diff options
25 files changed, 1557 insertions, 39 deletions
@@ -1,5 +1,6 @@ | |||
1 | subrecipes = setup | 1 | subrecipes = setup |
2 | subrecipes += nixops ssh-eldiron ssh-backup-2 info debug dry-run build upload deploy deploy-reboot reboot | 2 | subrecipes += nixops ssh-eldiron ssh-backup-2 ssh-monitoring-1 |
3 | subrecipes += info debug dry-run build upload deploy deploy-reboot reboot | ||
3 | subrecipes += list-generations delete-generations cleanup | 4 | subrecipes += list-generations delete-generations cleanup |
4 | subrecipes += pull pull_environment pull_deployment deployment_is_set push push_deployment push_environment | 5 | subrecipes += pull pull_environment pull_deployment deployment_is_set push push_deployment push_environment |
5 | ${subrecipes}: | 6 | ${subrecipes}: |
diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 9bfb80a..550b060 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix | |||
@@ -117,6 +117,11 @@ in | |||
117 | default = {}; | 117 | default = {}; |
118 | type = attrsOf (submodule { | 118 | type = attrsOf (submodule { |
119 | options = { | 119 | options = { |
120 | emails = mkOption { | ||
121 | default = []; | ||
122 | description = "List of e-mails that the server can be a sender of"; | ||
123 | type = listOf str; | ||
124 | }; | ||
120 | ldap = mkOption { | 125 | ldap = mkOption { |
121 | description = '' | 126 | description = '' |
122 | LDAP credentials for the host | 127 | LDAP credentials for the host |
@@ -453,7 +458,16 @@ in | |||
453 | options = { | 458 | options = { |
454 | status_url = mkOption { type = str; description = "URL to push status to"; }; | 459 | status_url = mkOption { type = str; description = "URL to push status to"; }; |
455 | status_token = mkOption { type = str; description = "Token for the status url"; }; | 460 | status_token = mkOption { type = str; description = "Token for the status url"; }; |
461 | http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; }; | ||
456 | email = mkOption { type = str; description = "Admin E-mail"; }; | 462 | email = mkOption { type = str; description = "Admin E-mail"; }; |
463 | ssh_public_key = mkOption { type = str; description = "SSH public key"; }; | ||
464 | ssh_secret_key = mkOption { type = str; description = "SSH secret key"; }; | ||
465 | imap_login = mkOption { type = str; description = "IMAP login"; }; | ||
466 | imap_password = mkOption { type = str; description = "IMAP password"; }; | ||
467 | nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; }; | ||
468 | slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; }; | ||
469 | slack_channel = mkOption { type = str; description = "Slack channel to push status update"; }; | ||
470 | contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; }; | ||
457 | }; | 471 | }; |
458 | }; | 472 | }; |
459 | }; | 473 | }; |
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix index d6c91ac..a1f4b3f 100644 --- a/modules/private/monitoring/default.nix +++ b/modules/private/monitoring/default.nix | |||
@@ -1,5 +1,6 @@ | |||
1 | { config, pkgs, lib, name, ... }: | 1 | { config, pkgs, lib, name, nodes, ... }: |
2 | let | 2 | let |
3 | cfg = config.myServices.monitoring; | ||
3 | myplugins = pkgs.runCommand "buildplugins" { | 4 | myplugins = pkgs.runCommand "buildplugins" { |
4 | buildInputs = [ pkgs.makeWrapper pkgs.perl ]; | 5 | buildInputs = [ pkgs.makeWrapper pkgs.perl ]; |
5 | } '' | 6 | } '' |
@@ -10,6 +11,9 @@ let | |||
10 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ | 11 | wrapProgram $out/send_nrdp.sh --prefix PATH : ${lib.makeBinPath [ |
11 | pkgs.curl pkgs.jq | 12 | pkgs.curl pkgs.jq |
12 | ]} | 13 | ]} |
14 | wrapProgram $out/check_maison_bbc --prefix PATH : ${lib.makeBinPath [ | ||
15 | pkgs.curl pkgs.jq | ||
16 | ]} | ||
13 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ | 17 | wrapProgram $out/check_mem.sh --prefix PATH : ${lib.makeBinPath [ |
14 | pkgs.gnugrep pkgs.gawk pkgs.procps-ng | 18 | pkgs.gnugrep pkgs.gawk pkgs.procps-ng |
15 | ]} | 19 | ]} |
@@ -25,6 +29,24 @@ let | |||
25 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ | 29 | wrapProgram $out/check_openldap_replication --prefix PATH : ${lib.makeBinPath [ |
26 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap | 30 | pkgs.gnugrep pkgs.gnused pkgs.coreutils pkgs.openldap |
27 | ]} | 31 | ]} |
32 | wrapProgram $out/check_ftp_database --prefix PATH : ${lib.makeBinPath [ | ||
33 | pkgs.lftp | ||
34 | ]} | ||
35 | wrapProgram $out/check_git --prefix PATH : ${lib.makeBinPath [ | ||
36 | pkgs.git pkgs.openssh | ||
37 | ]} | ||
38 | wrapProgram $out/check_imap_connection --prefix PATH : ${lib.makeBinPath [ | ||
39 | pkgs.openssl | ||
40 | ]} | ||
41 | wrapProgram $out/notify_maison_bbc_by_email --prefix PATH : ${lib.makeBinPath [ | ||
42 | pkgs.mailutils pkgs.gawk | ||
43 | ]} | ||
44 | wrapProgram $out/notify_by_email --prefix PATH : ${lib.makeBinPath [ | ||
45 | pkgs.mailutils | ||
46 | ]} | ||
47 | wrapProgram $out/notify_by_slack --prefix PATH : ${lib.makeBinPath [ | ||
48 | pkgs.curl pkgs.jq | ||
49 | ]} | ||
28 | ''; | 50 | ''; |
29 | toObjects = pkgs.callPackage ./to_objects.nix {}; | 51 | toObjects = pkgs.callPackage ./to_objects.nix {}; |
30 | commonConfig = { | 52 | commonConfig = { |
@@ -36,16 +58,48 @@ let | |||
36 | processWarn = "50"; processAlert = "60"; | 58 | processWarn = "50"; processAlert = "60"; |
37 | loadWarn = "1.0"; loadAlert = "2.0"; | 59 | loadWarn = "1.0"; loadAlert = "2.0"; |
38 | }; | 60 | }; |
61 | monitoring-1 = { | ||
62 | processWarn = "50"; processAlert = "60"; | ||
63 | loadWarn = "1.0"; loadAlert = "2.0"; | ||
64 | }; | ||
39 | }; | 65 | }; |
66 | masterPassiveObjects = let | ||
67 | otherPassiveObjects = map | ||
68 | (n: (pkgs.callPackage (./. + "/objects_" + n + ".nix") {})) | ||
69 | [ "caldance-1" "ulminfo-fr" "immae-eu" "phare" "tiboqorl-fr" ]; | ||
70 | otherPassiveServices = lib.flatten (map (h: h.service or []) otherPassiveObjects); | ||
71 | otherPassiveHosts = (map (h: h.host)) otherPassiveObjects; | ||
72 | passiveNodes = lib.attrsets.filterAttrs (n: _: builtins.elem n ["backup-2" "eldiron"]) nodes; | ||
73 | toPassiveServices = map (s: s.passiveInfo.filter s // s.passiveInfo); | ||
74 | passiveServices = lib.flatten (lib.attrsets.mapAttrsToList | ||
75 | (_: n: toPassiveServices n.config.myServices.monitoring.services) | ||
76 | passiveNodes | ||
77 | ); | ||
78 | in { | ||
79 | service = passiveServices ++ otherPassiveServices; | ||
80 | host = lib.lists.foldr | ||
81 | (a: b: a//b) | ||
82 | {} | ||
83 | (otherPassiveHosts ++ lib.attrsets.mapAttrsToList (_: h: h.config.myServices.monitoring.hosts) passiveNodes); | ||
84 | }; | ||
85 | masterObjects = pkgs.callPackage ./objects_master.nix { inherit config; }; | ||
40 | commonObjects = pkgs.callPackage ./objects_common.nix ({ | 86 | commonObjects = pkgs.callPackage ./objects_common.nix ({ |
87 | master = cfg.master; | ||
41 | hostFQDN = config.hostEnv.FQDN; | 88 | hostFQDN = config.hostEnv.FQDN; |
89 | hostName = name; | ||
42 | sudo = "/run/wrappers/bin/sudo"; | 90 | sudo = "/run/wrappers/bin/sudo"; |
43 | } // builtins.getAttr name commonConfig); | 91 | } // builtins.getAttr name commonConfig); |
44 | hostObjects = | 92 | hostObjects = |
45 | let | 93 | let |
46 | specific_file = ./. + "/objects_" + name + ".nix"; | 94 | specific_file = ./. + "/objects_" + name + ".nix"; |
47 | in | 95 | in |
48 | lib.attrsets.optionalAttrs (builtins.pathExists specific_file) (pkgs.callPackage specific_file { inherit config; }); | 96 | lib.attrsets.optionalAttrs |
97 | (builtins.pathExists specific_file) | ||
98 | (pkgs.callPackage specific_file { | ||
99 | inherit config; | ||
100 | hostFQDN = config.hostEnv.FQDN; | ||
101 | hostName = name; | ||
102 | }); | ||
49 | in | 103 | in |
50 | { | 104 | { |
51 | options = { | 105 | options = { |
@@ -57,10 +111,27 @@ in | |||
57 | Whether to enable monitoring. | 111 | Whether to enable monitoring. |
58 | ''; | 112 | ''; |
59 | }; | 113 | }; |
114 | master = lib.mkOption { | ||
115 | type = lib.types.bool; | ||
116 | default = false; | ||
117 | description = '' | ||
118 | This instance is the master instance | ||
119 | ''; | ||
120 | }; | ||
121 | hosts = lib.mkOption { | ||
122 | readOnly = true; | ||
123 | description = "Hosts list for this host"; | ||
124 | default = (commonObjects.host or {}) // (hostObjects.host or {}); | ||
125 | }; | ||
126 | services = lib.mkOption { | ||
127 | readOnly = true; | ||
128 | description = "Services list for this host"; | ||
129 | default = commonObjects.service ++ hostObjects.service; | ||
130 | }; | ||
60 | }; | 131 | }; |
61 | }; | 132 | }; |
62 | 133 | ||
63 | config = lib.mkIf config.myServices.monitoring.enable { | 134 | config = lib.mkIf cfg.enable { |
64 | services.duplyBackup.profiles.monitoring = { | 135 | services.duplyBackup.profiles.monitoring = { |
65 | rootDir = config.services.naemon.varDir; | 136 | rootDir = config.services.naemon.varDir; |
66 | }; | 137 | }; |
@@ -116,6 +187,15 @@ in | |||
116 | text = "MAILADDR ${config.myEnv.monitoring.email}"; | 187 | text = "MAILADDR ${config.myEnv.monitoring.email}"; |
117 | }; | 188 | }; |
118 | 189 | ||
190 | secrets.keys = [ | ||
191 | { | ||
192 | dest = "naemon/id_rsa"; | ||
193 | user = "naemon"; | ||
194 | group = "naemon"; | ||
195 | premissions = "0400"; | ||
196 | text = config.myEnv.monitoring.ssh_secret_key; | ||
197 | } | ||
198 | ]; | ||
119 | # needed since extraResource is not in the closure | 199 | # needed since extraResource is not in the closure |
120 | systemd.services.naemon.path = [ myplugins ]; | 200 | systemd.services.naemon.path = [ myplugins ]; |
121 | services.naemon = { | 201 | services.naemon = { |
@@ -126,7 +206,7 @@ in | |||
126 | log_initial_states=1 | 206 | log_initial_states=1 |
127 | date_format=iso8601 | 207 | date_format=iso8601 |
128 | admin_email=${config.myEnv.monitoring.email} | 208 | admin_email=${config.myEnv.monitoring.email} |
129 | 209 | '' + lib.optionalString (!cfg.master) '' | |
130 | obsess_over_services=1 | 210 | obsess_over_services=1 |
131 | ocsp_command=notify-master | 211 | ocsp_command=notify-master |
132 | ''; | 212 | ''; |
@@ -134,8 +214,17 @@ in | |||
134 | $USER2$=${myplugins} | 214 | $USER2$=${myplugins} |
135 | $USER200$=${config.myEnv.monitoring.status_url} | 215 | $USER200$=${config.myEnv.monitoring.status_url} |
136 | $USER201$=${config.myEnv.monitoring.status_token} | 216 | $USER201$=${config.myEnv.monitoring.status_token} |
217 | $USER202$=${config.myEnv.monitoring.http_user_password} | ||
218 | $USER203$=${config.secrets.fullPaths."naemon/id_rsa"} | ||
219 | $USER204$=${config.myEnv.monitoring.imap_login} | ||
220 | $USER205$=${config.myEnv.monitoring.imap_password} | ||
221 | $USER206$=${config.myEnv.monitoring.slack_channel} | ||
222 | $USER207$=${config.myEnv.monitoring.slack_url} | ||
137 | ''; | 223 | ''; |
138 | objectDefs = toObjects commonObjects + toObjects hostObjects; | 224 | objectDefs = toObjects commonObjects |
225 | + toObjects hostObjects | ||
226 | + lib.optionalString cfg.master (toObjects masterObjects) | ||
227 | + lib.optionalString cfg.master (toObjects masterPassiveObjects); | ||
139 | }; | 228 | }; |
140 | }; | 229 | }; |
141 | } | 230 | } |
diff --git a/modules/private/monitoring/nagios-cli.cfg b/modules/private/monitoring/nagios-cli.cfg new file mode 100644 index 0000000..7bd30cb --- /dev/null +++ b/modules/private/monitoring/nagios-cli.cfg | |||
@@ -0,0 +1,68 @@ | |||
1 | # -*- coding: utf-8; -*- | ||
2 | |||
3 | [cli] | ||
4 | history = /var/lib/naemon/nagios_cli_history | ||
5 | |||
6 | [ui] | ||
7 | color = 1 | ||
8 | prompt = naemon %s> | ||
9 | prompt_separator = " → " | ||
10 | |||
11 | [nagios] | ||
12 | log = /var/log/naemon | ||
13 | command_file = /run/naemon/naemon.cmd | ||
14 | log_file = %(log)s/naemon.log | ||
15 | object_cache_file = /var/lib/naemon/objects.cache | ||
16 | status_file = /var/lib/naemon/status.dat | ||
17 | |||
18 | [object] | ||
19 | host.status = | ||
20 | host_name | ||
21 | current_state | ||
22 | plugin_output | ||
23 | is_flapping | ||
24 | last_check | ||
25 | last_time_down | ||
26 | last_state_change | ||
27 | check_period | ||
28 | notification_period | ||
29 | current_attempt | ||
30 | max_attempts | ||
31 | service.status = | ||
32 | host_name | ||
33 | service_description | ||
34 | current_state | ||
35 | is_flapping | ||
36 | plugin_output | ||
37 | last_time_down | ||
38 | last_state_change | ||
39 | last_check | ||
40 | next_check | ||
41 | check_interval | ||
42 | check_latency | ||
43 | check_period | ||
44 | notification_period | ||
45 | current_attempt | ||
46 | max_attempts | ||
47 | |||
48 | [string] | ||
49 | level.ok = ↑ OK | ||
50 | level.warning = ! WARNING | ||
51 | level.critical = ↓ CRITICAL | ||
52 | level.unknown = ↕ UNKNOWN | ||
53 | |||
54 | [color] | ||
55 | error = bold_red | ||
56 | |||
57 | prompt = normal | ||
58 | prompt.object = bold | ||
59 | |||
60 | host.host_name = bold | ||
61 | host.plugin_output = bold | ||
62 | service.plugin_output = bold | ||
63 | |||
64 | level.ok = bold_green | ||
65 | level.warning = bold_yellow | ||
66 | level.critical = bold_red | ||
67 | level.unknown = bold_magenta | ||
68 | |||
diff --git a/modules/private/monitoring/objects_backup-2.nix b/modules/private/monitoring/objects_backup-2.nix index 38b2ff6..52289dd 100644 --- a/modules/private/monitoring/objects_backup-2.nix +++ b/modules/private/monitoring/objects_backup-2.nix | |||
@@ -1,52 +1,73 @@ | |||
1 | { config, pkgs, ... }: | 1 | { config, pkgs, lib, hostFQDN, ... }: |
2 | let | ||
3 | defaultPassiveInfo = { | ||
4 | filter = lib.attrsets.filterAttrs | ||
5 | (k: v: builtins.elem k ["service_description"] || builtins.substring 0 1 k == "_"); | ||
6 | use = "external-passive-service"; | ||
7 | freshness_threshold = "450"; | ||
8 | retry_interval = "1"; | ||
9 | servicegroups = "webstatus-resources"; | ||
10 | host_name = hostFQDN; | ||
11 | }; | ||
12 | in | ||
2 | { | 13 | { |
3 | service = [ | 14 | service = [ |
4 | { | 15 | { |
16 | passiveInfo = defaultPassiveInfo; | ||
5 | service_description = "Size on /backup2 partition"; | 17 | service_description = "Size on /backup2 partition"; |
6 | use = "local-service"; | 18 | use = "local-service"; |
7 | check_command = ["check_local_disk" "10%" "5%" "/backup2"]; | 19 | check_command = ["check_local_disk" "10%" "5%" "/backup2"]; |
8 | } | 20 | } |
9 | { | 21 | { |
22 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-backup"; }; | ||
10 | service_description = "Last backup in /backup2/phare is not too old"; | 23 | service_description = "Last backup in /backup2/phare is not too old"; |
11 | use = "local-service"; | 24 | use = "local-service"; |
12 | check_command = ["check_last_file_date" "/backup2/phare" "14" "backup"]; | 25 | check_command = ["check_last_file_date" "/backup2/phare" "14" "backup"]; |
13 | } | 26 | } |
14 | { | 27 | { |
28 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-backup"; }; | ||
15 | service_description = "Last backup in /backup2/immae_eu is not too old"; | 29 | service_description = "Last backup in /backup2/immae_eu is not too old"; |
16 | use = "local-service"; | 30 | use = "local-service"; |
17 | check_command = ["check_last_file_date" "/backup2/immae_eu" "14" "backup"]; | 31 | check_command = ["check_last_file_date" "/backup2/immae_eu" "14" "backup"]; |
18 | } | 32 | } |
19 | { | 33 | { |
34 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-backup"; }; | ||
20 | service_description = "Last backup in /backup2/ulminfo is not too old"; | 35 | service_description = "Last backup in /backup2/ulminfo is not too old"; |
21 | use = "local-service"; | 36 | use = "local-service"; |
22 | check_command = ["check_last_file_date" "/backup2/ulminfo" "14" "backup"]; | 37 | check_command = ["check_last_file_date" "/backup2/ulminfo" "14" "backup"]; |
23 | } | 38 | } |
24 | { | 39 | { |
40 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases,webstatus-backup"; }; | ||
25 | service_description = "Last postgresql dump in /backup2/eldiron/postgresql_backup is not too old"; | 41 | service_description = "Last postgresql dump in /backup2/eldiron/postgresql_backup is not too old"; |
26 | use = "local-service"; | 42 | use = "local-service"; |
27 | check_command = ["check_last_file_date" "/backup2/eldiron/postgresql_backup" "7" "postgres"]; | 43 | check_command = ["check_last_file_date" "/backup2/eldiron/postgresql_backup" "7" "postgres"]; |
28 | } | 44 | } |
29 | { | 45 | { |
46 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; }; | ||
30 | service_description = "Redis replication for eldiron is up to date"; | 47 | service_description = "Redis replication for eldiron is up to date"; |
31 | use = "local-service"; | 48 | use = "local-service"; |
32 | check_command = ["check_redis_replication" "/run/redis_eldiron/redis.sock"]; | 49 | check_command = ["check_redis_replication" "/run/redis_eldiron/redis.sock"]; |
33 | } | 50 | } |
34 | { | 51 | { |
52 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases,webstatus-backup"; }; | ||
35 | service_description = "Last redis dump in /backup2/eldiron/redis_backup is not too old"; | 53 | service_description = "Last redis dump in /backup2/eldiron/redis_backup is not too old"; |
36 | use = "local-service"; | 54 | use = "local-service"; |
37 | check_command = ["check_last_file_date" "/backup2/eldiron/redis_backup" "7" "redis"]; | 55 | check_command = ["check_last_file_date" "/backup2/eldiron/redis_backup" "7" "redis"]; |
38 | } | 56 | } |
39 | { | 57 | { |
58 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; }; | ||
40 | service_description = "Mysql replication for eldiron is up to date"; | 59 | service_description = "Mysql replication for eldiron is up to date"; |
41 | use = "local-service"; | 60 | use = "local-service"; |
42 | check_command = ["check_mysql_replication" "/run/mysqld_eldiron/mysqld.sock" "/var/secrets/mysql_replication/eldiron/client"]; | 61 | check_command = ["check_mysql_replication" "/run/mysqld_eldiron/mysqld.sock" "/var/secrets/mysql_replication/eldiron/client"]; |
43 | } | 62 | } |
44 | { | 63 | { |
64 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases,webstatus-backup"; }; | ||
45 | service_description = "Last mysql dump in /backup2/eldiron/mysql_backup is not too old"; | 65 | service_description = "Last mysql dump in /backup2/eldiron/mysql_backup is not too old"; |
46 | use = "local-service"; | 66 | use = "local-service"; |
47 | check_command = ["check_last_file_date" "/backup2/eldiron/mysql_backup" "7" "mysql"]; | 67 | check_command = ["check_last_file_date" "/backup2/eldiron/mysql_backup" "7" "mysql"]; |
48 | } | 68 | } |
49 | { | 69 | { |
70 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; }; | ||
50 | service_description = "Openldap replication for eldiron is up to date"; | 71 | service_description = "Openldap replication for eldiron is up to date"; |
51 | use = "local-service"; | 72 | use = "local-service"; |
52 | check_command = let | 73 | check_command = let |
@@ -73,6 +94,7 @@ | |||
73 | ]; | 94 | ]; |
74 | } | 95 | } |
75 | { | 96 | { |
97 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases,webstatus-backup"; }; | ||
76 | service_description = "Last openldap dump in /backup2/eldiron/openldap_backup is not too old"; | 98 | service_description = "Last openldap dump in /backup2/eldiron/openldap_backup is not too old"; |
77 | use = "local-service"; | 99 | use = "local-service"; |
78 | check_command = ["check_last_file_date" "/backup2/eldiron/openldap_backup" "7" "openldap"]; | 100 | check_command = ["check_last_file_date" "/backup2/eldiron/openldap_backup" "7" "openldap"]; |
diff --git a/modules/private/monitoring/objects_caldance-1.nix b/modules/private/monitoring/objects_caldance-1.nix new file mode 100644 index 0000000..2879124 --- /dev/null +++ b/modules/private/monitoring/objects_caldance-1.nix | |||
@@ -0,0 +1,57 @@ | |||
1 | { ... }: | ||
2 | let | ||
3 | defaultPassiveInfo = { | ||
4 | use = "external-passive-service"; | ||
5 | freshness_threshold = "450"; | ||
6 | retry_interval = "1"; | ||
7 | host_name = "caldance-1.v.immae.eu"; | ||
8 | }; | ||
9 | in | ||
10 | { | ||
11 | host = { | ||
12 | "caldance-1.v.immae.eu" = { | ||
13 | alias = "caldance-1.v.immae.eu"; | ||
14 | address = "caldance-1.v.immae.eu"; | ||
15 | use = "linux-server"; | ||
16 | hostgroups = "webstatus-hosts"; | ||
17 | _webstatus_name = "caldance-1"; | ||
18 | }; | ||
19 | }; | ||
20 | service = map (s: defaultPassiveInfo // s) [ | ||
21 | { | ||
22 | service_description = "Size on root partition"; | ||
23 | servicegroups = "webstatus-resources"; | ||
24 | } | ||
25 | |||
26 | { | ||
27 | service_description = "Total number of process"; | ||
28 | servicegroups = "webstatus-resources"; | ||
29 | } | ||
30 | |||
31 | { | ||
32 | service_description = "Average load"; | ||
33 | servicegroups = "webstatus-resources"; | ||
34 | } | ||
35 | |||
36 | { | ||
37 | service_description = "Swap usage"; | ||
38 | servicegroups = "webstatus-resources"; | ||
39 | } | ||
40 | |||
41 | { | ||
42 | service_description = "fail2ban is active"; | ||
43 | servicegroups = "webstatus-resources"; | ||
44 | } | ||
45 | |||
46 | { | ||
47 | service_description = "NTP is activated and working"; | ||
48 | servicegroups = "webstatus-resources"; | ||
49 | freshness_threshold = "5400"; | ||
50 | } | ||
51 | |||
52 | { | ||
53 | service_description = "Databases are present in postgresql"; | ||
54 | servicegroups = "webstatus-databases"; | ||
55 | } | ||
56 | ]; | ||
57 | } | ||
diff --git a/modules/private/monitoring/objects_common.nix b/modules/private/monitoring/objects_common.nix index 66fb812..7467306 100644 --- a/modules/private/monitoring/objects_common.nix +++ b/modules/private/monitoring/objects_common.nix | |||
@@ -1,27 +1,45 @@ | |||
1 | { hostFQDN | 1 | { hostFQDN |
2 | , hostName | ||
2 | , processWarn ? "250" | 3 | , processWarn ? "250" |
3 | , processAlert ? "400" | 4 | , processAlert ? "400" |
4 | , loadWarn ? "8.0" | 5 | , loadWarn ? "8.0" |
5 | , loadAlert ? "10.0" | 6 | , loadAlert ? "10.0" |
6 | , mdadm | 7 | , mdadm |
7 | , sudo | 8 | , sudo |
9 | , master | ||
10 | , lib | ||
8 | , ... | 11 | , ... |
9 | }: | 12 | }: |
13 | let | ||
14 | defaultPassiveInfo = { | ||
15 | filter = lib.attrsets.filterAttrs | ||
16 | (k: v: builtins.elem k ["service_description"] || builtins.substring 0 1 k == "_"); | ||
17 | use = "external-passive-service"; | ||
18 | freshness_threshold = "450"; | ||
19 | retry_interval = "1"; | ||
20 | servicegroups = "webstatus-resources"; | ||
21 | host_name = hostFQDN; | ||
22 | }; | ||
23 | in | ||
10 | { | 24 | { |
11 | host = { | 25 | host = { |
12 | "${hostFQDN}" = { | 26 | "${hostFQDN}" = { |
13 | alias = hostFQDN; | 27 | alias = hostFQDN; |
14 | address = hostFQDN; | 28 | address = hostFQDN; |
15 | use = "linux-server"; | 29 | use = "linux-server"; |
30 | hostgroups = "webstatus-hosts"; | ||
31 | _webstatus_name = hostName; | ||
16 | }; | 32 | }; |
17 | }; | 33 | }; |
18 | service = [ | 34 | service = [ |
19 | { | 35 | { |
36 | passiveInfo = defaultPassiveInfo; | ||
20 | service_description = "Size on root partition"; | 37 | service_description = "Size on root partition"; |
21 | use = "local-service"; | 38 | use = "local-service"; |
22 | check_command = ["check_local_disk" "20%" "10%" "/"]; | 39 | check_command = ["check_local_disk" "20%" "10%" "/"]; |
23 | } | 40 | } |
24 | { | 41 | { |
42 | passiveInfo = defaultPassiveInfo; | ||
25 | service_description = "Total number of process"; | 43 | service_description = "Total number of process"; |
26 | use = "local-service"; | 44 | use = "local-service"; |
27 | check_command = [ | 45 | check_command = [ |
@@ -32,6 +50,7 @@ | |||
32 | ]; | 50 | ]; |
33 | } | 51 | } |
34 | { | 52 | { |
53 | passiveInfo = defaultPassiveInfo; | ||
35 | service_description = "Average load"; | 54 | service_description = "Average load"; |
36 | use = "local-service"; | 55 | use = "local-service"; |
37 | check_command = [ | 56 | check_command = [ |
@@ -41,21 +60,25 @@ | |||
41 | ]; | 60 | ]; |
42 | } | 61 | } |
43 | { | 62 | { |
63 | passiveInfo = defaultPassiveInfo; | ||
44 | service_description = "Swap usage"; | 64 | service_description = "Swap usage"; |
45 | use = "local-service"; | 65 | use = "local-service"; |
46 | check_command = ["check_local_swap" "20" "10"]; | 66 | check_command = ["check_local_swap" "20" "10"]; |
47 | } | 67 | } |
48 | { | 68 | { |
69 | passiveInfo = defaultPassiveInfo; | ||
49 | service_description = "Memory usage"; | 70 | service_description = "Memory usage"; |
50 | use = "local-service"; | 71 | use = "local-service"; |
51 | check_command = ["check_memory" "80" "90"]; | 72 | check_command = ["check_memory" "80" "90"]; |
52 | } | 73 | } |
53 | { | 74 | { |
75 | passiveInfo = defaultPassiveInfo; | ||
54 | service_description = "NTP is activated and working"; | 76 | service_description = "NTP is activated and working"; |
55 | use = "local-service"; | 77 | use = "local-service"; |
56 | check_command = ["check_ntp"]; | 78 | check_command = ["check_ntp"]; |
57 | } | 79 | } |
58 | { | 80 | { |
81 | passiveInfo = defaultPassiveInfo; | ||
59 | service_description = "No mdadm array is degraded"; | 82 | service_description = "No mdadm array is degraded"; |
60 | use = "local-service"; | 83 | use = "local-service"; |
61 | check_command = [ | 84 | check_command = [ |
@@ -67,28 +90,46 @@ | |||
67 | } | 90 | } |
68 | ]; | 91 | ]; |
69 | command = { | 92 | command = { |
93 | check_dns = "$USER1$/check_dns -H $ARG1$ -s $HOSTADDRESS$ $ARG2$"; | ||
94 | check_external_dns = "$USER1$/check_dns -H $ARG2$ -s $ARG1$ $ARG3$"; | ||
95 | check_ftp_database = "$USER2$/check_ftp_database"; | ||
96 | check_git = "$USER2$/check_git $USER203$"; | ||
97 | check_http = "$USER1$/check_http --sni -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
98 | check_https = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
99 | check_https_auth = "$USER1$/check_http --sni --ssl -a \"$USER202$\" -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -r \"$ARG3$\""; | ||
100 | check_https_certificate = "$USER1$/check_http --sni --ssl -H \"$ARG1$\" -C 21,15"; | ||
101 | check_https_code = "$USER1$/check_http --sni --ssl -f stickyport -H \"$ARG1$\" -u \"$ARG2$\" -e \"$ARG3$\" -r \"$ARG4$\""; | ||
102 | check_imap_connection = "$USER2$/check_imap_connection -u \"$USER204$\" -p \"$USER205$\" -H \"imap.immae.eu:143\""; | ||
70 | check_local_disk = "$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$"; | 103 | check_local_disk = "$USER1$/check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$"; |
71 | check_local_procs = "$USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$"; | 104 | check_local_procs = "$USER1$/check_procs -w $ARG1$ -c $ARG2$ -s $ARG3$"; |
72 | check_local_load = "$USER1$/check_load -w $ARG1$ -c $ARG2$"; | 105 | check_local_load = "$USER1$/check_load -w $ARG1$ -c $ARG2$"; |
73 | check_local_swap = "$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$"; | 106 | check_local_swap = "$USER1$/check_swap -n ok -w $ARG1$ -c $ARG2$"; |
74 | check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; | 107 | check_memory = "$USER2$/check_mem.sh -w $ARG1$ -c $ARG2$"; |
108 | check_command_match = "$USER2$/check_command -c \"$ARG1$\" -C \"$ARG2$\" $ARG3$"; | ||
75 | check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; | 109 | check_command_output = "$USER2$/check_command -c \"$ARG1$\" -s 0 -o \"$ARG2$\" $ARG3$"; |
110 | check_command_status = "$USER2$/check_command -c \"$ARG1$\" -s \"$ARG2$\" $ARG3$"; | ||
76 | check_ntp = "$USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org"; | 111 | check_ntp = "$USER1$/check_ntp_time -t 30 -q -H 0.arch.pool.ntp.org"; |
112 | check_mailq = "$USER1$/check_mailq -s -w 1 -c 2"; | ||
113 | check_maison_bbc = "$USER2$/check_maison_bbc"; | ||
77 | check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; | 114 | check_mysql_replication = "${sudo} -u mysql $USER2$/check_mysql_replication \"$ARG1$\" \"$ARG2$\""; |
78 | check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; | 115 | check_postgresql_replication = "${sudo} -u postgres $USER2$/check_postgres_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\""; |
79 | check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; | 116 | check_openldap_replication = "${sudo} -u openldap $USER2$/check_openldap_replication \"$ARG1$\" \"$ARG2$\" \"$ARG3$\" \"$ARG4$\" \"$ARG5$\""; |
80 | check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; | 117 | check_redis_replication = "${sudo} -u redis $USER2$/check_redis_replication \"$ARG1$\""; |
81 | check_mailq = "$USER1$/check_mailq -s -w 1 -c 2"; | 118 | check_smtp = "$USER1$/check_smtp -H $HOSTADDRESS$ -p 25 -S -D 21,15"; |
119 | check_tcp = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -e \"$ARG2$\" -Mcrit"; | ||
120 | check_tcp_ssl = "$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ -S -D 21,15"; | ||
82 | 121 | ||
83 | check_host_alive = "$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5"; | 122 | check_host_alive = "$USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5"; |
84 | check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; | 123 | check_last_file_date = "${sudo} -u \"$ARG3$\" $USER2$/check_last_file_date \"$ARG1$\" \"$ARG2$\""; |
124 | check_ok = "$USER1$/check_dummy 0 \"Dummy OK\""; | ||
125 | check_critical = "$USER1$/check_dummy 2 \"Dummy CRITICAL\""; | ||
85 | 126 | ||
86 | # No notify commands, we go through master | 127 | # $OVE is to force naemon to run via shell instead of execve which fails here |
87 | # notify_host_by_email = "SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | 128 | notify-host-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" HOSTSTATE=\"$HOSTSTATE$\" HOSTOUTPUT=\"$HOSTOUTPUT$\" $USER2$/notify_by_email host \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; |
88 | # #$OVE is to force naemon to run via shell instead of execve which fails here | 129 | # $OVE is to force naemon to run via shell instead of execve which fails here |
89 | # notify_service_by_email = "SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; | 130 | notify-service-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; |
90 | # #sudo /usr/bin/strace -o /tmp/foo -vf -s 256 -u naemon $USER2$/notify_by_email | 131 | notify-maison-bbc-by-email = "ADMINEMAIL=\"$ADMINEMAIL$\" SERVICENOTIFICATIONID=\"$SERVICENOTIFICATIONID$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_maison_bbc_by_email service \"$NOTIFICATIONTYPE$\" \"$HOSTALIAS$\" \"$LONGDATETIME$\" \"$CONTACTEMAIL$\" $OVE"; |
91 | # #$OVE is to force naemon to run via shell instead of execve which fails here | 132 | notify-by-slack = "HOST=\"$HOSTALIAS$\" SERVICESTATE=\"$SERVICESTATE$\" SERVICEDESC=\"$SERVICEDESC$\" SERVICEOUTPUT=\"$SERVICEOUTPUT$\" $USER2$/notify_by_slack \"$ARG1$\" \"$ARG2$\""; |
92 | 133 | ||
93 | notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$\""; | 134 | notify-master = "$USER2$/send_nrdp.sh -u \"$USER200$\" -t \"$USER201$\" -H \"$HOSTADDRESS$\" -s \"$SERVICEDESC$\" -S \"$SERVICESTATEID$\" -o \"$SERVICEOUTPUT$\""; |
94 | }; | 135 | }; |
@@ -104,17 +145,24 @@ | |||
104 | sunday = "00:00-24:00"; | 145 | sunday = "00:00-24:00"; |
105 | }; | 146 | }; |
106 | }; | 147 | }; |
148 | servicegroup = { | ||
149 | webstatus-webapps = { alias = "Web applications"; }; | ||
150 | webstatus-websites = { alias = "Personal websites"; }; | ||
151 | webstatus-ssl = { alias = "SSL certificates"; }; | ||
152 | webstatus-dns = { alias = "DNS resolution"; }; | ||
153 | webstatus-remote-services = { alias = "Other remote services"; }; | ||
154 | webstatus-local-services = { alias = "Other local services"; }; | ||
155 | webstatus-email = { alias = "E-mail services"; }; | ||
156 | webstatus-resources = { alias = "Local resources"; }; | ||
157 | webstatus-databases = { alias = "Databases resources"; }; | ||
158 | webstatus-backup = { alias = "Backup resources"; }; | ||
159 | }; | ||
160 | hostgroup = { | ||
161 | webstatus-hosts = { alias = "Hosts"; }; | ||
162 | }; | ||
107 | contactgroup = { | 163 | contactgroup = { |
108 | admins = { alias = "Naemon Administrators"; }; | 164 | admins = { alias = "Naemon Administrators"; }; |
109 | }; | 165 | }; |
110 | # No contact, we go through master | ||
111 | # contact = { | ||
112 | # immae = { | ||
113 | # alias = "Immae"; | ||
114 | # use = "generic-contact"; | ||
115 | # email = "xxxxxxxxxxxxxxxx"; | ||
116 | # }; | ||
117 | # }; | ||
118 | templates = { | 166 | templates = { |
119 | service = { | 167 | service = { |
120 | generic-service = { | 168 | generic-service = { |
@@ -130,7 +178,7 @@ | |||
130 | notification_interval = "60"; | 178 | notification_interval = "60"; |
131 | notification_options = "w,u,c,r,f,s"; | 179 | notification_options = "w,u,c,r,f,s"; |
132 | notification_period = "24x7"; | 180 | notification_period = "24x7"; |
133 | notifications_enabled = "0"; # no notification since we send them to master | 181 | notifications_enabled = if master then "1" else "0"; |
134 | obsess_over_service = "1"; | 182 | obsess_over_service = "1"; |
135 | passive_checks_enabled = "1"; | 183 | passive_checks_enabled = "1"; |
136 | process_perf_data = "1"; | 184 | process_perf_data = "1"; |
@@ -144,19 +192,51 @@ | |||
144 | check_interval = "5"; | 192 | check_interval = "5"; |
145 | max_check_attempts = "4"; | 193 | max_check_attempts = "4"; |
146 | retry_interval = "1"; | 194 | retry_interval = "1"; |
195 | servicegroups = "webstatus-resources"; | ||
196 | }; | ||
197 | external-service = { | ||
198 | use = "generic-service"; | ||
199 | check_interval = "5"; | ||
200 | max_check_attempts = "4"; | ||
201 | retry_interval = "1"; | ||
202 | }; | ||
203 | web-service = { | ||
204 | use = "generic-service"; | ||
205 | check_interval = "20"; | ||
206 | max_check_attempts = "2"; | ||
207 | retry_interval = "1"; | ||
208 | }; | ||
209 | external-web-service = { | ||
210 | use = "generic-service"; | ||
211 | check_interval = "20"; | ||
212 | max_check_attempts = "2"; | ||
213 | retry_interval = "1"; | ||
214 | }; | ||
215 | mail-service = { | ||
216 | use = "generic-service"; | ||
217 | check_interval = "15"; | ||
218 | max_check_attempts = "1"; | ||
219 | retry_interval = "1"; | ||
220 | }; | ||
221 | dns-service = { | ||
222 | use = "generic-service"; | ||
223 | check_interval = "120"; | ||
224 | notification_interval = "120"; | ||
225 | max_check_attempts = "5"; | ||
226 | retry_interval = "5"; | ||
147 | }; | 227 | }; |
148 | }; | 228 | }; |
149 | # No contact, we go through master | 229 | # No contact, we go through master |
150 | # contact = { | 230 | contact = { |
151 | # generic-contact = { | 231 | generic-contact = { |
152 | # host_notification_commands = "notify_host_by_email"; | 232 | host_notification_commands = "notify-host-by-email"; |
153 | # host_notification_options = "d,u,r,f,s"; | 233 | host_notification_options = "d,u,r,f,s"; |
154 | # host_notification_period = "24x7"; | 234 | host_notification_period = "24x7"; |
155 | # service_notification_commands = "notify_service_by_email"; | 235 | service_notification_commands = "notify-service-by-email"; |
156 | # service_notification_options = "w,u,c,r,f,s"; | 236 | service_notification_options = "w,u,c,r,f,s"; |
157 | # service_notification_period = "24x7"; | 237 | service_notification_period = "24x7"; |
158 | # }; | 238 | }; |
159 | # }; | 239 | }; |
160 | host = { | 240 | host = { |
161 | generic-host = { | 241 | generic-host = { |
162 | event_handler_enabled = "1"; | 242 | event_handler_enabled = "1"; |
diff --git a/modules/private/monitoring/objects_eldiron.nix b/modules/private/monitoring/objects_eldiron.nix index 897fc15..bee4645 100644 --- a/modules/private/monitoring/objects_eldiron.nix +++ b/modules/private/monitoring/objects_eldiron.nix | |||
@@ -1,12 +1,25 @@ | |||
1 | { ... }: | 1 | { lib, hostFQDN, ... }: |
2 | let | ||
3 | defaultPassiveInfo = { | ||
4 | filter = lib.attrsets.filterAttrs | ||
5 | (k: v: builtins.elem k ["service_description"] || builtins.substring 0 1 k == "_"); | ||
6 | use = "external-passive-service"; | ||
7 | freshness_threshold = "450"; | ||
8 | retry_interval = "1"; | ||
9 | servicegroups = "webstatus-resources"; | ||
10 | host_name = hostFQDN; | ||
11 | }; | ||
12 | in | ||
2 | { | 13 | { |
3 | service = [ | 14 | service = [ |
4 | { | 15 | { |
16 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-databases"; }; | ||
5 | service_description = "Postgresql replication for backup-2 is up to date"; | 17 | service_description = "Postgresql replication for backup-2 is up to date"; |
6 | use = "local-service"; | 18 | use = "local-service"; |
7 | check_command = ["check_postgresql_replication" "backup-2" "/run/postgresql" "5432"]; | 19 | check_command = ["check_postgresql_replication" "backup-2" "/run/postgresql" "5432"]; |
8 | } | 20 | } |
9 | { | 21 | { |
22 | passiveInfo = defaultPassiveInfo // { servicegroups = "webstatus-email"; }; | ||
10 | service_description = "mailq is empty"; | 23 | service_description = "mailq is empty"; |
11 | use = "local-service"; | 24 | use = "local-service"; |
12 | check_command = ["check_mailq"]; | 25 | check_command = ["check_mailq"]; |
diff --git a/modules/private/monitoring/objects_immae-eu.nix b/modules/private/monitoring/objects_immae-eu.nix new file mode 100644 index 0000000..3dda999 --- /dev/null +++ b/modules/private/monitoring/objects_immae-eu.nix | |||
@@ -0,0 +1,123 @@ | |||
1 | { ... }: | ||
2 | let | ||
3 | defaultPassiveInfo = { | ||
4 | use = "external-passive-service"; | ||
5 | freshness_threshold = "450"; | ||
6 | retry_interval = "1"; | ||
7 | host_name = "immae.eu"; | ||
8 | }; | ||
9 | in | ||
10 | { | ||
11 | host = { | ||
12 | "immae.eu" = { | ||
13 | alias = "immae.eu"; | ||
14 | address = "immae.eu"; | ||
15 | use = "linux-server"; | ||
16 | hostgroups = "webstatus-hosts"; | ||
17 | _webstatus_name = "immaeEu"; | ||
18 | }; | ||
19 | }; | ||
20 | service = map (s: defaultPassiveInfo // s) [ | ||
21 | { | ||
22 | service_description = "size on root partition"; | ||
23 | servicegroups = "webstatus-resources"; | ||
24 | } | ||
25 | |||
26 | { | ||
27 | service_description = "total number of process"; | ||
28 | servicegroups = "webstatus-resources"; | ||
29 | } | ||
30 | |||
31 | { | ||
32 | service_description = "average load"; | ||
33 | servicegroups = "webstatus-resources"; | ||
34 | } | ||
35 | |||
36 | { | ||
37 | service_description = "swap usage"; | ||
38 | servicegroups = "webstatus-resources"; | ||
39 | } | ||
40 | |||
41 | { | ||
42 | service_description = "no mdadm array is degraded"; | ||
43 | servicegroups = "webstatus-resources"; | ||
44 | } | ||
45 | |||
46 | { | ||
47 | service_description = "ntp is activated and working"; | ||
48 | servicegroups = "webstatus-resources"; | ||
49 | } | ||
50 | |||
51 | { | ||
52 | service_description = "ssh connexion responds"; | ||
53 | } | ||
54 | |||
55 | { | ||
56 | service_description = "fail2ban is active"; | ||
57 | servicegroups = "webstatus-resources"; | ||
58 | } | ||
59 | |||
60 | { | ||
61 | service_description = "pacman packages are not too old"; | ||
62 | servicegroups = "webstatus-resources"; | ||
63 | freshness_threshold = "10800"; | ||
64 | notification_interval = "0"; | ||
65 | } | ||
66 | |||
67 | { | ||
68 | service_description = "rsync backup happened not too long ago"; | ||
69 | servicegroups = "webstatus-backup"; | ||
70 | } | ||
71 | |||
72 | { | ||
73 | service_description = "eriomem backup is up and not full"; | ||
74 | freshness_threshold = "10800"; | ||
75 | notification_interval = "120"; | ||
76 | servicegroups = "webstatus-backup"; | ||
77 | } | ||
78 | |||
79 | { | ||
80 | service_description = "postfix service is active"; | ||
81 | } | ||
82 | |||
83 | { | ||
84 | service_description = "tinc@Immae service is active"; | ||
85 | } | ||
86 | |||
87 | { | ||
88 | service_description = "sshd service is active"; | ||
89 | } | ||
90 | |||
91 | { | ||
92 | service_description = "httpd service is active"; | ||
93 | servicegroups = "webstatus-resources"; | ||
94 | } | ||
95 | |||
96 | { | ||
97 | service_description = "postfix SSL is up to date"; | ||
98 | } | ||
99 | |||
100 | { | ||
101 | service_description = "mailq is empty"; | ||
102 | servicegroups = "webstatus-email"; | ||
103 | } | ||
104 | |||
105 | ## Sending e-mail | ||
106 | { | ||
107 | service_description = "immae.eu email service is active"; | ||
108 | servicegroups = "webstatus-email"; | ||
109 | freshness_threshold = "1350"; | ||
110 | } | ||
111 | |||
112 | #### Web scenarios | ||
113 | { | ||
114 | service_description = "discourse website is running on discourse.capitaines.fr"; | ||
115 | freshness_threshold = "1800"; | ||
116 | } | ||
117 | |||
118 | { | ||
119 | service_description = "Default website site is running on ns208507.ip-188-165-209.eu"; | ||
120 | freshness_threshold = "1800"; | ||
121 | } | ||
122 | ]; | ||
123 | } | ||
diff --git a/modules/private/monitoring/objects_master.nix b/modules/private/monitoring/objects_master.nix new file mode 100644 index 0000000..5b5b15f --- /dev/null +++ b/modules/private/monitoring/objects_master.nix | |||
@@ -0,0 +1,38 @@ | |||
1 | { config, ... }: | ||
2 | { | ||
3 | contact = { | ||
4 | immae = config.myEnv.monitoring.contacts.immae // { | ||
5 | use = "generic-contact"; | ||
6 | contactgroups = "admins"; | ||
7 | host_notification_commands = "notify-host-by-email,notify-by-slack!$USER206$!$USER207$"; | ||
8 | service_notification_commands = "notify-service-by-email,notify-by-slack!$USER206$!$USER207$"; | ||
9 | }; | ||
10 | }; | ||
11 | command = { | ||
12 | check_passive = "$USER1$/check_dummy 3 \"Service result are stale\""; | ||
13 | }; | ||
14 | templates = { | ||
15 | service = { | ||
16 | external-passive-service = { | ||
17 | active_checks_enabled = "0"; | ||
18 | check_freshness = "1"; | ||
19 | check_period = "24x7"; | ||
20 | contact_groups = "admins"; | ||
21 | event_handler_enabled = "1"; | ||
22 | flap_detection_enabled = "1"; | ||
23 | is_volatile = "0"; | ||
24 | max_check_attempts = "3"; | ||
25 | notification_interval = "60"; | ||
26 | notification_options = "w,u,c,r,f,s"; | ||
27 | notification_period = "24x7"; | ||
28 | notifications_enabled = "1"; | ||
29 | passive_checks_enabled = "1"; | ||
30 | process_perf_data = "1"; | ||
31 | retain_nonstatus_information = "1"; | ||
32 | retain_status_information = "1"; | ||
33 | retry_interval = "2"; | ||
34 | check_command = "check_passive"; | ||
35 | }; | ||
36 | }; | ||
37 | }; | ||
38 | } | ||
diff --git a/modules/private/monitoring/objects_monitoring-1.nix b/modules/private/monitoring/objects_monitoring-1.nix new file mode 100644 index 0000000..a46b684 --- /dev/null +++ b/modules/private/monitoring/objects_monitoring-1.nix | |||
@@ -0,0 +1,665 @@ | |||
1 | { config, pkgs, ... }: | ||
2 | { | ||
3 | host = { | ||
4 | # Dummy host for testing | ||
5 | # "dummy-host" = { | ||
6 | # alias = "dummy.host"; | ||
7 | # address = "dummy.host"; | ||
8 | # use = "linux-server"; | ||
9 | # check_command = "check_ok"; | ||
10 | # }; | ||
11 | }; | ||
12 | service = [ | ||
13 | # Dummy service for testing | ||
14 | # { | ||
15 | # service_description = "Dummy failing test"; | ||
16 | # host_name = "dummy-host"; | ||
17 | # use = "local-service"; | ||
18 | # check_interval = "0.3"; | ||
19 | # max_check_attempts = "1"; | ||
20 | # flap_detection_enabled = "0"; | ||
21 | # notification_interval = "0.1"; | ||
22 | # check_command = "check_critical"; | ||
23 | # } | ||
24 | |||
25 | { | ||
26 | service_description = "ftp has access to database for authentication"; | ||
27 | host_name = "eldiron.immae.eu"; | ||
28 | use = "external-service"; | ||
29 | check_command = "check_ftp_database"; | ||
30 | |||
31 | servicegroups = "webstatus-remote-services"; | ||
32 | _webstatus_name = "FTP"; | ||
33 | _webstatus_url = "ftp.immae.eu"; | ||
34 | } | ||
35 | |||
36 | { | ||
37 | service_description = "gitolite is working"; | ||
38 | host_name = "eldiron.immae.eu"; | ||
39 | use = "external-web-service"; | ||
40 | check_command = "check_git"; | ||
41 | |||
42 | servicegroups = "webstatus-remote-services"; | ||
43 | _webstatus_name = "Git"; | ||
44 | _webstatus_url = "git.immae.eu"; | ||
45 | } | ||
46 | |||
47 | { | ||
48 | service_description = "postfix SSL is up to date"; | ||
49 | host_name = "eldiron.immae.eu"; | ||
50 | use = "external-service"; | ||
51 | check_command = "check_smtp"; | ||
52 | |||
53 | servicegroups = "webstatus-ssl"; | ||
54 | _webstatus_name = "SMTP"; | ||
55 | _webstatus_url = "smtp.immae.eu"; | ||
56 | } | ||
57 | |||
58 | { | ||
59 | service_description = "imap SSL is up to date"; | ||
60 | host_name = "eldiron.immae.eu"; | ||
61 | use = "external-service"; | ||
62 | check_command = ["check_tcp_ssl" "993"]; | ||
63 | |||
64 | servicegroups = "webstatus-ssl"; | ||
65 | _webstatus_name = "IMAP"; | ||
66 | _webstatus_url = "imap.immae.eu"; | ||
67 | } | ||
68 | |||
69 | { | ||
70 | service_description = "imap connection works"; | ||
71 | host_name = "eldiron.immae.eu"; | ||
72 | use = "external-service"; | ||
73 | check_command = "check_imap_connection"; | ||
74 | |||
75 | servicegroups = "webstatus-remote-services,webstatus-email"; | ||
76 | _webstatus_name = "IMAP"; | ||
77 | _webstatus_url = "imap.immae.eu"; | ||
78 | } | ||
79 | |||
80 | # DNS services | ||
81 | { | ||
82 | service_description = "eldiron dns is active and authoritative for aten.pro"; | ||
83 | host_name = "eldiron.immae.eu"; | ||
84 | use = "dns-service"; | ||
85 | check_command = ["check_dns" "aten.pro" "-A"]; | ||
86 | |||
87 | servicegroups = "webstatus-dns"; | ||
88 | _webstatus_name = "aten.pro"; | ||
89 | } | ||
90 | |||
91 | { | ||
92 | service_description = "eldiron dns is active and authoritative for bouya.org"; | ||
93 | host_name = "eldiron.immae.eu"; | ||
94 | use = "dns-service"; | ||
95 | check_command = ["check_dns" "bouya.org" "-A"]; | ||
96 | |||
97 | servicegroups = "webstatus-dns"; | ||
98 | _webstatus_name = "bouya.org"; | ||
99 | } | ||
100 | |||
101 | { | ||
102 | service_description = "eldiron dns is active and authoritative for filedesreves.fr"; | ||
103 | host_name = "eldiron.immae.eu"; | ||
104 | use = "dns-service"; | ||
105 | check_command = ["check_dns" "filedesreves.fr" "-A"]; | ||
106 | |||
107 | servicegroups = "webstatus-dns"; | ||
108 | _webstatus_name = "filedesreves.fr"; | ||
109 | } | ||
110 | |||
111 | { | ||
112 | service_description = "eldiron dns is active and authoritative for ludivinecassal.com"; | ||
113 | host_name = "eldiron.immae.eu"; | ||
114 | use = "dns-service"; | ||
115 | check_command = ["check_dns" "ludivinecassal.com" "-A"]; | ||
116 | |||
117 | servicegroups = "webstatus-dns"; | ||
118 | _webstatus_name = "ludivinecassal.com"; | ||
119 | } | ||
120 | |||
121 | { | ||
122 | service_description = "eldiron dns is active and authoritative for icommandeur.org"; | ||
123 | host_name = "eldiron.immae.eu"; | ||
124 | use = "dns-service"; | ||
125 | check_command = ["check_dns" "icommandeur.org" "-A"]; | ||
126 | |||
127 | servicegroups = "webstatus-dns"; | ||
128 | _webstatus_name = "icommandeur.org"; | ||
129 | } | ||
130 | |||
131 | { | ||
132 | service_description = "eldiron dns is active and authoritative for immae.eu"; | ||
133 | host_name = "eldiron.immae.eu"; | ||
134 | use = "dns-service"; | ||
135 | check_command = ["check_dns" "immae.eu" "-A"]; | ||
136 | |||
137 | servicegroups = "webstatus-dns"; | ||
138 | _webstatus_name = "immae.eu"; | ||
139 | } | ||
140 | |||
141 | { | ||
142 | service_description = "eldiron dns is active and authoritative for immae.fr"; | ||
143 | host_name = "eldiron.immae.eu"; | ||
144 | use = "dns-service"; | ||
145 | check_command = ["check_dns" "immae.fr" "-A"]; | ||
146 | |||
147 | servicegroups = "webstatus-dns"; | ||
148 | _webstatus_name = "immae.fr"; | ||
149 | } | ||
150 | |||
151 | { | ||
152 | service_description = "eldiron dns is active and authoritative for piedsjaloux.fr"; | ||
153 | host_name = "eldiron.immae.eu"; | ||
154 | use = "dns-service"; | ||
155 | check_command = ["check_dns" "piedsjaloux.fr" "-A"]; | ||
156 | |||
157 | servicegroups = "webstatus-dns"; | ||
158 | _webstatus_name = "piedsjaloux.fr"; | ||
159 | } | ||
160 | |||
161 | { | ||
162 | service_description = "eldiron dns is active and authoritative for saison-photo.org"; | ||
163 | host_name = "eldiron.immae.eu"; | ||
164 | use = "dns-service"; | ||
165 | check_command = ["check_dns" "saison-photo.org" "-A"]; | ||
166 | |||
167 | servicegroups = "webstatus-dns"; | ||
168 | _webstatus_name = "saison-photo.org"; | ||
169 | } | ||
170 | |||
171 | { | ||
172 | service_description = "eldiron dns is active and authoritative for tellesflorian.com"; | ||
173 | host_name = "eldiron.immae.eu"; | ||
174 | use = "dns-service"; | ||
175 | check_command = ["check_dns" "tellesflorian.com" "-A"]; | ||
176 | |||
177 | servicegroups = "webstatus-dns"; | ||
178 | _webstatus_name = "tellesflorian.com"; | ||
179 | } | ||
180 | |||
181 | { | ||
182 | service_description = "eldiron dns is active and authoritative for capitaines.fr"; | ||
183 | host_name = "eldiron.immae.eu"; | ||
184 | use = "dns-service"; | ||
185 | check_command = ["check_dns" "capitaines.fr" "-A"]; | ||
186 | |||
187 | servicegroups = "webstatus-dns"; | ||
188 | _webstatus_name = "capitaines.fr"; | ||
189 | } | ||
190 | |||
191 | { | ||
192 | service_description = "cloudns dns is active and authoritative for aten.pro"; | ||
193 | host_name = "eldiron.immae.eu"; | ||
194 | use = "dns-service"; | ||
195 | check_command = ["check_external_dns" "pns1.cloudns.net" "aten.pro" "-A"]; | ||
196 | |||
197 | servicegroups = "webstatus-dns"; | ||
198 | _webstatus_name = "aten.pro (Secondary DNS ClouDNS)"; | ||
199 | } | ||
200 | |||
201 | { | ||
202 | service_description = "cloudns dns is active and authoritative for bouya.org"; | ||
203 | host_name = "eldiron.immae.eu"; | ||
204 | use = "dns-service"; | ||
205 | check_command = ["check_external_dns" "pns1.cloudns.net" "bouya.org" "-A"]; | ||
206 | |||
207 | servicegroups = "webstatus-dns"; | ||
208 | _webstatus_name = "bouya.org (Secondary DNS ClouDNS)"; | ||
209 | } | ||
210 | |||
211 | { | ||
212 | service_description = "cloudns dns is active and authoritative for filedesreves.fr"; | ||
213 | host_name = "eldiron.immae.eu"; | ||
214 | use = "dns-service"; | ||
215 | check_command = ["check_external_dns" "pns1.cloudns.net" "filedesreves.fr" "-A"]; | ||
216 | |||
217 | servicegroups = "webstatus-dns"; | ||
218 | _webstatus_name = "filedesreves.fr (Secondary DNS ClouDNS)"; | ||
219 | } | ||
220 | |||
221 | { | ||
222 | service_description = "cloudns dns is active and authoritative for ludivinecassal.com"; | ||
223 | host_name = "eldiron.immae.eu"; | ||
224 | use = "dns-service"; | ||
225 | check_command = ["check_external_dns" "pns1.cloudns.net" "ludivinecassal.com" "-A"]; | ||
226 | |||
227 | servicegroups = "webstatus-dns"; | ||
228 | _webstatus_name = "ludivinecassal.com (Secondary DNS ClouDNS)"; | ||
229 | } | ||
230 | |||
231 | { | ||
232 | service_description = "cloudns dns is active and authoritative for icommandeur.org"; | ||
233 | host_name = "eldiron.immae.eu"; | ||
234 | use = "dns-service"; | ||
235 | check_command = ["check_external_dns" "pns1.cloudns.net" "icommandeur.org" "-A"]; | ||
236 | |||
237 | servicegroups = "webstatus-dns"; | ||
238 | _webstatus_name = "icommandeur.org (Secondary DNS ClouDNS)"; | ||
239 | } | ||
240 | |||
241 | { | ||
242 | service_description = "cloudns dns is active and authoritative for immae.eu"; | ||
243 | host_name = "eldiron.immae.eu"; | ||
244 | use = "dns-service"; | ||
245 | check_command = ["check_external_dns" "pns1.cloudns.net" "immae.eu" "-A"]; | ||
246 | |||
247 | servicegroups = "webstatus-dns"; | ||
248 | _webstatus_name = "immae.eu (Secondary DNS ClouDNS)"; | ||
249 | } | ||
250 | |||
251 | { | ||
252 | service_description = "cloudns dns is active and authoritative for immae.fr"; | ||
253 | host_name = "eldiron.immae.eu"; | ||
254 | use = "dns-service"; | ||
255 | check_command = ["check_external_dns" "pns1.cloudns.net" "immae.fr" "-A"]; | ||
256 | |||
257 | servicegroups = "webstatus-dns"; | ||
258 | _webstatus_name = "immae.fr (Secondary DNS ClouDNS)"; | ||
259 | } | ||
260 | |||
261 | { | ||
262 | service_description = "cloudns dns is active and authoritative for piedsjaloux.fr"; | ||
263 | host_name = "eldiron.immae.eu"; | ||
264 | use = "dns-service"; | ||
265 | check_command = ["check_external_dns" "pns1.cloudns.net" "piedsjaloux.fr" "-A"]; | ||
266 | |||
267 | servicegroups = "webstatus-dns"; | ||
268 | _webstatus_name = "piedsjaloux.fr (Secondary DNS ClouDNS)"; | ||
269 | } | ||
270 | |||
271 | { | ||
272 | service_description = "cloudns dns is active and authoritative for tellesflorian.com"; | ||
273 | host_name = "eldiron.immae.eu"; | ||
274 | use = "dns-service"; | ||
275 | check_command = ["check_external_dns" "pns1.cloudns.net" "tellesflorian.com" "-A"]; | ||
276 | |||
277 | servicegroups = "webstatus-dns"; | ||
278 | _webstatus_name = "tellesflorian.com (Secondary DNS ClouDNS)"; | ||
279 | } | ||
280 | |||
281 | { | ||
282 | service_description = "cloudns dns is active and authoritative for saison-photo.org"; | ||
283 | host_name = "eldiron.immae.eu"; | ||
284 | use = "dns-service"; | ||
285 | check_command = ["check_external_dns" "pns1.cloudns.net" "saison-photo.org" "-A"]; | ||
286 | |||
287 | servicegroups = "webstatus-dns"; | ||
288 | _webstatus_name = "saison-photo.org (Secondary DNS ClouDNS)"; | ||
289 | } | ||
290 | |||
291 | #### Web scenarios | ||
292 | { | ||
293 | service_description = "blog website is running on immae.eu"; | ||
294 | host_name = "eldiron.immae.eu"; | ||
295 | use = "external-web-service"; | ||
296 | check_command = ["check_https" "www.immae.eu" "/blog/" "egrep -ri TODO /etc"]; | ||
297 | |||
298 | servicegroups = "webstatus-websites"; | ||
299 | _webstatus_name = "Immae’s Blog"; | ||
300 | _webstatus_url = "https://www.immae.eu/blog"; | ||
301 | } | ||
302 | |||
303 | { | ||
304 | service_description = "owncloud website is running on cloud.immae.eu"; | ||
305 | host_name = "eldiron.immae.eu"; | ||
306 | use = "external-web-service"; | ||
307 | check_command = ["check_https" "cloud.immae.eu" "/" "a safe home for all your data"]; | ||
308 | |||
309 | servicegroups = "webstatus-webapps"; | ||
310 | _webstatus_name = "Nextcloud"; | ||
311 | _webstatus_url = "https://cloud.immae.eu"; | ||
312 | } | ||
313 | |||
314 | { | ||
315 | service_description = "davical website is running on dav.immae.eu"; | ||
316 | host_name = "eldiron.immae.eu"; | ||
317 | use = "external-web-service"; | ||
318 | check_command = ["check_https" "dav.immae.eu" "/davical/" "Log On Please"]; | ||
319 | |||
320 | servicegroups = "webstatus-webapps"; | ||
321 | _webstatus_name = "Davical"; | ||
322 | _webstatus_url = "https://dav.immae.eu/davical"; | ||
323 | } | ||
324 | |||
325 | { | ||
326 | service_description = "adminer website is running on tools.immae.eu"; | ||
327 | host_name = "eldiron.immae.eu"; | ||
328 | use = "external-web-service"; | ||
329 | check_command = ["check_https_auth" "tools.immae.eu" "/adminer/" "www.adminer.org"]; | ||
330 | |||
331 | servicegroups = "webstatus-webapps"; | ||
332 | _webstatus_name = "Adminer"; | ||
333 | _webstatus_url = "https://tools.immae.eu/adminer/"; | ||
334 | } | ||
335 | |||
336 | { | ||
337 | service_description = "ttrss website is running on tools.immae.eu"; | ||
338 | host_name = "eldiron.immae.eu"; | ||
339 | use = "external-web-service"; | ||
340 | check_command = ["check_https" "tools.immae.eu" "/ttrss/" "<title>Tiny Tiny RSS"]; | ||
341 | |||
342 | servicegroups = "webstatus-webapps"; | ||
343 | _webstatus_name = "TT-RSS"; | ||
344 | _webstatus_url = "https://tools.immae.eu/ttrss/"; | ||
345 | } | ||
346 | |||
347 | { | ||
348 | service_description = "mpd website is running on tools.immae.eu"; | ||
349 | host_name = "eldiron.immae.eu"; | ||
350 | use = "external-web-service"; | ||
351 | check_command = ["check_https_auth" "tools.immae.eu" "/mpd/" "<title>ympd"]; | ||
352 | |||
353 | servicegroups = "webstatus-webapps"; | ||
354 | _webstatus_name = "MPD (YMPD)"; | ||
355 | _webstatus_url = "https://tools.immae.eu/mpd/"; | ||
356 | } | ||
357 | |||
358 | { | ||
359 | service_description = "rompr mpd website is running on tools.immae.eu"; | ||
360 | host_name = "eldiron.immae.eu"; | ||
361 | use = "external-web-service"; | ||
362 | check_command = ["check_https_auth" "tools.immae.eu" "/rompr/" "<title>RompЯ"]; | ||
363 | |||
364 | servicegroups = "webstatus-webapps"; | ||
365 | _webstatus_name = "MPD (ROMPR)"; | ||
366 | _webstatus_url = "https://tools.immae.eu/rompr/"; | ||
367 | } | ||
368 | |||
369 | { | ||
370 | service_description = "wallabag website is running on tools.immae.eu"; | ||
371 | host_name = "eldiron.immae.eu"; | ||
372 | use = "external-web-service"; | ||
373 | check_command = ["check_https" "tools.immae.eu" "/wallabag/" "<title>Bienvenue sur wallabag"]; | ||
374 | |||
375 | servicegroups = "webstatus-webapps"; | ||
376 | _webstatus_name = "Wallabag"; | ||
377 | _webstatus_url = "https://tools.immae.eu/wallabag/"; | ||
378 | } | ||
379 | |||
380 | { | ||
381 | service_description = "yourl website is running on tools.immae.eu"; | ||
382 | host_name = "eldiron.immae.eu"; | ||
383 | use = "external-web-service"; | ||
384 | check_command = ["check_https" "tools.immae.eu" "/url/admin/" "<title>YOURLS"]; | ||
385 | |||
386 | servicegroups = "webstatus-webapps"; | ||
387 | _webstatus_name = "YOURLS"; | ||
388 | _webstatus_url = "https://tools.immae.eu/url/admin/"; | ||
389 | } | ||
390 | |||
391 | { | ||
392 | service_description = "roundcube website is running on mail.immae.eu"; | ||
393 | host_name = "eldiron.immae.eu"; | ||
394 | use = "external-web-service"; | ||
395 | check_command = ["check_https_code" "mail.immae.eu" "/roundcube/" "401" "<title>Roundcube"]; | ||
396 | |||
397 | servicegroups = "webstatus-webapps,webstatus-email"; | ||
398 | _webstatus_name = "Roundcube"; | ||
399 | _webstatus_url = "https://mail.immae.eu/roundcube/"; | ||
400 | } | ||
401 | |||
402 | { | ||
403 | service_description = "dokuwiki website is running on tools.immae.eu"; | ||
404 | host_name = "eldiron.immae.eu"; | ||
405 | use = "external-web-service"; | ||
406 | check_command = ["check_https" "tools.immae.eu" "/dokuwiki/" "<title>start"]; | ||
407 | |||
408 | servicegroups = "webstatus-webapps"; | ||
409 | _webstatus_name = "Dokuwiki"; | ||
410 | _webstatus_url = "https://tools.immae.eu/dokuwiki/"; | ||
411 | } | ||
412 | |||
413 | { | ||
414 | service_description = "shaarli website is running on tools.immae.eu"; | ||
415 | host_name = "eldiron.immae.eu"; | ||
416 | use = "external-web-service"; | ||
417 | check_command = ["check_https" "tools.immae.eu" "/Shaarli/immae" "<title>Immae"]; | ||
418 | |||
419 | servicegroups = "webstatus-webapps"; | ||
420 | _webstatus_name = "Shaarli"; | ||
421 | _webstatus_url = "https://tools.immae.eu/Shaarli/"; | ||
422 | } | ||
423 | |||
424 | { | ||
425 | service_description = "ldap website is running on tools.immae.eu"; | ||
426 | host_name = "eldiron.immae.eu"; | ||
427 | use = "external-web-service"; | ||
428 | check_command = ["check_https" "tools.immae.eu" "/ldap/" "<title>phpLDAPadmin"]; | ||
429 | |||
430 | servicegroups = "webstatus-webapps"; | ||
431 | _webstatus_name = "LDAP"; | ||
432 | _webstatus_url = "https://tools.immae.eu/ldap/"; | ||
433 | } | ||
434 | |||
435 | { | ||
436 | service_description = "gitweb website is running on git.immae.eu"; | ||
437 | host_name = "eldiron.immae.eu"; | ||
438 | use = "external-web-service"; | ||
439 | check_command = ["check_https" "git.immae.eu" "/" "git web interface"]; | ||
440 | |||
441 | servicegroups = "webstatus-webapps"; | ||
442 | _webstatus_name = "Git"; | ||
443 | _webstatus_url = "https://git.immae.eu/"; | ||
444 | } | ||
445 | |||
446 | { | ||
447 | service_description = "mantisbt website is running on git.immae.eu"; | ||
448 | host_name = "eldiron.immae.eu"; | ||
449 | use = "external-web-service"; | ||
450 | check_command = ["check_https" "git.immae.eu" "/mantisbt/" "<title>My View - MantisBT"]; | ||
451 | |||
452 | servicegroups = "webstatus-webapps"; | ||
453 | _webstatus_name = "Mantisbt"; | ||
454 | _webstatus_url = "https://git.immae.eu/mantisbt"; | ||
455 | } | ||
456 | |||
457 | { | ||
458 | service_description = "diaspora website is running on diaspora.immae.eu"; | ||
459 | host_name = "eldiron.immae.eu"; | ||
460 | use = "external-web-service"; | ||
461 | check_command = ["check_https" "diaspora.immae.eu" "/" "is the online social world where you are in control"]; | ||
462 | |||
463 | servicegroups = "webstatus-webapps"; | ||
464 | _webstatus_name = "Diaspora"; | ||
465 | _webstatus_url = "https://diaspora.immae.eu/"; | ||
466 | } | ||
467 | |||
468 | { | ||
469 | service_description = "peertube website is running on peertube.immae.eu"; | ||
470 | host_name = "eldiron.immae.eu"; | ||
471 | use = "external-web-service"; | ||
472 | check_command = ["check_https" "peertube.immae.eu" "/" "<title>Immae’s PeerTube"]; | ||
473 | |||
474 | servicegroups = "webstatus-webapps"; | ||
475 | _webstatus_name = "Peertube"; | ||
476 | _webstatus_url = "https://peertube.immae.eu/"; | ||
477 | } | ||
478 | |||
479 | { | ||
480 | service_description = "etherpad website is running on ether.immae.eu"; | ||
481 | host_name = "eldiron.immae.eu"; | ||
482 | use = "external-web-service"; | ||
483 | check_command = ["check_https" "ether.immae.eu" "/" "<title>Etherpad"]; | ||
484 | |||
485 | servicegroups = "webstatus-webapps"; | ||
486 | _webstatus_name = "Etherpad"; | ||
487 | _webstatus_url = "https://ether.immae.eu/"; | ||
488 | } | ||
489 | |||
490 | { | ||
491 | service_description = "mediagoblin website is running on mgoblin.immae.eu"; | ||
492 | host_name = "eldiron.immae.eu"; | ||
493 | use = "external-web-service"; | ||
494 | check_command = ["check_https" "mgoblin.immae.eu" "/" "<title>GNU MediaGoblin"]; | ||
495 | |||
496 | servicegroups = "webstatus-webapps"; | ||
497 | _webstatus_name = "Mediagoblin"; | ||
498 | _webstatus_url = "https://mgoblin.immae.eu/"; | ||
499 | } | ||
500 | |||
501 | { | ||
502 | service_description = "mastodon website is running on mastodon.immae.eu"; | ||
503 | host_name = "eldiron.immae.eu"; | ||
504 | use = "external-web-service"; | ||
505 | check_command = ["check_https" "mastodon.immae.eu" "/" "Mastodon</title>"]; | ||
506 | |||
507 | servicegroups = "webstatus-webapps"; | ||
508 | _webstatus_name = "Mastodon"; | ||
509 | _webstatus_url = "https://mastodon.immae.eu/"; | ||
510 | } | ||
511 | |||
512 | # Other web pages | ||
513 | { | ||
514 | service_description = "Jerome website is running on naturaloutil.immae.eu"; | ||
515 | host_name = "eldiron.immae.eu"; | ||
516 | use = "external-web-service"; | ||
517 | check_command = ["check_https" "naturaloutil.immae.eu" "/ping.php" "YES"]; | ||
518 | |||
519 | servicegroups = "webstatus-websites"; | ||
520 | _webstatus_name = "naturaloutil.immae.eu"; | ||
521 | _webstatus_url = "https://naturaloutil.immae.eu/"; | ||
522 | } | ||
523 | |||
524 | { | ||
525 | service_description = "Telio website is running on realistesmedia.fr"; | ||
526 | host_name = "eldiron.immae.eu"; | ||
527 | use = "external-web-service"; | ||
528 | check_command = ["check_https" "realistesmedia.fr" "/" "<title>Réal'istes"]; | ||
529 | contact_groups = "telio-tortay"; | ||
530 | } | ||
531 | |||
532 | { | ||
533 | service_description = "Chloe website site is running on osteopathe-cc.fr"; | ||
534 | host_name = "eldiron.immae.eu"; | ||
535 | use = "external-web-service"; | ||
536 | check_command = ["check_https" "www.osteopathe-cc.fr" "/" "<title>Chloé Condamin ostéopathe D.O."]; | ||
537 | |||
538 | servicegroups = "webstatus-websites"; | ||
539 | _webstatus_name = "osteopathe-cc.fr"; | ||
540 | _webstatus_url = "https://www.osteopathe-cc.fr/"; | ||
541 | } | ||
542 | |||
543 | { | ||
544 | service_description = "Richie website is running on europe-richie.org"; | ||
545 | host_name = "eldiron.immae.eu"; | ||
546 | use = "external-web-service"; | ||
547 | check_command = ["check_https" "www.europe-richie.org" "/" "<title>.Europe Richie]"]; | ||
548 | |||
549 | servicegroups = "webstatus-websites"; | ||
550 | _webstatus_name = "europe-richie.org"; | ||
551 | _webstatus_url = "https://www.europe-richie.org/"; | ||
552 | } | ||
553 | |||
554 | { | ||
555 | service_description = "Ludivine website site is running on ludivinecassal.com"; | ||
556 | host_name = "eldiron.immae.eu"; | ||
557 | use = "external-web-service"; | ||
558 | check_command = ["check_https" "www.ludivinecassal.com" "/" "<title>Ludivine Cassal"]; | ||
559 | |||
560 | servicegroups = "webstatus-websites"; | ||
561 | _webstatus_name = "ludivinecassal.com"; | ||
562 | _webstatus_url = "https://www.ludivinecassal.com/"; | ||
563 | } | ||
564 | |||
565 | { | ||
566 | service_description = "Aten website site is running on aten.pro"; | ||
567 | host_name = "eldiron.immae.eu"; | ||
568 | use = "external-web-service"; | ||
569 | check_command = ["check_https" "aten.pro" "/" "<title>ATEN"]; | ||
570 | |||
571 | servicegroups = "webstatus-websites"; | ||
572 | _webstatus_name = "aten.pro"; | ||
573 | _webstatus_url = "https://aten.pro/"; | ||
574 | } | ||
575 | |||
576 | { | ||
577 | service_description = "PiedsJaloux website site is running on piedsjaloux.fr"; | ||
578 | host_name = "eldiron.immae.eu"; | ||
579 | use = "external-web-service"; | ||
580 | check_command = ["check_https" "www.piedsjaloux.fr" "/" "<title>Les Pieds Jaloux"]; | ||
581 | |||
582 | servicegroups = "webstatus-websites"; | ||
583 | _webstatus_name = "piedsjaloux.fr"; | ||
584 | _webstatus_url = "https://www.piedsjaloux.fr/"; | ||
585 | } | ||
586 | |||
587 | { | ||
588 | service_description = "Denise and Jerome website site is running on denisejerome.piedsjaloux.fr"; | ||
589 | host_name = "eldiron.immae.eu"; | ||
590 | use = "external-web-service"; | ||
591 | check_command = ["check_https" "denisejerome.piedsjaloux.fr" "/" "<title>Accueil - Mariage"]; | ||
592 | |||
593 | servicegroups = "webstatus-websites"; | ||
594 | _webstatus_name = "denisejerome.piedsjaloux.fr"; | ||
595 | _webstatus_url = "https://denisejerome.piedsjaloux.fr/"; | ||
596 | } | ||
597 | |||
598 | { | ||
599 | service_description = "Connexionswing website site is running on connexionswing.com"; | ||
600 | host_name = "eldiron.immae.eu"; | ||
601 | use = "external-web-service"; | ||
602 | check_command = ["check_https" "www.connexionswing.com" "/" "<title>Cours, stages"]; | ||
603 | |||
604 | servicegroups = "webstatus-websites"; | ||
605 | _webstatus_name = "connexionswing.com"; | ||
606 | _webstatus_url = "https://www.connexionswing.com/"; | ||
607 | } | ||
608 | |||
609 | { | ||
610 | service_description = "Sandetludo website site is running on sandetludo.com"; | ||
611 | host_name = "eldiron.immae.eu"; | ||
612 | use = "external-web-service"; | ||
613 | check_command = ["check_https" "www.sandetludo.com" "/" "<title>Cours de West Coast"]; | ||
614 | |||
615 | servicegroups = "webstatus-websites"; | ||
616 | _webstatus_name = "sandetludo.com"; | ||
617 | _webstatus_url = "https://www.sandetludo.com/"; | ||
618 | } | ||
619 | |||
620 | { | ||
621 | service_description = "Maison bbc accepts add requests on http"; | ||
622 | host_name = "eldiron.immae.eu"; | ||
623 | use = "external-web-service"; | ||
624 | check_command = [ "check_http" "maison.bbc.bouya.org" "/add.php" "^$"]; | ||
625 | } | ||
626 | |||
627 | { | ||
628 | service_description = "Maison bbc has up to date data"; | ||
629 | host_name = "eldiron.immae.eu"; | ||
630 | use = "generic-service"; | ||
631 | contact_groups = "maison-bbc"; | ||
632 | notification_interval = "1440"; | ||
633 | check_command = "check_maison_bbc"; | ||
634 | flap_detection_enabled = "0"; | ||
635 | max_check_attempts = "1"; | ||
636 | } | ||
637 | |||
638 | # SSL | ||
639 | { | ||
640 | service_description = "ldap SSL is up to date"; | ||
641 | host_name = "eldiron.immae.eu"; | ||
642 | use = "external-service"; | ||
643 | check_command = ["check_tcp_ssl" "636"]; | ||
644 | |||
645 | servicegroups = "webstatus-ssl"; | ||
646 | _webstatus_name = "LDAP"; | ||
647 | _webstatus_url = "ldap.immae.eu"; | ||
648 | } | ||
649 | ]; | ||
650 | contact = { | ||
651 | telio-tortay = config.myEnv.monitoring.contacts.telio-tortay // { | ||
652 | use = "generic-contact"; | ||
653 | contactgroups = "telio-tortay"; | ||
654 | }; | ||
655 | papa = config.myEnv.monitoring.contacts.papa // { | ||
656 | use = "generic-contact"; | ||
657 | contactgroups = "maison-bbc"; | ||
658 | service_notification_commands = "notify-maison-bbc-by-email"; | ||
659 | }; | ||
660 | }; | ||
661 | contactgroup = { | ||
662 | maison-bbc = { alias = "Maison BBC"; }; | ||
663 | telio-tortay = { alias = "Telio Tortay"; members = "immae"; }; | ||
664 | }; | ||
665 | } | ||
diff --git a/modules/private/monitoring/objects_phare.nix b/modules/private/monitoring/objects_phare.nix new file mode 100644 index 0000000..ab46436 --- /dev/null +++ b/modules/private/monitoring/objects_phare.nix | |||
@@ -0,0 +1,22 @@ | |||
1 | { ... }: | ||
2 | { | ||
3 | host = { | ||
4 | "phare.normalesup.org" = { | ||
5 | alias = "phare.normalesup.org"; | ||
6 | address = "phare.normalesup.org"; | ||
7 | use = "linux-server"; | ||
8 | hostgroups = "webstatus-hosts"; | ||
9 | _webstatus_name = "phare"; | ||
10 | }; | ||
11 | }; | ||
12 | service = [ | ||
13 | { | ||
14 | service_description = "phare.normalesup.org email service is active"; | ||
15 | use = "external-passive-service"; | ||
16 | host_name = "phare.normalesup.org"; | ||
17 | freshness_threshold = "1350"; | ||
18 | retry_interval = "1"; | ||
19 | servicegroups = "webstatus-email"; | ||
20 | } | ||
21 | ]; | ||
22 | } | ||
diff --git a/modules/private/monitoring/objects_tiboqorl-fr.nix b/modules/private/monitoring/objects_tiboqorl-fr.nix new file mode 100644 index 0000000..847143e --- /dev/null +++ b/modules/private/monitoring/objects_tiboqorl-fr.nix | |||
@@ -0,0 +1,12 @@ | |||
1 | { ... }: | ||
2 | { | ||
3 | host = { | ||
4 | "tiboqorl.fr" = { | ||
5 | alias = "tiboqorl.fr"; | ||
6 | address = "tiboqorl.fr"; | ||
7 | use = "linux-server"; | ||
8 | hostgroups = "webstatus-hosts"; | ||
9 | _webstatus_name = "tiboqorl"; | ||
10 | }; | ||
11 | }; | ||
12 | } | ||
diff --git a/modules/private/monitoring/objects_ulminfo-fr.nix b/modules/private/monitoring/objects_ulminfo-fr.nix new file mode 100644 index 0000000..87a3e05 --- /dev/null +++ b/modules/private/monitoring/objects_ulminfo-fr.nix | |||
@@ -0,0 +1,22 @@ | |||
1 | { ... }: | ||
2 | { | ||
3 | host = { | ||
4 | "ulminfo.fr" = { | ||
5 | alias = "ulminfo.fr"; | ||
6 | address = "ulminfo.fr"; | ||
7 | use = "linux-server"; | ||
8 | hostgroups = "webstatus-hosts"; | ||
9 | _webstatus_name = "ulminfo"; | ||
10 | }; | ||
11 | }; | ||
12 | service = [ | ||
13 | { | ||
14 | service_description = "ulminfo.fr email service is active"; | ||
15 | use = "external-passive-service"; | ||
16 | host_name = "ulminfo.fr"; | ||
17 | freshness_threshold = "1350"; | ||
18 | retry_interval = "1"; | ||
19 | servicegroups = "webstatus-email"; | ||
20 | } | ||
21 | ]; | ||
22 | } | ||
diff --git a/modules/private/monitoring/plugins/check_ftp_database b/modules/private/monitoring/plugins/check_ftp_database new file mode 100755 index 0000000..9a41424 --- /dev/null +++ b/modules/private/monitoring/plugins/check_ftp_database | |||
@@ -0,0 +1,11 @@ | |||
1 | #!/usr/bin/env bash | ||
2 | |||
3 | OUT=$(echo "ls" | lftp -u test_ftp,test_ftp eldiron.immae.eu | grep it_works | wc -l) | ||
4 | |||
5 | if [ "$OUT" -eq 1 ]; then | ||
6 | echo "ftp connection OK - access to ftp is working" | ||
7 | exit 0 | ||
8 | else | ||
9 | echo "ftp connection CRITICAL - no access to ftp" | ||
10 | exit 2 | ||
11 | fi | ||
diff --git a/modules/private/monitoring/plugins/check_git b/modules/private/monitoring/plugins/check_git new file mode 100755 index 0000000..8c09925 --- /dev/null +++ b/modules/private/monitoring/plugins/check_git | |||
@@ -0,0 +1,68 @@ | |||
1 | #!/usr/bin/env bash | ||
2 | |||
3 | SSH_KEY="$1" | ||
4 | |||
5 | TMPDIR=$(mktemp -d) | ||
6 | |||
7 | if [ ! -d "$TMPDIR" ]; then | ||
8 | echo "gitolite UNKNOWN - impossible to create temp dir" | ||
9 | exit 3 | ||
10 | fi | ||
11 | |||
12 | trap "rm -rf $TMPDIR" EXIT | ||
13 | |||
14 | ERRORS="" | ||
15 | OUTPUT="" | ||
16 | |||
17 | cd "$TMPDIR" | ||
18 | OUT=$(git clone -q git://git.immae.eu/perso/Immae/Projets/Ruby/Monitor.git 2>&1) | ||
19 | ERR=$? | ||
20 | if [ -n "$OUT" ]; then | ||
21 | OUTPUT="$OUTPUT | ||
22 | $OUT" | ||
23 | fi | ||
24 | if [ "$ERR" != 0 ]; then | ||
25 | ERRORS="$ERRORS git://" | ||
26 | fi | ||
27 | rm -rf Monitor | ||
28 | |||
29 | OUT=$(git clone -q http://git.immae.eu/perso/Immae/Projets/Ruby/Monitor.git 2>&1) | ||
30 | ERR=$? | ||
31 | if [ -n "$OUT" ]; then | ||
32 | OUTPUT="$OUTPUT | ||
33 | $OUT" | ||
34 | fi | ||
35 | if [ "$ERR" != 0 ]; then | ||
36 | ERRORS="$ERRORS http://" | ||
37 | fi | ||
38 | rm -rf Monitor | ||
39 | |||
40 | OUT=$(git clone -q https://git.immae.eu/perso/Immae/Projets/Ruby/Monitor.git 2>&1) | ||
41 | ERR=$? | ||
42 | if [ -n "$OUT" ]; then | ||
43 | OUTPUT="$OUTPUT | ||
44 | $OUT" | ||
45 | fi | ||
46 | if [ "$ERR" != 0 ]; then | ||
47 | ERRORS="$ERRORS https://" | ||
48 | fi | ||
49 | rm -rf Monitor | ||
50 | |||
51 | OUT=$(GIT_SSH_COMMAND="ssh -i $SSH_KEY -o BatchMode=yes -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no" git clone -q gitolite@git.immae.eu:perso/Immae/Projets/Ruby/Monitor 2>&1) | ||
52 | ERR=$? | ||
53 | if [ -n "$OUT" ]; then | ||
54 | OUTPUT="$OUTPUT | ||
55 | $OUT" | ||
56 | fi | ||
57 | if [ "$ERR" != 0 ]; then | ||
58 | ERRORS="$ERRORS ssh" | ||
59 | fi | ||
60 | rm -rf Monitor | ||
61 | |||
62 | if [ -n "$ERRORS" ]; then | ||
63 | echo "gitolite CRITICAL - impossible to clone via$ERRORS|$OUTPUT" | ||
64 | exit 2 | ||
65 | else | ||
66 | echo "gitolite OK - ssh, git, http and https work|$OUTPUT" | ||
67 | exit 0 | ||
68 | fi | ||
diff --git a/modules/private/monitoring/plugins/check_imap_connection b/modules/private/monitoring/plugins/check_imap_connection new file mode 100755 index 0000000..304eae6 --- /dev/null +++ b/modules/private/monitoring/plugins/check_imap_connection | |||
@@ -0,0 +1,52 @@ | |||
1 | #!/usr/bin/env perl | ||
2 | |||
3 | use strict; | ||
4 | use Getopt::Std; | ||
5 | $| = 1; | ||
6 | |||
7 | my %opts; | ||
8 | getopts('h:u:p:H:', \%opts); | ||
9 | |||
10 | my $STATE_OK = 0; | ||
11 | my $STATE_WARNING = 1; | ||
12 | my $STATE_CRITICAL = 2; | ||
13 | my $STATE_UNKNOWN = 3; | ||
14 | |||
15 | if ($opts{'h'} || !$opts{'u'} || !$opts{'p'} || !$opts{'H'}) { | ||
16 | &print_help(); | ||
17 | exit($STATE_UNKNOWN); | ||
18 | } | ||
19 | |||
20 | my $user = $opts{'u'}; | ||
21 | my $password = $opts{'p'}; | ||
22 | my $host = $opts{'H'}; | ||
23 | |||
24 | my $cmd_result = `(echo "a login $user $password"; echo "b logout") | openssl s_client -quiet -ign_eof -connect $host -starttls imap 2>&1`; | ||
25 | my $expected_result = "a OK Logged in"; | ||
26 | |||
27 | chomp($cmd_result); | ||
28 | if ($cmd_result !~ /$expected_result/) { | ||
29 | print "IMAP CRITICAL - Unable to connect via imaps\n"; | ||
30 | exit($STATE_CRITICAL); | ||
31 | } else { | ||
32 | print "IMAP OK - imaps connected successfully\n"; | ||
33 | exit($STATE_OK); | ||
34 | } | ||
35 | |||
36 | sub print_help() { | ||
37 | print << "EOF"; | ||
38 | Check whether imap works via ssl and is able to connect its database. | ||
39 | |||
40 | Options: | ||
41 | -h | ||
42 | Print detailed help screen | ||
43 | -u | ||
44 | User to log in as | ||
45 | -p | ||
46 | Password to log in | ||
47 | -H | ||
48 | Host to log in to | ||
49 | |||
50 | EOF | ||
51 | } | ||
52 | |||
diff --git a/modules/private/monitoring/plugins/check_maison_bbc b/modules/private/monitoring/plugins/check_maison_bbc new file mode 100755 index 0000000..43a5817 --- /dev/null +++ b/modules/private/monitoring/plugins/check_maison_bbc | |||
@@ -0,0 +1,41 @@ | |||
1 | #!/usr/bin/env bash | ||
2 | |||
3 | # kw, kwh, th_hr Bureau, th_hr Chambre_RDC, th_hr Exterieure, th_hr | ||
4 | # Garage, th_hr Mezzanine, th_hr Sejour, th_hr Soufflage | ||
5 | |||
6 | alert=$(date +"%F %H:%M:%S" -d "3 hours ago") | ||
7 | res=$(curl https://maison.bbc.bouya.org/stats.php) | ||
8 | |||
9 | ignored_text="th_hr Exterieure th_hr Soufflage" | ||
10 | |||
11 | ignored_bat="^$" | ||
12 | ignored="^(th_hr Exterieure|th_hr Soufflage)$" | ||
13 | |||
14 | missing() { | ||
15 | echo "to_entries|[.[]|select(.value < \"$alert\" and .key != \"bat\" $1)|.key + \": \" + .value]|join(\" ; \")" | ||
16 | } | ||
17 | |||
18 | missing_check=$(echo "$res" | jq -r "$(missing "and (.key | test(\"$ignored\") | not)")") | ||
19 | missing_show=$(echo "$res" | jq -r "$(missing "")") | ||
20 | |||
21 | battery() { | ||
22 | echo ".bat|to_entries|[.[]|select((.value[0] < \"$alert\" or (.value[1] | test(\"^0|1|2$\") | not)) $1)|.key + \": \" + .value[0] + \" bat \" + .value[1]]|join(\" ; \")" | ||
23 | } | ||
24 | |||
25 | bat_check=$(echo "$res" | jq -r "$(battery "and (.key | test(\"$ignored_bat\") | not)")") | ||
26 | bat_show=$(echo "$res" | jq -r "$(battery "")") | ||
27 | |||
28 | if [ -n "$missing_check" -o -n "$bat_check" ]; then | ||
29 | text="" | ||
30 | if [ -n "$missing_show" ]; then | ||
31 | text="$text - Dernières dates: $missing_show" | ||
32 | fi | ||
33 | if [ -n "$bat_show" ]; then | ||
34 | text="$text - Batteries: $bat_show" | ||
35 | fi | ||
36 | echo "Zibase CRITICAL$text" | ||
37 | exit 2 | ||
38 | else | ||
39 | echo "Zibase OK - Derniers événements il y a moins de 3h (ignorés : $ignored_text)" | ||
40 | exit 0 | ||
41 | fi | ||
diff --git a/modules/private/monitoring/plugins/notify_by_email b/modules/private/monitoring/plugins/notify_by_email index ad0dcc7..959db26 100755 --- a/modules/private/monitoring/plugins/notify_by_email +++ b/modules/private/monitoring/plugins/notify_by_email | |||
@@ -26,6 +26,4 @@ else | |||
26 | subject="** $NOTIFICATION_TYPE Service Alert: $HOST_ALIAS/$SERVICEDESC is $SERVICESTATE **" | 26 | subject="** $NOTIFICATION_TYPE Service Alert: $HOST_ALIAS/$SERVICEDESC is $SERVICESTATE **" |
27 | fi | 27 | fi |
28 | 28 | ||
29 | # sendwait waits for sendmail to finish its job, otherwise it continues in the | 29 | echo "$message" | MAILRC=/dev/null mail -r "$ADMINEMAIL" -n -s "$subject" "$CONTACT" |
30 | # background and gets killed too early | ||
31 | echo "$message" | MAILRC=/dev/null mail -r "naemon@immae.eu" -n -Ssendwait -s "$subject" "$CONTACT" | ||
diff --git a/modules/private/monitoring/plugins/notify_by_slack b/modules/private/monitoring/plugins/notify_by_slack new file mode 100755 index 0000000..b59a403 --- /dev/null +++ b/modules/private/monitoring/plugins/notify_by_slack | |||
@@ -0,0 +1,46 @@ | |||
1 | #!/usr/bin/env bash | ||
2 | |||
3 | SLACK_CHANNEL="$1" | ||
4 | SLACK_USERNAME="Naemon" | ||
5 | SLACK_URL="$2" | ||
6 | SLACK_USERICON="https://release.immae.eu/monitoring.png" | ||
7 | |||
8 | if [ "$SERVICESTATE" = "CRITICAL" ]; then | ||
9 | ICON=":exclamation:" | ||
10 | COLOR="#DA0505" | ||
11 | elif [ "$SERVICESTATE" = "WARNING" ]; then | ||
12 | ICON=":warning:" | ||
13 | COLOR="#F1E903" | ||
14 | elif [ "$SERVICESTATE" = "OK" ]; then | ||
15 | ICON=":white_check_mark:" | ||
16 | COLOR="#36a64f" | ||
17 | elif [ "$SERVICESTATE" = "UNKNOWN" ]; then | ||
18 | ICON=":question:" | ||
19 | COLOR="#000000" | ||
20 | else | ||
21 | ICON=":white_medium_square:" | ||
22 | COLOR="#ffffff" | ||
23 | fi | ||
24 | |||
25 | payload=$(echo "{}" | jq -r \ | ||
26 | --arg "icon_url" "$SLACK_USERICON" \ | ||
27 | --arg "channel" "$SLACK_CHANNEL" \ | ||
28 | --arg "username" "$SLACK_USERNAME" \ | ||
29 | --arg "text" "${ICON} ${SERVICEDESC} on ${HOST} is ${SERVICESTATE}" \ | ||
30 | --arg "color" "$COLOR" \ | ||
31 | --arg "host" "$HOST" \ | ||
32 | --arg "desc" "$SERVICEDESC" \ | ||
33 | --arg "state" "$SERVICESTATE" \ | ||
34 | --arg "output" "$SERVICEOUTPUT" \ | ||
35 | '.icon_url = $icon_url | | ||
36 | .channel = $channel | | ||
37 | .username = $username | | ||
38 | .text = $text | | ||
39 | .attachments = [{fallback:"", color:$color,fields: [{},{},{},{}]}] | | ||
40 | .attachments[0].fields[0] = {title:"Host",value:$host,short:true} | | ||
41 | .attachments[0].fields[1] = {title:"Service description",value:$desc,short:true} | | ||
42 | .attachments[0].fields[2] = {title:"Status",value:$state,short:true} | | ||
43 | .attachments[0].fields[3] = {title:"Message",value:$output,short:false} | ||
44 | ') | ||
45 | |||
46 | curl -X POST --data "payload=$payload" $SLACK_URL | ||
diff --git a/modules/private/monitoring/plugins/notify_maison_bbc_by_email b/modules/private/monitoring/plugins/notify_maison_bbc_by_email new file mode 100755 index 0000000..84958b8 --- /dev/null +++ b/modules/private/monitoring/plugins/notify_maison_bbc_by_email | |||
@@ -0,0 +1,27 @@ | |||
1 | #!/usr/bin/env bash | ||
2 | |||
3 | # $1 = service/host | ||
4 | |||
5 | # $2 = type (PROBLEM RECOVERY ACKNOWLEDGEMENT FLAPPINGSTART FLAPPINGSTOP FLAPPINGDISABLED DOWNTIMESTART DOWNTIMESTOP DOWNTIMECANCELLED) | ||
6 | # http://www.naemon.org/documentation/usersguide/macrolist.html#notificationtype | ||
7 | |||
8 | # $3 = host alias | ||
9 | |||
10 | # $4 = date (YYYY-MM-DDTHH:MM:SS) | ||
11 | |||
12 | # $5 = E-mail | ||
13 | |||
14 | NOTIFICATION_TYPE="$2" | ||
15 | DATE="$4" | ||
16 | CONTACT="$5" | ||
17 | |||
18 | output=$(echo "$SERVICEOUTPUT" | awk '{gsub(" - ", "\n\n", $0); gsub (" (;|:) ", "\n ", $0); gsub(" dates: ", " dates:\n ", $0); gsub("Batteries: ", "Batteries:\n ", $0); print $0}') | ||
19 | if [ "$NOTIFICATION_TYPE" = "RECOVERY" ]; then | ||
20 | subject="Fin d'alerte Maison BBC Zibase" | ||
21 | message=$(printf "%b" "Alerte terminée le $DATE.\nInformations:\n$output") | ||
22 | else | ||
23 | subject="Alerte Maison BBC Zibase" | ||
24 | message=$(printf "%b" "Alerte lancée le $DATE.\nInformations:\n$output") | ||
25 | fi | ||
26 | |||
27 | echo "$message" | MAILRC=/dev/null mail -r "$ADMINEMAIL" -n -s "$subject" "$CONTACT" | ||
diff --git a/modules/private/monitoring/to_objects.nix b/modules/private/monitoring/to_objects.nix index 5ad76e0..7b4b523 100644 --- a/modules/private/monitoring/to_objects.nix +++ b/modules/private/monitoring/to_objects.nix | |||
@@ -17,7 +17,7 @@ let | |||
17 | define service { | 17 | define service { |
18 | ${builtins.concatStringsSep "\n" (mapAttrsToList (k: v: | 18 | ${builtins.concatStringsSep "\n" (mapAttrsToList (k: v: |
19 | " ${pad 30 k} ${toStr k v}" | 19 | " ${pad 30 k} ${toStr k v}" |
20 | ) service)} | 20 | ) (filterAttrs (k: v: ! builtins.elem k ["passiveInfo" "filter"]) service))} |
21 | } | 21 | } |
22 | ''; | 22 | ''; |
23 | toServices = services: builtins.concatStringsSep "\n" (map toService services); | 23 | toServices = services: builtins.concatStringsSep "\n" (map toService services); |
@@ -59,7 +59,7 @@ let | |||
59 | then toCommands v | 59 | then toCommands v |
60 | else if keyname == "templates" | 60 | else if keyname == "templates" |
61 | then toTemplates v | 61 | then toTemplates v |
62 | else if builtins.elem keyname ["host" "contactgroup" "contact" "timeperiod"] | 62 | else if builtins.elem keyname ["hostgroup" "host" "contactgroup" "contact" "timeperiod" "servicegroup"] |
63 | then toOthers keyname v | 63 | then toOthers keyname v |
64 | else ""; | 64 | else ""; |
65 | toObjects = v: builtins.concatStringsSep "\n" (mapAttrsToList toObjects' v); | 65 | toObjects = v: builtins.concatStringsSep "\n" (mapAttrsToList toObjects' v); |
diff --git a/modules/private/system/monitoring-1.nix b/modules/private/system/monitoring-1.nix new file mode 100644 index 0000000..1460478 --- /dev/null +++ b/modules/private/system/monitoring-1.nix | |||
@@ -0,0 +1,41 @@ | |||
1 | { privateFiles }: | ||
2 | { config, pkgs, resources, ... }: | ||
3 | { | ||
4 | boot.kernelPackages = pkgs.linuxPackages_latest; | ||
5 | myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; }; | ||
6 | hostEnv.FQDN = "monitoring-1.v.immae.eu"; | ||
7 | |||
8 | imports = builtins.attrValues (import ../..); | ||
9 | |||
10 | deployment = { | ||
11 | targetEnv = "hetznerCloud"; | ||
12 | hetznerCloud = { | ||
13 | authToken = config.myEnv.hetznerCloud.authToken; | ||
14 | datacenter = "hel1-dc2"; | ||
15 | location ="hel1"; | ||
16 | serverType = "cx11"; | ||
17 | }; | ||
18 | }; | ||
19 | |||
20 | myServices.monitoring.enable = true; | ||
21 | myServices.monitoring.master = true; | ||
22 | myServices.status.enable = true; | ||
23 | networking = { | ||
24 | firewall.enable = true; | ||
25 | interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList | ||
26 | (n: ips: { address = ips.ip4; prefixLength = 32; }) | ||
27 | (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.myEnv.servers.monitoring-1.ips); | ||
28 | interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList | ||
29 | (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) | ||
30 | config.myEnv.servers.monitoring-1.ips); | ||
31 | defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; | ||
32 | }; | ||
33 | myServices.mailRelay.enable = true; | ||
34 | |||
35 | # This value determines the NixOS release with which your system is | ||
36 | # to be compatible, in order to avoid breaking some software such as | ||
37 | # database servers. You should change this only after NixOS release | ||
38 | # notes say you should. | ||
39 | # https://nixos.org/nixos/manual/release-notes.html | ||
40 | system.stateVersion = "19.03"; # Did you read the comment? | ||
41 | } | ||
diff --git a/nixops/Makefile b/nixops/Makefile index 5e654ee..02d34f8 100644 --- a/nixops/Makefile +++ b/nixops/Makefile | |||
@@ -36,6 +36,9 @@ ssh-eldiron: | |||
36 | ssh-backup-2: | 36 | ssh-backup-2: |
37 | $(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS) | 37 | $(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS) |
38 | 38 | ||
39 | ssh-monitoring-1: | ||
40 | $(NIXOPS_PRIV) ssh monitoring-1 -- $(SSH_ARGS) | ||
41 | |||
39 | info: | 42 | info: |
40 | $(NIXOPS_PRIV) list | 43 | $(NIXOPS_PRIV) list |
41 | $(NIXOPS_PRIV) info | 44 | $(NIXOPS_PRIV) info |
@@ -74,11 +77,15 @@ list-generations: | |||
74 | delete-generations: | 77 | delete-generations: |
75 | nix-env -p $(profile) --delete-generations $(GEN) | 78 | nix-env -p $(profile) --delete-generations $(GEN) |
76 | $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) | 79 | $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) |
80 | $(NIXOPS_PRIV) ssh backup-2 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) | ||
81 | $(NIXOPS_PRIV) ssh monitoring-1 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) | ||
77 | .PHONY: delete-generations | 82 | .PHONY: delete-generations |
78 | 83 | ||
79 | cleanup: delete-generations | 84 | cleanup: delete-generations |
80 | nix-store --gc | 85 | nix-store --gc |
81 | $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc | 86 | $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc |
87 | $(NIXOPS_PRIV) ssh backup-2 -- nix-store --gc | ||
88 | $(NIXOPS_PRIV) ssh monitoring-1 -- nix-store --gc | ||
82 | .PHONY: cleanup | 89 | .PHONY: cleanup |
83 | 90 | ||
84 | ###### Pull environment and deployment from remote | 91 | ###### Pull environment and deployment from remote |
diff --git a/nixops/default.nix b/nixops/default.nix index 45a235e..5f4f4d2 100644 --- a/nixops/default.nix +++ b/nixops/default.nix | |||
@@ -9,4 +9,5 @@ | |||
9 | resources.sshKeyPairs.ssh-key = {}; | 9 | resources.sshKeyPairs.ssh-key = {}; |
10 | eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; }; | 10 | eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; }; |
11 | backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; }; | 11 | backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; }; |
12 | monitoring-1 = import ../modules/private/system/monitoring-1.nix { inherit privateFiles; }; | ||
12 | } | 13 | } |