Monit installation : Différence entre versions
De wikiGite
Ligne 23 : | Ligne 23 : | ||
set alert fsoyer@systea.net # receive all alerts | set alert fsoyer@systea.net # receive all alerts | ||
− | + | '''Eventuellement''', ouvrir le "embedded webserver" au localhost pour au moins pouvoir lancer un "monit status" ou "monit summary" (voir plus bas pour redirection php si APACHE installé): | |
set httpd port 2812 and | set httpd port 2812 and | ||
use address localhost # only accept connection from localhost | use address localhost # only accept connection from localhost | ||
Ligne 34 : | Ligne 34 : | ||
PEMFILE /etc/apache2/ssl/apache.pem | PEMFILE /etc/apache2/ssl/apache.pem | ||
allow admin:'cela2M!' # require user 'admin' with password | allow admin:'cela2M!' # require user 'admin' with password | ||
+ | '''Note2''' | ||
+ | L'ouverture du port 2812 peut être un trou de sécurité. Ne l'ouvrir qu'en connaissance de cause. | ||
Vérifier que : | Vérifier que : | ||
Ligne 40 : | Ligne 42 : | ||
Créer le répertoire au besoin. | Créer le répertoire au besoin. | ||
+ | |||
+ | = Sur CentOS / RedHat = | ||
+ | Récupérer la dernière version de paquet sur dag.wieers.com (CentOS4 = RHEL4) | ||
+ | # wget http://dag.wieers.com/rpm/packages/monit/monit-4.9-2.el4.rf.i386.rpm | ||
+ | Installer : | ||
+ | # rpm -i monit-4.9-2.el4.rf.i386.rpm | ||
+ | Attention le fichier de conf est '''/etc/monit.conf''' | ||
+ | |||
+ | |||
= Configuration des services = | = Configuration des services = | ||
− | Exemple de fichier de config /etc/monit/monit.d/isp129.systea.net, | + | Exemple de fichier de config /etc/monit/monit.d/isp129.systea.net, '''surveillance locale''' : |
############################################################################### | ############################################################################### | ||
## Isp129.systea.net local | ## Isp129.systea.net local | ||
Ligne 48 : | Ligne 59 : | ||
# | # | ||
check system isp129.systea.net | check system isp129.systea.net | ||
− | + | if loadavg (1min) > 6 then alert | |
− | + | if loadavg (5min) > 4 then exec "/root/bin/top.sh" | |
− | + | if memory usage > 85% then exec "/root/bin/top.sh" | |
− | + | if cpu usage (user) > 70% then exec "/root/bin/top.sh" | |
− | + | if cpu usage (system) > 50% then exec "/root/bin/top.sh" | |
− | + | if cpu usage (wait) > 60% then exec "/root/bin/top.sh" | |
+ | check process apache2 with pidfile /var/run/apache2.pid | ||
+ | start program = "/etc/init.d/apache2 start" | ||
+ | stop program = "/etc/init.d/apache2 stop" | ||
+ | if cpu > 60% for 2 cycles then alert | ||
+ | if cpu > 80% for 5 cycles then restart | ||
+ | if failed port 80 then restart | ||
+ | check process proftpd1 with pidfile /var/run/proftpd.pid | ||
+ | start program = "/etc/init.d/proftpd start" | ||
+ | stop program = "/etc/init.d/proftpd stop" | ||
+ | if cpu > 60% for 2 cycles then alert | ||
+ | if cpu > 80% for 5 cycles then restart | ||
+ | if failed port 21 then restart | ||
+ | check process postfix2 with pidfile /var/spool/postfix/pid/master.pid | ||
+ | start program = "/etc/init.d/postfix start" | ||
+ | stop program = "/etc/init.d//postfix stop" | ||
+ | if cpu > 60% for 2 cycles then alert | ||
+ | if cpu > 80% for 5 cycles then restart | ||
+ | if failed port 25 then restart | ||
+ | check process mysql5 with pidfile /var/run/mysqld/mysqld.pid | ||
+ | start program = "/etc/init.d/mysql start" | ||
+ | stop program = "/etc/init.d/mysql stop" | ||
+ | if cpu > 60% for 2 cycles then alert | ||
+ | if cpu > 80% for 5 cycles then restart | ||
+ | if failed port 3306 then restart | ||
+ | check process postgresql7 with pidfile /var/lib/postgresql/7.4/main/postmaster.pid | ||
+ | start program = "/etc/init.d/postgresql-7.4 start" | ||
+ | stop program = "/etc/init.d/postgresql-7.4 stop" | ||
+ | if cpu > 60% for 2 cycles then alert | ||
+ | if cpu > 80% for 5 cycles then restart | ||
+ | if failed port 5432 then restart | ||
+ | check device root with path /dev/sda1 | ||
+ | if space usage > 75% for 5 times within 15 cycles then alert | ||
+ | if space usage > 90% then alert | ||
− | Exemple de /etc/monit/monit.d/isp129.systea.net sur atuin qui surveille isp129 : | + | Exemple de /etc/monit/monit.d/isp129.systea.net sur atuin qui surveille isp129 '''en remote''' : |
############################################################################### | ############################################################################### | ||
## Isp129.systea.net remote | ## Isp129.systea.net remote |
Version du 8 octobre 2008 à 07:28
Sommaire
Sur Debian
- Installation
apt-get install monit
Dans /etc/monit/monitrc, décommenter :
set daemon 120 #*** NOTE POUR DEBIAN : c'est le paramètre de /etc/default/monit CHECK_INTERVAL qui est prioritaire (lancement du démon avec "-d" dans l'init.d), c'est lui qu'il faut donc modifier ! set logfile syslog facility log_daemon set mailserver localhost # primary mailserver
Modifier le format du mail :
set mail-format {
From: monit-<*** nom du serveur ****>@systea.net Subject: $EVENT $SERVICE Message: $DATE $SERVICE : $EVENT $DESCRIPTION Monit $ACTION : $SERVICE
}
Donner le destinataire :
set alert fsoyer@systea.net # receive all alerts
Eventuellement, ouvrir le "embedded webserver" au localhost pour au moins pouvoir lancer un "monit status" ou "monit summary" (voir plus bas pour redirection php si APACHE installé):
set httpd port 2812 and use address localhost # only accept connection from localhost allow localhost # allow localhost to connect to the server and
Note S'il ny a pas d'Apache, ouvrir le port 2812 et configurer monit en SSL autonome :
set httpd port 2812 and SSL Enable PEMFILE /etc/apache2/ssl/apache.pem allow admin:'cela2M!' # require user 'admin' with password
Note2 L'ouverture du port 2812 peut être un trou de sécurité. Ne l'ouvrir qu'en connaissance de cause.
Vérifier que :
include /etc/monit/monit.d/*
est décommenté (ajouter le "monit" au milieu).
Créer le répertoire au besoin.
Sur CentOS / RedHat
Récupérer la dernière version de paquet sur dag.wieers.com (CentOS4 = RHEL4)
# wget http://dag.wieers.com/rpm/packages/monit/monit-4.9-2.el4.rf.i386.rpm
Installer :
# rpm -i monit-4.9-2.el4.rf.i386.rpm
Attention le fichier de conf est /etc/monit.conf
Configuration des services
Exemple de fichier de config /etc/monit/monit.d/isp129.systea.net, surveillance locale :
############################################################################### ## Isp129.systea.net local ############################################################################### # check system isp129.systea.net if loadavg (1min) > 6 then alert if loadavg (5min) > 4 then exec "/root/bin/top.sh" if memory usage > 85% then exec "/root/bin/top.sh" if cpu usage (user) > 70% then exec "/root/bin/top.sh" if cpu usage (system) > 50% then exec "/root/bin/top.sh" if cpu usage (wait) > 60% then exec "/root/bin/top.sh" check process apache2 with pidfile /var/run/apache2.pid start program = "/etc/init.d/apache2 start" stop program = "/etc/init.d/apache2 stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if failed port 80 then restart check process proftpd1 with pidfile /var/run/proftpd.pid start program = "/etc/init.d/proftpd start" stop program = "/etc/init.d/proftpd stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if failed port 21 then restart check process postfix2 with pidfile /var/spool/postfix/pid/master.pid start program = "/etc/init.d/postfix start" stop program = "/etc/init.d//postfix stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if failed port 25 then restart check process mysql5 with pidfile /var/run/mysqld/mysqld.pid start program = "/etc/init.d/mysql start" stop program = "/etc/init.d/mysql stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if failed port 3306 then restart check process postgresql7 with pidfile /var/lib/postgresql/7.4/main/postmaster.pid start program = "/etc/init.d/postgresql-7.4 start" stop program = "/etc/init.d/postgresql-7.4 stop" if cpu > 60% for 2 cycles then alert if cpu > 80% for 5 cycles then restart if failed port 5432 then restart check device root with path /dev/sda1 if space usage > 75% for 5 times within 15 cycles then alert if space usage > 90% then alert
Exemple de /etc/monit/monit.d/isp129.systea.net sur atuin qui surveille isp129 en remote :
############################################################################### ## Isp129.systea.net remote ############################################################################### # check host isp129.systea.net with address 80.64.226.29 if failed icmp type echo count 3 with timeout 10 seconds then alert
Accès au webserver de l'extérieur sans ouvrir de port supplémentaire
Apache doit être opérationnel sur la machine
Créer /var/www/monit, y copier /home/fsoyer/Documents/Documents divers - logiciels/monit/monit.php en index.php.
Créer /etc/apache2/conf.d/monit.conf :
<IfModule mod_alias.c> Alias /monit "/var/www/monit" </IfModule> <DirectoryMatch /var/www/monit/> Options -FollowSymLinks AllowOverride All order deny,allow # deny from all # allow from 127.0.0.0/255.0.0.0 </DirectoryMatch>
Créer /var/www/.htaccess :
AuthUserFile /var/www/monit/.htpasswd AuthName "Restricted Access" Require valid-user AuthType Basic <Files .*> deny from all </Files>
Et créer le fichier de mots de passe avec user admin/cela2M! :
# htpasswd -c /var/www/monit/.htpasswd admin