ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: ansible:4e06ed01aa863ab505838dc49f0e4171d69d38fb
Branches Tags
ansible:master
..
compare: ansible:master
Branches Tags
ansible:master

5 Commits
4e06ed01aa ... master

Author SHA1 Message Date
Christoph
f9652dbbf9 update.. 2026-02-10 11:54:07 +01:00
Christoph
b6097221e7 update-- 2026-02-09 14:23:32 +01:00
Christoph
8fe4047694 update.. 2026-02-04 23:25:58 +01:00
Christoph
a41467f6d4 replace more deprecated code. 2026-02-01 14:49:41 +01:00
Christoph
6b2dd6b0bf Fix error on debian.sources file. 2026-02-01 14:49:05 +01:00
39 changed files with 102 additions and 5971 deletions
Expand all files Collapse all files

4
host_vars/a.mx.oopen.de.yml
View File

@@ -159,10 +159,6 @@ copy_plain_files:
src_path: a.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: a.mx/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf

7
host_vars/b.mx.oopen.de.yml
View File

@@ -151,13 +151,6 @@ root_ssh_keypair:
copy_plain_files:
# /root/bin/monitoring
#
- name: monitoring_check_webservice_load.conf
src_path: b.mx/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf

4
host_vars/c.mx.oopen.de.yml
View File

@@ -164,10 +164,6 @@ copy_plain_files:
src_path: c.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: c.mx/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf

4
host_vars/d.mx.oopen.de.yml
View File

@@ -153,10 +153,6 @@ root_ssh_keypair:
copy_plain_files:
- name: monitoring_check_webservice_load.conf
src_path: d.mx/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
- name: postfix_create_opendkim_key.conf
src_path: d.mx/root/bin/postfix/conf/create_opendkim_key.conf
dest_path: /root/bin/postfix/conf/create_opendkim_key.conf

4
host_vars/e.mx.oopen.de.yml
View File

@@ -157,10 +157,6 @@ copy_plain_files:
src_path: e.mx/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: e.mx/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
- name: postfix_create_opendkim_key.conf
src_path: e.mx/root/bin/postfix/conf/create_opendkim_key.conf
dest_path: /root/bin/postfix/conf/create_opendkim_key.conf

37
host_vars/file-dissens.dissens.netz.yml
View File

@@ -414,11 +414,11 @@ samba_user:
- projekte
password: '20.j0hanna.ru3kgau3r+24!'
- name: laura.sasse
groups:
- projekte
- team
password: '20/l4ur4-s4sse-24?'
# - name: laura.sasse
# groups:
# - projekte
# - team
# password: '20/l4ur4-s4sse-24?'
- name: lino.koehler
groups:
@@ -458,10 +458,10 @@ samba_user:
- verwaltung
password: '20/r4lph-kl3sch.24-'
- name: rositsa.mahdi
groups:
- projekte
password: '20.ros1tsa-mahd1+24+'
# - name: rositsa.mahdi
# groups:
# - projekte
# password: '20.ros1tsa-mahd1+24+'
- name: selma.albrecht
groups:
@@ -486,11 +486,11 @@ samba_user:
- team
password: '20-sc4n.25!'
- name: sebastian.scheele
groups:
- projekte
- team
password: '20/s3-bast1an+sch33l3_24-'
# - name: sebastian.scheele
# groups:
# - projekte
# - team
# password: '20/s3-bast1an+sch33l3_24-'
- name: simon.krugmann
groups:
@@ -525,14 +525,11 @@ samba_user:
base_home: /data/home
# remove_samba_users:
# - name: name1
# - name: name2
#
remove_samba_users: []
#remove_samba_users:
# - name: elenor.faellgrem
# - name: maiken.schiele
# - name: sebastian.scheele
# - name: rositsa.mahdi
# - name: laura.sasse
samba_shares:

7
host_vars/g.mx.oopen.de.yml
View File

@@ -151,13 +151,6 @@ resolved_fallback_nameserver:
copy_plain_files:
# /root/bin/monitoring
#
- name: monitoring_check_webservice_load.conf
src_path: g.mx/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf

6
host_vars/ga-st-mail.ga.netz.yml
View File

@@ -214,10 +214,6 @@ copy_plain_files:
src_path: ga-st-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf
@@ -265,6 +261,8 @@ ipv4_address: 192.168.11.2
admin_email: it@gemeinschaft-altenschlirf.org
is_relay_host: !!str "false"
support_dmarc_reporting: !!str "false"
db_in_use: !!str "true"
# postfix_db_type
#

4
host_vars/lists.mx.warenform.de.yml
View File

@@ -148,10 +148,6 @@ root_ssh_keypair:
copy_plain_files:
- name: monitoring_check_webservice_load.conf
src_path: lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
- name: postfix_create_opendkim_key.conf
src_path: lists.mx.warenform/root/bin/postfix/conf/create_opendkim_key.conf
dest_path: /root/bin/postfix/conf/create_opendkim_key.conf

4
host_vars/mail-neu.cadus.org.yml
View File

@@ -89,10 +89,6 @@ copy_plain_files:
src_path: mail.cadus/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf

4
host_vars/mail.cadus.org.yml
View File

@@ -159,10 +159,6 @@ copy_plain_files:
src_path: mail.cadus/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf

4
host_vars/mail.faire-mobilitaet.de.yml
View File

@@ -159,10 +159,6 @@ copy_plain_files:
src_path: mail.faire-mobilitaet/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf

4
host_vars/mx.warenform.de.yml
View File

@@ -154,10 +154,6 @@ copy_plain_files:
src_path: mx.warenform/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_create_opendkim_key.conf

12
host_vars/o13-mail.oopen.de.yml
View File

@@ -154,10 +154,6 @@ copy_plain_files:
src_path: o13-mail/root/bin/monitoring/conf/check_cert_for_dovecot.conf
dest_path: /root/bin/monitoring/conf/check_cert_for_dovecot.conf
- name: monitoring_check_webservice_load.conf
src_path: o13-mail/root/bin/monitoring/conf/check_webservice_load.conf
dest_path: /root/bin/monitoring/conf/check_webservice_load.conf
# /root/bin/postfix
#
- name: postfix_check-postfix-fatal-errors.conf
@@ -167,14 +163,6 @@ copy_plain_files:
copy_plain_files_postfwd_host_specific:
- name: header_checks.pcre
src_path: o13-mail/etc/postfix/header_checks.pcre
dest_path: /etc/postfix/header_checks.pcre
- name: postfwd.wl-hosts
src_path: o13-mail/etc/postfix/postfwd.wl-hosts
dest_path: /etc/postfix/postfwd.wl-hosts
- name: postfwd.wl-hosts
src_path: o13-mail/etc/postfix/postfwd.wl-hosts
dest_path: /etc/postfix/postfwd.wl-hosts

8
host_vars/rage.so36.net.yml
View File

@@ -147,14 +147,6 @@ copy_plain_files:
copy_plain_files_postfwd_host_specific:
- name: header_checks.pcre
src_path: rage/etc/postfix/header_checks.pcre
dest_path: /etc/postfix/header_checks.pcre
- name: postfwd.wl-hosts
src_path: rage/etc/postfix/postfwd.wl-hosts
dest_path: /etc/postfix/postfwd.wl-hosts
- name: postfwd.wl-hosts
src_path: rage/etc/postfix/postfwd.wl-hosts
dest_path: /etc/postfix/postfwd.wl-hosts

3
hosts
View File

@@ -963,8 +963,7 @@ e.mx.oopen.de
d.mx.oopen.de
a.mx.oopen.de
# o36 - b.mx, web-01, web-03,--
web-01.oopen.de
# o36 - b.mx
b.mx.oopen.de
# o40 - g.mx

2917
main.yml
View File

File diff suppressed because it is too large Load Diff

262
roles/common/files/a.mx/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,262 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check
# -
check_load=true
check_mysql=false
check_mariadb=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true
check_nginx=false
check_php_fpm=true
check_redis=false
check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

154
roles/common/files/b.mx/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,154 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=false
check_apache=true
check_php_fpm=false
check_website=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions=""
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

263
roles/common/files/c.mx/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,263 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check
# -
check_load=true
check_mysql=false
check_mariadb=true
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=false
check_apache=true
check_nginx=false
check_php_fpm=true
check_redis=false
check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

262
roles/common/files/d.mx/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,262 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check
# -
check_load=true
check_mysql=false
check_mariadb=true
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true
check_nginx=false
check_php_fpm=false
check_redis=false
check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions=""
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

147
roles/common/files/e.mx/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,147 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
#LOGGING=true
LOGGING=false
# - What to check
# -
check_load=true
check_mysql=false
check_apache=true
check_php_fpm=true
check_website=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="8.1"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

270
roles/common/files/g.mx/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,270 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check
# -
check_load=true
check_mysql=false
check_mariadb=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=false
check_apache=true
check_nginx=false
check_php_fpm=false
check_redis=false
check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Port of PostgreSQL Service
# -
# - defaults to '5432'
# - postgresql_port=5432
# -
#postgresql_port=5432
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions=""
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

262
roles/common/files/ga-st-mail/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,262 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check
# -
check_load=true
check_mysql=false
check_mariadb=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true
check_nginx=false
check_php_fpm=true
check_redis=false
check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

261
roles/common/files/lists.mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,261 +0,0 @@
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check
# -
check_load=true
check_mysql=false
check_mariadb=true
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=false
check_apache=true
check_nginx=false
check_php_fpm=false
check_redis=false
check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions=""
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

263
roles/common/files/mail.cadus/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,263 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check
# -
check_load=true
check_mysql=false
check_mariadb=true
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=false
check_apache=true
check_nginx=false
check_php_fpm=true
check_redis=false
check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

262
roles/common/files/mail.faire-mobilitaet/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,262 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check
# -
check_load=true
check_mysql=false
check_mariadb=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true
check_nginx=false
check_php_fpm=true
check_redis=false
check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

67
roles/common/files/mailserver/etc/postfix/header_checks.pcre
View File

@@ -1,43 +1,52 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# - Replace headers
# - Replace recieved from IPv4 / IPv6 header - hide senders IP address and also 'Authenticated sender'
# - Header Checks - /etc/postfix/header_checks
# ---
#
#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: hidden)$4
#
#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: hidden)$6
# Ziel: offensichtlich kaputte RFC-Header ablehnen (wenig False Positives)
# - Replace recieved from IPv4 / IPv6 header - hide only sender IP address
#
#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: $3
########################################
# A) Kaputter From:-Header
########################################
#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: $5
# 1) From: ist leer
/^From:\s*$/ REJECT Invalid From header (empty) - Spamschutzregel FROM-1001
# ---
# - Ignore Headers
# ---
#/^\s*User-Agent/ IGNORE
#/^\s*X-Enigmail/ IGNORE
#/^\s*X-Mailer/ IGNORE
#/^\s*X-Originating-IP/ IGNORE
# 2) Mehr als ein '@' im From:-Header -> syntaktisch kaputt
#/^From:.*@.*@/ REJECT Invalid From header (multiple @) - Spamschutzregel FROM-1002
# ---
# - Reject / Discard headers
# ---
# 3) Mehrere Mailboxen durch Komma getrennt (wie: Die@..., Lions@..., ...)
# (Legitime Fälle nutzen i.d.R. Display-Namen/Group-Syntax; dieses Muster ist in Spam sehr häufig)
/^From:\s*[^<>,]+@[^,]+,\s*[^<>,]+@/ REJECT Invalid From header (multiple mailboxes) - Spamschutzregel FROM-1003
/^To:.*<>/ REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001
# 4) Typische kaputte UTF-8-Fragmente
/^From:.*\xC3\xA2/ REJECT Invalid UTF-8 in From header - Spamschutzregel FROM-1004
/\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001
/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001
########################################
# B) Optional: sehr spezifische lokale Blacklist
########################################
/^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001
#/^Reply-To: .+\@inx1and1\..+/ REJECT Possible spam (local pattern)
/^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001
/^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002
/^Date: .* 201[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003
/^Date: .* 2020/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004
########################################
# C) Warn
########################################
# Date-Rejects sind oft zu aggressiv -> wenn nötig: lieber taggen oder loggen statt reject
/^Date: .* 19[0-9][0-9]/ WARN Date far in the past Header-Spamschutzregel DATE-1001
/^Date: .* 200[0-9]/ WARN Date far in the past Header-Spamschutzregel DATE-1002
/^Date: .* 201[0-9]/ WARN Date far in the past Header-Spamschutzregel DATE-1003
########################################
# Bemerkungen
########################################
# (envelope-from <>) nicht pauschal rejecten:
# echte DSNs/Bounces haben legitimerweise MAIL FROM: <>
#/\(envelope-from <>\)/ REJECT Null envelope-from

4
roles/common/files/rage/etc/postfix/header_checks.pcre → roles/common/files/mailserver/etc/postfix/header_checks.pcre.01
View File

@@ -11,9 +11,9 @@
# - Replace recieved from IPv4 / IPv6 header - hide only sender IP address
#
/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: $3
#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: $3
/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: $5
#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: $5
# ---
# - Ignore Headers

262
roles/common/files/mx.warenform/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,262 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - CONFLICTING_SCRIPTS
# -
# - The scripts listed here conflict with this script. If one of these scripts
# - is currently running, this script will be stopped.
# -
# - In addition to the script, a LOCK directory can also be specified which is
# - connected to it.
# -
# - If no fixed LOCK directory is connected to the script, set
# - this value to the constant 'CHECK_PROCESS_LIST'.
# -
# - If no value for the LOCK directory is given, the LOCK directory
# - '/tmp/<base-script_name>.LOCK' is assumed.
# -
# -
# - Example:
# - CONFLICTING_SCRIPTS="
# - /root/bin/monitoring/check_webservice_load.sh:CHECK_PROCESS_LIST
# - /root/bin/monitoring/check_remote_websites.sh
# - "
# -
# - Defaults to:
# - CONFLICTING_SCRIPTS="/root/bin/monitoring/check_local_webservice.sh:/tmp/check_local_webservice.LOCK"
# -
#CONFLICTING_SCRIPTS=""
# - What to check
# -
check_load=true
check_mysql=false
check_mariadb=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true
check_nginx=false
check_php_fpm=true
check_redis=false
check_website=false
# TIMEOUT_CHECK_WEBSITE
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_WEBSITE=10
#
#TIMEOUT_CHECK_WEBSITE=10
# TIMEOUT_CHECK_PHP
#
# Maximum time in seconds that you allow for the response from the webserver.
#
# Defaults to:
# TIMEOUT_CHECK_PHP=10
#
#TIMEOUT_CHECK_PHP=10
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to:
# - mysql_credential_args="--login-path=local"
# -
#mysql_credential_args="--login-path=local"
# - Additional Settings for check_mariadb
# -
# - MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mariadb_credential_args="-u root -S /run/mysqld/mysqld.sock"
# - mariadb_credential_args="--login-path=local"
# - mariadb_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mariadb_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
# - defaults to empty string
# - mariadb_credential_args=""
# -
#mariadb_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

43
roles/common/files/o13-mail/etc/postfix/header_checks.pcre
View File

@@ -1,43 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
# ---
# - Replace headers
# - Replace recieved from IPv4 / IPv6 header - hide senders IP address and also 'Authenticated sender'
#
/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: hidden)$4
#
/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: ([^)]+)\)(.*)/ REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: hidden)$6
# - Replace recieved from IPv4 / IPv6 header - hide only sender IP address
#
#/^Received: from (.* \([-._[:alnum:]]+ \[[.[:digit:]]{7,15}\]\))(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv4 (localhost [127.0.0.1])$2(Authenticated sender: $3
#/^Received: from (.*IP[vV]6:(([0-9a-f]{0,4}:){1,7}[0-9a-f]{1,4})\]\){0,1})(.*)\(Authenticated sender: (.*) / REPLACE Received: from anonymized.ipv6 (localhost [::1])$4(Authenticated sender: $5
# ---
# - Ignore Headers
# ---
#/^\s*User-Agent/ IGNORE
#/^\s*X-Enigmail/ IGNORE
#/^\s*X-Mailer/ IGNORE
#/^\s*X-Originating-IP/ IGNORE
# ---
# - Reject / Discard headers
# ---
/^To:.*<>/ REJECT Possible SPAM Blank email address To: header - Header-Spamschutzregel T0-1001
/\(envelope-from <>\)/ REJECT Possible SPAM - Header-Spamschutzregel RECIEV-1001
/^Reply-To: .+\@inx1and1\..+/ REJECT Possible SPAM - Header-Spamschutzregel REPLY-1001
/^From:.*<>/ REJECT Possible SPAM - Header-Spamschutzregel FROM-1001
/^Date: .* 19[0-9][0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1001
/^Date: .* 200[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1002
/^Date: .* 201[0-9]/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1003
/^Date: .* 2020/ REJECT Date from the past. Fix your system clock. - Header-Spamschutzregel DATE-1004

178
roles/common/files/o13-mail/root/bin/monitoring/conf/check_webservice_load.conf
View File

@@ -1,178 +0,0 @@
# *** [ Ansible managed: DO NOT EDIT DIRECTLY ] ***
#---------------------------------------
#-----------------------------
# Settings
#-----------------------------
#---------------------------------------
# ---
# - LOGGING
# -
# - This Parameter is now obsolete. If script is running in a terminal, then output ist verbose,
# - the output will be verbos. If running as cronjob, output will only be written, if warnings or
# - errors occurs.
# ---
# - What to check
# -
check_load=true
check_mysql=false
# - PostgreSQL
# -
# - NOT useful, if more than one PostgreSQL instances are running!
# -
check_postgresql=true
check_apache=true
check_nginx=false
check_php_fpm=true
check_redis=false
check_website=false
# - If service is not listen on 127.0.0.1/loclhost, curl check must
# - be ommited
# -
# - Defaults to: ommit_curl_check_nginx=false
# -
#ommit_curl_check_nginx=false
# - Is this a vserver guest machine?
# -
# - Not VSerber guest host does not support systemd!
# -
# - defaults to: vserver_guest=false
# -
#vserver_guest=false
# - Additional Settings for check_mysql
# -
# - MySQL / MariaDB credentials
# -
# - Giving password on command line is insecure an sind mysql 5.5
# - you will get a warning doing so.
# -
# - Reading username/password fro file ist also possible, using MySQL/MariaDB
# - commandline parameter '--defaults-file'.
# -
# - Since Mysql Version 5.6, you can read username/password from
# - encrypted file.
# -
# - Create (encrypted) option file:
# - $ mysql_config_editor set --login-path=local --socket=/tmp/mysql.sock --user=root --password
# - $ Password:
# -
# - Use of option file:
# - $ mysql --login-path=local ...
# -
# - Example
# - mysql_credential_args="--login-path=local"
# - mysql_credential_args="--defaults-file=/etc/mysql/debian.cnf" (Debian default)
# - mysql_credential_args="--defaults-file=/usr/local/mysql/sys-maint.cnf"
# -
mysql_credential_args=""
# - Additional Settings for check_php_fpm
# -
# - On Linux Vserver System set
# - curl_check_host=localhost
# -
# - On LX-Container set
# - curl_check_host=127.0.0.1
# -
curl_check_host=127.0.0.1
# - Which PHP versions should be supported by this script. If more than one,
# - give a blank separated list
# -
# - Example:
# - php_versions="5.4 5.6 7.0 7.1"
# -
php_versions="8.2"
# - If PHP-FPM's ping.path setting does not match ping-$php_major_version,
# - set the value given in your ping.path setting here. Give ping_path also
# - the concerning php_version in form
# - <php-version>:<ping-path>
# -
# - Multiple settings are possible, give a blank separated list.
# -
# - Example:
# -
# - ping_path="5.4:ping-site36_net 5.6:ping-oopen_de"
# -
ping_path=""
# - Additional Settings for check_website - checking (expected) website response
# -
# - example:
# - is_working_url="https://www.outoflineshop.de/"
# - check_string='ool-account-links'
# - include_cleanup_function=true
# - extra_alert_address="ilker@so36.net"
# - cleanup_function='
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/cache/*
# - rm -rf /var/www/www.outoflineshop.de/htdocs/var/session/*
# - /usr/local/bin/redis-cli flushall > /dev/null 2>&1
# - if [[ "$?" = "0" ]]; then
# - ok "I have cleaned up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\""
# - else
# - error "Cleaning up directory \"/var/www/www.outoflineshop.de/htdocs/var/cache/\" failed!"
# - fi
# - /etc/init.d/redis_6379 restart
# - if [[ "$?" = "0" ]]; then
# - ok "I restarted the redis service"
# - echo -e "\t[ Ok ]: I restarted the redis service" >> $LOCK_DIR/extra_msg.txt
# - else
# - error "Restarting the redis server failed!"
# - echo -e "\t[ Error ]: Restarting the redis server failed!" >> $LOCK_DIR/extra_msg.txt
# - fi
# - '
# -
is_working_url=''
check_string=''
include_cleanup_function=true
# - An extra e-mail address, which will be informed, if the given check URL
# - does not response as expected (check_string) AFTER script checking, restarting
# - servervices (webserver, php-fpm) and cleaning up (cleanup_function) was done.
# -
extra_alert_address=''
# - php_version_of_working_url
# -
# - If given website (is_working_url) does not response as expected, this PHP FPM
# - engines will be restarted.
# -
# - Type "None" if site does not support php
# -
# - If php_version_of_working_url is not set, PHP FPM processes of ALL versions (php_versions)
# - will be restarted
# -
php_version_of_working_url=''
# - Notice:
# - If single qoutes "'" not needed inside cleanup function, then use single quotes
# - to enclose variable "cleanup_function". Then you don't have do masquerade any
# - sign inside.
# -
# - Otherwise use double quotes and masq any sign to prevent bash from interpreting.
# -
cleanup_function='
'
# - E-Mail settings for sending script messages
# -
from_address="root@`hostname -f`"
content_type='Content-Type: text/plain;\n charset="utf-8"'
to_addresses="root"

5
roles/common/files/rage/etc/postfix/postfwd.wl-nets
View File

@@ -16,3 +16,8 @@
# d.mx.oopen.de (listen server)
95.217.204.227
2a01:4f9:4a:47e5::227
# b.mx.oopen.de
162.55.82.73/32
2a01:4f8:271:1266::73
~

2
roles/common/handlers/main.yml
View File

@@ -64,7 +64,7 @@
- name: Restart redis-server
vars:
_daemon: "{{ 'redis' if ansible_distribution == 'CentOS' else 'redis-server' }}"
_daemon: "{{ 'redis' if ansible_facts['distribution'] == 'CentOS' else 'redis-server' }}"
service:
name: "{{ _daemon }}"
state: restarted

2
roles/common/tasks/apt.yml
View File

@@ -2,7 +2,7 @@
- name: (apt.yml) update configuration file - /etc/apt/sources.list
template:
src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
src: "etc/apt/sources.list.{{ ansible_facts['distribution'] }}.j2"
dest: /etc/apt/sources.list
owner: root
group: root

4
roles/common/tasks/redis-server.yml
View File

@@ -3,7 +3,7 @@
- name: (redis-server.yml) Set var '_redis_conf'
set_fact:
_redis_conf: "{{ '/etc/redis.conf' if ansible_distribution == 'CentOS' else '/etc/redis/redis.conf' }}"
_redis_conf: "{{ '/etc/redis.conf' if ansible_facts['distribution'] == 'CentOS' else '/etc/redis/redis.conf' }}"
- name: (redis-server.yml) update
apt:
@@ -54,7 +54,7 @@
state: latest
update_cache: yes
when:
- ansible_os_family == "RedHat"
- ansible_facts["os_family"] == "RedHat"
- ansible_distribution == "CentOS" or ansible_distribution == "Fedora"
tags:
- redis-server

56
roles/common/templates/etc/apt/sources.list.Debian.j2
View File

@@ -1,57 +1,57 @@
# {{ ansible_managed }}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
deb {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }} main
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }} main
{% if ansible_facts['distribution_major_version'] | int >= 12 %}
deb http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security {{ ansible_facts["lsb"]["codename"] }}-security main contrib non-free non-free-firmware
{% elif ansible_facts['distribution_major_version'] | int == 11 %}
deb http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
deb http://security.debian.org/debian-security {{ ansible_facts["lsb"]["codename"] }}-security main contrib non-free
{% else %}
deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
deb http://security.debian.org/ {{ ansible_facts["lsb"]["codename"] }}/updates main contrib non-free
{% endif %}
{% if not apt_src_enable %}
{% if ansible_facts['distribution_major_version'] | int >= 12 %}
#deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free non-free-firmware
#deb-src http://security.debian.org/debian-security {{ ansible_facts["lsb"]["codename"] }}-security main contrib non-free non-free-firmware
{% elif ansible_facts['distribution_major_version'] | int == 11 %}
#deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
#deb-src http://security.debian.org/debian-security {{ ansible_facts["lsb"]["codename"] }}-security main contrib non-free
{% else %}
#deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
#deb-src http://security.debian.org/ {{ ansible_facts["lsb"]["codename"] }}/updates main contrib non-free
{% endif %}
{% else %}
{% if ansible_facts['distribution_major_version'] | int >= 12 %}
deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free non-free-firmware
deb-src http://security.debian.org/debian-security {{ ansible_facts["lsb"]["codename"] }}-security main contrib non-free non-free-firmware
{% elif ansible_facts['distribution_major_version'] | int == 11 %}
deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
deb-src http://security.debian.org/debian-security {{ ansible_facts["lsb"]["codename"] }}-security main contrib non-free
{% else %}
deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
deb-src http://security.debian.org/ {{ ansible_facts["lsb"]["codename"] }}/updates main contrib non-free
{% endif %}
{% endif %}
# {{ ansible_lsb.codename }}-updates, previously known as 'volatile'
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
# {{ ansible_facts["lsb"]["codename"] }}-updates, previously known as 'volatile'
deb {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }}-updates main
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }}-updates main
# Contrib packages contain DFSG-compliant software,
# but have dependencies not in main (possibly packaged for Debian in non-free).
# Non-free contains software that does not comply with the DFSG.
{% if apt_debian_contrib_nonfree_enable %}
{% if ansible_facts['distribution_major_version'] | int >= 12 %}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free non-free-firmware
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free non-free-firmware
deb {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }} contrib non-free non-free-firmware
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }} contrib non-free non-free-firmware
{% else %}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
deb {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }} contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }} contrib non-free
{% endif %}
{% endif %}
{% if apt_debian_contrib_nonfree_enable %}
{% if ansible_facts['distribution_major_version'] | int >= 12 %}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free non-free-firmware
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free non-free-firmware
deb {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }}-updates contrib non-free non-free-firmware
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }}-updates contrib non-free non-free-firmware
{% else %}
deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free
deb {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }}-updates contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts["lsb"]["codename"] }}-updates contrib non-free
{% endif %}
{% endif %}
@@ -60,14 +60,14 @@ deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free
# # newer versions of some applications which may provide useful features.
{% if apt_backports_enable %}
{% if ansible_facts['distribution_major_version'] | int >= 12 %}
deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free non-free-firmware
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free non-free-firmware
deb {{ apt_debian_mirror }} {{ ansible_facts["distribution_release"] }}-backports main contrib non-free non-free-firmware
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts["distribution_release"] }}-backports main contrib non-free non-free-firmware
{% elif ansible_facts['distribution_major_version'] | int == 11 %}
deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
deb {{ apt_debian_mirror }} {{ ansible_facts["distribution_release"] }}-backports main contrib non-free
{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts["distribution_release"] }}-backports main contrib non-free
{% else %}
#deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
#deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
#deb {{ apt_debian_mirror }} {{ ansible_facts["distribution_release"] }}-backports main contrib non-free
#deb-src {{ apt_debian_mirror }} {{ ansible_facts["distribution_release"] }}-backports main contrib non-free
{% endif %}
{% endif %}

8
roles/common/templates/etc/apt/sources.list.Ubuntu.j2
View File

@@ -1,11 +1,11 @@
# {{ ansible_managed }}
deb {{ apt_ubuntu_mirror }} {{ ansible_lsb.codename }} main restricted universe multiverse
deb {{ apt_ubuntu_mirror }} {{ ansible_lsb.codename }}-updates main restricted universe multiverse
deb {{ apt_ubuntu_mirror }} {{ ansible_facts["lsb"]["codename"] }} main restricted universe multiverse
deb {{ apt_ubuntu_mirror }} {{ ansible_facts["lsb"]["codename"] }}-updates main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu {{ ansible_lsb.codename }}-security main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu {{ ansible_facts["lsb"]["codename"] }}-security main restricted universe multiverse
{% if apt_backports_enable %}
deb {{ apt_ubuntu_mirror }} {{ ansible_lsb.codename }}-backports main restricted universe multiverse
deb {{ apt_ubuntu_mirror }} {{ ansible_facts["lsb"]["codename"] }}-backports main restricted universe multiverse
{% endif %}

1
templates/apt-migrate-to-trixie/debian.sources.j2
View File

@@ -4,7 +4,6 @@ URIs: {{ debian_mirror }}
Suites: {{ target_release }} {{ target_release }}-updates
Components: {{ components }}
Signed-By: default
EOF
# Verwaltet via Ansible - Debian Basis & Updates für {{ target_release }}
Types: deb deb-src
URIs: {{ debian_mirror }}