Compare commits
38 commits
stable
...
monitoring
Author | SHA1 | Date | |
---|---|---|---|
991ab56df9 | |||
c245eafa09 | |||
ccc7356ab0 | |||
d577cec1bd | |||
9f71320fe8 | |||
345ebfe6c4 | |||
af97f0a9d5 | |||
77f1d0d802 | |||
df607bc4ea | |||
7f8286808b | |||
102faae057 | |||
033f221a1c | |||
8f674a1657 | |||
f999278b4e | |||
09d12ee332 | |||
97223b6a84 | |||
c578543a2d | |||
1e0ed0a7b8 | |||
618819931a | |||
208c568bad | |||
759f591cb1 | |||
c977487675 | |||
e9443f5b5b | |||
f56f92322d | |||
aa4ff1124d | |||
afbc6efe4c | |||
Ludovic Poujol | c524ffb472 | ||
a7570a49a3 | |||
0589271110 | |||
1474f06927 | |||
114d857e89 | |||
aa13676cc4 | |||
f05a6aa25c | |||
56fbe99164 | |||
229d2f366e | |||
b7e24fc3ea | |||
de953a30db | |||
Jérémy Lecour | aea1404a21 |
12
CHANGELOG.md
12
CHANGELOG.md
|
@ -13,8 +13,18 @@ The **patch** part is incremented if multiple releases happen the same month
|
|||
|
||||
### Added
|
||||
|
||||
* bind: New variables to change IPs bind will listen on & send notify/transfer commands
|
||||
* evolinux-base: install evobackup-client (default: true)
|
||||
* munin: add linux_psi contrib plugin
|
||||
* evolinux-base: Create custom SSH configuration file
|
||||
* lxc: new lxc_template_mirror option (useful to get old Debian from archive.debian.org)
|
||||
|
||||
### Changed
|
||||
|
||||
* log2mail: task log2mail.yml of evolinux-base converted to a role
|
||||
* lxc-solr: update solr9 version + fix URL in README
|
||||
* evolinux-users, nagios-nrpe: sudoers conf for nagios splitted and moved from evolinux-users to nagios-nrpe
|
||||
|
||||
### Fixed
|
||||
|
||||
### Removed
|
||||
|
@ -29,6 +39,7 @@ The **patch** part is incremented if multiple releases happen the same month
|
|||
|
||||
### Changed
|
||||
|
||||
* certbot: allow haproxy deploy hook to work with evoacme too (using env variables)
|
||||
* evobackup-client: upstream release 24.05.1
|
||||
* evolinux-base: improve adding the current user to SSH AllowGroups of AllowUsers
|
||||
* evolinux-users: improve SSH configuration
|
||||
|
@ -38,6 +49,7 @@ The **patch** part is incremented if multiple releases happen the same month
|
|||
### Fixed
|
||||
|
||||
* apt: use archive.debian.org with Buster
|
||||
* fail2ban: remount-usr added because it is needed for last task
|
||||
|
||||
## [24.04] 2024-04-30
|
||||
|
||||
|
|
|
@ -1,12 +1,26 @@
|
|||
---
|
||||
bind_recursive_server: False
|
||||
bind_authoritative_server: True
|
||||
bind_chroot_set: True
|
||||
# Until chroot-bind.sh is migrated to ansible, we hardcode the chroot paths.
|
||||
#bind_chroot_path: /var/chroot-bind
|
||||
bind_recursive_server: false
|
||||
bind_authoritative_server: true
|
||||
bind_chroot_set: true
|
||||
|
||||
bind_systemd_service_path: /etc/systemd/system/bind9.service
|
||||
|
||||
bind_statistics_file: /var/run/named.stats
|
||||
bind_log_file: /var/log/bind.log
|
||||
bind_query_file: /var/log/bind_queries.log
|
||||
bind_query_file_enabled: False
|
||||
bind_query_file_enabled: false
|
||||
bind_cache_dir: /var/cache/bind
|
||||
|
||||
# String (bind syntax) of IPv4/ to listen on (or any by default)
|
||||
# eg. "192.0.2.1; 192.0.2.3" or all interfaces : "any ;"
|
||||
bind_listen_on_ipv4: "any;"
|
||||
|
||||
# String (bind syntax) of IPv6 to listen on (or any by default)
|
||||
# eg. "2001:db8::1; 2001:db8::42" or all interfaces : "any ;" or not at all "none;"
|
||||
bind_listen_on_ipv6: "any;"
|
||||
|
||||
# For server with multiples IP Adresses, enforce the usage of a specific IP for NOTIFY commands
|
||||
bind_notify_source: ''
|
||||
|
||||
# For server with multiples IP Adresses, enforce the usage of a specific IP for TRANSFER commands
|
||||
bind_transfer_source: ''
|
||||
|
|
|
@ -10,8 +10,15 @@ options {
|
|||
masterfile-format text;
|
||||
statistics-file "{{ bind_statistics_file }}";
|
||||
|
||||
listen-on-v6 { any; };
|
||||
listen-on { any; };
|
||||
listen-on { {{ bind_listen_on_ipv4 }} };
|
||||
listen-on-v6 { {{ bind_listen_on_ipv6 }} };
|
||||
|
||||
{% if bind_notify_source is defined and bind_notify_source|length %}
|
||||
notify-source {{ bind_notify_source }};
|
||||
{% endif %}
|
||||
{% if bind_transfer_source is defined and bind_transfer_source|length %}
|
||||
transfer-source {{ bind_transfer_source }};
|
||||
{% endif %}
|
||||
|
||||
allow-query { localhost; };
|
||||
allow-recursion { localhost; };
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
#!/bin/sh
|
||||
# /!\ MODIFIED to work with evoacme OR certbot
|
||||
private_keys_dirs="/etc/ssl/private" # Only used for evoacme
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
|
@ -13,7 +15,7 @@ daemon_found_and_running() {
|
|||
test -n "$(pidof haproxy)" && test -n "${haproxy_bin}"
|
||||
}
|
||||
found_renewed_lineage() {
|
||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${RENEWED_LINEAGE}/privkey.pem"
|
||||
test -f "${RENEWED_LINEAGE}/fullchain.pem" && test -f "${private_key}"
|
||||
}
|
||||
config_check() {
|
||||
${haproxy_bin} -c -f "${haproxy_config_file}" > /dev/null 2>&1
|
||||
|
@ -24,7 +26,7 @@ concat_files() {
|
|||
chown root: "${haproxy_cert_dir}"
|
||||
|
||||
debug "Concatenating certificate files to ${haproxy_cert_file}"
|
||||
cat "${RENEWED_LINEAGE}/fullchain.pem" "${RENEWED_LINEAGE}/privkey.pem" > "${haproxy_cert_file}"
|
||||
cat "${RENEWED_LINEAGE}/fullchain.pem" "${private_key}" > "${haproxy_cert_file}"
|
||||
chmod 600 "${haproxy_cert_file}"
|
||||
chown root: "${haproxy_cert_file}"
|
||||
}
|
||||
|
@ -58,10 +60,19 @@ main() {
|
|||
if daemon_found_and_running; then
|
||||
readonly haproxy_config_file="/etc/haproxy/haproxy.cfg"
|
||||
readonly haproxy_cert_dir=$(detect_haproxy_cert_dir)
|
||||
if [ -z "${EVOACME_VHOST_NAME}" ]; then
|
||||
# CERTBOT
|
||||
private_key=${RENEWED_LINEAGE}/privkey.pem
|
||||
cert_name=$(basename "${RENEWED_LINEAGE}")
|
||||
else
|
||||
# EVOACME
|
||||
private_key=${private_keys_dirs}/$(basename $(dirname ${RENEWED_LINEAGE})).key
|
||||
cert_name=$(basename $(dirname "${RENEWED_LINEAGE}"))
|
||||
fi
|
||||
|
||||
if found_renewed_lineage; then
|
||||
haproxy_cert_file="${haproxy_cert_dir}/$(basename "${RENEWED_LINEAGE}").pem"
|
||||
failed_cert_file="/root/$(basename "${RENEWED_LINEAGE}").failed.pem"
|
||||
haproxy_cert_file="${haproxy_cert_dir}/${cert_name}.pem"
|
||||
failed_cert_file="/root/${cert_name}.failed.pem"
|
||||
|
||||
concat_files
|
||||
|
||||
|
@ -77,7 +88,8 @@ main() {
|
|||
error "HAProxy config is broken, you must fix it !"
|
||||
fi
|
||||
else
|
||||
error "Couldn't find ${RENEWED_LINEAGE}/fullchain.pem or ${RENEWED_LINEAGE}/privkey.pem"
|
||||
|
||||
error "Couldn't find ${RENEWED_LINEAGE}/fullchain.pem or "${private_key}""
|
||||
fi
|
||||
else
|
||||
debug "HAProxy is not running or missing. Skip."
|
||||
|
@ -91,3 +103,4 @@ readonly QUIET=${QUIET:-"0"}
|
|||
readonly haproxy_bin=$(command -v haproxy)
|
||||
|
||||
main
|
||||
|
||||
|
|
|
@ -243,3 +243,6 @@ evolinux_utils_include: True
|
|||
|
||||
# Autosysadmin
|
||||
evolinux_autosysadmin_include: false
|
||||
|
||||
# Evobackup client
|
||||
evolinux_evobackup_client_include: True
|
||||
|
|
|
@ -74,11 +74,6 @@
|
|||
name: postfix
|
||||
state: reloaded
|
||||
|
||||
- name: restart log2mail
|
||||
ansible.builtin.service:
|
||||
name: log2mail
|
||||
state: restarted
|
||||
|
||||
- name: restart systemd-journald
|
||||
ansible.builtin.service:
|
||||
name: systemd-journald.service
|
||||
|
|
|
@ -116,7 +116,8 @@
|
|||
when: evolinux_provider_orange_fce_include | bool
|
||||
|
||||
- name: Override Log2mail service
|
||||
ansible.builtin.import_tasks: log2mail.yml
|
||||
ansible.builtin.include_role:
|
||||
name: evolix/log2mail
|
||||
when: evolinux_log2mail_include | bool
|
||||
|
||||
- ansible.builtin.import_tasks: motd.yml
|
||||
|
@ -158,6 +159,11 @@
|
|||
name: 'evolix/autosysadmin-restart_nrpe'
|
||||
when: evolinux_autosysadmin_include | bool
|
||||
|
||||
- name: Evobackup (client)
|
||||
ansible.builtin.include_role:
|
||||
name: 'evolix/evobackup-client'
|
||||
when: evolinux_evobackup_client_include | bool
|
||||
|
||||
- name: fail2ban
|
||||
ansible.builtin.include_role:
|
||||
name: evolix/fail2ban
|
||||
|
|
|
@ -16,6 +16,14 @@
|
|||
dest: /etc/ssh/sshd_config.d/z-evolinux-defaults.conf
|
||||
mode: "0644"
|
||||
|
||||
- name: create custom SSH server configuration file
|
||||
ansible.builtin.file:
|
||||
path: /etc/ssh/sshd_config.d/zzz-evolinux-custom.conf
|
||||
state: touch
|
||||
mode: "0644"
|
||||
modification_time: preserve
|
||||
access_time: preserve
|
||||
|
||||
# Should we allow the current user?
|
||||
- name: Allow the current user
|
||||
block:
|
||||
|
|
|
@ -2,33 +2,5 @@ Defaults umask=0077
|
|||
|
||||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh
|
||||
|
||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php56/rootfs/etc/php5/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php70/rootfs/etc/php/7.0/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php73/rootfs/etc/php/7.3/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php74/rootfs/etc/php/7.4/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/sbin/megaclisas-status --nagios
|
||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ipmi_sensor
|
||||
nagios ALL = NOPASSWD: /sbin/dmsetup status --noflush
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -PDList -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -LdInfo -Lall -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -AdpBbuCmd -GetBbuStatus -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/ssacli controller all show status
|
||||
nagios ALL = NOPASSWD: /sbin/ssacli controller slot=0 logicaldrive all show
|
||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o blk
|
||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o vd
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_gluster.rb
|
||||
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||
|
||||
%{{ evolinux_sudo_group }} ALL=(ALL:ALL) ALL
|
||||
%{{ evolinux_sudo_group }} ALL = NOPASSWD: MAINT
|
||||
|
|
|
@ -3,13 +3,5 @@ Defaults umask=0077
|
|||
Cmnd_Alias MAINT = /usr/share/scripts/evomaintenance.sh, /usr/share/scripts/listupgrade.sh
|
||||
User_Alias ADMINS = {{ user.name }}
|
||||
|
||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||
|
||||
ADMINS ALL = (ALL:ALL) ALL
|
||||
ADMINS ALL = NOPASSWD: MAINT
|
||||
|
|
|
@ -112,6 +112,9 @@
|
|||
tags:
|
||||
- fail2ban
|
||||
|
||||
- include_role:
|
||||
name: evolix/remount-usr
|
||||
|
||||
- name: Script unban_ip is installed
|
||||
ansible.builtin.copy:
|
||||
src: unban_ip.sh
|
||||
|
|
|
@ -75,7 +75,7 @@
|
|||
- name: NRPE check is configured
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/nagios/nrpe.d/evolix.cfg
|
||||
line: 'command[check_fluentd]=/usr/lib/nagios/plugins/check_tcp -p {{ fluentd_port }}'
|
||||
line: 'command[check_fluentd]=/usr/local/lib/monitoringctl/alerts_wrapper --name fluentd /usr/lib/nagios/plugins/check_tcp -p {{ fluentd_port }}'
|
||||
notify: "restart nagios-nrpe-server"
|
||||
tags:
|
||||
- fluentd
|
||||
|
|
|
@ -36,7 +36,7 @@
|
|||
ansible.builtin.lineinfile:
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
regexp: 'command\[check_keepalived\]'
|
||||
replace: 'command[check_keepalived]=/usr/local/lib/nagios/plugins/check_keepalived'
|
||||
replace: 'command[check_keepalived]=/usr/local/lib/monitoringctl/alerts_wrapper --name keepalived /usr/local/lib/nagios/plugins/check_keepalived'
|
||||
notify: restart nagios-nrpe-server
|
||||
tags:
|
||||
- keepalived
|
||||
|
|
3
log2mail/defaults/main.yml
Normal file
3
log2mail/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
log2mail_alert_email: Null
|
||||
general_alert_email: "root@localhost"
|
5
log2mail/handlers/main.yml
Normal file
5
log2mail/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: restart log2mail
|
||||
ansible.builtin.service:
|
||||
name: log2mail
|
||||
state: restarted
|
|
@ -23,18 +23,14 @@
|
|||
marker: "# {mark} ANSIBLE MANAGED RULES FOR DEFAULT INSTANCE"
|
||||
state: absent
|
||||
notify: restart log2mail
|
||||
tags:
|
||||
- log2mail
|
||||
|
||||
- name: log2mail evolinux-defaults config is present
|
||||
ansible.builtin.template:
|
||||
src: log2mail/evolinux-defaults.j2
|
||||
src: evolinux-defaults.j2
|
||||
dest: /etc/log2mail/config/evolinux-defaults
|
||||
owner: log2mail
|
||||
group: adm
|
||||
mode: "0640"
|
||||
force: yes
|
||||
notify: restart log2mail
|
||||
tags:
|
||||
- log2mail
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install --yes --force-yes php5-fpm php5-cli php5-gd php5-imap php5-ldap php5-mcrypt php5-mysql php5-pgsql php5-sqlite php-gettext php5-intl php5-curl php5-ssh2 libphp-phpmailer"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||
ansible.builtin.template:
|
||||
src: z-evolinux-defaults.ini.j2
|
||||
dest: "{{ line_item }}"
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
---
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mcrypt php-mysql php-pgsql php-sqlite3 php-gettext php-curl php-ssh2 php-zip php-mbstring composer libphp-phpmailer"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||
ansible.builtin.template:
|
||||
src: z-evolinux-defaults.ini.j2
|
||||
dest: "{{ line_item }}"
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
---
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||
|
||||
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
||||
- name: "{{ lxc_php_container_name }} - fix bullseye repository"
|
||||
ansible.builtin.replace:
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||
regexp: 'bullseye/updates'
|
||||
replace: 'bullseye-security'
|
||||
|
||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||
ansible.builtin.template:
|
||||
src: z-evolinux-defaults.ini.j2
|
||||
dest: "{{ line_item }}"
|
||||
|
|
|
@ -5,18 +5,18 @@
|
|||
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
||||
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install dependency packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install dependency packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
||||
|
||||
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
||||
- name: "{{ lxc_php_container_name }} - fix bullseye repository"
|
||||
ansible.builtin.replace:
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||
regexp: 'bullseye/updates'
|
||||
replace: 'bullseye-security'
|
||||
|
||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
||||
- name: "{{ lxc_php_container_name }} - Add sury repo"
|
||||
ansible.builtin.lineinfile:
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
|
||||
line: "{{ item }}"
|
||||
|
@ -51,17 +51,17 @@
|
|||
owner: root
|
||||
group: root
|
||||
|
||||
- name: "{{ lxc_php_version }} - Update APT cache"
|
||||
- name: "{{ lxc_php_container_name }} - Update APT cache"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||
ansible.builtin.template:
|
||||
src: z-evolinux-defaults.ini.j2
|
||||
dest: "{{ line_item }}"
|
||||
|
|
|
@ -4,18 +4,18 @@
|
|||
ansible.builtin.set_fact:
|
||||
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install dependency packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install dependency packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
||||
|
||||
- name: "{{ lxc_php_version }} - fix bullseye repository"
|
||||
- name: "{{ lxc_php_container_name }} - fix bullseye repository"
|
||||
ansible.builtin.replace:
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||
regexp: 'bullseye/updates'
|
||||
replace: 'bullseye-security'
|
||||
|
||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
||||
- name: "{{ lxc_php_container_name }} - Add sury repo"
|
||||
ansible.builtin.lineinfile:
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
|
||||
line: "{{ item }}"
|
||||
|
@ -50,17 +50,17 @@
|
|||
owner: root
|
||||
group: root
|
||||
|
||||
- name: "{{ lxc_php_version }} - Update APT cache"
|
||||
- name: "{{ lxc_php_container_name }} - Update APT cache"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||
ansible.builtin.template:
|
||||
src: z-evolinux-defaults.ini.j2
|
||||
dest: "{{ line_item }}"
|
||||
|
|
|
@ -4,24 +4,24 @@
|
|||
ansible.builtin.set_fact:
|
||||
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install dependency packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install dependency packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
||||
|
||||
- name: "{{ lxc_php_version }} - delete sources.list bookworm repository"
|
||||
- name: "{{ lxc_php_container_name }} - delete sources.list bookworm repository"
|
||||
ansible.builtin.file:
|
||||
path: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||
state: absent
|
||||
|
||||
- name: "{{ lxc_php_version }} - system bookworm repository"
|
||||
- name: "{{ lxc_php_container_name }} - system bookworm repository"
|
||||
ansible.builtin.template:
|
||||
src: bookworm_basics.sources.j2
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
|
||||
force: true
|
||||
mode: "0644"
|
||||
|
||||
- name: "{{ lxc_php_version }} - security bookworm repository"
|
||||
- name: "{{ lxc_php_container_name }} - security bookworm repository"
|
||||
ansible.builtin.template:
|
||||
src: bookworm_security.sources.j2
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
|
||||
|
@ -44,17 +44,17 @@
|
|||
owner: root
|
||||
group: root
|
||||
|
||||
- name: "{{ lxc_php_version }} - Update APT cache"
|
||||
- name: "{{ lxc_php_container_name }} - Update APT cache"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||
ansible.builtin.template:
|
||||
src: z-evolinux-defaults.ini.j2
|
||||
dest: "{{ line_item }}"
|
||||
|
|
|
@ -4,38 +4,38 @@
|
|||
ansible.builtin.set_fact:
|
||||
lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install dependency packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install dependency packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"
|
||||
|
||||
- name: "{{ lxc_php_version }} - delete sources.list bookworm repository"
|
||||
- name: "{{ lxc_php_container_name }} - delete sources.list bookworm repository"
|
||||
ansible.builtin.file:
|
||||
path: "{{ lxc_rootfs }}/etc/apt/sources.list"
|
||||
state: absent
|
||||
|
||||
- name: "{{ lxc_php_version }} - system bookworm repository"
|
||||
- name: "{{ lxc_php_container_name }} - system bookworm repository"
|
||||
ansible.builtin.template:
|
||||
src: bookworm_basics.sources.j2
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
|
||||
force: true
|
||||
mode: "0644"
|
||||
|
||||
- name: "{{ lxc_php_version }} - security bookworm repository"
|
||||
- name: "{{ lxc_php_container_name }} - security bookworm repository"
|
||||
ansible.builtin.template:
|
||||
src: bookworm_security.sources.j2
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
|
||||
force: true
|
||||
mode: "0644"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Add sury repo"
|
||||
- name: "{{ lxc_php_container_name }} - Add sury repo"
|
||||
ansible.builtin.template:
|
||||
src: sury.sources.j2
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.sources"
|
||||
force: true
|
||||
mode: "0644"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Add sury failsafe repo"
|
||||
- name: "{{ lxc_php_container_name }} - Add sury failsafe repo"
|
||||
ansible.builtin.template:
|
||||
src: evolix_sury.sources.j2
|
||||
dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/evolix_sury.sources"
|
||||
|
@ -66,17 +66,17 @@
|
|||
owner: root
|
||||
group: root
|
||||
|
||||
- name: "{{ lxc_php_version }} - Update APT cache"
|
||||
- name: "{{ lxc_php_container_name }} - Update APT cache"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt update"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Install PHP packages"
|
||||
- name: "{{ lxc_php_container_name }} - Install PHP packages"
|
||||
community.general.lxc_container:
|
||||
name: "{{ lxc_php_version }}"
|
||||
name: "{{ lxc_php_container_name }}"
|
||||
container_command: "DEBIAN_FRONTEND=noninteractive apt install -y php-fpm php-cli php-gd php-intl php-imap php-ldap php-mysql php-pgsql php-sqlite3 php-curl php-zip php-mbstring php-xml php-zip composer libphp-phpmailer"
|
||||
|
||||
- name: "{{ lxc_php_version }} - Copy evolinux PHP configuration"
|
||||
- name: "{{ lxc_php_container_name }} - Copy evolinux PHP configuration"
|
||||
ansible.builtin.template:
|
||||
src: z-evolinux-defaults.ini.j2
|
||||
dest: "{{ line_item }}"
|
||||
|
|
|
@ -15,7 +15,7 @@ Since this role depend on the lxc role, please refer to it for a full variable l
|
|||
* `lxc_containers`: list of LXC containers to create. Default: `[]` (empty).
|
||||
* `name`: name of the LXC container to create.
|
||||
* `release`: Debian version to install
|
||||
* `solr_version`: Solr version to install *(refer to https://archive.apache.org/dist/lucene/solr/ for a full version list)*
|
||||
* `solr_version`: Solr version to install *(refer to https://archive.apache.org/dist/solr/solr/ for a full version list)*
|
||||
* `solr_port`: port for Solr to listen on
|
||||
Eg.:
|
||||
```
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
# solr_port: 8985
|
||||
# - name: solr9
|
||||
# release: bullseye
|
||||
# solr_version: 9.0.0
|
||||
# solr_version: 9.6.1
|
||||
# solr_port: 8985
|
||||
lxc_containers: []
|
||||
|
||||
|
|
|
@ -8,6 +8,10 @@ lxc_network_type: "none"
|
|||
# Partition to bind mount into containers.
|
||||
lxc_mount_part: "/home"
|
||||
|
||||
# Mirror URL (optionnal).
|
||||
# For old Debian, use https://archive.debian.org/debian/
|
||||
lxc_template_mirror: ""
|
||||
|
||||
# List of LXC containers to create.
|
||||
# Eg.:
|
||||
# lxc_containers:
|
||||
|
|
|
@ -6,13 +6,16 @@
|
|||
check_mode: no
|
||||
register: container_exists
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
lxc_template_mirror_option: "{{ '--mirror ' + lxc_template_mirror if lxc_template_mirror != '' else '' }}"
|
||||
|
||||
- name: "Create container {{ name }}"
|
||||
community.general.lxc_container:
|
||||
name: "{{ name }}"
|
||||
container_log: true
|
||||
template: debian
|
||||
state: stopped
|
||||
template_options: "--arch amd64 --release {{ release }}"
|
||||
template_options: "--arch amd64 --release {{ release }} {{ lxc_template_mirror_option }}"
|
||||
when: container_exists.stdout_lines | length == 0
|
||||
|
||||
- name: "Disable network configuration inside container {{ name }}"
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
ansible.builtin.lineinfile:
|
||||
name: /etc/nagios/nrpe.d/evolix.cfg
|
||||
regexp: '^command\[check_memcached\]='
|
||||
line: 'command[check_memcached]=/usr/local/lib/nagios/plugins/check_memcached.pl -H 127.0.0.1 -p {{ memcached_port }}'
|
||||
line: 'command[check_memcached]=/usr/local/lib/monitoringctl/alerts_wrapper --name memcached /usr/local/lib/nagios/plugins/check_memcached.pl -H 127.0.0.1 -p {{ memcached_port }}'
|
||||
notify: restart nagios-nrpe-server
|
||||
when: memcached_instance_name | length == 0
|
||||
|
||||
|
@ -42,7 +42,7 @@
|
|||
ansible.builtin.lineinfile:
|
||||
name: /etc/nagios/nrpe.d/evolix.cfg
|
||||
regexp: '^command\[check_memcached\]='
|
||||
line: 'command[check_memcached]=/usr/local/lib/nagios/plugins/check_memcached_instances'
|
||||
line: 'command[check_memcached]=/usr/local/lib/monitoringctl/alerts_wrapper --name memcached /usr/local/lib/nagios/plugins/check_memcached_instances'
|
||||
notify: restart nagios-nrpe-server
|
||||
when: memcached_instance_name | length > 0
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@
|
|||
ansible.builtin.lineinfile:
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
regexp: 'command\[check_minifirewall\]'
|
||||
line: 'command[check_minifirewall]=sudo {{ nagios_plugins_directory }}/check_minifirewall'
|
||||
line: 'command[check_minifirewall]=/usr/local/lib/monitoringctl/alerts_wrapper --name minifirewall sudo {{ nagios_plugins_directory }}/check_minifirewall'
|
||||
notify: restart nagios-nrpe-server
|
||||
when: nrpe_evolix_cfg.stat.exists
|
||||
|
||||
|
|
360
munin/files/plugins/linux-psi
Normal file
360
munin/files/plugins/linux-psi
Normal file
|
@ -0,0 +1,360 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
: << =cut
|
||||
|
||||
=head1 NAME
|
||||
|
||||
linux_psi - Plugin to monitor the pressure stall information for CPU, Memory and
|
||||
IO as reported by the Linux kernel.
|
||||
|
||||
This plugin monitors the pressure stall information (psi) as reported by the
|
||||
Linux Kernel. By default it reports all average intervals (10 seconds,
|
||||
60 seconds and 300 seconds) as well as the total values as a rate of change
|
||||
(DERIVE) for all resources (cpu, memory, io). The average intervals can be
|
||||
configured if you only deem some of them useful. See CONFIGURATION for
|
||||
explanations on that.
|
||||
|
||||
This is a multigraph plugin that, by default, will create six detail graphs and
|
||||
one summary graph (so seven in total). The summary graph will contain the 300
|
||||
seconds average percentages of all resources. The detail graphs are split in two
|
||||
graphs per resource. One combining all average intervals and one for the
|
||||
"totals" (rate of change) for the given resource.
|
||||
|
||||
There are no defaults for warnings and criticals, because this highly depends on
|
||||
the system, so you need to configure them yourself (if you want any). It is
|
||||
recommended that you first lookup the meaning of the different values.
|
||||
|
||||
For more information on psi see:
|
||||
https://www.kernel.org/doc/html/latest/accounting/psi.html
|
||||
|
||||
=head1 CONFIGURATION
|
||||
|
||||
Simply create a symlink in your plugins directory like with any other plugin.
|
||||
No additional configuration needed, no specific user required (typically).
|
||||
|
||||
If you want to configure alerts, just add "warn_" or "crit_" in front of the
|
||||
internal name.
|
||||
|
||||
Optional configuration examples:
|
||||
|
||||
[linux_psi]
|
||||
env.resources cpu io memory - Specify the resources to monitor. Leave one
|
||||
out if you don't want this one to be
|
||||
monitored.
|
||||
env.intervals avg10 avg60 avg300 - Sepcify the average intervals to monitor.
|
||||
Leave one out if you don't want this one to
|
||||
be monitored
|
||||
env.scopes some full - Specify the scopes to monitor. Leave one out
|
||||
If you don't want it to be monitored.
|
||||
env.summary_interval avg300 - Specify the interval to be used for the
|
||||
summary-graph.
|
||||
env.warn_psi_cpu_avg300_some 5 - Set a warning-level of 5 for
|
||||
"psi_cpu_avg300_some"
|
||||
env.crit_psi_io_total_full 2000 - Set a critical-level of 2000 for
|
||||
"psi_io_total_full"
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
2022, HaseHarald
|
||||
|
||||
=head1 LICENSE
|
||||
|
||||
LGPLv3
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
=head1 TODO
|
||||
|
||||
=head1 MAGIC MARKERS
|
||||
|
||||
#%# family=auto
|
||||
#%# capabilities=autoconf
|
||||
|
||||
=cut
|
||||
|
||||
|
||||
# This file contains a munin-plugin to graph the psi (pressure) for CPU, Memory
|
||||
# and IO, as reported by the Linux kernel.
|
||||
#
|
||||
# This is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Lesser General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Lesser General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Lesser General Public License
|
||||
# along with this plugin. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
|
||||
resource_defaults=('cpu' 'io' 'memory')
|
||||
interval_defaults=('avg10' 'avg60' 'avg300')
|
||||
scope_defaults=('some' 'full')
|
||||
pressure_dir=${pressure_dir:-'/proc/pressure/'}
|
||||
pressure_resources=( "${resources[@]:-${resource_defaults[@]}}" )
|
||||
pressure_intervals=( "${intervals[@]:-${interval_defaults[@]}}" )
|
||||
pressure_scopes=( "${scopes[@]:-${scope_defaults[@]}}" )
|
||||
summary_interval="${summary_interval:-avg300}"
|
||||
|
||||
check_autoconf() {
|
||||
if [ -d "${pressure_dir}" ]; then
|
||||
printf "yes\n"
|
||||
else
|
||||
printf "no (%s not found)\n" "${pressure_dir}"
|
||||
fi
|
||||
}
|
||||
|
||||
get_pressure_value() {
|
||||
local resource
|
||||
local interval
|
||||
local scope
|
||||
|
||||
resource="$1"
|
||||
interval="$2"
|
||||
scope="${3:-some}"
|
||||
|
||||
grep "$scope" "${pressure_dir}/${resource}" | grep -o -E "${interval}=[0-9]{1,}(\.[0-9]{1,}){0,1}" | cut -d '=' -f 2
|
||||
}
|
||||
|
||||
get_printable_name() {
|
||||
local kind
|
||||
local value
|
||||
local printable_name
|
||||
kind="$1"
|
||||
value="$2"
|
||||
printable_name=""
|
||||
|
||||
case "$kind" in
|
||||
|
||||
interval)
|
||||
case "$interval" in
|
||||
avg10)
|
||||
printable_name="10sec"
|
||||
;;
|
||||
avg60)
|
||||
printable_name="60sec"
|
||||
;;
|
||||
avg300)
|
||||
printable_name="5min"
|
||||
;;
|
||||
total)
|
||||
printable_name="Total"
|
||||
;;
|
||||
*)
|
||||
printf "ERROR: Could not determine interval %s ! Must be one of 'avg10' 'avg60' 'avg300' 'total'\n" "$value" >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
||||
scope)
|
||||
case "$value" in
|
||||
some)
|
||||
printable_name="Some"
|
||||
;;
|
||||
full)
|
||||
printable_name="Full"
|
||||
;;
|
||||
*)
|
||||
printf "ERROR: Could not determine scope %s ! Must be one of 'full' 'some'.\n" "$value" >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
||||
resource)
|
||||
case "$value" in
|
||||
cpu)
|
||||
printable_name="CPU"
|
||||
;;
|
||||
io)
|
||||
printable_name="IO"
|
||||
;;
|
||||
memory)
|
||||
printable_name="Memory"
|
||||
;;
|
||||
*)
|
||||
printf "ERROR: Could not determine resource-type %s ! Must be one of 'cpu' 'io' 'memory'.\n" "$value" >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
||||
*)
|
||||
printf "ERROR: Could not determine kind %s ! Must be one of 'interval' 'scope' 'resource'\n" "$kind" >&2
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
|
||||
printf "%s" "$printable_name"
|
||||
}
|
||||
|
||||
iterate_config() {
|
||||
for resource in "${pressure_resources[@]}"; do
|
||||
local printable_resource
|
||||
printable_resource=$( get_printable_name resource "$resource" )
|
||||
printf "multigraph linux_psi.%s_avg\n" "$resource"
|
||||
printf "graph_title %s Pressure Stall Information - Average\n" "$printable_resource"
|
||||
printf "graph_category system\n"
|
||||
printf "graph_info Average PSI based latency caused by lack of %s resources.\n" "$printable_resource"
|
||||
printf "graph_vlabel %%\n"
|
||||
printf "graph_scale no\n"
|
||||
for interval in "${pressure_intervals[@]}"; do
|
||||
local printable_interval
|
||||
printable_interval=$( get_printable_name interval "$interval" )
|
||||
output_config "$resource" "$interval"
|
||||
done
|
||||
echo ""
|
||||
done
|
||||
|
||||
for resource in "${pressure_resources[@]}"; do
|
||||
local interval
|
||||
local printable_resource
|
||||
interval="total"
|
||||
printable_resource=$( get_printable_name resource "$resource" )
|
||||
|
||||
printf "multigraph linux_psi.%s_total\n" "$resource"
|
||||
printf "graph_title %s Pressure Stall Information - Rate\n" "$printable_resource"
|
||||
printf "graph_category system\n"
|
||||
printf "graph_info Total PSI based latency rate caused by lack of %s resources.\n" "$printable_resource"
|
||||
printf "graph_vlabel rate\n"
|
||||
output_config "$resource" "$interval"
|
||||
echo ""
|
||||
done
|
||||
|
||||
printf "multigraph linux_psi\n"
|
||||
printf "graph_title Pressure Stall Information - Average\n"
|
||||
printf "graph_vlabel %%\n"
|
||||
printf "graph_scale no\n"
|
||||
printf "graph_category system\n"
|
||||
printf "graph_info Average PSI based latency caused by lack of resources.\n"
|
||||
for resource in "${pressure_resources[@]}"; do
|
||||
output_config "$resource" "$summary_interval"
|
||||
done
|
||||
echo ""
|
||||
}
|
||||
|
||||
iterate_values() {
|
||||
for resource in "${pressure_resources[@]}"; do
|
||||
printf "multigraph linux_psi.%s_avg\n" "$resource"
|
||||
for interval in "${pressure_intervals[@]}"; do
|
||||
output_values "$resource" "$interval"
|
||||
done
|
||||
echo ""
|
||||
done
|
||||
|
||||
for resource in "${pressure_resources[@]}"; do
|
||||
local interval
|
||||
interval="total"
|
||||
printf "multigraph linux_psi.%s_total\n" "$resource"
|
||||
output_values "$resource" "$interval"
|
||||
echo ""
|
||||
done
|
||||
|
||||
printf "multigraph linux_psi\n"
|
||||
for resource in "${pressure_resources[@]}"; do
|
||||
output_values "$resource" "$summary_interval"
|
||||
done
|
||||
echo ""
|
||||
}
|
||||
|
||||
output_config() {
|
||||
local resource
|
||||
local interval
|
||||
local printable_resource
|
||||
local printable_interval
|
||||
|
||||
resource="$1"
|
||||
interval="$2"
|
||||
printable_resource=$( get_printable_name resource "$resource" )
|
||||
printable_interval=$( get_printable_name interval "$interval" )
|
||||
|
||||
for scope in "${pressure_scopes[@]}"; do
|
||||
if [ "${resource}" == "cpu" ] && [ "${scope}" != "some" ]; then
|
||||
continue
|
||||
else
|
||||
local printable_scope
|
||||
local this_warn_var
|
||||
local this_crit_var
|
||||
|
||||
printable_scope=$( get_printable_name scope "$scope" )
|
||||
this_warn_var=$( echo "warn_psi_${resource}_${interval}_${scope}" | sed 's/[^A-Za-z0-9_]/_/g' )
|
||||
this_crit_var=$( echo "crit_psi_${resource}_${interval}_${scope}" | sed 's/[^A-Za-z0-9_]/_/g' )
|
||||
|
||||
printf "psi_%s_%s_%s.min 0\n" "$resource" "$interval" "$scope"
|
||||
printf "psi_%s_%s_%s.label %s %s %s\n" "$resource" "$interval" "$scope" "$printable_resource" "$printable_interval" "$printable_scope"
|
||||
if [ -n "${!this_warn_var}" ]; then
|
||||
printf "psi_%s_%s_%s.warning %s\n" "$resource" "$interval" "$scope" "${!this_warn_var}"
|
||||
fi
|
||||
if [ -n "${!this_crit_var}" ]; then
|
||||
printf "psi_%s_%s_%s.critical %s\n" "$resource" "$interval" "$scope" "${!this_crit_var}"
|
||||
fi
|
||||
if [ "$interval" == "total" ]; then
|
||||
printf "psi_%s_%s_%s.type DERIVE\n" "$resource" "$interval" "$scope"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
output_values() {
|
||||
local resource
|
||||
local interval
|
||||
resource="$1"
|
||||
interval="$2"
|
||||
|
||||
for scope in "${pressure_scopes[@]}"; do
|
||||
if [ "${resource}" == "cpu" ] && [ "${scope}" != "some" ]; then
|
||||
continue
|
||||
else
|
||||
printf "psi_%s_%s_%s.value %s\n" "$resource" "$interval" "$scope" "$(get_pressure_value "$resource" "$interval" "$scope")"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
output_usage() {
|
||||
printf >&2 "%s - munin plugin to graph pressure stall information for CPU, Memory and IO as reported by the Linux kernel.\n" "${0##*/}"
|
||||
printf >&2 "Usage: %s [config]\n" "${0##*/}"
|
||||
printf >&2 "You may use environment settings in a plugin-config file, used by munin (for example /etc/munin/plugin-conf.d/munin-node) to further adjust settings.\n"
|
||||
printf >&2 "You can use these settings to configure which resources, intervals or scopes are monitored or to configure warning and critical levels.\n"
|
||||
printf >&2 "To do so use a syntax like this:\n"
|
||||
printf >&2 "[linux_psi]\n"
|
||||
printf >&2 "env.resources cpu io memory\n"
|
||||
printf >&2 "env.intervals avg10 avg60 avg300\n"
|
||||
printf >&2 "env.scopes some full\n"
|
||||
printf >&2 "env.summary_interval avg300\n"
|
||||
printf >&2 "env.warn_psi_cpu_avg300_some 5\n"
|
||||
printf >&2 "env.crit_psi_io_total_full 2000\n"
|
||||
}
|
||||
|
||||
case "$#" in
|
||||
0)
|
||||
iterate_values
|
||||
;;
|
||||
|
||||
1)
|
||||
case "$1" in
|
||||
autoconf)
|
||||
check_autoconf
|
||||
;;
|
||||
config)
|
||||
iterate_config
|
||||
;;
|
||||
fetch)
|
||||
iterate_values
|
||||
;;
|
||||
*)
|
||||
output_usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
||||
*)
|
||||
output_usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
|
@ -46,6 +46,7 @@
|
|||
dest: '/usr/share/munin/plugins/{{ item }}'
|
||||
loop:
|
||||
- dhcp_pool
|
||||
- linux-psi
|
||||
tags:
|
||||
- munin
|
||||
|
||||
|
@ -77,6 +78,7 @@
|
|||
- postfix_mailqueue
|
||||
- postfix_mailstats
|
||||
- postfix_mailvolume
|
||||
- linux-psi
|
||||
notify: restart munin-node
|
||||
tags:
|
||||
- munin
|
||||
|
|
208
nagios-nrpe/files/alerts_switch
Normal file → Executable file
208
nagios-nrpe/files/alerts_switch
Normal file → Executable file
|
@ -1,83 +1,143 @@
|
|||
#!/bin/bash
|
||||
|
||||
# https://forge.evolix.org/projects/evolix-private/repository
|
||||
#
|
||||
# You should not alter this file.
|
||||
# If you need to, create and customize a copy.
|
||||
|
||||
set -e
|
||||
# Source:
|
||||
# https://gitea.evolix.org/evolix/ansible-roles/src/branch/stable/nagios-nrpe
|
||||
#
|
||||
|
||||
readonly PROGNAME=$(basename $0)
|
||||
readonly PROGDIR=$(readlink -m $(dirname $0))
|
||||
readonly ARGS="$@"
|
||||
readonly VERSION="24.06.00"
|
||||
|
||||
usage() {
|
||||
echo "$PROGNAME action prefix"
|
||||
}
|
||||
|
||||
disable_alerts () {
|
||||
disabled_file="$1_disabled"
|
||||
enabled_file="$1_enabled"
|
||||
|
||||
if [ -e "${enabled_file}" ]; then
|
||||
mv "${enabled_file}" "${disabled_file}"
|
||||
# Load common functions and vars
|
||||
readonly lib_dir="/usr/local/lib/monitoringctl"
|
||||
if [ -r "${lib_dir}/common" ]; then
|
||||
# shellcheck source=monitoringctl_common
|
||||
source "${lib_dir}/common"
|
||||
else
|
||||
touch "${disabled_file}"
|
||||
chmod 0644 "${disabled_file}"
|
||||
fi
|
||||
}
|
||||
|
||||
enable_alerts () {
|
||||
disabled_file="$1_disabled"
|
||||
enabled_file="$1_enabled"
|
||||
|
||||
if [ -e "${disabled_file}" ]; then
|
||||
mv "${disabled_file}" "${enabled_file}"
|
||||
else
|
||||
touch "${enabled_file}"
|
||||
chmod 0644 "${enabled_file}"
|
||||
fi
|
||||
}
|
||||
|
||||
now () {
|
||||
date --iso-8601=seconds
|
||||
}
|
||||
|
||||
log_disable () {
|
||||
echo "$(now) - alerts disabled by $(logname || echo unknown)" >> $1
|
||||
}
|
||||
|
||||
log_enable () {
|
||||
echo "$(now) - alerts enabled by $(logname || echo unknown)" >> $1
|
||||
}
|
||||
|
||||
main () {
|
||||
local action=$1
|
||||
local prefix=$2
|
||||
|
||||
local base_dir="/var/lib/misc"
|
||||
mkdir -p "${base_dir}"
|
||||
|
||||
local file_path="${base_dir}/${prefix}_alerts"
|
||||
local log_file="/var/log/${prefix}_alerts.log"
|
||||
|
||||
case "$action" in
|
||||
enable)
|
||||
enable_alerts ${file_path}
|
||||
log_enable ${log_file}
|
||||
;;
|
||||
disable)
|
||||
disable_alerts ${file_path}
|
||||
log_disable ${log_file}
|
||||
;;
|
||||
help)
|
||||
usage
|
||||
;;
|
||||
*)
|
||||
>&2 echo "Unknown action '$action'"
|
||||
>&2 echo "Error: missing ${lib_dir}/common file."
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
if [ ! -e "${var_dir}" ]; then
|
||||
>&2 echo "Warning: missing ${var_dir} directory."
|
||||
fi
|
||||
|
||||
function show_help() {
|
||||
cat <<END
|
||||
$PROGNAME disables or enables NRPE alerts wrapped by the script 'alerts_wrapper' in NRPE configuration.
|
||||
|
||||
Usage: $PROGNAME disable [-d|--during <DURATION>] [--message '<DISABLE_MESSAGE>'] <WRAPPER_NAME|all>
|
||||
$PROGNAME enable [--message '<ENABLE_MESSAGE>'] <WRAPPER_NAME|all>
|
||||
$PROGNAME help
|
||||
|
||||
WRAPPER_NAME: The name given to '--name' option of 'alerts_wrapper'.
|
||||
DURATION: Duration of alert disabling.
|
||||
Can be '1d' for 1 day, '5m' for 5 minutes or more complex
|
||||
expressions like '1w2d10m42s' (if no time unit is provided,
|
||||
hour is assumed)
|
||||
Default value: 1h
|
||||
DISABLE_MESSAGE: Message that will be logged and printed by alerts_wrapper
|
||||
when alert is disabled.
|
||||
ENABLE_MESSAGE: Message that will be logged when alert is enabled
|
||||
END
|
||||
}
|
||||
|
||||
main $ARGS
|
||||
function disable_alerts() {
|
||||
# $1: wrapper name, $2: duration_sec, $3: disable message
|
||||
now_secs=$(date +"%s")
|
||||
disable_until_secs=$(( now_secs + ${2} ))
|
||||
disable_file_path="$(get_disable_file_path "${1}")"
|
||||
echo "${disable_until_secs}" > "${disable_file_path}"
|
||||
echo "$(logname || echo unknown): \"${3}\"" >> "${disable_file_path}"
|
||||
chmod 0644 "${disable_file_path}"
|
||||
log "${1} alerts disabled by $(logname || echo unknown)"
|
||||
log "Disable message: ${3}"
|
||||
}
|
||||
|
||||
function enable_alerts() {
|
||||
# $1: wrapper name, $2: enable message
|
||||
disable_file_path="$(get_disable_file_path "${1}")"
|
||||
if [ -e "${disable_file_path}" ]; then
|
||||
rm "${disable_file_path}"
|
||||
fi
|
||||
log "${1} alerts enabled by $(logname || echo unknown)"
|
||||
log "Enable message: ${2}"
|
||||
}
|
||||
|
||||
function main() {
|
||||
if [ "${action}" == 'enable' ]; then
|
||||
if [ "${wrapper_name}" == "all" ]; then
|
||||
for wrapper in $(get_wrappers_names); do
|
||||
enable_alerts "${wrapper}" "${message}"
|
||||
done
|
||||
else
|
||||
enable_alerts "${wrapper_name}" "${message}"
|
||||
fi
|
||||
elif [ "${action}" == 'disable' ]; then
|
||||
duration_sec=$(time_to_seconds "${duration}")
|
||||
if [ "${wrapper_name}" == "all" ]; then
|
||||
for wrapper in $(get_wrappers_names); do
|
||||
disable_alerts "${wrapper}" "${duration_sec}" "${message}"
|
||||
done
|
||||
else
|
||||
disable_alerts "${wrapper_name}" "${duration_sec}" "${message}"
|
||||
fi
|
||||
elif [ "${action}" == 'help' ]; then
|
||||
show_help
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
while :; do
|
||||
case "${1}" in
|
||||
enable|disable|help)
|
||||
action="${1}"
|
||||
shift;;
|
||||
-d|--during)
|
||||
if [ "$#" -gt 1 ]; then
|
||||
if filter_duration "${2}"; then
|
||||
duration="${2}"
|
||||
else
|
||||
usage_error "Option --during: \"${2}\" is not a valid duration."
|
||||
fi
|
||||
else
|
||||
error "Missing --during argument."
|
||||
fi
|
||||
shift; shift;;
|
||||
-m|--message)
|
||||
if [ "$#" -gt 1 ]; then
|
||||
message="${2}"
|
||||
else
|
||||
error "Missing --message argument."
|
||||
fi
|
||||
shift; shift;;
|
||||
*)
|
||||
if [ -n "${1}" ]; then
|
||||
if is_wrapper "${1}" || [ "${1}" == "all" ]; then
|
||||
wrapper_name="${1}"
|
||||
else
|
||||
error "Unknown argument '${1}', or NAME not defined in NRPE configuration."
|
||||
fi
|
||||
else
|
||||
if [ -z "${action}" ]; then
|
||||
error "Missing action argument."
|
||||
elif [ -z "${1}" ]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
|
||||
shift;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "${wrapper_name}" ] && [ "${action}" != 'help' ] ; then
|
||||
error "Missing WRAPPER_NAME."
|
||||
fi
|
||||
|
||||
if [ -z "${duration}" ]; then
|
||||
duration="${default_disabled_time}"
|
||||
fi
|
||||
|
||||
readonly wrapper_name duration action
|
||||
|
||||
main
|
||||
|
||||
|
|
251
nagios-nrpe/files/alerts_wrapper
Normal file → Executable file
251
nagios-nrpe/files/alerts_wrapper
Normal file → Executable file
|
@ -1,114 +1,101 @@
|
|||
#!/bin/bash
|
||||
|
||||
# https://forge.evolix.org/projects/evolix-private/repository
|
||||
#
|
||||
# You should not alter this file.
|
||||
# If you need to, create and customize a copy.
|
||||
# Source:
|
||||
# https://gitea.evolix.org/evolix/ansible-roles/src/branch/stable/nagios-nrpe
|
||||
#
|
||||
|
||||
VERSION="21.04"
|
||||
readonly VERSION
|
||||
readonly PROGNAME=$(basename $0)
|
||||
readonly VERSION="24.06.00"
|
||||
|
||||
# base functions
|
||||
|
||||
show_version() {
|
||||
cat <<END
|
||||
alerts_wrapper version ${VERSION}
|
||||
|
||||
Copyright 2018-2021 Evolix <info@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>
|
||||
and others.
|
||||
|
||||
alerts_wrapper comes with ABSOLUTELY NO WARRANTY.This is free software,
|
||||
and you are welcome to redistribute it under certain conditions.
|
||||
See the GNU General Public License v3.0 for details.
|
||||
END
|
||||
}
|
||||
show_help() {
|
||||
cat <<END
|
||||
alerts_wrapper is supposed to wrap an NRPE command and overrides the return code.
|
||||
|
||||
Usage: alerts_wrapper --limit=1d --name=check_name command with optional arguments
|
||||
or alerts_wrapper --name=check_name command with optional arguments
|
||||
or alerts_wrapper check_name command with optional arguments
|
||||
|
||||
Options
|
||||
--limit max age of the "check file" ;
|
||||
can be "1d" for 1 day, "5m" for 5 minutes…
|
||||
or more complex expressions like "1w2d10m42s"
|
||||
--name check name
|
||||
-h, --help print this message and exit
|
||||
-V, --version print version and exit
|
||||
END
|
||||
}
|
||||
|
||||
time_in_seconds() {
|
||||
if echo "${1}" | grep -E -q '^([0-9]+[wdhms])+$'; then
|
||||
echo "${1}" | sed 's/w/ * 604800 + /g; s/d/ * 86400 + /g; s/h/ * 3600 + /g; s/m/ * 60 + /g; s/s/ + /g; s/+ $//' | xargs expr
|
||||
elif echo "${1}" | grep -E -q '^([0-9]+$)'; then
|
||||
echo "${1} * 3600" | xargs expr
|
||||
# Load common functions and vars
|
||||
readonly lib_dir="/usr/local/lib/monitoringctl"
|
||||
if [ -r "${lib_dir}/common" ]; then
|
||||
# shellcheck source=monitoringctl_common
|
||||
source "${lib_dir}/common"
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
delay_from_alerts_disabled_file() {
|
||||
last_change=$(stat -c %Z "${alerts_disabled_file}")
|
||||
limit_seconds=$(time_in_seconds "${wrapper_limit}" || time_in_seconds "${wrapper_limit_default}")
|
||||
limit_date=$(date --date "${limit_seconds} seconds ago" +"%s")
|
||||
|
||||
echo $(( last_change - limit_date ))
|
||||
}
|
||||
|
||||
enable_check() {
|
||||
if [ "$(id -u)" -eq "0" ] ; then
|
||||
/usr/local/bin/alerts_switch enable "${check_name}"
|
||||
else
|
||||
sudo /usr/local/bin/alerts_switch enable "${check_name}"
|
||||
fi
|
||||
}
|
||||
|
||||
main() {
|
||||
${check_command} > "${check_stdout}"
|
||||
check_rc=$?
|
||||
readonly check_rc
|
||||
|
||||
delay=0
|
||||
|
||||
if [ -e "${alerts_disabled_file}" ]; then
|
||||
delay=$(delay_from_alerts_disabled_file)
|
||||
|
||||
if [ "${delay}" -le "0" ]; then
|
||||
enable_check
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -e "${alerts_disabled_file}" ]; then
|
||||
formatted_last_change=$(date --date "@$(stat -c %Z "${alerts_disabled_file}")" +'%c')
|
||||
readonly formatted_last_change
|
||||
|
||||
echo "ALERTS DISABLED for ${check_name} (since ${formatted_last_change}, delay: ${delay} sec) - $(cat "${check_stdout}")"
|
||||
if [ ${check_rc} = 0 ]; then
|
||||
# Nagios OK
|
||||
exit 0
|
||||
else
|
||||
# Nagios WARNING
|
||||
>&2 echo "Error: missing ${lib_dir}/common file."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -e "${var_dir}" ]; then
|
||||
>&2 echo "Warning: missing ${var_dir} directory."
|
||||
fi
|
||||
|
||||
|
||||
function show_help() {
|
||||
cat <<END
|
||||
alerts_wrapper wraps an NRPE command and overrides the return code.
|
||||
|
||||
Usage: alerts_wrapper --name <WRAPPER_NAME> <CHECK_COMMAND>
|
||||
Usage: alerts_wrapper <WRAPPER_NAME> <CHECK_COMMAND> (deprecated)
|
||||
|
||||
Options
|
||||
--name Wrapper name, it is very recommended to use the check name (like load, disk1…).
|
||||
Special name: 'all' is already hard-coded.
|
||||
-h, --help Print this message and exit.
|
||||
-V, --version Print version and exit.
|
||||
END
|
||||
}
|
||||
|
||||
function enable_wrapper() {
|
||||
# $1: wrapper name
|
||||
if [ "$(id -u)" -eq "0" ] ; then
|
||||
/usr/local/bin/alerts_switch enable "${1}"
|
||||
else
|
||||
sudo /usr/local/bin/alerts_switch enable "${1}"
|
||||
fi
|
||||
}
|
||||
|
||||
function main() {
|
||||
is_disabled="$(is_disabled_wrapper "${wrapper_name}")"
|
||||
|
||||
if [ -e "${disable_file}" ] && [ "${is_disabled}" = "False" ]; then
|
||||
enable_wrapper "${wrapper_name}"
|
||||
fi
|
||||
|
||||
timeout_command=""
|
||||
if [ "${is_disabled}" = "True" ]; then
|
||||
timeout_command="timeout 8"
|
||||
fi
|
||||
|
||||
check_stdout="$(${timeout_command} ${check_command})"
|
||||
check_rc=$?
|
||||
|
||||
if [ "${is_disabled}" = "True" ] && [ "${check_rc}" -eq 124 ] && [ -z "${check_stdout}" ]; then
|
||||
check_stdout="Check timeout (> 8 sec)"
|
||||
fi
|
||||
|
||||
if [ "${is_disabled}" = "True" ]; then
|
||||
enable_time="$(get_enable_time "${wrapper_name}")"
|
||||
enable_delay="$(enable_delay "${enable_time}")"
|
||||
delay_str="$(delay_to_string "${enable_delay}")"
|
||||
enable_date="$(date --date "+${enable_delay} seconds" "+%d %h %Y at %H:%M:%S")"
|
||||
disable_msg="$(get_disable_message "${wrapper_name}")"
|
||||
if [ -n "${disable_msg}" ]; then
|
||||
disable_msg="- ${disable_msg} "
|
||||
fi
|
||||
echo "ALERT DISABLED until ${enable_date} (${delay_str} left) ${disable_msg}- Check output: ${check_stdout}"
|
||||
else
|
||||
echo "${check_stdout}"
|
||||
fi
|
||||
|
||||
if [ "${is_disabled}" = "True" ]; then
|
||||
if [ ${check_rc} = 0 ]; then
|
||||
exit 0 # Nagios OK
|
||||
else
|
||||
exit 1 # Nagios WARNING
|
||||
fi
|
||||
else
|
||||
cat "${check_stdout}"
|
||||
exit ${check_rc}
|
||||
fi
|
||||
}
|
||||
|
||||
# Default: 1 day before re-enabling the check
|
||||
wrapper_limit_default="1d"
|
||||
readonly wrapper_limit_default
|
||||
|
||||
if [[ "${1}" =~ -.* ]]; then
|
||||
# parse options
|
||||
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case $1 in
|
||||
case "${1}" in
|
||||
-h|-\?|--help)
|
||||
show_help
|
||||
exit 0
|
||||
|
@ -117,47 +104,25 @@ if [[ "${1}" =~ -.* ]]; then
|
|||
show_version
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--limit)
|
||||
-n|--name)
|
||||
# with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
wrapper_limit=$2
|
||||
shift
|
||||
else
|
||||
printf 'ERROR: "--limit" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--limit=?*)
|
||||
# with value speparated by =
|
||||
wrapper_limit=${1#*=}
|
||||
;;
|
||||
--limit=)
|
||||
# without value
|
||||
printf 'ERROR: "--limit" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
;;
|
||||
|
||||
--name)
|
||||
# with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
check_name=$2
|
||||
if [ -n "${2}" ]; then
|
||||
wrapper_name="${2}"
|
||||
shift
|
||||
else
|
||||
printf 'ERROR: "--name" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
exit 2
|
||||
fi
|
||||
;;
|
||||
--name=?*)
|
||||
# with value speparated by =
|
||||
check_name=${1#*=}
|
||||
-n|--name=?*)
|
||||
# with value separated by =
|
||||
wrapper_name="${1#*=}"
|
||||
;;
|
||||
--name=)
|
||||
-n|--name=)
|
||||
# without value
|
||||
printf 'ERROR: "--name" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
exit 2
|
||||
;;
|
||||
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
|
@ -165,8 +130,8 @@ if [[ "${1}" =~ -.* ]]; then
|
|||
;;
|
||||
-?*)
|
||||
# ignore unknown options
|
||||
printf 'WARN: Unknown option : %s\n' "$1" >&2
|
||||
exit 1
|
||||
printf 'ERROR: Unknown option : %s\n' "${1}" >&2
|
||||
exit 2
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
|
@ -180,38 +145,22 @@ if [[ "${1}" =~ -.* ]]; then
|
|||
check_command="$*"
|
||||
else
|
||||
# no option is passed (backward compatibility with previous version)
|
||||
# treat the first argument as check_name and the rest as the command
|
||||
check_name="${1}"
|
||||
# treat the first argument as wrapper_name and the rest as the command
|
||||
wrapper_name="${1}"
|
||||
shift
|
||||
check_command="$*"
|
||||
fi
|
||||
|
||||
# Default values or errors
|
||||
if [ -z "${wrapper_limit}" ]; then
|
||||
wrapper_limit="${wrapper_limit_default}"
|
||||
fi
|
||||
if [ -z "${check_name}" ]; then
|
||||
printf 'ERROR: You must specify a check name, with --name.\n' >&2
|
||||
exit 1
|
||||
if [ -z "${wrapper_name}" ]; then
|
||||
printf 'ERROR: You must specify a wrapper name, with --names.\n' >&2
|
||||
exit 2
|
||||
fi
|
||||
if [ -z "${check_command}" ]; then
|
||||
printf 'ERROR: You must specify a command to execute.\n' >&2
|
||||
exit 1
|
||||
exit 2
|
||||
fi
|
||||
|
||||
readonly check_name
|
||||
readonly check_command
|
||||
readonly wrapper_limit
|
||||
alerts_disabled_file="/var/lib/misc/${check_name}_alerts_disabled"
|
||||
readonly alerts_disabled_file
|
||||
|
||||
check_file="/var/lib/misc/${check_name}_alerts_disabled"
|
||||
readonly check_file
|
||||
|
||||
check_stdout=$(mktemp --tmpdir=/tmp "${check_name}_stdout.XXXX")
|
||||
readonly check_stdout
|
||||
|
||||
# shellcheck disable=SC2064
|
||||
trap "rm ${check_stdout}" EXIT
|
||||
disable_file="$(get_disable_file_path "${wrapper_name}")"
|
||||
readonly wrapper_name check_command disable_file
|
||||
|
||||
main
|
||||
|
|
35
nagios-nrpe/files/check-local
Executable file → Normal file
35
nagios-nrpe/files/check-local
Executable file → Normal file
|
@ -1,36 +1,9 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
CHECK_BIN=/usr/lib/nagios/plugins/check_nrpe
|
||||
readonly orange="\e[0;33m"
|
||||
readonly nocolor="\e[0m"
|
||||
|
||||
server_address="127.0.0.1"
|
||||
|
||||
if ! test -f "${CHECK_BIN}"; then
|
||||
echo "${CHECK_BIN} is missing, please install nagios-nrpe-plugin package."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for file in /etc/nagios/{nrpe.cfg,nrpe_local.cfg,nrpe.d/evolix.cfg}; do
|
||||
if [ -r ${file} ]; then
|
||||
command_search=$(grep "\[check_$1\]" "${file}" | grep -v '^[[:blank:]]*#' | tail -n1 | cut -d'=' -f2-)
|
||||
fi
|
||||
if [ -n "${command_search}" ]; then
|
||||
command="${command_search}"
|
||||
fi
|
||||
|
||||
if [ -r ${file} ]; then
|
||||
server_address_search=$(grep "server_address" "${file}" | grep -v '^[[:blank:]]*#' | cut -d'=' -f2)
|
||||
fi
|
||||
if [ -n "${server_address_search}" ]; then
|
||||
server_address="${server_address_search}"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "${command}" ]; then
|
||||
echo "Found command in /etc/nagios (take care, in some cases, Nagios can play another command):"
|
||||
echo " ${command}"
|
||||
fi
|
||||
|
||||
echo "NRPE daemon output:"
|
||||
"${CHECK_BIN}" -H "${server_address}" -c "check_$1"
|
||||
echo -e "${orange}'check-local' is now an alias for 'monitoringctl check'. See 'monitoringctl -h' for more information.${nocolor}"
|
||||
|
||||
monitoringctl check "${1}"
|
||||
|
||||
|
|
12
nagios-nrpe/files/check-local_completion
Normal file → Executable file
12
nagios-nrpe/files/check-local_completion
Normal file → Executable file
|
@ -1,10 +1,14 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
function _get_checks_names() {
|
||||
grep --extended-regexp --no-filename --no-messages -R "command\[check_.*\]=" /etc/nagios/ | grep --invert-match --extended-regexp "^\s*#" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq
|
||||
}
|
||||
|
||||
# List of available checks
|
||||
_check_local_dynamic_completion() {
|
||||
local cur;
|
||||
cur=${COMP_WORDS[COMP_CWORD]};
|
||||
COMPREPLY=();
|
||||
COMPREPLY=( $( compgen -W '$(grep "\[check_" -Rs /etc/nagios/ | grep -vE "^[[:blank:]]*#" | awk -F"[\\\[\\\]=]" "{print \$2}" | sed "s/check_//" | sort | uniq)' -- $cur ) );
|
||||
local cur=${COMP_WORDS[COMP_CWORD]};
|
||||
|
||||
COMPREPLY=( $( compgen -W '$(_get_checks_names)' -- "${cur}" ) );
|
||||
}
|
||||
|
||||
complete -F _check_local_dynamic_completion check-local
|
||||
|
|
0
nagios-nrpe/files/check_async
Normal file → Executable file
0
nagios-nrpe/files/check_async
Normal file → Executable file
596
nagios-nrpe/files/monitoringctl
Executable file
596
nagios-nrpe/files/monitoringctl
Executable file
|
@ -0,0 +1,596 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
#set -x
|
||||
|
||||
readonly PROGNAME=$(basename $0)
|
||||
readonly VERSION="24.06.00"
|
||||
|
||||
readonly red="\e[0;31m"
|
||||
readonly green="\e[0;32m"
|
||||
readonly orange="\e[0;33m"
|
||||
readonly lightgreen="\e[1;32m"
|
||||
readonly yellow="\e[1;33m"
|
||||
readonly lightblue="\e[1;34m"
|
||||
readonly purple="\e[0;35m"
|
||||
readonly nocolor="\e[0m"
|
||||
|
||||
# Load common functions and vars
|
||||
readonly lib_dir="/usr/local/lib/monitoringctl"
|
||||
if [ -r "${lib_dir}/common" ]; then
|
||||
# shellcheck source=monitoringctl_common
|
||||
source "${lib_dir}/common"
|
||||
else
|
||||
>&2 echo "Error: missing ${lib_dir}/common file."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
function show_help() {
|
||||
cat <<EOF
|
||||
monitoringctl version ${VERSION}.
|
||||
|
||||
monitoringctl gives some control over NRPE checks and alerts.
|
||||
|
||||
Usage: monitoringctl [OPTIONS] ACTION ARGUMENTS
|
||||
|
||||
GENERAL OPTIONS:
|
||||
|
||||
-h, --help Print this message and exit.
|
||||
-V, --version Print version number and exit.
|
||||
|
||||
ACTIONS:
|
||||
|
||||
status [CHECK_NAME|all]
|
||||
|
||||
Print whether alerts are enabled or not (silenced).
|
||||
If alerts are disabled (silenced), show disable message and time left before automatic re-enabling.
|
||||
|
||||
check [-b|--bypass-nrpe] CHECK_NAME
|
||||
|
||||
Ask CHECK_NAME status to NRPE as an HTTP request.
|
||||
Indicates which command NRPE has supposedly run (from its configuration).
|
||||
-b, --bypass-nrpe Execute directly command from NRPE configuration,
|
||||
as user nagios, without passing the request to NRPE.
|
||||
|
||||
disable CHECK_NAME|all [-d|--during DURATION] [-m|--message 'DISABLE MESSAGE'] [-y|--no-confirm]
|
||||
|
||||
Disable (silence) CHECK_NAME or all alerts for DURATION and write DISABLE MESSAGE into the log.
|
||||
Checks output is still printed, so alerts history won't be lost.
|
||||
|
||||
enable CHECK_NAME|all [-m|--message 'ENABLE MESSAGE']
|
||||
|
||||
Re-enable CHECK_NAME or all alerts
|
||||
|
||||
show CHECK_NAME
|
||||
|
||||
Show NPRE command(s) configured for CHECK_NAME
|
||||
|
||||
MESSAGE:
|
||||
|
||||
Message to be written in log and disabled check output (mandatory, will be asked dynamically if not provided).
|
||||
|
||||
DURATION:
|
||||
|
||||
Time (string) during which alerts will be disabled (optional, default: "1h").
|
||||
|
||||
Format:
|
||||
You can use 'd' (day), 'h' (hour) and 'm' (minute) , or a combination of them, to specify a duration.
|
||||
Examples: '2d', '1h', '10m', '1h10' ('m' is guessed).
|
||||
|
||||
NOTES
|
||||
|
||||
For actions disable, enable and status, CHECK_NAME is actually the --name option passed to alerts_wrapper, and not the NRPE check name. Both check name and alerts_wrapper --name option should be equal in NRPE configuration to avoid confusion.
|
||||
|
||||
Log path: ${log_file}
|
||||
|
||||
EOF
|
||||
}
|
||||
|
||||
function check() {
|
||||
# $1: check name, "all" or empty
|
||||
readonly check_nrpe_bin="/usr/lib/nagios/plugins/check_nrpe"
|
||||
if [ ! -f "${check_nrpe_bin}" ]; then
|
||||
>&2 echo "${check_nrpe_bin} is missing, please install nagios-nrpe-plugin package."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
conf_lines="$(get_nrpe_conf "${nrpe_conf_path}")"
|
||||
|
||||
server_address=$(echo "$conf_lines" | grep "server_address" | tail -n1 | cut -d'=' -f2)
|
||||
if [ -z "${server_address}" ]; then server_address="127.0.0.1"; fi
|
||||
|
||||
server_port=$(echo "$conf_lines" | grep "server_port" | tail -n1 | cut -d'=' -f2)
|
||||
if [ -z "${server_port}" ]; then server_port="5666"; fi
|
||||
|
||||
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
|
||||
# Array header for multi-checks
|
||||
checks="$(get_checks_names)"
|
||||
header="Check\tStatus\tOutput (truncated)"
|
||||
underline="-----\t------\t------------------"
|
||||
str_out="\n${header}\n${underline}\n"
|
||||
else
|
||||
checks="${1}"
|
||||
fi
|
||||
|
||||
for check in $checks; do
|
||||
printf "\033[KChecking %s…\r" "${check}"
|
||||
err_msg=""
|
||||
if [ "${bypass_nrpe}" = "False" ]; then
|
||||
request_command="${check_nrpe_bin} -H ${server_address} -p ${server_port} -c check_${check} 2&>1"
|
||||
else
|
||||
check_commands="$(get_check_commands "${check}")"
|
||||
if [ -n "${check_commands}" ]; then
|
||||
check_command="$(echo "${check_commands}" | tail -n1)"
|
||||
request_command="sudo -u nagios -- ${check_command}"
|
||||
else
|
||||
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
|
||||
err_msg="Check command not found in NRPE configuration."
|
||||
else
|
||||
err_msg="Error: no command found in NRPE configuration for check '${check}'. Aborted."
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
if [ -z "${err_msg}" ]; then
|
||||
check_output="$(${request_command})"
|
||||
rc="$?"
|
||||
check_output="$(echo "${check_output}" | tr '\n' ' ')"
|
||||
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
|
||||
if [ "${#check_output}" -gt 60 ]; then
|
||||
check_output="$(echo "${check_output}" | cut -c-80) [...]"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
check_output="${err_msg}"
|
||||
rc="3"
|
||||
fi
|
||||
|
||||
case "${rc}" in
|
||||
0)
|
||||
rc_str="OK"
|
||||
color="${green}"
|
||||
;;
|
||||
1)
|
||||
rc_str="Warning"
|
||||
color="${orange}"
|
||||
;;
|
||||
2)
|
||||
rc_str="Critical"
|
||||
color="${red}"
|
||||
;;
|
||||
3)
|
||||
rc_str="Unknown"
|
||||
color="${purple}"
|
||||
;;
|
||||
*)
|
||||
rc_str="Unknown"
|
||||
color="${purple}"
|
||||
esac
|
||||
|
||||
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
|
||||
str_out="${str_out}${color}${check}\t${rc_str}${nocolor}\t${check_output}\n"
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
|
||||
echo -e "${str_out}" | column -t -s $'\t'
|
||||
else
|
||||
printf "\033[K\n" # erase tmp line « Checking check_toto…»
|
||||
if [ "${bypass_nrpe}" = "False" ]; then
|
||||
echo -e "NRPE service output (on ${server_address}:${server_port}):\n"
|
||||
else
|
||||
echo -e "Direct check output (bypassing NRPE):\n"
|
||||
fi
|
||||
echo -e "${color}${check_output}${nocolor}\n" | sed 's/|/\n/g'
|
||||
exit "${rc}"
|
||||
fi
|
||||
}
|
||||
|
||||
# Print error message and exit if not installed
|
||||
function alerts_switch_is_installed() {
|
||||
if ! command -v alerts_switch &> /dev/null; then
|
||||
error "Error: script 'alerts_switch' is not installed. Aborted."
|
||||
fi
|
||||
}
|
||||
|
||||
function disable_alerts() {
|
||||
# $1: check name | all
|
||||
# $2: disable message
|
||||
alerts_switch_is_installed
|
||||
|
||||
if [ "${1}" = "all" ]; then
|
||||
checks="$(get_checks_names)"
|
||||
else
|
||||
checks="${1}"
|
||||
fi
|
||||
|
||||
warn_not_wrapped "${checks}"
|
||||
warn_wrapper_names "${checks}"
|
||||
|
||||
if [ -z "${2}" ]; then
|
||||
echo -n "> Please provide a disable message (for logging and check output): "
|
||||
read -r message
|
||||
echo ''
|
||||
if [ -z "${message}" ]; then
|
||||
error "${red}Error:${nocolor} disable message is mandatory."
|
||||
fi
|
||||
else
|
||||
message="${2}"
|
||||
fi
|
||||
|
||||
default_msg=""
|
||||
if [ "${default_duration}" = "True" ]; then
|
||||
default_msg=" (use --during to change default time)"
|
||||
fi
|
||||
|
||||
if [ "${1}" = "all" ]; then
|
||||
check_txt="All checks"
|
||||
else
|
||||
check_txt="Check ${1}"
|
||||
fi
|
||||
|
||||
echo_box "${check_txt} will be disabled for ${duration}${default_msg}."
|
||||
cat <<EOF
|
||||
|
||||
Additional information:
|
||||
* Alerts history is kept in our monitoring system.
|
||||
* To see when the will be re-enabled, execute 'monitoringctl status ${1}'.
|
||||
* To re-enable alert(s) before ${duration}, execute as root or with sudo: 'monitoringctl enable ${1}'.
|
||||
|
||||
EOF
|
||||
|
||||
if [ "${1}" != "all" ]; then
|
||||
if is_check "${1}"; then
|
||||
wrapper="$(get_check_wrapper_name "${1}")"
|
||||
else
|
||||
wrapper="${1}"
|
||||
fi
|
||||
checks="$(get_wrapper_checks "${wrapper}")"
|
||||
n_checks="$(echo "${checks}" | wc -w)"
|
||||
if [ "${n_checks}" -gt 1 ]; then
|
||||
>&2 echo -e "${orange}Warning:${nocolor} because they have the same configuration, disabling ${1} will disable: ${checks}.\n"
|
||||
log "Warning: disabling ${1} will disable ${checks} (which have the same wrapper name)."
|
||||
fi
|
||||
else
|
||||
wrapper="all"
|
||||
fi
|
||||
|
||||
if [ "${confirm}" = "True" ]; then
|
||||
echo -n "> Confirm (y/N)? "
|
||||
read -r answer
|
||||
if [ "${answer}" != "Y" ] && [ "${answer}" != "y" ]; then
|
||||
echo -e "${orange}Canceled.${nocolor}" && exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
log "Action disable ${1} requested for ${duration} by user $(logname || echo unknown)."
|
||||
|
||||
alerts_switch disable "${wrapper}" --during "${duration}" --message "${message}"
|
||||
|
||||
if [ "${1}" != "all" ]; then
|
||||
if [ "${n_checks}" -eq 1 ]; then
|
||||
echo -e "${orange}Check ${1} alerts are now disabled for ${duration}.${nocolor}"
|
||||
else
|
||||
echo -e "${orange}Alerts are now disabled for ${duration} for checks: ${checks}.${nocolor}"
|
||||
fi
|
||||
else
|
||||
echo -e "${orange}All alerts are now disabled for ${duration}.${nocolor}"
|
||||
fi
|
||||
}
|
||||
|
||||
function enable_alerts() {
|
||||
# $1: check name, $2: enable message
|
||||
alerts_switch_is_installed
|
||||
|
||||
if [ "${1}" != "all" ]; then
|
||||
# Verify that check is not already enabled
|
||||
is_disabled="$(is_disabled_check "${1}")"
|
||||
if [ "${is_disabled}" = "False" ]; then
|
||||
echo "${1} is already enabled, see 'monitoringctl status'"
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "${2}" ]; then
|
||||
echo -n "> Please provide an enable message (for logging): "
|
||||
read -r message
|
||||
echo ''
|
||||
if [ -z "${message}" ]; then
|
||||
error "${red}Error:${nocolor} disable message is mandatory."
|
||||
fi
|
||||
else
|
||||
message="${2}"
|
||||
fi
|
||||
|
||||
log "Action enable ${1} requested by user $(logname || echo unknown)."
|
||||
|
||||
if [ "${1}" != "all" ]; then
|
||||
if is_check "${1}"; then
|
||||
wrapper="$(get_check_wrapper_name "${1}")"
|
||||
else
|
||||
wrapper="${1}"
|
||||
fi
|
||||
checks="$(get_wrapper_checks "${wrapper}")"
|
||||
n_checks="$(echo "${checks}" | wc -w)"
|
||||
if [ "${n_checks}" -gt 1 ]; then
|
||||
>&2 echo -e "${orange}Warning:${nocolor} because they have the same configuration, enabling ${1} will enable: ${checks}.\n"
|
||||
log "Warning: check ${1} will enable ${checks} (which have the same wrapper name)."
|
||||
fi
|
||||
else
|
||||
wrapper="all"
|
||||
fi
|
||||
|
||||
alerts_switch enable "${wrapper}" --message "${message}"
|
||||
|
||||
if [ "${1}" != "all" ]; then
|
||||
if [ "${n_checks}" -eq 1 ]; then
|
||||
echo -e "${green}Check ${1} alerts are now enabled.${nocolor}"
|
||||
else
|
||||
echo -e "${green}Alerts are now enabled for checks: ${checks}.${nocolor}"
|
||||
fi
|
||||
else
|
||||
echo -e "${green}All alerts are now enabled.${nocolor}"
|
||||
fi
|
||||
}
|
||||
|
||||
# Show NRPE command(s) configured for a check
|
||||
function show_check_commands() {
|
||||
# $1: check name
|
||||
check_commands=$(get_check_commands "${1}")
|
||||
|
||||
if [ -z "${check_commands}" ]; then
|
||||
usage_error "Error: no command found in NRPE configuration for check '${1}."
|
||||
fi
|
||||
|
||||
n_commands="$(echo "${check_commands}" | wc -l)"
|
||||
if [ "${n_commands}" -ne 1 ]; then
|
||||
echo "Available commands (in config order, the last one overwrites the others):"
|
||||
echo " $check_commands"
|
||||
fi
|
||||
|
||||
check_command=$(echo "${check_commands}" | tail -n1)
|
||||
echo "Command used by NRPE:"
|
||||
echo " ${check_command}"
|
||||
}
|
||||
|
||||
# Print a warning if some wrappers have the same name
|
||||
# or if a name is different from the check.
|
||||
function warn_wrapper_names() {
|
||||
#$1: checks to verify
|
||||
warned="False"
|
||||
for check in ${1}; do
|
||||
wrapper_name="$(get_check_wrapper_name "${check}")"
|
||||
if [ -n "${wrapper_name}" ] && [ "${wrapper_name}" != "${check}" ]; then
|
||||
>&2 echo -e "${orange}Warning:${nocolor} ${check} check has wrapper name ${wrapper_name}."
|
||||
warned="True"
|
||||
fi
|
||||
done
|
||||
if [ "${warned}" = "True" ]; then
|
||||
>&2 echo -e "${orange}It is recommanded to name the wrappers the same as the checks.${nocolor}\n"
|
||||
fi
|
||||
}
|
||||
|
||||
# Print a warning if some checks are not wrapped
|
||||
function warn_not_wrapped() {
|
||||
#$1: checks to verify
|
||||
unwrappeds="$(not_wrapped_checks)"
|
||||
unwrapped_checks="$(comm -12 <(echo "${1}") <(echo "${unwrappeds}"))"
|
||||
if [ -n "${unwrapped_checks}" ]; then
|
||||
n_checks="$(echo "${1}" | wc -w)"
|
||||
n_unwrapped="$(echo "${unwrapped_checks}" | wc -w)"
|
||||
if [ "${n_unwrapped}" == "${n_checks}" ]; then
|
||||
if [ "${n_unwrapped}" -eq 1 ]; then
|
||||
error "${red}Error:${nocolor} ${1} check is not wrapped, it cannot be disabled."
|
||||
else
|
||||
error "${red}Error:${nocolor} these checks are not wrapped, they cannot be disabled: $(echo "${unwrapped_checks}" | xargs)"
|
||||
fi
|
||||
else
|
||||
if [ "${n_unwrapped}" -eq 1 ]; then
|
||||
>&2 echo -e "${orange}Warning:${nocolor} ${unwrapped_checks} check is not wrapped, it will not be disabled."
|
||||
else
|
||||
>&2 echo -e -n "${orange}Warning:${nocolor} some checks are not configured, they will not be disabled: $(echo "${unwrapped_checks}" | xargs)\n\n"
|
||||
fi
|
||||
fi
|
||||
|
||||
log "Warning: some checks have no alerts_wrapper, they will not be disabled: $(echo "${unwrapped_checks}" | xargs)"
|
||||
fi
|
||||
}
|
||||
|
||||
# Echo a message in a box
|
||||
function echo_box() {
|
||||
# $1: message
|
||||
msg_len="${#1}"
|
||||
line="$(printf '─%.0s' $(eval "echo {1.."${msg_len}"}"))"
|
||||
cat <<EOF
|
||||
┌${line}┐
|
||||
│${1}│
|
||||
└${line}┘
|
||||
EOF
|
||||
}
|
||||
|
||||
# Echo which checks are enabled or disabled and time left
|
||||
function alerts_status() {
|
||||
# $1: check name, "all" or empty
|
||||
if [ -z "${1}" ] || [ "${1}" = "all" ]; then
|
||||
checks="$(get_checks_names)"
|
||||
else
|
||||
checks="${1}"
|
||||
fi
|
||||
|
||||
warn_wrapper_names "${checks}"
|
||||
|
||||
header="Check\tStatus\tRe-enable time\tDisable message"
|
||||
underline="-----\t------\t--------------\t---------------"
|
||||
str_out="${header}\n${underline}\n"
|
||||
|
||||
for check in $checks; do
|
||||
enable_str=""
|
||||
status_str="Enabled"
|
||||
disable_msg=""
|
||||
if ! is_wrapped "${check}"; then
|
||||
status_str="Not configured"
|
||||
else
|
||||
is_disabled="$(is_disabled_check "${check}")"
|
||||
wrapper_name="$(get_check_wrapper_name "${check}")"
|
||||
if [ "${is_disabled}" = "True" ]; then
|
||||
status_str="Disabled"
|
||||
enable_time="$(get_enable_time "${wrapper_name}")"
|
||||
enable_delay="$(enable_delay "${enable_time}")"
|
||||
delay_str="$(delay_to_string "${enable_delay}")"
|
||||
enable_date="$(date --date "+${enable_delay} seconds" "+%d %h %Y at %H:%M:%S")"
|
||||
enable_str="${enable_date} (${delay_str} left)"
|
||||
disable_msg="$(get_disable_message "${wrapper_name}")"
|
||||
fi
|
||||
fi
|
||||
case "${status_str}" in
|
||||
"Enabled")
|
||||
color="${green}"
|
||||
;;
|
||||
"Disabled")
|
||||
color="${orange}"
|
||||
;;
|
||||
*)
|
||||
color="${red}"
|
||||
esac
|
||||
str_out="${str_out}${color}${check}\t${status_str}${nocolor}\t${enable_str}\t${disable_msg}\n"
|
||||
done
|
||||
|
||||
echo -e "${str_out}" | column -t -s $'\t'
|
||||
}
|
||||
|
||||
|
||||
### MAIN #########################################
|
||||
|
||||
# No root
|
||||
if [ "$(id -u)" -ne 0 ]; then
|
||||
>&2 echo "You need to be root (or use sudo) to run ${0}!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# No argument
|
||||
if [ "$#" = "0" ]; then
|
||||
show_help
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Default arguments and options
|
||||
action=""
|
||||
message=""
|
||||
duration="${default_disabled_time}"
|
||||
bypass_nrpe="False"
|
||||
confirm="True"
|
||||
default_duration="True"
|
||||
|
||||
# Parse arguments and options
|
||||
while :; do
|
||||
case "${1}" in
|
||||
-h|-\?|--help)
|
||||
show_help
|
||||
exit 0;;
|
||||
-V|--version)
|
||||
show_version
|
||||
exit 0;;
|
||||
-b|--bypass-nrpe)
|
||||
bypass_nrpe="True"
|
||||
shift;;
|
||||
-y|--no-confirm)
|
||||
confirm="False"
|
||||
shift;;
|
||||
-d|--during)
|
||||
if [ "${default_duration}" = "False" ]; then
|
||||
usage_error "Option --during: defined multiple times."
|
||||
fi
|
||||
if [ "$#" -lt 2 ]; then
|
||||
usage_error "Option --during: missing value."
|
||||
fi
|
||||
if filter_duration "${2}"; then
|
||||
duration="${2}"
|
||||
else
|
||||
usage_error "Option --during: \"${2}\" is not a valid duration."
|
||||
fi
|
||||
default_duration="False"
|
||||
shift; shift;;
|
||||
-m|--message)
|
||||
if [ "$#" -lt 2 ]; then
|
||||
usage_error "Option --message: missing message string."
|
||||
fi
|
||||
message="${2}"
|
||||
shift; shift;;
|
||||
status|check|enable|disable|show)
|
||||
action="${1}"
|
||||
shift;;
|
||||
*)
|
||||
if [ -z "${1}" ]; then
|
||||
break
|
||||
fi
|
||||
|
||||
case "${action}" in
|
||||
status|check)
|
||||
if is_check "${1}" || [ "${1}" = "all" ]; then
|
||||
check_name="${1}"
|
||||
else
|
||||
usage_error "Action ${action}: unknown check '${1}'."
|
||||
fi
|
||||
;;
|
||||
show)
|
||||
if is_check "${1}"; then
|
||||
check_name="${1}"
|
||||
else
|
||||
usage_error "Action ${action}: unknown check '${1}'."
|
||||
fi
|
||||
;;
|
||||
enable|disable)
|
||||
if is_wrapper "${1}" || is_check "${1}" || [ "${1}" = "all" ]; then
|
||||
check_name="${1}"
|
||||
else
|
||||
# We use the word "check" for the end user,
|
||||
# but this is actually "unknown wrapper"
|
||||
usage_error "Action ${action}: unknown check '${1}'."
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
usage_error "Missing or invalid ACTION argument."
|
||||
;;
|
||||
esac
|
||||
shift;;
|
||||
esac
|
||||
done
|
||||
|
||||
|
||||
if [ "$#" -gt 0 ]; then
|
||||
usage_error "Too many arguments."
|
||||
fi
|
||||
|
||||
case "${action}" in
|
||||
disable|enable|show)
|
||||
if [ -z "${check_name}" ]; then
|
||||
usage_error "Action ${action}: missing CHECK_NAME argument."
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ ! "${action}" = "disable" ]; then
|
||||
if [ "${default_duration}" = "False" ]; then
|
||||
usage_error "Action ${action}: there is no --during option."
|
||||
fi
|
||||
if [ "${confirm}" = "False" ]; then
|
||||
usage_error "Action ${action}: there is no --no-confirm option."
|
||||
fi
|
||||
fi
|
||||
|
||||
case "${action}" in
|
||||
status)
|
||||
alerts_status "${check_name}"
|
||||
;;
|
||||
check)
|
||||
check "${check_name}"
|
||||
;;
|
||||
show)
|
||||
show_check_commands "${check_name}"
|
||||
;;
|
||||
enable)
|
||||
enable_alerts "${check_name}" "${message}"
|
||||
;;
|
||||
disable)
|
||||
disable_alerts "${check_name}" "${message}"
|
||||
;;
|
||||
esac
|
||||
|
292
nagios-nrpe/files/monitoringctl_common
Normal file
292
nagios-nrpe/files/monitoringctl_common
Normal file
|
@ -0,0 +1,292 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# Location of disable files
|
||||
readonly var_dir="/var/lib/monitoringctl"
|
||||
|
||||
readonly log_file="/var/log/monitoringctl.log"
|
||||
|
||||
readonly nrpe_conf_path="/etc/nagios/nrpe.cfg"
|
||||
|
||||
debian_major_version="$(cut -d "." -f 1 < /etc/debian_version)"
|
||||
readonly debian_major_version
|
||||
|
||||
# If no time limit is provided in CLI or found in file, this value is used
|
||||
readonly default_disabled_time="1h"
|
||||
|
||||
_nrpe_conf_lines='' # populated at the end of the file
|
||||
|
||||
|
||||
function error() {
|
||||
# $1: error message
|
||||
>&2 echo -e "${1}"
|
||||
exit 1
|
||||
}
|
||||
|
||||
function usage_error() {
|
||||
# $1: error message
|
||||
>&2 echo "${1}"
|
||||
>&2 echo "Execute \"${PROGNAME} --help\" for information on usage."
|
||||
exit 1
|
||||
}
|
||||
|
||||
function log() {
|
||||
# $1: message
|
||||
echo "$(now_iso) - ${PROGNAME}: ${1}" >> "${log_file}"
|
||||
}
|
||||
|
||||
function show_version() {
|
||||
cat <<END
|
||||
${PROGNAME} version ${VERSION}.
|
||||
|
||||
Copyright 2018-2024 Evolix <info@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>
|
||||
and others.
|
||||
|
||||
${PROGNAME} comes with ABSOLUTELY NO WARRANTY.This is free software,
|
||||
and you are welcome to redistribute it under certain conditions.
|
||||
See the GNU General Public License v3.0 for details.
|
||||
END
|
||||
}
|
||||
|
||||
# Fail if argument does not respect format: XwXdXhXmXs, XhX, XmX
|
||||
function filter_duration() {
|
||||
# $1: duration in format specified above
|
||||
_time_regex="^([0-9]+d)?(([0-9]+h(([0-9]+m?)|([0-9]+m([0-9]+s?)?))?)|(([0-9]+m([0-9]+s?)?)?))?$"
|
||||
if [[ "${1}" =~ ${_time_regex} ]]; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
# Convert human writable duration into seconds
|
||||
function time_to_seconds() {
|
||||
# $1: formated time string
|
||||
if echo "${1}" | grep -E -q '^([0-9]+[wdhms])+$'; then
|
||||
echo "${1}" | sed 's/w/ * 604800 + /g; s/d/ * 86400 + /g; s/h/ * 3600 + /g; s/m/ * 60 + /g; s/s/ + /g; s/+ $//' | xargs expr
|
||||
elif echo "${1}" | grep -E -q '^([0-9]+h[0-9]+$)'; then
|
||||
echo "${1}" | sed 's/h/ * 3600 + /g; s/$/ * 60/' | xargs expr
|
||||
elif echo "${1}" | grep -E -q '^([0-9]+m[0-9]+$)'; then
|
||||
echo "${1}" | sed 's/m/ * 60 + /g' | xargs expr
|
||||
else
|
||||
error "Invalid duration: '${1}'."
|
||||
fi
|
||||
}
|
||||
|
||||
# Print re-enable time in secs
|
||||
function get_enable_time() {
|
||||
# $1: wrapper name
|
||||
_disable_file_path="$(get_disable_file_path "${1}")"
|
||||
if [ ! -e "${_disable_file_path}" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
_enable_secs="$(grep -v -E "^\s*#" "${_disable_file_path}" | sed '/^$/d' | head -n1 | awk '/^[0-9]+$/ {print $1}')"
|
||||
# If file is empty, use file last change date plus default disabled time
|
||||
if [ -z "${_enable_secs}" ]; then
|
||||
_file_last_change_secs="$(stat -c %Z "${_disable_file_path}")"
|
||||
_default_disabled_time_secs="$(time_to_seconds "${default_disabled_time}")"
|
||||
_enable_secs="$(( _file_last_change_secs + _default_disabled_time_secs ))"
|
||||
fi
|
||||
echo "${_enable_secs}"
|
||||
}
|
||||
|
||||
# Print disable message
|
||||
function get_disable_message() {
|
||||
# $1: wrapper name
|
||||
_disable_file_path="$(get_disable_file_path "${1}")"
|
||||
if [ ! -e "${_disable_file_path}" ]; then
|
||||
return
|
||||
fi
|
||||
|
||||
_disable_msg="$(sed '/^$/d' "${_disable_file_path}" | tail -n+2 | tr '\n' ' ' | awk '{$1=$1;print}')"
|
||||
echo "${_disable_msg}"
|
||||
}
|
||||
|
||||
function now_secs() {
|
||||
date +"%s"
|
||||
}
|
||||
|
||||
function now_iso() {
|
||||
date --iso-8601=seconds
|
||||
}
|
||||
|
||||
# Print delay before re-enable in secs
|
||||
function enable_delay() {
|
||||
# $1: re-enable time in secs
|
||||
echo $(( ${1} - $(now_secs) ))
|
||||
}
|
||||
|
||||
# Converts delay (in seconds) into human readable duration
|
||||
function delay_to_string() {
|
||||
# $1: delay in secs
|
||||
_delay_days="$(( ${1} /86400 ))"
|
||||
if [ "${_delay_days}" -eq 0 ]; then _delay_days=""
|
||||
else _delay_days="${_delay_days}d"; fi
|
||||
|
||||
_delay_hours="$(( (${1} %86400) /3600 ))"
|
||||
if [ "${_delay_hours}" -eq 0 ]; then _delay_hours=""
|
||||
else _delay_hours="${_delay_hours}h"; fi
|
||||
|
||||
_delay_minutes="$(( ((${1} %86400) %3600) /60 ))"
|
||||
if [ "${_delay_minutes}" -eq 0 ]; then _delay_minutes=""
|
||||
else _delay_minutes="${_delay_minutes}m"; fi
|
||||
|
||||
_delay_seconds="$(( ((${1} %86400) %3600) %60 ))"
|
||||
if [ "${_delay_seconds}" -eq 0 ]; then _delay_seconds=""
|
||||
else _delay_seconds="${_delay_seconds}s"; fi
|
||||
|
||||
echo "${_delay_days}${_delay_hours}${_delay_minutes}${_delay_seconds}"
|
||||
}
|
||||
|
||||
function is_disabled_check() {
|
||||
# $1: check name
|
||||
_wrapper="$(get_check_wrapper_name "${1}")"
|
||||
is_disabled_wrapper "${_wrapper}"
|
||||
}
|
||||
|
||||
function is_disabled_wrapper() {
|
||||
# $1: wrapper name
|
||||
_wrapper="${1}"
|
||||
_disable_file_path="$(get_disable_file_path "${_wrapper}")"
|
||||
if [ -e "${_disable_file_path}" ]; then
|
||||
_enable_time="$(get_enable_time "${_wrapper}")"
|
||||
_enable_delay="$(enable_delay "${_enable_time}")"
|
||||
if [ "${_enable_delay}" -le "0" ]; then
|
||||
echo "False"
|
||||
else
|
||||
echo "True"
|
||||
fi
|
||||
else
|
||||
echo False
|
||||
fi
|
||||
}
|
||||
|
||||
function get_disable_file_path() {
|
||||
# $1: wrapper name
|
||||
echo "${var_dir}/${1}_alerts_disabled"
|
||||
}
|
||||
|
||||
|
||||
|
||||
### Nagios configuration functions ####################
|
||||
|
||||
# Print NRPE configuration, with includes, without comments
|
||||
# and in the same order than NRPE does (taking account that
|
||||
# order changes from Deb10)
|
||||
function get_nrpe_conf() {
|
||||
echo "${_nrpe_conf_lines}"
|
||||
}
|
||||
|
||||
# Private function to recursively get NRPE conf from file
|
||||
function _get_conf_from_file() {
|
||||
# $1: NRPE conf file (.cfg)
|
||||
if [ ! -f "${1}" ]; then return; fi
|
||||
|
||||
_conf_lines=$(grep -E -R -v --no-filename "^\s*(#.*|)$" "${1}")
|
||||
while read -r _line; do
|
||||
if [[ "${_line}" =~ .*'include='.* ]]; then
|
||||
_conf_file=$(echo "${_line}" | cut -d= -f2)
|
||||
_get_conf_from_file "${_conf_file}"
|
||||
elif [[ "${_line}" =~ .*'include_dir='.* ]]; then
|
||||
_conf_dir=$(echo "${_line}" | cut -d= -f2)
|
||||
_get_conf_from_dir "${_conf_dir}"
|
||||
else
|
||||
echo "${_line}"
|
||||
fi
|
||||
done <<< "${_conf_lines}"
|
||||
}
|
||||
|
||||
# Private function to recursively get NRPE conf from directory
|
||||
function _get_conf_from_dir() {
|
||||
# $1: NRPE conf dir
|
||||
if [ ! -d "${1}" ]; then return; fi
|
||||
|
||||
if [ "${debian_major_version}" -ge 10 ]; then
|
||||
# From Deb10, NRPE use scandir() with alphasort() function
|
||||
_sort_command="sort"
|
||||
else
|
||||
# Before Deb10, NRPE use loaddir(), like find utility
|
||||
_sort_command="cat -"
|
||||
fi
|
||||
|
||||
# Add conf files in dir to be processed recursively
|
||||
for _file in $(find "${1}" -maxdepth 1 -name "*.cfg" 2> /dev/null | ${_sort_command}); do
|
||||
if [ -f "${_file}" ]; then
|
||||
_get_conf_from_file "${_file}"
|
||||
elif [ -d "${_file}" ]; then
|
||||
_get_conf_from_dir "${_file}"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# Print the checks that are configured in NRPE
|
||||
function get_checks_names() {
|
||||
echo "${_nrpe_conf_lines}" | grep -E "command\[check_.*\]=" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq
|
||||
}
|
||||
|
||||
# Print the commands defined for check $1 in NRPE configuration
|
||||
function get_check_commands() {
|
||||
# $1: check name
|
||||
echo "${_nrpe_conf_lines}" | grep -E "command\[check_${1}\]" | cut -d'=' -f2-
|
||||
}
|
||||
|
||||
# Print the checks that have no alerts_wrapper in NRPE configuration
|
||||
function not_wrapped_checks() {
|
||||
for _check in $(get_checks_names); do
|
||||
if ! is_wrapped "${_check}"; then
|
||||
echo "${_check}"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# Fail if check is not wrapped
|
||||
function is_wrapped() {
|
||||
# $1: check name
|
||||
_cmd=$(get_check_commands "${1}" | tail -n1)
|
||||
if echo "${_cmd}" | grep --quiet --no-messages alerts_wrapper; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
# Print the names that are defined in the wrappers of the checks
|
||||
function get_wrappers_names() {
|
||||
echo "${_nrpe_conf_lines}" | grep -s "alerts_wrapper" | awk '{ for (i=1 ; i<=NF; i++) { if ($i ~ /^(-n|--name)$/) { print $(i+1); break } } }' | tr ',' '\n' | sort | uniq
|
||||
}
|
||||
|
||||
# Print the wrapper name of the check
|
||||
function get_check_wrapper_name() {
|
||||
# $1: check name
|
||||
_cmd=$(get_check_commands "${1}" | tail -n1)
|
||||
if echo "${_cmd}" | grep --quiet --no-messages alerts_wrapper; then
|
||||
echo "${_cmd}" | awk '/--name/ {match($0, /--name\s*([a-zA-Z0-9_\-]*)\s*/, m); print m[1]}'
|
||||
fi
|
||||
}
|
||||
|
||||
function is_check() {
|
||||
# $1: check name
|
||||
_checks="$(get_checks_names)"
|
||||
if echo "${_checks}" | grep --quiet -E "^${1}$"; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
function is_wrapper() {
|
||||
# $1: wrapper name
|
||||
_wrappers="$(get_wrappers_names)"
|
||||
if echo "${_wrappers}" | grep --quiet -E "^${1}$"; then
|
||||
return 0
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
# Print the checks that name this wrapper
|
||||
function get_wrapper_checks() {
|
||||
# $1: wrapper name
|
||||
echo "${_nrpe_conf_lines}" | grep -E "command\[check_.*\]=" | grep -E "\-\-name\s*${1}" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq | xargs
|
||||
}
|
||||
|
||||
|
||||
# Load NRPE configuration
|
||||
_nrpe_conf_lines="$(_get_conf_from_file "${nrpe_conf_path}")"
|
88
nagios-nrpe/files/monitoringctl_completion
Normal file
88
nagios-nrpe/files/monitoringctl_completion
Normal file
|
@ -0,0 +1,88 @@
|
|||
#!/usr/bin/bash
|
||||
#
|
||||
|
||||
function _get_wrappers_names() {
|
||||
grep "alerts_wrapper" --no-filename --no-messages -R /etc/nagios/ | grep --invert-match --extended-regexp "^\s*#" | awk '{ for (i=1 ; i<=NF; i++) { if ($i ~ /^(-n|--name)$/) { print $(i+1); break } } }' | tr ',' '\n' | sort | uniq
|
||||
}
|
||||
|
||||
function _get_checks_names() {
|
||||
grep --extended-regexp --no-filename --no-messages -R "command\[check_.*\]=" /etc/nagios/ | grep --invert-match --extended-regexp "^\s*#" | awk -F"[\\\[\\\]=]" '{sub("check_", "", $2); print $2}' | sort | uniq
|
||||
}
|
||||
|
||||
function _monitoringctl_completion() {
|
||||
local cur=${COMP_WORDS[COMP_CWORD]};
|
||||
local prev=${COMP_WORDS[COMP_CWORD-1]};
|
||||
|
||||
local action=""
|
||||
for w in "${COMP_WORDS[@]}"; do
|
||||
case "$w" in
|
||||
status|check|enable|disable|show)
|
||||
action="${w}"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
local words="--help"
|
||||
case "${action}" in
|
||||
check|show)
|
||||
checks="$(_get_checks_names)"
|
||||
check=""
|
||||
for w in "${COMP_WORDS[@]}"; do
|
||||
for c in ${checks}; do
|
||||
if [ "${c}" == "${w}" ]; then
|
||||
check="${w}"
|
||||
break
|
||||
fi
|
||||
done
|
||||
done
|
||||
if [ -z "${check}" ]; then
|
||||
words="${checks} ${words}"
|
||||
fi
|
||||
if [ "${action}" == "check" ]; then
|
||||
words="all --bypass-nrpe ${words}"
|
||||
fi
|
||||
;;
|
||||
status)
|
||||
if [ "${prev}" == "status" ]; then
|
||||
words="all $(_get_checks_names)"
|
||||
fi
|
||||
;;
|
||||
enable)
|
||||
if [ "${prev}" == "enable" ]; then
|
||||
words="all $(_get_wrappers_names)"
|
||||
else
|
||||
words="--message ${words}"
|
||||
fi
|
||||
;;
|
||||
disable)
|
||||
if [ "${prev}" == "disable" ]; then
|
||||
words="all $(_get_wrappers_names)"
|
||||
elif [ "${prev}" == "-d" ] || [ "${prev}" == "--during" ]; then
|
||||
words="1d 1d12h 1h 1h30m 1m 1m30s 30s"
|
||||
else
|
||||
words="--during --message ${words}"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
words="status check enable disable show ${words}"
|
||||
;;
|
||||
esac
|
||||
|
||||
# Avoid double
|
||||
opts=();
|
||||
for i in ${words}; do
|
||||
for j in "${COMP_WORDS[@]}"; do
|
||||
if [[ "$i" == "$j" ]]; then
|
||||
continue 2
|
||||
fi
|
||||
done
|
||||
opts+=("$i")
|
||||
done
|
||||
|
||||
COMPREPLY=($(compgen -W "${opts[*]}" -- "${cur}"))
|
||||
return 0
|
||||
|
||||
}
|
||||
|
||||
complete -F _monitoringctl_completion monitoringctl
|
||||
|
27
nagios-nrpe/files/sudoers
Normal file
27
nagios-nrpe/files/sudoers
Normal file
|
@ -0,0 +1,27 @@
|
|||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php56/rootfs/etc/php5/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php70/rootfs/etc/php/7.0/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php73/rootfs/etc/php/7.3/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php74/rootfs/etc/php/7.4/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/
|
||||
nagios ALL = NOPASSWD: /usr/sbin/megaclisas-status --nagios
|
||||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_ipmi_sensor
|
||||
nagios ALL = NOPASSWD: /sbin/dmsetup status --noflush
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -PDList -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -LdInfo -Lall -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/megacli -AdpBbuCmd -GetBbuStatus -aALL -NoLog
|
||||
nagios ALL = NOPASSWD: /sbin/ssacli controller all show status
|
||||
nagios ALL = NOPASSWD: /sbin/ssacli controller slot=0 logicaldrive all show
|
||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o blk
|
||||
nagios ALL = NOPASSWD: /usr/local/bin/mvcli info -o vd
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_gluster.rb
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
||||
|
7
nagios-nrpe/files/sudoers_jessie
Normal file
7
nagios-nrpe/files/sudoers_jessie
Normal file
|
@ -0,0 +1,7 @@
|
|||
nagios ALL = NOPASSWD: /usr/lib/nagios/plugins/check_procs
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_minifirewall
|
||||
nagios ALL = NOPASSWD: /usr/local/lib/nagios/plugins/check_haproxy_stats
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-jails
|
||||
nagios ALL = NOPASSWD: /usr/sbin/bkctld check-setup
|
||||
nagios ALL = (clamav) NOPASSWD: /usr/bin/clamscan /tmp/safe.txt
|
|
@ -1,34 +0,0 @@
|
|||
---
|
||||
# Install check-local utilitary
|
||||
|
||||
- name: Package nagios-nrpe-plugin is intalled
|
||||
ansible.builtin.apt:
|
||||
name: nagios-nrpe-plugin
|
||||
|
||||
- name: "Remount /usr if needed"
|
||||
ansible.builtin.include_role:
|
||||
name: remount-usr
|
||||
|
||||
- name: Utilitary check-local is installed
|
||||
ansible.builtin.copy:
|
||||
src: check-local
|
||||
dest: /usr/local/bin/check-local
|
||||
mode: "0755"
|
||||
|
||||
- name: Package bash-completion is installed
|
||||
ansible.builtin.apt:
|
||||
name: bash-completion
|
||||
|
||||
- name: Directory /etc/bash_completion.d exists
|
||||
ansible.builtin.file:
|
||||
path: '/etc/bash_completion.d'
|
||||
state: directory
|
||||
mode: '0644'
|
||||
|
||||
- name: Completion for utilitary check-local is installed
|
||||
ansible.builtin.copy:
|
||||
src: check-local_completion
|
||||
dest: /etc/bash_completion.d/check-local
|
||||
mode: "0755"
|
||||
|
||||
|
|
@ -91,6 +91,7 @@
|
|||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- ansible.builtin.include_tasks: wrapper.yml
|
||||
- ansible.builtin.include_tasks: sudoers.yml
|
||||
|
||||
- ansible.builtin.include_tasks: monitoringctl.yml
|
||||
|
||||
- ansible.builtin.include_tasks: check-local.yml
|
||||
|
|
167
nagios-nrpe/tasks/monitoringctl.yml
Normal file
167
nagios-nrpe/tasks/monitoringctl.yml
Normal file
|
@ -0,0 +1,167 @@
|
|||
---
|
||||
|
||||
### alerts_wrapper and alerts_switch section
|
||||
|
||||
- name: "check if old alerts_switch script is present"
|
||||
ansible.builtin.stat:
|
||||
path: /usr/share/scripts/alerts_switch
|
||||
register: old_alerts_switch
|
||||
|
||||
- name: "alerts_switch is at the right place"
|
||||
ansible.builtin.command:
|
||||
cmd: "mv /usr/share/scripts/alerts_switch /usr/local/bin/alerts_switch"
|
||||
args:
|
||||
creates: /usr/local/bin/alerts_switch
|
||||
when: old_alerts_switch.stat.exists
|
||||
|
||||
- name: "copy alerts_switch"
|
||||
ansible.builtin.copy:
|
||||
src: alerts_switch
|
||||
dest: /usr/local/bin/alerts_switch
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
force: true
|
||||
|
||||
- name: "alerts_switch symlink for backward compatibility"
|
||||
ansible.builtin.file:
|
||||
src: /usr/local/bin/alerts_switch
|
||||
path: /usr/share/scripts/alerts_switch
|
||||
state: link
|
||||
when: old_alerts_switch.stat.exists
|
||||
|
||||
- name: "is /etc/sudoers.d/nagios present ?"
|
||||
ansible.builtin.stat:
|
||||
path: /etc/sudoers.d/nagios
|
||||
register: is_sudoers_nagios_file
|
||||
|
||||
- ansible.builtin.set_fact:
|
||||
sudoers_file: "{{ '/etc/sudoers.d/nagios' if is_sudoers_nagios_file.stat.exists else '/etc/sudoers.d/evolinux' }}"
|
||||
|
||||
- name: "nagios user can run alerts_switch with sudo (used by alerts_wrapper)"
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ sudoers_file }}"
|
||||
regexp: "nagios.*alerts_switch"
|
||||
line: "nagios ALL = NOPASSWD:/usr/local/bin/alerts_switch *"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "640"
|
||||
validate: "visudo -c -f %s"
|
||||
|
||||
- name: "check if old alerts_wrapper script is present"
|
||||
ansible.builtin.stat:
|
||||
path: "{{ nagios_plugins_directory }}/alerts_wrapper"
|
||||
register: old_alerts_wrapper
|
||||
|
||||
- name: "alerts_wrapper is at the right place"
|
||||
ansible.builtin.command:
|
||||
cmd: "mv {{ nagios_plugins_directory }}/alerts_wrapper /usr/local/lib/monitoringctl/alerts_wrapper"
|
||||
creates: /usr/local/lib/monitoringctl/alerts_wrapper
|
||||
when: old_alerts_wrapper.stat.exists
|
||||
|
||||
- name: "copy alerts_wrapper"
|
||||
ansible.builtin.copy:
|
||||
src: alerts_wrapper
|
||||
dest: "/usr/local/lib/monitoringctl/alerts_wrapper"
|
||||
owner: root
|
||||
group: staff
|
||||
mode: "0755"
|
||||
force: true
|
||||
|
||||
- name: "alerts_wrapper symlink for backward compatibility"
|
||||
ansible.builtin.file:
|
||||
src: /usr/local/lib/monitoringctl/alerts_wrapper
|
||||
path: "{{ nagios_plugins_directory }}/alerts_wrapper"
|
||||
state: link
|
||||
when: old_alerts_wrapper.stat.exists
|
||||
|
||||
- name: "copy monitoringctl_common lib"
|
||||
ansible.builtin.copy:
|
||||
src: monitoringctl_common
|
||||
dest: /usr/local/lib/monitoringctl/common
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: true
|
||||
|
||||
|
||||
### monitoringctl section
|
||||
|
||||
- name: "Remount /usr if needed"
|
||||
ansible.builtin.include_role:
|
||||
name: remount-usr
|
||||
|
||||
- name: "package bash-completion is installed"
|
||||
ansible.builtin.apt:
|
||||
name: bash-completion
|
||||
|
||||
- name: "package nagios-nrpe-plugin is installed"
|
||||
ansible.builtin.apt:
|
||||
name: nagios-nrpe-plugin
|
||||
|
||||
- name: "directory /etc/bash_completion.d exists"
|
||||
ansible.builtin.file:
|
||||
path: '/etc/bash_completion.d'
|
||||
state: directory
|
||||
mode: '0644'
|
||||
|
||||
- name: "dir /usr/local/lib/monitoringctl/ exists"
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/lib/monitoringctl/
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: "dir /var/lib/monitoringctl/ exists"
|
||||
ansible.builtin.file:
|
||||
path: /var/lib/monitoringctl/
|
||||
state: directory
|
||||
mode: '0755'
|
||||
|
||||
- name: "monitoringctl is not in /usr/local/sbin/"
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/sbin/monitoringctl
|
||||
state: absent
|
||||
|
||||
- name: "copy monitoringctl"
|
||||
ansible.builtin.copy:
|
||||
src: monitoringctl
|
||||
dest: /usr/local/bin/monitoringctl
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
force: true
|
||||
|
||||
- name: "copy monitoringctl_common lib"
|
||||
ansible.builtin.copy:
|
||||
src: monitoringctl_common
|
||||
dest: /usr/local/lib/monitoringctl/common
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: true
|
||||
|
||||
- name: "copy monitoringctl_completion script"
|
||||
ansible.builtin.copy:
|
||||
src: monitoringctl_completion
|
||||
dest: /etc/bash_completion.d/monitoringctl
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
force: true
|
||||
|
||||
- name: "copy check-local (it's just a wrapper calling 'monitoringctl check' for backward compatibility)"
|
||||
ansible.builtin.copy:
|
||||
src: check-local
|
||||
dest: /usr/local/bin/check-local
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
force: true
|
||||
|
||||
- name: "copy completion for check-local"
|
||||
ansible.builtin.copy:
|
||||
src: check-local_completion
|
||||
dest: /etc/bash_completion.d/check-local
|
||||
mode: "0755"
|
||||
|
||||
|
28
nagios-nrpe/tasks/sudoers.yml
Normal file
28
nagios-nrpe/tasks/sudoers.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
- name: "/etc/sudoers.d presence and permissions"
|
||||
ansible.builtin.file:
|
||||
path: /etc/sudoers.d
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
state: directory
|
||||
|
||||
- name: "Copy nagios sudoers conf (Debian 9 Stretch and later)"
|
||||
ansible.builtin.copy:
|
||||
src: sudoers
|
||||
dest: /etc/sudoers.d/nagios
|
||||
mode: "0440"
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
register: copy_sudoers_evolinux
|
||||
when:
|
||||
- ansible_distribution_major_version is defined
|
||||
- ansible_distribution_major_version is version('9', '>=')
|
||||
|
||||
- name: "Copy nagios sudoers conf (Debian 8 Jessie) "
|
||||
ansible.builtin.copy:
|
||||
src: sudoers_jessie
|
||||
dest: /etc/sudoers.d/nagios
|
||||
mode: "0440"
|
||||
validate: '/usr/sbin/visudo -cf %s'
|
||||
register: copy_sudoers_evolinux
|
||||
when: ansible_distribution_release == "jessie"
|
|
@ -1,43 +0,0 @@
|
|||
---
|
||||
|
||||
|
||||
- name: "Remount /usr if needed"
|
||||
ansible.builtin.include_role:
|
||||
name: remount-usr
|
||||
|
||||
- name: check if old script is present
|
||||
ansible.builtin.stat:
|
||||
path: /usr/share/scripts/alerts_switch
|
||||
register: old_alerts_switch
|
||||
|
||||
- name: alerts_switch is at the right place
|
||||
ansible.builtin.command:
|
||||
cmd: "mv /usr/share/scripts/alerts_switch /usr/local/bin/alerts_switch"
|
||||
args:
|
||||
creates: /usr/local/bin/alerts_switch
|
||||
when: old_alerts_switch.stat.exists
|
||||
|
||||
- name: "copy alerts_switch"
|
||||
ansible.builtin.copy:
|
||||
src: alerts_switch
|
||||
dest: /usr/local/bin/alerts_switch
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
force: true
|
||||
|
||||
- name: "symlink for backward compatibility"
|
||||
ansible.builtin.file:
|
||||
src: /usr/local/bin/alerts_switch
|
||||
dest: /usr/share/scripts/alerts_switch
|
||||
state: link
|
||||
when: old_alerts_switch.stat.exists
|
||||
|
||||
- name: "copy alerts_wrapper"
|
||||
ansible.builtin.copy:
|
||||
src: alerts_wrapper
|
||||
dest: "{{ nagios_plugins_directory }}/alerts_wrapper"
|
||||
owner: root
|
||||
group: staff
|
||||
mode: "0755"
|
||||
force: true
|
|
@ -6,94 +6,101 @@
|
|||
# Allowed IPs
|
||||
allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
|
||||
|
||||
# System checks
|
||||
command[check_load]=/usr/lib/nagios/plugins/check_load --percpu --warning=0.7,0.6,0.5 --critical=0.9,0.8,0.7
|
||||
command[check_swap]=/usr/lib/nagios/plugins/check_swap -a -w 30% -c 20%
|
||||
command[check_disk1]=/usr/lib/nagios/plugins/check_disk -e -w 10% -c 3% -W 10% -K 3% -C -w 5% -c 2% -W 5% -K 2% -p /home -x /lib/init/rw -x /dev -x /dev/shm -x /run -I '^/run/' -I '^/sys/' -X overlay
|
||||
command[check_zombie_procs]=sudo /usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
|
||||
command[check_total_procs]=sudo /usr/lib/nagios/plugins/check_procs -w 400 -c 600
|
||||
command[check_users]=/usr/lib/nagios/plugins/check_users -w 5 -c 10
|
||||
# Default activated checks
|
||||
|
||||
# Generic services checks
|
||||
command[check_smtp]=/usr/lib/nagios/plugins/check_smtp -H localhost
|
||||
command[check_dns]=/usr/lib/nagios/plugins/check_dns -H evolix.net
|
||||
command[check_ntp]=/usr/lib/nagios/plugins/check_ntp -H {{ nagios_nrpe_ntp_server or nagios_nrpe_default_ntp_server | mandatory }}
|
||||
command[check_ssh]=/usr/lib/nagios/plugins/check_ssh localhost
|
||||
command[check_mailq]=/usr/lib/nagios/plugins/check_mailq -M postfix -w 10 -c 20
|
||||
## System checks
|
||||
command[check_disk1]=/usr/local/lib/monitoringctl/alerts_wrapper --name disk1 /usr/lib/nagios/plugins/check_disk -e -w 10% -c 3% -W 10% -K 3% -C -w 5% -c 2% -W 5% -K 2% -p /home -x /lib/init/rw -x /dev -x /dev/shm -x /run -I '^/run/' -I '^/sys/' -X overlay
|
||||
command[check_load]=/usr/local/lib/monitoringctl/alerts_wrapper --name load /usr/lib/nagios/plugins/check_load --percpu --warning=0.7,0.6,0.5 --critical=0.9,0.8,0.7
|
||||
command[check_mem]=/usr/local/lib/monitoringctl/alerts_wrapper --name mem {{ nagios_plugins_directory }}/check_mem -f -C -w 20 -c 10
|
||||
command[check_pressure_cpu]=/usr/local/lib/monitoringctl/alerts_wrapper --name pressure_cpu /usr/lib/nagios/plugins/check_pressure --cpu -w 100000 -c 500000
|
||||
command[check_pressure_mem]=/usr/local/lib/monitoringctl/alerts_wrapper --name pressure_mem /usr/lib/nagios/plugins/check_pressure --mem --full -w 100000 -c 500000
|
||||
command[check_pressure_io]=/usr/local/lib/monitoringctl/alerts_wrapper --name pressure_io /usr/lib/nagios/plugins/check_pressure --io --full -w 100000 -c 500000
|
||||
command[check_swap]=/usr/local/lib/monitoringctl/alerts_wrapper --name swap /usr/lib/nagios/plugins/check_swap -a -w 30% -c 20%
|
||||
command[check_total_procs]=/usr/local/lib/monitoringctl/alerts_wrapper --name total_procs sudo /usr/lib/nagios/plugins/check_procs -w 400 -c 600
|
||||
command[check_users]=/usr/local/lib/monitoringctl/alerts_wrapper --name users /usr/lib/nagios/plugins/check_users -w 5 -c 10
|
||||
command[check_zombie_procs]=/usr/local/lib/monitoringctl/alerts_wrapper --name zombie_procs sudo /usr/lib/nagios/plugins/check_procs -w 5 -c 10 -s Z
|
||||
|
||||
# Specific services checks
|
||||
command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p '{{ nagios_nrpe_pgsql_passwd }}'
|
||||
command[check_mysql]=/usr/lib/nagios/plugins/check_mysql -H localhost -f ~nagios/.my.cnf
|
||||
command[check_mysql_slave]=/usr/lib/nagios/plugins/check_mysql --check-slave -H localhost -f ~nagios/.my.cnf -w 1800 -c 3600
|
||||
command[check_ldap]=/usr/lib/nagios/plugins/check_ldap -3 --extra-opts=@/etc/nagios/monitoring-plugins.ini
|
||||
command[check_ldaps]=/usr/lib/nagios/plugins/check_ldap -3 -T --extra-opts=@/etc/nagios/monitoring-plugins.ini
|
||||
command[check_imap]=/usr/lib/nagios/plugins/check_imap -H localhost
|
||||
command[check_imaps]=/usr/lib/nagios/plugins/check_imap -S -H localhost -p 993
|
||||
command[check_imapproxy]=/usr/lib/nagios/plugins/check_imap -H localhost -p 1143
|
||||
command[check_pop]=/usr/lib/nagios/plugins/check_pop -H localhost
|
||||
command[check_pops]=/usr/lib/nagios/plugins/check_pop -S -H localhost -p 995
|
||||
command[check_ftp]=/usr/lib/nagios/plugins/check_ftp -H localhost
|
||||
command[check_http]=/usr/lib/nagios/plugins/check_http -e 301 -I 127.0.0.1 -H localhost
|
||||
command[check_https]=/usr/lib/nagios/plugins/check_http -e 401,403 -I 127.0.0.1 -S -p 443 --sni -H ssl.evolix.net
|
||||
command[check_bind]=/usr/lib/nagios/plugins/check_dig -l evolix.net -H localhost
|
||||
command[check_unbound]=/usr/lib/nagios/plugins/check_dig -l evolix.net -H localhost
|
||||
command[check_smb]=/usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 445
|
||||
command[check_tse]=/usr/lib/nagios/plugins/check_tcp -H TSEADDR -p 3389
|
||||
command[check_jboss-http]=/usr/lib/nagios/plugins/check_tcp -p 8080
|
||||
command[check_jboss-ajp13]=/usr/lib/nagios/plugins/check_tcp -p 8009
|
||||
command[check_tomcat-http]=/usr/lib/nagios/plugins/check_tcp -p 8080
|
||||
command[check_tomcat-ajp13]=/usr/lib/nagios/plugins/check_tcp -p 8009
|
||||
command[check_proxy]=/usr/lib/nagios/plugins/check_http -H {{ nagios_nrpe_check_proxy_host }}
|
||||
command[check_redis]=/usr/lib/nagios/plugins/check_tcp -p 6379
|
||||
command[check_clamd]=/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl -v
|
||||
command[check_clamav_db]=/usr/lib/nagios/plugins/check_file_age -w 86400 -c 172800 -f /var/lib/clamav/daily.cld
|
||||
command[check_ssl]=/usr/lib/nagios/plugins/check_http -f follow -I 127.0.0.1 -S -p 443 -H ssl.evolix.net -C 15,5
|
||||
command[check_elasticsearch]=/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /_cat/health?h=st -p 9200 -r 'red' --invert-regex
|
||||
command[check_memcached]=/usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 11211
|
||||
command[check_opendkim]=/usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 8891
|
||||
command[check_bkctld_setup]=sudo /usr/sbin/bkctld check-setup
|
||||
command[check_bkctld_jails]=sudo /usr/sbin/bkctld check-jails
|
||||
# "check_bkctld" is here as backward compatibility, but is replaced by "check_bkctld_jails"
|
||||
command[check_bkctld]=sudo /usr/sbin/bkctld check
|
||||
command[check_postgrey]=/usr/lib/nagios/plugins/check_tcp -p10023
|
||||
command[check_influxdb]=/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /health -p 8086 -r '"status":"pass"'
|
||||
command[check_dhcpd]=/usr/lib/nagios/plugins/check_procs -c1:1 -C dhcpd -t 60
|
||||
command[check_ipmi_sensors]=sudo /usr/lib/nagios/plugins/check_ipmi_sensor
|
||||
command[check_raid_status]=/usr/lib/nagios/plugins/check_raid
|
||||
command[check_dockerd]=/usr/lib/nagios/plugins/check_tcp -H /var/run/docker.sock --escape -s "GET /_ping HTTP/1.1\nHost: http\n\n" -e OK
|
||||
## Generic services checks
|
||||
command[check_dns]=/usr/local/lib/monitoringctl/alerts_wrapper --name dns /usr/lib/nagios/plugins/check_dns -H evolix.net
|
||||
command[check_mailq]=/usr/local/lib/monitoringctl/alerts_wrapper --name mailq /usr/lib/nagios/plugins/check_mailq -M postfix -w 10 -c 20
|
||||
command[check_ntp]=/usr/local/lib/monitoringctl/alerts_wrapper --name ntp /usr/lib/nagios/plugins/check_ntp -H {{ nagios_nrpe_ntp_server or nagios_nrpe_default_ntp_server | mandatory }}
|
||||
command[check_smtp]=/usr/local/lib/monitoringctl/alerts_wrapper --name smtp /usr/lib/nagios/plugins/check_smtp -H localhost
|
||||
command[check_ssh]=/usr/local/lib/monitoringctl/alerts_wrapper --name ssh /usr/lib/nagios/plugins/check_ssh localhost
|
||||
|
||||
# Local checks (not packaged)
|
||||
command[check_mem]={{ nagios_plugins_directory }}/check_mem -f -C -w 20 -c 10
|
||||
command[check_amavis]={{ nagios_plugins_directory }}/check_amavis --server 127.0.0.1 --from {{ nagios_nrpe_amavis_from }} --to postmaster@localhost --port 10024
|
||||
command[check_spamd]={{ nagios_plugins_directory }}/check_spamd -H 127.0.0.1
|
||||
command[check_nfsclient]=sudo -u www-data {{ nagios_plugins_directory }}/check_nfsclient
|
||||
command[check_evobackup]={{ nagios_plugins_directory }}/check_evobackup
|
||||
command[check_process]={{ nagios_plugins_directory }}/check_process {{ nagios_nrpe_processes | join(' ') }}
|
||||
command[check_drbd]={{ nagios_plugins_directory }}/check_drbd -d All -c StandAlone
|
||||
command[check_mongodb_connect]={{ nagios_plugins_directory }}/check_mongodb -H localhost -P27017 -A connect
|
||||
command[check_glusterfs]={{ nagios_plugins_directory }}/check_glusterfs -v all -n 0
|
||||
command[check_supervisord_status]={{ nagios_plugins_directory }}/check_supervisord
|
||||
command[check_varnish]={{ nagios_plugins_directory }}/check_varnish_health -i 127.0.0.1 -p 6082 -s /etc/varnish/secret -w 2 -c 4
|
||||
command[check_haproxy]=sudo {{ nagios_plugins_directory }}/check_haproxy_stats -s /run/haproxy/admin.sock -w 80 -c 90 --ignore-maint --ignore-nolb --ignore-drain
|
||||
command[check_minifirewall]=sudo {{ nagios_plugins_directory }}/check_minifirewall
|
||||
command[check_redis_instances]={{ nagios_plugins_directory }}/check_redis_instances
|
||||
command[check_sentinel]=sudo {{ nagios_plugins_directory }}/check_sentinel -c /etc/redis/sentinel.conf
|
||||
command[check_hpraid]={{ nagios_plugins_directory }}/check_hpraid
|
||||
command[check_php-fpm]={{ nagios_plugins_directory }}/check_phpfpm_multi
|
||||
command[check_php-fpm56]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php56/rootfs/etc/php5/fpm/pool.d/
|
||||
command[check_php-fpm70]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php70/rootfs/etc/php/7.0/fpm/pool.d/
|
||||
command[check_php-fpm73]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php73/rootfs/etc/php/7.3/fpm/pool.d/
|
||||
command[check_php-fpm74]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php74/rootfs/etc/php/7.4/fpm/pool.d/
|
||||
command[check_php-fpm80]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/
|
||||
command[check_php-fpm81]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/
|
||||
command[check_php-fpm82]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/
|
||||
command[check_php-fpm83]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/
|
||||
command[check_dhcp_pool]={{ nagios_plugins_directory }}/check_dhcp_pool
|
||||
command[check_ssl_local]={{ nagios_plugins_directory }}/check_ssl_local
|
||||
command[check_pressure_cpu]=/usr/lib/nagios/plugins/check_pressure --cpu -w 100000 -c 500000
|
||||
command[check_pressure_mem]=/usr/lib/nagios/plugins/check_pressure --mem --full -w 100000 -c 500000
|
||||
command[check_pressure_io]=/usr/lib/nagios/plugins/check_pressure --io --full -w 100000 -c 500000
|
||||
## Local checks (not packaged)
|
||||
command[check_minifirewall]=/usr/local/lib/monitoringctl/alerts_wrapper --name minifirewall sudo {{ nagios_plugins_directory }}/check_minifirewall
|
||||
|
||||
|
||||
# Optionnal checks
|
||||
|
||||
## Specific services checks
|
||||
#command[check_pgsql]=/usr/local/lib/monitoringctl/alerts_wrapper --name pgsql /usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p '{{ nagios_nrpe_pgsql_passwd }}'
|
||||
#command[check_mysql]=/usr/local/lib/monitoringctl/alerts_wrapper --name mysql /usr/lib/nagios/plugins/check_mysql -H localhost -f ~nagios/.my.cnf
|
||||
#command[check_mysql_slave]=/usr/local/lib/monitoringctl/alerts_wrapper --name mysql_slave /usr/lib/nagios/plugins/check_mysql --check-slave -H localhost -f ~nagios/.my.cnf -w 1800 -c 3600
|
||||
#command[check_ldap]=/usr/local/lib/monitoringctl/alerts_wrapper --name ldap /usr/lib/nagios/plugins/check_ldap -3 --extra-opts=@/etc/nagios/monitoring-plugins.ini
|
||||
#command[check_ldaps]=/usr/local/lib/monitoringctl/alerts_wrapper --name ldaps /usr/lib/nagios/plugins/check_ldap -3 -T --extra-opts=@/etc/nagios/monitoring-plugins.ini
|
||||
#command[check_imap]=/usr/local/lib/monitoringctl/alerts_wrapper --name imap /usr/lib/nagios/plugins/check_imap -H localhost
|
||||
#command[check_imaps]=/usr/local/lib/monitoringctl/alerts_wrapper --name imaps /usr/lib/nagios/plugins/check_imap -S -H localhost -p 993
|
||||
#command[check_imapproxy]=/usr/local/lib/monitoringctl/alerts_wrapper --name imapproxy /usr/lib/nagios/plugins/check_imap -H localhost -p 1143
|
||||
#command[check_pop]=/usr/local/lib/monitoringctl/alerts_wrapper --name pop /usr/lib/nagios/plugins/check_pop -H localhost
|
||||
#command[check_pops]=/usr/local/lib/monitoringctl/alerts_wrapper --name pops /usr/lib/nagios/plugins/check_pop -S -H localhost -p 995
|
||||
#command[check_ftp]=/usr/local/lib/monitoringctl/alerts_wrapper --name ftp /usr/lib/nagios/plugins/check_ftp -H localhost
|
||||
#command[check_http]=/usr/local/lib/monitoringctl/alerts_wrapper --name http /usr/lib/nagios/plugins/check_http -e 301 -I 127.0.0.1 -H localhost
|
||||
#command[check_https]=/usr/local/lib/monitoringctl/alerts_wrapper --name https /usr/lib/nagios/plugins/check_http -e 401,403 -I 127.0.0.1 -S -p 443 --sni -H ssl.evolix.net
|
||||
#command[check_bind]=/usr/local/lib/monitoringctl/alerts_wrapper --name bind /usr/lib/nagios/plugins/check_dig -l evolix.net -H localhost
|
||||
#command[check_unbound]=/usr/local/lib/monitoringctl/alerts_wrapper --name unbound /usr/lib/nagios/plugins/check_dig -l evolix.net -H localhost
|
||||
#command[check_smb]=/usr/local/lib/monitoringctl/alerts_wrapper --name smb /usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 445
|
||||
#command[check_tse]=/usr/local/lib/monitoringctl/alerts_wrapper --name tse /usr/lib/nagios/plugins/check_tcp -H TSEADDR -p 3389
|
||||
#command[check_jboss-http]=/usr/local/lib/monitoringctl/alerts_wrapper --name jboss-http /usr/lib/nagios/plugins/check_tcp -p 8080
|
||||
#command[check_jboss-ajp13]=/usr/local/lib/monitoringctl/alerts_wrapper --name jboss-ajp13 /usr/lib/nagios/plugins/check_tcp -p 8009
|
||||
#command[check_tomcat-http]=/usr/local/lib/monitoringctl/alerts_wrapper --name tomcat-http /usr/lib/nagios/plugins/check_tcp -p 8080
|
||||
#command[check_tomcat-ajp13]=/usr/local/lib/monitoringctl/alerts_wrapper --name tomcat-ajp13 /usr/lib/nagios/plugins/check_tcp -p 8009
|
||||
#command[check_proxy]=/usr/local/lib/monitoringctl/alerts_wrapper --name proxy /usr/lib/nagios/plugins/check_http -H {{ nagios_nrpe_check_proxy_host }}
|
||||
#command[check_redis]=/usr/local/lib/monitoringctl/alerts_wrapper --name redis /usr/lib/nagios/plugins/check_tcp -p 6379
|
||||
#command[check_clamd]=/usr/local/lib/monitoringctl/alerts_wrapper --name clamd /usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl -v
|
||||
#command[check_clamav_db]=/usr/local/lib/monitoringctl/alerts_wrapper --name clamav_db /usr/lib/nagios/plugins/check_file_age -w 86400 -c 172800 -f /var/lib/clamav/daily.cld
|
||||
#command[check_ssl]=/usr/local/lib/monitoringctl/alerts_wrapper --name ssl /usr/lib/nagios/plugins/check_http -f follow -I 127.0.0.1 -S -p 443 -H ssl.evolix.net -C 15,5
|
||||
#command[check_elasticsearch]=/usr/local/lib/monitoringctl/alerts_wrapper --name elasticsearch /usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /_cat/health?h=st -p 9200 -r 'red' --invert-regex
|
||||
#command[check_memcached]=/usr/local/lib/monitoringctl/alerts_wrapper --name memcached /usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 11211
|
||||
#command[check_opendkim]=/usr/local/lib/monitoringctl/alerts_wrapper --name opendkim /usr/lib/nagios/plugins/check_tcp -H 127.0.0.1 -p 8891
|
||||
#command[check_bkctld_setup]=/usr/local/lib/monitoringctl/alerts_wrapper --name bkctld_setup sudo /usr/sbin/bkctld check-setup
|
||||
#command[check_bkctld_jails]=/usr/local/lib/monitoringctl/alerts_wrapper --name bkctld_jails sudo /usr/sbin/bkctld check-jails
|
||||
## "check_bkctld" is here as backward compatibility, but is replaced by "check_bkctld_jails"
|
||||
#command[check_bkctld]=/usr/local/lib/monitoringctl/alerts_wrapper --name bkctld sudo /usr/sbin/bkctld check
|
||||
#command[check_postgrey]=/usr/local/lib/monitoringctl/alerts_wrapper --name postgrey /usr/lib/nagios/plugins/check_tcp -p10023
|
||||
#command[check_influxdb]=/usr/local/lib/monitoringctl/alerts_wrapper --name influxdb /usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /health -p 8086 -r '"status":"pass"'
|
||||
#command[check_dhcpd]=/usr/local/lib/monitoringctl/alerts_wrapper --name dhcpd /usr/lib/nagios/plugins/check_procs -c1:1 -C dhcpd -t 60
|
||||
#command[check_ipmi_sensors]=/usr/local/lib/monitoringctl/alerts_wrapper --name ipmi_sensors sudo /usr/lib/nagios/plugins/check_ipmi_sensor
|
||||
#command[check_raid_status]=/usr/local/lib/monitoringctl/alerts_wrapper --name raid_status /usr/lib/nagios/plugins/check_raid
|
||||
#command[check_dockerd]=/usr/local/lib/monitoringctl/alerts_wrapper --name dockerd /usr/lib/nagios/plugins/check_tcp -H /var/run/docker.sock --escape -s "GET /_ping HTTP/1.1\nHost: http\n\n" -e OK
|
||||
|
||||
## Local checks (not packaged)
|
||||
#command[check_amavis]=/usr/local/lib/monitoringctl/alerts_wrapper --name amavis {{ nagios_plugins_directory }}/check_amavis --server 127.0.0.1 --from {{ nagios_nrpe_amavis_from }} --to postmaster@localhost --port 10024
|
||||
#command[check_spamd]=/usr/local/lib/monitoringctl/alerts_wrapper --name spamd {{ nagios_plugins_directory }}/check_spamd -H 127.0.0.1
|
||||
#command[check_nfsclient]=/usr/local/lib/monitoringctl/alerts_wrapper --name nfsclient sudo -u www-data {{ nagios_plugins_directory }}/check_nfsclient
|
||||
#command[check_evobackup]=/usr/local/lib/monitoringctl/alerts_wrapper --name evobackup {{ nagios_plugins_directory }}/check_evobackup
|
||||
#command[check_process]=/usr/local/lib/monitoringctl/alerts_wrapper --name process {{ nagios_plugins_directory }}/check_process {{ nagios_nrpe_processes | join(' ') }}
|
||||
#command[check_drbd]=/usr/local/lib/monitoringctl/alerts_wrapper --name drbd {{ nagios_plugins_directory }}/check_drbd -d All -c StandAlone
|
||||
#command[check_mongodb_connect]=/usr/local/lib/monitoringctl/alerts_wrapper --name mongodb_connect {{ nagios_plugins_directory }}/check_mongodb -H localhost -P27017 -A connect
|
||||
#command[check_glusterfs]=/usr/local/lib/monitoringctl/alerts_wrapper --name glusterfs {{ nagios_plugins_directory }}/check_glusterfs -v all -n 0
|
||||
#command[check_supervisord_status]=/usr/local/lib/monitoringctl/alerts_wrapper --name supervisord_status {{ nagios_plugins_directory }}/check_supervisord
|
||||
#command[check_varnish]=/usr/local/lib/monitoringctl/alerts_wrapper --name varnish {{ nagios_plugins_directory }}/check_varnish_health -i 127.0.0.1 -p 6082 -s /etc/varnish/secret -w 2 -c 4
|
||||
#command[check_haproxy]=/usr/local/lib/monitoringctl/alerts_wrapper --name haproxy sudo {{ nagios_plugins_directory }}/check_haproxy_stats -s /run/haproxy/admin.sock -w 80 -c 90 --ignore-maint --ignore-nolb --ignore-drain
|
||||
#command[check_redis_instances]=/usr/local/lib/monitoringctl/alerts_wrapper --name redis_instances {{ nagios_plugins_directory }}/check_redis_instances
|
||||
#command[check_sentinel]=/usr/local/lib/monitoringctl/alerts_wrapper --name sentinel sudo {{ nagios_plugins_directory }}/check_sentinel -c /etc/redis/sentinel.conf
|
||||
#command[check_hpraid]=/usr/local/lib/monitoringctl/alerts_wrapper --name hpraid {{ nagios_plugins_directory }}/check_hpraid
|
||||
#command[check_php-fpm]=/usr/local/lib/monitoringctl/alerts_wrapper --name php-fpm {{ nagios_plugins_directory }}/check_phpfpm_multi
|
||||
#command[check_php-fpm56]=/usr/local/lib/monitoringctl/alerts_wrapper --name php-fpm56 sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php56/rootfs/etc/php5/fpm/pool.d/
|
||||
#command[check_php-fpm70]=/usr/local/lib/monitoringctl/alerts_wrapper --name php-fpm70 sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php70/rootfs/etc/php/7.0/fpm/pool.d/
|
||||
#command[check_php-fpm73]=/usr/local/lib/monitoringctl/alerts_wrapper --name php-fpm73 sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php73/rootfs/etc/php/7.3/fpm/pool.d/
|
||||
#command[check_php-fpm74]=/usr/local/lib/monitoringctl/alerts_wrapper --name php-fpm74 sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php74/rootfs/etc/php/7.4/fpm/pool.d/
|
||||
#command[check_php-fpm80]=/usr/local/lib/monitoringctl/alerts_wrapper --name php-fpm80 sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/
|
||||
#command[check_php-fpm81]=/usr/local/lib/monitoringctl/alerts_wrapper --name php-fpm81 sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/
|
||||
#command[check_php-fpm82]=/usr/local/lib/monitoringctl/alerts_wrapper --name php-fpm82 sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php82/rootfs/etc/php/8.2/fpm/pool.d/
|
||||
#command[check_php-fpm83]=/usr/local/lib/monitoringctl/alerts_wrapper --name php-fpm83 sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php83/rootfs/etc/php/8.3/fpm/pool.d/
|
||||
#command[check_dhcp_pool]=/usr/local/lib/monitoringctl/alerts_wrapper --name dhcp_pool {{ nagios_plugins_directory }}/check_dhcp_pool
|
||||
#command[check_ssl_local]=/usr/local/lib/monitoringctl/alerts_wrapper --name ssl_local {{ nagios_plugins_directory }}/check_ssl_local
|
||||
|
||||
# Check HTTP "many". Use this to check many websites (http, https, ports, sockets and SSL certificates).
|
||||
# Beware! All checks must not take more than 10s!
|
||||
#command[check_https]={{ nagios_plugins_directory }}/check_http_many
|
||||
#command[check_https]=/usr/local/lib/monitoringctl/alerts_wrapper --name https {{ nagios_plugins_directory }}/check_http_many
|
||||
|
|
|
@ -201,7 +201,7 @@
|
|||
ansible.builtin.lineinfile:
|
||||
dest: "/etc/nagios/nrpe.d/evolix.cfg"
|
||||
regexp: '^command\[check_openvpn\]='
|
||||
line: "command[check_openvpn]=/usr/local/lib/nagios/plugins/check_openvpn -H 127.0.0.1 -p 1195 -P {{ management_pwd }}"
|
||||
line: "command[check_openvpn]=/usr/local/lib/monitoringctl/alerts_wrapper --name openvpn /usr/local/lib/nagios/plugins/check_openvpn -H 127.0.0.1 -p 1195 -P {{ management_pwd }}"
|
||||
notify: restart nagios-nrpe-server
|
||||
when: nrpe_evolix_config.stat.exists
|
||||
|
||||
|
@ -233,7 +233,7 @@
|
|||
ansible.builtin.lineinfile:
|
||||
dest: "/etc/nagios/nrpe.d/evolix.cfg"
|
||||
regexp: '^command\[check_openvpn_certificates\]='
|
||||
line: "command[check_openvpn_certificates]=sudo /usr/local/lib/nagios/plugins/check_openvpn_certificates.sh"
|
||||
line: "command[check_openvpn_certificates]=/usr/local/lib/monitoringctl/alerts_wrapper --name openvpn_certificates sudo /usr/local/lib/nagios/plugins/check_openvpn_certificates.sh"
|
||||
notify: restart nagios-nrpe-server
|
||||
when: nrpe_evolix_config.stat.exists
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@
|
|||
ansible.builtin.lineinfile:
|
||||
name: /etc/nagios/nrpe.d/evolix.cfg
|
||||
regexp: '^command\[check_pgsql\]='
|
||||
line: 'command[check_pgsql]=/usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{ postgresql_nrpe_password.stdout }}"'
|
||||
line: 'command[check_pgsql]=/usr/local/lib/monitoringctl/alerts_wrapper --name pgsql /usr/lib/nagios/plugins/check_pgsql -H localhost -l nrpe -p "{{ postgresql_nrpe_password.stdout }}"'
|
||||
notify: restart nagios-nrpe-server
|
||||
when: postgresql_create_nrpe_user is changed
|
||||
when: nrpe_evolix_config.stat.exists
|
||||
|
|
|
@ -40,7 +40,7 @@
|
|||
ansible.builtin.lineinfile:
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
regexp: 'command\[check_rab_connection_count\]'
|
||||
line: 'command[check_rab_connection_count]=sudo /usr/local/lib/nagios/plugins/check_rabbitmq -a connection_count -C {{ rabbitmq_connections_critical }} -W {{ rabbitmq_connections_warning }}'
|
||||
line: 'command[check_rab_connection_count]=/usr/local/lib/monitoringctl/alerts_wrapper --name rab_connection_count sudo /usr/local/lib/nagios/plugins/check_rabbitmq -a connection_count -C {{ rabbitmq_connections_critical }} -W {{ rabbitmq_connections_warning }}'
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: sudo without password for nagios
|
||||
|
|
|
@ -60,7 +60,7 @@
|
|||
ansible.builtin.replace:
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
regexp: '^command\[check_redis\]=.+'
|
||||
replace: 'command[check_redis]=sudo {{ redis_check_redis_path }} -H {{ redis_bind_interfaces | first }} -p {{ redis_port }}'
|
||||
replace: 'command[check_redis]=/usr/local/lib/monitoringctl/alerts_wrapper --name redis sudo {{ redis_check_redis_path }} -H {{ redis_bind_interfaces | first }} -p {{ redis_port }}'
|
||||
when: redis_instance_name is undefined
|
||||
notify: restart nagios-nrpe-server
|
||||
tags:
|
||||
|
@ -99,7 +99,7 @@
|
|||
ansible.builtin.replace:
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
regexp: '^command\[check_redis\]=.+'
|
||||
replace: 'command[check_redis]=sudo /usr/local/lib/nagios/plugins/check_redis_instances'
|
||||
replace: 'command[check_redis]=/usr/local/lib/monitoringctl/alerts_wrapper --name redis sudo /usr/local/lib/nagios/plugins/check_redis_instances'
|
||||
when: redis_instance_name is defined
|
||||
notify: restart nagios-nrpe-server
|
||||
tags:
|
||||
|
|
Loading…
Reference in a new issue