diff --git a/attributes/default.rb b/attributes/default.rb index ba11738..044211e 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -11,3 +11,9 @@ monit EOS +case node['platform'] + when "centos", "redhat", "fedora" + default[:monit][:include_dir] = '/etc/monit.d' + else + default[:monit][:include_dir] = '/etc/monit/conf.d' +end diff --git a/files/debian/monit.default b/files/debian/monit.default new file mode 100644 index 0000000..bfd494c --- /dev/null +++ b/files/debian/monit.default @@ -0,0 +1,11 @@ +# Defaults for monit initscript +# sourced by /etc/init.d/monit +# installed at /etc/default/monit by chef + +# You must set this variable to for monit to start +startup=1 + +# To change the intervals which monit should run, +# edit the configuration file /etc/monit/monitrc +# It can no longer be configured here. + diff --git a/files/default/dummy.conf b/files/default/dummy.conf new file mode 100644 index 0000000..c4539aa --- /dev/null +++ b/files/default/dummy.conf @@ -0,0 +1 @@ +#an empty file because monit would not start if the conf.d dir is empty \ No newline at end of file diff --git a/libraries/monitrc.rb b/libraries/monitrc.rb index bab4f49..a4c64d4 100644 --- a/libraries/monitrc.rb +++ b/libraries/monitrc.rb @@ -4,14 +4,22 @@ class Recipe # variables Hash of variables to pass to the template # reload Reload monit so it notices the new service. :delayed (default) or :immediately. def monitrc(name, variables={}, reload = :delayed) - log "Making monitrc for: #{name}" - template "/etc/monit/conf.d/#{name}.conf" do + Chef::Log.info "Making monitrc for: #{name}" + + action = :restart + if platform?(%W(fedora centos redhat)) + action = :reload + end + + template "#{node[:monit][:include_dir]}/#{name}.conf" do owner "root" group "root" mode 0644 + #this should be "monit/#{name}.conf.erb" or "#{name}.monit.conf.erb" to not conflict with other conf files + #but this is a non backward compat change. I'll leave it to the owner of the cookbook source "#{name}.conf.erb" variables variables - notifies :restart, resources(:service => "monit"), reload + notifies action, resources(:service => "monit"), reload action :create end end diff --git a/metadata.rb b/metadata.rb index f78e91d..ce0d269 100644 --- a/metadata.rb +++ b/metadata.rb @@ -5,6 +5,9 @@ long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc')) version "0.7" +%w{debian ubuntu redhat centos fedora}.each do |os| + supports os +end attribute 'monit/notify_email', :description => 'The email address to send alerts to.', @@ -20,4 +23,3 @@ :description => 'When monit first starts, how long to delay before it starts performing checks', :type => "string", :required => "recommended" - diff --git a/recipes/default.rb b/recipes/default.rb index d8621c8..e493d08 100755 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -2,7 +2,23 @@ action :install end -if platform?("ubuntu") +#### prepare directories and additional things ### +include_dir = node[:monit][:include_dir] +if platform?(%W(fedora centos redhat)) + directory include_dir do + owner 'root' + group 'root' + action :create + recursive true + end +else + #assume debian|ubuntu + directory include_dir do + owner 'root' + group 'root' + action :create + recursive true + end cookbook_file "/etc/default/monit" do source "monit.default" owner "root" @@ -10,25 +26,39 @@ mode 0644 end end +cookbook_file "#{include_dir}/dummy.conf" do + #this is a dummy file in conf.d, monit will not start with this directory empty + source "dummy.conf" +end -service "monit" do - action :start - enabled true - supports [:start, :restart, :stop] +#### main conf #### +if platform?(%W(fedora centos redhat)) + template "monit_conf" do + path "/etc/monit.conf" + source 'monitrc.erb' + owner "root" + group "root" + variables :include_path => "#{include_dir}/*.conf" + end +else + #assume debian|ubuntu + template "monit_conf" do + path "/etc/monit/monitrc" + source 'monitrc.erb' + owner "root" + group "root" + variables :include_path => "#{include_dir}/*.conf" + end end -template "/etc/monit/monitrc" do - owner "root" - group "root" - mode 0700 - source 'monitrc.erb' - notifies :restart, resources(:service => "monit"), :immediate +#### service #### +supports = [:start, :restart, :stop] +if platform?(%W(fedora centos redhat)) + supports << :reload end -directory "/etc/monit/conf.d/" do - owner 'root' - group 'root' - mode 0755 - action :create - recursive true +service "monit" do + action [:enable, :start] + supports supports + subscribes :restart, resources(:template => "monit_conf"), :immediate end diff --git a/templates/centos/monitrc.erb b/templates/centos/monitrc.erb new file mode 100644 index 0000000..5b354fb --- /dev/null +++ b/templates/centos/monitrc.erb @@ -0,0 +1,242 @@ +############################################################################### +## Monit control file. CHEF HANDLED!!! +############################################################################### +## +## Comments begin with a '#' and extend through the end of the line. Keywords +## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. +## +## Below you will find examples of some frequently used statements. For +## information about the control file and a complete list of statements and +## options, please have a look in the Monit manual. +## +## +############################################################################### +## Global section +############################################################################### +## +## Start Monit in the background (run as a daemon): +# +set daemon <%= @node[:monit][:poll_period] %> # check services at 2-minute intervals +# # default Monit check immediately after Monit start) +# +# +## Set syslog logging with the 'daemon' facility. If the FACILITY option is +## omitted, Monit will use 'user' facility by default. If you want to log to +## a standalone log file instead, specify the full path to the log file +# +set logfile syslog facility log_daemon +# +# +### Set the location of the Monit id file which stores the unique id for the +### Monit instance. The id is generated and stored on first Monit start. By +### default the file is placed in $HOME/.monit.id. +# +# set idfile /var/.monit.id +# +### Set the location of the Monit state file which saves monitoring states +### on each cycle. By default the file is placed in $HOME/.monit.state. If +### the state file is stored on a persistent filesystem, Monit will recover +### the monitoring state across reboots. If it is on temporary filesystem, the +### state will be lost on reboot which may be convenient in some situations. +# +# set statefile /var/.monit.state +# +## Set the list of mail servers for alert delivery. Multiple servers may be +## specified using a comma separator. By default Monit uses port 25 - it is +## possible to override this with the PORT option. +# +# set mailserver mail.bar.baz, # primary mailserver +# backup.bar.baz port 10025, # backup mailserver on port 10025 +# localhost # fallback relay +# +# +## By default Monit will drop alert events if no mail servers are available. +## If you want to keep the alerts for later delivery retry, you can use the +## EVENTQUEUE statement. The base directory where undelivered alerts will be +## stored is specified by the BASEDIR option. You can limit the maximal queue +## size using the SLOTS option (if omitted, the queue is limited by space +## available in the back end filesystem). +# +# set eventqueue +# basedir /var/monit # set the base directory where events will be stored +# slots 100 # optionally limit the queue size +# +# +## Send status and events to M/Monit (for more informations about M/Monit +## see http://mmonit.com/). +# +# set mmonit http://monit:monit@192.168.1.10:8080/collector +# +# +## Monit by default uses the following alert mail format: +## +## --8<-- +## From: monit@$HOST # sender +## Subject: monit alert -- $EVENT $SERVICE # subject +## +## $EVENT Service $SERVICE # +## # +## Date: $DATE # +## Action: $ACTION # +## Host: $HOST # body +## Description: $DESCRIPTION # +## # +## Your faithful employee, # +## Monit # +## --8<-- +## +## You can override this message format or parts of it, such as subject +## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. +## are expanded at runtime. For example, to override the sender, use: +# +set mail-format { + from: <%= @node[:monit][:mail_format][:from] %> + subject: <%= @node[:monit][:mail_format][:subject] %> + message: <%= @node[:monit][:mail_format][:message] %> +} +# +# +## You can set alert recipients whom will receive alerts if/when a +## service defined in this file has errors. Alerts may be restricted on +## events by using a filter as in the second example below. +# +# set alert sysadm@foo.bar # receive all alerts +# set alert manager@foo.bar only on { timeout } # receive just service- +# # timeout alert +# +# +## Monit has an embedded web server which can be used to view status of +## services monitored and manage services from a web interface. See the +## Monit Wiki if you want to enable SSL for the web server. +# +set httpd port 2812 and + use address localhost # only accept connection from localhost + allow localhost # allow localhost to connect to the server and +# allow admin:monit # require user 'admin' with password 'monit' +# allow @monit # allow users of group 'monit' to connect (rw) +# allow @users readonly # allow users of group 'users' to connect readonly +# +# +############################################################################### +## Services +############################################################################### +## +## Check general system resources such as load average, cpu and memory +## usage. Each test specifies a resource, conditions and the action to be +## performed should a test fail. +# +# check system myhost.mydomain.tld +# if loadavg (1min) > 4 then alert +# if loadavg (5min) > 2 then alert +# if memory usage > 75% then alert +# if cpu usage (user) > 70% then alert +# if cpu usage (system) > 30% then alert +# if cpu usage (wait) > 20% then alert +# +# +## Check a file for existence, checksum, permissions, uid and gid. In addition +## to alert recipients in the global section, customized alert can be sent to +## additional recipients by specifying a local alert handler. The service may +## be grouped using the GROUP option. More than one group can be specified by +## repeating the 'group name' statement. +# +# check file apache_bin with path /usr/local/apache/bin/httpd +# if failed checksum and +# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor +# if failed permission 755 then unmonitor +# if failed uid root then unmonitor +# if failed gid root then unmonitor +# alert security@foo.bar on { +# checksum, permission, uid, gid, unmonitor +# } with the mail-format { subject: Alarm! } +# group server +# +# +## Check that a process is running, in this case Apache, and that it respond +## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, +## and number of children. If the process is not running, Monit will restart +## it by default. In case the service is restarted very often and the +## problem remains, it is possible to disable monitoring using the TIMEOUT +## statement. This service depends on another service (apache_bin) which +## is defined above. +# +# check process apache with pidfile /usr/local/apache/logs/httpd.pid +# start program = "/etc/init.d/httpd start" with timeout 60 seconds +# stop program = "/etc/init.d/httpd stop" +# if cpu > 60% for 2 cycles then alert +# if cpu > 80% for 5 cycles then restart +# if totalmem > 200.0 MB for 5 cycles then restart +# if children > 250 then restart +# if loadavg(5min) greater than 10 for 8 cycles then stop +# if failed host www.tildeslash.com port 80 protocol http +# and request "/somefile.html" +# then restart +# if failed port 443 type tcpssl protocol http +# with timeout 15 seconds +# then restart +# if 3 restarts within 5 cycles then timeout +# depends on apache_bin +# group server +# +# +## Check filesystem permissions, uid, gid, space and inode usage. Other services, +## such as databases, may depend on this resource and an automatically graceful +## stop may be cascaded to them before the filesystem will become full and data +## lost. +# +# check filesystem datafs with path /dev/sdb1 +# start program = "/bin/mount /data" +# stop program = "/bin/umount /data" +# if failed permission 660 then unmonitor +# if failed uid root then unmonitor +# if failed gid disk then unmonitor +# if space usage > 80% for 5 times within 15 cycles then alert +# if space usage > 99% then stop +# if inode usage > 30000 then alert +# if inode usage > 99% then stop +# group server +# +# +## Check a file's timestamp. In this example, we test if a file is older +## than 15 minutes and assume something is wrong if its not updated. Also, +## if the file size exceed a given limit, execute a script +# +# check file database with path /data/mydatabase.db +# if failed permission 700 then alert +# if failed uid data then alert +# if failed gid data then alert +# if timestamp > 15 minutes then alert +# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba +# +# +## Check directory permission, uid and gid. An event is triggered if the +## directory does not belong to the user with uid 0 and gid 0. In addition, +## the permissions have to match the octal description of 755 (see chmod(1)). +# +# check directory bin with path /bin +# if failed permission 755 then unmonitor +# if failed uid 0 then unmonitor +# if failed gid 0 then unmonitor +# +# +## Check a remote host availability by issuing a ping test and check the +## content of a response from a web server. Up to three pings are sent and +## connection to a port and an application level network check is performed. +# +# check host myserver with address 192.168.1.1 +# if failed icmp type echo count 3 with timeout 3 seconds then alert +# if failed port 3306 protocol mysql with timeout 15 seconds then alert +# if failed url http://user:password@192.168.1.1:8080/?querystring +# and content == 'action="j_security_check"' +# then alert +# +# +############################################################################### +## Includes +############################################################################### +## +## It is possible to include additional configuration parts from other files or +## directories. +# + +include <%= @include_path %> diff --git a/templates/default/monitrc.erb b/templates/default/monitrc.erb index 30b47d6..623a905 100755 --- a/templates/default/monitrc.erb +++ b/templates/default/monitrc.erb @@ -1,25 +1,249 @@ -set daemon <%= @node[:monit][:poll_period] %> - with start delay <%= @node[:monit][:poll_start_delay] %> - +############################################################################### +## Monit control file. CHEF HANDLED!!! +############################################################################### +## +## Comments begin with a '#' and extend through the end of the line. Keywords +## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. +## +## Below you will find examples of some frequently used statements. For +## information about the control file and a complete list of statements and +## options, please have a look in the Monit manual. +## +## +############################################################################### +## Global section +############################################################################### +## +## Start Monit in the background (run as a daemon): +# +set daemon <%= @node[:monit][:poll_period] %> # check services at 2-minute intervals + with start delay <%= @node[:monit][:poll_start_delay] %> # optional: delay the first check by 4-minutes (by +# # default Monit check immediately after Monit start) +# +# +## Set syslog logging with the 'daemon' facility. If the FACILITY option is +## omitted, Monit will use 'user' facility by default. If you want to log to +## a standalone log file instead, specify the full path to the log file +# set logfile syslog facility log_daemon - +# +# +### Set the location of the Monit id file which stores the unique id for the +### Monit instance. The id is generated and stored on first Monit start. By +### default the file is placed in $HOME/.monit.id. +# +# set idfile /var/.monit.id +# +### Set the location of the Monit state file which saves monitoring states +### on each cycle. By default the file is placed in $HOME/.monit.state. If +### the state file is stored on a persistent filesystem, Monit will recover +### the monitoring state across reboots. If it is on temporary filesystem, the +### state will be lost on reboot which may be convenient in some situations. +# +# set statefile /var/.monit.state +# +## Set the list of mail servers for alert delivery. Multiple servers may be +## specified using a comma separator. By default Monit uses port 25 - it is +## possible to override this with the PORT option. +# +# set mailserver mail.bar.baz, # primary mailserver +# backup.bar.baz port 10025, # backup mailserver on port 10025 +# localhost # fallback relay set mailserver localhost - +# +# +## By default Monit will drop alert events if no mail servers are available. +## If you want to keep the alerts for later delivery retry, you can use the +## EVENTQUEUE statement. The base directory where undelivered alerts will be +## stored is specified by the BASEDIR option. You can limit the maximal queue +## size using the SLOTS option (if omitted, the queue is limited by space +## available in the back end filesystem). +# set eventqueue basedir /var/monit # set the base directory where events will be stored -# slots 1000 # optionaly limit the queue size - -set mail-format { +# slots 100 # optionally limit the queue size +# +# +## Send status and events to M/Monit (for more informations about M/Monit +## see http://mmonit.com/). +# +# set mmonit http://monit:monit@192.168.1.10:8080/collector +# +# +## Monit by default uses the following alert mail format: +## +## --8<-- +## From: monit@$HOST # sender +## Subject: monit alert -- $EVENT $SERVICE # subject +## +## $EVENT Service $SERVICE # +## # +## Date: $DATE # +## Action: $ACTION # +## Host: $HOST # body +## Description: $DESCRIPTION # +## # +## Your faithful employee, # +## Monit # +## --8<-- +## +## You can override this message format or parts of it, such as subject +## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. +## are expanded at runtime. For example, to override the sender, use: +# +set mail-format { from: <%= @node[:monit][:mail_format][:from] %> subject: <%= @node[:monit][:mail_format][:subject] %> message: <%= @node[:monit][:mail_format][:message] %> } +# +# +## You can set alert recipients whom will receive alerts if/when a +## service defined in this file has errors. Alerts may be restricted on +## events by using a filter as in the second example below. +# +# set alert sysadm@foo.bar # receive all alerts +# set alert manager@foo.bar only on { timeout } # receive just service- +# # timeout alert set alert <%= @node[:monit][:notify_email] %> NOT ON { action, instance, pid, ppid } -set httpd port 3737 and - use address localhost - allow localhost +# +# +## Monit has an embedded web server which can be used to view status of +## services monitored and manage services from a web interface. See the +## Monit Wiki if you want to enable SSL for the web server. +# +set httpd port 2812 and + use address localhost # only accept connection from localhost + allow localhost # allow localhost to connect to the server and +# allow admin:monit # require user 'admin' with password 'monit' +# allow @monit # allow users of group 'monit' to connect (rw) +# allow @users readonly # allow users of group 'users' to connect readonly +# +# +############################################################################### +## Services +############################################################################### +## +## Check general system resources such as load average, cpu and memory +## usage. Each test specifies a resource, conditions and the action to be +## performed should a test fail. +# +# check system myhost.mydomain.tld +# if loadavg (1min) > 4 then alert +# if loadavg (5min) > 2 then alert +# if memory usage > 75% then alert +# if cpu usage (user) > 70% then alert +# if cpu usage (system) > 30% then alert +# if cpu usage (wait) > 20% then alert +# +# +## Check a file for existence, checksum, permissions, uid and gid. In addition +## to alert recipients in the global section, customized alert can be sent to +## additional recipients by specifying a local alert handler. The service may +## be grouped using the GROUP option. More than one group can be specified by +## repeating the 'group name' statement. +# +# check file apache_bin with path /usr/local/apache/bin/httpd +# if failed checksum and +# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor +# if failed permission 755 then unmonitor +# if failed uid root then unmonitor +# if failed gid root then unmonitor +# alert security@foo.bar on { +# checksum, permission, uid, gid, unmonitor +# } with the mail-format { subject: Alarm! } +# group server +# +# +## Check that a process is running, in this case Apache, and that it respond +## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, +## and number of children. If the process is not running, Monit will restart +## it by default. In case the service is restarted very often and the +## problem remains, it is possible to disable monitoring using the TIMEOUT +## statement. This service depends on another service (apache_bin) which +## is defined above. +# +# check process apache with pidfile /usr/local/apache/logs/httpd.pid +# start program = "/etc/init.d/httpd start" with timeout 60 seconds +# stop program = "/etc/init.d/httpd stop" +# if cpu > 60% for 2 cycles then alert +# if cpu > 80% for 5 cycles then restart +# if totalmem > 200.0 MB for 5 cycles then restart +# if children > 250 then restart +# if loadavg(5min) greater than 10 for 8 cycles then stop +# if failed host www.tildeslash.com port 80 protocol http +# and request "/somefile.html" +# then restart +# if failed port 443 type tcpssl protocol http +# with timeout 15 seconds +# then restart +# if 3 restarts within 5 cycles then timeout +# depends on apache_bin +# group server +# +# +## Check filesystem permissions, uid, gid, space and inode usage. Other services, +## such as databases, may depend on this resource and an automatically graceful +## stop may be cascaded to them before the filesystem will become full and data +## lost. +# +# check filesystem datafs with path /dev/sdb1 +# start program = "/bin/mount /data" +# stop program = "/bin/umount /data" +# if failed permission 660 then unmonitor +# if failed uid root then unmonitor +# if failed gid disk then unmonitor +# if space usage > 80% for 5 times within 15 cycles then alert +# if space usage > 99% then stop +# if inode usage > 30000 then alert +# if inode usage > 99% then stop +# group server +# +# +## Check a file's timestamp. In this example, we test if a file is older +## than 15 minutes and assume something is wrong if its not updated. Also, +## if the file size exceed a given limit, execute a script +# +# check file database with path /data/mydatabase.db +# if failed permission 700 then alert +# if failed uid data then alert +# if failed gid data then alert +# if timestamp > 15 minutes then alert +# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba +# +# +## Check directory permission, uid and gid. An event is triggered if the +## directory does not belong to the user with uid 0 and gid 0. In addition, +## the permissions have to match the octal description of 755 (see chmod(1)). +# +# check directory bin with path /bin +# if failed permission 755 then unmonitor +# if failed uid 0 then unmonitor +# if failed gid 0 then unmonitor +# +# +## Check a remote host availability by issuing a ping test and check the +## content of a response from a web server. Up to three pings are sent and +## connection to a port and an application level network check is performed. +# +# check host myserver with address 192.168.1.1 +# if failed icmp type echo count 3 with timeout 3 seconds then alert +# if failed port 3306 protocol mysql with timeout 15 seconds then alert +# if failed url http://user:password@192.168.1.1:8080/?querystring +# and content == 'action="j_security_check"' +# then alert +# +# +############################################################################### +## Includes +############################################################################### +## +## It is possible to include additional configuration parts from other files or +## directories. +# + +include <%= @include_path %> -include /etc/monit/conf.d/*.conf diff --git a/templates/fedora/monitrc.erb b/templates/fedora/monitrc.erb new file mode 100644 index 0000000..5b354fb --- /dev/null +++ b/templates/fedora/monitrc.erb @@ -0,0 +1,242 @@ +############################################################################### +## Monit control file. CHEF HANDLED!!! +############################################################################### +## +## Comments begin with a '#' and extend through the end of the line. Keywords +## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. +## +## Below you will find examples of some frequently used statements. For +## information about the control file and a complete list of statements and +## options, please have a look in the Monit manual. +## +## +############################################################################### +## Global section +############################################################################### +## +## Start Monit in the background (run as a daemon): +# +set daemon <%= @node[:monit][:poll_period] %> # check services at 2-minute intervals +# # default Monit check immediately after Monit start) +# +# +## Set syslog logging with the 'daemon' facility. If the FACILITY option is +## omitted, Monit will use 'user' facility by default. If you want to log to +## a standalone log file instead, specify the full path to the log file +# +set logfile syslog facility log_daemon +# +# +### Set the location of the Monit id file which stores the unique id for the +### Monit instance. The id is generated and stored on first Monit start. By +### default the file is placed in $HOME/.monit.id. +# +# set idfile /var/.monit.id +# +### Set the location of the Monit state file which saves monitoring states +### on each cycle. By default the file is placed in $HOME/.monit.state. If +### the state file is stored on a persistent filesystem, Monit will recover +### the monitoring state across reboots. If it is on temporary filesystem, the +### state will be lost on reboot which may be convenient in some situations. +# +# set statefile /var/.monit.state +# +## Set the list of mail servers for alert delivery. Multiple servers may be +## specified using a comma separator. By default Monit uses port 25 - it is +## possible to override this with the PORT option. +# +# set mailserver mail.bar.baz, # primary mailserver +# backup.bar.baz port 10025, # backup mailserver on port 10025 +# localhost # fallback relay +# +# +## By default Monit will drop alert events if no mail servers are available. +## If you want to keep the alerts for later delivery retry, you can use the +## EVENTQUEUE statement. The base directory where undelivered alerts will be +## stored is specified by the BASEDIR option. You can limit the maximal queue +## size using the SLOTS option (if omitted, the queue is limited by space +## available in the back end filesystem). +# +# set eventqueue +# basedir /var/monit # set the base directory where events will be stored +# slots 100 # optionally limit the queue size +# +# +## Send status and events to M/Monit (for more informations about M/Monit +## see http://mmonit.com/). +# +# set mmonit http://monit:monit@192.168.1.10:8080/collector +# +# +## Monit by default uses the following alert mail format: +## +## --8<-- +## From: monit@$HOST # sender +## Subject: monit alert -- $EVENT $SERVICE # subject +## +## $EVENT Service $SERVICE # +## # +## Date: $DATE # +## Action: $ACTION # +## Host: $HOST # body +## Description: $DESCRIPTION # +## # +## Your faithful employee, # +## Monit # +## --8<-- +## +## You can override this message format or parts of it, such as subject +## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. +## are expanded at runtime. For example, to override the sender, use: +# +set mail-format { + from: <%= @node[:monit][:mail_format][:from] %> + subject: <%= @node[:monit][:mail_format][:subject] %> + message: <%= @node[:monit][:mail_format][:message] %> +} +# +# +## You can set alert recipients whom will receive alerts if/when a +## service defined in this file has errors. Alerts may be restricted on +## events by using a filter as in the second example below. +# +# set alert sysadm@foo.bar # receive all alerts +# set alert manager@foo.bar only on { timeout } # receive just service- +# # timeout alert +# +# +## Monit has an embedded web server which can be used to view status of +## services monitored and manage services from a web interface. See the +## Monit Wiki if you want to enable SSL for the web server. +# +set httpd port 2812 and + use address localhost # only accept connection from localhost + allow localhost # allow localhost to connect to the server and +# allow admin:monit # require user 'admin' with password 'monit' +# allow @monit # allow users of group 'monit' to connect (rw) +# allow @users readonly # allow users of group 'users' to connect readonly +# +# +############################################################################### +## Services +############################################################################### +## +## Check general system resources such as load average, cpu and memory +## usage. Each test specifies a resource, conditions and the action to be +## performed should a test fail. +# +# check system myhost.mydomain.tld +# if loadavg (1min) > 4 then alert +# if loadavg (5min) > 2 then alert +# if memory usage > 75% then alert +# if cpu usage (user) > 70% then alert +# if cpu usage (system) > 30% then alert +# if cpu usage (wait) > 20% then alert +# +# +## Check a file for existence, checksum, permissions, uid and gid. In addition +## to alert recipients in the global section, customized alert can be sent to +## additional recipients by specifying a local alert handler. The service may +## be grouped using the GROUP option. More than one group can be specified by +## repeating the 'group name' statement. +# +# check file apache_bin with path /usr/local/apache/bin/httpd +# if failed checksum and +# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor +# if failed permission 755 then unmonitor +# if failed uid root then unmonitor +# if failed gid root then unmonitor +# alert security@foo.bar on { +# checksum, permission, uid, gid, unmonitor +# } with the mail-format { subject: Alarm! } +# group server +# +# +## Check that a process is running, in this case Apache, and that it respond +## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, +## and number of children. If the process is not running, Monit will restart +## it by default. In case the service is restarted very often and the +## problem remains, it is possible to disable monitoring using the TIMEOUT +## statement. This service depends on another service (apache_bin) which +## is defined above. +# +# check process apache with pidfile /usr/local/apache/logs/httpd.pid +# start program = "/etc/init.d/httpd start" with timeout 60 seconds +# stop program = "/etc/init.d/httpd stop" +# if cpu > 60% for 2 cycles then alert +# if cpu > 80% for 5 cycles then restart +# if totalmem > 200.0 MB for 5 cycles then restart +# if children > 250 then restart +# if loadavg(5min) greater than 10 for 8 cycles then stop +# if failed host www.tildeslash.com port 80 protocol http +# and request "/somefile.html" +# then restart +# if failed port 443 type tcpssl protocol http +# with timeout 15 seconds +# then restart +# if 3 restarts within 5 cycles then timeout +# depends on apache_bin +# group server +# +# +## Check filesystem permissions, uid, gid, space and inode usage. Other services, +## such as databases, may depend on this resource and an automatically graceful +## stop may be cascaded to them before the filesystem will become full and data +## lost. +# +# check filesystem datafs with path /dev/sdb1 +# start program = "/bin/mount /data" +# stop program = "/bin/umount /data" +# if failed permission 660 then unmonitor +# if failed uid root then unmonitor +# if failed gid disk then unmonitor +# if space usage > 80% for 5 times within 15 cycles then alert +# if space usage > 99% then stop +# if inode usage > 30000 then alert +# if inode usage > 99% then stop +# group server +# +# +## Check a file's timestamp. In this example, we test if a file is older +## than 15 minutes and assume something is wrong if its not updated. Also, +## if the file size exceed a given limit, execute a script +# +# check file database with path /data/mydatabase.db +# if failed permission 700 then alert +# if failed uid data then alert +# if failed gid data then alert +# if timestamp > 15 minutes then alert +# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba +# +# +## Check directory permission, uid and gid. An event is triggered if the +## directory does not belong to the user with uid 0 and gid 0. In addition, +## the permissions have to match the octal description of 755 (see chmod(1)). +# +# check directory bin with path /bin +# if failed permission 755 then unmonitor +# if failed uid 0 then unmonitor +# if failed gid 0 then unmonitor +# +# +## Check a remote host availability by issuing a ping test and check the +## content of a response from a web server. Up to three pings are sent and +## connection to a port and an application level network check is performed. +# +# check host myserver with address 192.168.1.1 +# if failed icmp type echo count 3 with timeout 3 seconds then alert +# if failed port 3306 protocol mysql with timeout 15 seconds then alert +# if failed url http://user:password@192.168.1.1:8080/?querystring +# and content == 'action="j_security_check"' +# then alert +# +# +############################################################################### +## Includes +############################################################################### +## +## It is possible to include additional configuration parts from other files or +## directories. +# + +include <%= @include_path %> diff --git a/templates/redhat/monitrc.erb b/templates/redhat/monitrc.erb new file mode 100644 index 0000000..5b354fb --- /dev/null +++ b/templates/redhat/monitrc.erb @@ -0,0 +1,242 @@ +############################################################################### +## Monit control file. CHEF HANDLED!!! +############################################################################### +## +## Comments begin with a '#' and extend through the end of the line. Keywords +## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'. +## +## Below you will find examples of some frequently used statements. For +## information about the control file and a complete list of statements and +## options, please have a look in the Monit manual. +## +## +############################################################################### +## Global section +############################################################################### +## +## Start Monit in the background (run as a daemon): +# +set daemon <%= @node[:monit][:poll_period] %> # check services at 2-minute intervals +# # default Monit check immediately after Monit start) +# +# +## Set syslog logging with the 'daemon' facility. If the FACILITY option is +## omitted, Monit will use 'user' facility by default. If you want to log to +## a standalone log file instead, specify the full path to the log file +# +set logfile syslog facility log_daemon +# +# +### Set the location of the Monit id file which stores the unique id for the +### Monit instance. The id is generated and stored on first Monit start. By +### default the file is placed in $HOME/.monit.id. +# +# set idfile /var/.monit.id +# +### Set the location of the Monit state file which saves monitoring states +### on each cycle. By default the file is placed in $HOME/.monit.state. If +### the state file is stored on a persistent filesystem, Monit will recover +### the monitoring state across reboots. If it is on temporary filesystem, the +### state will be lost on reboot which may be convenient in some situations. +# +# set statefile /var/.monit.state +# +## Set the list of mail servers for alert delivery. Multiple servers may be +## specified using a comma separator. By default Monit uses port 25 - it is +## possible to override this with the PORT option. +# +# set mailserver mail.bar.baz, # primary mailserver +# backup.bar.baz port 10025, # backup mailserver on port 10025 +# localhost # fallback relay +# +# +## By default Monit will drop alert events if no mail servers are available. +## If you want to keep the alerts for later delivery retry, you can use the +## EVENTQUEUE statement. The base directory where undelivered alerts will be +## stored is specified by the BASEDIR option. You can limit the maximal queue +## size using the SLOTS option (if omitted, the queue is limited by space +## available in the back end filesystem). +# +# set eventqueue +# basedir /var/monit # set the base directory where events will be stored +# slots 100 # optionally limit the queue size +# +# +## Send status and events to M/Monit (for more informations about M/Monit +## see http://mmonit.com/). +# +# set mmonit http://monit:monit@192.168.1.10:8080/collector +# +# +## Monit by default uses the following alert mail format: +## +## --8<-- +## From: monit@$HOST # sender +## Subject: monit alert -- $EVENT $SERVICE # subject +## +## $EVENT Service $SERVICE # +## # +## Date: $DATE # +## Action: $ACTION # +## Host: $HOST # body +## Description: $DESCRIPTION # +## # +## Your faithful employee, # +## Monit # +## --8<-- +## +## You can override this message format or parts of it, such as subject +## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc. +## are expanded at runtime. For example, to override the sender, use: +# +set mail-format { + from: <%= @node[:monit][:mail_format][:from] %> + subject: <%= @node[:monit][:mail_format][:subject] %> + message: <%= @node[:monit][:mail_format][:message] %> +} +# +# +## You can set alert recipients whom will receive alerts if/when a +## service defined in this file has errors. Alerts may be restricted on +## events by using a filter as in the second example below. +# +# set alert sysadm@foo.bar # receive all alerts +# set alert manager@foo.bar only on { timeout } # receive just service- +# # timeout alert +# +# +## Monit has an embedded web server which can be used to view status of +## services monitored and manage services from a web interface. See the +## Monit Wiki if you want to enable SSL for the web server. +# +set httpd port 2812 and + use address localhost # only accept connection from localhost + allow localhost # allow localhost to connect to the server and +# allow admin:monit # require user 'admin' with password 'monit' +# allow @monit # allow users of group 'monit' to connect (rw) +# allow @users readonly # allow users of group 'users' to connect readonly +# +# +############################################################################### +## Services +############################################################################### +## +## Check general system resources such as load average, cpu and memory +## usage. Each test specifies a resource, conditions and the action to be +## performed should a test fail. +# +# check system myhost.mydomain.tld +# if loadavg (1min) > 4 then alert +# if loadavg (5min) > 2 then alert +# if memory usage > 75% then alert +# if cpu usage (user) > 70% then alert +# if cpu usage (system) > 30% then alert +# if cpu usage (wait) > 20% then alert +# +# +## Check a file for existence, checksum, permissions, uid and gid. In addition +## to alert recipients in the global section, customized alert can be sent to +## additional recipients by specifying a local alert handler. The service may +## be grouped using the GROUP option. More than one group can be specified by +## repeating the 'group name' statement. +# +# check file apache_bin with path /usr/local/apache/bin/httpd +# if failed checksum and +# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor +# if failed permission 755 then unmonitor +# if failed uid root then unmonitor +# if failed gid root then unmonitor +# alert security@foo.bar on { +# checksum, permission, uid, gid, unmonitor +# } with the mail-format { subject: Alarm! } +# group server +# +# +## Check that a process is running, in this case Apache, and that it respond +## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory, +## and number of children. If the process is not running, Monit will restart +## it by default. In case the service is restarted very often and the +## problem remains, it is possible to disable monitoring using the TIMEOUT +## statement. This service depends on another service (apache_bin) which +## is defined above. +# +# check process apache with pidfile /usr/local/apache/logs/httpd.pid +# start program = "/etc/init.d/httpd start" with timeout 60 seconds +# stop program = "/etc/init.d/httpd stop" +# if cpu > 60% for 2 cycles then alert +# if cpu > 80% for 5 cycles then restart +# if totalmem > 200.0 MB for 5 cycles then restart +# if children > 250 then restart +# if loadavg(5min) greater than 10 for 8 cycles then stop +# if failed host www.tildeslash.com port 80 protocol http +# and request "/somefile.html" +# then restart +# if failed port 443 type tcpssl protocol http +# with timeout 15 seconds +# then restart +# if 3 restarts within 5 cycles then timeout +# depends on apache_bin +# group server +# +# +## Check filesystem permissions, uid, gid, space and inode usage. Other services, +## such as databases, may depend on this resource and an automatically graceful +## stop may be cascaded to them before the filesystem will become full and data +## lost. +# +# check filesystem datafs with path /dev/sdb1 +# start program = "/bin/mount /data" +# stop program = "/bin/umount /data" +# if failed permission 660 then unmonitor +# if failed uid root then unmonitor +# if failed gid disk then unmonitor +# if space usage > 80% for 5 times within 15 cycles then alert +# if space usage > 99% then stop +# if inode usage > 30000 then alert +# if inode usage > 99% then stop +# group server +# +# +## Check a file's timestamp. In this example, we test if a file is older +## than 15 minutes and assume something is wrong if its not updated. Also, +## if the file size exceed a given limit, execute a script +# +# check file database with path /data/mydatabase.db +# if failed permission 700 then alert +# if failed uid data then alert +# if failed gid data then alert +# if timestamp > 15 minutes then alert +# if size > 100 MB then exec "/my/cleanup/script" as uid dba and gid dba +# +# +## Check directory permission, uid and gid. An event is triggered if the +## directory does not belong to the user with uid 0 and gid 0. In addition, +## the permissions have to match the octal description of 755 (see chmod(1)). +# +# check directory bin with path /bin +# if failed permission 755 then unmonitor +# if failed uid 0 then unmonitor +# if failed gid 0 then unmonitor +# +# +## Check a remote host availability by issuing a ping test and check the +## content of a response from a web server. Up to three pings are sent and +## connection to a port and an application level network check is performed. +# +# check host myserver with address 192.168.1.1 +# if failed icmp type echo count 3 with timeout 3 seconds then alert +# if failed port 3306 protocol mysql with timeout 15 seconds then alert +# if failed url http://user:password@192.168.1.1:8080/?querystring +# and content == 'action="j_security_check"' +# then alert +# +# +############################################################################### +## Includes +############################################################################### +## +## It is possible to include additional configuration parts from other files or +## directories. +# + +include <%= @include_path %>