Commit b87d6fbe authored by mh's avatar mh
Browse files

make this module also work on centos

parent 11e5d884
......@@ -36,12 +36,6 @@ class monit::base {
force => true,
mode => '0700';
'/etc/monit/monitrc':
content => template('monit/monitrc.erb');
}
# A template configuration snippet. It needs to be included,
# since monit's "include" statement cannot handle an empty directory.
monit::snippet{ 'monit_template':
source => 'puppet:///modules/monit/template.monitrc',
content => template("monit/monitrc.${::operatingsystem}.erb");
}
}
# centos specific configuration
class monit::centos inherits monit::base {
File['/etc/monit/monitrc'] {
path => '/etc/monit.conf'
}
file{"/etc/monit.d/logging":
content => '# log to monit.log
set logfile /var/log/monit
',
owner => root,
group => 0,
mode => '0644',
require => Package['monit'],
notify => Service['monit'],
}
}
\ No newline at end of file
......@@ -37,7 +37,7 @@ define monit::check::process(
$stop_extras = '',
$customlines = ''
) {
file {"/etc/monit/conf.d/${name}.monitrc":
file {"${monit::base_config_path}/${name}.monitrc":
ensure => $ensure,
owner => 'root',
group => 0,
......
......@@ -6,4 +6,10 @@ class monit::debian inherits monit::base {
content => "startup=1\nCHECK_INTERVALS=${monit::pool_interval}\n",
notify => Service['monit']
}
# A template configuration snippet. It needs to be included,
# since monit's "include" statement cannot handle an empty directory.
monit::snippet{ 'monit_template':
source => 'puppet:///modules/monit/template.monitrc',
}
}
......@@ -17,7 +17,15 @@
# The following is a list of the currently available parameters:
#
# alert: Who should get the email notifications?
# Default: root@localhost
# Example: root@localhost
# Default: 'absent'
#
# mailserver: Where should monit be sending mail?
# Set this to your mailserver
# Monit will disable alert notification if no mailserver is
# present.
# Example: 'localhost'
# Default: 'absent'
#
# enable_httpd: Should the httpd daemon be enabled?
# Set this to 'yes' to enable it, be sure
......@@ -28,11 +36,6 @@
# httpd_port: What port should the httpd run on?
# Default: 2812
#
#
# mailserver: Where should monit be sending mail?
# Set this to your mailserver
# Default: localhost
#
# pool_interval: How often (in seconds) should monit poll?
# Default: 120
#
......@@ -43,17 +46,22 @@
#
class monit(
$secret = 'This is not very secret, is it?',
$alert = 'root@localhost',
$alert = 'absent',
$mailserver = 'absent',
$pool_interval = '120',
$enable_httpd = 'no',
$httpd_port = 2812,
$mailserver = 'localhost'
$httpd_port = 2812
){
if $secret == 'This is not very secret, is it?' and $enable_httpd == 'yes' {
fail('You should set a different secret if you want to use the httpd!')
}
case $operatingsystem {
$base_config_path = $::operatingsystem ? {
centos => '/etc/monit.d',
default => '/etc/monit/conf.d'
}
case $::operatingsystem {
debian,ubuntu: { include monit::debian }
default: { include monit::base }
}
......
......@@ -19,7 +19,7 @@ define monit::snippet(
$content = undef
){
file {
"/etc/monit/conf.d/${name}.monitrc":
"${monit::base_config_path}/${name}.monitrc":
ensure => $ensure,
owner => 'root',
group => 0,
......@@ -27,17 +27,17 @@ define monit::snippet(
notify => Service['monit'],
}
if $content {
File["/etc/monit/conf.d/${name}.monitrc"]{
File["${monit::base_config_path}}/${name}.monitrc"]{
content => $content
}
}
if $target {
File["/etc/monit/conf.d/${name}.monitrc"]{
File["${monit::base_config_path}}/${name}.monitrc"]{
target => $target
}
}
if $source {
File["/etc/monit/conf.d/${name}.monitrc"]{
File["${monit::base_config_path}}/${name}.monitrc"]{
source => $source
}
}
......
###############################################################################
## Monit control file
###############################################################################
##
## Comments begin with a '#' and extend through the end of the line. Keywords
## are case insensitive. All path's MUST BE FULLY QUALIFIED, starting with '/'.
##
## Below you will find examples of some frequently used statements. For
## information about the control file, a complete list of statements and
## options please have a look in the monit manual.
##
##
###############################################################################
## Global section
###############################################################################
##
## Start monit in the background (run as a daemon) and check services at
## 2-minute intervals.
#
# set daemon 120
#
#
## Set syslog logging with the 'daemon' facility. If the FACILITY option is
## omitted, monit will use 'user' facility by default. If you want to log to
## a stand alone log file instead, specify the path to a log file
#
# set logfile syslog facility log_daemon
#
#
## Set the list of mail servers for alert delivery. Multiple servers may be
## specified using comma separator. By default monit uses port 25 - this
## is possible to override with the PORT option.
#
# set mailserver mail.bar.baz, # primary mailserver
# backup.bar.baz port 10025, # backup mailserver on port 10025
# localhost # fallback relay
#
#
## By default monit will drop alert events if no mail servers are available.
## If you want to keep the alerts for a later delivery retry, you can use the
## EVENTQUEUE statement. The base directory where undelivered alerts will be
## stored is specified by the BASEDIR option. You can limit the maximal queue
## size using the SLOTS option (if omitted, the queue is limited by space
## available in the back end filesystem).
#
# set eventqueue
# basedir /var/monit # set the base directory where events will be stored
# slots 100 # optionaly limit the queue size
#
#
## Monit by default uses the following alert mail format:
##
## --8<--
## From: monit@$HOST # sender
## Subject: monit alert -- $EVENT $SERVICE # subject
##
## $EVENT Service $SERVICE #
## #
## Date: $DATE #
## Action: $ACTION #
## Host: $HOST # body
## Description: $DESCRIPTION #
## #
## Your faithful employee, #
## monit #
## --8<--
##
## You can override this message format or parts of it, such as subject
## or sender using the MAIL-FORMAT statement. Macros such as $DATE, etc.
## are expanded at runtime. For example, to override the sender:
#
# set mail-format { from: monit@foo.bar }
#
#
## You can set alert recipients here whom will receive alerts if/when a
## service defined in this file has errors. Alerts may be restricted on
## events by using a filter as in the second example below.
#
# set alert sysadm@foo.bar # receive all alerts
# set alert manager@foo.bar only on { timeout } # receive just service-
# # timeout alert
#
#
## Monit has an embedded web server which can be used to view status of
## services monitored, the current configuration, actual services parameters
## and manage services from a web interface.
#
# set httpd port 2812 and
# use address localhost # only accept connection from localhost
# allow localhost # allow localhost to connect to the server and
# allow admin:monit # require user 'admin' with password 'monit'
#
#
###############################################################################
## Services
###############################################################################
##
## Check general system resources such as load average, cpu and memory
## usage. Each test specifies a resource, conditions and the action to be
## performed should a test fail.
#
# check system myhost.mydomain.tld
# if loadavg (1min) > 4 then alert
# if loadavg (5min) > 2 then alert
# if memory usage > 75% then alert
# if cpu usage (user) > 70% then alert
# if cpu usage (system) > 30% then alert
# if cpu usage (wait) > 20% then alert
#
#
## Check a file for existence, checksum, permissions, uid and gid. In addition
## to alert recipients in the global section, customized alert will be sent to
## additional recipients by specifying a local alert handler. The service may
## be grouped using the GROUP option.
#
# check file apache_bin with path /usr/local/apache/bin/httpd
# if failed checksum and
# expect the sum 8f7f419955cefa0b33a2ba316cba3659 then unmonitor
# if failed permission 755 then unmonitor
# if failed uid root then unmonitor
# if failed gid root then unmonitor
# alert security@foo.bar on {
# checksum, permission, uid, gid, unmonitor
# } with the mail-format { subject: Alarm! }
# group server
#
#
## Check that a process is running, in this case Apache, and that it respond
## to HTTP and HTTPS requests. Check its resource usage such as cpu and memory,
## and number of children. If the process is not running, monit will restart
## it by default. In case the service was restarted very often and the
## problem remains, it is possible to disable monitoring using the TIMEOUT
## statement. This service depends on another service (apache_bin) which
## is defined above.
#
# check process apache with pidfile /usr/local/apache/logs/httpd.pid
# start program = "/etc/init.d/httpd start"
# stop program = "/etc/init.d/httpd stop"
# if cpu > 60% for 2 cycles then alert
# if cpu > 80% for 5 cycles then restart
# if totalmem > 200.0 MB for 5 cycles then restart
# if children > 250 then restart
# if loadavg(5min) greater than 10 for 8 cycles then stop
# if failed host www.tildeslash.com port 80 protocol http
# and request "/monit/doc/next.php"
# then restart
# if failed port 443 type tcpssl protocol http
# with timeout 15 seconds
# then restart
# if 3 restarts within 5 cycles then timeout
# depends on apache_bin
# group server
#
#
## Check device permissions, uid, gid, space and inode usage. Other services,
## such as databases, may depend on this resource and an automatically graceful
## stop may be cascaded to them before the filesystem will become full and data
## lost.
#
# check device datafs with path /dev/sdb1
# start program = "/bin/mount /data"
# stop program = "/bin/umount /data"
# if failed permission 660 then unmonitor
# if failed uid root then unmonitor
# if failed gid disk then unmonitor
# if space usage > 80% for 5 times within 15 cycles then alert
# if space usage > 99% then stop
# if inode usage > 30000 then alert
# if inode usage > 99% then stop
# group server
#
#
## Check a file's timestamp. In this example, we test if a file is older
## than 15 minutes and assume something is wrong if its not updated. Also,
## if the file size exceed a given limit, execute a script
#
# check file database with path /data/mydatabase.db
# if failed permission 700 then alert
# if failed uid data then alert
# if failed gid data then alert
# if timestamp > 15 minutes then alert
# if size > 100 MB then exec "/my/cleanup/script"
#
#
## Check directory permission, uid and gid. An event is triggered if the
## directory does not belong to the user with uid 0 and gid 0. In addition,
## the permissions have to match the octal description of 755 (see chmod(1)).
#
# check directory bin with path /bin
# if failed permission 755 then unmonitor
# if failed uid 0 then unmonitor
# if failed gid 0 then unmonitor
#
#
## Check a remote host network services availability using a ping test and
## check response content from a web server. Up to three pings are sent and
## connection to a port and a application level network check is performed.
#
# check host myserver with address 192.168.1.1
# if failed icmp type echo count 3 with timeout 3 seconds then alert
# if failed port 3306 protocol mysql with timeout 15 seconds then alert
# if failed url
# http://user:password@www.foo.bar:8080/?querystring
# and content == 'action="j_security_check"'
# then alert
#
#
###############################################################################
## Includes
###############################################################################
##
## It is possible to include additional configuration parts from other files or
## directories.
#
# include /etc/monit.d/*
#
#
<% unless scope.scope.lookupvar('monit::alert') == 'absent' -%>
set alert <%= scope.scope.lookupvar('monit::alert') %>
<% end %>
<% unless monit::mailserver == 'absent' -%>
set mailserver <%= scope.scope.lookupvar('monit::mailserver') %>
<% end -%>
<% if scope.scope.lookupvar('monit::enable_httpd') == 'yes' -%>
set httpd port <%= scope.scope.lookupvar('monit::httpd_port') %> and use address localhost
allow localhost
<%
require 'digest/sha1'
s=scope.scope.lookupvar('monit::secret')
-%>
allow monit:<%= Digest::SHA1.hexdigest(s + Digest::SHA1.hexdigest(s + fqdn)) %>
<% end -%>
# set daemon mode timeout to 1 minute
set daemon <%= scope.scope.lookupvar('monit::pool_interval') %>
# Include all files from /etc/monit.d/
include /etc/monit.d/*
\ No newline at end of file
......@@ -3,8 +3,14 @@
# This file is handled by puppet, any local changes will be lost
#
<% unless scope.scope.lookupvar('monit::alert') == 'absent' -%>
set alert <%= scope.scope.lookupvar('monit::alert') %>
<% end %>
<% unless monit::mailserver == 'absent' -%>
set mailserver <%= scope.scope.lookupvar('monit::mailserver') %>
<% end -%>
<% if scope.scope.lookupvar('monit::enable_httpd') == 'yes' -%>
set httpd port <%= scope.scope.lookupvar('monit::httpd_port') %> and use address localhost
allow localhost
......@@ -17,7 +23,6 @@ s=scope.scope.lookupvar('monit::secret')
set daemon <%= scope.scope.lookupvar('monit::pool_interval') %>
set logfile syslog facility log_daemon
set mailserver <%= scope.scope.lookupvar('monit::mailserver') %>
# Include settings from other files
include /etc/monit/conf.d/*.monitrc
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment