From: Peter Palfrader Date: Tue, 16 Feb 2010 02:09:39 +0000 (+0100) Subject: Try making monit on squeeze work X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f3878ee32e4159ff315d96b980a1aec9cb4da82a;p=mirror%2Fdsa-puppet.git Try making monit on squeeze work --- diff --git a/modules/monit/files/default b/modules/monit/files/default deleted file mode 100644 index afacfee2d..000000000 --- a/modules/monit/files/default +++ /dev/null @@ -1,16 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -# Defaults for monit initscript -# sourced by /etc/init.d/monit -# installed at /etc/default/monit by maintainer scripts -# Fredrik Steen - -# You must set this variable to for monit to start -startup=1 - -# To change the intervals which monit should run uncomment -# and change this variable. -CHECK_INTERVALS=300 diff --git a/modules/monit/files/monitrc b/modules/monit/files/monitrc deleted file mode 100644 index e18f5b849..000000000 --- a/modules/monit/files/monitrc +++ /dev/null @@ -1,219 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## -############################################################################### -## Monit control file -############################################################################### -## -## Comments begin with a '#' and extend through the end of the line. Keywords -## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. -## -## Below you will find examples of some frequently used statements. For -## information about the control file, a complete list of statements and -## options please have a look in the monit manual. -## -## -############################################################################### -## Global section -############################################################################### -## -## Start monit in the background (run as a daemon) and check services at -## 2-minute intervals. -# -# set daemon 120 -# -# -## Set syslog logging with the 'daemon' facility. If the FACILITY option is -## omitted, monit will use 'user' facility by default. If you want to log to -## a stand alone log file instead, specify the path to a log file -# -# set logfile syslog facility log_daemon -# -# -## Set the list of mail servers for alert delivery. Multiple servers may be -## specified using comma separator. By default monit uses port 25 - this -## is possible to override with the PORT option. -# -# set mailserver mail.bar.baz, # primary mailserver -# backup.bar.baz port 10025, # backup mailserver on port 10025 -# localhost # fallback relay -# -# -## By default monit will drop alert events if no mail servers are available. -## If you want to keep the alerts for a later delivery retry, you can use the -## EVENTQUEUE statement. The base directory where undelivered alerts will be -## stored is specified by the BASEDIR option. You can limit the maximal queue -## size using the SLOTS option (if omitted, the queue is limited by space -## available in the back end filesystem). -# -# set eventqueue -# basedir /var/monit # set the base directory where events will be stored -# slots 100 # optionaly limit the queue size -# -# -## Monit by default uses the following alert mail format: -## -## --8<-- -## From: monit@$HOST # sender -## Subject: monit alert -- $EVENT $SERVICE # subject -## -## $EVENT Service $SERVICE # -## # -## Date: $DATE # -## Action: $ACTION # -## Host: $HOST # body -## Description: $DESCRIPTION # -## # -## Your faithful employee, # -## monit # -## --8<-- -## -## You can override this message format or parts of it, such as subject -## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. -## are expanded at runtime. For example, to override the sender: -# -# set mail-format { from: monit@foo.bar } -# -# -## You can set alert recipients here whom will receive alerts if/when a -## service defined in this file has errors. Alerts may be restricted on -## events by using a filter as in the second example below. -# -# set alert sysadm@foo.bar # receive all alerts -# set alert manager@foo.bar only on { timeout } # receive just service- -# # timeout alert -# -# -## Monit has an embedded web server which can be used to view status of -## services monitored, the current configuration, actual services parameters -## and manage services from a web interface. -# -# set httpd port 2812 and -# use address localhost # only accept connection from localhost -# allow localhost # allow localhost to connect to the server and -# allow admin:monit # require user 'admin' with password 'monit' -# -# -############################################################################### -## Services -############################################################################### -## -## Check general system resources such as load average, cpu and memory -## usage. Each test specifies a resource, conditions and the action to be -## performed should a test fail. -# -# check system myhost.mydomain.tld -# if loadavg (1min) > 4 then alert -# if loadavg (5min) > 2 then alert -# if memory usage > 75% then alert -# if cpu usage (user) > 70% then alert -# if cpu usage (system) > 30% then alert -# if cpu usage (wait) > 20% then alert -# -# -## Check a file for existence, checksum, permissions, uid and gid. In addition -## to alert recipients in the global section, customized alert will be sent to -## additional recipients by specifying a local alert handler. The service may -## be grouped using the GROUP option. -# -# check file apache_bin with path /usr/local/apache/bin/httpd -# if failed checksum and -# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor -# if failed permission 755 then unmonitor -# if failed uid root then unmonitor -# if failed gid root then unmonitor -# alert security@foo.bar on { -# checksum, permission, uid, gid, unmonitor -# } with the mail-format { subject: Alarm! } -# group server -# -# -## Check that a process is running, in this case Apache, and that it respond -## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, -## and number of children. If the process is not running, monit will restart -## it by default. In case the service was restarted very often and the -## problem remains, it is possible to disable monitoring using the TIMEOUT -## statement. This service depends on another service (apache_bin) which -## is defined above. -# -# check process apache with pidfile /usr/local/apache/logs/httpd.pid -# start program = "/etc/init.d/httpd start" -# stop program = "/etc/init.d/httpd stop" -# if cpu > 60% for 2 cycles then alert -# if cpu > 80% for 5 cycles then restart -# if totalmem > 200.0 MB for 5 cycles then restart -# if children > 250 then restart -# if loadavg(5min) greater than 10 for 8 cycles then stop -# if failed host www.tildeslash.com port 80 protocol http -# and request "/monit/doc/next.php" -# then restart -# if failed port 443 type tcpssl protocol http -# with timeout 15 seconds -# then restart -# if 3 restarts within 5 cycles then timeout -# depends on apache_bin -# group server -# -# -## Check device permissions, uid, gid, space and inode usage. Other services, -## such as databases, may depend on this resource and an automatically graceful -## stop may be cascaded to them before the filesystem will become full and data -## lost. -# -# check device datafs with path /dev/sdb1 -# start program = "/bin/mount /data" -# stop program = "/bin/umount /data" -# if failed permission 660 then unmonitor -# if failed uid root then unmonitor -# if failed gid disk then unmonitor -# if space usage > 80% for 5 times within 15 cycles then alert -# if space usage > 99% then stop -# if inode usage > 30000 then alert -# if inode usage > 99% then stop -# group server -# -# -## Check a file's timestamp. In this example, we test if a file is older -## than 15 minutes and assume something is wrong if its not updated. Also, -## if the file size exceed a given limit, execute a script -# -# check file database with path /data/mydatabase.db -# if failed permission 700 then alert -# if failed uid data then alert -# if failed gid data then alert -# if timestamp > 15 minutes then alert -# if size > 100 MB then exec "/my/cleanup/script" -# -# -## Check directory permission, uid and gid. An event is triggered if the -## directory does not belong to the user with uid 0 and gid 0. In addition, -## the permissions have to match the octal description of 755 (see chmod(1)). -# -# check directory bin with path /bin -# if failed permission 755 then unmonitor -# if failed uid 0 then unmonitor -# if failed gid 0 then unmonitor -# -# -## Check a remote host network services availability using a ping test and -## check response content from a web server. Up to three pings are sent and -## connection to a port and a application level network check is performed. -# -# check host myserver with address 192.168.1.1 -# if failed icmp type echo count 3 with timeout 3 seconds then alert -# if failed port 3306 protocol mysql with timeout 15 seconds then alert -# if failed url -# http://user:password@www.foo.bar:8080/?querystring -# and content == 'action="j_security_check"' -# then alert -# -# -############################################################################### -## Includes -############################################################################### -## -## It is possible to include additional configuration parts from other files or -## directories. -# -include /etc/monit/monit.d/* diff --git a/modules/monit/manifests/init.pp b/modules/monit/manifests/init.pp index 5e1ebe084..b7e909d1c 100644 --- a/modules/monit/manifests/init.pp +++ b/modules/monit/manifests/init.pp @@ -11,7 +11,7 @@ class monit { ; "/etc/monit/monitrc": - source => "puppet:///monit/monitrc", + content => template("monit/monitrc.erb"), require => Package["monit"], notify => Exec["monit restart"], mode => 400 @@ -40,7 +40,7 @@ class monit { ; "/etc/default/monit": - source => "puppet:///monit/default", + content => template("monit/default.erb"), require => Package["monit"], notify => Exec["monit restart"] ; diff --git a/modules/monit/templates/default.erb b/modules/monit/templates/default.erb new file mode 100644 index 000000000..d89d3265d --- /dev/null +++ b/modules/monit/templates/default.erb @@ -0,0 +1,19 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## + +# Defaults for monit initscript +# sourced by /etc/init.d/monit +# installed at /etc/default/monit by maintainer scripts +# Fredrik Steen + +# You must set this variable to for monit to start +startup=1 +<% if nodeinfo.has_key?('squeeze') and not nodeinfo['squeeze'].empty? %> +<% else %> + +# To change the intervals which monit should run uncomment +# and change this variable. +CHECK_INTERVALS=300 +<% end %> diff --git a/modules/monit/templates/monitrc.erb b/modules/monit/templates/monitrc.erb new file mode 100644 index 000000000..dc46f1951 --- /dev/null +++ b/modules/monit/templates/monitrc.erb @@ -0,0 +1,222 @@ +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## +############################################################################### +## Monit control file +############################################################################### +## +## Comments begin with a '#' and extend through the end of the line. Keywords +## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. +## +## Below you will find examples of some frequently used statements. For +## information about the control file, a complete list of statements and +## options please have a look in the monit manual. +## +## +############################################################################### +## Global section +############################################################################### +## +## Start monit in the background (run as a daemon) and check services at +## 2-minute intervals. +# +<% if nodeinfo.has_key?('squeeze') and not nodeinfo['squeeze'].empty? %> +set daemon 300 +<% else %> +<% end %> +# +# +## Set syslog logging with the 'daemon' facility. If the FACILITY option is +## omitted, monit will use 'user' facility by default. If you want to log to +## a stand alone log file instead, specify the path to a log file +# +# set logfile syslog facility log_daemon +# +# +## Set the list of mail servers for alert delivery. Multiple servers may be +## specified using comma separator. By default monit uses port 25 - this +## is possible to override with the PORT option. +# +# set mailserver mail.bar.baz, # primary mailserver +# backup.bar.baz port 10025, # backup mailserver on port 10025 +# localhost # fallback relay +# +# +## By default monit will drop alert events if no mail servers are available. +## If you want to keep the alerts for a later delivery retry, you can use the +## EVENTQUEUE statement. The base directory where undelivered alerts will be +## stored is specified by the BASEDIR option. You can limit the maximal queue +## size using the SLOTS option (if omitted, the queue is limited by space +## available in the back end filesystem). +# +# set eventqueue +# basedir /var/monit # set the base directory where events will be stored +# slots 100 # optionaly limit the queue size +# +# +## Monit by default uses the following alert mail format: +## +## --8<-- +## From: monit@$HOST # sender +## Subject: monit alert -- $EVENT $SERVICE # subject +## +## $EVENT Service $SERVICE # +## # +## Date: $DATE # +## Action: $ACTION # +## Host: $HOST # body +## Description: $DESCRIPTION # +## # +## Your faithful employee, # +## monit # +## --8<-- +## +## You can override this message format or parts of it, such as subject +## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. +## are expanded at runtime. For example, to override the sender: +# +# set mail-format { from: monit@foo.bar } +# +# +## You can set alert recipients here whom will receive alerts if/when a +## service defined in this file has errors. Alerts may be restricted on +## events by using a filter as in the second example below. +# +# set alert sysadm@foo.bar # receive all alerts +# set alert manager@foo.bar only on { timeout } # receive just service- +# # timeout alert +# +# +## Monit has an embedded web server which can be used to view status of +## services monitored, the current configuration, actual services parameters +## and manage services from a web interface. +# +# set httpd port 2812 and +# use address localhost # only accept connection from localhost +# allow localhost # allow localhost to connect to the server and +# allow admin:monit # require user 'admin' with password 'monit' +# +# +############################################################################### +## Services +############################################################################### +## +## Check general system resources such as load average, cpu and memory +## usage. Each test specifies a resource, conditions and the action to be +## performed should a test fail. +# +# check system myhost.mydomain.tld +# if loadavg (1min) > 4 then alert +# if loadavg (5min) > 2 then alert +# if memory usage > 75% then alert +# if cpu usage (user) > 70% then alert +# if cpu usage (system) > 30% then alert +# if cpu usage (wait) > 20% then alert +# +# +## Check a file for existence, checksum, permissions, uid and gid. In addition +## to alert recipients in the global section, customized alert will be sent to +## additional recipients by specifying a local alert handler. The service may +## be grouped using the GROUP option. +# +# check file apache_bin with path /usr/local/apache/bin/httpd +# if failed checksum and +# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor +# if failed permission 755 then unmonitor +# if failed uid root then unmonitor +# if failed gid root then unmonitor +# alert security@foo.bar on { +# checksum, permission, uid, gid, unmonitor +# } with the mail-format { subject: Alarm! } +# group server +# +# +## Check that a process is running, in this case Apache, and that it respond +## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, +## and number of children. If the process is not running, monit will restart +## it by default. In case the service was restarted very often and the +## problem remains, it is possible to disable monitoring using the TIMEOUT +## statement. This service depends on another service (apache_bin) which +## is defined above. +# +# check process apache with pidfile /usr/local/apache/logs/httpd.pid +# start program = "/etc/init.d/httpd start" +# stop program = "/etc/init.d/httpd stop" +# if cpu > 60% for 2 cycles then alert +# if cpu > 80% for 5 cycles then restart +# if totalmem > 200.0 MB for 5 cycles then restart +# if children > 250 then restart +# if loadavg(5min) greater than 10 for 8 cycles then stop +# if failed host www.tildeslash.com port 80 protocol http +# and request "/monit/doc/next.php" +# then restart +# if failed port 443 type tcpssl protocol http +# with timeout 15 seconds +# then restart +# if 3 restarts within 5 cycles then timeout +# depends on apache_bin +# group server +# +# +## Check device permissions, uid, gid, space and inode usage. Other services, +## such as databases, may depend on this resource and an automatically graceful +## stop may be cascaded to them before the filesystem will become full and data +## lost. +# +# check device datafs with path /dev/sdb1 +# start program = "/bin/mount /data" +# stop program = "/bin/umount /data" +# if failed permission 660 then unmonitor +# if failed uid root then unmonitor +# if failed gid disk then unmonitor +# if space usage > 80% for 5 times within 15 cycles then alert +# if space usage > 99% then stop +# if inode usage > 30000 then alert +# if inode usage > 99% then stop +# group server +# +# +## Check a file's timestamp. In this example, we test if a file is older +## than 15 minutes and assume something is wrong if its not updated. Also, +## if the file size exceed a given limit, execute a script +# +# check file database with path /data/mydatabase.db +# if failed permission 700 then alert +# if failed uid data then alert +# if failed gid data then alert +# if timestamp > 15 minutes then alert +# if size > 100 MB then exec "/my/cleanup/script" +# +# +## Check directory permission, uid and gid. An event is triggered if the +## directory does not belong to the user with uid 0 and gid 0. In addition, +## the permissions have to match the octal description of 755 (see chmod(1)). +# +# check directory bin with path /bin +# if failed permission 755 then unmonitor +# if failed uid 0 then unmonitor +# if failed gid 0 then unmonitor +# +# +## Check a remote host network services availability using a ping test and +## check response content from a web server. Up to three pings are sent and +## connection to a port and a application level network check is performed. +# +# check host myserver with address 192.168.1.1 +# if failed icmp type echo count 3 with timeout 3 seconds then alert +# if failed port 3306 protocol mysql with timeout 15 seconds then alert +# if failed url +# http://user:password@www.foo.bar:8080/?querystring +# and content == 'action="j_security_check"' +# then alert +# +# +############################################################################### +## Includes +############################################################################### +## +## It is possible to include additional configuration parts from other files or +## directories. +# +include /etc/monit/monit.d/*