diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-05-02 04:10:13 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2021-05-02 04:10:13 +0200 |
commit | acab8301f6a0a76d97b36d009a60d4172bf62981 (patch) | |
tree | 15e4a211dbcc0d3f175a593344c0473c97d2ec00 /modules/private/monitoring/default.nix | |
parent | 8175055f973b3f6e8a383abcaa42afb22f279e24 (diff) | |
download | Nix-acab8301f6a0a76d97b36d009a60d4172bf62981.tar.gz Nix-acab8301f6a0a76d97b36d009a60d4172bf62981.tar.zst Nix-acab8301f6a0a76d97b36d009a60d4172bf62981.zip |
Refactor monitoring to avoid useless resources in each machine
Diffstat (limited to 'modules/private/monitoring/default.nix')
-rw-r--r-- | modules/private/monitoring/default.nix | 184 |
1 files changed, 27 insertions, 157 deletions
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index 5f8a8c9..f00fb7c 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix | |||
@@ -1,109 +1,23 @@ | |||
1 | { config, pkgs, lib, name, nodes, ... }: | 1 | { config, pkgs, lib, name, nodes, ... }: |
2 | let | 2 | let |
3 | cfg = config.myServices.monitoring; | 3 | cfg = config.myServices.monitoring; |
4 | send_mails = pkgs.runCommand "send_mails" { | 4 | activatedPlugins = [ "memory" "command" "bandwidth" ] |
5 | buildInputs = [ pkgs.makeWrapper ]; | 5 | ++ (if cfg.master then (masterObjects.activatedPlugins or []) else []) |
6 | } '' | 6 | ++ (if cfg.master then (lib.flatten (map (v: v.activatedPlugins or []) otherObjects)) else []) |
7 | mkdir -p $out/bin | 7 | ++ (hostObjects.activatedPlugins or []) |
8 | cp ${./send_mails} $out/bin/send_mails | 8 | ++ (if cfg.master then ["notify-primary"] else ["notify-secondary"]); |
9 | patchShebangs $out | 9 | allPluginsConfig = import ./myplugins.nix { |
10 | wrapProgram $out/bin/send_mails --prefix PATH : ${lib.makeBinPath [ | 10 | inherit pkgs lib config; |
11 | pkgs.mailutils | 11 | sudo = "/run/wrappers/bin/sudo"; |
12 | ]} | ||
13 | ''; | ||
14 | postgresqlBinary = if config.myServices.databasesReplication.postgresql.enable | ||
15 | then config.myServices.databasesReplication.postgresql.mainPackage | ||
16 | else if config.myServices.databases.enable | ||
17 | then config.myServices.databases.postgresql.package | ||
18 | else pkgs.postgresql; | ||
19 | zfsPlugin = pkgs.fetchurl { | ||
20 | url = "https://www.claudiokuenzler.com/monitoring-plugins/check_zpools.sh"; | ||
21 | sha256 = "0p9ms9340in80jkds4kfspw62xnzsv5s7ni9m28kxyd0bnzkbzhf"; | ||
22 | }; | 12 | }; |
23 | megacli = pkgs.megacli.overrideAttrs(old: { meta = old.meta // { license = null; }; }); | 13 | mypluginsConfig = lib.getAttrs activatedPlugins allPluginsConfig; |
24 | megaCliPlugin = pkgs.runCommand "megaCliPlugin" { | 14 | myplugins = let |
25 | plugin = pkgs.fetchurl { | 15 | mypluginsChunk = builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (k: v: v.chunk or "") mypluginsConfig); |
26 | name = "check_megaraid_sas"; | 16 | in pkgs.runCommand "buildplugins" { |
27 | url = "https://exchange.nagios.org/components/com_mtree/attachment.php?link_id=6381&cf_id=24"; | ||
28 | sha256 = "0yf60p4c0hb4q3fng9fc14qc89bqm0f1sijayzygadaqcl44jx4p"; | ||
29 | }; | ||
30 | } '' | ||
31 | mkdir $out | ||
32 | cp $plugin $out/check_megaraid_sas | ||
33 | chmod +x $out/check_megaraid_sas | ||
34 | patchShebangs $out | ||
35 | substituteInPlace $out/check_megaraid_sas --replace /usr/sbin/MegaCli ${megacli}/bin/MegaCli64 | ||
36 | substituteInPlace $out/check_megaraid_sas --replace 'sudo $megacli' '/run/wrappers/bin/sudo $megacli' | ||
37 | sed -i -e "s/use utils qw(%ERRORS);/my %ERRORS = ('OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3);/" $out/check_megaraid_sas | ||
38 | ''; | ||
39 | myplugins = pkgs.runCommand "buildplugins" { | ||
40 | buildInputs = [ pkgs.makeWrapper pkgs.perl ]; | 17 | buildInputs = [ pkgs.makeWrapper pkgs.perl ]; |
41 | } '' | 18 | } '' |
42 | mkdir $out | 19 | mkdir $out |
43 | cp ${zfsPlugin} $out/check_zpool.sh && chmod +x $out/check_zpool.sh | 20 | ${mypluginsChunk} |
44 | cp ${megaCliPlugin}/check_megaraid_sas $out/ | ||
45 | cp ${./plugins}/* $out/ | ||
46 | patchShebangs $out | ||
47 | wrapProgram $out/check_command --prefix PATH : ${config.security.wrapperDir} | ||
48 | wrapProgram $out/check_zpool.sh --prefix PATH : ${lib.makeBinPath [ | ||
49 | pkgs.which pkgs.zfs pkgs.gawk | ||
50 | ]} | ||
51 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | ||
52 | pkgs.curl pkgs.jq | ||
53 | ]} | ||
54 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | ||
55 | pkgs.gnugrep pkgs.gawk pkgs.procps-ng | ||
56 | ]} | ||
57 | wrapProgram $out/check_postgres_replication --prefix PATH : ${lib.makeBinPath [ | ||
58 | postgresqlBinary | ||
59 | ]} | ||
60 | wrapProgram $out/check_redis_replication --prefix PATH : ${lib.makeBinPath [ | ||
61 | pkgs.gnugrep pkgs.coreutils pkgs.redis | ||
62 | ]} | ||
63 | wrapProgram $out/check_mysql_replication --prefix PATH : ${lib.makeBinPath [ | ||
64 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.mariadb | ||
65 | ]} | ||
66 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ | ||
67 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | ||
68 | ]} | ||
69 | wrapProgram $out/check_emails --prefix PATH : ${lib.makeBinPath [ | ||
70 | pkgs.openssh send_mails | ||
71 | ]} --prefix PERL5LIB : ${pkgs.perlPackages.makePerlPath [ | ||
72 | pkgs.perlPackages.TimeDate | ||
73 | ]} | ||
74 | wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [ | ||
75 | pkgs.lftp | ||
76 | ]} | ||
77 | wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [ | ||
78 | pkgs.git pkgs.openssh | ||
79 | ]} | ||
80 | wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [ | ||
81 | pkgs.openssl | ||
82 | ]} | ||
83 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | ||
84 | pkgs.s3cmd pkgs.python3 | ||
85 | ]} | ||
86 | makeWrapper $out/check_backup_age $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ | ||
87 | pkgs.duplicity | ||
88 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | ||
89 | makeWrapper $out/check_backup_age $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | ||
90 | pkgs.duplicity | ||
91 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | ||
92 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | ||
93 | pkgs.mailutils | ||
94 | ]} | ||
95 | wrapProgram $out/notify_by_slack --prefix PATH : ${lib.makeBinPath [ | ||
96 | pkgs.curl pkgs.jq | ||
97 | ]} | ||
98 | wrapProgram $out/notify_eban_url --prefix PATH : ${lib.makeBinPath [ | ||
99 | pkgs.curl | ||
100 | ]} | ||
101 | wrapProgram $out/check_ovh_sms --prefix PATH : ${lib.makeBinPath [ | ||
102 | (pkgs.python3.withPackages (ps: [ps.ovh])) | ||
103 | ]} | ||
104 | wrapProgram $out/check_bandwidth --prefix PATH : ${lib.makeBinPath [ | ||
105 | pkgs.iproute pkgs.bc | ||
106 | ]} | ||
107 | ''; | 21 | ''; |
108 | toObjects = pkgs.callPackage ./to_objects.nix {}; | 22 | toObjects = pkgs.callPackage ./to_objects.nix {}; |
109 | commonConfig = { | 23 | commonConfig = { |
@@ -183,7 +97,7 @@ let | |||
183 | master = cfg.master; | 97 | master = cfg.master; |
184 | hostFQDN = config.hostEnv.fqdn; | 98 | hostFQDN = config.hostEnv.fqdn; |
185 | hostName = name; | 99 | hostName = name; |
186 | sudo = "/run/wrappers/bin/sudo"; | 100 | inherit mypluginsConfig; |
187 | } // builtins.getAttr name commonConfig); | 101 | } // builtins.getAttr name commonConfig); |
188 | hostObjects = | 102 | hostObjects = |
189 | let | 103 | let |
@@ -263,52 +177,21 @@ in | |||
263 | services.duplyBackup.profiles.monitoring = { | 177 | services.duplyBackup.profiles.monitoring = { |
264 | rootDir = config.services.naemon.varDir; | 178 | rootDir = config.services.naemon.varDir; |
265 | }; | 179 | }; |
266 | security.sudo.extraRules = [ | 180 | security.sudo.extraRules = let |
181 | pluginsSudo = lib.lists.remove null (lib.attrsets.mapAttrsToList (k: v: | ||
182 | if (v ? sudo) | ||
183 | then ({ users = [ "naemon" ]; } // (v.sudo myplugins)) | ||
184 | else null) mypluginsConfig); | ||
185 | in [ | ||
267 | { | 186 | { |
268 | commands = [ | 187 | commands = [ |
269 | { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } | 188 | { command = "${pkgs.mdadm}/bin/mdadm --monitor --scan -1"; options = [ "NOPASSWD" ]; } |
270 | { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } | 189 | { command = "${pkgs.postfix}/bin/mailq"; options = [ "NOPASSWD" ]; } |
271 | { command = "${megacli}/bin/MegaCli64"; options = [ "NOPASSWD" ]; } | ||
272 | ]; | 190 | ]; |
273 | users = [ "naemon" ]; | 191 | users = [ "naemon" ]; |
274 | runAs = "root"; | 192 | runAs = "root"; |
275 | } | 193 | } |
276 | { | 194 | ] ++ pluginsSudo; |
277 | commands = [ | ||
278 | { command = "${myplugins}/check_last_file_date /backup2/*"; options = [ "NOPASSWD" ]; } | ||
279 | ]; | ||
280 | users = [ "naemon" ]; | ||
281 | runAs = "ALL"; | ||
282 | } | ||
283 | { | ||
284 | commands = [ | ||
285 | { command = "${myplugins}/check_postgres_replication *"; options = [ "NOPASSWD" ]; } | ||
286 | ]; | ||
287 | users = [ "naemon" ]; | ||
288 | runAs = "postgres"; | ||
289 | } | ||
290 | { | ||
291 | commands = [ | ||
292 | { command = "${myplugins}/check_mysql_replication *"; options = [ "NOPASSWD" ]; } | ||
293 | ]; | ||
294 | users = [ "naemon" ]; | ||
295 | runAs = "mysql"; | ||
296 | } | ||
297 | { | ||
298 | commands = [ | ||
299 | { command = "${myplugins}/check_openldap_replication *"; options = [ "NOPASSWD" ]; } | ||
300 | ]; | ||
301 | users = [ "naemon" ]; | ||
302 | runAs = "openldap"; | ||
303 | } | ||
304 | { | ||
305 | commands = [ | ||
306 | { command = "${myplugins}/check_redis_replication *"; options = [ "NOPASSWD" ]; } | ||
307 | ]; | ||
308 | users = [ "naemon" ]; | ||
309 | runAs = "redis"; | ||
310 | } | ||
311 | ]; | ||
312 | environment.etc."mdadm.conf" = { | 195 | environment.etc."mdadm.conf" = { |
313 | enable = true; | 196 | enable = true; |
314 | mode = "0644"; | 197 | mode = "0644"; |
@@ -354,26 +237,13 @@ in | |||
354 | broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live | 237 | broker_module=${pkgs.naemon-livestatus}/lib/naemon-livestatus/livestatus.so ${config.services.naemon.runDir}/live |
355 | broker_module=${pkgs.status_engine.module}/lib/status-engine/naemon/statusengine-${pkgs.naemon.status_engine_version}.o use_service_perfdata=1 use_process_data=0 use_system_command_data=0 use_external_command_data=0 use_flapping_data=0 use_program_status_data=0 use_notification_data=0 use_contact_status_data=0 use_contact_notification_data=0 use_event_handler_data=0 use_object_data=0 | 238 | broker_module=${pkgs.status_engine.module}/lib/status-engine/naemon/statusengine-${pkgs.naemon.status_engine_version}.o use_service_perfdata=1 use_process_data=0 use_system_command_data=0 use_external_command_data=0 use_flapping_data=0 use_program_status_data=0 use_notification_data=0 use_contact_status_data=0 use_contact_notification_data=0 use_event_handler_data=0 use_object_data=0 |
356 | ''; | 239 | ''; |
357 | extraResource = '' | 240 | extraResource = let |
241 | resources = lib.mapAttrsToList (k: v: v.resources or {}) mypluginsConfig; | ||
242 | joined = lib.zipAttrsWith (n: v: if builtins.length (lib.unique v) == 1 then builtins.head v else abort "Non-unique resources names") resources; | ||
243 | joinedStr = builtins.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "$" + "${k}$=${v}") joined); | ||
244 | in '' | ||
358 | $USER2$=${myplugins} | 245 | $USER2$=${myplugins} |
359 | $USER200$=${config.myEnv.monitoring.status_url} | 246 | ${joinedStr} |
360 | $USER201$=${config.myEnv.monitoring.status_token} | ||
361 | $USER202$=${config.myEnv.monitoring.http_user_password} | ||
362 | $USER203$=${config.secrets.fullPaths."naemon/id_rsa"} | ||
363 | $USER204$=${config.myEnv.monitoring.imap_login} | ||
364 | $USER205$=${config.myEnv.monitoring.imap_password} | ||
365 | $USER206$=${config.myEnv.monitoring.slack_channel} | ||
366 | $USER207$=${config.myEnv.monitoring.slack_url} | ||
367 | $USER208$=${builtins.concatStringsSep "," (map (builtins.concatStringsSep ":") config.myEnv.monitoring.eriomem_keys)} | ||
368 | $USER209$=${builtins.concatStringsSep "," [ | ||
369 | config.myEnv.monitoring.ovh_sms.endpoint | ||
370 | config.myEnv.monitoring.ovh_sms.application_key | ||
371 | config.myEnv.monitoring.ovh_sms.application_secret | ||
372 | config.myEnv.monitoring.ovh_sms.consumer_key | ||
373 | config.myEnv.monitoring.ovh_sms.account | ||
374 | ]} | ||
375 | $USER210$=${config.myEnv.monitoring.eban.user} | ||
376 | $USER211$=${config.myEnv.monitoring.eban.password} | ||
377 | ''; | 247 | ''; |
378 | objectDefs = toObjects commonObjects | 248 | objectDefs = toObjects commonObjects |
379 | + toObjects hostObjects | 249 | + toObjects hostObjects |