasks/main.yml index b21142cd..083c0134 100644 --- a/memcached/tasks/main.yml +++ b/memcached/tasks/main.yml @@ -23,3 +23,4 @@ - memcached - include: munin.yml +- include: nrpe.yml diff --git a/memcached/tasks/nrpe.yml b/memcached/tasks/nrpe.yml new file mode 100644 index 00000000..139a3a10 --- /dev/null +++ b/memcached/tasks/nrpe.yml @@ -0,0 +1,26 @@ +--- +- name: Is nrpe present ? + stat: + path: /etc/nagios/nrpe.d/evolix.cfg + register: nrpe_evolix_config + +- block: + - name: Install dependencies + apt: + name: libcache-memcached-perl + + - name: Copy Nagios check for memcached + copy: + src: check_memcached.pl + dest: /usr/local/lib/nagios/plugins/ + mode: "0755" + + - name: Add NRPE check + lineinfile: + name: /etc/nagios/nrpe.d/evolix.cfg + regexp: '^command\[check_memcached\]=' + line: 'command[check_memcached]=/usr/local/lib/nagios/plugins/check_memcached.pl -H 127.0.0.1' + notify: restart nagios-nrpe-server + + when: nrpe_evolix_config.stat.exists + From 24aeff2e72820ef83da6d81a9b66ccfcb28c8eb7 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Mon, 26 Mar 2018 09:53:35 +0200 Subject: [PATCH 47/82] rbenv: fix become user issue with copy tasks --- CHANGELOG.md | 1 + rbenv/tasks/main.yml | 23 ++++++++++++++--------- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b852b93b..b0de0a55 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -34,6 +34,7 @@ The **patch** part changes incrementally at each release. * nginx: fix basic auth for default vhost * dovecot: fix support of plus sign * mysql/mysql-oracle: mysqltuner cron task is executable +* rbenv: fix become user issue with copy tasks ## [9.1.6] - 2018-02-02 diff --git a/rbenv/tasks/main.yml b/rbenv/tasks/main.yml index 7b680e83..12af65c5 100644 --- a/rbenv/tasks/main.yml +++ b/rbenv/tasks/main.yml @@ -18,6 +18,20 @@ - rbenv - packages +- name: default gems are installed for {{ username }} + copy: + src: default-gems + dest: '{{ rbenv_root }}/default-gems' + owner: '{{ username }}' + group: '{{ username }}' + +- name: gemrc for {{ username }} + copy: + src: gemrc + dest: "~{{ username }}/.gemrc" + owner: '{{ username }}' + group: '{{ username }}' + - block: - name: Rbenv repository is checked out for {{ username }} git: @@ -50,15 +64,6 @@ eval "$(rbenv init -)" marker: "# {mark} ANSIBLE MANAGED RBENV INIT" - - name: default gems are installed for {{ username }} - copy: - src: default-gems - dest: '{{ rbenv_root }}/default-gems' - - - name: gemrc for {{ username }} - copy: - src: gemrc - dest: ~/.gemrc - name: is Ruby {{ rbenv_ruby_version }} available for {{ username }} ? shell: /bin/bash -lc "rbenv versions | grep {{ rbenv_ruby_version }}" From 1b4ea6e85932f6ad397bfa3fc986870f4be533ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Sun, 25 Mar 2018 22:32:16 +0200 Subject: [PATCH 48/82] whitespaces --- php/tasks/fpm.yml | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/php/tasks/fpm.yml b/php/tasks/fpm.yml index 06dc4202..2369f483 100644 --- a/php/tasks/fpm.yml +++ b/php/tasks/fpm.yml @@ -5,8 +5,8 @@ name: '{{ item }}' state: present with_items: - - php5-fpm - - php5 + - php5-fpm + - php5 when: ansible_distribution_release == "jessie" - name: "Install PHP FPM packages (Debian 9 or later)" @@ -14,8 +14,8 @@ name: '{{ item }}' state: present with_items: - - php-fpm - - php + - php-fpm + - php when: ansible_distribution_major_version | version_compare('9', '>=') - name: "Set config files for FPM (jessie)" @@ -43,12 +43,12 @@ mode: "0644" create: yes with_items: - - { option: "short_open_tag", value: "Off" } - - { option: "expose_php", value: "Off" } - - { option: "display_errors", value: "Off" } - - { option: "log_errors", value: "On" } - - { option: "html_errors", value: "Off" } - - { option: "allow_url_fopen", value: "Off" } + - { option: "short_open_tag", value: "Off" } + - { option: "expose_php", value: "Off" } + - { option: "display_errors", value: "Off" } + - { option: "log_errors", value: "On" } + - { option: "html_errors", value: "Off" } + - { option: "allow_url_fopen", value: "Off" } - name: Disable PHP functions for FPM ini_file: @@ -73,15 +73,15 @@ mode: "0644" create: yes with_items: - - { option: "pm", value: "ondemand" } - - { option: "pm.max_children", value: "100" } - - { option: "pm.process_idle_timeout", value: "10s" } - - { option: "slowlog", value: "log/$pool.log.slow" } - - { option: "request_slowlog_timeout", value: "5s" } - - { option: "pm.status_path", value: "/fpm_status" } - - { option: "request_terminate_timeout", value: "60s" } - - { option: "chroot", value: "/var/www/html" } when: ansible_distribution_major_version | version_compare('9', '>=') + - { option: "pm", value: "ondemand" } + - { option: "pm.max_children", value: "100" } + - { option: "pm.process_idle_timeout", value: "10s" } + - { option: "slowlog", value: "log/$pool.log.slow" } + - { option: "request_slowlog_timeout", value: "5s" } + - { option: "pm.status_path", value: "/fpm_status" } + - { option: "request_terminate_timeout", value: "60s" } + - { option: "chroot", value: "/var/www/html" } - name: Custom PHP FPM values copy: @@ -99,6 +99,5 @@ value: "{{ item.value }}" mode: "0644" with_items: - - { option: "date.timezone", value: "Europe/Paris" } + - { option: "date.timezone", value: "Europe/Paris" } when: php_symfony_requirements - From d4da36ffa7a2fe5b9f205e6db87d12bb29804d6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Sun, 25 Mar 2018 22:32:37 +0200 Subject: [PATCH 49/82] php: restart fpm if needed --- php/tasks/fpm.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/php/tasks/fpm.yml b/php/tasks/fpm.yml index 2369f483..5b27251d 100644 --- a/php/tasks/fpm.yml +++ b/php/tasks/fpm.yml @@ -49,6 +49,7 @@ - { option: "log_errors", value: "On" } - { option: "html_errors", value: "Off" } - { option: "allow_url_fopen", value: "Off" } + notify: restart php-fpm - name: Disable PHP functions for FPM ini_file: @@ -56,6 +57,7 @@ section: PHP option: disable_functions value: "exec,shell-exec,system,passthru,putenv,popen" + notify: restart php-fpm - name: Custom php.ini for FPM copy: @@ -63,6 +65,7 @@ content: | ; Put customized values here. force: no + notify: restart php-fpm - name: Set default PHP FPM values ini_file: @@ -82,6 +85,7 @@ - { option: "pm.status_path", value: "/fpm_status" } - { option: "request_terminate_timeout", value: "60s" } - { option: "chroot", value: "/var/www/html" } + notify: restart php-fpm - name: Custom PHP FPM values copy: @@ -90,6 +94,7 @@ ; Put customized values here. ; default_charset = "ISO-8859-1" force: no + notify: restart php-fpm - name: "Set custom values for PHP to enable Symfony" ini_file: @@ -100,4 +105,5 @@ mode: "0644" with_items: - { option: "date.timezone", value: "Europe/Paris" } + notify: restart php-fpm when: php_symfony_requirements From 3d4733fc1345f8e93927207229bc01fdcf411278 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Sun, 25 Mar 2018 22:33:31 +0200 Subject: [PATCH 50/82] php: fix fpm custom file permissions --- php/tasks/fpm.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/php/tasks/fpm.yml b/php/tasks/fpm.yml index 5b27251d..b7d169b4 100644 --- a/php/tasks/fpm.yml +++ b/php/tasks/fpm.yml @@ -93,6 +93,7 @@ content: | ; Put customized values here. ; default_charset = "ISO-8859-1" + mode: "0644" force: no notify: restart php-fpm From 690318e4350f877fe9051da7fb9215ac9a3bb52a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Mon, 26 Mar 2018 21:53:32 +0200 Subject: [PATCH 51/82] Update CHANGELOG for php changes --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b852b93b..7908077f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,8 @@ The **patch** part changes incrementally at each release. * nginx: package name can be specified (default: `nginx-full`) * evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues) * webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined +* php: fix FPM custom file permissions +* php: more tasks notify FPM handler to restart if needed ### Fixed * nginx: fix basic auth for default vhost From 44de2b84ec19ee37c3026fd1ed08bf39f5d90fbf Mon Sep 17 00:00:00 2001 From: Daniel Jakots Date: Wed, 28 Mar 2018 09:50:41 -0400 Subject: [PATCH 52/82] Add script to exclude a time slot from monitoring --- .../files/plugins/exclude-time-slot-wrapper.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh diff --git a/nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh b/nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh new file mode 100644 index 00000000..59619030 --- /dev/null +++ b/nagios-nrpe/files/plugins/exclude-time-slot-wrapper.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +# timestamp modulo 1 day. +time=$(($(date +"%s") %86400)) + +# pour trouver les valeurs : prendre l'heure en *UTC* +# et faire H * 3600 + M * 60 + S +if [ $time -ge 7200 ] && [ $time -lt 10800 ]; then + echo "In excluded time slot." + exit 0 +else + $@ + exit $? +fi From 3d35f7f7631ad67d1554cf058592186ba8ebc7c5 Mon Sep 17 00:00:00 2001 From: Daniel Jakots Date: Wed, 28 Mar 2018 09:52:38 -0400 Subject: [PATCH 53/82] Remove unused files since 4a81d12 --- nagios-nrpe/files/plugins_bsd/check_carp_if | 65 ------- .../files/plugins_bsd/check_free_mem.sh | 162 ------------------ .../files/plugins_bsd/check_ipsecctl.sh | 23 --- nagios-nrpe/files/plugins_bsd/check_openvpn | 9 - nagios-nrpe/files/plugins_bsd/check_pf_states | 21 --- 5 files changed, 280 deletions(-) delete mode 100755 nagios-nrpe/files/plugins_bsd/check_carp_if delete mode 100755 nagios-nrpe/files/plugins_bsd/check_free_mem.sh delete mode 100755 nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh delete mode 100755 nagios-nrpe/files/plugins_bsd/check_openvpn delete mode 100755 nagios-nrpe/files/plugins_bsd/check_pf_states diff --git a/nagios-nrpe/files/plugins_bsd/check_carp_if b/nagios-nrpe/files/plugins_bsd/check_carp_if deleted file mode 100755 index 3fe1dc54..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_carp_if +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2012, Claudiu Vasadi -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# -# 1. Redistributions of source code must retain the above copyright notice, this -# list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright notice, -# this list of conditions and the following disclaimer in the documentation -# and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR -# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# The views and conclusions contained in the software and documentation are those -# of the authors and should not be interpreted as representing official policies, -# either expressed or implied, of the FreeBSD Project. - - -# -# Script to check the state (master/backup) of a carp internface -# $1 - carp if -# $2 - state -# - -. /usr/local/libexec/nagios/utils.sh - -# check if $1 and $2 is set -if [ -z "$1" ];then - echo "carp interface not set. Exiting ..." - exit "$STATE_CRITICAL" -fi - -if [ -z "$2" ];then - echo "Interface status not set. Exiting ..." - exit "$STATE_CRITICAL" -fi - -# check if the carp interface exists or not -ifconfig $1 > /dev/null -if [ $? != "0" ];then - echo "carp interface $1 does not exist. Exiting ...." - exit "$STATE_CRITICAL" -fi - -# check state -ifconfig $1 | grep -i $2 > /dev/null -if [ $? != "0" ];then - echo "NOT_OK - $1 should be $2" - exit "$STATE_CRITICAL" -else - echo "OK - $1 is $2" - exit "$STATE_OK" -fi diff --git a/nagios-nrpe/files/plugins_bsd/check_free_mem.sh b/nagios-nrpe/files/plugins_bsd/check_free_mem.sh deleted file mode 100755 index f0b79c8a..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_free_mem.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/bin/ksh - -################################################################################ -# Sample Nagios plugin to monitor free memory on the local machine # -# Author: Daniele Mazzocchio (http://www.kernel-panic.it/) # -################################################################################ - -VERSION="Version 1.0" -AUTHOR="(c) 2007-2009 Daniele Mazzocchio (danix@kernel-panic.it)" - -PROGNAME=`/usr/bin/basename $0` - -# Constants -BYTES_IN_MB=$(( 1024 * 1024 )) -KB_IN_MB=1024 - -# Exit codes -STATE_OK=0 -STATE_WARNING=1 -STATE_CRITICAL=2 -STATE_UNKNOWN=3 - -# Helper functions ############################################################# - -function print_revision { - # Print the revision number - echo "$PROGNAME - $VERSION" -} - -function print_usage { - # Print a short usage statement - echo "Usage: $PROGNAME [-v] -w -c " -} - -function print_help { - # Print detailed help information - print_revision - echo "$AUTHOR\n\nCheck free memory on local machine\n" - print_usage - - /bin/cat <<__EOT - -Options: --h - Print detailed help screen --V - Print version information - --w INTEGER - Exit with WARNING status if less than INTEGER MB of memory are free --w PERCENT% - Exit with WARNING status if less than PERCENT of memory is free --c INTEGER - Exit with CRITICAL status if less than INTEGER MB of memory are free --c PERCENT% - Exit with CRITICAL status if less than PERCENT of memory is free --v - Verbose output -__EOT -} - -# Main ######################################################################### - -# Total memory size (in MB) -tot_mem=$(( `/sbin/sysctl -n hw.physmem` / BYTES_IN_MB)) -# Free memory size (in MB) -free_mem=$(/usr/bin/vmstat | /usr/bin/tail -1 | /usr/bin/awk '{ print $4 }' | tr -d 'M') -# Free memory size (in percentage) -free_mem_perc=$(( free_mem * 100 / tot_mem )) - -# Verbosity level -verbosity=0 -# Warning threshold -thresh_warn= -# Critical threshold -thresh_crit= - -# Parse command line options -while [ "$1" ]; do - case "$1" in - -h | --help) - print_help - exit $STATE_OK - ;; - -V | --version) - print_revision - exit $STATE_OK - ;; - -v | --verbose) - : $(( verbosity++ )) - shift - ;; - -w | --warning | -c | --critical) - if [[ -z "$2" || "$2" = -* ]]; then - # Threshold not provided - echo "$PROGNAME: Option '$1' requires an argument" - print_usage - exit $STATE_UNKNOWN - elif [[ "$2" = +([0-9]) ]]; then - # Threshold is a number (MB) - thresh=$2 - elif [[ "$2" = +([0-9])% ]]; then - # Threshold is a percentage - thresh=$(( tot_mem * ${2%\%} / 100 )) - else - # Threshold is neither a number nor a percentage - echo "$PROGNAME: Threshold must be integer or percentage" - print_usage - exit $STATE_UNKNOWN - fi - [[ "$1" = *-w* ]] && thresh_warn=$thresh || thresh_crit=$thresh - shift 2 - ;; - -?) - print_usage - exit $STATE_OK - ;; - *) - echo "$PROGNAME: Invalid option '$1'" - print_usage - exit $STATE_UNKNOWN - ;; - esac -done - -if [[ -z "$thresh_warn" || -z "$thresh_crit" ]]; then - # One or both thresholds were not specified - echo "$PROGNAME: Threshold not set" - print_usage - exit $STATE_UNKNOWN -elif [[ "$thresh_crit" -gt "$thresh_warn" ]]; then - # The warning threshold must be greater than the critical threshold - echo "$PROGNAME: Warning free space should be more than critical free space" - print_usage - exit $STATE_UNKNOWN -fi - -if [[ "$verbosity" -ge 2 ]]; then - # Print debugging information - /bin/cat <<__EOT -Debugging information: - Warning threshold: $thresh_warn MB - Critical threshold: $thresh_crit MB - Verbosity level: $verbosity - Total memory: $tot_mem MB - Free memory: $free_mem MB ($free_mem_perc%) -__EOT -fi - -if [[ "$free_mem" -lt "$thresh_crit" ]]; then - # Free memory is less than the critical threshold - echo "MEMORY CRITICAL - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)" - exit $STATE_CRITICAL -elif [[ "$free_mem" -lt "$thresh_warn" ]]; then - # Free memory is less than the warning threshold - echo "MEMORY WARNING - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)" - exit $STATE_WARNING -else - # There's enough free memory! - echo "MEMORY OK - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)" - exit $STATE_OK -fi diff --git a/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh b/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh deleted file mode 100755 index 4cdeaa94..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -IPSECCTL="/sbin/ipsecctl -s sa" -STATUS=0 - -LINE1=`$IPSECCTL | grep "from $1 to $2" ` -if [ $? -eq 1 ]; then - STATUS=2; - OUTPUT1="No VPN from $1 to $2 " -fi - -LINE2=`$IPSECCTL | grep "from $2 to $1" ` -if [ $? -eq 1 ]; then - STATUS=2; - OUTPUT2="No VPN from $2 to $1" -fi - -if [ $STATUS -eq 0 ]; then - echo "VPN OK - $3 is up" - exit $STATUS -else - echo "VPN DOWN - $3 is down ($OUTPUT1 $OUTPUT2)" - exit $STATUS -fi diff --git a/nagios-nrpe/files/plugins_bsd/check_openvpn b/nagios-nrpe/files/plugins_bsd/check_openvpn deleted file mode 100755 index 4ae14acd..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_openvpn +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -if netstat -an|grep '.1194' >/dev/null; then - echo "VPN OK" - return 0 -else - echo "PROCESS NOT LISTENING" - return 2 -fi diff --git a/nagios-nrpe/files/plugins_bsd/check_pf_states b/nagios-nrpe/files/plugins_bsd/check_pf_states deleted file mode 100755 index fa93e50f..00000000 --- a/nagios-nrpe/files/plugins_bsd/check_pf_states +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -# Script writen by Evolix - -_WARNING_STATES_LIMIT=130000 -_CRTICAL_STATES_LIMIT=150000 - -. /usr/local/libexec/nagios/utils.sh - -_CHECK_STATES=$(/sbin/pfctl -si | /usr/bin/grep current | /usr/bin/sed s,\ current\ entries\ ,,g | /usr/bin/sed -e 's,^[ \t]*,,' | /usr/bin/sed 's, *$,,') - -if [ $_CHECK_STATES -lt $_WARNING_STATES_LIMIT ];then - echo "OK: States number ($_CHECK_STATES) is below threshold ($_WARNING_STATES_LIMIT / $_CRTICAL_STATES_LIMIT)" - exit "$STATE_OK" -elif [ $_CHECK_STATES -ge $_WARNING_STATES_LIMIT ] && [ $_CHECK_STATES -lt $_CRTICAL_STATES_LIMIT ];then - echo "WARNING: States number is $_CHECK_STATES (threshold WARNING = $_WARNING_STATES_LIMIT)" - exit "$_STATE_WARNING" -else - echo "CRITICAL: States number is $_CHECK_STATES (threshold CRITICAL = $_CRTICAL_STATES_LIMIT)" - exit "$_STATE_CRITICAL" -fi From f5339568ed4a268a63f33e2c1735e24dd8a8b6f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 28 Mar 2018 21:12:24 +0200 Subject: [PATCH 54/82] nginx: don't debug variables in verbosity 0 --- CHANGELOG.md | 1 + nginx/tasks/server_status.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d06f5f4e..9b5f56c2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,7 @@ The **patch** part changes incrementally at each release. * webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined * php: fix FPM custom file permissions * php: more tasks notify FPM handler to restart if needed +* nginx: don't debug variables in verbosity 0 ### Fixed * nginx: fix basic auth for default vhost diff --git a/nginx/tasks/server_status.yml b/nginx/tasks/server_status.yml index 702d0082..4eeed7e7 100644 --- a/nginx/tasks/server_status.yml +++ b/nginx/tasks/server_status.yml @@ -29,6 +29,7 @@ - debug: var: nginx_serverstatus_suffix + verbosity: 1 - name: replace server-status suffix in default site index replace: From ad3383a51056fab38471524e44854fa970da863c Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 29 Mar 2018 16:41:49 +0200 Subject: [PATCH 55/82] Install ncurses-term for additional terminal types When connecting to a server from urxvt, the session behaves like one with xterm. --- CHANGELOG.md | 1 + evolinux-base/tasks/packages.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b5f56c2..ea3dc2a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ The **patch** part changes incrementally at each release. * haproxy: install Munin plugins * proftpd: use proftpd_accounts list for manage ftp accounts * etc-git: add tags for Ansible +* evolinux-base: install ncurses-term package ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). diff --git a/evolinux-base/tasks/packages.yml b/evolinux-base/tasks/packages.yml index 260a6387..74b41667 100644 --- a/evolinux-base/tasks/packages.yml +++ b/evolinux-base/tasks/packages.yml @@ -58,6 +58,7 @@ - rsync - bc - pinentry-curses + - ncurses-term when: evolinux_packages_common - name: Be sure that openntpd package is absent/purged From e27c96fd2f768ad9047e085ce9f90c5b706508a4 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Fri, 30 Mar 2018 15:34:45 +0200 Subject: [PATCH 56/82] rbenv: Correct the changes done in 24aeff2e about become user issues --- rbenv/tasks/main.yml | 161 +++++++++++++++++++++++++------------------ 1 file changed, 93 insertions(+), 68 deletions(-) diff --git a/rbenv/tasks/main.yml b/rbenv/tasks/main.yml index 12af65c5..aa914508 100644 --- a/rbenv/tasks/main.yml +++ b/rbenv/tasks/main.yml @@ -18,13 +18,6 @@ - rbenv - packages -- name: default gems are installed for {{ username }} - copy: - src: default-gems - dest: '{{ rbenv_root }}/default-gems' - owner: '{{ username }}' - group: '{{ username }}' - - name: gemrc for {{ username }} copy: src: gemrc @@ -32,67 +25,99 @@ owner: '{{ username }}' group: '{{ username }}' -- block: - - name: Rbenv repository is checked out for {{ username }} - git: - repo: '{{ rbenv_repo }}' - dest: '{{ rbenv_root }}' - version: '{{ rbenv_version }}' - accept_hostkey: yes - force: yes - - - name: plugins directory for {{ username }} - file: - path: '{{ rbenv_root }}/plugins' - state: directory - - - name: plugins are installed for {{ username }} - git: - repo: '{{ item.repo }}' - dest: '{{ rbenv_root }}/plugins/{{ item.name }}' - version: '{{ item.version }}' - accept_hostkey: yes - force: yes - with_items: - - "{{ rbenv_plugins }}" - - - name: Rbenv is initialized in profile for {{ username }} - blockinfile: - dest: '~{{ username }}/.profile' - block: | - export PATH="{{ rbenv_root }}/bin:$PATH" - eval "$(rbenv init -)" - marker: "# {mark} ANSIBLE MANAGED RBENV INIT" - - - - name: is Ruby {{ rbenv_ruby_version }} available for {{ username }} ? - shell: /bin/bash -lc "rbenv versions | grep {{ rbenv_ruby_version }}" - args: - warn: no - failed_when: False - changed_when: False - register: ruby_installed - - - name: Ruby {{ rbenv_ruby_version }} is available for {{ username }} (be patient... could be long) - shell: /bin/bash -lc "TMPDIR=~/tmp rbenv install {{ rbenv_ruby_version }}" - args: - warn: no - when: ruby_installed.rc != 0 - - - name: is Ruby {{ rbenv_ruby_version }} selected for {{ username }} ? - shell: /bin/bash -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv_ruby_version }}'" - args: - warn: no - register: ruby_selected - changed_when: False - failed_when: False - - - name: select Ruby {{ rbenv_ruby_version }} for {{ username }} - shell: /bin/bash -lc "rbenv global {{ rbenv_ruby_version }} && rbenv rehash" - args: - warn: no - when: ruby_selected.rc != 0 - +- name: Rbenv repository is checked out for {{ username }} + git: + repo: '{{ rbenv_repo }}' + dest: '{{ rbenv_root }}' + version: '{{ rbenv_version }}' + accept_hostkey: yes + force: yes + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: default gems are installed for {{ username }} + copy: + src: default-gems + dest: '{{ rbenv_root }}/default-gems' + owner: '{{ username }}' + group: '{{ username }}' + +- name: plugins directory for {{ username }} + file: + path: '{{ rbenv_root }}/plugins' + state: directory + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: plugins are installed for {{ username }} + git: + repo: '{{ item.repo }}' + dest: '{{ rbenv_root }}/plugins/{{ item.name }}' + version: '{{ item.version }}' + accept_hostkey: yes + force: yes + with_items: + - "{{ rbenv_plugins }}" + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: Rbenv is initialized in profile for {{ username }} + blockinfile: + dest: '~{{ username }}/.profile' + block: | + export PATH="{{ rbenv_root }}/bin:$PATH" + eval "$(rbenv init -)" + marker: "# {mark} ANSIBLE MANAGED RBENV INIT" + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: is Ruby {{ rbenv_ruby_version }} available for {{ username }} ? + shell: /bin/bash -lc "rbenv versions | grep {{ rbenv_ruby_version }}" + args: + warn: no + failed_when: False + changed_when: False + register: ruby_installed + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: Ruby {{ rbenv_ruby_version }} is available for {{ username }} (be patient... could be long) + shell: /bin/bash -lc "TMPDIR=~/tmp rbenv install {{ rbenv_ruby_version }}" + args: + warn: no + when: ruby_installed.rc != 0 + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: is Ruby {{ rbenv_ruby_version }} selected for {{ username }} ? + shell: /bin/bash -lc "rbenv version | cut -d ' ' -f 1 | grep -Fx '{{ rbenv_ruby_version }}'" + args: + warn: no + register: ruby_selected + changed_when: False + failed_when: False + become_user: "{{ username }}" + become: yes + tags: + - rbenv + +- name: select Ruby {{ rbenv_ruby_version }} for {{ username }} + shell: /bin/bash -lc "rbenv global {{ rbenv_ruby_version }} && rbenv rehash" + args: + warn: no + when: ruby_selected.rc != 0 become_user: "{{ username }}" become: yes tags: From 7385e2894ecaf0f76c24919c24a049ec4e4fb0ee Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 30 Mar 2018 18:43:03 +0200 Subject: [PATCH 57/82] evoacme: fix version comparison for evoacme --- evoacme/templates/nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/evoacme/templates/nginx.conf.j2 b/evoacme/templates/nginx.conf.j2 index 378d37cb..e32da1d5 100644 --- a/evoacme/templates/nginx.conf.j2 +++ b/evoacme/templates/nginx.conf.j2 @@ -1,5 +1,5 @@ location ~ /.well-known/acme-challenge { -{% if ansible_distribution_major_version > 8 %} +{% if ansible_distribution_major_version | version_compare('9', '>=') %} alias {{ evoacme_acme_dir }}/; {% else %} alias {{ evoacme_acme_dir }}/.well-known/acme-challenge; From ce11c39ce4b33f4501d3cb4b16c6b36c0785fc1a Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 30 Mar 2018 18:45:20 +0200 Subject: [PATCH 58/82] evoacme: add a symlink for vhosts with old path --- evoacme/tasks/nginx.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/evoacme/tasks/nginx.yml b/evoacme/tasks/nginx.yml index e55374c8..44fc6656 100644 --- a/evoacme/tasks/nginx.yml +++ b/evoacme/tasks/nginx.yml @@ -13,3 +13,23 @@ owner: root group: root mode: "0644" + +- name: look for old path + command: grep -r /etc/nginx/letsencrypt.conf /etc/nginx + changed_when: False + failed_when: False + check_mode: no + register: grep_letsencrypt_old_path + +- name: Keep a symlink for vhosts with old path + file: + src: /etc/nginx/snippets/letsencrypt.conf + dest: /etc/nginx/letsencrypt.conf + state: link + when: grep_letsencrypt_old_path.rc == 0 + +- name: Remove symlink if no vhost with old path + file: + dest: /etc/nginx/letsencrypt.conf + state: absent + when: grep_letsencrypt_old_path.rc == 1 From 3038ad8fdc927da491c0c629b843bddaa92169e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 4 Apr 2018 09:59:26 +0200 Subject: [PATCH 59/82] webapps: fix task indentation --- webapps/evoadmin-web/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/webapps/evoadmin-web/tasks/main.yml b/webapps/evoadmin-web/tasks/main.yml index 00df6cc4..46c04f13 100644 --- a/webapps/evoadmin-web/tasks/main.yml +++ b/webapps/evoadmin-web/tasks/main.yml @@ -1,8 +1,8 @@ --- - fail: - msg: Please configure var evoadmin_contact_email -when: evoadmin_contact_email is none + msg: Please configure var evoadmin_contact_email + when: evoadmin_contact_email is none - include: packages.yml From 3af7d2d679e9dbd959123ccb09839791c0f6d935 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 4 Apr 2018 09:59:04 +0200 Subject: [PATCH 60/82] php: fix condition statement position --- php/tasks/fpm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/php/tasks/fpm.yml b/php/tasks/fpm.yml index b7d169b4..6736f971 100644 --- a/php/tasks/fpm.yml +++ b/php/tasks/fpm.yml @@ -76,7 +76,6 @@ mode: "0644" create: yes with_items: - when: ansible_distribution_major_version | version_compare('9', '>=') - { option: "pm", value: "ondemand" } - { option: "pm.max_children", value: "100" } - { option: "pm.process_idle_timeout", value: "10s" } @@ -86,6 +85,7 @@ - { option: "request_terminate_timeout", value: "60s" } - { option: "chroot", value: "/var/www/html" } notify: restart php-fpm + when: ansible_distribution_major_version | version_compare('9', '>=') - name: Custom PHP FPM values copy: From 6a1490422726951ade93dad59c6ed148f0e1ed79 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Wed, 4 Apr 2018 10:15:51 +0200 Subject: [PATCH 61/82] nodejs: install yarn optionaly with var (default: ) --- nodejs/defaults/main.yml | 1 + nodejs/files/yarnpkg.gpg.key | 152 +++++++++++++++++++++++++++++++++++ nodejs/tasks/main.yml | 34 +++++++- 3 files changed, 186 insertions(+), 1 deletion(-) create mode 100644 nodejs/files/yarnpkg.gpg.key diff --git a/nodejs/defaults/main.yml b/nodejs/defaults/main.yml index 95f2b009..47bc12b4 100644 --- a/nodejs/defaults/main.yml +++ b/nodejs/defaults/main.yml @@ -1,2 +1,3 @@ --- nodejs_apt_version: 'node_8.x' +node_yarn: False diff --git a/nodejs/files/yarnpkg.gpg.key b/nodejs/files/yarnpkg.gpg.key new file mode 100644 index 00000000..800c737d --- /dev/null +++ b/nodejs/files/yarnpkg.gpg.key @@ -0,0 +1,152 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFf0j5oBEADS6cItqCbf4lOLICohq2aHqM5I1jsz3DC4ddIU5ONbKXP1t0wk +FEUPRzd6m80cTo7Q02Bw7enh4J6HvM5XVBSSGKENP6XAsiOZnY9nkXlcQAPFRnCn +CjEfoOPZ0cBKjn2IpIXXcC+7xh4p1yruBpOsCbT6BuzA+Nm9j4cpRjdRdWSSmdID +TyMZClmYm/NIfCPduYvNZxZXhW3QYeieP7HIonhZSHVu/jauEUyHLVsieUIvAOJI +cXYpwLlrw0yy4flHe1ORJzuA7EZ4eOWCuKf1PgowEnVSS7Qp7lksCuljtfXgWelB +XGJlAMD90mMbsNpQPF8ywQ2wjECM8Q6BGUcQuGMDBtFihobb+ufJxpUOm4uDt0y4 +zaw+MVSi+a56+zvY0VmMGVyJstldPAcUlFYBDsfC9+zpzyrAqRY+qFWOT2tj29R5 +ZNYvUUjEmA/kXPNIwmEr4oj7PVjSTUSpwoKamFFE6Bbha1bzIHpdPIRYc6cEulp3 +dTOWfp+Cniiblp9gwz3HeXOWu7npTTvJBnnyRSVtQgRnZrrtRt3oLZgmj2fpZFCE +g8VcnQOb0iFcIM7VlWL0QR4SOz36/GFyezZkGsMlJwIGjXkqGhcEHYVDpg0nMoq1 +qUvizxv4nKLanZ5jKrV2J8V09PbL+BERIi6QSeXhXQIui/HfV5wHXC6DywARAQAB +tBxZYXJuIFBhY2thZ2luZyA8eWFybkBkYW4uY3g+iQI5BBMBCAAjBQJX9I+aAhsD +BwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQFkawG4blAxB52Q/9FcyGIEK2 +QamDhookuoUGGYjIeN+huQPWmc6mLPEKS2Vahk5jnJKVtAFiaqINiUtt/1jZuhF2 +bVGITvZK79kM6lg42xQcnhypzQPgkN7GQ/ApYqeKqCh1wV43KzT/CsJ9TrI0SC34 +qYHTEXXUprAuwQitgAJNi5QMdMtauCmpK+Xtl/72aetvL8jMFElOobeGwKgfLo9+ +We2EkKhSwyiy3W5TYI1UlV+evyyT+N0pmhRUSH6sJpzDnVYYPbCWa2b+0D/PHjXi +edKcely/NvqyVGoWZ+j41wkp5Q0wK2ybURS1ajfaKt0OcMhRf9XCfeXAQvU98mEk +FlfPaq0CXsjOy8eJXDeoc1dwxjDi2YbfHel0CafjrNp6qIFG9v3JxPUU19hG9lxD +Iv7VXftvMpjJCo/J4Qk+MOv7KsabgXg1iZHmllyyH3TY4AA4VA+mlceiiOHdXbKk +Q3BfS1jdXPV+2kBfqM4oWANArlrFTqtop8PPsDNqh/6SrVsthr7WTvC5q5h/Lmxy +Krm4Laf7JJMvdisfAsBbGZcR0Xv/Vw9cf2OIEzeOWbj5xul0kHT1vHhVNrBNanfe +t79RTDGESPbqz+bTS7olHWctl6TlwxA0/qKlI/PzXfOg63Nqy15woq9buca+uTcS +ccYO5au+g4Z70IEeQHsq5SC56qDR5/FvYyu5Ag0EV/SPmgEQANDSEMBKp6ER86y+ +udfKdSLP9gOv6hPsAgCHhcvBsks+ixeX9U9KkK7vj/1q6wodKf9oEbbdykHgIIB1 +lzY1l7u7/biAtQhTjdEZPh/dt3vjogrJblUEC0rt+fZe325ociocS4Bt9I75Ttkd +nWgkE4uOBJsSllpUbqfLBfYR58zz2Rz1pkBqRTkmJFetVNYErYi2tWbeJ59GjUN7 +w1K3GhxqbMbgx4dF5+rjGs+KI9k6jkGeeQHqhDk+FU70oLVLuH2Dmi9IFjklKmGa +3BU7VpNxvDwdoV7ttRYEBcBnPOmL24Sn4Xhe2MDCqgJwwyohd9rk8neV7GtavVea +Tv6bnzi1iJRgDld51HFWG8X+y55i5cYWaiXHdHOAG1+t35QUrczm9+sgkiKSk1II +TlEFsfwRl16NTCMGzjP5kGCm/W+yyyvBMw7CkENQcd23fMsdaQ/2UNYJau2PoRH/ +m+IoRehIcmE0npKeLVTDeZNCzpmfY18T542ibK49kdjZiK6G/VyBhIbWEFVu5Ll9 ++8GbcO9ucYaaeWkFS8Hg0FZafMk59VxKiICKLZ5he/C4f0UssXdyRYU6C5BH8UTC +QLg0z8mSSL+Wb2iFVPrn39Do7Zm8ry6LBCmfCf3pI99Q/1VaLDauorooJV3rQ5kC +JEiAeqQtLOvyoXIex1VbzlRUXmElABEBAAGJAh8EGAEIAAkFAlf0j5oCGwwACgkQ +FkawG4blAxAUUQ//afD0KLHjClHsA/dFiW+5qVzI8kPMHwO1QcUjeXrB6I3SluOT +rLSPhOsoS72yAaU9hFuq8g9ecmFrl3Skp/U4DHZXioEmozyZRp7eVsaHTewlfaOb +6g7+v52ktYdomcp3BM5v/pPZCnB5rLrH2KaUWbpY6V6tqtCHbF7zftDqcBENJDXf +hiCqS19J08GZFjDEqGDrEj3YEmEXZMN7PcXEISPIz6NYI6rw4yVH8AXfQW6vpPzm +ycHwI0QsVW2NQdcZ6zZt+phm6shNUbN2iDdg3BJICmIvQf8qhO3bOh0Bwc11FLHu +MKuGVxnWN82HyIsuUB7WDLBHEOtg61Zf1nAF1PQK52YuQz3EWI4LL9OqVqfSTY1J +jqIfj+u1PY2UHrxZfxlz1M8pXb1grozjKQ5aNqBKRrcMZNx71itR5rv18qGjGR2i +Sciu/xah7zAroEQrx72IjYt03tbk/007CvUlUqFIFB8kY1bbfX8JAA+TxelUniUR +2CY8eom5HnaPpKE3kGXZ0jWkudbWb7uuWcW1FE/bO+VtexpBL3SoXmwbVMGnJIEi +Uvy8m6ez0kzLXzJ/4K4b8bDO4NjFX2ocKdzLA89Z95KcZUxEG0O7kaDCu0x3BEge +uArJLecD5je2/2HXAdvkOAOUi6Gc/LiJrtInc0vUFsdqWCUK5Ao/MKvdMFW5Ag0E +V/SP2AEQALRcYv/hiv1n3VYuJbFnEfMkGwkdBYLGo3hiHKY8xrsFVePl9SkL8aqd +C310KUFNI42gGY/lz54RUHOqfMszTdafFrmwU18ECWGo4oG9qEutIKG7fkxcvk2M +tgsOMZFJqVDS1a9I4QTIkv1ellLBhVub9S7vhe/0jDjXs9IyOBpYQrpCXAm6SypC +fpqkDJ4qt/yFheATcm3s8ZVTsk2hiz2jnbqfvpte3hr3XArDjZXr3mGAp3YY9JFT +zVBOhyhT/92e6tURz8a/+IrMJzhSyIDel9L+2sHHo9E+fA3/h3lg2mo6EZmRTuvE +v9GXf5xeP5lSCDwS6YBXevJ8OSPlocC8Qm8ziww6dy/23XTxPg4YTkdf42i7VOpS +pa7EvBGne8YrmUzfbrxyAArK05lo56ZWb9ROgTnqM62wfvrCbEqSHidN3WQQEhMH +N7vtXeDPhAd8vaDhYBk4A/yWXIwgIbMczYf7Pl7oY3bXlQHb0KW/y7N3OZCr5mPW +94VLLH/v+T5R4DXaqTWeWtDGXLih7uXrG9vdlyrULEW+FDSpexKFUQe83a+Vkp6x +GX7FdMC9tNKYnPeRYqPF9UQEJg+MSbfkHSAJgky+bbacz+eqacLXMNCEk2LXFV1B +66u2EvSkGZiH7+6BNOar84I3qJrU7LBD7TmKBDHtnRr9JXrAxee3ABEBAAGJBEQE +GAEIAA8FAlf0j9gCGwIFCQHhM4ACKQkQFkawG4blAxDBXSAEGQEIAAYFAlf0j9gA +CgkQ0QH3iZ1B88PaoA//VuGdF5sjxRIOAOYqXypOD9/Kd7lYyxmtCwnvKdM7f8O5 +iD8oR2Pk1RhYHjpkfMRVjMkaLfxIRXfGQsWfKN2Zsa4zmTuNy7H6X26XW3rkFWpm +dECz1siGRvcpL6NvwLPIPQe7tST72q03u1H7bcyLGk0sTppgMoBND7yuaBTBZkAO +WizR+13x7FV+Y2j430Ft/DOe/NTc9dAlp6WmF5baOZClULfFzCTf9OcS2+bo68oP +gwWwnciJHSSLm6WRjsgoDxo5f3xBJs0ELKCr4jMwpSOTYqbDgEYOQTmHKkX8ZeQA +7mokc9guA0WK+DiGZis85lU95mneyJ2RuYcz6/VDwvT84ooe1swVkC2palDqBMwg +jZSTzbcUVqZRRnSDCe9jtpvF48WK4ZRiqtGO6Avzg1ZwMmWSr0zHQrLrUMTq/62W +KxLyj2oPxgptRg589hIwXVxJRWQjFijvK/xSjRMLgg73aNTq6Ojh98iyKAQ3HfzW +6iXBLLuGfvxflFednUSdWorr38MspcFvjFBOly+NDSjPHamNQ2h19iHLrYT7t4ve +nU9PvC+ORvXGxTN8mQR9btSdienQ8bBuU/mg/c417w6WbY7tkkqHqUuQC9LoaVdC +QFeE/SKGNe+wWN/EKi0QhXR9+UgWA41Gddi83Bk5deuTwbUeYkMDeUlOq3yyemcG +VxAA0PSktXnJgUj63+cdXu7ustVqzMjVJySCKSBtwJOge5aayonCNxz7KwoPO34m +Gdr9P4iJfc9kjawNV79aQ5aUH9uU2qFlbZOdO8pHOTjy4E+J0wbJb3VtzCJc1Eaa +83kZLFtJ45Fv2WQQ2Nv3Fo+yqAtkOkaBZv9Yq0UTaDkSYE9MMzHDVFx11TT21NZD +xu2QiIiqBcZfqJtIFHN5jONjwPG08xLAQKfUNROzclZ1h4XYUT+TWouopmpNeay5 +JSNcp5LsC2Rn0jSFuZGPJ1rBwB9vSFVA/GvOj8qEdfhjN3XbqPLVdOeChKuhlK0/ +sOLZZG91SHmT5SjP2zM6QKKSwNgHX4xZt4uugSZiY13+XqnrOGO9zRH8uumhsQmI +eFEdT27fsXTDTkWPI2zlHTltQjH1iebqqM9gfa2KUt671WyoL1yLhWrgePvDE+He +r002OslvvW6aAIIBki3FntPDqdIH89EEB4UEGqiA1eIZ6hGaQfinC7/IOkkm/mEa +qdeoI6NRS521/yf7i34NNj3IaL+rZQFbVWdbTEzAPtAs+bMJOHQXSGZeUUFrEQ/J +ael6aNg7mlr7cacmDwZWYLoCfY4w9GW6JHi6i63np8EA34CXecfor7cAX4XfaokB +XjyEkrnfV6OWYS7f01JJOcqYANhndxz1Ph8bxoRPelf5q+W5Ag0EWBU7dwEQAL1p +wH4prFMFMNV7MJPAwEug0Mxf3OsTBtCBnBYNvgFB+SFwKQLyDXUujuGQudjqQPCz +/09MOJPwGCOi0uA0BQScJ5JAfOq33qXi1iXCj9akeCfZXCOWtG3Izc3ofS6uee7K +fWUF1hNyA3PUwpRtM2pll+sQEO3y/EN7xYGUOM0mlCawrYGtxSNMlWBlMk/y5HK9 +upz+iHwUaEJ4PjV+P4YmDq0PnPvXE4qhTIvxx0kO5oZF0tAJCoTg1HE7o99/xq9Z +rejDR1JJj6btNw1YFQsRDLxRZv4rL9He10lmLhiQE8QN7zOWzyJbRP++tWY2d2zE +yFzvsOsGPbBqLDNkbb9d8Bfvp+udG13sHAEtRzI2UWe5SEdVHobAgu5l+m10WlsN +TG/L0gJe1eD1bwceWlnSrbqw+y+pam9YKWqdu18ETN6CeAbNo4w7honRkcRdZyoG +p9zZf3o1bGBBMla6RbLuJBoRDOy2Ql7B+Z87N0td6KlHI6X8fNbatbtsXR7qLUBP +5oRb6nXX4+DnTMDbvFpE2zxnkg+C354Tw5ysyHhM6abB2+zCXcZ3holeyxC+BUrO +gGPyLH/s01mg2zmttwC1UbkaGkQ6SwCoQoFEVq9Dp96B6PgZxhEw0GMrKRw53LoX +4rZif9Exv6qUFsGY8U9daEdDPF5UHYe7t/nPpfW3ABEBAAGJBEQEGAEIAA8CGwIF +AlokZSMFCQQWmKMCKcFdIAQZAQgABgUCWBU7dwAKCRBGwhMN/SSX9XKdD/4/dWSy +7h+ejbq8DuaX1vNXea79f+DNTUerJKpi/1nDOTajnXZnhCShP/yVF6kgbu8AVFDM ++fno/P++kx+IwNp/q2HGzzCm/jLeb6txAhAo7iw3fDAU89u8zzAahjp8Zq8iQsoo +hfLUGnNEaW0Z25/Rzb37Jy/NxxCnK5OtmThmXveQvIFLx8K34xlZ6MwyiUO64smI +dtdyLr492LciZpvJK1s2cliZLKu40dwseWAhvK6BOIBx1PLQGL/Pwx95jCNUDASR +fhvY3C27B5gvO6kE5O/RKpgKYF25k5uRLkscxn7liH0d+t3Ti4x07lwiLLQCwZ6F +NELdfJp5rtCT33es1wYTNfss0HUYHYFdKr0Vg9v6rR7B/yTwuv0TRYbR28M5olKR +IZ52B0DVDO9OCkACRVaxeWSxKFV/g1WyTE1QYNFo8t5EH4hX/mM76RGwW46DlOWS +fpyC7X4GfmAh+/SfL0rtN4Lr3uBFAhwrx1vW3xeJ2BIptGaxJgRpELLdz3HDb83s +MtT8mzeBXwVR3txmlpg36T96sx3J+osDugV34ctsDkO7/3vXIXz/oGh/zOmMH35A +9EgBGlxE4RxBfPT122XzBbwzSvT3Gmdr7QmTonEX6y0P3v6HOKRBcjFS0JePfmmz +1RJLG/Vy7PQxoV1YZbXc66C03htDYM2B6VtMNQkQFkawG4blAxCiVRAAhq/1L5Yl +smItiC6MROtPP+lfAWRmMSkoIuAtzkV/orqPetwWzjYLgApOvVXBuf9FdJ5vAx1I +XG3mDx6mQQWkr4t9onwCUuQ7lE29qmvCHB3FpKVJPKiGC6xK38t5dGAJtbUMZBQb +1vDuQ7new8dVLzBSH1VZ7gx9AT+WEptWznb1US1AbejO0uT8jsVc/McK4R3LQmVy +9+hbTYZFz1zCImuv9SCNZPSdLpDe41QxcMfKiW7XU4rshJULKd4HYG92KjeJU80z +gCyppOm85ENiMz91tPT7+A4O7XMlOaJEH8t/2SZGBE/dmHjSKcWIpJYrIZKXTrNv +7rSQGvweNG5alvCAvnrLJ2cRpU1Rziw7auEU1YiSse+hQ1ZBIzWhPMunIdnkL/BJ +unBTVE7hPMMG7alOLy5Z0ikNytVewasZlm/dj5tEsfvF7tisVTZWVjWCvEMTP5fe +cNMEAwbZdBDyQBAN00y7xp4Pwc/kPLuaqESyTTt8jGek/pe7/+6fu0GQmR2gZKGa +gAxeZEvXWrxSJp/q81XSQGcO6QYMff7VexY3ncdjSVLro+Z3ZtYt6aVIGAEEA5UE +341yCGIeN+nr27CXD4fHF28aPh+AJzYh+uVjQhHbL8agwcyCMLgU88u1U0tT5Qtj +wnw+w+3UNhROvn495REpeEwD60iVeiuF5FW5Ag0EWbWWowEQALCiEk5Ic40W7/v5 +hqYNjrRlxTE/1axOhhzt8eCB7eOeNOMQKwabYxqBceNmol/guzlnFqLtbaA6yZQk +zz/K3eNwWQg7CfXO3+p/dN0HtktPfdCk+kY/t7StKRjINW6S9xk9KshiukmdiDq8 +JKS0HgxqphBB3tDjmo6/RiaOEFMoUlXKSU+BYYpBpLKg53P8F/8nIsK2aZJyk8Xu +Bd0UXKI+N1gfCfzoDWnYHs73LQKcjrTaZQauT81J7+TeWoLI28vkVxyjvTXAyjSB +nhxTYfwUNGSoawEXyJ1uKCwhIpklxcCMI9Hykg7sKNsvmJ4uNcRJ7cSRfb0g5DR9 +dLhR+eEvFd+o4PblKk16AI48N8Zg1dLlJuV2cAtl0oBPk+tnbZukvkS5n1IzTSmi +iPIXvK2t506VtfFEw4iZrJWf2Q9//TszBM3r1FPATLH7EAeG5P8RV+ri7L7NvzP6 +ZQClRDUsxeimCSe8v/t0OpheCVMlM9TpVcKGMw8ig/WEodoLOP4iqBs4BKR7fuyd +jDqbU0k/sdJTltp7IIdK1e49POIQ7pt+SUrsq/HnPW4woLC1WjouBWyr2M7/a0Sl +dPidZ2BUAK7O9oXosidZMJT7dBp3eHrspY4bdkSxsd0nshj0ndtqNktxkrSFRkoF +pMz0J/M3Q93CjdHuTLpTHQEWjm/7ABEBAAGJBEQEGAEIAA8FAlm1lqMCGwIFCQJ2 +LQACKQkQFkawG4blAxDBXSAEGQEIAAYFAlm1lqMACgkQ4HTRbrb/TeMpDQ//eOIs +CWY2gYOGACw42JzMVvuTDrgRT4hMhgHCGeKzn1wFL1EsbSQV4Z6pYvnNayuEakgI +z14wf4UFs5u1ehfBwatmakSQJn32ANcAvI0INAkLEoqqy81mROjMc9FFrOkdqjcN +7yN0BzH9jNYL/gsvmOOwOu+dIH3C1Lgei844ZR1BZK1900mohuRwcji0sdROMcrK +rGjqd4yb6f7yl0wbdAxA3IHT3TFGczC7Y41P2OEpaJeVIZZgxkgQsJ14qK/QGpdK +vmZAQpjHBipeO/H+qxyOT5Y+f15VLWGOOVL090+ZdtF7h3m4X2+L7xWsFIgdOprf +O60gq3e79YFfgNBYU5BGtJGFGlJ0sGtnpzx5QCRka0j/1E5lIu00sW3WfGItFd48 +hW6wHCloyoi7pBR7xqSEoU/U5o7+nC8wHFrDYyqcyO9Q3mZDw4LvlgnyMOM+qLv/ +fNgO9USE4T30eSvc0t/5p1hCKNvyxHFghdRSJqn70bm6MQY+kd6+B/k62Oy8eCwR +t4PR+LQEIPnxN7xGuNpVO1oMyhhO41osYruMrodzw81icBRKYFlSuDOQ5jlcSajc +6TvF22y+VXy7nx1q/CN4tzB/ryUASU+vXS8/QNM6qI/QbbgBy7VtHqDbs2KHp4cP +0j9KYQzMrKwtRwfHqVrwFLkCp61EHwSlPsEFiglpMg/8DQ92O4beY0n7eSrilwEd +Jg89IeepTBm1QYiLM33qWLR9CABYAIiDG7qxviHozVfX6kUwbkntVpyHAXSbWrM3 +kD6jPs3u/dimLKVyd29AVrBSn9FC04EjtDWsj1KB7HrFN4oo9o0JLSnXeJb8FnPf +3MitaKltvj/kZhegozIs+zvpzuri0LvoB4fNA0T4eAmxkGkZBB+mjNCrUHIakyPZ +VzWGL0QGsfK1Q9jvw0OErqHJYX8A1wLre/HkBne+e5ezS6Mc7kFW33Y1arfbHFNA +e12juPsOxqK76qNilUbQpPtNvWP3FTpbkAdodMLq/gQ+M5yHwPe8SkpZ8wYCfcwE +emz/P+4QhQB8tbYbpcPxJ+aQjVjcHpsLdrlSY3JL/gqockR7+97GrCzqXbgvsqiW +r16Zyn6mxYWEHn9HXMh3b+2IYKFFXHffbIBq/mfibDnZtQBrZpn2uyh6F2ZuOsZh +0LTD7RL53KV3fi90nS00Gs1kbMkPycL1JLqvYQDpllE2oZ1dKDYkwivGyDQhRNfE +RL6JkjyiSxfZ2c84r2HPgnJTi/WBplloQkM+2NfXrBo6kLHSC6aBndRKk2UmUhrU +luGcQUyfzYRFH5kVueIYfDaBPus9gb+sjnViFRpqVjefwlXSJEDHWP3Cl2cuo2mJ +jeDghj400U6pjSUW3bIC/PI= +=gZNT +-----END PGP PUBLIC KEY BLOCK----- diff --git a/nodejs/tasks/main.yml b/nodejs/tasks/main.yml index dc024cbd..5a6ae40f 100644 --- a/nodejs/tasks/main.yml +++ b/nodejs/tasks/main.yml @@ -1,6 +1,5 @@ --- - - name: APT https transport is enabled apt: name: apt-transport-https @@ -36,3 +35,36 @@ tags: - packages - nodejs + + + +- name: yarn GPG key is installed + apt_key: + #url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key + data: "{{ lookup('file', 'yarnpkg.gpg.key') }}" + tags: + - system + - packages + - yarn + when: node_yarn + +- name: yarn sources list is available + apt_repository: + repo: "deb https://dl.yarnpkg.com/debian/ stable main" + filename: yarn + update_cache: yes + state: present + tags: + - system + - packages + - yarn + when: node_yarn + +- name: yarn is installed + apt: + name: yarn + state: present + tags: + - packages + - yarn + when: node_yarn From 20d3afb74a0b3743b3ea9134695c956ff911bf30 Mon Sep 17 00:00:00 2001 From: Bruno TATU Date: Wed, 4 Apr 2018 16:16:45 +0200 Subject: [PATCH 62/82] verify if opendkim-tools and opendkim is installed --- opendkim/files/opendkim-add.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/opendkim/files/opendkim-add.sh b/opendkim/files/opendkim-add.sh index a7da1ce0..fa663a59 100644 --- a/opendkim/files/opendkim-add.sh +++ b/opendkim/files/opendkim-add.sh @@ -1,5 +1,13 @@ #!/bin/sh + +dpkg -l |grep -e 'opendkim-tools' -e 'opendkim' -q + +if [ "$?" -ne 0 ]; then + echo "Require opendkim-tools and opendkim" + exit 1 +fi + if [ "$#" -ne 1 ]; then echo "Usage : $0 example.com" >&2 exit 1 From 3cbb65ea8d69df45ec594c1ecb35041b72cb3352 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 4 Apr 2018 23:21:31 +0200 Subject: [PATCH 63/82] whitespaces --- amazon-ec2/amazon-ec2-evolinux.yml | 4 +- amazon-ec2/defaults/main.yml | 2 +- clamav/tasks/main.yml | 2 +- kibana/tasks/main.yml | 2 +- opendkim/tasks/main.yml | 2 +- proftpd/tasks/account.yml | 2 +- redmine/tasks/main.yml | 90 ++++++++++++++-------------- redmine/tasks/plugins.yml | 6 +- redmine/tasks/themes.yml | 6 +- tomcat-instance/tasks/user.yml | 2 +- webapps/evoadmin-mail/tasks/user.yml | 2 +- webapps/wordpress/tasks/main.yml | 6 +- 12 files changed, 63 insertions(+), 63 deletions(-) diff --git a/amazon-ec2/amazon-ec2-evolinux.yml b/amazon-ec2/amazon-ec2-evolinux.yml index 5c7a5e4e..d9d79347 100644 --- a/amazon-ec2/amazon-ec2-evolinux.yml +++ b/amazon-ec2/amazon-ec2-evolinux.yml @@ -4,8 +4,8 @@ gather_facts: False vars: - aws_access_key: - aws_secret_key: + aws_access_key: + aws_secret_key: aws_region: ca-central-1 tasks: diff --git a/amazon-ec2/defaults/main.yml b/amazon-ec2/defaults/main.yml index c22b9df4..f1b0c52c 100644 --- a/amazon-ec2/defaults/main.yml +++ b/amazon-ec2/defaults/main.yml @@ -24,7 +24,7 @@ ec2_debian_base_ami: us-east-1: ami-ac5e55d7 us-east-2: ami-9fbb98fa us-west-1: ami-560c3836 - us-west-2: ami-fa18f282 + us-west-2: ami-fa18f282 ec2_evolinux_security_group: name: evolinux-default diff --git a/clamav/tasks/main.yml b/clamav/tasks/main.yml index 6e3058dd..b053fce4 100644 --- a/clamav/tasks/main.yml +++ b/clamav/tasks/main.yml @@ -108,4 +108,4 @@ replace: 'AllowSupplementaryGroups true' notify: restart clamav tags: - - clamav + - clamav diff --git a/kibana/tasks/main.yml b/kibana/tasks/main.yml index 55e0c848..7ee07b5f 100644 --- a/kibana/tasks/main.yml +++ b/kibana/tasks/main.yml @@ -76,7 +76,7 @@ # - block: # - include_role: # name: remount-usr -# +# # - name: Move kibana optimize directory # shell: "mv /usr/share/kibana/{{ item }} /var/lib/kibana/{{ item }} && ln -s /var/lib/kibana/{{ item }} /usr/share/kibana/{{ item }}" # args: diff --git a/opendkim/tasks/main.yml b/opendkim/tasks/main.yml index 8c81b686..7196ef46 100644 --- a/opendkim/tasks/main.yml +++ b/opendkim/tasks/main.yml @@ -62,7 +62,7 @@ systemd: name: opendkim state: started - enabled: True + enabled: True tags: - opendkim diff --git a/proftpd/tasks/account.yml b/proftpd/tasks/account.yml index 7f3cbe58..a03fd1f1 100644 --- a/proftpd/tasks/account.yml +++ b/proftpd/tasks/account.yml @@ -65,7 +65,7 @@ dest: /etc/proftpd/conf.d/z-evolinux.conf state: present line: " AllowUser {{ proftpd_name }}" - insertbefore: "DenyAll" + insertbefore: "DenyAll" notify: restart proftpd tags: - proftpd diff --git a/redmine/tasks/main.yml b/redmine/tasks/main.yml index 5270a5aa..6b446c8a 100644 --- a/redmine/tasks/main.yml +++ b/redmine/tasks/main.yml @@ -4,26 +4,26 @@ name: "{{ item }}" state: present with_items: - - libpam-systemd - - ruby - - ruby-dev - - bundler - - imagemagick - - git-core - - git-svn - - gcc - - build-essential - - libxml2-dev - - libxslt1-dev - - libssl-dev - - libmagickwand-dev - - libmagickcore-dev - - libmysqlclient-dev - - python-mysqldb + - libpam-systemd + - ruby + - ruby-dev + - bundler + - imagemagick + - git-core + - git-svn + - gcc + - build-essential + - libxml2-dev + - libxslt1-dev + - libssl-dev + - libmagickwand-dev + - libmagickcore-dev + - libmysqlclient-dev + - python-mysqldb tags: - - redmine + - redmine -#- name: +#- name: # lineinfile: # with_items: # - 'https://github.com/.*' @@ -38,7 +38,7 @@ dest: /etc/systemd/user/puma.service mode: "0644" tags: - - redmine + - redmine - name: Create puma config dir file: @@ -47,14 +47,14 @@ mode: "0755" owner: root tags: - - redmine + - redmine - name: Create redmine group group: name: "{{ redmine_user }}" state: present tags: - - redmine + - redmine - name: Add www-data to redmine group user: @@ -62,7 +62,7 @@ groups: "{{ redmine_user }}" append: yes tags: - - redmine + - redmine - name: Create redmine user user: @@ -73,7 +73,7 @@ home: "/home/{{ redmine_user }}" shell: /bin/bash tags: - - redmine + - redmine - name: Create required directory file: @@ -83,11 +83,11 @@ group: "{{ redmine_user }}" mode: "0750" with_items: - - "/home/{{ redmine_user }}" - - "/home/{{ redmine_user }}/files" - - "/home/{{ redmine_user }}/log" + - "/home/{{ redmine_user }}" + - "/home/{{ redmine_user }}/files" + - "/home/{{ redmine_user }}/log" tags: - - redmine + - redmine - name: Touch Nginx logs file file: @@ -98,10 +98,10 @@ mode: "0640" changed_when: false with_items: - - nginx_access.log - - nginx_error.log + - nginx_access.log + - nginx_error.log tags: - - redmine + - redmine - name: Enable systemd user mode command: "loginctl enable-linger {{ redmine_user }}" @@ -115,7 +115,7 @@ group: "{{ redmine_user }}" mode: "0640" tags: - - redmine + - redmine - name: Update or clone Redmine git git: @@ -127,7 +127,7 @@ become_user: "{{ redmine_user }}" register: redmine_git_task tags: - - redmine + - redmine - name: Deploy custom Gemfile copy: @@ -145,7 +145,7 @@ changed_when: False failed_when: false tags: - - redmine + - redmine - name: Generate Mysql password shell: perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)' @@ -160,7 +160,7 @@ set_fact: redmine_db_pass: "{{ redmine_generate_mysql_password.stdout | default(redmine_get_mysql_password.stdout) }}" tags: - - redmine + - redmine - name: Create Mysql database mysql_db: @@ -168,7 +168,7 @@ config_file: "/root/.my.cnf" state: present tags: - - redmine + - redmine - name: Create Mysql user mysql_user: @@ -179,7 +179,7 @@ update_password: always state: present tags: - - redmine + - redmine - name: Store credentials in my.cnf ini_file: @@ -195,7 +195,7 @@ - { option: 'database', value: "{{ redmine_db_name }}" } - { option: 'password', value: '{{ redmine_db_pass }}' } tags: - - redmine + - redmine - name: Copy configurations file template: @@ -205,23 +205,23 @@ group: "{{ redmine_user }}" mode: "0640" with_items: - - 'configuration.yml' - - 'database.yml' - - 'additional_environment.rb' + - 'configuration.yml' + - 'database.yml' + - 'additional_environment.rb' tags: - - redmine + - redmine - name: Install Redmine plugins include: plugins.yml with_items: "{{ redmine_plugins }}" tags: - - redmine + - redmine - name: Install Redmine themes include: themes.yml with_items: "{{ redmine_themes }}" tags: - - redmine + - redmine - name: Update local gems with bundle bundler: @@ -262,7 +262,7 @@ become_method: sudo become_flags: '-iu {{ redmine_user }}' tags: - - redmine + - redmine - name: Copy puma config template: @@ -286,7 +286,7 @@ become_method: sudo become_flags: '-iu {{ redmine_user }}' tags: - - redmine + - redmine - name: Reload puma service systemd: diff --git a/redmine/tasks/plugins.yml b/redmine/tasks/plugins.yml index aacb2a27..479ffeaf 100644 --- a/redmine/tasks/plugins.yml +++ b/redmine/tasks/plugins.yml @@ -2,7 +2,7 @@ - name: Copy/Update plugin from archive unarchive: src: "{{ item.zip }}" - dest: "/home/{{ redmine_user }}/www/plugins/" + dest: "/home/{{ redmine_user }}/www/plugins/" remote_src: yes owner: "{{ redmine_user }}" group: "{{ redmine_user }}" @@ -17,10 +17,10 @@ version: "{{ item.tree | default('master') }}" register: redmine_plugin_install when: item.git is defined - + - name: Fix rights on plugin dir file: - path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}" + path: "/home/{{ redmine_user }}/www/plugins/{{ item.git | basename | splitext | first }}" owner: "{{ redmine_user }}" group: "{{ redmine_user }}" mode: "u=rwX,g=rX,o=" diff --git a/redmine/tasks/themes.yml b/redmine/tasks/themes.yml index ea5046de..510e2038 100644 --- a/redmine/tasks/themes.yml +++ b/redmine/tasks/themes.yml @@ -2,7 +2,7 @@ - name: Copy/Update theme from archive unarchive: src: "{{ item.zip }}" - dest: "/home/{{ redmine_user }}/www/public/themes/" + dest: "/home/{{ redmine_user }}/www/public/themes/" remote_src: yes owner: "{{ redmine_user }}" group: "{{ redmine_user }}" @@ -15,10 +15,10 @@ dest: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" version: "{{ item.tree | default('master') }}" when: item.git is defined - + - name: Fix rights on theme dir file: - path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" + path: "/home/{{ redmine_user }}/www/public/themes/{{ item.git | basename | splitext | first }}" owner: "{{ redmine_user }}" group: "{{ redmine_user }}" mode: "0750" diff --git a/tomcat-instance/tasks/user.yml b/tomcat-instance/tasks/user.yml index 56fb76ff..2c9a634d 100644 --- a/tomcat-instance/tasks/user.yml +++ b/tomcat-instance/tasks/user.yml @@ -37,7 +37,7 @@ - name: Run newaliases command: newaliases - when: tomcat_instance_mail_alias | changed + when: tomcat_instance_mail_alias | changed - name: Enable sudo right lineinfile: diff --git a/webapps/evoadmin-mail/tasks/user.yml b/webapps/evoadmin-mail/tasks/user.yml index 5b267e72..5ec87f78 100644 --- a/webapps/evoadmin-mail/tasks/user.yml +++ b/webapps/evoadmin-mail/tasks/user.yml @@ -55,7 +55,7 @@ dest: "{{ evoadminmail_document_root }}/htdocs/config/connect.php" owner: "www-{{ evoadminmail_username }}" group: "{{ evoadminmail_username }}" - when: ldap_admin_password is defined + when: ldap_admin_password is defined - name: "Copy conf.php" template: diff --git a/webapps/wordpress/tasks/main.yml b/webapps/wordpress/tasks/main.yml index d8a4598b..6b6a67e2 100644 --- a/webapps/wordpress/tasks/main.yml +++ b/webapps/wordpress/tasks/main.yml @@ -28,7 +28,7 @@ changed_when: false - name: Read mysql config from .my.cnf - set_fact: + set_fact: db_host: "{{ lookup('ini', 'host section=client file=/tmp/wordpress-{{ ansible_user }}.cnf default=127.0.0.1') }}" db_user: "{{ lookup('ini', 'user section=client file=/tmp/wordpress-{{ ansible_user }}.cnf default={{ ansible_user }}') }}" db_pwd: "{{ lookup('ini', 'password section=client file=/tmp/wordpress-{{ ansible_user }}.cnf') }}" @@ -44,7 +44,7 @@ - name: Configure Wordpress (wp-config.php) shell: '{{ wordpress_wpcli }} core config --dbhost={{ db_host }} --dbuser={{ db_user }} --dbpass={{ db_pwd }} --dbname={{ db_name }}' args: - creates: "{{ ansible_env.HOME }}/www/wp-config.php" + creates: "{{ ansible_env.HOME }}/www/wp-config.php" - name: Configure site shell: '{{ wordpress_wpcli }} core install --url={{ wordpress_host | quote }} --title={{ wordpress_title | quote }} --admin_user=admin --admin_password="{{ admin_pwd | quote }}" --admin_email={{ wordpress_email }} --skip-email' @@ -90,7 +90,7 @@ Votre nouveau site WordPress a bien été installé à l’adresse : http://{{ wordpress_host }} - + Vous pouvez vous y connecter en tant qu’administrateur avec les informations suivantes : Identifiant : admin From 4382ce24f64f759dc1e62f5b7edfa887a10f1430 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 4 Apr 2018 23:22:17 +0200 Subject: [PATCH 64/82] add "become" when missing --- elasticsearch/tasks/plugin_head.yml | 1 + redmine/tasks/main.yml | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/elasticsearch/tasks/plugin_head.yml b/elasticsearch/tasks/plugin_head.yml index 29b2f1f7..81510fa0 100644 --- a/elasticsearch/tasks/plugin_head.yml +++ b/elasticsearch/tasks/plugin_head.yml @@ -31,6 +31,7 @@ environment: TMPDIR: "{{ elasticsearch_plugin_head_tmp_dir }}" become_user: "{{ elasticsearch_plugin_head_owner }}" + become: yes - name: Elasticsearch HTTP/CORS are enabled lineinfile: diff --git a/redmine/tasks/main.yml b/redmine/tasks/main.yml index 6b446c8a..9a388b8c 100644 --- a/redmine/tasks/main.yml +++ b/redmine/tasks/main.yml @@ -125,6 +125,7 @@ umask: "027" update: yes become_user: "{{ redmine_user }}" + become: yes register: redmine_git_task tags: - redmine @@ -230,6 +231,7 @@ gem_path: "/home/{{ redmine_user }}/.gems" user_install: yes become_user: "{{ redmine_user }}" + become: yes when: redmine_git_task.changed or redmine_local_gemfile_task.changed or redmine_plugin_install.changed - name: Migrate database with rake @@ -237,6 +239,7 @@ become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes when: redmine_git_task.changed - name: Populate Mysql database @@ -246,12 +249,14 @@ become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes - name: Migrate plugins shell: bundle exec rake -qf ~/www/Rakefile redmine:plugins:migrate become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes when: redmine_plugin_install.changed - name: Generate secret token @@ -261,6 +266,7 @@ become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes tags: - redmine @@ -285,6 +291,7 @@ become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes tags: - redmine @@ -297,4 +304,5 @@ become_user: "{{ redmine_user }}" become_method: sudo become_flags: '-iu {{ redmine_user }}' + become: yes when: redmine_puma_config_task.changed From 8abed3e25852ed15fcebbeb8ba3b1f9be4c5a758 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 4 Apr 2018 23:22:46 +0200 Subject: [PATCH 65/82] Use "command" instead of "shell" where possible --- evolinux-base/tasks/ssh.yml | 2 +- evolinux-users/tasks/ssh.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/evolinux-base/tasks/ssh.yml b/evolinux-base/tasks/ssh.yml index e4f51a81..773de28f 100644 --- a/evolinux-base/tasks/ssh.yml +++ b/evolinux-base/tasks/ssh.yml @@ -70,7 +70,7 @@ # we must double-escape caracters, because python - name: verify AllowUsers directive - shell: "grep -E '^AllowUsers' /etc/ssh/sshd_config" + command: "grep -E '^AllowUsers' /etc/ssh/sshd_config" changed_when: False failed_when: False register: grep_allowusers_ssh diff --git a/evolinux-users/tasks/ssh.yml b/evolinux-users/tasks/ssh.yml index 16cb1f30..75b47ce2 100644 --- a/evolinux-users/tasks/ssh.yml +++ b/evolinux-users/tasks/ssh.yml @@ -27,7 +27,7 @@ when: user.ssh_keys is defined - name: verify AllowGroups directive - shell: "grep -E '^AllowGroups' /etc/ssh/sshd_config" + command: "grep -E '^AllowGroups' /etc/ssh/sshd_config" changed_when: False failed_when: False register: grep_allowgroups_ssh @@ -41,7 +41,7 @@ - block: # If AllowGroups is not present, we proceed as usual - name: verify AllowUsers directive - shell: "grep -E '^AllowUsers' /etc/ssh/sshd_config" + command: "grep -E '^AllowUsers' /etc/ssh/sshd_config" changed_when: False failed_when: False register: grep_allowusers_ssh From 7195742af93fed0e78d12b6316118fb3882a14e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 4 Apr 2018 23:22:55 +0200 Subject: [PATCH 66/82] remine: add tags --- redmine/tasks/main.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/redmine/tasks/main.yml b/redmine/tasks/main.yml index 9a388b8c..7864fa51 100644 --- a/redmine/tasks/main.yml +++ b/redmine/tasks/main.yml @@ -138,6 +138,8 @@ group: "{{ redmine_user }}" mode: "0640" register: redmine_local_gemfile_task + tags: + - redmine - name: Get actual Mysql password shell: "grep password /home/{{ redmine_user }}/.my.cnf | awk '{ print $3 }'" @@ -233,6 +235,8 @@ become_user: "{{ redmine_user }}" become: yes when: redmine_git_task.changed or redmine_local_gemfile_task.changed or redmine_plugin_install.changed + tags: + - redmine - name: Migrate database with rake shell: bundle exec rake -qf ~/www/Rakefile db:migrate @@ -241,6 +245,8 @@ become_flags: '-iu {{ redmine_user }}' become: yes when: redmine_git_task.changed + tags: + - redmine - name: Populate Mysql database shell: bundle exec rake -qf ~/www/Rakefile redmine:load_default_data REDMINE_LANG=fr && touch ~/.populated @@ -250,6 +256,8 @@ become_method: sudo become_flags: '-iu {{ redmine_user }}' become: yes + tags: + - redmine - name: Migrate plugins shell: bundle exec rake -qf ~/www/Rakefile redmine:plugins:migrate @@ -258,6 +266,8 @@ become_flags: '-iu {{ redmine_user }}' become: yes when: redmine_plugin_install.changed + tags: + - redmine - name: Generate secret token shell: bundle exec rake -qf ~/www/Rakefile generate_secret_token From 786f25731e80ffa368efb296c521a2e7ddf62d1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Wed, 4 Apr 2018 23:46:50 +0200 Subject: [PATCH 67/82] Update CHANGELOG --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea3dc2a8..dd8b6563 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,8 @@ The **patch** part changes incrementally at each release. * proftpd: use proftpd_accounts list for manage ftp accounts * etc-git: add tags for Ansible * evolinux-base: install ncurses-term package +* added a few become attributes where missing +* redmine: added missing tags ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). From 3b8c57faee224c218f97e84cda37bd74835b3cb4 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 5 Apr 2018 15:23:12 +0200 Subject: [PATCH 68/82] mongodb: allow unauthenticated packages for Jessie --- CHANGELOG.md | 1 + mongodb/tasks/main_jessie.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index dd8b6563..6470e666 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ The **patch** part changes incrementally at each release. * elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`) * nagios-nrpe: mark plugins as executable * mongodb: configuration is forced by default but it's configurable (default: `false`) +* mongodb: allow unauthenticated packages for Jessie * nginx: package name can be specified (default: `nginx-full`) * evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues) * webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined diff --git a/mongodb/tasks/main_jessie.yml b/mongodb/tasks/main_jessie.yml index 3aa7775a..0cec9f2c 100644 --- a/mongodb/tasks/main_jessie.yml +++ b/mongodb/tasks/main_jessie.yml @@ -15,6 +15,7 @@ - name: Install packages apt: name: mongodb-org + allow_unauthenticated: yes state: installed - name: install dependency for monitoring From beeb7de0aff096eab9a6fc3954f9390d72eac6de Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 5 Apr 2018 18:43:29 +0200 Subject: [PATCH 69/82] mongodb: rename logrotate script --- CHANGELOG.md | 1 + mongodb/tasks/main_stretch.yml | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6470e666..7cd1a666 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ The **patch** part changes incrementally at each release. * nagios-nrpe: mark plugins as executable * mongodb: configuration is forced by default but it's configurable (default: `false`) * mongodb: allow unauthenticated packages for Jessie +* mongodb: rename logrotate script * nginx: package name can be specified (default: `nginx-full`) * evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues) * webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined diff --git a/mongodb/tasks/main_stretch.yml b/mongodb/tasks/main_stretch.yml index 416ea727..3f553c41 100644 --- a/mongodb/tasks/main_stretch.yml +++ b/mongodb/tasks/main_stretch.yml @@ -28,6 +28,12 @@ - name: Configure logrotate template: src: logrotate_stretch.j2 - dest: /etc/logrotate.d/mongodb + dest: /etc/logrotate.d/mongodb-server force: yes backup: no + +- name: disable previous logrotate + command: mv /etc/logrotate.d/mongodb /etc/logrotate.d/mongodb.disabled + args: + removes: /etc/logrotate.d/mongodb + creates: /etc/logrotate.d/mongodb.disabled From 2c9acfb12d3980d47ab64be0aacd1f0bc7d08f6a Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 09:19:36 +0200 Subject: [PATCH 70/82] nodejs: extract yarn tasks in a file --- nodejs/defaults/main.yml | 2 +- nodejs/tasks/main.yml | 42 ++++++---------------------------------- nodejs/tasks/yarn.yml | 32 ++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 37 deletions(-) create mode 100644 nodejs/tasks/yarn.yml diff --git a/nodejs/defaults/main.yml b/nodejs/defaults/main.yml index 47bc12b4..bae84bfa 100644 --- a/nodejs/defaults/main.yml +++ b/nodejs/defaults/main.yml @@ -1,3 +1,3 @@ --- nodejs_apt_version: 'node_8.x' -node_yarn: False +nodejs_install_yarn: False diff --git a/nodejs/tasks/main.yml b/nodejs/tasks/main.yml index 5a6ae40f..bad66d95 100644 --- a/nodejs/tasks/main.yml +++ b/nodejs/tasks/main.yml @@ -8,16 +8,16 @@ - system - packages -- name: Node GPG key is installed +- name: NodeJS GPG key is installed apt_key: - #url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key + # url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key data: "{{ lookup('file', 'nodesource.gpg.key') }}" tags: - system - packages - nodejs -- name: Node sources list ({{ nodejs_apt_version }}) is available +- name: NodeJS sources list ({{ nodejs_apt_version }}) is available apt_repository: repo: "deb https://deb.nodesource.com/{{ nodejs_apt_version }} {{ ansible_distribution_release }} main" filename: nodesource @@ -28,7 +28,7 @@ - packages - nodejs -- name: Node is installed +- name: NodeJS is installed apt: name: nodejs state: present @@ -36,35 +36,5 @@ - packages - nodejs - - -- name: yarn GPG key is installed - apt_key: - #url: https://deb.nodesource.com/gpgkey/nodesource.gpg.key - data: "{{ lookup('file', 'yarnpkg.gpg.key') }}" - tags: - - system - - packages - - yarn - when: node_yarn - -- name: yarn sources list is available - apt_repository: - repo: "deb https://dl.yarnpkg.com/debian/ stable main" - filename: yarn - update_cache: yes - state: present - tags: - - system - - packages - - yarn - when: node_yarn - -- name: yarn is installed - apt: - name: yarn - state: present - tags: - - packages - - yarn - when: node_yarn +- include: yarn.yml + when: nodejs_install_yarn diff --git a/nodejs/tasks/yarn.yml b/nodejs/tasks/yarn.yml new file mode 100644 index 00000000..47af5c50 --- /dev/null +++ b/nodejs/tasks/yarn.yml @@ -0,0 +1,32 @@ +--- + +- name: yarn GPG key is installed + apt_key: + # url: https://dl.yarnpkg.com/debian/pubkey.gpg + data: "{{ lookup('file', 'yarnpkg.gpg.key') }}" + tags: + - system + - packages + - nodejs + - yarn + +- name: yarn sources list is available + apt_repository: + repo: "deb https://dl.yarnpkg.com/debian/ stable main" + filename: yarn + update_cache: yes + state: present + tags: + - system + - packages + - nodejs + - yarn + +- name: yarn is installed + apt: + name: yarn + state: present + tags: + - packages + - nodejs + - yarn From b68d0765ed0072565a505be8e47394e2b5f2e37f Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 09:22:05 +0200 Subject: [PATCH 71/82] update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ea3dc2a8..8d4aa412 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,6 +21,7 @@ The **patch** part changes incrementally at each release. * proftpd: use proftpd_accounts list for manage ftp accounts * etc-git: add tags for Ansible * evolinux-base: install ncurses-term package +* nodejs: Yarn package manager can be installed (default: `false`) ### Changed * elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). From c2ed10e2e44fda8859655ad486aa92502a882130 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 09:26:51 +0200 Subject: [PATCH 72/82] CHANGELOG cleanup --- CHANGELOG.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 54807d8d..979021e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,38 +11,38 @@ The **patch** part changes incrementally at each release. ## [Unreleased] ### Added -* postfix: add lines in /etc/.gitignore -* nagios-nrpe: add "check_open_files" plugin -* nagios-nrpe: mark plugins as executable -* mysql-oracle: new role to install MySQL 5.7 with Oracle packages -* mysql: remount /usr before creating scripts directory -* packweb-apache: choose mysql variant (default: `debian`) -* haproxy: install Munin plugins -* proftpd: use proftpd_accounts list for manage ftp accounts +* added a few become attributes where missing * etc-git: add tags for Ansible * evolinux-base: install ncurses-term package -* added a few become attributes where missing -* redmine: added missing tags +* haproxy: install Munin plugins +* mysql-oracle: new role to install MySQL 5.7 with Oracle packages +* mysql: remount /usr before creating scripts directory +* nagios-nrpe: add "check_open_files" plugin +* nagios-nrpe: mark plugins as executable * nodejs: Yarn package manager can be installed (default: `false`) +* packweb-apache: choose mysql variant (default: `debian`) +* postfix: add lines in /etc/.gitignore +* proftpd: use "proftpd_accounts" list to manage ftp accounts +* redmine: added missing tags ### Changed -* elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). * elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`) -* nagios-nrpe: mark plugins as executable -* mongodb: configuration is forced by default but it's configurable (default: `false`) -* mongodb: allow unauthenticated packages for Jessie -* mongodb: rename logrotate script -* nginx: package name can be specified (default: `nginx-full`) +* elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`). * evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues) -* webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined +* mongodb: allow unauthenticated packages for Jessie +* mongodb: configuration is forced by default but it's configurable (default: `false`) +* mongodb: rename logrotate script +* nagios-nrpe: mark plugins as executable +* nginx: don't debug variables in verbosity 0 +* nginx: package name can be specified (default: `nginx-full`) * php: fix FPM custom file permissions * php: more tasks notify FPM handler to restart if needed -* nginx: don't debug variables in verbosity 0 +* webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined ### Fixed -* nginx: fix basic auth for default vhost * dovecot: fix support of plus sign * mysql/mysql-oracle: mysqltuner cron task is executable +* nginx: fix basic auth for default vhost * rbenv: fix become user issue with copy tasks ## [9.1.6] - 2018-02-02 From 03c53433d68039797d0b128b2b448686fea4ca25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= Date: Mon, 2 Apr 2018 21:04:26 +0200 Subject: [PATCH 73/82] Add minifirewal_status and check_minifirewall minifirewall_status returns "started" on stdout and exit code 0, or "stopped" on stdout and exit code 1. The state of minifirewall is determined by looking for common iptables rules applied by minifirewall. check_minifirewall is an NRPE plugin for minifirewall. It returns: * 0 (OK) if the firewall state is consistent with its configuration (from the alert5 script) * 1 (WARNING) if the firewall is started but alert5 is not configured properly * 2 (CRITICAL) if the firewall is not running but it should be. --- minifirewall/files/check_minifirewall | 78 ++++++++++++++++++++++++++ minifirewall/files/minifirewall_status | 16 ++++++ minifirewall/handlers/main.yml | 6 ++ minifirewall/tasks/main.yml | 2 + minifirewall/tasks/nrpe.yml | 56 ++++++++++++++++++ 5 files changed, 158 insertions(+) create mode 100644 minifirewall/files/check_minifirewall create mode 100644 minifirewall/files/minifirewall_status create mode 100644 minifirewall/handlers/main.yml create mode 100644 minifirewall/tasks/nrpe.yml diff --git a/minifirewall/files/check_minifirewall b/minifirewall/files/check_minifirewall new file mode 100644 index 00000000..632f3e8a --- /dev/null +++ b/minifirewall/files/check_minifirewall @@ -0,0 +1,78 @@ +#!/bin/sh + +is_alert5_enabled() { + # It's not very clear how to reliably detect if a SysVinit script + # wrapped in a systemd unit is enabled or not. + # Even when the script is not started in any run level, systemd says "active". + # So we test the SysVinit script path: + # if present, we test for an rc2.d symlink + # if missing, we ask systemd if a unit is active or not. + if test -f /etc/init.d/alert5; then + test -f /etc/rc2.d/S*alert5 + else + systemctl is-active alert5 | grep -q "^active$" + fi +} + +is_minifirewall_enabled() { + # TODO: instead of nested conditionals, we could loop with many possible paths + # and grep the first found, or error if none is found + if test -f /etc/rc2.d/S*alert5; then + grep -q "^/etc/init.d/minifirewall" /etc/rc2.d/S*alert5 + else + if test -f /usr/share/scripts/alert5.sh; then + grep -q "^/etc/init.d/minifirewall" /usr/share/scripts/alert5.sh + else + return_critical "No Alert5 scripts has been found." + fi + fi +} + +is_minifirewall_started() { + if test -x /usr/share/scripts/minifirewall_status; then + /usr/share/scripts/minifirewall_status > /dev/null + else + /sbin/iptables -L -n | grep -q -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$" + fi +} + +return_critical() { + echo "CRITICAL: $1" + exit 2 +} + +return_warning() { + echo "WARNING: $1" + exit 1 +} + +return_ok() { + echo "OK: $1" + exit 0 +} + +main() { + if is_alert5_enabled; then + if is_minifirewall_enabled; then + if is_minifirewall_started; then + return_ok "Minifirewall is started." + else + return_critical "Minifirewall is not started." + fi + else + if is_minifirewall_started; then + return_warning "Minifirewall is started, but disabled in alert5." + else + return_ok "Minifirewall is not started, but disabled in alert5." + fi + fi + else + if is_minifirewall_started; then + return_warning "Minifirewall is started, but Alert5 script is not enabled." + else + return_ok "Minifirewall is not started and Alert5 script is not enabled." + fi + fi +} + +main diff --git a/minifirewall/files/minifirewall_status b/minifirewall/files/minifirewall_status new file mode 100644 index 00000000..7bf09285 --- /dev/null +++ b/minifirewall/files/minifirewall_status @@ -0,0 +1,16 @@ +#!/bin/sh + +is_started() { + /sbin/iptables -L -n \ + | grep -E "^(DROP\s+udp|ACCEPT\s+icmp)\s+--\s+0\.0\.0\.0\/0\s+0\.0\.0\.0\/0\s*$" +} +return_started() { + echo "started" + exit 0 +} +return_stopped() { + echo "stopped" + exit 1 +} + +is_started && return_started || return_stopped diff --git a/minifirewall/handlers/main.yml b/minifirewall/handlers/main.yml new file mode 100644 index 00000000..5ba1926c --- /dev/null +++ b/minifirewall/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: restart nagios-nrpe-server + service: + name: nagios-nrpe-server + state: restarted diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml index 851d1917..1e135780 100644 --- a/minifirewall/tasks/main.yml +++ b/minifirewall/tasks/main.yml @@ -4,6 +4,8 @@ - include: config.yml +- include: nrpe.yml + - include: activate.yml - include: tail.yml diff --git a/minifirewall/tasks/nrpe.yml b/minifirewall/tasks/nrpe.yml new file mode 100644 index 00000000..bb92553e --- /dev/null +++ b/minifirewall/tasks/nrpe.yml @@ -0,0 +1,56 @@ +--- + +- include_role: + name: remount-usr + +- name: /usr/share/scripts exists + file: + dest: /usr/share/scripts + mode: "0700" + owner: root + group: root + state: directory + +- name: minifirewall_status is installed + copy: + src: minifirewall_status + dest: /usr/share/scripts/minifirewall_status + force: no + mode: "0700" + owner: root + group: root + +- name: /usr/local/lib/nagios/plugins/ exists + file: + dest: "{{ item }}" + mode: "02755" + owner: root + group: staff + state: directory + with_items: + - /usr/local/lib/nagios + - /usr/local/lib/nagios/plugins + +- name: check_minifirewall is installed + copy: + src: check_minifirewall + dest: /usr/local/lib/nagios/plugins/check_minifirewall + force: no + mode: "0755" + owner: root + group: staff + +- name: check_minifirewall is available for NRPE + lineinfile: + dest: /etc/nagios/nrpe.d/evolix.cfg + regexp: 'command\[check_minifirewall\]' + line: 'command[check_minifirewall]=sudo /usr/local/lib/nagios/plugins/check_minifirewall' + notify: restart nagios-nrpe-server + +- name: sudo without password for nagios + lineinfile: + dest: /etc/sudoers.d/evolinux + regexp: 'check_minifirewall' + line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall' + insertafter: '^nagios' + validate: "visudo -cf %s" From e984e46b83a46e428a1c010d297e707d06ea9674 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 09:40:38 +0200 Subject: [PATCH 74/82] minifirewall: nagios plugins directory is configurable --- minifirewall/defaults/main.yml | 2 ++ minifirewall/tasks/nrpe.yml | 11 ++++------- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml index 4f82138d..a6eaa2fc 100644 --- a/minifirewall/defaults/main.yml +++ b/minifirewall/defaults/main.yml @@ -25,3 +25,5 @@ minifirewall_private_ports_udp: [] minifirewall_autostart: "no" evomaintenance_hosts: [] + +nagios_plugins_directory: "/usr/local/lib/nagios/plugins" diff --git a/minifirewall/tasks/nrpe.yml b/minifirewall/tasks/nrpe.yml index bb92553e..2e8569f8 100644 --- a/minifirewall/tasks/nrpe.yml +++ b/minifirewall/tasks/nrpe.yml @@ -22,19 +22,16 @@ - name: /usr/local/lib/nagios/plugins/ exists file: - dest: "{{ item }}" + dest: "{{ nagios_plugins_directory }}" mode: "02755" owner: root group: staff state: directory - with_items: - - /usr/local/lib/nagios - - /usr/local/lib/nagios/plugins - name: check_minifirewall is installed copy: src: check_minifirewall - dest: /usr/local/lib/nagios/plugins/check_minifirewall + dest: "{{ nagios_plugins_directory }}/check_minifirewall" force: no mode: "0755" owner: root @@ -44,13 +41,13 @@ lineinfile: dest: /etc/nagios/nrpe.d/evolix.cfg regexp: 'command\[check_minifirewall\]' - line: 'command[check_minifirewall]=sudo /usr/local/lib/nagios/plugins/check_minifirewall' + line: 'command[check_minifirewall]=sudo {{ nagios_plugins_directory }}/check_minifirewall' notify: restart nagios-nrpe-server - name: sudo without password for nagios lineinfile: dest: /etc/sudoers.d/evolinux regexp: 'check_minifirewall' - line: 'nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall' + line: 'nagios ALL = NOPASSWD: {{ nagios_plugins_directory }}/check_minifirewall' insertafter: '^nagios' validate: "visudo -cf %s" From 61c268b39554d7ef11a28c3242204d80d8dcf92a Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 09:41:46 +0200 Subject: [PATCH 75/82] nagios-nrpe: add check_minifirewall by default --- nagios-nrpe/templates/evolix.cfg.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/nagios-nrpe/templates/evolix.cfg.j2 b/nagios-nrpe/templates/evolix.cfg.j2 index 3d07600e..0be4e38e 100644 --- a/nagios-nrpe/templates/evolix.cfg.j2 +++ b/nagios-nrpe/templates/evolix.cfg.j2 @@ -66,6 +66,7 @@ command[check_glusterfs]={{ nagios_plugins_directory }}/check_glusterfs -v all - command[check_supervisord_status]={{ nagios_plugins_directory }}/check_supervisord command[check_varnish]={{ nagios_plugins_directory }}/check_varnish_health -i 127.0.0.1 -p 6082 -s /etc/varnish/secret -w 2 -c 4 command[check_haproxy]={{ nagios_plugins_directory }}/check_haproxy_stats -s /var/run/haproxy.sock -w 80 -c 90 +command[check_minifirewall]=sudo {{ nagios_plugins_directory }}/check_minifirewall # Check HTTP "many". Use this to check many websites (http, https, ports, sockets and SSL certificates). # Beware! All checks must not take more than 10s! From 654c0a261fab70cacf48041ca7295684548030fe Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 09:45:10 +0200 Subject: [PATCH 76/82] update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 979021e9..60d262e8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The **patch** part changes incrementally at each release. * etc-git: add tags for Ansible * evolinux-base: install ncurses-term package * haproxy: install Munin plugins +* minifirewall: add "check_minifirewall" Nagios plugin (and `minifirewall_status` script) * mysql-oracle: new role to install MySQL 5.7 with Oracle packages * mysql: remount /usr before creating scripts directory * nagios-nrpe: add "check_open_files" plugin From 831b733dfe73ed7e08c3e24570cdaee655a311f7 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 10:35:43 +0200 Subject: [PATCH 77/82] minifirewall: nrpe/sudo config only if possible --- minifirewall/tasks/nrpe.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/minifirewall/tasks/nrpe.yml b/minifirewall/tasks/nrpe.yml index 2e8569f8..3893e5c9 100644 --- a/minifirewall/tasks/nrpe.yml +++ b/minifirewall/tasks/nrpe.yml @@ -37,12 +37,23 @@ owner: root group: staff +- name: Is NRPE installed? + stat: + path: /etc/nagios/nrpe.d/evolix.cfg + register: nrpe_evolix_cfg + - name: check_minifirewall is available for NRPE lineinfile: dest: /etc/nagios/nrpe.d/evolix.cfg regexp: 'command\[check_minifirewall\]' line: 'command[check_minifirewall]=sudo {{ nagios_plugins_directory }}/check_minifirewall' notify: restart nagios-nrpe-server + when: nrpe_evolix_cfg.stat.exists + +- name: Is evolinux sudoers installed? + stat: + path: /etc/sudoers.d/evolinux + register: sudoers_evolinux - name: sudo without password for nagios lineinfile: @@ -51,3 +62,4 @@ line: 'nagios ALL = NOPASSWD: {{ nagios_plugins_directory }}/check_minifirewall' insertafter: '^nagios' validate: "visudo -cf %s" + when: sudoers_evolinux.stat.exists From 46a6a35486f6441484bc5507a9e6d6dd0b44504a Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 10:36:48 +0200 Subject: [PATCH 78/82] evolinux-users: add check_minifirewall in sudoers commands --- evolinux-users/templates/sudoers_jessie.j2 | 1 + evolinux-users/templates/sudoers_stretch.j2 | 1 + 2 files changed, 2 insertions(+) diff --git a/evolinux-users/templates/sudoers_jessie.j2 b/evolinux-users/templates/sudoers_jessie.j2 index ab5a0b5c..ff50f482 100644 --- a/evolinux-users/templates/sudoers_jessie.j2 +++ b/evolinux-users/templates/sudoers_jessie.j2 @@ -4,6 +4,7 @@ Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts User_Alias ADMINS = {{ user.name }} nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs +nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_minifirewall nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt ADMINS ALL = (ALL:ALL) ALL diff --git a/evolinux-users/templates/sudoers_stretch.j2 b/evolinux-users/templates/sudoers_stretch.j2 index 289a65ee..82d9bc97 100644 --- a/evolinux-users/templates/sudoers_stretch.j2 +++ b/evolinux-users/templates/sudoers_stretch.j2 @@ -3,6 +3,7 @@ Defaults umask=0077 Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh, /usr/bin/apt, /bin/mount nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs +nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_minifirewall nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt %{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL From 5650b79c81a02d82a7f9366758b9ae969378dda9 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Tue, 6 Mar 2018 15:11:25 +0100 Subject: [PATCH 79/82] listupgrade: Add service restart notification for libstdc++6 --- listupgrade/templates/listupgrade.sh.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/listupgrade/templates/listupgrade.sh.j2 b/listupgrade/templates/listupgrade.sh.j2 index 46d5c005..50a444b0 100644 --- a/listupgrade/templates/listupgrade.sh.j2 +++ b/listupgrade/templates/listupgrade.sh.j2 @@ -163,6 +163,9 @@ for pkg in $packagesParsable; do elif [ "$pkg" = "libc6" ]; then echo "Tous les services (mise à jour de libc6)." >$servicesToRestart break + elif [ "$pkg" = "libstdc++6" ]; then + echo "Tous les services (mise à jour de libstdc++6)." >$servicesToRestart + break elif echo "$pkg" |grep -q "^libssl"; then echo "Tous les services (mise à jour de libssl)." >$servicesToRestart break From 602c9fbf3bb6374e643c16e8bceedacab49054f5 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Tue, 6 Mar 2018 15:13:51 +0100 Subject: [PATCH 80/82] listupgrade: Add service restart notification for squid --- listupgrade/templates/listupgrade.sh.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/listupgrade/templates/listupgrade.sh.j2 b/listupgrade/templates/listupgrade.sh.j2 index 50a444b0..c8e6f335 100644 --- a/listupgrade/templates/listupgrade.sh.j2 +++ b/listupgrade/templates/listupgrade.sh.j2 @@ -159,6 +159,8 @@ for pkg in $packagesParsable; do echo "HAProxy" >>$servicesToRestart elif [ "$pkg" = "varnish" ]; then echo "Varnish" >>$servicesToRestart + elif [ "$pkg" = "squid" ]; then + echo "Squid" >>$servicesToRestart elif [ "$pkg" = "libc6" ]; then echo "Tous les services (mise à jour de libc6)." >$servicesToRestart From 2e375b950626b4be4fb7f7b8fb7ba56183ad6b4e Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 10:42:32 +0200 Subject: [PATCH 81/82] update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 60d262e8..c57426f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ The **patch** part changes incrementally at each release. * etc-git: add tags for Ansible * evolinux-base: install ncurses-term package * haproxy: install Munin plugins +* listupgrade: add service restart notification for Squid and libstdc++6 * minifirewall: add "check_minifirewall" Nagios plugin (and `minifirewall_status` script) * mysql-oracle: new role to install MySQL 5.7 with Oracle packages * mysql: remount /usr before creating scripts directory From 619a0a8c72af5adc84813b5381fa2772190ca4b5 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 6 Apr 2018 10:49:23 +0200 Subject: [PATCH 82/82] Release 9.1.7 --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c57426f0..2206e9e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,16 @@ The **patch** part changes incrementally at each release. ## [Unreleased] +### Added + +### Changed + +### Fixed + +### Security + +## [9.1.7] - 2018-04-06 + ### Added * added a few become attributes where missing * etc-git: add tags for Ansible