diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-07-16 01:10:17 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-07-16 01:10:17 +0200 |
| commit | 5a61f6ad5164a735be26e016c59e72252ffb49b7 (patch) | |
| tree | 6acc3c8199d7f25c039c6c6686005436d1fb49d7 /modules/private/monitoring | |
| parent | ca367c14902ab1bf869976dc5dca52d07e308c15 (diff) | |
| download | Nix-5a61f6ad5164a735be26e016c59e72252ffb49b7.tar.gz Nix-5a61f6ad5164a735be26e016c59e72252ffb49b7.tar.zst Nix-5a61f6ad5164a735be26e016c59e72252ffb49b7.zip | |
Add alternate cloud storage for daily backups
Diffstat (limited to 'modules/private/monitoring')
| -rw-r--r-- | modules/private/monitoring/default.nix | 18 | ||||
| -rw-r--r-- | modules/private/monitoring/objects_common.nix | 5 | ||||
| -rw-r--r-- | modules/private/monitoring/objects_monitoring-1.nix | 57 | ||||
| -rwxr-xr-x | modules/private/monitoring/plugins/check_backup_age (renamed from modules/private/monitoring/plugins/check_eriomem_age) | 0 |
4 files changed, 49 insertions, 31 deletions
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index d5bf7fb..c573af2 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix | |||
| @@ -58,9 +58,12 @@ let | |||
| 58 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ | 58 | wrapProgram $out/check_eriomem --prefix PATH : ${lib.makeBinPath [ |
| 59 | pkgs.s3cmd pkgs.python3 | 59 | pkgs.s3cmd pkgs.python3 |
| 60 | ]} | 60 | ]} |
| 61 | wrapProgram $out/check_eriomem_age --prefix PATH : ${lib.makeBinPath [ | 61 | makeWrapper $out/check_backup_age $out/check_backup_eriomem_age --prefix PATH : ${lib.makeBinPath [ |
| 62 | pkgs.duplicity | 62 | pkgs.duplicity |
| 63 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} | 63 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."eriomem_access_key"} |
| 64 | makeWrapper $out/check_backup_age $out/check_backup_ovh_age --prefix PATH : ${lib.makeBinPath [ | ||
| 65 | pkgs.duplicity | ||
| 66 | ]} --set SECRETS_PATH ${lib.optionalString cfg.master config.secrets.fullPaths."ovh_access_key"} | ||
| 64 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | 67 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ |
| 65 | pkgs.mailutils | 68 | pkgs.mailutils |
| 66 | ]} | 69 | ]} |
| @@ -256,18 +259,19 @@ in | |||
| 256 | permissions = "0400"; | 259 | permissions = "0400"; |
| 257 | text = config.myEnv.monitoring.ssh_secret_key; | 260 | text = config.myEnv.monitoring.ssh_secret_key; |
| 258 | } | 261 | } |
| 259 | ] ++ lib.optional cfg.master ( | 262 | ] ++ lib.optionals cfg.master ( |
| 263 | lib.mapAttrsToList (k: v: | ||
| 260 | { | 264 | { |
| 261 | dest = "eriomem_access_key"; | 265 | dest = "${k}_access_key"; |
| 262 | user = "naemon"; | 266 | user = "naemon"; |
| 263 | group = "naemon"; | 267 | group = "naemon"; |
| 264 | permissions = "0400"; | 268 | permissions = "0400"; |
| 265 | text = '' | 269 | text = '' |
| 266 | export AWS_ACCESS_KEY_ID="${config.myEnv.backup.accessKeyId}" | 270 | export AWS_ACCESS_KEY_ID="${v.accessKeyId}" |
| 267 | export AWS_SECRET_ACCESS_KEY="${config.myEnv.backup.secretAccessKey}" | 271 | export AWS_SECRET_ACCESS_KEY="${v.secretAccessKey}" |
| 268 | export BASE_URL="${config.myEnv.backup.remote}" | 272 | export BASE_URL="${v.remote "immae-eldiron"}" |
| 269 | ''; | 273 | ''; |
| 270 | } | 274 | }) config.myEnv.backup.remotes |
| 271 | ); | 275 | ); |
| 272 | # needed since extraResource is not in the closure | 276 | # needed since extraResource is not in the closure |
| 273 | systemd.services.naemon.path = [ myplugins ]; | 277 | systemd.services.naemon.path = [ myplugins ]; |
diff --git a/modules/private/monitoring/objects_common.nix b/modules/private/monitoring/objects_common.nix index d3a46ce..25f8124 100644 --- a/modules/private/monitoring/objects_common.nix +++ b/modules/private/monitoring/objects_common.nix | |||
| @@ -108,8 +108,9 @@ in | |||
| 108 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; | 108 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; |
| 109 | check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$"; | 109 | check_emails = "$USER2$/check_emails -H $HOSTADDRESS$ -i $USER203$ -l $ARG1$ -p $ARG2$ -s $ARG3$ -f $ARG4$"; |
| 110 | check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$"; | 110 | check_emails_local = "$USER2$/check_emails -H $HOSTADDRESS$ -n $ARG1$ -r $ADMINEMAIL$ -s $ARG2$ -f $ARG3$"; |
| 111 | check_eriomem = "$USER2$/check_eriomem $USER208$"; | 111 | check_backup_eriomem = "$USER2$/check_eriomem $USER208$"; |
| 112 | check_eriomem_age = "$USER2$/check_eriomem_age $ARG1$"; | 112 | check_backup_eriomem_age = "$USER2$/check_backup_eriomem_age $ARG1$"; |
| 113 | check_backup_ovh_age = "$USER2$/check_backup_ovh_age $ARG1$"; | ||
| 113 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; | 114 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; |
| 114 | check_ftp_database = "$USER2$/check_ftp_database"; | 115 | check_ftp_database = "$USER2$/check_ftp_database"; |
| 115 | check_git = "$USER2$/check_git $USER203$"; | 116 | check_git = "$USER2$/check_git $USER203$"; |
diff --git a/modules/private/monitoring/objects_monitoring-1.nix b/modules/private/monitoring/objects_monitoring-1.nix index 2cba58e..1aebd26 100644 --- a/modules/private/monitoring/objects_monitoring-1.nix +++ b/modules/private/monitoring/objects_monitoring-1.nix | |||
| @@ -1,22 +1,24 @@ | |||
| 1 | { config, pkgs, nodes, hostFQDN, emailCheck, ... }: | 1 | { config, pkgs, nodes, hostFQDN, emailCheck, lib, ... }: |
| 2 | let | 2 | let |
| 3 | to_eriomem_age_dependency = name: { | 3 | to_backup_age_dependency = name: profile: map (remote: |
| 4 | dependent_host_name = "eldiron.immae.eu"; | 4 | { |
| 5 | host_name = "eldiron.immae.eu"; | 5 | dependent_host_name = "eldiron.immae.eu"; |
| 6 | dependent_service_description = "Eriomem backup for ${name} is not too old"; | 6 | host_name = "eldiron.immae.eu"; |
| 7 | service_description = "Eriomem backup is up and not full"; | 7 | dependent_service_description = "${remote} backup for ${name} is not too old"; |
| 8 | execution_failure_criteria = "u"; | 8 | service_description = "${remote} backup is up and not full"; |
| 9 | notification_failure_criteria = "u"; | 9 | execution_failure_criteria = "u"; |
| 10 | }; | 10 | notification_failure_criteria = "u"; |
| 11 | to_eriomem_age = name: { | 11 | }) profile.remotes; |
| 12 | service_description = "Eriomem backup for ${name} is not too old"; | 12 | to_backup_age = name: profile: map (remote: |
| 13 | host_name = "eldiron.immae.eu"; | 13 | { |
| 14 | use = "external-service"; | 14 | service_description = "${remote} backup for ${name} is not too old"; |
| 15 | check_command = ["check_eriomem_age" name]; | 15 | host_name = "eldiron.immae.eu"; |
| 16 | 16 | use = "external-service"; | |
| 17 | check_interval = "120"; | 17 | check_command = ["check_backup_${remote}_age" name]; |
| 18 | notification_interval = "1440"; | 18 | |
| 19 | }; | 19 | check_interval = "120"; |
| 20 | notification_interval = "1440"; | ||
| 21 | }) profile.remotes; | ||
| 20 | in | 22 | in |
| 21 | { | 23 | { |
| 22 | host = { | 24 | host = { |
| @@ -111,10 +113,21 @@ in | |||
| 111 | 113 | ||
| 112 | # Backup services | 114 | # Backup services |
| 113 | { | 115 | { |
| 114 | service_description = "Eriomem backup is up and not full"; | 116 | service_description = "eriomem backup is up and not full"; |
| 117 | host_name = "eldiron.immae.eu"; | ||
| 118 | use = "external-service"; | ||
| 119 | check_command = "check_backup_eriomem"; | ||
| 120 | |||
| 121 | check_interval = "120"; | ||
| 122 | notification_interval = "1440"; | ||
| 123 | |||
| 124 | servicegroups = "webstatus-backup"; | ||
| 125 | } | ||
| 126 | { | ||
| 127 | service_description = "ovh backup is up and not full"; | ||
| 115 | host_name = "eldiron.immae.eu"; | 128 | host_name = "eldiron.immae.eu"; |
| 116 | use = "external-service"; | 129 | use = "external-service"; |
| 117 | check_command = "check_eriomem"; | 130 | check_command = "check_ok"; |
| 118 | 131 | ||
| 119 | check_interval = "120"; | 132 | check_interval = "120"; |
| 120 | notification_interval = "1440"; | 133 | notification_interval = "1440"; |
| @@ -673,7 +686,7 @@ in | |||
| 673 | _webstatus_name = "LDAP"; | 686 | _webstatus_name = "LDAP"; |
| 674 | _webstatus_url = "ldap.immae.eu"; | 687 | _webstatus_url = "ldap.immae.eu"; |
| 675 | } | 688 | } |
| 676 | ] ++ map to_eriomem_age (builtins.attrNames nodes.eldiron.config.services.duplyBackup.profiles); | 689 | ] ++ lib.flatten (lib.mapAttrsToList to_backup_age nodes.eldiron.config.services.duplyBackup.profiles); |
| 677 | contact = { | 690 | contact = { |
| 678 | telio-tortay = config.myEnv.monitoring.contacts.telio-tortay // { | 691 | telio-tortay = config.myEnv.monitoring.contacts.telio-tortay // { |
| 679 | use = "generic-contact"; | 692 | use = "generic-contact"; |
| @@ -688,5 +701,5 @@ in | |||
| 688 | telio-tortay = { alias = "Telio Tortay"; members = "immae"; }; | 701 | telio-tortay = { alias = "Telio Tortay"; members = "immae"; }; |
| 689 | tiboqorl = { alias = "Tiboqorl"; members = "immae"; }; | 702 | tiboqorl = { alias = "Tiboqorl"; members = "immae"; }; |
| 690 | }; | 703 | }; |
| 691 | servicedependency = map to_eriomem_age_dependency (builtins.attrNames nodes.eldiron.config.services.duplyBackup.profiles); | 704 | servicedependency = lib.flatten (lib.mapAttrsToList to_backup_age_dependency nodes.eldiron.config.services.duplyBackup.profiles); |
| 692 | } | 705 | } |
diff --git a/modules/private/monitoring/plugins/check_eriomem_age b/modules/private/monitoring/plugins/check_backup_age index 4d03b82..4d03b82 100755 --- a/modules/private/monitoring/plugins/check_eriomem_age +++ b/modules/private/monitoring/plugins/check_backup_age | |||