crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
scripts/monit/generate.py
bernat e6a9eda00b monit sous Open ne semble pas arriver se connecter en TCP... 
darcs-hash:20060307102423-d1718-19b842d13a83376fdf1239a82b3a5d0e32b135c4.gz
2006-03-07 11:24:23 +01:00

572 lines
23 KiB
Python
Executable file
Raw Blame History

#! /usr/bin/env python
# -*- coding:iso-8859-15 -*-
import sre
import sys, os, time
import commands
# on récupère le hostname
host = commands.getoutput("hostname").split('.')[0]
# est ce que c'est un systeme bsd
if host in ['ragnarok'] :
bsd = True
else :
bsd = False
# fonctions utiles
##################
def file_monitrc(hostname = host) :
"""
Retourne la configuration de la machine
"""
config = ""
timeout = "timeout 30 seconds"
# headers
if True :
config += '# Configuration de monit sur %s générée par /usr/scripts/monit/generate.py\n' % hostname
config += '\n'
config += 'set daemon 60\n'
config += '\n'
config += 'set mailserver localhost, smtp.crans.org\n'
config += '\n'
if bsd :
config += 'set alert chove@crans.org { uid gid size timeout resource checksum timestamp connection permission }\n' # changed
else :
config += 'set alert roots@crans.org { uid gid size nonexist data icmp invalid exec timeout resource checksum timestamp connection permission }\n' # changed
config += '\n'
config += 'set httpd port 2812\n'
config += ' use address %s.adm.crans.org\n' % hostname
config += ' use address localhost\n'
config += ' allow proxy.adm.crans.org\n'
config += ' allow localhost\n'
config += ' allow crans:crans read-only\n'
config += '\n'
config += 'set mail-format {\n'
config += 'from: roots@crans.org\n'
config += 'subject: Monit %s - $SERVICE : $EVENT\n' % hostname
config += 'message: Monit $ACTION $SERVICE at $DATE on $HOST.\n'
config += '-- \n'
config += 'Monit\n'
config += '}\n'
config += '\n'
# disques
if True :
fstab = open("/etc/fstab")
for line in fstab.readlines() :
# on supprime les espaces
line = line.strip().replace('\t',' ')
# on saute les lignes inintérassantes
if not line :
continue
if line[0] == "#" :
continue
# on découpe la ligne
line = sre.split(' *',line)
# on saute si c'est une partition non montée au démarrage
if "noauto" in line[3].split(",") :
continue
# on saute si c'est une partition bind
if "bind" in line[3].split(",") :
continue
# on saute les système pas intéressants
if line[2] in ['swap','proc','tmpfs'] :
continue
# on saute le nfs
if ':' in line[0] :
continue
# on ajoute les lignes de configuration générale
config += '# partition %s\n' % line[1]
config += 'check device fs%s with path %s\n' % (line[1], line[0])
if '/dev/mapper/' in line[0] :
config += ' if failed permission 600 then alert\n'
config += ' if failed uid root then alert\n'
config += ' if failed gid root then alert\n'
else :
# droits
if bsd :
config += ' if failed permission 640 then alert\n'
else :
config += ' if failed permission 660 then alert\n'
# proprio
config += ' if failed uid root then alert\n'
# groupe
if bsd :
config += ' if failed gid operator then alert\n'
else :
config += ' if failed gid disk then alert\n'
# place sur les disques
if (hostname,line[1]) in [('sila','/var/spool/squid1'),('sila','/var/spool/squid2')] :
continue
elif (hostname,line[1]) in [('egon','/pubftp')] :
config += ' if space usage > 95% then alert\n'
elif (hostname,line[1]) in [('sila','/var/log/squid')] :
config += ' if space usage > 90% then alert\n'
else :
config += ' if space usage > 80% then alert\n'
# inodes pour les disques
if line[2] != 'reiserfs' :
config += ' if inode usage > 80% then alert\n'
config += ' mode passive\n'
config += '\n'
# apache SSL
if hostname in ['egon'] :
config += '# apache-ssl\n'
config += 'check process apache-ssl with pidfile /var/run/apache-ssl.pid\n'
config += ' start program = "/etc/init.d/apache-ssl start"\n'
config += ' stop program = "/etc/init.d/apache-ssl stop"\n'
config += ' if failed host localhost port 80 protocol http %s then restart\n' % timeout
#config += ' if failed host %s port 80 protocol http then restart\n' % hostname
#config += ' if failed host localhost port 443 type tcpssl protocol http then restart\n'
#config += ' if failed host %s port 80 protocol http then restart\n' % hostname
config += ' if cpu is greater than 60% for 2 cycles then alert\n'
config += ' if cpu > 80% for 5 cycles then restart\n'
#config += ' if totalmem > 200.0 MB for 5 cycles then restart\n'
config += ' if children > 250 then restart\n'
config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n'
config += ' if 3 restarts within 5 cycles then timeout\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# apache 2
if hostname in ['zamok','pegase'] :
config += '# apache2\n'
config += 'check process apache2 with pidfile /var/run/apache2.pid\n'
config += ' start program = "/etc/init.d/apache2 start"\n'
config += ' stop program = "/etc/init.d/apache2 stop"\n'
if hostname == 'pegase' :
config += ' if failed host localhost port 443 type tcpssl protocol http %s then restart\n' % timeout
else :
config += ' if failed host localhost port 80 protocol http %s then restart\n' % timeout
config += ' if failed host localhost port 443 type tcpssl protocol http %s then restart\n' % timeout
config += ' if cpu is greater than 60% for 2 cycles then alert\n'
config += ' if cpu > 80% for 5 cycles then restart\n'
#config += ' if totalmem > 500.0 MB for 5 cycles then restart\n'
config += ' if children > 250 then restart\n'
config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n'
config += ' if 3 restarts within 5 cycles then timeout\n'
config += '\n'
# apache sur ragnarok
if hostname in ['ragnarok'] :
config += '# apache\n'
config += 'check process httpd with pidfile /var/www/logs/httpd.pid\n'
config += ' start program = "/bin/systrace -U -A /usr/sbin/httpd -DSSL"\n'
config += ' stop program = "/usr/sbin/apachectl stop"\n'
#config += ' if failed host localhost port 80 protocol http %s then restart\n' % timeout
#config += ' if failed host localhost port 443 type tcpssl protocol http %s then restart\n' % timeout
config += ' if cpu is greater than 60% for 2 cycles then alert\n'
config += ' if cpu > 80% for 5 cycles then restart\n'
config += ' if children > 100 then restart\n'
config += ' if loadavg(5min) greater than 10 for 8 cycles then restart\n'
config += ' if 3 restarts within 5 cycles then timeout\n'
config += '\n'
# at
if not bsd :
config += '# at\n'
config += 'check process at with pidfile /var/run/atd.pid\n'
config += ' start program = "/etc/init.d/atd start"\n'
config += ' stop program = "/etc/init.d/atd stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# backuppc
if hostname in ['pegase'] :
config += '# backuppc\n'
config += 'check process backuppc with pidfile /var/lib/backuppc/log/BackupPC.pid\n'
config += ' start program = "/etc/init.d/backuppc start"\n'
config += ' stop program = "/etc/init.d/backuppc stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# bind
if hostname in ['ragnarok'] and False :
config += '# bind\n'
config += 'check process bind with pidfile /var/run/named.pid\n'
config += ' start program = "???"\n'
config += ' stop program = "/bin/kill `cat /var/run/named.pid`"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
if hostname in ['rouge','sila','ultra-adsl'] :
config += '# bind\n'
config += 'check process bind with pidfile /var/run/bind/run/named.pid\n'
config += ' start program = "/etc/init.d/bind9 start"\n'
config += ' stop program = "/etc/init.d/bind9 stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# cups
if hostname in ['zamok'] :
config += '# cups\n'
config += 'check process cups with pidfile /var/run/cups/cupsd.pid\n'
config += ' start program = "/etc/init.d/cupsys start"\n'
config += ' stop program = "/etc/init.d/cupsys stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# cron
if bsd :
config += '# cron\n'
config += 'check process cron with pidfile /var/run/cron.pid\n'
config += ' start program = "/usr/sbin/cron"\n'
config += ' stop program = "/bin/kill `cat /var/run/cron.pid`"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
else :
config += '# cron\n'
config += 'check process cron with pidfile /var/run/crond.pid\n'
config += ' start program = "/etc/init.d/cron start"\n'
config += ' stop program = "/etc/init.d/cron stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# dhcp
if hostname in ['ragnarok'] :
pass
# filtrage des logs :
# netacct
if hostname in ['komaz'] :
config += '# filtrage_netacct\n'
config += 'check process filtrage_netacct with pidfile /var/run/filtrage_netacct.pid\n'
config += ' start program = "/etc/init.d/filtrage_netacct start"\n'
config += ' stop program = "/etc/init.d/filtrage_netacct stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# filtrage des logs :
# firewall
if hostname in ['komaz'] :
config += '# filtrage_firewall\n'
config += 'check process filtrage_firewall with pidfile /var/run/filtrage_firewall.pid\n'
config += ' start program = "/etc/init.d/filtrage_firewall start"\n'
config += ' stop program = "/etc/init.d/filtrage_firewall stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# freeradius
if hostname in ['zamok','pegase'] :
config += '# freeradius\n'
config += 'check process freeradius with pidfile /var/run/freeradius/freeradius.pid\n'
config += ' start program = "/etc/init.d/freeradius start"\n'
config += ' stop program = "/etc/init.d/freeradius stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# inn
if hostname in ['rouge'] :
config += '# inn\n'
config += 'check process inn with pidfile /var/run/news/innd.pid\n'
config += ' start program = "/etc/init.d/inn2 start"\n'
config += ' stop program = "/etc/init.d/inn2 stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# isakmpd
if hostname in ['ragnarok'] :
config += '# isakmpd\n'
config += 'check process isakmpd with pidfile /var/run/isakmpd.pid\n'
config += ' start program = "/sbin/isakmpd -d"\n'
config += ' stop program = "/bin/kill `cat /var/run/isakmpd.pid`"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# mailman
if hostname in ['rouge'] :
config += '# mailman\n'
config += 'check process mailman with pidfile /var/run/mailman/mailman.pid\n'
config += ' start program = "/etc/init.d/mailman start"\n'
config += ' stop program = "/etc/init.d/mailman stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# munin-node
if not bsd :
config += '# munin-node\n'
config += 'check process munin-node with pidfile /var/run/munin/munin-node.pid\n'
config += ' start program = "/etc/init.d/munin-node start"\n'
config += ' stop program = "/etc/init.d/munin-node stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# mysql
if hostname in ['zamok'] :
config += '# mysql\n'
config += 'check process mysql with pidfile /var/run/mysqld/mysqld.pid\n'
config += ' start program = "/etc/init.d/mysql start"\n'
config += ' stop program = "/etc/init.d/mysql stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# nscd
if not bsd :
config += '# nscd\n'
config += 'check process nscd with pidfile /var/run/nscd.pid\n'
config += ' start program = "/etc/init.d/nscd start"\n'
config += ' stop program = "/etc/init.d/nscd stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# nut - upsmonitor
if hostname in ['zamok','vert','sila','komaz','rouge','ultra-adsl'] :
config += '# nut\n'
config += 'check process nut with pidfile /var/run/nut/upsmon.pid\n'
config += ' start program = "/etc/init.d/ups-monitor start"\n'
config += ' stop program = "/etc/init.d/ups-monitor stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# openntp / pas de pidfile, on peut pas monitorer
if False :
config += '# openntp\n'
config += 'check process ntpd\n'
config += ' start program = "/etc/init.d/openntpd start"\n'
config += ' stop program = "/etc/init.d/openntpd stop"\n'
config += ' if failed host 127.0.0.1 port 123 type udp %s then restart\n' % timeout
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# postfix
if not bsd :
config += '# postfix\n'
config += 'check process postfix with pidfile /var/spool/postfix/pid/master.pid\n'
config += ' start program = "/etc/init.d/postfix start"\n'
config += ' stop program = "/etc/init.d/postfix stop"\n'
config += ' if failed port 25 protocol smtp %s then restart\n' % timeout
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# postgresql
if hostname in ['rouge'] :
config += '# postgresql\n'
config += 'check process postgresql with pidfile /var/lib/postgres/data/postmaster.pid\n'
config += ' start program = "/etc/init.d/postgresql start"\n'
config += ' stop program = "/etc/init.d/postgresql stop"\n'
config += ' if failed port 5432 %s then restart\n' % timeout
# config += ' if failed unixsocket /var/run/postgresql then restart\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# privoxy
if hostname in ['sila'] :
config += '# privoxy\n'
config += 'check process privoxy with pidfile /var/run/privoxy.pid\n'
config += ' start program = "/etc/init.d/privoxy start"\n'
config += ' stop program = "/etc/init.d/privoxy stop"\n'
config += ' if failed host localhost port 8117 timeout %s then restart\n' % timeout
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# proftpd
if hostname in ['pegase'] :
config += '# proftpd\n'
config += 'check process proftpd with pidfile /var/run/proftpd.pid\n'
config += ' start program = "/etc/init.d/proftpd start"\n'
config += ' stop program = "/etc/init.d/proftpd stop"\n'
config += ' if failed port 21 protocol ftp %s then restart\n' % timeout
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# rsync
if hostname in ['ragnarok'] and False :
config += '# rsyncd\n'
config += 'check process rsyncd with pidfile /var/run/rsyncd.pid\n'
config += ' start program = "???"\n'
config += ' stop program = "/bin/kill `cat /var/run/rsyncd.pid`"\n'
config += ' if failed port 873 %s then restart\n' % timeout
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# slapd
if hostname in ['pegase','sila','vert'] :
config += '# slapd\n'
config += 'check process slapd with pidfile /var/run/slapd/slapd.pid\n'
config += ' start program = "/etc/init.d/slapd start"\n'
config += ' stop program = "/etc/init.d/slapd stop"\n'
config += ' if failed host localhost port 389 protocol ldap3 %s then restart\n' % timeout
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# spamd
if hostname in ['zamok','rouge'] :
config += '# spamd\n'
config += 'check process spamd with pidfile /var/run/spamd.pid\n'
config += ' start program = "/etc/init.d/spamassassin start"\n'
config += ' stop program = "/etc/init.d/spamassassin stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# sqlgrey
if hostname in ['zamok','rouge','ultra-adsl'] :
config += '# sqlgrey\n'
config += 'check process sqlgrey with pidfile /var/run/sqlgrey.pid\n'
config += ' start program = "/etc/init.d/sqlgrey start"\n'
config += ' stop program = "/etc/init.d/sqlgrey stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# squid / redémare tout le temps
if False :
config += '# squid\n'
config += 'check process squid with pidfile /var/run/squid.pid\n'
config += ' start program = "/etc/init.d/squid start"\n'
config += ' stop program = "/etc/init.d/squid stop"\n'
config += ' if failed host %s.crans.org port 3128 then restart\n' % hostname
config += ' if 5 restarts within 15 cycles then timeout\n'
config += '\n'
# ssh
if not bsd :
config += '# ssh\n'
config += 'check process ssh with pidfile /var/run/sshd.pid\n'
config += ' start program = "/etc/init.d/ssh start"\n'
config += ' stop program = "/etc/init.d/ssh stop"\n'
config += ' if failed port 22 protocol ssh %s then restart\n' % timeout
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# syslog
if bsd :
config += '# syslog\n'
config += 'check process syslog with pidfile /var/run/syslog.pid\n'
config += ' start program = "/usr/local/bin/rsync --daemon --config /etc/rsyncd.conf"\n'
config += ' stop program = "/bin/kill `cat /var/run/syslog.pid`"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# syslog-ng
if hostname not in ['ultra-adsl'] and not bsd :
config += '# syslog-ng\n'
config += 'check process syslog-ng with pidfile /var/run/syslog-ng.pid\n'
config += ' start program = "/etc/init.d/syslog-ng start"\n'
config += ' stop program = "/etc/init.d/syslog-ng stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += ' depend on file/var/log/messages\n'
config += '\n'
config += 'check file file/var/log/messages with path /var/log/messages\n'
config += ' if timestamp > 15 minutes then alert\n'
config += '\n'
# sysklogd
if hostname in ['ultra-adsl'] :
config += '# syslogd\n'
config += 'check process syslogd with pidfile /var/run/syslogd.pid\n'
config += ' start program = "/etc/init.d/sysklogd start"\n'
config += ' stop program = "/etc/init.d/sysklogd stop"\n'
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# tinyproxy
if hostname in ['ultra-adsl'] :
config += '# tinyproxy\n'
config += 'check process tinyproxy with pidfile /var/run/tinyproxy.pid\n'
config += ' start program = "/etc/init.d/tinyproxy start"\n'
config += ' stop program = "/etc/init.d/tinyproxy stop"\n'
config += ' if failed host %s.crans.org port 3128 %s then restart\n' % (hostname,timeout)
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
# vsftpd
if hostname in ['sila'] :
config += '# vsftpd\n'
config += 'check process vsftpd with pidfile /var/run/vsftpd/vsftpd.pid\n'
config += ' start program = "/etc/init.d/vsftpd start"\n'
config += ' stop program = "/etc/init.d/vsftpd stop"\n'
config += ' if failed port 21 protocol ftp %s then restart\n' % timeout
config += ' if 5 restarts within 5 cycles then timeout\n'
config += '\n'
return config
def file_default (hostname = host) :
config = '# Configuration de monit sur %s\n' % hostname
config += '# généré par monit.py\n'
config += '\n'
config += '# on lance monit au démarage\n'
config += 'startup=1\n'
config += '\n'
config += '# intervale de vérification\n'
config += 'CHECK_INTERVALS=60\n'
return config
# corps du programme
####################
# vérification de l'uid
if os.getuid() :
print 'Il faut être root !'
sys.exit(1)
# le fichier de cron
if bsd :
print "Système bsd, crontab non mis à jour"
else :
f = open('/etc/cron.d/monit','w')
f.write('* * * * * root /usr/sbin/monit status > /usr/scripts/monit/status/%s\n' % host)
f.close()
# génération du monitrc
if bsd :
f = open('/etc/monitrc','w')
else :
f = open('/etc/monit/monitrc','w')
f.write(file_monitrc())
f.close()
# génération du default
if not bsd :
f = open('/etc/default/monit','w')
f.write(file_default())
f.close()
# redémarage de monit
if bsd :
# arret
out = commands.getstatusoutput("/bin/kill `cat /var/run/monit.pid`")
if out[0] :
print "Erreur arrêt de monit"
print out[1].replace('\n','\n ')
else :
print "Arrêt de monit : OK"
# on sleep, sinon le fichier monit.pid est bloqué, et il ne
# peut pas être écrit par la commande de démarage
time.sleep(1)
# démarage
out = commands.getstatusoutput("monit -c /etc/monitrc -d 60 -p /var/run/monit.pid")
if out[0] :
print "Erreur démarage de monit"
print ' ' + out[1].replace('\n','\n ')
else :
print "Démarage de monit : OK"
else :
os.system('/etc/init.d/monit restart')
Reference in a new issue View git blame Copy permalink