Outils personnels

Monit installation : Différence entre versions

De wikiGite
Ligne 13 : Ligne 13 :
 
Modifier le format du mail :
 
Modifier le format du mail :
 
  set mail-format {
 
  set mail-format {
From: monit-''<nom du serveur>''@systea.net
+
    From: monit-''<nom du serveur>''@systea.net
Subject: $EVENT $SERVICE
+
    Subject: $EVENT $SERVICE
Message: $DATE
+
    Message: $DATE
$SERVICE : $EVENT
+
    $SERVICE : $EVENT
$DESCRIPTION
+
    $DESCRIPTION
Monit $ACTION : $SERVICE
+
    Monit $ACTION : $SERVICE
 
  }
 
  }
  

Version du 8 octobre 2008 à 08:08

Installation

Sur Debian

apt-get install monit

Dans /etc/monit/monitrc, décommenter : 

set daemon  120 # NOTE POUR DEBIAN : c'est le paramètre de /etc/default/monit CHECK_INTERVAL qui est prioritaire
                # (lancement du démon avec "-d" dans l'init.d), c'est lui qu'il faut donc modifier !
set logfile syslog facility log_daemon
set mailserver   localhost             # primary mailserver

Modifier le format du mail : 

set mail-format {
    From: monit-<nom du serveur>@systea.net
    Subject: $EVENT $SERVICE
    Message: $DATE
    $SERVICE : $EVENT
    $DESCRIPTION
    Monit $ACTION : $SERVICE
}

Donner le destinataire : 

set alert <administrateur>@systea.net                       # receive all alerts

Eventuellement, ouvrir le "embedded webserver" au localhost pour au moins pouvoir lancer un "monit status" ou "monit summary" (voir plus bas pour redirection php si APACHE installé): 

set httpd port 2812 and
    use address localhost  # only accept connection from localhost
    allow localhost        # allow localhost to connect to the server and

Note S'il ny a pas d'Apache, ouvrir le port 2812 et configurer monit en SSL autonome : 

set httpd port 2812 and
   SSL Enable 
   PEMFILE /etc/apache2/ssl/apache.pem
   allow admin:<mot de passe admin>      # require user 'admin' with password

Note2 L'ouverture du port 2812 peut être un trou de sécurité. Ne l'ouvrir qu'en connaissance de cause.

Vérifier que : 

include /etc/monit/monit.d/*

est décommenté (ajouter le "monit" au milieu, il n'y est pas par défaut).

Créer le répertoire au besoin.

Sur CentOS / RedHat

Récupérer la dernière version de paquet sur dag.wieers.com (CentOS4 = RHEL4) 

# wget http://dag.wieers.com/rpm/packages/monit/monit-4.9-2.el4.rf.i386.rpm

Installer : 

# rpm -i monit-4.9-2.el4.rf.i386.rpm

Attention, le fichier de conf est /etc/monit.conf. Le répertoire /etc/monit.d est déjà créé.

Configuration des services

Exemple de fichier de config /etc/monit/monit.d/serveur.systea.net, type DEBIAN/ISPConfig, surveillance locale : 

###############################################################################
## serveur.systea.net local
###############################################################################
#
check system serveur.systea.net
    if loadavg (1min) > 6 then alert
    if loadavg (5min) > 4 then exec "/root/bin/top.sh"
    if memory usage > 85% then exec "/root/bin/top.sh"
    if cpu usage (user) > 70% then exec "/root/bin/top.sh"
    if cpu usage (system) > 50% then exec "/root/bin/top.sh"
    if cpu usage (wait) > 60% then exec "/root/bin/top.sh"
check process apache2 with pidfile /var/run/apache2.pid
    start program = "/etc/init.d/apache2 start"
    stop program  = "/etc/init.d/apache2 stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if failed port 80 then restart
check process proftpd1 with pidfile /var/run/proftpd.pid
    start program = "/etc/init.d/proftpd start"
    stop program  = "/etc/init.d/proftpd stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if failed port 21 then restart
check process postfix2 with pidfile /var/spool/postfix/pid/master.pid
    start program = "/etc/init.d/postfix start"
    stop program  = "/etc/init.d//postfix stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if failed port 25 then restart
check process mysql5 with pidfile /var/run/mysqld/mysqld.pid
    start program = "/etc/init.d/mysql start"
    stop program  = "/etc/init.d/mysql stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if failed port 3306 then restart
check process postgresql7 with pidfile /var/lib/postgresql/7.4/main/postmaster.pid
    start program = "/etc/init.d/postgresql-7.4 start"
    stop program  = "/etc/init.d/postgresql-7.4 stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if failed port 5432 then restart
check device root with path /dev/sda1
    if space usage > 75% for 5 times within 15 cycles then alert
    if space usage > 90% then alert

Exemple de fichier de config /etc/monit/monit.d/serveur.ephoto.fr, type CENTOS/BlueQuartz, surveillance locale : 

###############################################################################
## serveur.ephoto.fr local
###############################################################################
#
check system serveur.ephoto.fr
    if loadavg (1min) > 6 then alert
    if loadavg (5min) > 4 then exec "/opt/systools/top.sh"
    if memory usage > 85% then exec "/opt/systools/top.sh"
    if cpu usage (user) > 70% then exec "/opt/systools/top.sh"
    if cpu usage (system) > 50% then exec "/opt/systools/top.sh"
    if cpu usage (wait) > 60% then exec "/opt/systools/top.sh"
check process httpd with pidfile /var/run/httpd.pid
    start program = "/etc/init.d/httpd start"
    stop program  = "/etc/init.d/httpd stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if failed port 80 then restart
check process sendmail with pidfile /var/run/sendmail.pid
    start program = "/etc/init.d/sendmail start"
    stop program  = "/etc/init.d/sendmail stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if failed port 25 then restart
check process mysql5 with pidfile /var/run/mysqld/mysqld.pid
    start program = "/etc/init.d/mysqld start"
    stop program  = "/etc/init.d/mysqld stop"
    if cpu > 60% for 2 cycles then alert
    if cpu > 80% for 5 cycles then restart
    if failed port 3306 then restart
check device root with path /dev/mapper/VolGroup00-LogVol00
    if space usage > 75% for 5 times within 15 cycles then alert
    if space usage > 90% then alert
check device home with path /dev/mapper/VolGroup00-LogVol04
    if space usage > 75% for 5 times within 15 cycles then alert
    if space usage > 90% then alert

Fichier top.sh : 

#!/bin/bash
LOG=/root/top.log
top -d 5 -b -n 5 > $LOG
cat $LOG | mail -s "top.log isp129" fsoyer@systea.net

Exemple de /etc/monit/monit.d/serveur.systea.net sur serveur2 qui surveille serveur en remote : 

###############################################################################
## serveur.systea.net remote
###############################################################################
#
check host serveur.systea.net with address 1.2.3.4
       if failed icmp type echo count 3 with timeout 10 seconds then alert

Accès au webserver de l'extérieur sans ouvrir de port supplémentaire

Apache doit être opérationnel sur la machine

Créer /var/www/monit/monit.php : 

<?php
//  Copyright (C), 2004 David Fletcher, <david@megapico.co.uk>
// 
//  This program is free software; you can redistribute it and/or
//  modify it under the terms of the GNU General Public License as
//  published by the Free Software Foundation; either version 2 of the
//  License, or (at your option) any later version.
// 
//  This program is distributed in the hope that it will be useful, but
//  WITHOUT ANY WARRANTY; without even the implied warranty of
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
//  General Public License for more details.
// 
//  You should have received a copy of the GNU General Public License
//  along with this program; if not, write to the Free Software Foundation,
//  Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
//
//  Requires PHP, and a working webserver!
//  @author Author David Fletcher, <david@megapico.co.uk>
//  @version \$Id: monit.php,v 1.2 2004/11/20 23:53:42 hauk Exp $

//Configuration - set this to match the information in /etc/monitrc
//Set information about the monit server address, port and login details.
$addr = 'localhost';
$port = 2812;
$path = '/';
$user = 'admin';
$pass = 'monit';
$timeout = 30;
//End of configuration

$urlHandle = fsockopen($addr, $port, $errno, $errstr, $timeout);
socket_set_timeout($urlHandle, $timeout);
$urlString = "GET $path HTTP/1.0\r\nHost: $addr\r\nConnection: Keep-Alive\r\nUser-Agent: MonitPHP\r\n";
$urlString .= "Authorization: Basic ".base64_encode("$user:$pass")."\r\n";
$urlString .= "\r\n";
fputs($urlHandle, $urlString);
$response = fgets($urlHandle);
$endHeader = false;                           // Strip initial header information

while ( !$endHeader){
  if (fgets($urlHandle) == "\r\n")
    $endHeader = true;
}
 $info = ;                                  // Generate a string to send to the screen

while (!feof($urlHandle)) {
  $info.=fgets($urlHandle);
}
 fclose ($urlHandle);
echo $info;
?>

Créer /etc/apache2/conf.d/monit.conf : 

<IfModule mod_alias.c>
  Alias /monit "/var/www/monit"
</IfModule>

<DirectoryMatch /var/www/monit/>
  Options -FollowSymLinks
  AllowOverride All
  order deny,allow
#  deny from all
#  allow from 127.0.0.0/255.0.0.0
</DirectoryMatch>

Créer /var/www/.htaccess : 

AuthUserFile /var/www/monit/.htpasswd
 AuthName "Restricted Access"
 Require valid-user
 AuthType Basic

<Files .*>
deny from all
</Files>

Et créer le fichier de mots de passe avec user admin/<password de l'admin> : 

# htpasswd -c /var/www/monit/.htpasswd admin
Récupérée de « https://wiki.kogite.fr/index.php?title=Monit_installation&oldid=1863 »