evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 34 Wiki Activity

Compare commits

base: evolix:monitoringctl
Branches Tags
evolix:stable
evolix:monitoringctl
evolix:unstable
evolix:fix_nodejs_deb12
evolix:peertube
evolix:p10166-mastodon
evolix:gitea
evolix:mattermost
evolix:privatebin
evolix:etherpad
evolix:jitsimeet
evolix:munin_ipmi
evolix:patroni
evolix:etcd
evolix:bind
evolix:wip_10691
evolix:multi-php-v2
evolix:add-drbd-firewall-rule
evolix:backports_preferences
evolix:migrate-vm-error-handling
evolix:evofs
evolix:goto-postfix-role
evolix:lxc-php82
evolix:timesyncd
evolix:noopensshinlxc
evolix:ssh-split
evolix:rsyslog-remote
evolix:emorino/patroni-etcd
evolix:jitsimeet_docker
evolix:hedgedoc
evolix:replace_include
evolix:when-not-check
evolix:fix_lxc_php56_debian10
evolix:debian12
evolix:boost-proxy
evolix:debian12-keyring
evolix:evodomains
evolix:vrrp-addresses
evolix:lxc_etc-git
evolix:lxc_etc-commit
evolix:evoacme-v2
evolix:sshd_modular_config
evolix:exclusion_images_evobackup
evolix:rotate_elasticsearch_logs
evolix:evobackup_tags_redux
evolix:log2mail-beats
evolix:T47076
evolix:kvm-guest
evolix:lpoujol/fpm-php
evolix:lxc-php-buster
evolix:simplify-evolinux-users
evolix:openvpn
evolix:newkernel
evolix:etc-git-status-script
evolix:ubuntu
evolix:nagios-sudoers
evolix:configurable-swapiness
evolix:alert5-minifirewall-restart
evolix:fail2ban_ips_tag
evolix:audit-ftpadmin
evolix:projet6062
evolix:whitelisting-changes
evolix:uvrrpd
evolix:packweb-apache-lxc
evolix:backup/jlecour/ssh-groups
evolix:nextcloud
evolix:backup/jlecour/nextcloud
evolix:evoadmin-mail
evolix:haproxy_munin
evolix:evolinux-users
evolix:ansible-log
evolix:ansible-managed
evolix:apache-fix-default-vhost
evolix:ipsec
evolix:courier
evolix:spamassassin
evolix:samba
evolix:munin-openbsd
evolix:24.05
evolix:24.04
evolix:24.03
evolix:24.02.1
evolix:24.02
evolix:23.10
evolix:23.04
evolix:23.03.1
evolix:23.03
evolix:22.12
evolix:22.09
evolix:22.07.1
evolix:22.07
evolix:22.06.3
evolix:22.06.2
evolix:22.06.1
evolix:22.06
evolix:22.05.1
evolix:22.05
evolix:22.03
evolix:22.01.3
evolix:22.01.2
evolix:22.01.1
evolix:22.01
evolix:10.6.0
evolix:10.5.1
evolix:10.5.0
evolix:10.4.0
evolix:10.3.0
evolix:10.2.0
evolix:10.1.0
evolix:10.0.0
evolix:9.10.1
evolix:9.10.0
evolix:9.9.0
evolix:9.8.0
evolix:9.7.0
evolix:9.6.0
evolix:9.5.0
evolix:9.4.2
evolix:9.4.1
evolix:9.4.0
evolix:9.3.2
evolix:9.3.1
evolix:9.3.0
evolix:9.2.0
evolix:9.1.9
evolix:9.1.8
evolix:9.1.7
evolix:9.1.6
evolix:9.1.5
evolix:9.1.4
evolix:9.1.3
evolix:9.1.2
evolix:9.1.1
evolix:9.1.0
evolix:9.0.1
evolix:9.0.0
..
compare: evolix:stable
Branches Tags
evolix:monitoringctl
evolix:unstable
evolix:fix_nodejs_deb12
evolix:peertube
evolix:p10166-mastodon
evolix:stable
evolix:gitea
evolix:mattermost
evolix:privatebin
evolix:etherpad
evolix:jitsimeet
evolix:munin_ipmi
evolix:patroni
evolix:etcd
evolix:bind
evolix:wip_10691
evolix:multi-php-v2
evolix:add-drbd-firewall-rule
evolix:backports_preferences
evolix:migrate-vm-error-handling
evolix:evofs
evolix:goto-postfix-role
evolix:lxc-php82
evolix:timesyncd
evolix:noopensshinlxc
evolix:ssh-split
evolix:rsyslog-remote
evolix:emorino/patroni-etcd
evolix:jitsimeet_docker
evolix:hedgedoc
evolix:replace_include
evolix:when-not-check
evolix:fix_lxc_php56_debian10
evolix:debian12
evolix:boost-proxy
evolix:debian12-keyring
evolix:evodomains
evolix:vrrp-addresses
evolix:lxc_etc-git
evolix:lxc_etc-commit
evolix:evoacme-v2
evolix:sshd_modular_config
evolix:exclusion_images_evobackup
evolix:rotate_elasticsearch_logs
evolix:evobackup_tags_redux
evolix:log2mail-beats
evolix:T47076
evolix:kvm-guest
evolix:lpoujol/fpm-php
evolix:lxc-php-buster
evolix:simplify-evolinux-users
evolix:openvpn
evolix:newkernel
evolix:etc-git-status-script
evolix:ubuntu
evolix:nagios-sudoers
evolix:configurable-swapiness
evolix:alert5-minifirewall-restart
evolix:fail2ban_ips_tag
evolix:audit-ftpadmin
evolix:projet6062
evolix:whitelisting-changes
evolix:uvrrpd
evolix:packweb-apache-lxc
evolix:backup/jlecour/ssh-groups
evolix:nextcloud
evolix:backup/jlecour/nextcloud
evolix:evoadmin-mail
evolix:haproxy_munin
evolix:evolinux-users
evolix:ansible-log
evolix:ansible-managed
evolix:apache-fix-default-vhost
evolix:ipsec
evolix:courier
evolix:spamassassin
evolix:samba
evolix:munin-openbsd
evolix:24.05
evolix:24.04
evolix:24.03
evolix:24.02.1
evolix:24.02
evolix:23.10
evolix:23.04
evolix:23.03.1
evolix:23.03
evolix:22.12
evolix:22.09
evolix:22.07.1
evolix:22.07
evolix:22.06.3
evolix:22.06.2
evolix:22.06.1
evolix:22.06
evolix:22.05.1
evolix:22.05
evolix:22.03
evolix:22.01.3
evolix:22.01.2
evolix:22.01.1
evolix:22.01
evolix:10.6.0
evolix:10.5.1
evolix:10.5.0
evolix:10.4.0
evolix:10.3.0
evolix:10.2.0
evolix:10.1.0
evolix:10.0.0
evolix:9.10.1
evolix:9.10.0
evolix:9.9.0
evolix:9.8.0
evolix:9.7.0
evolix:9.6.0
evolix:9.5.0
evolix:9.4.2
evolix:9.4.1
evolix:9.4.0
evolix:9.3.2
evolix:9.3.1
evolix:9.3.0
evolix:9.2.0
evolix:9.1.9
evolix:9.1.8
evolix:9.1.7
evolix:9.1.6
evolix:9.1.5
evolix:9.1.4
evolix:9.1.3
evolix:9.1.2
evolix:9.1.1
evolix:9.1.0
evolix:9.0.1
evolix:9.0.0

5 commits
monitoring ... stable

Author SHA1 Message Date
Alexis Ben Miloud--Josselin 8ad55d9a84 Revert "evolinux-base: Create custom SSH configuration file"
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2743|0|2743|0|:zzz:
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details 
This reverts commit f7ceaf2fb6.
 2024-05-24 11:48:17 +02:00
Alexis Ben Miloud--Josselin f7ceaf2fb6 evolinux-base: Create custom SSH configuration file
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2746|0|2746|0|:zzz:
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
2024-05-24 11:39:00 +02:00
Jérémy Lecour fe1e66f79c
Merge branch 'unstable' into stable
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2745|0|2745|0|:zzz:
Details
gitea/ansible-roles/pipeline/tag This commit looks good
Details
2024-05-15 14:16:44 +02:00
Jérémy Lecour 145b279a12
Merge branch 'unstable' into stable
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2710|0|2710|0|:zzz:
Details
gitea/ansible-roles/pipeline/tag This commit looks good
Details
2024-04-30 17:42:11 +02:00
Jérémy Lecour 2a856d579e
Merge branch 'unstable' into stable
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2712|0|2712|0|:zzz:
Details
gitea/ansible-roles/pipeline/tag This commit looks good
Details
2024-03-01 09:06:08 +01:00
24 changed files with 292 additions and 1706 deletions
Show stats Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -13,10 +13,6 @@ The **patch** part is incremented if multiple releases happen the same month
### Added
* evolinux-base: install evobackup-client (default: true)
* munin: add linux_psi contrib plugin
* evolinux-base: Create custom SSH configuration file
### Changed
### Fixed

3
evolinux-base/defaults/main.yml
View file

@ -243,6 +243,3 @@ evolinux_utils_include: True
# Autosysadmin
evolinux_autosysadmin_include: false
# Evobackup client
evolinux_evobackup_client_include: True

5
evolinux-base/tasks/main.yml
View file

@ -158,11 +158,6 @@
name: 'evolix/autosysadmin-restart_nrpe'
when: evolinux_autosysadmin_include | bool
- name: Evobackup (client)
ansible.builtin.include_role:
name: 'evolix/evobackup-client'
when: evolinux_evobackup_client_include | bool
- name: fail2ban
ansible.builtin.include_role:
name: evolix/fail2ban

8
evolinux-base/tasks/ssh.included-files.yml
View file

@ -16,14 +16,6 @@
dest: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
mode: "0644"
- name: create custom SSH server configuration file
ansible.builtin.file:
path: /etc/ssh/sshd_config.d/zzz-evolinux-custom.conf
state: touch
mode: "0644"
modification_time: preserve
access_time: preserve
# Should we allow the current user?
- name: Allow the current user
block:

6
lxc-php/tasks/php56.yml
View file

@ -1,11 +1,11 @@
---
- name: "{{ lxc_php_container_name }} - Install PHP packages"
- name: "{{ lxc_php_version }} - Install PHP packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php5-sqlite php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer"
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
ansible.builtin.template:
src: z-evolinux-defaults.ini.j2
dest: "{{ line_item }}"

6
lxc-php/tasks/php70.yml
View file

@ -1,11 +1,11 @@
---
- name: "{{ lxc_php_container_name }} - Install PHP packages"
- name: "{{ lxc_php_version }} - Install PHP packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-sqlite3 php-gettext php-curl php-ssh2 php-zip php-mbstring composer libphp-phpmailer"
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
ansible.builtin.template:
src: z-evolinux-defaults.ini.j2
dest: "{{ line_item }}"

8
lxc-php/tasks/php74.yml
View file

@ -1,17 +1,17 @@
---
- name: "{{ lxc_php_container_name }} - Install PHP packages"
- name: "{{ lxc_php_version }} - Install PHP packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
- name: "{{ lxc_php_container_name }} - fix bullseye repository"
- name: "{{ lxc_php_version }} - fix bullseye repository"
ansible.builtin.replace:
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
regexp: 'bullseye/updates'
replace: 'bullseye-security'
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
ansible.builtin.template:
src: z-evolinux-defaults.ini.j2
dest: "{{ line_item }}"

18
lxc-php/tasks/php80.yml
View file

@ -5,18 +5,18 @@
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
- name: "{{ lxc_php_container_name }} - Install dependency packages"
- name: "{{ lxc_php_version }} - Install dependency packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
- name: "{{ lxc_php_container_name }} - fix bullseye repository"
- name: "{{ lxc_php_version }} - fix bullseye repository"
ansible.builtin.replace:
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
regexp: 'bullseye/updates'
replace: 'bullseye-security'
- name: "{{ lxc_php_container_name }} - Add sury repo"
- name: "{{ lxc_php_version }} - Add sury repo"
ansible.builtin.lineinfile:
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
line: "{{ item }}"
@ -51,17 +51,17 @@
owner: root
group: root
- name: "{{ lxc_php_container_name }} - Update APT cache"
- name: "{{ lxc_php_version }} - Update APT cache"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
- name: "{{ lxc_php_container_name }} - Install PHP packages"
- name: "{{ lxc_php_version }} - Install PHP packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
ansible.builtin.template:
src: z-evolinux-defaults.ini.j2
dest: "{{ line_item }}"

18
lxc-php/tasks/php81.yml
View file

@ -4,18 +4,18 @@
ansible.builtin.set_fact:
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
- name: "{{ lxc_php_container_name }} - Install dependency packages"
- name: "{{ lxc_php_version }} - Install dependency packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
- name: "{{ lxc_php_container_name }} - fix bullseye repository"
- name: "{{ lxc_php_version }} - fix bullseye repository"
ansible.builtin.replace:
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
regexp: 'bullseye/updates'
replace: 'bullseye-security'
- name: "{{ lxc_php_container_name }} - Add sury repo"
- name: "{{ lxc_php_version }} - Add sury repo"
ansible.builtin.lineinfile:
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
line: "{{ item }}"
@ -50,17 +50,17 @@
owner: root
group: root
- name: "{{ lxc_php_container_name }} - Update APT cache"
- name: "{{ lxc_php_version }} - Update APT cache"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
- name: "{{ lxc_php_container_name }} - Install PHP packages"
- name: "{{ lxc_php_version }} - Install PHP packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
ansible.builtin.template:
src: z-evolinux-defaults.ini.j2
dest: "{{ line_item }}"

20
lxc-php/tasks/php82.yml
View file

@ -4,24 +4,24 @@
ansible.builtin.set_fact:
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
- name: "{{ lxc_php_container_name }} - Install dependency packages"
- name: "{{ lxc_php_version }} - Install dependency packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
- name: "{{ lxc_php_container_name }} - delete sources.list bookworm repository"
- name: "{{ lxc_php_version }} - delete sources.list bookworm repository"
ansible.builtin.file:
path: "{{ lxc_rootfs }}/etc/apt/sources.list"
state: absent
- name: "{{ lxc_php_container_name }} - system bookworm repository"
- name: "{{ lxc_php_version }} - system bookworm repository"
ansible.builtin.template:
src: bookworm_basics.sources.j2
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
force: true
mode: "0644"
- name: "{{ lxc_php_container_name }} - security bookworm repository"
- name: "{{ lxc_php_version }} - security bookworm repository"
ansible.builtin.template:
src: bookworm_security.sources.j2
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
@ -44,17 +44,17 @@
owner: root
group: root
- name: "{{ lxc_php_container_name }} - Update APT cache"
- name: "{{ lxc_php_version }} - Update APT cache"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
- name: "{{ lxc_php_container_name }} - Install PHP packages"
- name: "{{ lxc_php_version }} - Install PHP packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
ansible.builtin.template:
src: z-evolinux-defaults.ini.j2
dest: "{{ line_item }}"

24
lxc-php/tasks/php83.yml
View file

@ -4,38 +4,38 @@
ansible.builtin.set_fact:
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
- name: "{{ lxc_php_container_name }} - Install dependency packages"
- name: "{{ lxc_php_version }} - Install dependency packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
- name: "{{ lxc_php_container_name }} - delete sources.list bookworm repository"
- name: "{{ lxc_php_version }} - delete sources.list bookworm repository"
ansible.builtin.file:
path: "{{ lxc_rootfs }}/etc/apt/sources.list"
state: absent
- name: "{{ lxc_php_container_name }} - system bookworm repository"
- name: "{{ lxc_php_version }} - system bookworm repository"
ansible.builtin.template:
src: bookworm_basics.sources.j2
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
force: true
mode: "0644"
- name: "{{ lxc_php_container_name }} - security bookworm repository"
- name: "{{ lxc_php_version }} - security bookworm repository"
ansible.builtin.template:
src: bookworm_security.sources.j2
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
force: true
mode: "0644"
- name: "{{ lxc_php_container_name }} - Add sury repo"
- name: "{{ lxc_php_version }} - Add sury repo"
ansible.builtin.template:
src: sury.sources.j2
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.sources"
force: true
mode: "0644"
- name: "{{ lxc_php_container_name }} - Add sury failsafe repo"
- name: "{{ lxc_php_version }} - Add sury failsafe repo"
ansible.builtin.template:
src: evolix_sury.sources.j2
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/evolix_sury.sources"
@ -66,17 +66,17 @@
owner: root
group: root
- name: "{{ lxc_php_container_name }} - Update APT cache"
- name: "{{ lxc_php_version }} - Update APT cache"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
- name: "{{ lxc_php_container_name }} - Install PHP packages"
- name: "{{ lxc_php_version }} - Install PHP packages"
community.general.lxc_container:
name: "{{ lxc_php_container_name }}"
name: "{{ lxc_php_version }}"
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
ansible.builtin.template:
src: z-evolinux-defaults.ini.j2
dest: "{{ line_item }}"

360
munin/files/plugins/linux-psi
View file

@ -1,360 +0,0 @@
#!/bin/bash
: << =cut
=head1 NAME
linux_psi - Plugin to monitor the pressure stall information for CPU, Memory and
IO as reported by the Linux kernel.
This plugin monitors the pressure stall information (psi) as reported by the
Linux Kernel. By default it reports all average intervals (10 seconds,
60 seconds and 300 seconds) as well as the total values as a rate of change
(DERIVE) for all resources (cpu, memory, io). The average intervals can be
configured if you only deem some of them useful. See CONFIGURATION for
explanations on that.
This is a multigraph plugin that, by default, will create six detail graphs and
one summary graph (so seven in total). The summary graph will contain the 300
seconds average percentages of all resources. The detail graphs are split in two
graphs per resource. One combining all average intervals and one for the
"totals" (rate of change) for the given resource.
There are no defaults for warnings and criticals, because this highly depends on
the system, so you need to configure them yourself (if you want any). It is
recommended that you first lookup the meaning of the different values.
For more information on psi see:
https://www.kernel.org/doc/html/latest/accounting/psi.html
=head1 CONFIGURATION
Simply create a symlink in your plugins directory like with any other plugin.
No additional configuration needed, no specific user required (typically).
If you want to configure alerts, just add "warn_" or "crit_" in front of the
internal name.
Optional configuration examples:
[linux_psi]
env.resources cpu io memory - Specify the resources to monitor. Leave one
out if you don't want this one to be
monitored.
env.intervals avg10 avg60 avg300 - Sepcify the average intervals to monitor.
Leave one out if you don't want this one to
be monitored
env.scopes some full - Specify the scopes to monitor. Leave one out
If you don't want it to be monitored.
env.summary_interval avg300 - Specify the interval to be used for the
summary-graph.
env.warn_psi_cpu_avg300_some 5 - Set a warning-level of 5 for
"psi_cpu_avg300_some"
env.crit_psi_io_total_full 2000 - Set a critical-level of 2000 for
"psi_io_total_full"
=head1 AUTHOR
2022, HaseHarald
=head1 LICENSE
LGPLv3
=head1 BUGS
=head1 TODO
=head1 MAGIC MARKERS
#%# family=auto
#%# capabilities=autoconf
=cut
# This file contains a munin-plugin to graph the psi (pressure) for CPU, Memory
# and IO, as reported by the Linux kernel.
#
# This is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this plugin. If not, see <http://www.gnu.org/licenses/>.
resource_defaults=('cpu' 'io' 'memory')
interval_defaults=('avg10' 'avg60' 'avg300')
scope_defaults=('some' 'full')
pressure_dir=${pressure_dir:-'/proc/pressure/'}
pressure_resources=( "${resources[@]:-${resource_defaults[@]}}" )
pressure_intervals=( "${intervals[@]:-${interval_defaults[@]}}" )
pressure_scopes=( "${scopes[@]:-${scope_defaults[@]}}" )
summary_interval="${summary_interval:-avg300}"
check_autoconf() {
if [ -d "${pressure_dir}" ]; then
printf "yes\n"
else
printf "no (%s not found)\n" "${pressure_dir}"
fi
}
get_pressure_value() {
local resource
local interval
local scope
resource="$1"
interval="$2"
scope="${3:-some}"
grep "$scope" "${pressure_dir}/${resource}" | grep -o -E "${interval}=[0-9]{1,}(\.[0-9]{1,}){0,1}" | cut -d '=' -f 2
}
get_printable_name() {
local kind
local value
local printable_name
kind="$1"
value="$2"
printable_name=""
case "$kind" in
interval)
case "$interval" in
avg10)
printable_name="10sec"
;;
avg60)
printable_name="60sec"
;;
avg300)
printable_name="5min"
;;
total)
printable_name="Total"
;;
*)
printf "ERROR: Could not determine interval %s ! Must be one of 'avg10' 'avg60' 'avg300' 'total'\n" "$value" >&2
exit 2
;;
esac
;;
scope)
case "$value" in
some)
printable_name="Some"
;;
full)
printable_name="Full"
;;
*)
printf "ERROR: Could not determine scope %s ! Must be one of 'full' 'some'.\n" "$value" >&2
exit 2
;;
esac
;;
resource)
case "$value" in
cpu)
printable_name="CPU"
;;
io)
printable_name="IO"
;;
memory)
printable_name="Memory"
;;
*)
printf "ERROR: Could not determine resource-type %s ! Must be one of 'cpu' 'io' 'memory'.\n" "$value" >&2
exit 2
;;
esac
;;
*)
printf "ERROR: Could not determine kind %s ! Must be one of 'interval' 'scope' 'resource'\n" "$kind" >&2
exit 2
;;
esac
printf "%s" "$printable_name"
}
iterate_config() {
for resource in "${pressure_resources[@]}"; do
local printable_resource
printable_resource=$( get_printable_name resource "$resource" )
printf "multigraph linux_psi.%s_avg\n" "$resource"
printf "graph_title %s Pressure Stall Information - Average\n" "$printable_resource"
printf "graph_category system\n"
printf "graph_info Average PSI based latency caused by lack of %s resources.\n" "$printable_resource"
printf "graph_vlabel %%\n"
printf "graph_scale no\n"
for interval in "${pressure_intervals[@]}"; do
local printable_interval
printable_interval=$( get_printable_name interval "$interval" )
output_config "$resource" "$interval"
done
echo ""
done
for resource in "${pressure_resources[@]}"; do
local interval
local printable_resource
interval="total"
printable_resource=$( get_printable_name resource "$resource" )
printf "multigraph linux_psi.%s_total\n" "$resource"
printf "graph_title %s Pressure Stall Information - Rate\n" "$printable_resource"
printf "graph_category system\n"
printf "graph_info Total PSI based latency rate caused by lack of %s resources.\n" "$printable_resource"
printf "graph_vlabel rate\n"
output_config "$resource" "$interval"
echo ""
done
printf "multigraph linux_psi\n"
printf "graph_title Pressure Stall Information - Average\n"
printf "graph_vlabel %%\n"
printf "graph_scale no\n"
printf "graph_category system\n"
printf "graph_info Average PSI based latency caused by lack of resources.\n"
for resource in "${pressure_resources[@]}"; do
output_config "$resource" "$summary_interval"
done
echo ""
}
iterate_values() {
for resource in "${pressure_resources[@]}"; do
printf "multigraph linux_psi.%s_avg\n" "$resource"
for interval in "${pressure_intervals[@]}"; do
output_values "$resource" "$interval"
done
echo ""
done
for resource in "${pressure_resources[@]}"; do
local interval
interval="total"
printf "multigraph linux_psi.%s_total\n" "$resource"
output_values "$resource" "$interval"
echo ""
done
printf "multigraph linux_psi\n"
for resource in "${pressure_resources[@]}"; do
output_values "$resource" "$summary_interval"
done
echo ""
}
output_config() {
local resource
local interval
local printable_resource
local printable_interval
resource="$1"
interval="$2"
printable_resource=$( get_printable_name resource "$resource" )
printable_interval=$( get_printable_name interval "$interval" )
for scope in "${pressure_scopes[@]}"; do
if [ "${resource}" == "cpu" ] && [ "${scope}" != "some" ]; then
continue
else
local printable_scope
local this_warn_var
local this_crit_var
printable_scope=$( get_printable_name scope "$scope" )
this_warn_var=$( echo "warn_psi_${resource}_${interval}_${scope}" | sed 's/[^A-Za-z0-9_]/_/g' )
this_crit_var=$( echo "crit_psi_${resource}_${interval}_${scope}" | sed 's/[^A-Za-z0-9_]/_/g' )
printf "psi_%s_%s_%s.min 0\n" "$resource" "$interval" "$scope"
printf "psi_%s_%s_%s.label %s %s %s\n" "$resource" "$interval" "$scope" "$printable_resource" "$printable_interval" "$printable_scope"
if [ -n "${!this_warn_var}" ]; then
printf "psi_%s_%s_%s.warning %s\n" "$resource" "$interval" "$scope" "${!this_warn_var}"
fi
if [ -n "${!this_crit_var}" ]; then
printf "psi_%s_%s_%s.critical %s\n" "$resource" "$interval" "$scope" "${!this_crit_var}"
fi
if [ "$interval" == "total" ]; then
printf "psi_%s_%s_%s.type DERIVE\n" "$resource" "$interval" "$scope"
fi
fi
done
}
output_values() {
local resource
local interval
resource="$1"
interval="$2"
for scope in "${pressure_scopes[@]}"; do
if [ "${resource}" == "cpu" ] && [ "${scope}" != "some" ]; then
continue
else
printf "psi_%s_%s_%s.value %s\n" "$resource" "$interval" "$scope" "$(get_pressure_value "$resource" "$interval" "$scope")"
fi
done
}
output_usage() {
printf >&2 "%s - munin plugin to graph pressure stall information for CPU, Memory and IO as reported by the Linux kernel.\n" "${0##*/}"
printf >&2 "Usage: %s [config]\n" "${0##*/}"
printf >&2 "You may use environment settings in a plugin-config file, used by munin (for example /etc/munin/plugin-conf.d/munin-node) to further adjust settings.\n"
printf >&2 "You can use these settings to configure which resources, intervals or scopes are monitored or to configure warning and critical levels.\n"
printf >&2 "To do so use a syntax like this:\n"
printf >&2 "[linux_psi]\n"
printf >&2 "env.resources cpu io memory\n"
printf >&2 "env.intervals avg10 avg60 avg300\n"
printf >&2 "env.scopes some full\n"
printf >&2 "env.summary_interval avg300\n"
printf >&2 "env.warn_psi_cpu_avg300_some 5\n"
printf >&2 "env.crit_psi_io_total_full 2000\n"
}
case "$#" in
0)
iterate_values
;;
1)
case "$1" in
autoconf)
check_autoconf
;;
config)
iterate_config
;;
fetch)
iterate_values
;;
*)
output_usage
exit 1
;;
esac
;;
*)
output_usage
exit 1
;;
esac

2
munin/tasks/main.yml
View file

@ -46,7 +46,6 @@
dest: '/usr/share/munin/plugins/{{ item }}'
loop:
- dhcp_pool
- linux-psi
tags:
- munin
@ -78,7 +77,6 @@
- postfix_mailqueue
- postfix_mailstats
- postfix_mailvolume
- linux-psi
notify: restart munin-node
tags:
- munin

196
nagios-nrpe/files/alerts_switch Executable file → Normal file
View file

@ -1,143 +1,83 @@
#!/bin/bash
# https://forge.evolix.org/projects/evolix-private/repository
#
# Source:
# https://gitea.evolix.org/evolix/ansible-roles/src/branch/stable/nagios-nrpe
#
# You should not alter this file.
# If you need to, create and customize a copy.
set -e
readonly PROGNAME=$(basename $0)
readonly VERSION="24.04.00"
readonly PROGDIR=$(readlink -m $(dirname $0))
readonly ARGS="$@"
# Load common functions and vars
readonly lib_dir="/usr/local/lib/monitoringctl"
if [ -r "${lib_dir}/common" ]; then
# shellcheck source=monitoringctl_common
source "${lib_dir}/common"
else
>&2 echo "Error: missing ${lib_dir}/common file."
exit 1
fi
if [ ! -e "${var_dir}" ]; then
install --mode=0755 --directory "${var_dir}"
fi
function show_help() {
cat <<END
$PROGNAME disables or enables NRPE alerts wrapped by the script 'alerts_wrapper' in NRPE configuration.
Usage: $PROGNAME disable [-d|--during <DURATION>] [--message '<DISABLE_MESSAGE>'] <WRAPPER_NAME|all>
$PROGNAME enable [--message '<ENABLE_MESSAGE>'] <WRAPPER_NAME|all>
$PROGNAME help
WRAPPER_NAME: The name given to '--name' option of 'alerts_wrapper'.
DURATION: Duration of alert disabling.
Can be '1d' for 1 day, '5m' for 5 minutes or more complex
expressions like '1w2d10m42s' (if no time unit is provided,
hour is assumed)
Default value: 1h
DISABLE_MESSAGE: Message that will be logged and printed by alerts_wrapper
when alert is disabled.
ENABLE_MESSAGE: Message that will be logged when alert is enabled
END
usage() {
echo "$PROGNAME action prefix"
}
function disable_alerts() {
# $1: wrapper name, $2: duration_sec, $3: disable message
now_secs=$(date +"%s")
disable_until_secs=$(( now_secs + ${2} ))
disable_file_path="$(get_disable_file_path "${1}")"
echo "${disable_until_secs}" > "${disable_file_path}"
echo "$(logname || echo unknown): \"${3}\"" >> "${disable_file_path}"
chmod 0644 "${disable_file_path}"
log "${1} alerts disabled by $(logname || echo unknown)"
log "Disable message: ${3}"
}
disable_alerts () {
disabled_file="$1_disabled"
enabled_file="$1_enabled"
function enable_alerts() {
# $1: wrapper name, $2: enable message
disable_file_path="$(get_disable_file_path "${1}")"
if [ -e "${disable_file_path}" ]; then
rm "${disable_file_path}"
fi
log "${1} alerts enabled by $(logname || echo unknown)"
log "Enable message: ${2}"
}
function main() {
if [ "${action}" == 'enable' ]; then
if [ "${wrapper_name}" == "all" ]; then
for wrapper in $(get_wrappers_names); do
enable_alerts "${wrapper}" "${message}"
done
else
enable_alerts "${wrapper_name}" "${message}"
fi
elif [ "${action}" == 'disable' ]; then
duration_sec=$(time_to_seconds "${duration}")
if [ "${wrapper_name}" == "all" ]; then
for wrapper in $(get_wrappers_names); do
disable_alerts "${wrapper}" "${duration_sec}" "${message}"
done
else
disable_alerts "${wrapper_name}" "${duration_sec}" "${message}"
fi
elif [ "${action}" == 'help' ]; then
show_help
if [ -e "${enabled_file}" ]; then
mv "${enabled_file}" "${disabled_file}"
else
touch "${disabled_file}"
chmod 0644 "${disabled_file}"
fi
}
enable_alerts () {
disabled_file="$1_disabled"
enabled_file="$1_enabled"
while :; do
case "${1}" in
enable|disable|help)
action="${1}"
shift;;
-d|--during)
if [ "$#" -gt 1 ]; then
if filter_duration "${2}"; then
duration="${2}"
else
usage_error "Option --during: \"${2}\" is not a valid duration."
fi
else
error "Missing --during argument."
fi
shift; shift;;
-m|--message)
if [ "$#" -gt 1 ]; then
message="${2}"
else
error "Missing --message argument."
fi
shift; shift;;
*)
if [ -n "${1}" ]; then
if is_wrapper "${1}" || [ "${1}" == "all" ]; then
wrapper_name="${1}"
else
error "Unknown argument '${1}', or NAME not defined in NRPE configuration."
fi
else
if [ -z "${action}" ]; then
error "Missing action argument."
elif [ -z "${1}" ]; then
break
fi
fi
if [ -e "${disabled_file}" ]; then
mv "${disabled_file}" "${enabled_file}"
else
touch "${enabled_file}"
chmod 0644 "${enabled_file}"
fi
}
shift;;
now () {
date --iso-8601=seconds
}
log_disable () {
echo "$(now) - alerts disabled by $(logname || echo unknown)" >> $1
}
log_enable () {
echo "$(now) - alerts enabled by $(logname || echo unknown)" >> $1
}
main () {
local action=$1
local prefix=$2
local base_dir="/var/lib/misc"
mkdir -p "${base_dir}"
local file_path="${base_dir}/${prefix}_alerts"
local log_file="/var/log/${prefix}_alerts.log"
case "$action" in
enable)
enable_alerts ${file_path}
log_enable ${log_file}
;;
disable)
disable_alerts ${file_path}
log_disable ${log_file}
;;
help)
usage
;;
*)
>&2 echo "Unknown action '$action'"
exit 1
;;
esac
done
if [ -z "${wrapper_name}" ] && [ "${action}" != 'help' ] ; then
error "Missing WRAPPER_NAME."
fi
if [ -z "${duration}" ]; then
duration="${default_disabled_time}"
fi
readonly wrapper_name duration action
main
}
main $ARGS

209
nagios-nrpe/files/alerts_wrapper Executable file → Normal file
View file

@ -1,101 +1,114 @@
#!/bin/bash
# https://forge.evolix.org/projects/evolix-private/repository
#
# Source:
# https://gitea.evolix.org/evolix/ansible-roles/src/branch/stable/nagios-nrpe
#
# You should not alter this file.
# If you need to, create and customize a copy.
readonly PROGNAME=$(basename $0)
readonly VERSION="24.04.00"
VERSION="21.04"
readonly VERSION
# Load common functions and vars
readonly lib_dir="/usr/local/lib/monitoringctl"
if [ -r "${lib_dir}/common" ]; then
# shellcheck source=monitoringctl_common
source "${lib_dir}/common"
else
>&2 echo "Error: missing ${lib_dir}/common file."
exit 1
fi
# base functions
if [ ! -e "${var_dir}" ]; then
install --mode=0755 --directory "${var_dir}"
fi
function show_help() {
show_version() {
cat <<END
alerts_wrapper wraps an NRPE command and overrides the return code.
alerts_wrapper version ${VERSION}
Usage: alerts_wrapper --name <WRAPPER_NAME> <CHECK_COMMAND>
Usage: alerts_wrapper <WRAPPER_NAME> <CHECK_COMMAND> (deprecated)
Copyright 2018-2021 Evolix <info@evolix.fr>,
Jérémy Lecour <jlecour@evolix.fr>
and others.
alerts_wrapper comes with ABSOLUTELY NO WARRANTY.This is free software,
and you are welcome to redistribute it under certain conditions.
See the GNU General Public License v3.0 for details.
END
}
show_help() {
cat <<END
alerts_wrapper is supposed to wrap an NRPE command and overrides the return code.
Usage: alerts_wrapper --limit=1d --name=check_name command with optional arguments
or alerts_wrapper --name=check_name command with optional arguments
or alerts_wrapper check_name command with optional arguments
Options
--name Wrapper name, it is very recommended to use the check name (like load, disk1…).
Special name: 'all' is already hard-coded.
-h, --help Print this message and exit.
-V, --version Print version and exit.
--limit max age of the "check file" ;
can be "1d" for 1 day, "5m" for 5 minutes…
or more complex expressions like "1w2d10m42s"
--name check name
-h, --help print this message and exit
-V, --version print version and exit
END
}
function enable_wrapper() {
# $1: wrapper name
if [ "$(id -u)" -eq "0" ] ; then
/usr/local/bin/alerts_switch enable "${1}"
time_in_seconds() {
if echo "${1}" | grep -E -q '^([0-9]+[wdhms])+$'; then
echo "${1}" | sed 's/w/ * 604800 + /g; s/d/ * 86400 + /g; s/h/ * 3600 + /g; s/m/ * 60 + /g; s/s/ + /g; s/+ $//' | xargs expr
elif echo "${1}" | grep -E -q '^([0-9]+$)'; then
echo "${1} * 3600" | xargs expr
else
sudo /usr/local/bin/alerts_switch enable "${1}"
return 1
fi
}
function main() {
is_disabled="$(is_disabled_wrapper "${wrapper_name}")"
delay_from_alerts_disabled_file() {
last_change=$(stat -c %Z "${alerts_disabled_file}")
limit_seconds=$(time_in_seconds "${wrapper_limit}" || time_in_seconds "${wrapper_limit_default}")
limit_date=$(date --date "${limit_seconds} seconds ago" +"%s")
if [ -e "${disable_file}" ] && [ "${is_disabled}" = "False" ]; then
enable_wrapper "${wrapper_name}"
echo $(( last_change - limit_date ))
}
enable_check() {
if [ "$(id -u)" -eq "0" ] ; then
/usr/local/bin/alerts_switch enable "${check_name}"
else
sudo /usr/local/bin/alerts_switch enable "${check_name}"
fi
}
timeout_command=""
if [ "${is_disabled}" = "True" ]; then
timeout_command="timeout 8"
fi
check_stdout="$(${timeout_command} ${check_command})"
main() {
${check_command} > "${check_stdout}"
check_rc=$?
readonly check_rc
if [ "${is_disabled}" = "True" ] && [ "${check_rc}" -eq 124 ] && [ -z "${check_stdout}" ]; then
check_stdout="Check timeout (> 8 sec)"
fi
delay=0
if [ "${is_disabled}" = "True" ]; then
enable_time="$(get_enable_time "${wrapper_name}")"
enable_delay="$(enable_delay "${enable_time}")"
delay_str="$(delay_to_string "${enable_delay}")"
enable_date="$(date --date "+${enable_delay} seconds" "+%d %h %Y at %H:%M:%S")"
disable_msg="$(get_disable_message "${wrapper_name}")"
if [ -n "${disable_msg}" ]; then
disable_msg="- ${disable_msg} "
if [ -e "${alerts_disabled_file}" ]; then
delay=$(delay_from_alerts_disabled_file)
if [ "${delay}" -le "0" ]; then
enable_check
fi
echo "ALERT DISABLED until ${enable_date} (${delay_str} left) ${disable_msg}- Check output: ${check_stdout}"
else
echo "${check_stdout}"
fi
if [ "${is_disabled}" = "True" ]; then
if [ -e "${alerts_disabled_file}" ]; then
formatted_last_change=$(date --date "@$(stat -c %Z "${alerts_disabled_file}")" +'%c')
readonly formatted_last_change
echo "ALERTS DISABLED for ${check_name} (since ${formatted_last_change}, delay: ${delay} sec) - $(cat "${check_stdout}")"
if [ ${check_rc} = 0 ]; then
exit 0 # Nagios OK
# Nagios OK
exit 0
else
exit 1 # Nagios WARNING
# Nagios WARNING
exit 1
fi
else
cat "${check_stdout}"
exit ${check_rc}
fi
}
# Default: 1 day before re-enabling the check
wrapper_limit_default="1d"
readonly wrapper_limit_default
if [[ "${1}" =~ -.* ]]; then
# parse options
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
while :; do
case "${1}" in
case $1 in
-h|-\?|--help)
show_help
exit 0
@ -104,25 +117,47 @@ if [[ "${1}" =~ -.* ]]; then
show_version
exit 0
;;
-n|--name)
--limit)
# with value separated by space
if [ -n "${2}" ]; then
wrapper_name="${2}"
if [ -n "$2" ]; then
wrapper_limit=$2
shift
else
printf 'ERROR: "--limit" requires a non-empty option argument.\n' >&2
exit 1
fi
;;
--limit=?*)
# with value speparated by =
wrapper_limit=${1#*=}
;;
--limit=)
# without value
printf 'ERROR: "--limit" requires a non-empty option argument.\n' >&2
exit 1
;;
--name)
# with value separated by space
if [ -n "$2" ]; then
check_name=$2
shift
else
printf 'ERROR: "--name" requires a non-empty option argument.\n' >&2
exit 2
exit 1
fi
;;
-n|--name=?*)
# with value separated by =
wrapper_name="${1#*=}"
--name=?*)
# with value speparated by =
check_name=${1#*=}
;;
-n|--name=)
--name=)
# without value
printf 'ERROR: "--name" requires a non-empty option argument.\n' >&2
exit 2
exit 1
;;
--)
# End of all options.
shift
@ -130,8 +165,8 @@ if [[ "${1}" =~ -.* ]]; then
;;
-?*)
# ignore unknown options
printf 'ERROR: Unknown option : %s\n' "${1}" >&2
exit 2
printf 'WARN: Unknown option : %s\n' "$1" >&2
exit 1
;;
*)
# Default case: If no more options then break out of the loop.
@ -145,22 +180,38 @@ if [[ "${1}" =~ -.* ]]; then
check_command="$*"
else
# no option is passed (backward compatibility with previous version)
# treat the first argument as wrapper_name and the rest as the command
wrapper_name="${1}"
# treat the first argument as check_name and the rest as the command
check_name="${1}"
shift
check_command="$*"
fi
if [ -z "${wrapper_name}" ]; then
printf 'ERROR: You must specify a wrapper name, with --names.\n' >&2
exit 2
# Default values or errors
if [ -z "${wrapper_limit}" ]; then
wrapper_limit="${wrapper_limit_default}"
fi
if [ -z "${check_name}" ]; then
printf 'ERROR: You must specify a check name, with --name.\n' >&2
exit 1
fi
if [ -z "${check_command}" ]; then
printf 'ERROR: You must specify a command to execute.\n' >&2
exit 2
exit 1
fi
disable_file="$(get_disable_file_path "${wrapper_name}")"
readonly wrapper_name check_command disable_file
readonly check_name
readonly check_command
readonly wrapper_limit
alerts_disabled_file="/var/lib/misc/${check_name}_alerts_disabled"
readonly alerts_disabled_file
check_file="/var/lib/misc/${check_name}_alerts_disabled"
readonly check_file
check_stdout=$(mktemp --tmpdir=/tmp "${check_name}_stdout.XXXX")
readonly check_stdout
# shellcheck disable=SC2064
trap "rm ${check_stdout}" EXIT
main

36
nagios-nrpe/files/check-local Executable file
View file

@ -0,0 +1,36 @@
#!/usr/bin/env bash
CHECK_BIN=/usr/lib/nagios/plugins/check_nrpe
server_address="127.0.0.1"
if ! test -f "${CHECK_BIN}"; then
echo "${CHECK_BIN} is missing, please install nagios-nrpe-plugin package."
exit 1
fi
for file in /etc/nagios/{nrpe.cfg,nrpe_local.cfg,nrpe.d/evolix.cfg}; do
if [ -r ${file} ]; then
command_search=$(grep "\[check_$1\]" "${file}" | grep -v '^[[:blank:]]*#' | tail -n1 | cut -d'=' -f2-)
fi
if [ -n "${command_search}" ]; then
command="${command_search}"
fi
if [ -r ${file} ]; then
server_address_search=$(grep "server_address" "${file}" | grep -v '^[[:blank:]]*#' | cut -d'=' -f2)
fi
if [ -n "${server_address_search}" ]; then
server_address="${server_address_search}"
fi
done
if [ -n "${command}" ]; then
echo "Found command in /etc/nagios (take care, in some cases, Nagios can play another command):"
echo " ${command}"
fi
echo "NRPE daemon output:"
"${CHECK_BIN}" -H "${server_address}" -c "check_$1"

5
nagios-nrpe/files/check-local_completion Executable file → Normal file
View file

@ -1,6 +1,5 @@
#!/usr/bin/env bash
# List of available checks
_check_local_dynamic_completion() {
local cur;
cur=${COMP_WORDS[COMP_CWORD]};
@ -8,10 +7,6 @@ _check_local_dynamic_completion() {
COMPREPLY=( $( compgen -W '$(grep "\[check_" -Rs /etc/nagios/ | grep -vE "^[[:blank:]]*#" | awk -F"[\\\[\\\]=]" "{print \$2}" | sed "s/check_//" | sort | uniq)' -- $cur ) );
}
# List of available disable names of alerts_wrapper
# grep "alerts_wrapper" -Rs /etc/nagios/ | grep -vE "^\s*#" | awk '{ for (i=1; i<=NF; i++) { if ($i ~ /--name[s]?/) print $(i+1) } }' | tr ',' '\n' | sort | uniq
# + ajouter all
complete -F _check_local_dynamic_completion check-local

0
nagios-nrpe/files/check_async Executable file → Normal file
View file

586
nagios-nrpe/files/monitoringctl
View file

@ -1,586 +0,0 @@
#!/usr/bin/env bash
#set -x
readonly PROGNAME=$(basename $0)
readonly VERSION="24.04.00"
readonly red="\e[0;31m"
readonly green="\e[0;32m"
readonly orange="\e[0;33m"
readonly lightgreen="\e[1;32m"
readonly yellow="\e[1;33m"
readonly lightblue="\e[1;34m"
readonly purple="\e[0;35m"
readonly nocolor="\e[0m"
# Load common functions and vars
readonly lib_dir="/usr/local/lib/monitoringctl"
if [ -r "${lib_dir}/common" ]; then
# shellcheck source=monitoringctl_common
source "${lib_dir}/common"
else
>&2 echo "Error: missing ${lib_dir}/common file."
exit 1
fi
function show_help() {
cat <<EOF
monitoringctl version ${VERSION}.
monitoringctl gives some control over NRPE checks and alerts.
Usage: monitoringctl [OPTIONS] ACTION ARGUMENTS
GENERAL OPTIONS:
-h, --help Print this message and exit.
-V, --version Print version number and exit.
ACTIONS:
status [CHECK_NAME|all]
Print whether alerts are enabled or not (silenced).
If alerts are disabled (silenced), show disable message and time left before automatic re-enabling.
check [--bypass-nrpe] CHECK_NAME
Ask CHECK_NAME status to NRPE as an HTTP request.
Indicates which command NRPE has supposedly run (from its configuration).
-b, --bypass-nrpe Execute directly command from NRPE configuration,
as user nagios, without passing the request to NRPE.
disable CHECK_NAME|all [--during DURATION] [--message 'DISABLE MESSAGE']
Disable (silence) CHECK_NAME or all alerts for DURATION and write DISABLE MESSAGE into the log.
Checks output is still printed, so alerts history won't be lost.
enable CHECK_NAME|all [--message 'ENABLE MESSAGE']
Re-enable CHECK_NAME or all alerts
show CHECK_NAME
Show NPRE command(s) configured for CHECK_NAME
MESSAGE:
Message to be written in log and disabled check output (mandatory, will be asked dynamically if not provided).
DURATION:
Time (string) during which alerts will be disabled (optional, default: "1h").
Format:
You can use 'd' (day), 'h' (hour) and 'm' (minute) , or a combination of them, to specify a duration.
Examples: '2d', '1h', '10m', '1h10' ('m' is guessed).
NOTES
For actions disable, enable and status, CHECK_NAME is actually the --name option passed to alerts_wrapper, and not the NRPE check name. Both check name and alerts_wrapper --name option should be equal in NRPE configuration to avoid confusion.
Log path: ${log_file}
EOF
}
function check() {
# $1: check name, "all" or empty
readonly check_nrpe_bin="/usr/lib/nagios/plugins/check_nrpe"
if [ ! -f "${check_nrpe_bin}" ]; then
>&2 echo "${check_nrpe_bin} is missing, please install nagios-nrpe-plugin package."
exit 1
fi
conf_lines="$(get_nrpe_conf "${nrpe_conf_path}")"
server_address=$(echo "$conf_lines" | grep "server_address" | tail -n1 | cut -d'=' -f2)
if [ -z "${server_address}" ]; then server_address="127.0.0.1"; fi
server_port=$(echo "$conf_lines" | grep "server_port" | tail -n1 | cut -d'=' -f2)
if [ -z "${server_port}" ]; then server_port="5666"; fi
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
# Array header for multi-checks
checks="$(get_checks_names)"
header="Check\tStatus\tOutput (truncated)"
underline="-----\t------\t------------------"
str_out="\n${header}\n${underline}\n"
else
checks="${1}"
fi
for check in $checks; do
printf "\033[KChecking %s…\r" "${check}"
err_msg=""
if [ "${bypass_nrpe}" = "False" ]; then
request_command="${check_nrpe_bin} -H ${server_address} -p ${server_port} -c check_${check} 2&>1"
else
check_commands="$(get_check_commands "${check}")"
if [ -n "${check_commands}" ]; then
check_command="$(echo "${check_commands}" | tail -n1)"
request_command="sudo -u nagios -- ${check_command}"
else
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
err_msg="Check command not found in NRPE configuration."
else
err_msg="Error: no command found in NRPE configuration for check '${check}'. Aborted."
fi
fi
fi
if [ -z "${err_msg}" ]; then
check_output="$(${request_command})"
rc="$?"
check_output="$(echo "${check_output}" | tr '\n' ' ')"
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
if [ "${#check_output}" -gt 60 ]; then
check_output="$(echo "${check_output}" | cut -c-80) [...]"
fi
fi
else
check_output="${err_msg}"
rc="3"
fi
case "${rc}" in
0)
rc_str="OK"
color="${green}"
;;
1)
rc_str="Warning"
color="${orange}"
;;
2)
rc_str="Critical"
color="${red}"
;;
3)
rc_str="Unknown"
color="${purple}"
;;
*)
rc_str="Unknown"
color="${purple}"
esac
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
str_out="${str_out}${color}${check}\t${rc_str}${nocolor}\t${check_output}\n"
fi
done
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
echo -e "${str_out}" | column -t -s $'\t'
else
printf "\033[K\n" # erase tmp line « Checking check_toto…»
if [ "${bypass_nrpe}" = "False" ]; then
echo -e "NRPE service output (on ${server_address}:${server_port}):\n"
else
echo -e "Direct check output (bypassing NRPE):\n"
fi
echo -e "${color}${check_output}${nocolor}\n" | sed 's/|/\n/g'
exit "${rc}"
fi
}
# Print error message and exit if not installed
function alerts_switch_is_installed() {
if ! command -v alerts_switch &> /dev/null; then
error "Error: script 'alerts_switch' is not installed. Aborted."
fi
}
function disable_alerts() {
# $1: check name | all
# $2: disable message
alerts_switch_is_installed
if [ "${1}" = "all" ]; then
checks="$(get_checks_names)"
else
checks="${1}"
fi
warn_not_wrapped "${checks}"
warn_wrapper_names "${checks}"
if [ -z "${2}" ]; then
echo -n "> Please provide a disable message (for logging and check output): "
read -r message
echo ''
if [ -z "${message}" ]; then
error "${red}Error:${nocolor} disable message is mandatory."
fi
else
message="${2}"
fi
default_msg=""
if [ "${default_duration}" = "True" ]; then
default_msg=" (use --during to change default time)"
fi
if [ "${1}" = "all" ]; then
check_txt="All checks"
else
check_txt="Check ${1}"
fi
echo_box "${check_txt} will be disabled for ${duration}${default_msg}."
cat <<EOF
Additional information:
* Alerts history is kept in our monitoring system.
* To re-enable alert(s) before ${duration}, execute as root or with sudo: 'monitoringctl enable ${1}'
EOF
if [ "${1}" != "all" ]; then
if is_check "${1}"; then
wrapper="$(get_check_wrapper_name "${1}")"
else
wrapper="${1}"
fi
checks="$(get_wrapper_checks "${wrapper}")"
n_checks="$(echo "${checks}" | wc -w)"
if [ "${n_checks}" -gt 1 ]; then
>&2 echo -e "${orange}Warning:${nocolor} because they have the same configuration, disabling ${1} will disable: ${checks}.\n"
log "Warning: disabling ${1} will disable ${checks} (which have the same wrapper name)."
fi
else
wrapper="all"
fi
echo -n "> Confirm (y/N)? "
read -r answer
if [ "${answer}" != "Y" ] && [ "${answer}" != "y" ]; then
echo -e "${orange}Canceled.${nocolor}" && exit 0
fi
log "Action disable ${1} requested for ${duration} by user $(logname || echo unknown)."
alerts_switch disable "${wrapper}" --during "${duration}" --message "${message}"
if [ "${1}" != "all" ]; then
if [ "${n_checks}" -eq 1 ]; then
echo -e "${orange}Check ${1} alerts are now disabled for ${duration}.${nocolor}"
else
echo -e "${orange}Alerts are now disabled for ${duration} for checks: ${checks}.${nocolor}"
fi
else
echo -e "${orange}All alerts are now disabled for ${duration}.${nocolor}"
fi
}
function enable_alerts() {
# $1: check name, $2: enable message
alerts_switch_is_installed
if [ "${1}" != "all" ]; then
# Verify that check is not already enabled
is_disabled="$(is_disabled_check "${1}")"
if [ "${is_disabled}" = "False" ]; then
echo "${1} is already enabled, see 'monitoringctl status'"
exit 0
fi
fi
if [ -z "${2}" ]; then
echo -n "> Please provide an enable message (for logging): "
read -r message
echo ''
if [ -z "${message}" ]; then
error "${red}Error:${nocolor} disable message is mandatory."
fi
else
message="${2}"
fi
log "Action enable ${1} requested by user $(logname || echo unknown)."
if [ "${1}" != "all" ]; then
if is_check "${1}"; then
wrapper="$(get_check_wrapper_name "${1}")"
else
wrapper="${1}"
fi
checks="$(get_wrapper_checks "${wrapper}")"
n_checks="$(echo "${checks}" | wc -w)"
if [ "${n_checks}" -gt 1 ]; then
>&2 echo -e "${orange}Warning:${nocolor} because they have the same configuration, enabling ${1} will enable: ${checks}.\n"
log "Warning: check ${1} will enable ${checks} (which have the same wrapper name)."
fi
else
wrapper="all"
fi
alerts_switch enable "${wrapper}" --message "${message}"
if [ "${1}" != "all" ]; then
if [ "${n_checks}" -eq 1 ]; then
echo -e "${green}Check ${1} alerts are now enabled.${nocolor}"
else
echo -e "${green}Alerts are now enabled for checks: ${checks}.${nocolor}"
fi
else
echo -e "${green}All alerts are now enabled.${nocolor}"
fi
}
# Show NRPE command(s) configured for a check
function show_check_commands() {
# $1: check name
check_commands=$(get_check_commands "${1}")
if [ -z "${check_commands}" ]; then
usage_error "Error: no command found in NRPE configuration for check '${1}."
fi
n_commands="$(echo "${check_commands}" | wc -l)"
if [ "${n_commands}" -ne 1 ]; then
echo "Available commands (in config order, the last one overwrites the others):"
echo " $check_commands"
fi
check_command=$(echo "${check_commands}" | tail -n1)
echo "Command used by NRPE:"
echo " ${check_command}"
}
# Print a warning if some wrappers have the same name
# or if a name is different from the check.
function warn_wrapper_names() {
#$1: checks to verify
warned="False"
for check in ${1}; do
wrapper_name="$(get_check_wrapper_name "${check}")"
if [ -n "${wrapper_name}" ] && [ "${wrapper_name}" != "${check}" ]; then
>&2 echo -e "${orange}Warning:${nocolor} ${check} check has wrapper name ${wrapper_name}."
warned="True"
fi
done
if [ "${warned}" = "True" ]; then
>&2 echo -e "${orange}It is recommanded to name the wrappers the same as the checks.${nocolor}\n"
fi
}
# Print a warning if some checks are not wrapped
function warn_not_wrapped() {
#$1: checks to verify
unwrappeds="$(not_wrapped_checks)"
unwrapped_checks="$(comm -12 <(echo "${1}") <(echo "${unwrappeds}"))"
if [ -n "${unwrapped_checks}" ]; then
n_checks="$(echo "${1}" | wc -w)"
n_unwrapped="$(echo "${unwrapped_checks}" | wc -w)"
if [ "${n_unwrapped}" == "${n_checks}" ]; then
if [ "${n_unwrapped}" -eq 1 ]; then
error "${red}Error:${nocolor} ${1} check is not wrapped, it cannot be disabled."
else
error "${red}Error:${nocolor} these checks are not wrapped, they cannot be disabled: $(echo "${unwrapped_checks}" | xargs)"
fi
else
if [ "${n_unwrapped}" -eq 1 ]; then
>&2 echo -e "${orange}Warning:${nocolor} ${unwrapped_checks} check is not wrapped, it will not be disabled."
else
>&2 echo -e -n "${orange}Warning:${nocolor} some checks are not configured, they will not be disabled: $(echo "${unwrapped_checks}" | xargs)\n\n"
fi
fi
log "Warning: some checks have no alerts_wrapper, they will not be disabled: $(echo "${unwrapped_checks}" | xargs)"
fi
}
# Echo a message in a box
function echo_box() {
# $1: message
msg_len="${#1}"
line="$(printf '─%.0s' $(eval "echo {1.."${msg_len}"}"))"
cat <<EOF
┌${line}┐
│${1}│
└${line}┘
EOF
}
# Echo which checks are enabled or disabled and time left
function alerts_status() {
# $1: check name, "all" or empty
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
checks="$(get_checks_names)"
else
checks="${1}"
fi
warn_wrapper_names "${checks}"
header="Check\tStatus\tRe-enable time\tDisable message"
underline="-----\t------\t--------------\t---------------"
str_out="${header}\n${underline}\n"
for check in $checks; do
enable_str=""
status_str="Enabled"
disable_msg=""
if ! is_wrapped "${check}"; then
status_str="Not configured"
else
is_disabled="$(is_disabled_check "${check}")"
wrapper_name="$(get_check_wrapper_name "${check}")"
if [ "${is_disabled}" = "True" ]; then
status_str="Disabled"
enable_time="$(get_enable_time "${wrapper_name}")"
enable_delay="$(enable_delay "${enable_time}")"
delay_str="$(delay_to_string "${enable_delay}")"
enable_date="$(date --date "+${enable_delay} seconds" "+%d %h %Y at %H:%M:%S")"
enable_str="${enable_date} (${delay_str} left)"
disable_msg="$(get_disable_message "${wrapper_name}")"
fi
fi
case "${status_str}" in
"Enabled")
color="${green}"
;;
"Disabled")
color="${orange}"
;;
*)
color="${red}"
esac
str_out="${str_out}${color}${check}\t${status_str}${nocolor}\t${enable_str}\t${disable_msg}\n"
done
echo -e "${str_out}" | column -t -s $'\t'
}
### MAIN #########################################
# No root
if [ "$(id -u)" -ne 0 ]; then
>&2 echo "You need to be root (or use sudo) to run ${0}!"
exit 1
fi
# No argument
if [ "$#" = "0" ]; then
show_help
exit 1
fi
# Default arguments and options
action=""
message=""
duration="${default_disabled_time}"
bypass_nrpe="False"
default_duration="True"
# Parse arguments and options
while :; do
case "${1}" in
-h|-\?|--help)
show_help
exit 0;;
-V|--version)
show_version
exit 0;;
-b|--bypass-nrpe)
bypass_nrpe="True"
shift;;
-d|--during)
if [ "${default_duration}" = "False" ]; then
usage_error "Option --during: defined multiple times."
fi
if [ "$#" -lt 2 ]; then
usage_error "Option --during: missing value."
fi
if filter_duration "${2}"; then
duration="${2}"
else
usage_error "Option --during: \"${2}\" is not a valid duration."
fi
default_duration="False"
shift; shift;;
-m|--message)
if [ "$#" -lt 2 ]; then
usage_error "Option --message: missing message string."
fi
message="${2}"
shift; shift;;
status|check|enable|disable|show)
action="${1}"
shift;;
*)
if [ -z "${1}" ]; then
break
fi
case "${action}" in
status|check)
if is_check "${1}" || [ "${1}" = "all" ]; then
check_name="${1}"
else
usage_error "Action ${action}: unknown check '${1}'."
fi
;;
show)
if is_check "${1}"; then
check_name="${1}"
else
usage_error "Action ${action}: unknown check '${1}'."
fi
;;
enable|disable)
if is_wrapper "${1}" || is_check "${1}" || [ "${1}" = "all" ]; then
check_name="${1}"
else
# We use the word "check" for the end user,
# but this is actually "unknown wrapper"
usage_error "Action ${action}: unknown check '${1}'."
fi
;;
*)
usage_error "Missing or invalid ACTION argument."
;;
esac
shift;;
esac
done
if [ "$#" -gt 0 ]; then
usage_error "Too many arguments."
fi
case "${action}" in
disable|enable|show)
if [ -z "${check_name}" ]; then
usage_error "Action ${action}: missing CHECK_NAME argument."
fi
;;
esac
if [ ! "${action}" = "disable" ]; then
if [ "${default_duration}" = "False" ]; then
usage_error "Action ${action}: there is no --during option."
fi
fi
case "${action}" in
status)
alerts_status "${check_name}"
;;
check)
check "${check_name}"
;;
show)
show_check_commands "${check_name}"
;;
enable)
enable_alerts "${check_name}" "${message}"
;;
disable)
disable_alerts "${check_name}" "${message}"
;;
esac

292
nagios-nrpe/files/monitoringctl_common
View file

@ -1,292 +0,0 @@
#!/usr/bin/env bash
# Location of disable files
readonly var_dir="/var/lib/monitoringctl"
readonly log_file="/var/log/monitoringctl.log"
readonly nrpe_conf_path="/etc/nagios/nrpe.cfg"
debian_major_version="$(cut -d "." -f 1 < /etc/debian_version)"
readonly debian_major_version
# If no time limit is provided in CLI or found in file, this value is used
readonly default_disabled_time="1h"
_nrpe_conf_lines='' # populated at the end of the file
function error() {
# $1: error message
>&2 echo -e "${1}"
exit 1
}
function usage_error() {
# $1: error message
>&2 echo "${1}"
>&2 echo "Execute \"${PROGNAME} --help\" for information on usage."
exit 1
}
function log() {
# $1: message
echo "$(now_iso) - ${PROGNAME}: ${1}" >> "${log_file}"
}
function show_version() {
cat <<END
${PROGNAME} version ${VERSION}.
Copyright 2018-2024 Evolix <info@evolix.fr>,
Jérémy Lecour <jlecour@evolix.fr>
and others.
${PROGNAME} comes with ABSOLUTELY NO WARRANTY.This is free software,
and you are welcome to redistribute it under certain conditions.
See the GNU General Public License v3.0 for details.
END
}
# Fail if argument does not respect format: XwXdXhXmXs, XhX, XmX
function filter_duration() {
# $1: duration in format specified above
_time_regex="^([0-9]+d)?(([0-9]+h(([0-9]+m?)|([0-9]+m([0-9]+s?)?))?)|(([0-9]+m([0-9]+s?)?)?))?$"
if [[ "${1}" =~ ${_time_regex} ]]; then
return 0
fi
return 1
}
# Convert human writable duration into seconds
function time_to_seconds() {
# $1: formated time string
if echo "${1}" | grep -E -q '^([0-9]+[wdhms])+$'; then
echo "${1}" | sed 's/w/ * 604800 + /g; s/d/ * 86400 + /g; s/h/ * 3600 + /g; s/m/ * 60 + /g; s/s/ + /g; s/+ $//' | xargs expr
elif echo "${1}" | grep -E -q '^([0-9]+h[0-9]+$)'; then
echo "${1}" | sed 's/h/ * 3600 + /g; s/$/ * 60/' | xargs expr
elif echo "${1}" | grep -E -q '^([0-9]+m[0-9]+$)'; then
echo "${1}" | sed 's/m/ * 60 + /g' | xargs expr
else
error "Invalid duration: '${1}'."
fi
}
# Print re-enable time in secs
function get_enable_time() {
# $1: wrapper name
_disable_file_path="$(get_disable_file_path "${1}")"
if [ ! -e "${_disable_file_path}" ]; then
return
fi
_enable_secs="$(grep -v -E "^\s*#" "${_disable_file_path}" | sed '/^$/d' | head -n1 | awk '/^[0-9]+$/ {print $1}')"
# If file is empty, use file last change date plus default disabled time
if [ -z "${_enable_secs}" ]; then
_file_last_change_secs="$(stat -c %Z "${_disable_file_path}")"
_default_disabled_time_secs="$(time_to_seconds "${default_disabled_time}")"
_enable_secs="$(( _file_last_change_secs + _default_disabled_time_secs ))"
fi
echo "${_enable_secs}"
}
# Print disable message
function get_disable_message() {
# $1: wrapper name
_disable_file_path="$(get_disable_file_path "${1}")"
if [ ! -e "${_disable_file_path}" ]; then
return
fi
_disable_msg="$(sed '/^$/d' "${_disable_file_path}" | tail -n+2 | tr '\n' ' ' | awk '{$1=$1;print}')"
echo "${_disable_msg}"
}
function now_secs() {
date +"%s"
}
function now_iso() {
date --iso-8601=seconds
}
# Print delay before re-enable in secs
function enable_delay() {
# $1: re-enable time in secs
echo $(( ${1} - $(now_secs) ))
}
# Converts delay (in seconds) into human readable duration
function delay_to_string() {
# $1: delay in secs
_delay_days="$(( ${1} /86400 ))"
if [ "${_delay_days}" -eq 0 ]; then _delay_days=""
else _delay_days="${_delay_days}d"; fi
_delay_hours="$(( (${1} %86400) /3600 ))"
if [ "${_delay_hours}" -eq 0 ]; then _delay_hours=""
else _delay_hours="${_delay_hours}h"; fi
_delay_minutes="$(( ((${1} %86400) %3600) /60 ))"
if [ "${_delay_minutes}" -eq 0 ]; then _delay_minutes=""
else _delay_minutes="${_delay_minutes}m"; fi
_delay_seconds="$(( ((${1} %86400) %3600) %60 ))"
if [ "${_delay_seconds}" -eq 0 ]; then _delay_seconds=""
else _delay_seconds="${_delay_seconds}s"; fi
echo "${_delay_days}${_delay_hours}${_delay_minutes}${_delay_seconds}"
}
function is_disabled_check() {
# $1: check name
_wrapper="$(get_check_wrapper_name "${1}")"
is_disabled_wrapper "${_wrapper}"
}
function is_disabled_wrapper() {
# $1: wrapper name
_wrapper="${1}"
_disable_file_path="$(get_disable_file_path "${_wrapper}")"
if [ -e "${_disable_file_path}" ]; then
_enable_time="$(get_enable_time "${_wrapper}")"
_enable_delay="$(enable_delay "${_enable_time}")"
if [ "${_enable_delay}" -le "0" ]; then
echo "False"
else
echo "True"
fi
else
echo False
fi
}
function get_disable_file_path() {
# $1: wrapper name
echo "${var_dir}/${1}_alerts_disabled"
}
### Nagios configuration functions ####################
# Print NRPE configuration, with includes, without comments
# and in the same order than NRPE does (taking account that
# order changes from Deb10)
function get_nrpe_conf() {
echo "${_nrpe_conf_lines}"
}
# Private function to recursively get NRPE conf from file
function _get_conf_from_file() {
# $1: NRPE conf file (.cfg)
if [ ! -f "${1}" ]; then return; fi
_conf_lines=$(grep -E -R -v --no-filename "^\s*(#.*|)$" "${1}")
while read -r _line; do
if [[ "${_line}" =~ .*'include='.* ]]; then
_conf_file=$(echo "${_line}" | cut -d= -f2)
_get_conf_from_file "${_conf_file}"
elif [[ "${_line}" =~ .*'include_dir='.* ]]; then
_conf_dir=$(echo "${_line}" | cut -d= -f2)
_get_conf_from_dir "${_conf_dir}"
else
echo "${_line}"
fi
done <<< "${_conf_lines}"
}
# Private function to recursively get NRPE conf from directory
function _get_conf_from_dir() {
# $1: NRPE conf dir
if [ ! -d "${1}" ]; then return; fi
if [ "${debian_major_version}" -ge 10 ]; then
# From Deb10, NRPE use scandir() with alphasort() function
_sort_command="sort"
else
# Before Deb10, NRPE use loaddir(), like find utility
_sort_command="cat -"
fi
# Add conf files in dir to be processed recursively
for _file in $(find "${1}" -maxdepth 1 -name "*.cfg" 2> /dev/null | ${_sort_command}); do
if [ -f "${_file}" ]; then
_get_conf_from_file "${_file}"
elif [ -d "${_file}" ]; then
_get_conf_from_dir "${_file}"
fi
done
}
# Print the checks that are configured in NRPE
function get_checks_names() {
echo "${_nrpe_conf_lines}" | grep -E "command\[check_.*\]=" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq
}
# Print the commands defined for check $1 in NRPE configuration
function get_check_commands() {
# $1: check name
echo "${_nrpe_conf_lines}" | grep -E "command\[check_${1}\]" | cut -d'=' -f2-
}
# Print the checks that have no alerts_wrapper in NRPE configuration
function not_wrapped_checks() {
for _check in $(get_checks_names); do
if ! is_wrapped "${_check}"; then
echo "${_check}"
fi
done
}
# Fail if check is not wrapped
function is_wrapped() {
# $1: check name
_cmd=$(get_check_commands "${1}" | tail -n1)
if echo "${_cmd}" | grep --quiet --no-messages alerts_wrapper; then
return 0
fi
return 1
}
# Print the names that are defined in the wrappers of the checks
function get_wrappers_names() {
echo "${_nrpe_conf_lines}" | grep -s "alerts_wrapper" | awk '{ for (i=1 ; i<=NF; i++) { if ($i ~ /^(-n|--name)$/) { print $(i+1); break } } }' | tr ',' '\n' | sort | uniq
}
# Print the wrapper name of the check
function get_check_wrapper_name() {
# $1: check name
_cmd=$(get_check_commands "${1}" | tail -n1)
if echo "${_cmd}" | grep --quiet --no-messages alerts_wrapper; then
echo "${_cmd}" | awk '/--name/ {match($0, /--name\s*([a-zA-Z0-9_\-]*)\s*/, m); print m[1]}'
fi
}
function is_check() {
# $1: check name
_checks="$(get_checks_names)"
if echo "${_checks}" | grep --quiet -E "^${1}$"; then
return 0
fi
return 1
}
function is_wrapper() {
# $1: wrapper name
_wrappers="$(get_wrappers_names)"
if echo "${_wrappers}" | grep --quiet -E "^${1}$"; then
return 0
fi
return 1
}
# Print the checks that name this wrapper
function get_wrapper_checks() {
# $1: wrapper name
echo "${_nrpe_conf_lines}" | grep -E "command\[check_.*\]=" | grep -E "\-\-name\s*${1}" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq | xargs
}
# Load NRPE configuration
_nrpe_conf_lines="$(_get_conf_from_file "${nrpe_conf_path}")"

88
nagios-nrpe/files/monitoringctl_completion
View file

@ -1,88 +0,0 @@
#!/usr/bin/bash
#
function _get_wrappers_names() {
grep "alerts_wrapper" --no-filename --no-messages -R /etc/nagios/ | grep --invert-match --extended-regexp "^\s*#" | awk '{ for (i=1 ; i<=NF; i++) { if ($i ~ /^(-n|--name)$/) { print $(i+1); break } } }' | tr ',' '\n' | sort | uniq
}
function _get_checks_names() {
grep --extended-regexp --no-filename --no-messages -R "command\[check_.*\]=" /etc/nagios/ | grep --invert-match --extended-regexp "^\s*#" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq
}
function _monitoringctl_completion() {
local cur=${COMP_WORDS[COMP_CWORD]};
local prev=${COMP_WORDS[COMP_CWORD-1]};
local action=""
for w in "${COMP_WORDS[@]}"; do
case "$w" in
status|check|enable|disable|show)
action="${w}"
;;
esac
done
local words="--help"
case "${action}" in
check|show)
checks="$(_get_checks_names)"
check=""
for w in "${COMP_WORDS[@]}"; do
for c in ${checks}; do
if [ "${c}" == "${w}" ]; then
check="${w}"
break
fi
done
done
if [ -z "${check}" ]; then
words="${checks} ${words}"
fi
if [ "${action}" == "check" ]; then
words="all --bypass-nrpe ${words}"
fi
;;
status)
if [ "${prev}" == "enable" ]; then
words="all $(_get_checks_names)"
fi
;;
enable)
if [ "${prev}" == "enable" ]; then
words="all $(_get_wrappers_names)"
else
words="--comment ${words}"
fi
;;
disable)
if [ "${prev}" == "disable" ]; then
words="all $(_get_wrappers_names)"
elif [ "${prev}" == "-d" ] || [ "${prev}" == "--during" ]; then
words="1d 1d12h 1h 1h30m 1m 1m30s 30s"
else
words="--during --comment ${words}"
fi
;;
*)
words="status check enable disable show ${words}"
;;
esac
# Avoid double
opts=();
for i in ${words}; do
for j in "${COMP_WORDS[@]}"; do
if [[ "$i" == "$j" ]]; then
continue 2
fi
done
opts+=("$i")
done
COMPREPLY=($(compgen -W "${opts[*]}" -- "${cur}"))
return 0
}
complete -F _monitoringctl_completion monitoringctl

3
nagios-nrpe/tasks/main.yml
View file

@ -93,5 +93,4 @@
- ansible.builtin.include_tasks: wrapper.yml
- ansible.builtin.include_tasks: monitoringctl.yml
- ansible.builtin.include_tasks: check-local.yml

44
nagios-nrpe/tasks/monitoringctl.yml
View file

@ -1,44 +0,0 @@
---
- name: "Remount /usr if needed"
ansible.builtin.include_role:
name: remount-usr
- name: "dir /usr/local/lib/monitoringctl/ exists"
ansible.builtin.file:
path: /usr/local/lib/monitoringctl/
state: directory
mode: '0755'
- name: "monitoringctl is not in /usr/local/sbin/"
ansible.builtin.file:
path: /usr/local/sbin/monitoringctl
state: absent
- name: "copy monitoringctl"
ansible.builtin.copy:
src: monitoringctl
dest: /usr/local/bin/monitoringctl
owner: root
group: root
mode: "0750"
force: true
- name: "copy monitoringctl_common lib"
ansible.builtin.copy:
src: monitoringctl_common
dest: /usr/local/lib/monitoringctl/common
owner: root
group: root
mode: "0644"
force: true
- name: "copy monitoringctl_completion script"
ansible.builtin.copy:
src: monitoringctl_completion
dest: /etc/bash_completion.d/monitoringctl
owner: root
group: root
mode: "0644"
force: true

57
nagios-nrpe/tasks/wrapper.yml
View file

@ -1,21 +1,16 @@
---
- name: "Remount /usr if needed"
ansible.builtin.include_role:
name: remount-usr
- name: "dir /usr/local/lib/monitoringctl/ exists"
ansible.builtin.file:
path: /usr/local/lib/monitoringctl/
state: directory
mode: '0755'
- name: "check if old alerts_switch script is present"
- name: check if old script is present
ansible.builtin.stat:
path: /usr/share/scripts/alerts_switch
register: old_alerts_switch
- name: "alerts_switch is at the right place"
- name: alerts_switch is at the right place
ansible.builtin.command:
cmd: "mv /usr/share/scripts/alerts_switch /usr/local/bin/alerts_switch"
args:
@ -31,56 +26,18 @@
mode: "0750"
force: true
- name: "alerts_switch symlink for backward compatibility"
- name: "symlink for backward compatibility"
ansible.builtin.file:
src: /usr/local/bin/alerts_switch
path: /usr/share/scripts/alerts_switch
dest: /usr/share/scripts/alerts_switch
state: link
when: old_alerts_switch.stat.exists
- name: "Nagios user can run alerts_switch with sudo (used by alerts_wrapper)"
ansible.builtin.lineinfile:
path: /etc/sudoers.d/evolinux
regexp: "nagios.*alerts_switch"
line: "nagios ALL = NOPASSWD:/usr/local/bin/alerts_switch *"
owner: root
group: root
mode: "640"
validate: "visudo -c -f %s"
- name: "check if old alerts_wrapper script is present"
ansible.builtin.stat:
path: "{{ nagios_plugins_directory }}/alerts_wrapper"
register: old_alerts_wrapper
- name: "alerts_wrapper is at the right place"
ansible.builtin.command:
cmd: "mv {{ nagios_plugins_directory }}/alerts_wrapper /usr/local/lib/monitoringctl/alerts_wrapper"
creates: /usr/local/lib/monitoringctl/alerts_wrapper
when: old_alerts_wrapper.stat.exists
- name: "copy alerts_wrapper"
ansible.builtin.copy:
src: alerts_wrapper
dest: "/usr/local/lib/monitoringctl/alerts_wrapper"
dest: "{{ nagios_plugins_directory }}/alerts_wrapper"
owner: root
group: staff
mode: "0755"
force: true
- name: "alerts_wrapper symlink for backward compatibility"
ansible.builtin.file:
src: /usr/local/lib/monitoringctl/alerts_wrapper
path: "{{ nagios_plugins_directory }}/alerts_wrapper"
state: link
when: old_alerts_wrapper.stat.exists
- name: "copy monitoringctl_common lib"
ansible.builtin.copy:
src: monitoringctl_common
dest: /usr/local/lib/monitoringctl/common
owner: root
group: root
mode: "0644"
force: true
force: true