modules/private/monitoring/objects_common.nix

   1 { hostFQDN
   2 , hostName
   3 , interface ? "eth0"
   4 , processWarn ? "250"
   5 , processAlert ? "400"
   6 , loadWarn ? "8.0"
   7 , loadAlert ? "10.0"
   8 , mdadm
   9 , sudo
  10 , master
  11 , lib
  12 , ...
  13 }:
  14 let
  15   defaultPassiveInfo = {
  16     filter = lib.attrsets.filterAttrs
  17       (k: v: builtins.elem k ["service_description"] || builtins.substring 0 1 k == "_");
  18     use = "external-passive-service";
  19     freshness_threshold = "450";
  20     retry_interval = "1";
  21     servicegroups = "webstatus-resources";
  22     host_name = hostFQDN;
  23   };
  24 in
  25 {
  26   host = {
  27     "${hostFQDN}" = {
  28       alias = hostFQDN;
  29       address = hostFQDN;
  30       use = "linux-server";
  31       hostgroups = "webstatus-hosts";
  32       _webstatus_name = hostName;
  33     };
  34   };
  35   service = [
  36     {
  37       passiveInfo = defaultPassiveInfo;
  38       service_description = "Size on root partition";
  39       use = "local-service";
  40       check_command = ["check_local_disk" "20%" "10%" "/"];
  41     }
  42     {
  43       passiveInfo = defaultPassiveInfo;
  44       service_description = "Total number of process";
  45       use = "local-service";
  46       check_command = [
  47         "check_local_procs"
  48         processWarn
  49         processAlert
  50         "RSZDT"
  51       ];
  52     }
  53     {
  54       passiveInfo = defaultPassiveInfo;
  55       service_description = "Network bandwidth";
  56       use = "local-service";
  57       check_interval = "2";
  58       max_check_attempts = "20";
  59       retry_interval = "2";
  60       check_command = [
  61         "check_local_bandwidth"
  62         interface
  63         "20480" # kb/s
  64         "51200" # kb/s
  65       ];
  66     }
  67     {
  68       passiveInfo = defaultPassiveInfo;
  69       service_description = "Average load";
  70       use = "local-service";
  71       check_command = [
  72         "check_local_load"
  73         "${loadWarn},${loadWarn},${loadWarn}"
  74         "${loadAlert},${loadAlert},${loadAlert}"
  75       ];
  76     }
  77     {
  78       passiveInfo = defaultPassiveInfo;
  79       service_description = "Swap usage";
  80       use = "local-service";
  81       check_command = ["check_local_swap" "20" "10"];
  82     }
  83     {
  84       passiveInfo = defaultPassiveInfo;
  85       service_description = "Memory usage";
  86       use = "local-service";
  87       check_command = ["check_memory" "80" "90"];
  88     }
  89     {
  90       passiveInfo = defaultPassiveInfo;
  91       service_description = "NTP is activated and working";
  92       use = "local-service";
  93       check_command = ["check_ntp"];
  94     }
  95     {
  96       passiveInfo = defaultPassiveInfo;
  97       service_description = "No mdadm array is degraded";
  98       use = "local-service";
  99       check_command = [
 100         "check_command_output"
 101         "${mdadm}/bin/mdadm --monitor --scan -1"
 102         "^$"
 103         "-s 0 -r root"
 104       ];
 105     }
 106   ];
 107   command = {
 108     check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$";
 109     check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$";
 110     check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$";
 111     check_backup_eriomem = "$USER2$/check_eriomem $USER208$";
 112     check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$";
 113     check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$";
 114     check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$";
 115     check_ftp_database = "$USER2$/check_ftp_database";
 116     check_git = "$USER2$/check_git $USER203$";
 117     check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
 118     check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
 119     check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\"";
 120     check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15";
 121     check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\"";
 122     check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\"";
 123     check_local_disk = "$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$";
 124     check_local_procs = "$USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$";
 125     check_local_load = "$USER1$/check_load -w $ARG1$ -c $ARG2$";
 126     check_local_swap = "$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$";
 127     check_local_bandwidth = "$USER2$/check_bandwidth -i=$ARG1$ -w $ARG2$ -c $ARG3$";
 128     check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$";
 129     check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$";
 130     check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$";
 131     check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$";
 132     check_ntp = "$USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org";
 133     check_mailq = "$USER1$/check_mailq -s -w 1 -c 2";
 134     check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\"";
 135     check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\"";
 136     check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\"";
 137     check_ovh_sms = "$USER2$/check_ovh_sms \"$USER209$\"";
 138     check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\"";
 139     check_smtp = "$USER1$/check_smtp -H $HOSTADDRESS$ -p 25 -S -D 21,15";
 140     check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit";
 141     check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15";
 142
 143     check_host_alive = "$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5";
 144     check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\"";
 145     check_ok = "$USER1$/check_dummy 0 \"Dummy OK\"";
 146     check_critical = "$USER1$/check_dummy 2 \"Dummy CRITICAL\"";
 147
 148     # $OVE is to force naemon to run via shell instead of execve which fails here
 149     notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
 150     # $OVE is to force naemon to run via shell instead of execve which fails here
 151     notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE";
 152     notify-by-slack = "HOST=\"$HOSTALIAS$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_slack \"$ARG1$\" \"$ARG2$\"";
 153
 154     notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$ | $SERVICEPERFDATA$\"";
 155   };
 156   timeperiod = {
 157     "24x7" = {
 158       alias = "24 Hours A Day, 7 Days A Week";
 159       monday = "00:00-24:00";
 160       tuesday = "00:00-24:00";
 161       wednesday = "00:00-24:00";
 162       thursday = "00:00-24:00";
 163       friday = "00:00-24:00";
 164       saturday = "00:00-24:00";
 165       sunday = "00:00-24:00";
 166     };
 167   };
 168   servicegroup = {
 169     webstatus-webapps = { alias = "Web applications"; };
 170     webstatus-websites = { alias = "Personal websites"; };
 171     webstatus-ssl = { alias = "SSL certificates"; };
 172     webstatus-dns = { alias = "DNS resolution"; };
 173     webstatus-remote-services = { alias = "Other remote services"; };
 174     webstatus-local-services = { alias = "Other local services"; };
 175     webstatus-email = { alias = "E-mail services"; };
 176     webstatus-resources = { alias = "Local resources"; };
 177     webstatus-databases = { alias = "Databases resources"; };
 178     webstatus-backup = { alias = "Backup resources"; };
 179   };
 180   hostgroup = {
 181     webstatus-hosts = { alias = "Hosts"; };
 182   };
 183   contactgroup = {
 184     admins = { alias = "Naemon Administrators"; };
 185   };
 186   templates = {
 187     service = {
 188       generic-service = {
 189         active_checks_enabled = "1";
 190         check_freshness = "0";
 191         check_interval = "10";
 192         check_period = "24x7";
 193         contact_groups = "admins";
 194         event_handler_enabled = "1";
 195         flap_detection_enabled = "1";
 196         is_volatile = "0";
 197         max_check_attempts = "3";
 198         notification_interval = "60";
 199         notification_options = "w,u,c,r,f,s";
 200         notification_period = "24x7";
 201         notifications_enabled = if master then "1" else "0";
 202         obsess_over_service = "1";
 203         passive_checks_enabled = "1";
 204         process_perf_data = "1";
 205         retain_nonstatus_information = "1";
 206         retain_status_information = "1";
 207         retry_interval = "2";
 208       };
 209       local-service = {
 210         use = "generic-service";
 211         host_name = hostFQDN;
 212         check_interval = "5";
 213         max_check_attempts = "4";
 214         retry_interval = "1";
 215         servicegroups = "webstatus-resources";
 216       };
 217       external-service = {
 218         use = "generic-service";
 219         check_interval = "5";
 220         max_check_attempts = "4";
 221         retry_interval = "1";
 222       };
 223       web-service = {
 224         use = "generic-service";
 225         check_interval = "20";
 226         max_check_attempts = "2";
 227         retry_interval = "1";
 228       };
 229       external-web-service = {
 230         use = "generic-service";
 231         check_interval = "20";
 232         max_check_attempts = "2";
 233         retry_interval = "1";
 234       };
 235       mail-service = {
 236         use = "generic-service";
 237         check_interval = "15";
 238         max_check_attempts = "1";
 239         retry_interval = "1";
 240       };
 241       dns-service = {
 242         use = "generic-service";
 243         check_interval = "120";
 244         notification_interval = "120";
 245         max_check_attempts = "5";
 246         retry_interval = "5";
 247       };
 248     };
 249     # No contact, we go through master
 250     contact = {
 251       generic-contact = {
 252         host_notification_commands = "notify-host-by-email";
 253         host_notification_options = "d,u,r,f,s";
 254         host_notification_period = "24x7";
 255         service_notification_commands = "notify-service-by-email";
 256         service_notification_options = "w,u,c,r,f,s";
 257         service_notification_period = "24x7";
 258       };
 259     };
 260     host = {
 261       generic-host = {
 262         event_handler_enabled = "1";
 263         flap_detection_enabled = "1";
 264         notification_period = "24x7";
 265         notifications_enabled = "1";
 266         process_perf_data = "1";
 267         retain_nonstatus_information = "1";
 268         retain_status_information = "1";
 269       };
 270       linux-server = {
 271         check_command = "check_host_alive";
 272         check_interval = "5";
 273         check_period = "24x7";
 274         contact_groups = "admins";
 275         max_check_attempts = "10";
 276         notification_interval = "120";
 277         notification_options = "d,u,r,f";
 278         retry_interval = "1";
 279       };
 280     };
 281   };
 282 }