update..

2021-04-18 13:56:36 +02:00
parent 2339cdd6e8
commit d22a65ad9a
74 changed files with 4289 additions and 537 deletions
--- a/roles/common/files/a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf
+++ b/roles/common/files/a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf
@@ -0,0 +1,133 @@
+#---------------------------------------
+#-----------------------------
+# Settings for script check_cert_for_dovecot.sh
+#-----------------------------
+#---------------------------------------
+
+# - service_domain
+# -
+# - The main domain for which the certificate was issued
+# -
+# - Example:
+# -    service_domain="a.mx.oopen.de"
+# -    service_domain="mail.cadus.org"
+# -    service_domain="mx.warenform.de"
+# -
+#service_domain=""
+service_domain="a.mx.oopen.de"
+
+
+# - service_name
+# -
+# - Name of service.
+# -
+# - Note: this var will also be used to determin systemd service file
+# - or sysVinit script.
+# -
+# - Example: 
+# -    service_name="Mumble"
+# -    service_name="Prosody"
+# -
+# - Defaults to:
+# -    service_name="Dovecot"
+# -
+#service_name=""
+
+
+# - check_string_ps
+# -
+# - String wich (clearly) identifies the service at the process list (ps)
+# -
+# - Example:
+# -    check_string_ps="[[:digit:]]\ /usr/sbin/murmurd"
+# -    check_string_ps=""
+# -
+# - Defaults to:
+# -    check_string_ps="[[:digit:]]\ /usr/local/dovecot-[[:digit:]]{1,2}\.[[:digit:]]{1,2}\.[[:digit:]]{1,2}(\.[[:digit:]]{1,2})?/sbin/dovecot"
+# -
+#check_string_ps=""
+
+
+# - service_user
+# -
+# - User under which the service is running.
+# -
+# - Example:
+# -    service_user="mumble-server"
+# -    service_user="prosody"
+# -
+# - Defaults to:
+# -    service_user="prosody"
+# -
+#service_user=""
+
+
+# - service_group
+# -
+# - Group under which the service is running.
+# -
+# - Example:
+# -    service_group="mumble-server"
+# -    service_group="prosody"
+# -
+# - Defaults to:
+# -    service_group="prosody"
+# -
+#service_group=""
+
+
+# - cert_installed
+# -
+# - Locataion of certificate read by service
+# -
+# - Example:
+# -    cert_installed="/var/lib/mumble-server/fullchain.pem"
+# -    cert_installed="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
+# -
+# - Defaults to:
+# -    /etc/dovecot/ssl/mailserver.crt
+# -
+#cert_installed=""
+
+
+# - key_installed
+# -
+# - Location of the key read by service
+# -
+# - Example:
+# -    key_installed="/var/lib/mumble-server/privkey.pem"
+# -    key_installed="/etc/prosody/certs/privkey_jabber.so36.pem"
+# -
+# - Defaults to:
+# -    /etc/dovecot/ssl/mailserver.key
+# -
+#key_installed=""
+
+
+# - cert_newest
+# -
+# - Location of the newest certificate.
+# -
+# - Example:
+# -    cert_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/fullchain.pem"
+# -    cert_newest="/var/lib/dehydrated/certs/jabber.so36.net/fullchain.pem"
+# -
+# - Defaults to: 
+# -    /var/lib/dehydrated/certs/${service_domain}/fullchain.pem
+# -
+#cert_newest=""
+
+
+# - key_newest
+# -
+# - Location of the newest Key
+# -
+# - Example:
+# -    key_newest="/var/lib/dehydrated/certs/il-mumble.oopen.de/privkey.pem"
+# -    key_newest="/var/lib/dehydrated/certs/jabber.so36.net/privkey.pem"
+# -
+# - Defaults to:
+# -    /var/lib/dehydrated/certs/${service_domain}/privkey.pem
+# -
+#key_newest=""
+
--- a/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf
+++ b/roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf
@@ -0,0 +1,145 @@
+#---------------------------------------
+#-----------------------------
+# Settings
+#-----------------------------
+#---------------------------------------
+
+#LOGGING=true
+LOGGING=false
+
+# - What to check
+# -
+check_load=true
+check_mysql=false
+check_apache=true
+check_php_fpm=true
+check_website=false
+
+
+# - Additional Settings for check_mysql
+# -
+# - MySQL / MariaDB credentials
+# -
+# - Giving password on command line is insecure an sind mysql 5.5
+# - you will get a warning doing so.
+# - 
+# - Reading username/password fro file ist also possible, using MySQL/MariaDB
+# - commandline parameter '--defaults-file'.
+# - 
+# - Since Mysql Version 5.6, you can read username/password from
+# - encrypted file.
+# -
+# -    Create (encrypted) option file:
+# -    $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock  --user=root --password
+# -    $ Password:
+# -
+# -    Use of option file:
+# -    $ mysql --login-path=local ...
+# -
+# - Example
+# -    mysql_credential_args="--login-path=local"
+# -    mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
+# -    mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
+# -
+mysql_credential_args="--login-path=local"
+
+
+# - Additional Settings for check_php_fpm
+# -
+# - On Linux Vserver System set
+# -    curl_check_host=localhost
+# -
+# - On LX-Container set
+# -    curl_check_host=127.0.0.1
+# -
+curl_check_host=127.0.0.1
+
+# - Which PHP versions should be supported by this script. If more than one,
+# - give a blank separated list
+# -
+# - Example:
+# -    php_versions="5.4 5.6 7.0 7.1"
+# -
+php_versions="7.4"
+
+# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
+# - set the value given in your ping.path setting here. Give ping_path also
+# - the concerning php_version in form
+# -    <php-version>:<ping-path>
+# -
+# - Multiple settings are possible, give a blank separated list.
+# -
+# - Example:
+# -
+# -    ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
+# -
+ping_path=""
+
+
+# - Additional Settings for check_website - checking (expected) website response
+# -
+# - example:
+# -    is_working_url="https://www.outoflineshop.de/"
+# -    check_string='ool-account-links'
+# -    include_cleanup_function=true
+# -    extra_alert_address="ilker@so36.net"
+# -    cleanup_function='
+# -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
+# -    rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
+# -    /usr/local/bin/redis-cli flushall > /dev/null 2>&1
+# -    if [[ "$?" = "0" ]]; then
+# -       ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
+# -    else
+# -       error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
+# -     fi
+# -    /etc/init.d/redis_6379 restart
+# -    if [[ "$?" = "0" ]]; then
+# -       ok "I restarted the redis service"
+# -       echo -e "\t[ Ok ]:    I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
+# -    else
+# -       error "Restarting the redis server failed!"
+# -       echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
+# -    fi
+# -    '
+# -
+is_working_url=''
+
+check_string=''
+
+include_cleanup_function=true
+
+# - An extra e-mail address, which will be informed, if the given check URL
+# - does not response as expected (check_string) AFTER script checking, restarting
+# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
+# -
+extra_alert_address=''
+
+# - php_version_of_working_url
+# -
+# - If given website (is_working_url) does not response as expected, this PHP FPM
+# - engines will be restarted.
+# -
+# - Type "None" if site does not support php
+# -
+# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
+# - will be restarted
+# -
+php_version_of_working_url=''
+
+# - Notice:
+# - If single qoutes "'" not needed inside cleanup function, then use single quotes
+# - to enclose variable "cleanup_function". Then you don't have do masquerade any 
+# - sign inside.
+# -
+# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
+# -
+cleanup_function='
+'
+
+
+# - E-Mail settings for sending script messages
+# -
+from_address="root@`hostname -f`"
+content_type='Content-Type: text/plain;\n charset="utf-8"'
+to_addresses="root"
+