Browse Source

Merge branch 'jessie-dev' into jessie

listupgrades-exit-codes 8.3
Benoît S. 5 years ago
parent
commit
19543f43b7
  1. 1
      .gitignore
  2. 35
      src/evolinux.sh
  3. 53
      src/files/etc/cron.monthly/mysqltuner
  4. 2
      src/files/etc/fail2ban/filter.d/apache-joomla.conf
  5. 2
      src/files/etc/fail2ban/filter.d/apache-owncloud.conf
  6. 2
      src/files/etc/fail2ban/filter.d/apache-prestashop.conf
  7. 3
      src/files/etc/fail2ban/filter.d/apache-wp.conf
  8. 8
      src/files/etc/fail2ban/jail.d/apache-joomla-hard.local
  9. 8
      src/files/etc/fail2ban/jail.d/apache-joomla-soft.local
  10. 8
      src/files/etc/fail2ban/jail.d/apache-owncloud-hard.local
  11. 8
      src/files/etc/fail2ban/jail.d/apache-prestashop-hard.local
  12. 8
      src/files/etc/fail2ban/jail.d/apache-prestashop-soft.local
  13. 8
      src/files/etc/fail2ban/jail.d/apache-wp-hard.local
  14. 8
      src/files/etc/fail2ban/jail.d/apache-wp-soft.local
  15. 6
      src/files/etc/fail2ban/jail.d/courierauth.local
  16. 6
      src/files/etc/fail2ban/jail.d/couriersmtp.local
  17. 6
      src/files/etc/fail2ban/jail.d/dovecot-evolix.local
  18. 6
      src/files/etc/fail2ban/jail.d/postfix.local
  19. 7
      src/files/etc/fail2ban/jail.d/proftpd.local
  20. 6
      src/files/etc/fail2ban/jail.d/sasl-evolix.local
  21. 7
      src/files/etc/fail2ban/jail.d/ssh.local
  22. 54
      src/files/etc/fail2ban/jail.local
  23. 11
      src/files/etc/nagios/nrpe.d/evolix.cfg
  24. 9
      src/files/etc/squid3/whitelist.conf
  25. BIN
      src/files/usr/local/bin/pg_test_fsync
  26. BIN
      src/files/usr/local/bin/pg_test_fsync32
  27. 456
      src/files/usr/local/lib/nagios/plugins/check_drbd
  28. 150
      src/files/usr/local/lib/nagios/plugins/check_glusterfs
  29. 84
      src/files/usr/local/lib/nagios/plugins/check_http_many
  30. 0
      src/files/usr/local/lib/nagios/plugins/check_process
  31. 2
      src/files/usr/local/lib/nagios/plugins/check_supervisord
  32. 2
      src/files/var/www/index.html
  33. 11
      src/functions.sh
  34. 1
      src/modules/00_prepare_system.sh
  35. 3
      src/modules/01_install_tools.sh
  36. 1
      src/modules/01_kernel_tuning.sh
  37. 1
      src/modules/01_system_settings.sh
  38. 2
      src/modules/02_admin_accounts.sh
  39. 1
      src/modules/03_install_postfix.sh
  40. 7
      src/modules/04_install_munin.sh
  41. 1
      src/modules/05_install_minifw.sh
  42. 1
      src/modules/06_install_evomaintenance.sh
  43. 1
      src/modules/07_install_nagios_nrpe.sh
  44. 1
      src/modules/08_install_mariadb.sh
  45. 1
      src/modules/08_install_mysql.sh
  46. 1
      src/modules/09_install_proftpd.sh
  47. 3
      src/modules/10_install_evopackweb.sh
  48. 1
      src/modules/10_install_evopackweb_nginx_phpfpm.sh
  49. 1
      src/modules/11_install_squid.sh
  50. 1
      src/modules/12_install_evopackmail.sh
  51. 3
      src/modules/13_install_fail2ban.sh
  52. 1
      src/modules/14_install_evopackproxy.sh
  53. 1
      src/modules/15_install_evopackbackup.sh
  54. 178
      src/modules/97_benchmark.sh
  55. 7
      src/modules/98_last_things_to_do.sh
  56. 3
      src/modules/99_display_informations.sh

1
.gitignore

@ -4,3 +4,4 @@ serveur-base/build-stamp
serveur-base/debian/serveur-base*
serveur-base/debian/files
src/upstream/*
*~

35
src/evolinux.sh

@ -9,7 +9,8 @@
#
# Evolinux is a customization of Debian used by Evolix.
moduleslist="/tmp/evolinux-installer.modules"
stderr="/tmp/evolinux.err"
export STDERR="/tmp/evolinux.err"
mkdir -p /var/log/evolinux
. functions.sh
export LC_ALL=C
@ -39,11 +40,19 @@ if [[ ! -f /usr/bin/whiptail ]]; then
warn 'Whiptail not detected! Installing...'
installpkg whiptail
fi
if [[ ! -f /usr/bin/script ]]; then
warn 'Script tool not detected! Installing...'
installpkg bsdutils
fi
if [[ "$TERM" != "screen" ]]; then
warn '/!\ WARNING: It is recommended to launch EvoLinux installer in a screen /!\'
sleep 1
fi
warn '/!\ WARNING: Be sure to have downloaded the last version of EvoLinux installer /!\'
sleep 1
cat <<EOT
Hello! It is recommended to launch this script with "script" command to log all
the output (e.g script -c /root/install-evolinux.sh -t 2> /var/log/install-evolinux.ts /var/log/install-evolinux.log).
It is also recommended to use screen in case of anything goes wrong!
Hello!
It is recommended to use screen in case of anything goes wrong!
If OK, choose your mode:
EOT
@ -77,22 +86,26 @@ done
for module in ${INSTALLER_PATH}/modules/[0-9][0-9]_*.sh; do
echo "${module##${INSTALLER_PATH}/modules/} desc on" >> $moduleslist
done
whiptail --checklist "Modules to execute?" 20 60 12 \
$(cat $moduleslist | tr -s '\n' ' ') --separate-output 2>$moduleslist
for module in $(cat $moduleslist | tr -s '\n' ' '); do
if ($DEBUG); then
bash -x "${INSTALLER_PATH}/modules/${module}" 2>>$stderr
bash -x "${INSTALLER_PATH}/modules/${module}"
else
bash "${INSTALLER_PATH}/modules/${module}" 2>>$stderr
script -c "${INSTALLER_PATH}/modules/${module}" \
--timing="/var/log/evolinux/${module%%.sh}.ts" \
"/var/log/evolinux/${module%%.sh}.log"
fi
# Workaround for #1606 linked to
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797071
# Do some cleaning of stderr common messages.
sed -i '/Extracting templates from packages/d' $stderr
sed -i '/mount: \/usr is busy/d' $stderr
if [ -s $stderr ]; then
sed -i '/Extracting templates from packages/d' $STDERR
sed -i '/mount: \/usr is busy/d' $STDERR
if [ -s $STDERR ]; then
echo -e "\n\n\n\n\n${RED}"
cat $stderr
cat $STDERR
critical "Error detected in module ${module}! Continue? (N/y)"
read
if [ "$REPLY" = "y" ]; then
@ -102,7 +115,7 @@ for module in $(cat $moduleslist | tr -s '\n' ' '); do
exit 1
fi
fi
rm $stderr
rm $STDERR
done
# Enabling auto remount for apt invoke options.

53
src/files/etc/cron.monthly/mysqltuner

@ -1,7 +1,50 @@
#!/bin/bash
set -e
export TERM=screen
/usr/bin/mysqltuner | aha > /var/www/mysqlreport.html
chmod 644 /var/www/mysqlreport.html
mutt -s "Optimization report for MySQL - $(hostname)" \
-a /var/www/mysqlreport.html -- alert3@evolix.fr <<< "See attached report."
mem=$(free -m | grep Mem: | tr -s ' ' | cut -d ' ' -f2)
swap=$(free -m | grep Swap: | tr -s ' ' | cut -d ' ' -f2)
template=$(mktemp --tmpdir=/tmp evomysqltuner.XXX)
body=$(mktemp --tmpdir=/tmp evomysqltuner.XXX)
clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2)
hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2)
hostname=${hostname%%.evolix.net}
# If hostname is composed with -, remove the first part.
if [[ $hostname =~ "-" ]]; then
hostname=$(echo $hostname | cut -d'-' -f2-)
fi
# Remove temporary files on exit.
trap "rm $template $body" EXIT
# Add port here if you have more than one instance!
instances="3306"
for instance in $instances; do
mysqltuner --port $instance --host 127.0.0.1 --forcemem $mem --forceswap $swap \
| aha > /var/www/mysqlreport_${instance}.html
cat << EOT > $template
Content-Type: text/plain; charset="utf-8"
Reply-To: Équipe Evolix <equipe@evolix.fr>
From: Équipe Evolix <equipe@evolix.net>
To: $clientmail
Subject: Rapport MySQL instance $instance pour votre serveur $hostname
EOT
cat << EOT > $body
Bonjour,
Veuillez trouver ci-joint un rapport MySQL.
Celui-ci permet d'identifier aisément si des optimisations MySQL sont possibles.
N'hésitez pas à nous indiquer par mail ou ticket quelles variables vous souhaiter
optimiser.
Veuillez noter qu'il faudra redémarrer MySQL pour appliquer de nouveaux paramètres.
Bien à vous,
--
Rapport automatique Evolix
EOT
mutt -x -e 'set send_charset="utf-8"' -H $template \
-a /var/www/mysqlreport_${instance}.html < $body
done
chmod 644 /var/www/mysqlreport*html

2
src/files/etc/fail2ban/filter.d/apache-joomla.conf

@ -0,0 +1,2 @@
[Definition]
failregex = <HOST> -.*"POST.*/administrator/index.php.*

2
src/files/etc/fail2ban/filter.d/apache-owncloud.conf

@ -0,0 +1,2 @@
[Definition]
failregex={"app":"core","message":"Login failed: user '.*' , wrong password, IP:<HOST>","level":2,"time":".*"}

2
src/files/etc/fail2ban/filter.d/apache-prestashop.conf

@ -0,0 +1,2 @@
[Definition]
failregex = <HOST> -.*"POST.*/login.*

3
src/files/etc/fail2ban/filter.d/apache-wp.conf

@ -0,0 +1,3 @@
[Definition]
failregex = <HOST> -.*"POST.*/wp-login.php HTTP.* 200
<HOST> -.*"POST.*/xmlrpc.php.*

8
src/files/etc/fail2ban/jail.d/apache-joomla-hard.local

@ -0,0 +1,8 @@
[apache-joomla-hard]
enabled = false
port = http,https
filter = apache-joomla
logpath = /var/log/apache2/access.log
maxretry = 3
findtime = 600

8
src/files/etc/fail2ban/jail.d/apache-joomla-soft.local

@ -0,0 +1,8 @@
[apache-joomla-soft]
enabled = true
port = http,https
filter = apache-joomla
logpath = /var/log/apache2/access.log
maxretry = 20
findtime = 60

8
src/files/etc/fail2ban/jail.d/apache-owncloud-hard.local

@ -0,0 +1,8 @@
[apache-owncloud-hard]
enabled = false
filter = apache-owncloud
port = http,https
logpath = /var/log/owncloud.log
maxrety = 3
findtime = 600

8
src/files/etc/fail2ban/jail.d/apache-prestashop-hard.local

@ -0,0 +1,8 @@
[apache-prestashop-hard]
enabled = false
port = http,https
filter = apache-prestashop
logpath = /var/log/apache2/access.log
maxretry = 3
findtime = 600

8
src/files/etc/fail2ban/jail.d/apache-prestashop-soft.local

@ -0,0 +1,8 @@
[apache-prestashop-soft]
enabled = true
port = http,https
filter = apache-prestashop
logpath = /var/log/apache2/access.log
maxretry = 20
findtime = 60

8
src/files/etc/fail2ban/jail.d/apache-wp-hard.local

@ -0,0 +1,8 @@
[apache-wp-hard]
enabled = false
port = http,https
filter = apache-wp
logpath = /var/log/apache2/access.log
maxretry = 3
findtime = 600

8
src/files/etc/fail2ban/jail.d/apache-wp-soft.local

@ -0,0 +1,8 @@
[apache-wp-soft]
enabled = true
port = http,https
filter = apache-wp
logpath = /var/log/apache2/access.log
maxretry = 20
findtime = 60

6
src/files/etc/fail2ban/jail.d/courierauth.local

@ -0,0 +1,6 @@
[courierauth]
enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = courierlogin
logpath = /var/log/mail.log

6
src/files/etc/fail2ban/jail.d/couriersmtp.local

@ -0,0 +1,6 @@
[couriersmtp]
enabled = false
port = smtp,ssmtp
filter = couriersmtp
logpath = /var/log/mail.log

6
src/files/etc/fail2ban/jail.d/dovecot-evolix.local

@ -0,0 +1,6 @@
[dovecot-evolix]
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = dovecot-evolix
logpath = /var/log/mail.log

6
src/files/etc/fail2ban/jail.d/postfix.local

@ -0,0 +1,6 @@
[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log

7
src/files/etc/fail2ban/jail.d/proftpd.local

@ -0,0 +1,7 @@
[proftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6

6
src/files/etc/fail2ban/jail.d/sasl-evolix.local

@ -0,0 +1,6 @@
[sasl-evolix]
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = sasl-evolix
logpath = /var/log/mail.log

7
src/files/etc/fail2ban/jail.d/ssh.local

@ -0,0 +1,7 @@
[ssh]
enabled = false
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6

54
src/files/etc/fail2ban/jail.local

@ -25,57 +25,3 @@ action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(proto
%(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
action = %(action_mwl)s
# JAILS
[ssh]
enabled = false
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
[proftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = proftpd
logpath = /var/log/proftpd/proftpd.log
maxretry = 6
[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
[couriersmtp]
enabled = false
port = smtp,ssmtp
filter = couriersmtp
logpath = /var/log/mail.log
[courierauth]
enabled = false
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = courierlogin
logpath = /var/log/mail.log
[sasl-evolix]
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = sasl-evolix
logpath = /var/log/mail.log
[dovecot-evolix]
enabled = true
port = smtp,ssmtp,imap2,imap3,imaps,pop3,pop3s
filter = dovecot-evolix
logpath = /var/log/mail.log

11
src/files/etc/nagios/nrpe.d/evolix.cfg

@ -43,6 +43,8 @@ command[check_tomcat-ajp13]=/usr/lib/nagios/plugins/check_tcp -p 8009
command[check_proxy]=/usr/lib/nagios/plugins/check_http -H www.debian.org
command[check_redis]=/usr/lib/nagios/plugins/check_tcp -p 6379
command[check_clamd]=/usr/lib/nagios/plugins/check_clamd -H /var/run/clamav/clamd.ctl -v
command[check_ssl]=/usr/lib/nagios/plugins/check_http -f follow -I 127.0.0.1 -S -p 443 -H ssl.evolix.net -C 15,5
command[check_elasticsearch]=/usr/lib/nagios/plugins/check_http -H localhost -u /_cluster/health -p 9200 -r '"status":"red",' --invert-regex
# Local checks (not packaged)
command[check_mem]=/usr/local/lib/nagios/plugins/check_mem -f -C -w 20 -c 10
@ -50,5 +52,12 @@ command[check_amavis]=/usr/local/lib/nagios/plugins/check_amavis --server 127.0.
command[check_spamd]=/usr/local/lib/nagios/plugins/check_spamd -H 127.0.0.1
command[check_nfsclient]=sudo -u www-data /usr/local/lib/nagios/plugins/check_nfsclient
command[check_evobackup]=/usr/local/lib/nagios/plugins/check_evobackup
command[check_ssl]=/usr/lib/nagios/plugins/check_http -f follow -I 127.0.0.1 -S -p 443 -H ssl.evolix.net -C 15,5
command[check_process]=/usr/local/lib/nagios/plugins/check_process
command[check_drbd]=/usr/local/lib/nagios/plugins/check_drbd -d All -c StandAlone
command[check_mongodb_connect]=/usr/local/lib/nagios/plugins/check_mongodb -H localhost -P27017 -A connect
command[check_glusterfs]=/usr/local/lib/nagios/plugins/check_glusterfs -v all -n 0
command[check_supervisord_status]=/usr/local/lib/nagios/plugins/check_supervisord
# Check HTTP "many". Use this to check many websites (http, https, ports, sockets and SSL certificates).
# Beware! All checks must not take more than 10s!
#command[check_https]=/usr/local/lib/nagios/plugins/check_http_many

9
src/files/etc/squid3/whitelist.conf

@ -35,10 +35,17 @@ http://vimeo.com/channels/wpetourisme/videos/rss
# Magento Plugins
http://extensions.activo.com/.*
http://amasty.com/.*
# Joomla
http://.*.joomla.org/.*
http://getk2.org/.*
http://miwisoft.com/.*
http://mijosoft.com/.*
http://www.joomlaworks.net/.*
http://cdn.joomlaworks.org/.*
http://download.regularlabs.com/.*
# Others
http://.*.drupal.org/.*
http://.*.dotclear.(net|org)/.*
http://.*.joomla.org/.*
http://.*.prestashop.com/.*
http://www.phpbb.com/.*
http://www.typolight.org/.*

BIN
src/files/usr/local/bin/pg_test_fsync

Binary file not shown.

BIN
src/files/usr/local/bin/pg_test_fsync32

Binary file not shown.

456
src/files/usr/local/lib/nagios/plugins/check_drbd

@ -0,0 +1,456 @@
#!/usr/bin/perl -w
####################################################
# check_drbd v0.5.3 #
# by Brandon Lee Poyner bpoyner / CCAC.edu #
####################################################
use strict;
use File::Basename;
use Getopt::Long;
my $drbd_proc='/proc/drbd';
my $drbd_devices=0;
my ($drbd_expect, $drbd_role, $drbd_version, $debug_mode);
my (%options, %cs, %st, %ld, %ds, %check, %warning, %critical);
my $prog_name=basename($0);
my $prog_revision='0.5.3';
my %errorcodes = (
'OK' => { 'retvalue' => 0 },
'WARNING' => { 'retvalue' => 1 },
'CRITICAL' => { 'retvalue' => 2 },
'UNKNOWN' => { 'retvalue' => 3 }
);
#
# Define various states and default alarm values
#
my %state = (
'Primary' => { 'value' => 'OK', 'type' => 'st' },
'Secondary' => { 'value' => 'OK', 'type' => 'st' },
'Unknown' => { 'value' => 'CRITICAL', 'type' => 'st' },
'StandAlone' => { 'value' => 'WARNING', 'type' => 'cs' },
'Unconnected' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'Timeout' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'BrokenPipe' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'WFConnection' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'WFReportParams' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'Connected' => { 'value' => 'OK', 'type' => 'cs' },
'Unconfigured' => { 'value' => 'CRITICAL', 'type' => 'cs' },
# DRBD 0.6
'SyncingAll' => { 'value' => 'WARNING', 'type' => 'cs' },
'SyncingQuick' => { 'value' => 'WARNING', 'type' => 'cs' },
'SyncPaused' => { 'value' => 'CRITICAL', 'type' => 'cs' },
# DRBD 0.7
'WFBitMapS' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'WFBitMapT' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'SyncSource' => { 'value' => 'WARNING', 'type' => 'cs' },
'SyncTarget' => { 'value' => 'WARNING', 'type' => 'cs' },
'PausedSyncS' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'PausedSyncT' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'NetworkFailure' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'SkippedSyncS' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'SkippedSyncT' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'Consistent' => { 'value' => 'OK', 'type' => 'ld' },
'Inconsistent' => { 'value' => 'CRITICAL', 'type' => 'ld' },
# DRBD 8.0
'UpToDate' => { 'value' => 'OK', 'type' => 'ds' },
'Consistent' => { 'value' => 'OK', 'type' => 'ds' },
'Negotiating' => { 'value' => 'WARNING', 'type' => 'ds' },
'Attaching' => { 'value' => 'WARNING', 'type' => 'ds' },
'Diskless' => { 'value' => 'CRITICAL', 'type' => 'ds' },
'Failed' => { 'value' => 'CRITICAL', 'type' => 'ds' },
'Outdated' => { 'value' => 'CRITICAL', 'type' => 'ds' },
'Inconsistent' => { 'value' => 'CRITICAL', 'type' => 'ds' },
'DUnknown' => { 'value' => 'CRITICAL', 'type' => 'ds' },
# DRBD 8.2
'VerifyS' => { 'value' => 'WARNING', 'type' => 'cs' },
'VerifyT' => { 'value' => 'WARNING', 'type' => 'cs' },
# DRBD 8.3
'Disconnecting' => { 'value' => 'WARNING', 'type' => 'cs' },
'ProtocolError' => { 'value' => 'CRITICAL', 'type' => 'cs' },
'TearDown' => { 'value' => 'WARNING', 'type' => 'cs' },
'StartingSyncS' => { 'value' => 'WARNING', 'type' => 'cs' },
'StartingSyncT' => { 'value' => 'WARNING', 'type' => 'cs' },
'WFSyncUUID' => { 'value' => 'WARNING', 'type' => 'cs' }
);
&parse_options;
&parse_proc;
&parse_drbd_devices;
&check_drbd_state;
&report_status;
&myexit('UNKNOWN',"$prog_name should never reach here");
sub print_usage {
print <<EOF
Usage: $prog_name [-d <All|Configured|...>] [-e expect] [-p proc] [-r role] [-o states] [-w states] [-c states] [--debug]
Options:
-d STRING [default: $drbd_devices. Example: 0,1,2 ]
-p STRING [default: $drbd_proc. Use '-' for stdin]
-e STRING [Must be this connected state. Example: Connected]
-r STRING [Must be this node state. Example: Primary]
-o STRING [Change value to OK. Example: StandAlone]
-w STRING [Change value to WARNING. Example: SyncingAll]
-c STRING [Change value to CRITICAL. Example: Inconsistent,WFConnection]
EOF
}
sub print_revision {
print <<EOF;
$prog_name $prog_revision
The nagios plugins come with ABSOLUTELY NO WARRANTY. You may redistribute
copies of the plugins under the terms of the GNU General Public License.
For more information about these matters, see the file named COPYING.
EOF
}
sub print_help {
&print_revision;
print "\n";
&print_usage;
print <<EOF;
Send email to nagios-users\@lists.sourceforge.net if you have questions
regarding use of this software. To submit patches or suggest improvements,
send email to bpoyner\@ccac.edu
EOF
exit $errorcodes{'UNKNOWN'}->{'retvalue'};
}
sub parse_options {
my ($help, $version, $debug, $ok_string, $warning_string,
$critical_string);
#
# Get command line options
#
GetOptions("h|help" => \$help,
"V|version" => \$version,
"d|device|devices=s" => \$drbd_devices,
"e|expect=s" => \$drbd_expect,
"p|proc=s" => \$drbd_proc,
"r|role=s" => \$drbd_role,
"o|ok=s" => \$ok_string,
"w|warning=s" => \$warning_string,
"c|critical=s" => \$critical_string,
"debug" => \$debug);
if (defined($help) && ($help ne "")) {
&print_help;
exit $errorcodes{'UNKNOWN'}->{'retvalue'};
}
if (defined($version) && ($version ne "")) {
&print_revision;
exit $errorcodes{'UNKNOWN'}->{'retvalue'};
}
if (defined($drbd_expect) && ($drbd_expect ne "")) {
# User requested the connected state to be very specific
&change_values($drbd_expect,'cs','expect','connected state');
}
if (defined($drbd_role) && ($drbd_role ne "")) {
# User requested the node state to be very specific
&change_values($drbd_role,'st','role','node state');
}
if (defined($ok_string) && ($ok_string ne "")) {
# User requested certain values to be OK
&set_values($ok_string,'OK');
}
if (defined($warning_string) && ($warning_string ne "")) {
# User requested certain values to be WARNING
&set_values($warning_string,'WARNING');
}
if (defined($critical_string) && ($critical_string ne "")) {
# User requested certain values to be CRITICAL
&set_values($critical_string,'CRITICAL');
}
if (defined($debug) && ($debug ne "")) {
#
# Debugging information
#
$debug_mode=1;
print STDERR "<$prog_name settings>\n";
print STDERR "DRBD Devices: $drbd_devices\n";
printf STDERR "DRBD Proc: %s\n", defined($drbd_proc)?$drbd_proc:"";
printf STDERR "DRBD Expect: %s\n", defined($drbd_expect)?$drbd_expect:"";
printf STDERR "DRBD Role: %s\n", defined($drbd_role)?$drbd_role:"";
my (@ok, @critical, @warning);
for my $key ( keys %state ) {
if ($state{$key}->{'value'} eq 'OK') {
push(@ok,$key);
}
if ($state{$key}->{'value'} eq 'WARNING') {
push(@warning,$key);
}
if ($state{$key}->{'value'} eq 'CRITICAL') {
push(@critical,$key);
}
}
printf STDERR "DRBD OK: %s\n", join(" ",sort(@ok));
printf STDERR "DRBD WARNING: %s\n", join(" ",sort(@warning));
printf STDERR "DRBD CRITICAL: %s\n", join(" ",sort(@critical));
print STDERR "</$prog_name settings>\n";
}
}
sub parse_proc {
#
# Read in contents of proc file, feed results into hashes
#
my $input;
if ( $drbd_proc ne "-" ) {
$input = "DRBD";
if ( ! -e $drbd_proc ) {
&myexit('UNKNOWN',"No such file $drbd_proc");
}
open(DRBD, "$drbd_proc") ||
&myexit('UNKNOWN',"Could not open $drbd_proc");
} else {
$input = "STDIN";
}
while(<$input>) {
if (/^version: (\d+).(\d+)/) {
$drbd_version = "$1.$2";
}
if (/^\s?(\d+):.* cs:(\w+)/) {
$cs{$1} = $2;
}
if (/^\s?(\d+):.* st:(\w+)\//) {
$st{$1} = $2;
}
if (/^\s?(\d+):.* ld:(\w+)/) {
$ld{$1} = $2;
}
if (/^\s?(\d+):.* ds:(\w+)/) {
$ds{$1} = $2;
}
}
if ( $drbd_proc ne "-" ) {
close(DRBD);
}
if (defined($debug_mode) && ($debug_mode == 1)) {
#
# Debugging information
#
print STDERR "<$prog_name devices found>\n";
for my $key ( sort keys %cs ) {
printf STDERR "Found Device $key $cs{$key}%s%s%s\n", defined($st{$key})?" $st{$key}":"", defined($ld{$key})?" $ld{$key}":"", defined($ds{$key})?" $ds{$key}":"";
}
print STDERR "</$prog_name devices found>\n";
}
}
sub parse_drbd_devices {
#
# Determine which DRBD devices to monitor
#
my @devices;
if ($drbd_devices =~ /^all$/i) {
for my $device ( keys %cs ) {
push(@devices,$device);
}
} elsif ($drbd_devices =~ /^configured$/i) {
for my $device ( keys %cs ) {
next if ($cs{$device} eq "Unconfigured");
push(@devices,$device);
}
} else {
@devices = split(/,/,$drbd_devices);
}
foreach my $device (@devices) {
if (!(defined($cs{$device}))) {
&myexit('UNKNOWN',"Could not find device $device");
}
$check{$device} = 1;
}
if (int(keys %check) == 0) {
&myexit('UNKNOWN',"No configured devices found");
}
if (defined($debug_mode) && ($debug_mode == 1)) {
#
# Debugging information
#
print STDERR "<$prog_name devices to check>\n";
for my $key ( sort keys %check ) {
printf STDERR "Checking enabled for device $key\n";
}
print STDERR "</$prog_name devices to check>\n";
}
}
sub check_drbd_state {
for my $drbd_device ( sort keys %check ) {
if ((defined($drbd_version)) && ($drbd_version >= '8.0')) {
#
# We're dealing with version 8.0 or greater
# Set data state
#
if ((defined($ds{$drbd_device})) &&
(defined($state{$ds{$drbd_device}}))) {
$state{$ds{$drbd_device}}->{$drbd_device}->{'level'} = 1;
} elsif (defined($ds{$drbd_device})) {
&myexit('CRITICAL',"Data state unknown value '$ds{$drbd_device}' for device $drbd_device");
}
}
if ((defined($drbd_version)) && ($drbd_version == '0.7')) {
#
# We're dealing with version 0.7
# Set local data consistency
#
if ((defined($ld{$drbd_device})) &&
(defined($state{$ld{$drbd_device}}))) {
$state{$ld{$drbd_device}}->{$drbd_device}->{'level'} = 1;
} elsif (defined($ld{$drbd_device})) {
&myexit('CRITICAL',"Local data consistency unknown value '$ld{$drbd_device}' for device $drbd_device");
}
}
#
# Check for a state value (Primary, Secondary, etc)
#
if ((defined($st{$drbd_device})) &&
(defined($state{$st{$drbd_device}}))) {
$state{$st{$drbd_device}}->{$drbd_device}->{'level'} = 1;
} elsif (defined($st{$drbd_device})) {
&myexit('CRITICAL',"Node state unknown value '$st{$drbd_device}' for device $drbd_device");
}
#
# Check for a connected state value (Connected, StandAlone, etc)
#
if (defined($state{$cs{$drbd_device}})) {
$state{$cs{$drbd_device}}->{$drbd_device}->{'level'} = 1;
} else {
&myexit('CRITICAL',"Connection state unknown value '$cs{$drbd_device}' for device $drbd_device");
}
#
# Debugging information
#
if (defined($debug_mode) && ($debug_mode == 1)) {
print STDERR "<$prog_name device $drbd_device status>\n";
for my $key ( keys %state ) {
if (defined($state{$key}->{$drbd_device}->{'level'})) {
print STDERR "$key $state{$key}->{'value'}\n";
}
}
print STDERR "</$prog_name device $drbd_device status>\n";
}
#
# Determine if any values are CRITICAL or WARNING
#
for my $key ( keys %state ) {
if (defined($state{$key}->{$drbd_device}->{'level'})) {
if ($state{$key}->{'value'} eq "CRITICAL") {
$critical{$drbd_device} = 1;
}
if ($state{$key}->{'value'} eq "WARNING") {
$warning{$drbd_device} = 1;
}
}
}
}
}
sub report_status {
my $message;
my $critical_count=int(keys %critical);
my $warning_count=int(keys %warning);
if ($critical_count > 0) {
#
# We found a CRITICAL situation
#
my $i = 0;
for my $device (sort keys %critical) {
$message.=sprintf("Device %d%s $cs{$device}%s%s", $device,defined($st{$device})?" $st{$device}":"",defined($ld{$device})?" $ld{$device}":"",defined($ds{$device})?" $ds{$device}":"");
$i++;
if ($i != $critical_count) {
$message.=", ";
}
}
&myexit('CRITICAL',$message);
} elsif ($warning_count > 0) {
#
# We found a WARNING situation
#
my $i = 0;
for my $device (sort keys %warning) {
$message.=sprintf("Device %d%s $cs{$device}%s%s", $device,defined($st{$device})?" $st{$device}":"",defined($ld{$device})?" $ld{$device}":"",defined($ds{$device})?" $ds{$device}":"");
$i++;
if ($i != $warning_count) {
$message.=", ";
}
}
&myexit('WARNING',$message);
} else {
#
# Everything checks out OK
#
my $device_count=int(keys %check);
if ($device_count == 1) {
for my $device ( sort keys %check ) {
$message=sprintf("Device %d%s $cs{$device}%s%s", $device,defined($st{$device})?" $st{$device}":"",defined($ld{$device})?" $ld{$device}":"",defined($ds{$device})?" $ds{$device}":"");
}
} else {
my $i = 0;
for my $device ( sort keys %check ) {
$message.=sprintf("Dev %d %0.3s%0.3s%0.3s%0.3s", $device,defined($st{$device})?"$st{$device}":"",$cs{$device},defined($ld{$device})?"$ld{$device}":"",defined($ds{$device})?"$ds{$device}":"");
$i++;
if ($i != $device_count) {
$message.=", ";
}
}
}
&myexit('OK',$message);
}
}
sub set_values {
#
# Set item to value requested
#
my ($items,$value) = @_;
my @items = split(/,/,$items);
foreach my $item (@items) {
if (defined($state{$item})) {
$state{$item}->{'value'} = "$value";
} else {
print STDERR "State '$item' not found\n";
}
}
}
sub change_values {
#
# Look for all values of a given type, set requested value to OK
# and all other values to CRITICAL
#
my ($argument,$type,$error1,$error2) = @_;
if ((defined($state{$argument})) &&
($state{$argument}->{'type'} eq "$type")) {
for my $key ( keys %state ) {
if ($state{$key}->{'type'} eq "$type") {
if ($key eq $argument) {
&set_values($argument,'OK');
} else {
&set_values($key,'CRITICAL');
}
}
}
} else {
&myexit('UNKNOWN',"$error1 option only works for $error2");
}
}
sub myexit {
#
# Print error message and exit
#
my ($error, $message) = @_;
if (!(defined($errorcodes{$error}))) {
printf STDERR "Error code $error not known\n";
print "DRBD UNKNOWN: $message\n";
exit $errorcodes{'UNKNOWN'}->{'retvalue'};
}
print "DRBD $error: $message\n";
exit $errorcodes{$error}->{'retvalue'};
}

150
src/files/usr/local/lib/nagios/plugins/check_glusterfs

@ -0,0 +1,150 @@
#!/bin/bash
# This Nagios script was written against version 3.3 & 3.4 of Gluster. Older
# versions will most likely not work at all with this monitoring script.
#
# Gluster currently requires elevated permissions to do anything. In order to
# accommodate this, you need to allow your Nagios user some additional
# permissions via sudo. The line you want to add will look something like the
# following in /etc/sudoers (or something equivalent):
#
# Defaults:nagios !requiretty
# nagios ALL=(root) NOPASSWD:/usr/sbin/gluster volume status [[\:graph\:]]* detail,/usr/sbin/gluster volume heal [[\:graph\:]]* info
#
# That should give us all the access we need to check the status of any
# currently defined peers and volumes.
# Inspired by a script of Mark Nipper
#
# 2013, Mark Ruys, mark.ruys@peercode.nl
PATH=/sbin:/bin:/usr/sbin:/usr/bin
PROGNAME=$(basename -- $0)
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION="1.0.0"
. /usr/lib/nagios/plugins/utils.sh
# parse command line
usage () {
echo ""
echo "USAGE: "
echo " $PROGNAME -v VOLUME -n BRICKS [-w GB -c GB]"
echo " -n BRICKS: number of bricks"
echo " -w and -c values in GB"
exit $STATE_UNKNOWN
}
while getopts "v:n:w:c:" opt; do
case $opt in
v) VOLUME=${OPTARG} ;;
n) BRICKS=${OPTARG} ;;
w) WARN=${OPTARG} ;;
c) CRIT=${OPTARG} ;;
*) usage ;;
esac
done
if [ -z "${VOLUME}" -o -z "${BRICKS}" ]; then
usage
fi
Exit () {
echo "$1: ${2:0}"
status=STATE_$1
exit ${!status}
}
# check for commands
for cmd in basename bc awk sudo pidof gluster; do
if ! type -p "$cmd" >/dev/null; then
Exit UNKNOWN "$cmd not found"
fi
done
# check for glusterd (management daemon)
if ! pidof glusterd &>/dev/null; then
Exit CRITICAL "glusterd management daemon not running"
fi
# check for glusterfsd (brick daemon)
if ! pidof glusterfsd &>/dev/null; then
Exit CRITICAL "glusterfsd brick daemon not running"
fi
# get volume heal status
heal=0
for entries in $(sudo gluster volume heal ${VOLUME} info | awk '/^Number of entries: /{print $4}'); do
if [ "$entries" -gt 0 ]; then
let $((heal+=entries))
fi
done
if [ "$heal" -gt 0 ]; then
errors=("${errors[@]}" "$heal unsynched entries")
fi
# get volume status
bricksfound=0
freegb=9999999
shopt -s nullglob
while read -r line; do
field=($(echo $line))
case ${field[0]} in
Brick)
brick=${field[@]:2}
;;
Disk)
key=${field[@]:0:3}
if [ "${key}" = "Disk Space Free" ]; then
freeunit=${field[@]:4}
free=${freeunit:0:-2}
unit=${freeunit#$free}
if [ "$unit" != "GB" ]; then
Exit UNKNOWN "unknown disk space size $freeunit"
fi
free=$(echo "${free} / 1" | bc -q)
if [ $free -lt $freegb ]; then
freegb=$free
fi
fi
;;
Online)
online=${field[@]:2}
if [ "${online}" = "Y" ]; then
let $((bricksfound++))
else
errors=("${errors[@]}" "$brick offline")
fi
;;
esac
done < <(sudo gluster volume status ${VOLUME} detail)
if [ $bricksfound -eq 0 ]; then
Exit CRITICAL "no bricks found"
elif [ $bricksfound -lt $BRICKS ]; then
errors=("${errors[@]}" "found $bricksfound bricks, expected $BRICKS ")
fi
if [ -n "$CRIT" -a -n "$WARN" ]; then
if [ $CRIT -ge $WARN ]; then
Exit UNKNOWN "critical threshold below warning"
elif [ $freegb -lt $CRIT ]; then
Exit CRITICAL "free space ${freegb}GB"
elif [ $freegb -lt $WARN ]; then
errors=("${errors[@]}" "free space ${freegb}GB")
fi
fi
# exit with warning if errors
if [ -n "$errors" ]; then
sep='; '
msg=$(printf "${sep}%s" "${errors[@]}")
msg=${msg:${#sep}}
Exit WARNING "${msg}"
fi
# exit with no errors
Exit OK "${bricksfound} bricks; free space ${freegb}GB"

84
src/files/usr/local/lib/nagios/plugins/check_http_many

@ -0,0 +1,84 @@
#!/bin/bash
result=/tmp/nagios.check_http_many.result
trap "rm ${result}*" EXIT
warning=false
critical=false
check_state() {
if [[ $1 -eq 0 ]]; then
cat $result >> ${result}.ok
:> $result
fi
if [[ $1 -eq 1 ]]; then
warning=true
cat $result >> ${result}.err
:> $result
fi
if [[ $1 -eq 2 ]]; then
critical=true
cat $result >> ${result}.err
:> $result
fi
}
## Return OK between 02am and 05am.
#date=$(date +%H)
#if [[ $date > 01 && $date < 05 ]]; then
# echo "Maintenance time, no check! All green!"
# exit 0
#fi
# Check HTTP
sites=""
for site in $sites; do
echo -n "Site ${site}: " >> $result
/usr/lib/nagios/plugins/check_http -f critical -I 127.0.0.1 -H ${site%%/*} -u /${site#*/} >> $result
check_state $?
done
## Check HTTPs
sites=""
for site in $sites; do
echo -n "Site ${site}: " >> $result
/usr/lib/nagios/plugins/check_http -w4 -c6 -f critical -p 443 -S -I 127.0.0.1 -H ${site%%/*} -u /${site#*/} >> $result
check_state $?
done
# Check HTTPs certs
sites=""
for site in $sites; do
echo -n "Certificate ${site}: " >> $result
/usr/lib/nagios/plugins/check_http -p 443 -S --sni -H $site -C14,7 >> $result
check_state $?
done
# Check Sockets
sockets=""
for socket in $sockets; do
echo -n "Socket ${socket}: " >> $result
/usr/lib/nagios/plugins/check_tcp -H $socket >> $result
check_state $?0
done
# Check Ports
ports=""
for port in $ports; do
echo -n "Port ${port}: " >> $result
/usr/lib/nagios/plugins/check_tcp -p $port >> $result
check_state $?
done
if ($critical); then
cat ${result}.err
exit 2
fi
if ($warning); then
cat ${result}.err
exit 1
else
cat ${result}.ok
exit 0
fi

0
src/files/usr/local/lib/nagios/plugins/check_process

2
src/files/usr/local/lib/nagios/plugins/check_supervisord

@ -1,6 +1,6 @@
#!/bin/bash
supervisorctl status |while read line
sudo /usr/bin/supervisorctl status |while read line
do
echo $line |grep RUNNING || exit 1
done

2
src/files/var/www/index.html

@ -62,7 +62,7 @@
<li><a href="/cgi-bin/mailgraph.cgi">Stats mails</a></li>
<!--
<li><a href="/phpmyadmin-PHPMASECRET/">Accès PhpMyAdmin</a></li>
<li><a href="/mysqlreport.html">Dernier rapport MySQL Tuner</a></li>
<li><a href="/mysqlreport_3306.html">Dernier rapport MySQL instance 3306</a></li>
<li><a href="/cgi-bin/awstats.pl">Stats web</a></li>
<li><a href="/info.php">Infos PHP</a></li>
<li><a href="/opcache.php">Infos OpCache PHP</a></li>

11
src/functions.sh

@ -23,6 +23,17 @@ installpkg() {
fi
}
removepkg() {
if ($AUTOMAGIC); then
DEBIAN_FRONTEND=noninteractive apt remove \
--allow-unauthenticated -o Dpkg::Options::="--force-confold" -q -y $1
else
apt remove --allow-unauthenticated $1
fi
}
is_pkg_installed() {
dpkg -l $1 2>/dev/null |grep -q ^ii

1
src/modules/00_prepare_system.sh

@ -3,6 +3,7 @@
# Prepare the system for Evolinux.
. functions.sh
exec 2>$STDERR
# Check if /tmp has good rights.
tmp_rights=$(stat --printf=%a /tmp)

3
src/modules/01_install_tools.sh

@ -3,12 +3,13 @@
# Install standard tools.
. functions.sh
exec 2>$STDERR
# Install packages.
if step "Installing tools..."; then
packages="strace htop iftop iptraf ncdu vim iotop rsync mtr-tiny sudo "\
"git subversion ntp screen pv apg tcpdump ntpdate lsb-release serveur-base "\
"mutt pinentry-curses bc pciutils dnsutils lm-sensors conntrack hdparm "\
"lsb-invalid-mta smartmontools patch"
"lsb-invalid-mta smartmontools patch time"
installpkg "$packages"
fi

1
src/modules/01_kernel_tuning.sh

@ -2,6 +2,7 @@
#
# Tune kernel parameters.
. functions.sh
exec 2>$STDERR
if step "Activate reboot after panic (Should be activated only on system with no remote keyboard like KVM or physical access)..."; then
cat << EOT >> /etc/sysctl.d/evolinux.conf

1
src/modules/01_system_settings.sh

@ -3,6 +3,7 @@
# Configure the base system settings.
. functions.sh
exec 2>$STDERR
# Set locales to generate.
if step "Setting default locales & debconf configuration..."; then

2
src/modules/02_admin_accounts.sh

@ -3,6 +3,7 @@
# Create Admin accounts.
. functions.sh
exec 2>$STDERR
pass_gcolpart='$6$V4N7Gf1b$ybmcZ5ulo8ACzntU9pYBdEoeOmlbu1JryjyYPccvp9zJ1oTMZ0y3nepEFCbTJQ6EFSclWCWVss7oyyR0Ycb/P/'
uid_gcolpart=2001
@ -52,6 +53,7 @@ if step "Configuring SSH... (Warning, login with root will be disabled!)"; then
sed -r -i -e 's/^PermitRootLogin (yes|without-password)/PermitRootLogin no/' \
-e 's/^AcceptEnv/#AcceptEnv/' \
-e 's/^AllowUsers/#AllowUsers/' \
-e 's/^PasswordAuthentication no/PasswordAuthentication yes/' \
/etc/ssh/sshd_config
echo -e "\nAllowUsers $ADMINS" >> /etc/ssh/sshd_config
admins_csv=$(echo $ADMINS | tr -s ' ' ',')

1
src/modules/03_install_postfix.sh

@ -3,6 +3,7 @@
# Install postfix
. functions.sh
exec 2>$STDERR
if step "Installing postfix..."; then
FQDN=$(hostname -f)

7
src/modules/04_install_munin.sh

@ -2,6 +2,7 @@
#
# Install munin.
. functions.sh
exec 2>$STDERR
if step "Configuring Munin (hostname, plugins, etc.)..."; then
installpkg "munin munin-node munin-plugins-extra"
@ -40,8 +41,12 @@ EOT
# Use these plugins.
ln -s /usr/share/munin/plugins/meminfo .
ln -s /usr/share/munin/plugins/netstat_multi .
ln -s /usr/share/munin/plugins/sensors_ sensors_temp
ln -s /usr/share/munin/plugins/tcp .
# Dot not install sensors plugin if VM detected.
machineType=$(systemd-detect-virt)
if [[ "$machineType" == "none" ]]; then
ln -s /usr/share/munin/plugins/sensors_ sensors_temp
fi
cd -
# Install local plugins.

1
src/modules/05_install_minifw.sh

@ -4,6 +4,7 @@
# Include functions.
. functions.sh
exec 2>$STDERR
if step "Installing minifirewall..."; then

1
src/modules/06_install_evomaintenance.sh

@ -3,6 +3,7 @@
# Install evomaintenance.
. functions.sh
exec 2>$STDERR
if step "Installing evomaintenance..."; then
installpkg evomaintenance

1
src/modules/07_install_nagios_nrpe.sh

@ -3,6 +3,7 @@
# Install and configure Nagios NRPE server.
. functions.sh
exec 2>$STDERR
if step "Installing Nagios NRPE server..."; then
installpkg "nagios-nrpe-server nagios-plugins nagios-plugins-basic "\

1
src/modules/08_install_mariadb.sh

@ -3,6 +3,7 @@
# Install MariaDB.
. functions.sh
exec 2>$STDERR
if step "Installing MariaDB..."; then

1
src/modules/08_install_mysql.sh

@ -3,6 +3,7 @@
# Install MySQL.
. functions.sh
exec 2>$STDERR
if step "Installing MySQL..."; then

1
src/modules/09_install_proftpd.sh

@ -3,6 +3,7 @@
# Install ProFTPd
. functions.sh
exec 2>$STDERR
if step "Installing ProFTPd..."; then
installpkg "proftpd-basic"

3
src/modules/10_install_evopackweb.sh

@ -5,6 +5,7 @@
. functions.sh
if step "Installing evopackweb..."; then
exec 2>$STDERR
# In case of installing this module later, minifirewall can be stopped. We stop
# it during the installation.
@ -192,7 +193,7 @@ if step "Configure Apache for Munin..." && [ -d /etc/munin/ ]; then
/etc/init.d/apache2 reload
fi
if step "Deactivating phpMyAdmin default Apache configuration..."; then
if step "Deactivating phpMyAdmin default Apache configuration..." && [ -d /etc/phpmyadmin ]; then
a2disconf phpmyadmin
sed -i s/^Alias/#Alias/ /etc/apache2/conf-available/phpmyadmin.conf
fi

1
src/modules/10_install_evopackweb_nginx_phpfpm.sh

@ -5,6 +5,7 @@
. functions.sh
if step "Installing evopackweb (powered by NginX + PHP-FPM)..."; then
exec 2>$STDERR
# In case of installing this module later, minifirewall can be stopped. We stop
# it during the installation.

1
src/modules/11_install_squid.sh

@ -3,6 +3,7 @@
# Install squid
. functions.sh
exec 2>$STDERR
if step "Installing Squid..."; then
step "Warning, you need minifirewall installed!" || exit 1

1
src/modules/12_install_evopackmail.sh

@ -5,6 +5,7 @@
. functions.sh
if step "Installing evopackmail (virtual)..."; then
exec 2>$STDERR
if step "Installing slapd..."; then
domain=$(hostname -f)

3
src/modules/13_install_fail2ban.sh

@ -3,6 +3,7 @@
# Install and configure Fail2Ban.
. functions.sh
exec 2>$STDERR
if step "Installing Fail2Ban..."; then
installpkg "fail2ban"
@ -12,4 +13,4 @@ if step "Installing Fail2Ban..."; then
${INSTALLER_PATH}/files/etc/fail2ban/filter.d/{dovecot-evolix.conf,sasl-evolix.conf} \
/etc/fail2ban/filter.d/
/etc/init.d/fail2ban restart
fi
fi

1
src/modules/14_install_evopackproxy.sh

@ -6,6 +6,7 @@
if step "Installing evopackproxy..."; then
step "Warning, you need evopackweb with PHP installed!" || exit 1
exec 2>$STDERR
hostname=$(hostname -f)
serveradmin="proxyadmin.$(hostname -s).evolix.eu"

1
src/modules/15_install_evopackbackup.sh

@ -5,6 +5,7 @@
. functions.sh
if step "Installing evopackbackup..."; then
exec 2>$STDERR
if step "Applying recommended sysctl settings for backup machine..."; then
echo "vm.dirty_background_ratio = 80" >> /etc/sysctl.d/evolinux_backup.conf

178
src/modules/97_benchmark.sh

@ -0,0 +1,178 @@
#!/bin/bash
#
# Benchmarks disk and CPU
. functions.sh
exec 2>$STDERR
# For free space functions, always substract 1G to be sure to not fill the disk at 100%.
freeSpace() {
df=$(df "$1" --output=avail | tail -1 | tr -d ' ')
df=$((df - 1048576))
echo $df
}
# Program to remove at the end of the script
HDPARM=false
CRYPTSETUP=false
BONNIE=false
SYSBENCH=false
FIO=false
# Some global values
time="/usr/bin/time"
totalRAM=$(free -bt | sed -n 's/Mem:[[:space:]]*\([[:digit:]]*\)*/\1/p' | cut -f1 -d' ')
totalRAM512bs=$((totalRAM / 512))
totalRAM512bsx2=$((totalRAM512bs * 2))
totalRAM4096bs=$((totalRAM / 4096))
totalRAM4096bsx2=$((totalRAM4096bs *2))
totalRAMx2=$((totalRAM * 2))
totalRAMx2G=$((totalRAMx2 / 1024 / 1024 / 1024))
totalRAMx2K=$((totalRAMx2 / 1024))
if step "Set the right setup to do the benchs..."; then
df=$(df -h -l --exclude-type=tmpfs --exclude-type=devtmpfs)
benchPath="/home/benchs"
if ! ($AUTOMAGIC); then
whiptail --title "Path to test I/O..." --scrolltext \
--inputbox "Choose the best directory/path to do the benchs.\nYour mounted FS:\n${df}" \
15 80 "$benchPath" 2>/tmp/whiptail
benchPath=$(cat /tmp/whiptail)
fi
mkdir -p "$benchPath"
chmod 1777 "$benchPath"
# See if we have at least 2x total RAM of free space.
freeSpace=$(freeSpace "$benchPath")
if [[ "$freeSpace" -lt "$totalRAMx2K" ]]; then
critical "You need at least ${totalRAMx2G}G of free space! Exiting..."
exit 1
fi
device=$(df -h / | tail -n1 | sed -e 's/^\([^ ]*\).*/\1/' | sed -e 's/[0-9]*$//')
if ! ($AUTOMAGIC); then
whiptail --title "Block device to test (used by hdparm)" \
--inputbox "Change disk to test?" 10 80 "$device" 2>/tmp/whiptail
device=$(cat /tmp/whiptail)
fi
fi
if step "Starting benchmarks..."; then
if ! ($AUTOMAGIC); then
# We force AUTOMAGIC to have non interruption during benchmarks.
if step "Would you like to do all tests in one pass?"; then
AUTOMAGIC=true
fi
fi
warn "/!\ Benchmarks could take time. Be patient! Maybe go drink a cofee or a tea ;-)"
sleep 3
cd "$benchPath"
if step "### Test 1/8 (Test disk with hdparm) ###"; then
! is_pkg_installed hdparm && HDPARM=true
installpkg hdparm
for step in {1..3}; do
say "> Buffered disk read (#${step}/3)"
hdparm -t "$device"
done
for step in {1..3}; do
say "> Cache read (#${step}/3)"
hdparm -T "$device"
done
fi
if step "### Test 2/8 (Test RAM with dd) ###"; then
! is_pkg_installed time && installpkg time
say "> Read 2x total RAM"
$time dd if=/dev/zero bs=512 count=$totalRAM512bsx2 2>/tmp/out | \
(pv -F "%N %b %t %r %p %e" -s "${totalRAMx2K}k" >/dev/null) 2>&1
cat /tmp/out
fi
if step "### Test 3/8 (Test disk with dd) ###"; then
say "> Write and read 2x total RAM"
$time dd if=/dev/zero bs=4096 count=$totalRAM4096bsx2 2>/tmp/out | \
(pv -F "%N %b %t %r %p %e" -s "${totalRAMx2K}k" >dd.img) 2>&1
cat /tmp/out
$time dd if=dd.img bs=4096 count=$totalRAM4096bsx2 2>/tmp/out | \
(pv -F "%N %b %t %r %p %e" -s "${totalRAMx2K}k" >/dev/null) 2>&1
cat /tmp/out
say "> Deleting file"
$time rm dd.img 2>/tmp/out
cat /tmp/out
fi
if step "### Test 4/8 (Bench CPU with cryptsetup) ###"; then
! is_pkg_installed cryptsetup && CRYPTSETUP=true
installpkg cryptsetup
say "> Cryptsetup benchmark"
/sbin/cryptsetup benchmark
fi
if step "### Test 5/8 (Bench disk I/O with pg_test_fsync) ###"; then
say "> pg_test_fsync test"
arch=$(uname -m)
if [[ "$arch" == "x86_64" ]]; then
install -m 755 "${INSTALLER_PATH}/files/usr/local/bin/pg_test_fsync" \
/usr/local/bin/
/usr/local/bin/pg_test_fsync
elif [[ "$arch" == "i686" ]]; then
install -m 755 "${INSTALLER_PATH}/files/usr/local/bin/pg_test_fsync32" \
/usr/local/bin/
/usr/local/bin/pg_test_fsync32
else
critical "Architecture $arch not supported!"
fi
fi
if step "### Test 6/8 (Bench disk I/O with bonnie++) ###"; then
say "> bonnie++ tests"
! is_pkg_installed bonnie++ && BONNIE=true
installpkg bonnie++
adduser -q --disabled-password --gecos "bonnie benchmark" bonnie
bonnie -d ./ -s 6144 -r "$totalRAM" -u "bonnie" 2>&1
deluser -q bonnie
fi
if step "### Test 7/8 (Bench CPU with sysbench) ###"; then
! is_pkg_installed sysbench && SYSBENCH=true
installpkg sysbench
say "> sysbench cpu"
sysbench --test=cpu --cpu-max-prime=20000 run
fi
if step "### Test 8/8 (Bench I/O with fio) ###"; then
! is_pkg_installed fio && FIO=true
installpkg fio
say "> Fio Read bandwidth"
fio --direct=1 --rw=randread --bs=1m --size="$totalRAMx2K" --numjobs=4 --runtime=10 --group_reporting --name=file1
rm -f file1
say "> Fio Read IOPS"
fio --direct=1 --rw=randread --bs=4k --size="$totalRAMx2K" --numjobs=64 --runtime=10 --group_reporting --name=file1
rm -f file1
say "> Fio Write bandwidth"
fio --direct=1 --rw=randwrite --bs=1m --size="$totalRAMx2K" --numjobs=4 --runtime=10 --group_reporting --name=file1
rm -f file1
say "> Fio Write IOPS"
fio --direct=1 --rw=randwrite --bs=4k --size="$totalRAMx2K" --numjobs=64 --runtime=10 --group_reporting --name=file1
fi
warn "Removing bench directory..."
cd -
rm -rf "$benchPath"
# Remove packages if needed
warn "Removing benchmarks tools..."
$CRYPTSETUP && removepkg cryptsetup
$BONNIE && removepkg bonnie++
$SYSBENCH && removepkg sysbench
$FIO && removepkg fio
$HDPARM && removepkg hdparm
apt-get -y autoremove
say "### All tests done! ###"
fi

7
src/modules/98_last_things_to_do.sh

@ -4,6 +4,7 @@
# something else.
. functions.sh
exec 2>$STDERR
# Setting Pre-Invoke and Post-Invoke for apt.
if mount |grep -q /usr && mount |grep -q /tmp; then
@ -431,7 +432,11 @@ if step "Sending a summary mail with some informations..."; then
else
infogerance="Inconnu"
fi
evoadminweb=$(grep -m1 ServerName /etc/apache2/sites-available/evoadmin.conf | grep -Eo "\S+\.\S+")
if [[ -f /etc/apache2/sites-available/evoadmin.conf ]]; then
evoadminweb=$(grep -m1 ServerName /etc/apache2/sites-available/evoadmin.conf | grep -Eo "\S+\.\S+")
else
evoadminweb="Non installé."
fi
sed -i -e "s#SED_HOSTNAME#$EvoComputerName#g" \
-e "s#SED_DEBIAN#$computerOS#g" \
-e "s#SED_LINUX#$computerKernel#g" \

3
src/modules/99_display_informations.sh

@ -3,6 +3,7 @@
# Display final informations.
. functions.sh
exec 2>$STDERR
say "Hey, install is done!\nYou should read this final note:\n"
cat <<EOT
@ -10,4 +11,4 @@ cat <<EOT
Please fix errors reported by evocheck.
Please verify your fresh install with:
https://redmine.evolix.net/projects/evolix-intra/wiki/VerificationServeurs
EOT
EOT

Loading…
Cancel
Save