diff --git a/monit/generate.py b/monit/generate.py new file mode 100755 index 00000000..02bb4f90 --- /dev/null +++ b/monit/generate.py @@ -0,0 +1,465 @@ +#! /usr/bin/env python +# -*- coding:iso-8859-15 -*- + +""" +ToDo : +------ +Revoir les scripts pour nut/upsmonitor +Ajouter les ports tcp/udp quand il y en a +""" + +debug = 0 + +import sre +import sys, os + +# on récupère le hostname +if debug : print 'DEBUG : Lecture de l\'hote' +host = open('/etc/hostname').readline().strip() + +# fonctions utiles +################## + +def file_monitrc(hostname = host) : + """ + Retourne la configuration de la machine + """ + config = "" + + # headers + if True : + config += '# Configuration de monit sur %s générée par /usr/scripts/monit/generate.py\n' % hostname + config += '\n' + + config += 'set daemon 60\n' + config += '\n' + + config += 'set mailserver localhost, smtp.crans.org\n' + config += '\n' + + config += 'set alert roots@crans.org { uid gid size nonexist data icmp invalid exec timeout resource checksum timestamp connection permission }\n' # changed + config += '\n' + + config += 'set httpd port 2812\n' + config += ' use address %s.adm.crans.org\n' % hostname + config += ' use address localhost\n' + config += ' allow proxy.adm.crans.org\n' + config += ' allow localhost\n' + config += ' allow crans:crans read-only\n' + config += '\n' + + config += 'set mail-format {\n' + config += 'from: roots@crans.org\n' + config += 'subject: Monit %s - $SERVICE : $EVENT\n' % hostname + config += 'message: Monit $ACTION $SERVICE at $DATE on $HOST.\n' + config += '-- \n' + config += 'Monit\n' + config += '}\n' + config += '\n' + + # disques + if True : + + fstab = open("/etc/fstab") + + for line in fstab.readlines() : + # on supprime les espaces + line = line.strip().replace('\t',' ') + + # on saute les lignes inintérassantes + if not line : + continue + if line[0] == "#" : + continue + + # on découpe la ligne + line = sre.split(' *',line) + + # on saute si c'est une partition non montée au démarrage + if "noauto" in line[3].split(",") : + continue + + # on saute si c'est une partition bind + if "bind" in line[3].split(",") : + continue + + # on saute les système pas intéressants + if line[2] in ['swap','proc','tmpfs'] : + continue + + # on saute le nfs + if ':' in line[0] : + continue + + # on ajoute les lignes + config += '# partition %s\n' % line[1] + config += 'check device fs%s with path %s\n' % (line[1], line[0]) + + if '/dev/mapper/' in line[0] : + config += ' if failed permission 600 then alert\n' + config += ' if failed uid root then alert\n' + config += ' if failed gid root then alert\n' + else : + config += ' if failed permission 660 then alert\n' + config += ' if failed uid root then alert\n' + config += ' if failed gid disk then alert\n' + + # place sur ls disques + if (hostname,line[1]) in [('sila','/var/spool/squid1'),('sila','/var/spool/squid2')] : + continue + elif (hostname,line[1]) in [('egon','/pubftp')] : + config += ' if space usage > 95% then alert\n' + elif (hostname,line[1]) in [('sila','/var/log/squid')] : + config += ' if space usage > 90% then alert\n' + else : + config += ' if space usage > 80% then alert\n' + + # inodes pour les disques + if line[2] != 'reiserfs' : + config += ' if inode usage > 80% then alert\n' + + config += ' mode passive\n' + config += '\n' + + # apache SSL + if hostname in ['egon'] : + config += '# apache-ssl\n' + config += 'check process apache-ssl with pidfile /var/run/apache-ssl.pid\n' + config += ' start program = "/etc/init.d/apache-ssl start"\n' + config += ' stop program = "/etc/init.d/apache-ssl stop"\n' + config += ' if failed host localhost port 80 protocol http then restart\n' + #config += ' if failed host %s port 80 protocol http then restart\n' % hostname + #config += ' if failed host localhost port 443 type tcpssl protocol http then restart\n' + #config += ' if failed host %s port 80 protocol http then restart\n' % hostname + config += ' if cpu is greater than 60% for 2 cycles then alert\n' + config += ' if cpu > 80% for 5 cycles then restart\n' + #config += ' if totalmem > 200.0 MB for 5 cycles then restart\n' + config += ' if children > 250 then restart\n' + config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n' + config += ' if 3 restarts within 5 cycles then timeout\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # apache 2 + if hostname in ['zamok','pegase'] : + config += '# apache2\n' + config += 'check process apache2 with pidfile /var/run/apache2.pid\n' + config += ' start program = "/etc/init.d/apache2 start"\n' + config += ' stop program = "/etc/init.d/apache2 stop"\n' + if hostname == 'pegase' : + config += ' if failed host localhost port 443 type tcpssl protocol http timeout 15 seconds then restart\n' + else : + config += ' if failed host localhost port 80 protocol http timeout 15 seconds then restart\n' + config += ' if failed host localhost port 443 type tcpssl protocol http then restart\n' + config += ' if cpu is greater than 60% for 2 cycles then alert\n' + config += ' if cpu > 80% for 5 cycles then restart\n' + #config += ' if totalmem > 500.0 MB for 5 cycles then restart\n' + config += ' if children > 250 then restart\n' + config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n' + config += ' if 3 restarts within 5 cycles then timeout\n' + config += '\n' + + + # at + if True : + config += '# at\n' + config += 'check process at with pidfile /var/run/atd.pid\n' + config += ' start program = "/etc/init.d/atd start"\n' + config += ' stop program = "/etc/init.d/atd stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # backuppc + if hostname in ['pegase'] : + config += '# backuppc\n' + config += 'check process backuppc with pidfile /var/lib/backuppc/log/BackupPC.pid\n' + config += ' start program = "/etc/init.d/backuppc start"\n' + config += ' stop program = "/etc/init.d/backuppc stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # cups + if hostname in ['zamok'] : + config += '# cups\n' + config += 'check process cups with pidfile /var/run/cups/cupsd.pid\n' + config += ' start program = "/etc/init.d/cupsys start"\n' + config += ' stop program = "/etc/init.d/cupsys stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # cron + if True : + config += '# cron\n' + config += 'check process cron with pidfile /var/run/crond.pid\n' + config += ' start program = "/etc/init.d/cron start"\n' + config += ' stop program = "/etc/init.d/cron stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + + # freeradius + if hostname in ['zamok','pegase'] : + config += '# freeradius\n' + config += 'check process freeradius with pidfile /var/run/freeradius/freeradius.pid\n' + config += ' start program = "/etc/init.d/freeradius start"\n' + config += ' stop program = "/etc/init.d/freeradius stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # inn + if hostname in ['rouge'] : + config += '# inn\n' + config += 'check process inn with pidfile /var/run/news/innd.pid\n' + config += ' start program = "/etc/init.d/inn2 start"\n' + config += ' stop program = "/etc/init.d/inn2 stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # mailman + if hostname in ['rouge'] : + config += '# mailman\n' + config += 'check process mailman with pidfile /var/run/mailman/mailman.pid\n' + config += ' start program = "/etc/init.d/mailman start"\n' + config += ' stop program = "/etc/init.d/mailman stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # munin-node + if True : + config += '# munin-node\n' + config += 'check process munin-node with pidfile /var/run/munin/munin-node.pid\n' + config += ' start program = "/etc/init.d/munin-node start"\n' + config += ' stop program = "/etc/init.d/munin-node stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # mysql + if hostname in ['zamok'] : + config += '# mysql\n' + config += 'check process mysql with pidfile /var/run/mysqld/mysqld.pid\n' + config += ' start program = "/etc/init.d/mysql start"\n' + config += ' stop program = "/etc/init.d/mysql stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # nscd + if True : + config += '# nscd\n' + config += 'check process nscd with pidfile /var/run/nscd.pid\n' + config += ' start program = "/etc/init.d/nscd start"\n' + config += ' stop program = "/etc/init.d/nscd stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # nut - upsmonitor + if hostname in ['zamok','vert','sila','komaz','rouge','ultra-adsl'] : + config += '# nut\n' + config += 'check process nut with pidfile /var/run/nut/upsmon.pid\n' + config += ' start program = "/etc/init.d/ups-monitor start"\n' + config += ' stop program = "/etc/init.d/ups-monitor stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # openntp / pas de pidfile, on peut pas monitorer + if False : + config += '# openntp\n' + config += 'check process ntpd\n' + config += ' start program = "/etc/init.d/openntpd start"\n' + config += ' stop program = "/etc/init.d/openntpd stop"\n' + config += ' if failed host 127.0.0.1 port 123 type udp then restart\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # postfix + if True : + config += '# postfix\n' + config += 'check process postfix with pidfile /var/spool/postfix/pid/master.pid\n' + config += ' start program = "/etc/init.d/postfix start"\n' + config += ' stop program = "/etc/init.d/postfix stop"\n' + config += ' if failed port 25 protocol smtp timeout 15 seconds then restart\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # postgresql + if hostname in ['rouge','komaz'] : + config += '# postgresql\n' + config += 'check process postgresql with pidfile /var/lib/postgres/data/postmaster.pid\n' + config += ' start program = "/etc/init.d/postgresql start"\n' + config += ' stop program = "/etc/init.d/postgresql stop"\n' + config += ' if failed port 5432 then restart\n' + # config += ' if failed unixsocket /var/run/postgresql then restart\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # privoxy + if hostname in ['sila'] : + config += '# privoxy\n' + config += 'check process privoxy with pidfile /var/run/privoxy.pid\n' + config += ' start program = "/etc/init.d/privoxy start"\n' + config += ' stop program = "/etc/init.d/privoxy stop"\n' + config += ' if failed host %s.crans.org port 8118 then restart\n' % hostname + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # proftpd + if hostname in ['pegase'] : + config += '# proftpd\n' + config += 'check process proftpd with pidfile /var/run/proftpd.pid\n' + config += ' start program = "/etc/init.d/proftpd start"\n' + config += ' stop program = "/etc/init.d/proftpd stop"\n' + config += ' if failed port 21 protocol ftp then restart\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # slapd + if hostname in ['pegase','sila','vert'] : + config += '# slapd\n' + config += 'check process slapd with pidfile /var/run/slapd/slapd.pid\n' + config += ' start program = "/etc/init.d/slapd start"\n' + config += ' stop program = "/etc/init.d/slapd stop"\n' + config += ' if failed host localhost port 389 protocol ldap3 then restart\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # spamd + if hostname in ['zamok','rouge'] : + config += '# spamd\n' + config += 'check process spamd with pidfile /var/run/spamd.pid\n' + config += ' start program = "/etc/init.d/spamassassin start"\n' + config += ' stop program = "/etc/init.d/spamassassin stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # sqlgrey + if hostname in ['zamok','rouge','ultra-adsl'] : + config += '# sqlgrey\n' + config += 'check process sqlgrey with pidfile /var/run/sqlgrey.pid\n' + config += ' start program = "/etc/init.d/sqlgrey start"\n' + config += ' stop program = "/etc/init.d/sqlgrey stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # squid + #if hostname in ['sila'] : + # config += '# squid\n' + # config += 'check process squid with pidfile /var/run/squid.pid\n' + # config += ' start program = "/etc/init.d/squid start"\n' + # config += ' stop program = "/etc/init.d/squid stop"\n' + # config += ' if failed host %s.crans.org port 3128 then restart\n' % hostname + # config += ' if 5 restarts within 15 cycles then timeout\n' + # config += '\n' + + # ssh + if True : + config += '# ssh\n' + config += 'check process ssh with pidfile /var/run/sshd.pid\n' + config += ' start program = "/etc/init.d/ssh start"\n' + config += ' stop program = "/etc/init.d/ssh stop"\n' + config += ' if failed port 22 protocol ssh then restart\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # syslog-ng + if hostname not in ['ultra-adsl'] : + config += '# syslog-ng\n' + config += 'check process syslog-ng with pidfile /var/run/syslog-ng.pid\n' + config += ' start program = "/etc/init.d/syslog-ng start"\n' + config += ' stop program = "/etc/init.d/syslog-ng stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += ' depend on file/var/log/messages\n' + config += '\n' + config += 'check file file/var/log/messages with path /var/log/messages\n' + config += ' if timestamp > 15 minutes then alert\n' + config += '\n' + + # sysklogd + if hostname in ['ultra-adsl'] : + config += '# syslogd\n' + config += 'check process syslogd with pidfile /var/run/syslogd.pid\n' + config += ' start program = "/etc/init.d/sysklogd start"\n' + config += ' stop program = "/etc/init.d/sysklogd stop"\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # tinyproxy + if hostname in ['ultra-adsl'] : + config += '# tinyproxy\n' + config += 'check process tinyproxy with pidfile /var/run/tinyproxy.pid\n' + config += ' start program = "/etc/init.d/tinyproxy start"\n' + config += ' stop program = "/etc/init.d/tinyproxy stop"\n' + config += ' if failed host %s.crans.org port 3128 then restart\n' % hostname + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + # vsftpd + if hostname in ['sila'] : + config += '# vsftpd\n' + config += 'check process vsftpd with pidfile /var/run/vsftpd/vsftpd.pid\n' + config += ' start program = "/etc/init.d/vsftpd start"\n' + config += ' stop program = "/etc/init.d/vsftpd stop"\n' + config += ' if failed port 21 protocol ftp then restart\n' + config += ' if 5 restarts within 5 cycles then timeout\n' + config += '\n' + + return config + +if debug : print 'DEBUG : Fin de la création de la fonction file_monitrc' + +if debug : print 'DEBUG : Création de la fonction file_default' + +def file_default (hostname = host) : + config = '# Configuration de monit sur %s\n' % hostname + config += '# généré par monit.py\n' + config += '\n' + config += '# on lance monit au démarage\n' + config += 'startup=1\n' + config += '\n' + config += '# intervale de vérification\n' + config += 'CHECK_INTERVALS=60\n' + + return config + +if debug : print 'DEBUG : Fin de la création de la fonction file_default' + +# corps du programme +#################### + +# vérification de l'uid +#if debug : 'DEBUG : Vérification de l\'uid' +if os.getuid() : + print 'Il faut être root !' + sys.exit(1) + +if len(sys.argv) <= 1 : + commit = 'Mise à jour' +else : + commit = sys.argv[1] + +# le fichier de cron +f = open('/etc/cron.d/monit','w') +f.write('* * * * * root /usr/sbin/monit status > /usr/scripts/monit/status/%s\n' % host) +f.close() + +# génération du monitrc +if debug : print 'DEBUG : Ouverture de monitrc' +f = open('/etc/monit/monitrc','w') +if debug : print 'DEBUG : Ecriture de monitrc' +f.write(file_monitrc()) +if debug : print 'DEBUG : Fermeture de monitrc' +f.close() +if debug : print 'DEBUG : Commit de monitrc' +#os.system('cvs commit -m "%s" /etc/monit/monitrc' % commit ) + +# génération du default +if debug : print 'DEBUG : Ouverture de default/monit' +f = open('/etc/default/monit','w') +if debug : print 'DEBUG : Ecriture de default/monit' +f.write(file_default()) +if debug : print 'DEBUG : Fermeture de default/monit' +f.close() +if debug : print 'DEBUG : Commit de default/monit' +#os.system('cvs commit -m "%s" /etc/default/monit' % commit ) + +os.system('/etc/init.d/monit restart') + +if debug : print 'DEBUG : Sortie du programme'