YunoHost-Apps/monitorix_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/monitorix_ynh.git synced 2024-09-03 19:46:06 +02:00
Code Issues Activity Actions

Full package improvement

Browse source 
- Update config from upstream
- Use Jinja for config file
- Dynamically generate config file depending of the auto detected system configuration
- Remove dependancy of mysql as it's not needed
- Automatically monitor mysql, postgresql, memcached, redis, php pool v>=8.0, fail2ban, mail, partition and network
- Add some config parameter in config panel to make easy to change values
- Configure alert system (can be enabled by config panel)
- Fix small issue linked to previous packaging v2
This commit is contained in:
Josué Tille 2024-04-04 00:28:32 +02:00
parent 9b82e772d5
commit f92db1b78c
No known key found for this signature in database
GPG key ID: 5F259226AD51F2F5
24 changed files with 1683 additions and 423 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
# From kateproject
.kateproject
.kateproject.d
.directory
*swp

40
conf/monitorix-alert.sh Normal file
View file

@ -0,0 +1,40 @@
#!/bin/sh
#
# Example script used to execute an alert action.
#
# This script assumes that you symlink your alert scripts like this:
# disk.pendsect-alert.sh -> monitorix-alert.sh
# disk.realloc-alert.sh -> monitorix-alert.sh
# mail.mqueued-alert.sh -> monitorix-alert.sh
# system.loadavg-alert.sh -> monitorix-alert.sh
# ...
# So you only use one script (saving disk space) and its prefix will
# appear in the subject and contents of the email, so you will easily
# identify the source of the alert.
#
MAILTO="__ALERTS_EMAIL__"
if [ $# != 3 ] && [ $# != 4 ] ; then
echo "$0: Wrong number of arguments."
exit 1
fi
ALERT_TIMEINTVL=$1
ALERT_THRESHOLD=$2
current_value=$3
ALERT_WHEN=$4
ALERT=`basename $0 | cut -f1 -d-`
(
cat << EOF
Message from hostname '$HOSTNAME' for '$ALERT' alert.
This system is reaching/exceeding ($ALERT_WHEN) the defined threshold value ($ALERT_THRESHOLD) during the last '$ALERT_TIMEINTVL' seconds.
The current value is: $current_value
Please take proper actions to correct this situation.
EOF
) | mail -s "WARNING: Monitorix alert ($ALERT) from '$HOSTNAME'!" $MAILTO

605
conf/monitorix.conf
View file

@ -5,35 +5,41 @@
title = Yunohost Stats
hostname = Yunohost Server
theme_color = black
theme_color = {{ theme_color }}
refresh_rate = 150
iface_mode = graph
enable_zoom = y
priority = {{ process_priority }}
netstats_in_bps = y
netstats_mode = overlapped
disable_javascript_void = y
temperature_scale = c
show_gaps = n
global_zoom = 1
max_historic_years = 5
max_historic_years = {{ max_historic_years }}
accept_selfsigned_certs = y
image_format = svg
image_format = {{ image_format }}
enable_parallelizing = y
enable_rrd_lock = n
include_dir = /etc/monitorix/conf.d
enable_hourly_view = {{ enable_hourly_view }}
base_dir = /var/lib/monitorix/www/
base_lib = /var/lib/monitorix/
base_url = __PATH__
base_cgi = __PATH__/cgi
base_dir = {{ data_dir }}/www/
base_lib = {{ data_dir }}/
base_url = {{ path }}
base_cgi = {{ path.rstrip('/') }}/cgi
<httpd_builtin>
enabled = y
host = localhost
port = __PORT__
user = www-data
group = nogroup
log_file = /var/log/monitorix-httpd.log
port = {{ port }}
user = {{ app }}
group = {{ app }}
log_file = /var/log/{{ app }}/httpd.log
hosts_deny =
hosts_allow =
https_url = y
autocheck_responsiveness = n
<auth>
enabled = n
msg = Monitorix: Restricted access
@ -44,11 +50,11 @@ base_cgi = __PATH__/cgi
# Log files pathnames
# -----------------------------------------------------------------------------
log_file = /var/log/monitorix.log
log_file = /var/log/{{ app }}/monitorix.log
secure_log = /var/log/secure
mail_log = /var/log/maillog
mail_log = /var/log/mail.log
milter_gl = /var/milter-greylist/greylist.db
imap_log = /var/log/imap
imap_log = /var/log/mail.log
hylafax_log = /var/spool/hylafax/etc/xferfaxlog
cups_log = /var/log/cups/page_log
ftp_log = /var/log/proftpd/access.log
@ -76,18 +82,24 @@ secure_log_date_format = %b %e
system = y
kern = y
proc = y
amdenergy = n
intelrapl = n
hptemp = n
lmsens = n
gensens = n
ipmi = n
ambsens = n
amdgpu = n
nvidiagpu = n
nvidia = n
disk = n
nvme = n
fs = y
zfs = n
du = n
du = y
net = y
netstat = y
tinyproxy = n
tc = n
libvirt = n
process = y
@ -99,7 +111,8 @@ secure_log_date_format = %b %e
apache = n
nginx = y
lighttpd = n
mysql = y
mysql = {% if mysql_installed == 'true' %}y{% else %}n{% endif %}
pgsql = {% if postgresql_installed == 'true' %}y{% else %}n{% endif %}
mongodb = n
varnish = n
pagespeed = n
@ -114,8 +127,9 @@ secure_log_date_format = %b %e
icecast = n
raspberrypi = n
phpapc = n
memcached = n
phpfpm = n
memcached = {% if memcached_installed == 'true' %}y{% else %}n{% endif %}
redis = {% if redis_installed == 'true' %}y{% else %}n{% endif %}
phpfpm = {% if phpfpm_installed == 'true' %}y{% else %}n{% endif %}
apcupsd = n
nut = n
wowza = n
@ -127,14 +141,14 @@ secure_log_date_format = %b %e
# SYSTEM graph
# -----------------------------------------------------------------------------
<system>
rigid = 1, 0
limit = 1, 100
<alerts>
loadavg_enabled = n
loadavg_timeintvl = 3600
loadavg_threshold = 5.0
loadavg_script = /path/to/script.sh
loadavg_enabled = {{ system_alerts_loadavg_enabled }}
loadavg_timeintvl = {{ system_alerts_loadavg_timeintvl }}
loadavg_threshold = {{ system_alerts_loadavg_threshold }}
loadavg_script = {{ install_dir }}/system.loadavg-alert.sh
</alerts>
rigid = 1, 0, 0, 0, 0
limit = 1, 1000, 1000, 1000, 1000
</system>
@ -168,6 +182,74 @@ secure_log_date_format = %b %e
limit = 100
</proc>
# AMD power consumption graph
# -----------------------------------------------------------------------------
<amdenergy>
<list>
0 = amd_energy-isa-0000
</list>
<map>
amd_energy-isa-0000 = AMD CPU
</map>
<number_of_cores>
amd_energy-isa-0000 = 32
</number_of_cores>
<desc>
</desc>
rigid = 0
limit = 100
use_nan_for_missing_data = n
gap_on_all_nan = n
</amdenergy>
# INTELRAPL graph
# -----------------------------------------------------------------------------
<intelrapl>
<list>
0 = core, uncore, package, dram
1 = dram
</list>
<list_item_names>
0 = CPU 1
1 = DRAM modules
</list_item_names>
<sensors>
core = /sys/class/powercap/intel-rapl:0:0/energy_uj
uncore = /sys/class/powercap/intel-rapl:0:1/energy_uj
package = /sys/class/powercap/intel-rapl:0/energy_uj
dram = /sys/class/powercap/intel-rapl:0:2/energy_uj
</sensors>
<sensor_names>
package = Package
core = Cores
uncore = IGP
dram = DRAM
</sensor_names>
<package_sensors>
0 = package
</package_sensors>
<package_content>
0 = core, uncore
</package_content>
<noncore_names>
0 = Non-Core
</noncore_names>
<desc>
0 = CPU power distribution
1 = Memory power distribution
</desc>
<sum>
</sum>
<sum_names>
</sum_names>
rigid = 0
limit = 100
use_nan_for_missing_data = n
gap_on_all_nan = n
show_noncore_info = n
max_number_of_values_per_group = 10
</intelrapl>
# HPTEMP graph
# -----------------------------------------------------------------------------
@ -175,6 +257,8 @@ secure_log_date_format = %b %e
graph_0 = 2, 3
graph_1 = 1, 6
graph_2 = 16, 18, 19, 20, 21, 22
<alerts>
</alerts>
</hptemp>
@ -198,10 +282,11 @@ secure_log_date_format = %b %e
volt6 = \-5V
volt7 = Battery
gpu0 =
#gpu0 = nvidia #enable that if you need nvidia gpu monitoring
</list>
<desc>
</desc>
<alerts>
</alerts>
</lmsens>
@ -211,28 +296,157 @@ secure_log_date_format = %b %e
<list>
0 = temp0
1 = cpu0
2 = bat0
</list>
<title>
0 = Temperatures
1 = CPU frequency
2 = Battery status
</title>
<desc>
temp0 = /sys/devices/virtual/thermal/thermal_zone0/temp
cpu0 = /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq
bat0 = /sys/class/power_supply/BAT0/capacity
</desc>
<unit>
temp0 = 1000
cpu0 = 0.001
bat0 = 1
</unit>
<map>
temp0 = Temperature Zone 0
cpu0 = CPU0 frequency
bat0 = Battery 0
</map>
rigid = 0, 0
limit = 100, 100
<alerts>
</alerts>
rigid = 0, 0, 2
limit = 100, 100, 100
</gensens>
# IPMI graph
# -----------------------------------------------------------------------------
<ipmi>
list = Temperatures, Fans, Voltages
<desc>
0 = CPU Temp, System Temp
1 = FAN 1
2 = Vcore, 3.3VCC, 12V, VDIMM, 5VCC, CPU VTT, VBAT, VSB, AVCC
</desc>
<units>
0 = degrees C
1 = RPM
2 = Volts
</units>
<map>
</map>
<alerts>
</alerts>
graphs_per_row = 2
rigid = 0
limit = 100
</ipmi>
# AMBSENS graph
# -----------------------------------------------------------------------------
<ambsens>
list = Ambient Temperature
<desc>
0 = at1
</desc>
<units>
0 = Celsius
</units>
<cmd>
at1 = /path/to/script.sh
</cmd>
<map>
at1 = Gold TEMPer PC USB
</map>
<alerts>
</alerts>
graphs_per_row = 2
rigid = 0
limit = 100
</ambsens>
# AMDgpu graph
# -----------------------------------------------------------------------------
<amdgpu>
<list>
0 = amd-w6800, amd-wx5100
</list>
rigid = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
limit = 100, 100, 100, 100, 100, 100, 100, 100, 100, 100
use_nan_for_missing_data = y
gap_on_all_nan = y
accept_invalid_amdgpu = n
show_current_values = y
<map>
amd-w6800 = W 6800
amd-wx5100 = WX 5100
</map>
<sensors>
amd-w6800 = /dev/device1/gpu_busy_percent, /dev/device1/mem_busy_percent, /dev/device1/freq1_input, /dev/device1/freq2_input, /dev/device1/mem_info_vram_used, /dev/device1/power1_average, /dev/device1/power1_cap, /dev/device1/pwm1, /dev/device1/temp1_input, /dev/device1/temp2_input, /dev/device1/temp3_input
amd-wx5100 = /dev/device2/gpu_busy_percent, /dev/device2/mem_busy_percent, /dev/device2/freq1_input, /dev/device2/freq2_input, /dev/device2/mem_info_vram_used, /dev/device2/power1_average, /dev/device2/power1_cap, /dev/device2/pwm1, /dev/device2/temp1_input, ,
</sensors>
respect_power_state = n
<power_states>
amd-w6800 = /dev/device1/power_state
amd-wx5100 = /dev/device2/power_state
</power_states>
<alerts>
coretemp_enabled = n
coretemp_timeintvl = 0
coretemp_threshold = 1
coretemp_script = /path/to/script.sh
memorytemp_enabled = n
memorytemp_timeintvl = 0
memorytemp_threshold = 1
memorytemp_script = /path/to/script.sh
</alerts>
</amdgpu>
# NVIDIAgpu graph
# -----------------------------------------------------------------------------
<nvidiagpu>
<list>
0 = 0, 1
</list>
rigid = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
limit = 100, 100, 100, 100, 100, 100, 100, 100, 100, 100
use_nan_for_missing_data = y
gap_on_all_nan = y
show_current_values = y
<map>
0 = RTX 3090
1 = RTX 3080
</map>
<alerts>
coretemp_enabled = n
coretemp_timeintvl = 0
coretemp_threshold = 1
coretemp_script = /path/to/script.sh
memorytemp_enabled = n
memorytemp_timeintvl = 0
memorytemp_threshold = 1
memorytemp_script = /path/to/script.sh
</alerts>
</nvidiagpu>
# NVIDIA graph
# -----------------------------------------------------------------------------
<nvidia>
max = 1
<alerts>
</alerts>
rigid = 1, 2, 2
limit = 50, 100, 100
</nvidia>
@ -244,6 +458,8 @@ secure_log_date_format = %b %e
<list>
0 = /dev/sda, /dev/sdb, /dev/sdc
</list>
<desc>
</desc>
<alerts>
realloc_enabled = n
realloc_timeintvl = 0
@ -256,20 +472,50 @@ secure_log_date_format = %b %e
</alerts>
</disk>
# NVMe graph
# -----------------------------------------------------------------------------
<nvme>
<list>
0 = /dev/nvme0
</list>
rigid = 0, 0, 0, 0, 0, 0, 0, 0, 0
limit = 10, 100, 100, 100, 100, 100, 100, 100, 100
show_extended_plots = y
<alerts>
availspare_enabled = n
availspare_timeintvl = 0
availspare_threshold = 10
availspare_script = /path/to/script.sh
percentused_enabled = n
percentused_timeintvl = 0
percentused_threshold = 90
percentused_script = /path/to/script.sh
</alerts>
</nvme>
# FS graph
# -----------------------------------------------------------------------------
<fs>
<list>
0 = /, swap
0 = /, swap {% for part in mount_parts.splitlines() %}, {{ part }}{% endfor %}
</list>
<desc>
/ = Root FS
{%- for part in mount_parts.splitlines() %}
{{ part }} = {{ part | trim('/') }}
{%- endfor %}
</desc>
<devmap>
</devmap>
rigid = 2, 0, 2, 0
limit = 100, 1000, 100, 1000
<alerts>
{%- if disk_alerts_loadavg_enabled == 'true' %}
{%- for part in mount_parts.splitlines() %}
{{ part }} = {{ disk_alerts_loadavg_timeintvl }}, {{ disk_alerts_loadavg_threshold }}, {{ install_dir }}/fs.loadavg-alert.sh
{%- endfor %}
{%- endif %}
</alerts>
</fs>
@ -279,8 +525,8 @@ secure_log_date_format = %b %e
<zfs>
max_pools = 5
list = pool1, pool2
rigid = 0, 0, 0, 0, 2, 0, 2
limit = 1000, 1000, 1000, 1000, 100, 1000, 100
rigid = 0, 0, 0, 0, 2, 0, 0, 0, 2, 0, 0
limit = 1000, 1000, 1000, 1000, 100, 1000, 1000, 1000, 100, 1000, 1000
</zfs>
@ -289,12 +535,24 @@ secure_log_date_format = %b %e
<du>
list = System, Users
<desc>
0 = /var/spool/mail, /var/spool/mqueue, /etc, /var/ftp, /tmp
1 = /home/ace, /home/gene, /home/paul, /home/peter
0 = /var/spool/mail, /var/lib, /var/log, /etc, /tmp
1 = /var/www, /opt/yunohost
2 = /home/yunohost.backup{% for dir in app_data_dirs.split(' ') %}, {{ dir }}{% endfor %}
3 = {% for dir in home_user_dirs.split(' ') %}{% if loop.index > 1 %}, {% endif %}{{ dir }}{% endfor %}
</desc>
<type>
0 = size
1 = files
</type>
<dirmap>
/var/spool/mail = Mail boxes
/var/spool/mqueue = Mail queue
/etc = Configs files
/var/lib = System data
/var/log = Logs
/tmp = Temps files
/var/www = Yunhost web Apps
/opt/yunohost = Yunohost Others Apps
/home/yunohost.backup = Yunohost backups
</dirmap>
graphs_per_row = 2
rigid = 0
@ -306,22 +564,38 @@ secure_log_date_format = %b %e
# -----------------------------------------------------------------------------
<net>
max = 10
list = eth0
list = {% for interface in net_interface_list.splitlines() %}{% if loop.index > 1 %}, {% endif %}{{ interface.split(',')[0] }}{% endfor %}
<desc>
eth0 = FastEthernet LAN, 0, 10000000
{%- for interface in net_interface_list.splitlines() %}
{{ interface.split(',')[0] }} = Interface {{ interface.split(',')[0] }}, 0, {{ interface.split(',')[1] }}
{%- endfor %}
</desc>
gateway = eth0
gateway = {{ net_gateway }}
</net>
# NETSTAT graph
# -----------------------------------------------------------------------------
<netstat>
cmd = ss
rigid = 0, 0, 0, 0, 0
limit = 100, 100, 100, 100, 100
</netstat>
# TINYPROXY graph
# -----------------------------------------------------------------------------
<tinyproxy>
list = http://your.proxy.com/
<desc>
http://your.proxy.com/ = http://tinyproxy.stats
</desc>
show_url = y
rigid = 0, 0, 0
limit = 1000, 1000, 1000
</tinyproxy>
# TC graph
# -----------------------------------------------------------------------------
<tc>
@ -356,14 +630,38 @@ secure_log_date_format = %b %e
# -----------------------------------------------------------------------------
<process>
<list>
0 = sshd, ntpd, monitorix, monitorix-httpd, mysqld, slapd, dnsmasq
1 = master, imap, sendmail, postfix, rmilter, dovecot, rspamd
2 = nginx, uwsgi, php5-fpm
0 = slapd, nslcd, cron, atd, rsyslogd, dnsmasq, fail2ban-server
1 = yunomdns, yunohost-api, monitorix, monitorix-httpd
2 = master, rspamd, dovecot, rspamd, imap, sshd, nginx
{%- set db_procs = [] %}
{%- if mysql_installed == 'true' %}
{%- set discard = db_procs.append('mariadb') %}
{%- endif %}
{%- if postgresql_installed == 'true' %}
{%- set discard = db_procs.append('postgres') %}
{%- endif %}
{%- if memcached_installed == 'true' %}
{%- set discard = db_procs.append('memcached') %}
{%- endif %}
{%- if redis_installed == 'true' %}
{%- set discard = db_procs.append('redis-server') %}
{%- endif %}
{%- if db_procs %}
3 = {% for proc in db_procs %}{% if loop.index > 1 %}, {% endif %}{{ proc }}{% endfor %}
{%- endif %}
{%- if phpfpm_installed == 'true' %}
4 = php-fpm
{%- endif %}
</list>
<desc>
httpd = Apache
imap = Dovecot
named = Bind
slapd = LDAP server
nslcd = nslcd
rsyslogd = Syslog
yunomdns = Yunohost DNS
yunohost-api = Yunohost API
master = Postfix
imap = Dovecot IMAP
sshd = SSH server
</desc>
rigid = 2, 0, 0, 0, 0, 0, 0, 0
limit = 100, 1000, 1000, 1000, 1000, 1000, 1000, 1000
@ -373,7 +671,19 @@ secure_log_date_format = %b %e
# SERV graph
# -----------------------------------------------------------------------------
<serv>
<list>
Default = SSH, Fail2ban, IMAP, SMTP, Spam
</list>
<desc>
SSH = C, file:/var/log/auth.log, "^%b %e", "sshd\[.*\]: Accepted "
Fail2ban = C, file:/var/log/fail2ban.log, "^%Y-%m-%d", " fail2ban.actions .* Ban "
IMAP = C, file:/var/log/mail.log, "%b %d", " imap-login: .* Login: "
SMTP = C, file:/var/log/mail.log, "^%b %e", i:"to=.*stat(us)?=sent"
Spam = C, file:/var/log/rspamd/rspamd.log, "^%b %e", "greylisted until"
Spam = C, file:/var/log/rspamd/rspamd.log, "^%b %e", "learned message as spam"
</desc>
mode = i
graphs_per_row = 2
rigid = 0, 0, 0
limit = 1000, 1000, 1000
</serv>
@ -383,28 +693,36 @@ secure_log_date_format = %b %e
# -----------------------------------------------------------------------------
<mail>
mta = postfix
greylist = milter-greylist
greylist = postgrey
stats_rate = real
rigid = 0, 0, 0, 0, 0
limit = 1, 1000, 1000, 1000, 1000
<alerts>
delvd_enabled = {{ mail_delvd_enabled }}
delvd_timeintvl = {{ mail_delvd_timeintvl }}
delvd_threshold = {{ mail_delvd_threshold }}
delvd_script = {{ install_dir }}/mail.delvd-alert.sh
mqueued_enabled = {{ mail_mqueued_enabled }}
mqueued_timeintvl = {{ mail_mqueued_timeintvl }}
mqueued_threshold = {{ mail_mqueued_threshold }}
mqueued_script = {{ install_dir }}/mail.mqueued-alert.sh
</alerts>
</mail>
# PORT graph
# -----------------------------------------------------------------------------
<port>
max = 9
max = 6
rule = 24000
list = 25, 21, 80, 22, 110, 139, 3306, 53, 143
list = 22, 25, 80, 443, 587, 993
<desc>
25 = SMTP, tcp, in, 0, 1000
21 = FTP, tcp, in, 0, 1000
80 = HTTP, tcp, in, 0, 1000
22 = SSH, tcp, in, 0, 1000
110 = POP3, tcp, in, 0, 1000
139 = NETBIOS, tcp, in, 0, 1000
3306 = MYSQL, tcp, in, 0, 1000
53 = DNS, udp, in, 0, 1000
143 = IMAP, tcp, in, 0, 1000
25 = SMTP, tcp, in/out, 0, 1000
80 = HTTP, tcp, in, 0, 1000
443 = HTTPS, tcp, in, 0, 1000
587 = SMTP-TLS, tcp, in, 0, 1000
993 = IMAPS, tcp, in, 0, 1000
</desc>
graphs_per_row = 3
</port>
@ -442,8 +760,8 @@ secure_log_date_format = %b %e
# NGINX graph
# -----------------------------------------------------------------------------
<nginx>
url = http://localhost:__PORT_NGINX_STATUS__/nginx_status_monitorix
port = __PORT_NGINX_STATUS__
url = http://localhost:{{ port_nginx_status }}/nginx_status_monitorix
port = {{ port_nginx_status }}
rule = 24100
rigid = 0, 0, 0
limit = 100, 100, 100
@ -462,16 +780,34 @@ secure_log_date_format = %b %e
# MYSQL graph
# -----------------------------------------------------------------------------
<mysql>
conn_type = socket
list = /run/mysqld/mysqld.sock
conn_type = host
list = localhost
<desc>
/run/mysqld/mysqld.sock = 3306, __DB_USER__, __DB_PWD__
localhost = 3306, {{ db_user }}, {{ db_pwd }}
</desc>
rigid = 0, 2, 0, 0, 0, 0
limit = 100, 100, 100, 100, 100, 100
</mysql>
# PGSQL graph
# -----------------------------------------------------------------------------
<pgsql>
list = localhost
<desc>
<localhost>
host = localhost
port = 5432
username = {{ db_user }}
password = {{ db_pwd }}
db_list =
</localhost>
</desc>
rigid = 0, 0, 0, 0, 0, 0
limit = 100, 100, 100, 100, 100, 100
</pgsql>
# VARNISH graph
# -----------------------------------------------------------------------------
<varnish>
@ -550,6 +886,16 @@ secure_log_date_format = %b %e
</bind>
# UNBOUND graph
# -----------------------------------------------------------------------------
<unbound>
cmd = unbound-control
queries_type = A, AAAA, ANY, DS, MX, NS, PTR, SOA, SRV, TXT, NAPTR, A6, CNAME, SPF, KEY, DNSKEY, HINFO, WKS, PX, NSAP
rigid = 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
limit = 100, 100, 100, 100, 100, 100, 100, 100, 100, 100
</unbound>
# NTP graph
# -----------------------------------------------------------------------------
<ntp>
@ -578,10 +924,16 @@ secure_log_date_format = %b %e
<desc>
0 = [recidive], [pam-generic]
1 = [yunohost]
2 = [postfix], [postfix-sasl], [dovecot]
2 = [postfix], [dovecot]
3 = [nginx-http-auth]
4 = [sshd], [sshd-ddos]
5 = __F2B_ADDITIONAL_JAIL__
4 = [sshd]
5 = {% for jail in jail_list.split(' ')
| rejectattr(None, 'in', ['recidive', 'pam-generic',
'yunohost',
'postfix', 'dovecot',
'nginx-http-auth',
'sshd'])
%}{% if loop.index > 1 %}, {% endif %}[{{ jail.strip() }}]{% endfor %}
</desc>
graphs_per_row = 2
rigid = 0
@ -631,6 +983,38 @@ secure_log_date_format = %b %e
</memcached>
# REDIS graph
# -----------------------------------------------------------------------------
<redis>
list = localhost:6379
rigid = 0, 0, 0, 0, 0, 0
limit = 1000, 1000, 1000, 1000, 1000, 1000
</redis>
# PHP-FPM graph
# -----------------------------------------------------------------------------
<phpfpm>
<group>
0 = Apps detected pools
</group>
<list>
0 = {% for php_pool_info in php_pools_infos.splitlines() %}{% if loop.index > 1 %}, {% endif %}{{ php_pool_info.split(',')[1] }}{% endfor %}
</list>
<desc>
{%- for php_pool_info in php_pools_infos.splitlines() %}
{%- set phpversion = php_pool_info.split(',')[0] %}
{%- set pool_name = php_pool_info.split(',')[1] %}
{{ pool_name }} = http://localhost:{{ port_nginx_status }}/php-pool-status/php{{ phpversion }}-fpm-{{ pool_name }}
{%- endfor %}
</desc>
<map>
</map>
rigid = 0, 0, 2, 0, 0, 0
limit = 100, 100, 100, 100, 100, 100
</phpfpm>
# APCUPSD graph
# -----------------------------------------------------------------------------
<apcupsd>
@ -715,6 +1099,7 @@ secure_log_date_format = %b %e
enabled = n
footer_url = y
graphs_per_row = 2
default_option_when_all = "System load"
remotehost_list = server 1, server 2, server 3
<remotehost_desc>
0 = http://www.example.com,/monitorix,/monitorix-cgi
@ -732,31 +1117,32 @@ secure_log_date_format = %b %e
# Email Reports
# -----------------------------------------------------------------------------
<emailreports>
enabled = n
url_prefix = http://127.0.0.1:__PORT____PATH__
enabled = {{ emailreports_enabled }}
url_prefix = http://127.0.0.1:{{ port }}{{ path }}
smtp_hostname = localhost
from_address = noreply@__DOMAIN__
hour = 0
minute = 0
from_address = {{ app }}@{{ domain }}
subject_prefix = {{ emailreports_subject_prefix }}
hour = {{ emailreports_hour }}
minute = {{ emailreports_minute }}
<daily>
enabled = n
graphs = system, fs
to = ace@example.com
enabled = {{ emailreports_daily_enabled }}
graphs = {{ emailreports_daily_graphs }}
to = {{ emailreports_daily_to }}
</daily>
<weekly>
enabled = n
graphs = system, fs
to = gene@example.com
enabled = {{ emailreports_weekly_enabled }}
graphs = {{ emailreports_weekly_graphs }}
to = {{ emailreports_weekly_to }}
</weekly>
<monthly>
enabled = n
graphs = system, fs
to = paul@example.com
enabled = {{ emailreports_monthly_enabled }}
graphs = {{ emailreports_monthly_graphs }}
to = {{ emailreports_monthly_to }}
</monthly>
<yearly>
enabled = n
graphs = system, fs
to = peter@example.com
enabled = {{ emailreports_yearly_enabled }}
graphs = {{ emailreports_yearly_graphs }}
to = {{ emailreports_yearly_to }}
</yearly>
</emailreports>
@ -806,6 +1192,7 @@ logo_bottom = logo_bot.png
</theme>
<graph_size>
large = 750x180
main = 450x150
medium = 325x150
medium2 = 325x70
@ -816,24 +1203,30 @@ logo_bottom = logo_bot.png
remote = 300x100
</graph_size>
graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia, disk, fs, zfs, du, net, netstat, tc, libvirt, process, serv, mail, port, user, ftp, apache, nginx, lighttpd, mysql, mongodb, varnish, pagespeed, squid, nfss, nfsc, bind, unbound, ntp, chrony, fail2ban, icecast, raspberrypi, phpapc, memcached, phpfpm, apcupsd, nut, wowza, int, verlihub
graph_name = system, kern, proc, amdenergy, intelrapl, hptemp, lmsens, gensens, ipmi, ambsens, amdgpu, nvidiagpu, nvidia, disk, nvme, fs, zfs, du, net, netstat, tinyproxy, tc, libvirt, process, serv, mail, port, user, ftp, apache, nginx, lighttpd, mysql, pgsql, mongodb, varnish, pagespeed, squid, nfss, nfsc, bind, unbound, ntp, chrony, fail2ban, icecast, raspberrypi, phpapc, memcached, redis, phpfpm, apcupsd, nut, wowza, int, verlihub
<graph_title>
system = System load average and usage
kern = Global kernel usage
proc = Kernel usage per processor
amdenergy = AMD power usage
intelrapl = RAPL power usage
hptemp = HP ProLiant System Health
lmsens = LM-Sensors and GPU temperatures
gensens = Generic sensor statistics
ipmi = IPMI sensor statistics
ambsens = Ambient sensor statistics
amdgpu = AMD GPU temperatures and usage
nvidiagpu = NVIDIA GPU temperatures and usage
nvidia = NVIDIA temperatures and usage
disk = Disk drive temperatures and health
nvme = NVMe drive temperatures and health
fs = Filesystem usage and I/O activity
zfs = ZFS statistics
du = Directory usage
net = Network traffic and usage
netstat = Netstat statistics
tinyproxy = Tinyproxy statistics
tc = Traffic Control statistics
libvirt = Libvirt statistics
process = Processes statistics
@ -846,6 +1239,7 @@ graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia,
nginx = Nginx statistics
lighttpd = Lighttpd statistics
mysql = MySQL statistics
pgsql = PostgreSQL statistics
mongodb = MongoDB statistics
varnish = Varnish statistics
pagespeed = PageSpeed statistics
@ -861,6 +1255,7 @@ graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia,
raspberrypi = Raspberry Pi sensor statistics
phpapc = Alternative PHP Cache statistics
memcached = Memcached statistics
redis = Redis statistics
phpfpm = PHP-FPM statistics
apcupsd = APC UPS statistics
nut = Network UPS Tools statistics
@ -879,6 +1274,8 @@ graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia,
_kern2 = Context switches and forks
_kern3 = VFS usage
_proc = Processor
_amdenergy1 = Socket power distribution
_intelrapl1 = Power distribution
_hptemp1 = Temperatures 1
_hptemp2 = Temperatures 2
_hptemp3 = Temperatures 3
@ -890,12 +1287,41 @@ graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia,
_gensens = Generic sensors
_ipmi = IPMI sensors
_ambsens = Ambient sensors
_amdgpu1 = Fan speed
_amdgpu2 = Core temperature
_amdgpu3 = Memory temperature
_amdgpu4 = Junction temperature
_amdgpu5 = Power
_amdgpu6 = Core util.
_amdgpu7 = Memory util.
_amdgpu8 = Core clock
_amdgpu9 = Memory clock
_amdgpu10 = Memory usage
_nvidiagpu1 = Fan speed
_nvidiagpu2 = Core temperature
_nvidiagpu3 = Memory temperature
_nvidiagpu4 = Memory usage
_nvidiagpu5 = Power
_nvidiagpu6 = Core util.
_nvidiagpu7 = Memory util.
_nvidiagpu8 = Core clock
_nvidiagpu9 = Memory clock
_nvidiagpu10 = Performance state
_nvidia1 = NVIDIA temperatures
_nvidia2 = CPU usage
_nvidia3 = Memory usage
_disk1 = Disk drives temperatures
_disk2 = Reallocated sector count
_disk3 = Current pending sector
_nvme1 = NVMe drives temperatures
_nvme2 = Spare capacity
_nvme3 = Life used
_nvme4 = Total written
_nvme5 = Media errors
_nvme6 = Unsafe shutdowns
_nvme7 = Total read
_nvme8 = Mean write load
_nvme9 = Mean read load
_fs1 = Filesystems usage
_fs2 = Disk I/O activity
_fs3 = Inode usage
@ -916,6 +1342,9 @@ graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia,
_netstat3 = Active close
_netstat4 = Passive close
_netstat5 = UDP statistics
_tinyproxy1 = Requests
_tinyproxy2 = Connections
_tinyproxy3 = Connections
_tc1 = Traffic
_tc2 = Dropped
_tc3 = Overlimits
@ -932,9 +1361,8 @@ graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia,
_process6 = Number of threads
_process7 = Context switches
_process8 = Number of processes
_serv1 = System services demand
_serv2 = IMAP and POP3 services
_serv3 = SMTP service
_process9 = Uptime
_serv = System services demand
_mail1 = Mail statistics
_mail2 = Network traffic
_mail3 = Mails in queue
@ -966,6 +1394,12 @@ graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia,
_mysql4 = MySQL queries
_mysql5 = MySQL connections
_mysql6 = MySQL traffic
_pgsql1 = PgSQL rows by queries
_pgsql2 = PgSQL background writer
_pgsql3 = PgSQL database size
_pgsql4 = PgSQL connections
_pgsql5 = PgSQL transactions
_pgsql6 = PgSQL block cache
_mongodb1 = MongoDB operations
_mongodb2 = MongoDB metrics document
_mongodb3 = MongoDB write performance
@ -1052,6 +1486,12 @@ graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia,
_memcached5 = Objects I/O
_memcached6 = Connections
_memcached7 = Memcached traffic
_redis1 = Connections
_redis2 = Ratios
_redis3 = Clients
_redis4 = Memory usage
_redis5 = Dictionary cache
_redis6 = Network traffic
_phpfpm1 = Accepted connections
_phpfpm2 = Active processes
_phpfpm3 = Listen queue
@ -1082,3 +1522,4 @@ graph_name = system, kern, proc, hptemp, lmsens, gensens, ipmi, ambsens, nvidia,
_verlihub2 = Total hub upload
_verlihub3 = Total hub share
</graphs>

7
conf/nginx.conf
View file

@ -2,8 +2,11 @@ location __PATH__ {
proxy_pass http://127.0.0.1:__PORT____PATH__;
allow 127.0.0.0/8;
location ~ ^__PATH__/(.+\.png)$ {
alias /var/lib/monitorix/www/$1;
location ~ ^__PATH__/(.+\.(png|svg))$ {
alias __DATA_DIR__/www/$1;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
proxy_set_header Host $host;

19
conf/nginx_status.conf
View file

@ -1,6 +1,6 @@
server {
listen __PORT_NGINX_STATUS__;
listen [::]:__PORT_NGINX_STATUS__;
listen {{ port_nginx_status }};
listen [::]:{{ port_nginx_status }};
access_log /var/log/nginx/localhost-nginx_status_monitorix.lan-access.log;
error_log /var/log/nginx/localhost-nginx_status_monitorix.lan-error.log;
@ -12,4 +12,19 @@ server {
allow ::1;
deny all;
}
{%- if phpfpm_installed == 'true' %}
{%- for php_pool_info in php_pools_infos.splitlines() %}
{%- set phpversion = php_pool_info.split(',')[0] %}
{%- set pool_name = php_pool_info.split(',')[1] %}
location {{ path.rstrip('/') }}/php-pool-status/php{{ phpversion }}-fpm-{{ pool_name }} {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php/php{{ phpversion }}-fpm-{{ pool_name }}-{{ app }}-status.sock;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME cas_server.php;
}
{%- endfor %}
{%- endif %}
}

10
conf/php_status.conf Normal file
View file

@ -0,0 +1,10 @@
{% for php_pool_info in php_pools_infos.splitlines() %}
{%- set phpversion = php_pool_info.split(',')[0] %}
{%- set pool_name = php_pool_info.split(',')[1] %}
{%- if phpversion == pool_version %}
; Auto generated config for Monitorix monitoring
[{{ pool_name }}]
pm.status_listen = /var/run/php/php{{ phpversion }}-fpm-{{ pool_name }}-{{ app }}-status.sock
pm.status_path = /php-pool-status/php{{ phpversion }}-fpm-{{ pool_name }}
{%- endif %}
{% endfor %}

246
config_panel.toml Normal file
View file

@ -0,0 +1,246 @@
version = "1.0"
[main]
name.en = "Main configuration"
name.fr = "Configuration principale"
services = ["__APP__"]
[main.email_alerts]
name = "Email alerts"
[main.email_alerts.alerts_email]
ask.en = "Email address to send alerts emails"
type = "email"
help = "The Email address on which monitorix will send Alets email. It could by linked to many time of alerts."
[main.others]
name = "Others"
[main.others.theme_color]
ask.en = "Theme color"
type = "select"
choices = ["black", "white"]
help = "RRDtool comes with a default white theme, and since Monitorix introduces its own black theme, you have two predefined themes to choose from."
[main.others.enable_hourly_view]
ask.en = "Enable hourly view"
type = "boolean"
yes = "y"
no = "n"
help = "This option enables or disables the ability to select the hourly view in the main page.\nNo .rrd file will change by selecting this option and the historical data wont be affected."
[main.others.image_format]
ask.en = "Image format"
type = "select"
choices = ["svg", "png"]
help = "This is the format of each generated graph. There are only two possible values: PNG and SVG."
[main.others.max_historic_years]
ask.en = "Maximum number of years of historical"
type = "number"
help = "This option defines the maximum number of years of historical data in all graphs.\nWARNING: Every time this value is extended Monitorix will resize every .rrd file accordingly, removing all historical data.\nThere is no longer any upper limit for this value."
[main.others.process_priority]
ask.en = "Process priority"
type = "number"
min = -20
max = 20
help = "Sometimes when a server is under heavy use, Monitorix might be unable to collect some statistical data due to its normal priority (0 by default). This makes monitoring useless because graphs are empty during that hard period of time.\n\nIn order to mitigate this situation this option sets the priority in which Monitorix will be scheduled by the kernel. The accepted range of values is the same as in the setpriority() system call: that is, from -20 (maximum priority) to 19 (lowest priority)."
[config]
name.en = "Monitorix configuration"
[config.system]
name = "System load average and usage"
[config.system.system_alerts_loadavg_enabled]
ask.en = "Load average enabled"
type = "boolean"
yes = "y"
no = "n"
help = "This section enables or disables the alert capabilities for this graph. Only the alert for the average CPU load is currently implemented. It works as follows:\n\nThis alert uses the minimum value between the second and the third load averages (those that represent the last 5 and 15 minutes), and if it reaches the loadavg_threshold value for the interval of time defined in loadavg_timeintvl, Monitorix will execute the external alert script defined in loadavg_script.\n\nThe idea to use min(load5, load15) is to obtain a more symmetric curve and a sooner cancellation of the alert.\n\nThe default Monitorix installation includes an example of a shell-script alert called monitorix-alert.sh which you can use as a base for your own script."
[config.system.system_alerts_loadavg_timeintvl]
ask.en = "Load average time interval"
type = "number"
help = "This is the period of time (in seconds) that the threshold needs to be exceeded before the external alert script is executed."
[config.system.system_alerts_loadavg_threshold]
ask.en = "Load average threshold"
type = "range"
help = "This is the value that needs to be reached or exceeded within the specified time period in loadavg_timeintvl to trigger the mechanism for a particular action, which in this case is the execution of an external alert script.\n\nThe value of this option is compared against the last 15 minutes of CPU load average."
[config.disk]
name = "Disk usage"
[config.disk.disk_alerts_loadavg_enabled]
ask.en = "Disk alert enabled"
type = "boolean"
yes = "true"
no = "false"
[config.disk.disk_alerts_loadavg_timeintvl]
ask.en = "Time interval"
type = "number"
help = "Time interval on which disk usage will be checked"
[config.disk.disk_alerts_loadavg_threshold]
ask.en = "Disk usage threshold"
type = "number"
help = "Percentage to reach to send alert."
[config.mail]
name = "Mail statistics"
[config.mail.mail_delvd_enabled]
ask.en = "Mail delivery enabled"
type = "boolean"
yes = "y"
no = "n"
help = "This section enables or disables one of the alert capabilities for this graph; the alert for the number of delivered messages. It works as follows:\n\nIf the number of delivered messages reaches the delvd_threshold value for the interval of time defined in delvd_timeintvl, Monitorix will execute the external alert script defined in delvd_script.\n\nThe default Monitorix installation includes an example of a shell-script alert called monitorix-alert.sh which you can use as a base for your own script."
[config.mail.mail_delvd_timeintvl]
ask.en = "Mail delivery time interval"
type = "number"
help = "This is the period of time (in seconds) that the threshold needs to be exceeded before the external alert script is executed."
[config.mail.mail_delvd_threshold]
ask.en = "Mail delivery threshold"
type = "number"
help = "This is the value that needs to be reached or exceeded within the specified time period in delvd_timeintvl to trigger the mechanism for a particular action, which in this case is the execution of an external alert script.\n\nThe value of this option is compared against the number of delivered messages since the last delvd_timeintvl seconds."
[config.mail.mail_mqueued_enabled]
ask.en = "Mail message queue enabled"
type = "boolean"
yes = "y"
no = "n"
help = "This section enables or disables one of the alert capabilities for this graph; the alert for the number of queued messages. It works as follows:\n\nIf the number of queued messages reaches the mqueued_threshold value for the interval of time defined in mqueued_timeintvl, Monitorix will execute the external alert script defined in mqueued_script.\n\nThe default Monitorix installation includes an example of a shell-script alert called monitorix-alert.sh which you can use as a base for your own script."
[config.mail.mail_mqueued_timeintvl]
ask.en = "Mail message queue time interval"
type = "number"
help = "This is the period of time (in seconds) that the threshold needs to be exceeded before the external alert script is executed."
[config.mail.mail_mqueued_threshold]
ask.en = "Mail message queue threshold"
type = "number"
help = "This is the value that needs to be reached or exceeded within the specified time period in mqueued_timeintvl to trigger the mechanism for a particular action, which in this case is the execution of an external alert script.\n\nThe value of this option is compared with the number of messages in the mail queue."
[emailreports]
name = "Automatic email reports"
help = "This allows to send automatically selected graphs to one or more email addresses. This could be specially useful for some system administrators who prefer receiving via email selected graphs instead of browsing to the remote servers every day."
[emailreports.global]
name = "Global config for email reports"
[emailreports.global.emailreports_enabled]
ask.en = "Mail reports enabled"
type = "boolean"
yes = "y"
no = "n"
help = "This option enables this feature. Note that you still need to enable the same option for each time interval you want to activate: daily, weekly, monthly, yearly."
[emailreports.global.emailreports_subject_prefix]
ask.en = "Email report subject prefix"
type = "string"
help = "This is a string that will be prefixed in the Subject of all emails that will be sent."
[emailreports.global.emailreports_hour]
ask.en = "Mail report send hour"
type = "number"
max = 23
help = "This is the hour (in 24h format) when the email reports will be sent."
[emailreports.global.emailreports_minute]
ask.en = "Mail report send minute"
type = "number"
max = 59
help = "This is the minute when the email reports will be sent."
[emailreports.daily]
name = "Daily email reports"
help = "Daily reports will be sent every day at the specific time on the global mail report settings."
[emailreports.daily.emailreports_daily_enabled]
ask.en = "Daily mail reports enabled"
type = "boolean"
yes = "y"
no = "n"
[emailreports.daily.emailreports_daily_graphs]
ask.en = "Daily mail reports graphs list"
type = "tags"
choices = ["system", "kern", "proc", "fs", "du", "net", "netstat", "process", "serv", "mail", "port", "user", "nginx", "mysql", "pgsql", "fail2ban", "memcached", "redis", "phpfpm", "int"]
help = "List of graph names you want to appear in the email report. The names are the same as their .rrd files. There is a list of them in the graph_name option in monitorix.conf."
[emailreports.daily.emailreports_daily_to]
ask.en = "Daily mail reports emails"
type = "string"
help = "This is a comma-separated list of recipient email addresses."
[emailreports.weekly]
name = "Weekly email reports"
help = "Weekly reports will be sent the first Monday of each week."
[emailreports.weekly.emailreports_weekly_enabled]
ask.en = "Weekly mail reports enabled"
type = "boolean"
yes = "y"
no = "n"
[emailreports.weekly.emailreports_weekly_graphs]
ask.en = "Weekly mail reports graphs list"
type = "tags"
choices = ["system", "kern", "proc", "fs", "du", "net", "netstat", "process", "serv", "mail", "port", "user", "nginx", "mysql", "pgsql", "fail2ban", "memcached", "redis", "phpfpm", "int"]
help = "List of graph names you want to appear in the email report. The names are the same as their .rrd files. There is a list of them in the graph_name option in monitorix.conf."
[emailreports.weekly.emailreports_weekly_to]
ask.en = "Weekly mail reports emails"
type = "string"
help = "This is a comma-separated list of recipient email addresses."
[emailreports.monthly]
name = "Monthly email reports"
help = "Monthly reports will be sent the first day of each month."
[emailreports.monthly.emailreports_monthly_enabled]
ask.en = "Monthly mail reports enabled"
type = "boolean"
yes = "y"
no = "n"
[emailreports.monthly.emailreports_monthly_graphs]
ask.en = "Monthly mail reports graphs list"
type = "tags"
choices = ["system", "kern", "proc", "fs", "du", "net", "netstat", "process", "serv", "mail", "port", "user", "nginx", "mysql", "pgsql", "fail2ban", "memcached", "redis", "phpfpm", "int"]
help = "List of graph names you want to appear in the email report. The names are the same as their .rrd files. There is a list of them in the graph_name option in monitorix.conf."
[emailreports.monthly.emailreports_monthly_to]
ask.en = "Monthly mail reports emails"
type = "string"
help = "This is a comma-separated list of recipient email addresses."
[emailreports.yearly]
name = "Yearly email reports"
help = "Yearly reports will be sent the first day of each year."
[emailreports.yearly.emailreports_yearly_enabled]
ask.en = "Yearly mail reports enabled"
type = "boolean"
yes = "y"
no = "n"
[emailreports.yearly.emailreports_yearly_graphs]
ask.en = "Yearly mail reports graphs list"
type = "tags"
choices = ["system", "kern", "proc", "fs", "du", "net", "netstat", "process", "serv", "mail", "port", "user", "nginx", "mysql", "pgsql", "fail2ban", "memcached", "redis", "phpfpm", "int"]
help = "List of graph names you want to appear in the email report. The names are the same as their .rrd files. There is a list of them in the graph_name option in monitorix.conf."
[emailreports.yearly.emailreports_yearly_to]
ask.en = "Yearly mail reports emails"
type = "string"
help = "This is a comma-separated list of recipient email addresses."

119
doc/ADMIN.md
View file

@ -1,6 +1,6 @@
### Remove
Due of the backup core only feature the data directory in `/var/lib/monitorix` **is not removed**. It must be manually deleted to purge user data from the app.
Due of the backup core only feature the data directory in `/home/yunohost.app/monitorix` **is not removed**. It must be manually deleted to purge user data from the app.
### More sensor
@ -15,14 +15,10 @@ You will have a full complete documentation for monitorix config here : https://
By example you can extends the basic config by this :
```xml
priority = 5
<graph_enable>
disk = y
lmsens = y
gensens = y
mail = y
</graph_enable>
# LMSENS graph
@ -97,123 +93,10 @@ priority = 5
pendsect_script = /etc/monitorix/monitorix_alerts_scripts/disk_pendsect.sh
</alerts>
</disk>
# FS graph
# -----------------------------------------------------------------------------
<fs>
<list>
0 = /, /home, /var, /$tempdir, swap
</list>
<desc>
/ = Root FS
/home = home
/var = var
/$tempdir = tmp
</desc>
<devmap>
</devmap>
rigid = 2, 0, 2, 0
limit = 100, 1000, 100, 1000
<alerts>
/ = 3600, 98, /etc/monitorix/monitorix_alerts_scripts/fs_rootfs.sh
/home = 3600, 98, /etc/monitorix/monitorix_alerts_scripts/fs_home.sh
/var = 3600, 98, /etc/monitorix/monitorix_alerts_scripts/fs_var.sh
/$tempdir = 3600, 98, /etc/monitorix/monitorix_alerts_scripts/fs_tmp.sh
swap = 3600, 98, /etc/monitorix/monitorix_alerts_scripts/fs_swap.sh
</alerts>
</fs>
# MAIL graph
# -----------------------------------------------------------------------------
<mail>
mta = postfix
greylist = postgrey
stats_rate = real
rigid = 0, 0, 0, 0, 0
limit = 1, 1000, 1000, 1000, 1000
<alerts>
delvd_enabled = y
delvd_timeintvl = 60
delvd_threshold = 100
delvd_script = /etc/monitorix/monitorix_alerts_scripts/mail_delvd.sh
mqueued_enabled = y
mqueued_timeintvl = 3600
mqueued_threshold = 100
mqueued_script = /etc/monitorix/monitorix_alerts_scripts/mail_mqueued.sh
</alerts>
</mail>
# NET graph
# -----------------------------------------------------------------------------
<net>
list = eth0,lo
<desc>
eth0 = FastEthernet LAN, 0, 10000000
lo = loopback, 0, 10000000
</desc>
gateway = eth0
</net>
# PROCESS graph
# -----------------------------------------------------------------------------
<process>
<list>
0 = sshd, ntpd, monitorix, monitorix-httpd
1 = openvpn, ...
...
6 = mysqld, slapd, postgresql
</list>
<desc>
master = Postfix
imap = Dovecot
</desc>
rigid = 2, 0, 0, 0, 0, 0, 0, 0
limit = 100, 1000, 1000, 1000, 1000, 1000, 1000, 1000
</process>
<emailreports>
enabled = y
url_prefix = http://127.0.0.1:8081/monitorix
smtp_hostname = localhost
from_address = noreply@domain.tld
hour = 2
minute = 7
<daily>
enabled = y
graphs = system, fs, gensens, disk, netstat, port, nginx
to = user@domain.tld
</daily>
<weekly>
enabled = y
graphs = system, fs, gensens, disk, kern, proc, net, netstat, process, serv, port, user, nginx, mysql, fail2ban, int
to = user@domain.tld
</weekly>
<monthly>
enabled = y
graphs = system, fs, gensens, disk, kern, proc, net, netstat, process, serv, port, user, nginx, mysql, fail2ban, int
to = user@domain.tld
</monthly>
<yearly>
enabled = y
graphs = system, fs, gensens, disk, kern, proc, net, netstat, process, serv, port, user, nginx, mysql, fail2ban, int
to = user@domain.tld
</yearly>
</emailreports>
```
In this config :
- We set the process priority to 5 (which mean that it will be lower priority than the other process).
- We get the lmsensor sensor data.
- We get some sensors data not accessible with lmsensor (with gensens)
- We check the disk health and send an email if any error happens. For that you need to make some script. An example is available in `/usr/share/doc/monitorix/monitorix-alert.sh`.
- We check the filesystem.
- We check the traffic in the network card.
- We check some process.
- We send every day, week, month and year a rapport.

3
hooks/post_app_install Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
bash __INSTALL_DIR__/update_config_if_needed.sh

3
hooks/post_app_remove Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
bash __INSTALL_DIR__/update_config_if_needed.sh

3
hooks/post_app_upgrade Normal file
View file

@ -0,0 +1,3 @@
#!/bin/bash
bash __INSTALL_DIR__/update_config_if_needed.sh

4
hooks/post_iptable_rules
View file

@ -1,9 +1,9 @@
#/bin/bash
if [[ $(systemctl status monitorix.service | grep "Active" | cut -d'(' -f2 | cut -d ')' -f1) = 'running' ]]
if [[ $(systemctl status __APP__.service | grep "Active" | cut -d'(' -f2 | cut -d ')' -f1) = 'running' ]]
then
systemctl stop monitorix.service
sleep 1
pkill -f "monitorix-httpd listening on" || true
systemctl start monitorix.service
systemctl start __APP__.service
fi

20
manifest.toml
View file

@ -7,7 +7,7 @@ name = "Monitorix"
description.en = "A system monitoring tool"
description.fr = "Un outil de monitoring système"
version = "3.15.0~ynh4"
version = "3.15.0~ynh5"
maintainers = ["Josue-T"]
@ -37,16 +37,26 @@ ram.runtime = "50M"
type = "path"
default = "/monitorix"
[install.init_main_permission]
type = "group"
default = "admins"
[resources]
[resources.sources.main]
url = "https://www.monitorix.org/monitorix_3.15.0-izzy1_all.deb"
sha256 = "0d960b9433ecbaba38d9befe27163644886fb5a466d44f5380576ca975b9d8e4"
rename = "monitorix.deb"
format = "whatever"
extract = false
[resources.system_user]
[resources.install_dir]
dir = "/opt/yunohost/__APP__"
owner = "__APP__:rwx"
group = "www-data:rx"
[resources.data_dir]
[resources.permissions]
main.url = "/"
@ -55,9 +65,5 @@ ram.runtime = "50M"
nginx_status.default = 8081
[resources.apt]
packages = [
"mariadb-server",
]
packages = ["libdbd-pg-perl", "pflogsumm"]
[resources.database]
type = "mysql"

337
scripts/_common.sh
View file

@ -2,15 +2,91 @@
# SET ALL CONSTANTS
#=================================================
pkg_version="3.15.0-izzy1"
systemd_user=root
readonly systemd_user=root
readonly nginx_status_conf="/etc/nginx/conf.d/${app}_status.conf"
nginx_status_conf="/etc/nginx/conf.d/monitorix_status.conf"
readonly db_user=$app
readonly var_list_to_manage='mysql_installed postgresql_installed memcached_installed redis_installed phpfpm_installed jail_list mount_parts home_user_dirs php_pools_infos net_gateway net_interface_list'
#=================================================
# DEFINE ALL COMMON FONCTIONS
#=================================================
installed_php_fpm_filter() {
while read -r item; do
local version=${item%,*}
if ynh_package_is_installed --package=php"$version"-fpm; then
echo "$item"
fi
done
}
home_dir_filter() {
while read -r -d' ' item; do
if [ "$item" != /home/yunohost.app ] && [ "$item" != /home/yunohost.backup ]; then
echo "$item"
fi
done
}
interface_speed_map() {
while read -r item; do
speed=$(cat /sys/class/net/"$item"/speed || echo 1000)
echo "$item,$speed"
done
}
load_vars() {
if ynh_package_is_installed --package=mysql; then
readonly mysql_installed=true
else
readonly mysql_installed=false
fi
if ynh_package_is_installed --package=postgresql; then
readonly postgresql_installed=true
else
readonly postgresql_installed=false
fi
if ynh_package_is_installed --package=memcached; then
readonly memcached_installed=true
else
readonly memcached_installed=false
fi
if ynh_package_is_installed --package=redis-server; then
readonly redis_installed=true
else
readonly redis_installed=false
fi
if ynh_package_is_installed --package='php*-fpm'; then
readonly phpfpm_installed=true
else
readonly phpfpm_installed=false
fi
readonly jail_list="$(fail2ban-client status |
grep 'Jail list:' | sed 's/.*Jail list://' | sed 's/,//g')"
readonly mount_parts="$(mount |
cut -d' ' -f3 |
grep -E -v '^/run|^/dev|^/proc|^/sys|^/snap')"
app_data_dirs="$(echo /home/yunohost.app/*)"
readonly home_user_dirs="$(echo /home/* | home_dir_filter)"
# Note that 'pm.status_listen' option is only supported on php >= 8.0 so we ignore older pools
readonly php_pools_infos="$(grep -E '^\[.*\]' \
--exclude=/etc/php/*/fpm/pool.d/"$app"_status.conf \
--exclude=/etc/php/7.*/fpm/pool.d/* /etc/php/*/fpm/pool.d/* |
sed -E 's|/etc/php/([[:digit:]]\.[[:digit:]]+)/fpm/pool.d/.+\.conf\:\[(.+)\]|\1,\2|' |
installed_php_fpm_filter)"
readonly net_gateway="$(ip --json route show default | jq -r '.[0].dev')"
readonly net_interface_list="$(ip --json link show | jq -r '.[].ifname | select(. != "lo")' | interface_speed_map)"
}
# Used by update_config_if_needed.sh hook
save_vars_current_value() {
for var in $var_list_to_manage; do
ynh_app_setting_set --app "$app" --key previous_$var --value "${!var}"
done
}
install_monitorix_package() {
# Create the temporary directory
tempdir="$(mktemp -d)"
@ -20,46 +96,243 @@ install_monitorix_package() {
# Install the package
ynh_package_install "$tempdir/monitorix.deb"
# The doc says it should be called only once,
# but the code says multiple calls are supported.
# Also, they're already installed so that should be quasi instantaneous.
ynh_install_app_dependencies monitorix="$pkg_version"
# Mark packages as dependencies, to allow automatic removal
apt-mark auto monitorix
cp -r /var/lib/monitorix/* "$data_dir"/
}
config_monitorix() {
jail_list=$(fail2ban-client status | grep 'Jail list:' | sed 's/.*Jail list://' | sed 's/,//g')
f2b_additional_jail=""
for jail in $jail_list; do
if ! [[ "$jail" =~ (recidive|pam-generic|yunohost|postfix|postfix-sasl|dovecot|nginx-http-auth|sshd|sshd-ddos) ]]; then
if [ -z "$f2b_additional_jail" ]; then
f2b_additional_jail="[$jail]"
configure_db() {
# Here the idea is to monitor available database
# So if mysql is installed we monitor it but mysql could also not be installed and in this case don't need to monitor it
# For postgresql it's the same case
if $mysql_installed && ! ynh_mysql_user_exists --user="$db_user"; then
ynh_mysql_create_user "$db_user" "$db_pwd"
fi
if $postgresql_installed && ! ynh_psql_user_exists --user="$db_user"; then
ynh_psql_create_user "$db_user" "$db_pwd"
fi
}
config_php_fpm() {
for pool_dir_by_version in /etc/php/*; do
pool_version=$(echo "$pool_dir_by_version" | cut -d/ -f4)
pool_file="/etc/php/$pool_version/fpm/pool.d/${app}_status.conf"
if ynh_package_is_installed --package="php$pool_version-fpm"; then
ynh_add_jinja_config --template=php_status.conf --destination="$pool_file"
chown root:root "$pool_file"
chmod 444 "$pool_file"
ynh_systemd_action --service_name="php$pool_version"-fpm.service --action=reload
else
f2b_additional_jail+=", [$jail]"
if [ -e "$pool_file" ]; then
ynh_secure_remove --file="$pool_file"
fi
fi
done
}
ynh_add_config --template=../conf/monitorix.conf --destination="/etc/monitorix/monitorix.conf"
configure_hooks() {
ynh_replace_string --match_string=__INSTALL_DIR__ --replace_string="$install_dir" --target_file=../hooks/post_app_install
ynh_replace_string --match_string=__INSTALL_DIR__ --replace_string="$install_dir" --target_file=../hooks/post_app_remove
ynh_replace_string --match_string=__INSTALL_DIR__ --replace_string="$install_dir" --target_file=../hooks/post_app_upgrade
cp ../sources/update_config_if_needed.sh "$install_dir"/
ynh_replace_string --match_string=__APP__ --replace_string="$app" --target_file="$install_dir"/update_config_if_needed.sh
}
configure_alerts_email() {
ynh_add_config --template=monitorix-alert.sh --destination="$install_dir"/monitorix-alert.sh
for alias_file in system.loadavg-alert.sh \
fs.loadavg-alert.sh \
mail.mqueued-alert.sh \
mail.delvd-alert.sh
do
alias_path="$install_dir/$alias_file"
if [ ! -h "$alias_path" ]; then
if [ -e "$alias_path" ]; then
ynh_secure_remove --file="$alias_path"
fi
ln -s "$install_dir/monitorix-alert.sh" "$install_dir/$alias_file"
fi
done
}
ensure_vars_set() {
if [ -z "${db_pwd:-}" ]; then
db_pwd="$(ynh_string_random 12)"
ynh_app_setting_set --app="$app" --key=db_pwd --value="$db_pwd"
fi
if [ -z "${alerts_email:-}" ]; then
alerts_email="admins@$domain"
ynh_app_setting_set --app="$app" --key=alerts_email --value="$alerts_email"
fi
if [ -z "${enable_hourly_view:-}" ]; then
enable_hourly_view=n
ynh_app_setting_set --app="$app" --key=enable_hourly_view --value="$enable_hourly_view"
fi
if [ -z "${image_format:-}" ]; then
image_format=svg
ynh_app_setting_set --app="$app" --key=image_format --value="$image_format"
fi
if [ -z "${theme_color:-}" ]; then
theme_color=black
ynh_app_setting_set --app="$app" --key=theme_color --value="$theme_color"
fi
if [ -z "${max_historic_years:-}" ]; then
max_historic_years=5
ynh_app_setting_set --app="$app" --key=max_historic_years --value="$max_historic_years"
fi
if [ -z "${process_priority:-}" ]; then
process_priority=0
ynh_app_setting_set --app="$app" --key=process_priority --value="$process_priority"
fi
if [ -z "${system_alerts_loadavg_enabled:-}" ]; then
system_alerts_loadavg_enabled=n
ynh_app_setting_set --app="$app" --key=system_alerts_loadavg_enabled --value="$system_alerts_loadavg_enabled"
fi
if [ -z "${system_alerts_loadavg_timeintvl:-}" ]; then
system_alerts_loadavg_timeintvl=3600
ynh_app_setting_set --app="$app" --key=system_alerts_loadavg_timeintvl --value="$system_alerts_loadavg_timeintvl"
fi
if [ -z "${system_alerts_loadavg_threshold:-}" ]; then
system_alerts_loadavg_threshold=5.0
ynh_app_setting_set --app="$app" --key=system_alerts_loadavg_threshold --value="$system_alerts_loadavg_threshold"
fi
if [ -z "${disk_alerts_loadavg_enabled:-}" ]; then
disk_alerts_loadavg_enabled=false
ynh_app_setting_set --app="$app" --key=disk_alerts_loadavg_enabled --value="$disk_alerts_loadavg_enabled"
fi
if [ -z "${disk_alerts_loadavg_timeintvl:-}" ]; then
disk_alerts_loadavg_timeintvl=3600
ynh_app_setting_set --app="$app" --key=disk_alerts_loadavg_timeintvl --value="$disk_alerts_loadavg_timeintvl"
fi
if [ -z "${disk_alerts_loadavg_threshold:-}" ]; then
disk_alerts_loadavg_threshold=98
ynh_app_setting_set --app="$app" --key=disk_alerts_loadavg_threshold --value="$disk_alerts_loadavg_threshold"
fi
if [ -z "${mail_delvd_enabled:-}" ]; then
mail_delvd_enabled=n
ynh_app_setting_set --app="$app" --key=mail_delvd_enabled --value="$mail_delvd_enabled"
fi
if [ -z "${mail_delvd_timeintvl:-}" ]; then
mail_delvd_timeintvl=60
ynh_app_setting_set --app="$app" --key=mail_delvd_timeintvl --value="$mail_delvd_timeintvl"
fi
if [ -z "${mail_delvd_threshold:-}" ]; then
mail_delvd_threshold=100
ynh_app_setting_set --app="$app" --key=mail_delvd_threshold --value="$mail_delvd_threshold"
fi
if [ -z "${mail_mqueued_enabled:-}" ]; then
mail_mqueued_enabled=n
ynh_app_setting_set --app="$app" --key=mail_mqueued_enabled --value="$mail_mqueued_enabled"
fi
if [ -z "${mail_mqueued_timeintvl:-}" ]; then
mail_mqueued_timeintvl=3600
ynh_app_setting_set --app="$app" --key=mail_mqueued_timeintvl --value="$mail_mqueued_timeintvl"
fi
if [ -z "${mail_mqueued_threshold:-}" ]; then
mail_mqueued_threshold=100
ynh_app_setting_set --app="$app" --key=mail_mqueued_threshold --value="$mail_mqueued_threshold"
fi
if [ -z "${emailreports_enabled:-}" ]; then
emailreports_enabled=n
ynh_app_setting_set --app="$app" --key=emailreports_enabled --value="$emailreports_enabled"
fi
if [ -z "${emailreports_subject_prefix:-}" ]; then
emailreports_subject_prefix='Monitorix:'
ynh_app_setting_set --app="$app" --key=emailreports_subject_prefix --value="$emailreports_subject_prefix"
fi
if [ -z "${emailreports_hour:-}" ]; then
emailreports_hour=0
ynh_app_setting_set --app="$app" --key=emailreports_hour --value="$emailreports_hour"
fi
if [ -z "${emailreports_minute:-}" ]; then
emailreports_minute=0
ynh_app_setting_set --app="$app" --key=emailreports_minute --value="$emailreports_minute"
fi
if [ -z "${emailreports_daily_enabled:-}" ]; then
emailreports_daily_enabled=n
ynh_app_setting_set --app="$app" --key=emailreports_daily_enabled --value="$emailreports_daily_enabled"
fi
if [ -z "${emailreports_daily_graphs:-}" ]; then
emailreports_daily_graphs='system,fs'
ynh_app_setting_set --app="$app" --key=emailreports_daily_graphs --value="$emailreports_daily_graphs"
fi
if [ -z "${emailreports_daily_to:-}" ]; then
emailreports_daily_to="admins@$domain"
ynh_app_setting_set --app="$app" --key=emailreports_daily_to --value="$emailreports_daily_to"
fi
if [ -z "${emailreports_weekly_enabled:-}" ]; then
emailreports_weekly_enabled=n
ynh_app_setting_set --app="$app" --key=emailreports_weekly_enabled --value="$emailreports_weekly_enabled"
fi
if [ -z "${emailreports_weekly_graphs:-}" ]; then
emailreports_weekly_graphs='system,fs'
ynh_app_setting_set --app="$app" --key=emailreports_weekly_graphs --value="$emailreports_weekly_graphs"
fi
if [ -z "${emailreports_weekly_to:-}" ]; then
emailreports_weekly_to="admins@$domain"
ynh_app_setting_set --app="$app" --key=emailreports_weekly_to --value="$emailreports_weekly_to"
fi
if [ -z "${emailreports_monthly_enabled:-}" ]; then
emailreports_monthly_enabled=n
ynh_app_setting_set --app="$app" --key=emailreports_monthly_enabled --value="$emailreports_monthly_enabled"
fi
if [ -z "${emailreports_monthly_graphs:-}" ]; then
emailreports_monthly_graphs='system,fs'
ynh_app_setting_set --app="$app" --key=emailreports_monthly_graphs --value="$emailreports_monthly_graphs"
fi
if [ -z "${emailreports_monthly_to:-}" ]; then
emailreports_monthly_to="admins@$domain"
ynh_app_setting_set --app="$app" --key=emailreports_monthly_to --value="$emailreports_monthly_to"
fi
if [ -z "${emailreports_yearly_enabled:-}" ]; then
emailreports_yearly_enabled=n
ynh_app_setting_set --app="$app" --key=emailreports_yearly_enabled --value="$emailreports_yearly_enabled"
fi
if [ -z "${emailreports_yearly_graphs:-}" ]; then
emailreports_yearly_graphs='system,fs'
ynh_app_setting_set --app="$app" --key=emailreports_yearly_graphs --value="$emailreports_yearly_graphs"
fi
if [ -z "${emailreports_yearly_to:-}" ]; then
emailreports_yearly_to="admins@$domain"
ynh_app_setting_set --app="$app" --key=emailreports_yearly_to --value="$emailreports_yearly_to"
fi
}
set_permission() {
chown www-data:root -R /etc/monitorix
chown "$app":root -R /etc/monitorix
chmod u=rX,g=rwX,o= -R /etc/monitorix
chown www-data:root -R /var/lib/monitorix
chmod u=rwX,g=rwX,o= -R /var/lib/monitorix
}
chown www-data:root -R "$nginx_status_conf"
chmod u=r,g=r,o= "$nginx_status_conf"
chown "$app":root "$install_dir"
chmod u=rwX,g=rwX,o= -R "$install_dir"
chmod 750 "$install_dir"/monitorix-alert.sh
chown "$app":root -R /var/log/"$app"
chmod u=rwX,g=rwX,o= -R /var/log/"$app"
_ynh_systemd_restart_monitorix() {
# Reload monitorix
# While we stop monitorix sometime the built-in web server is not stopped cleanly. So are sure that everything is cleanly stoped by that
# So this fix that
chmod u=rwx,g=rx,o= "$data_dir"
chown "$app":www-data "$data_dir"
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
sleep 1
pkill -f "monitorix-httpd listening on" || true
ynh_systemd_action --service_name="$app" --action="start" --log_path 'systemd' --line_match ' - Ok, ready.'
chmod u=rwx,g=rx,o= "$data_dir"/*.rrd || true
chown "$app":root "$data_dir"/*.rrd || true
find "$data_dir"/{reports,usage} \( \! -perm -o= \
-o \! -user "$app" \
-o \! -group "$app" \) \
-exec chown "$app:$app" {} \; \
-exec chmod o= {} \;
find "$data_dir"/www \( \! -perm -o= \
-o \! -perm -g=rX \
-o \! -user "$app" \
-o \! -group www-data \) \
-exec chown "$app:www-data" {} \; \
-exec chmod g+rX,o= {} \;
}

35
scripts/backup
View file

@ -8,14 +8,16 @@
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source ../settings/scripts/experimental_helper.sh
source /usr/share/yunohost/helpers
load_vars
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
if [[ ! "$(systemctl status $app.service)" =~ "Active: inactive (dead)" ]]; then
ynh_print_warn --message="It's highly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop $app.service'"
fi
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
@ -26,8 +28,12 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/$app/"
ynh_backup --src_path "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup --src_path "/etc/nginx/conf.d/monitorix_status.conf"
ynh_backup --src_path "$nginx_status_conf"
ynh_print_info --message="Backing up code..."
ynh_backup --src_path $install_dir
#=================================================
# SPECIFIC BACKUP
@ -41,26 +47,7 @@ ynh_backup --src_path "/etc/systemd/system/$app.service"
# BACKUP VARIOUS FILES
#=================================================
ynh_backup --src_path "/var/lib/$app" --is_big=1
ynh_backup --src_path="/etc/$app/"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_print_info --message="Backing up the MySQL database..."
### (However, things like MySQL dumps *do* take some time to run, though the
### copy of the generated dump to the archive still happens later)
ynh_mysql_dump_db --database="$db_name" > db.sql
#=================================================
# RESTART APP
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
_ynh_systemd_restart_monitorix
ynh_backup --src_path="$data_dir" --is_big=1
#=================================================
# END OF SCRIPT

8
scripts/change_url
View file

@ -7,7 +7,9 @@
#=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
load_vars
#=================================================
# STANDARD MODIFICATIONS
@ -29,8 +31,7 @@ ynh_change_url_nginx_config
# SPECIFIC MODIFICATIONS
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
config_monitorix
ynh_add_jinja_config --template=monitorix.conf --destination=/etc/monitorix/monitorix.conf
#=================================================
# GENERIC FINALISATION
@ -38,8 +39,7 @@ config_monitorix
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
_ynh_systemd_restart_monitorix
ynh_systemd_action --service_name="$app" --action=start --log_path 'systemd' --line_match ' - Ok, ready.'
#=================================================
# END OF SCRIPT

24
scripts/config Normal file
View file

@ -0,0 +1,24 @@
#!/bin/bash
# In simple cases, you don't need a config script.
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ./_common.sh
source /usr/share/yunohost/helpers
source ./experimental_helper.sh
ynh_abort_if_errors
ynh_app_config_apply() {
_ynh_app_config_apply
load_vars
ynh_add_jinja_config --template=monitorix.conf --destination="/etc/monitorix/monitorix.conf"
save_vars_current_value
}
#=================================================
# GENERIC FINALIZATION
#=================================================
ynh_app_config_run "$1"

162
scripts/experimental_helper.sh Normal file
View file

@ -0,0 +1,162 @@
# Create a dedicated config file from a jinja template
#
# usage: ynh_add_jinja_config --template="template" --destination="destination"
# | arg: -t, --template= - Template config file to use
# | arg: -d, --destination= - Destination of the config file
# | arg: -i, --ignore_vars= - List separated by space of script variables to ignore and don't pass in the jinja context.
# | This could be useful mainly for special share which can't be retried by reference name (like the array).
#
# examples:
# ynh_add_jinja_config --template="app.conf" --destination="$install_dir/app.conf"
# ynh_add_jinja_config --template="app-env" --destination="$install_dir/app-env" --ignore_vars="complex_array yolo"
#
# The template can be by default the name of a file in the conf directory
#
# The helper will verify the checksum and backup the destination file
# if it's different before applying the new template.
#
# And it will calculate and store the destination file checksum
# into the app settings when configuration is done.
#
##
## About the variables passed to the template:
##
#
# All variable defined in the script are available into the template (as string) except someone described below.
# If a variable make crash the helper for some reason (by example if the variable is of type array)
# or you just want to don't pass a specific variable for some other reason you can add it in the '--ignore_vars=' parameter as described above.
# Here are the list of ignored variable and so there won't never be available in the template:
# - All system environment variable like (TERM, USER, PATH, LANG, etc).
# If you need someone you just need to declare an other variable with the same value.
# Note that all Yunohost variable whose name begins by 'YNH_' are available and can be used in the template.
# - This following list:
# legacy_args args_array template destination ignore_vars template_path python_env_var ignore_var_regex
# progress_scale progress_string0 progress_string1 progress_string2
# old changed binds types file_hash formats
#
##
## Usage in templates:
##
#
# For a full documentation of the template you can refer to: https://jinja.palletsprojects.com/en/3.1.x/templates/
# In Yunohost context there are no really some specificity except that all variable passed are of type string.
# So here are some example of recommended usage:
#
# If you need a conditional block
#
# {% if should_my_block_be_shown == 'true' %}
# ...
# {% endif %}
#
# or
#
# {% if should_my_block_be_shown == '1' %}
# ...
# {% endif %}
#
# If you need to iterate with loop:
#
# {% for yolo in var_with_multiline_value.splitlines() %}
# ...
# {% endfor %}
#
# or
#
# {% for jail in my_var_with_coma.split(',') %}
# ...
# {% endfor %}
#
ynh_add_jinja_config() {
# Declare an array to define the options of this helper.
local legacy_args=tdi
local -A args_array=([t]=template= [d]=destination= [i]=ignore_vars= )
local template
local destination
local ignore_vars
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
local template_path
#
## List of all vars ignored and not passed to the template
# WARNING Update the list on the helper documentation at the top of the helper, if you change this list
#
# local vars used in the helper
ignore_vars+=" legacy_args args_array template destination ignore_vars template_path python_env_var ignore_var_regex"
# yunohost helpers
ignore_vars+=" progress_scale progress_string0 progress_string1 progress_string2"
# Arrays used in config panel
ignore_vars+=" old changed binds types file_hash formats"
if [ -f "$YNH_APP_BASEDIR/conf/$template" ]; then
template_path="$YNH_APP_BASEDIR/conf/$template"
elif [ -f "$template" ]; then
template_path=$template
else
ynh_die --message="The provided template $template doesn't exist"
fi
ynh_backup_if_checksum_is_different --file="$destination"
# Make sure to set the permissions before we copy the file
# This is to cover a case where an attacker could have
# created a file beforehand to have control over it
# (cp won't overwrite ownership / modes by default...)
touch "$destination"
chown root:root "$destination"
chmod 640 "$destination"
local python_env_var=''
local ignore_var_regex
ignore_var_regex="$(echo "$ignore_vars" | sed -E 's@^\s*(.*\w)\s*$@\1@g' | sed -E 's@(\s+)@|@g')"
while read -r one_var; do
# Blacklist of var to not pass to template
if { [[ "$one_var" =~ ^[A-Z0-9_]+$ ]] && [[ "$one_var" != YNH_* ]]; } \
|| [[ "$one_var" =~ ^($ignore_var_regex)$ ]]; then
continue
fi
# Well python is very bad for the last character on raw string
# https://stackoverflow.com/questions/647769/why-cant-pythons-raw-string-literals-end-with-a-single-backslash
# So the solution here is to add one last char '-' so we know what it is
# and we are sure that it not \ or ' or something else which will be problematic with python
# And then we remove it while we are processing
python_env_var+="$one_var=r'''${!one_var}-'''[:-1],"
done <<< "$(compgen -v)"
_ynh_apply_default_permissions "$destination"
(
python3 -c 'import os, sys, jinja2; sys.stdout.write(
jinja2.Template(source=sys.stdin.read(),
undefined=jinja2.StrictUndefined,
).render('"$python_env_var"'));' <"$template_path" >"$destination"
)
ynh_store_file_checksum --file="$destination"
}
# Check either a package is installed or not
#
# example: ynh_package_is_installed --package=yunohost && echo "installed"
#
# usage: ynh_package_is_installed --package=name [--wait_dpkg_free]
# | arg: -p, --package= - the package name to check
# | arg: -l, --wait_dpkg_free= - wait for dpkg to be free.
# | Note that waiting on dpkg free could take about 0.2s on quick platform
# | and about 2 seconds on slow platform so in case of multiple call it could be slow
# | ret: 0 if the package is installed, 1 else.
ynh_package_is_installed() {
# Declare an array to define the options of this helper.
local legacy_args=pl
local -A args_array=([p]=package= [l]=wait_dpkg_free=)
local package
local wait_dpkg_free
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
wait_dpkg_free="${wait_dpkg_free:-0}"
if [ "$wait_dpkg_free" -eq 1 ]; then
ynh_wait_dpkg_free
fi
dpkg-query --show --showformat='${Status}' "$package" 2>/dev/null \
| grep --count "ok installed" &>/dev/null
}

52
scripts/install
View file

@ -7,16 +7,22 @@
#=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
load_vars
ensure_vars_set
#=================================================
# CHECK EXISTING DIRECTORIES
# Check datadir empty
#=================================================
if [ -e "/var/lib/monitorix" ]; then
old_data_dir_path="/var/lib/monitorix$(date '+%Y%m%d.%H%M%S')"
ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
mv "/var/lib/monitorix" "$old_data_dir_path"
if [ -n "$(ls -A $data_dir)" ]; then
old_data_dir_path="${data_dir}_$(date '+%Y%m%d.%H%M%S')"
ynh_print_warn --message="Data directory was not empty. Data was moved to $old_data_dir_path"
mkdir -p $old_data_dir_path
mv -t "$old_data_dir_path" "$data_dir"/*
app_data_dirs="$(echo /home/yunohost.app/*)"
fi
#=================================================
@ -27,27 +33,34 @@ ynh_script_progression --message="Installing packages..." --weight=1
# Download package and install it
install_monitorix_package
ynh_systemd_action --service_name="$app" --action="stop" --log_path="systemd" --timeout=15
ynh_systemd_action --service_name="$app" --action=stop --log_path=systemd --timeout=15
mkdir -p /var/log/new_"${app}"
mv -t /var/log/new_"${app}" /var/log/monitorix*
mv /var/log/new_"${app}" /var/log/"${app}"
#=================================================
# SYSTEM CONFIGURATION
#=================================================ç
ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
ynh_script_progression --message="Adding configurations related to $app..." --weight=1
ynh_add_systemd_config
yunohost service add "$app" --description="Monitorix" --log=systemd
ynh_add_jinja_config --template=monitorix.conf --destination="/etc/monitorix/monitorix.conf"
ynh_add_jinja_config --template=nginx_status.conf --destination "$nginx_status_conf"
ynh_add_config --template "nginx_status.conf" --destination "$nginx_status_conf"
ynh_add_nginx_config
ynh_add_systemd_config
#=================================================
# SPECIFIC SETUP
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
yunohost service add "$app" --description=Monitorix --log=systemd
config_monitorix
ynh_script_progression --message="Configuring databases access..."
configure_db
ynh_script_progression --message="Configuring php fpm access if needed..."
if "$phpfpm_installed"; then
config_php_fpm
fi
configure_hooks
configure_alerts_email
#=================================================
# GENERIC FINALIZATION
@ -56,12 +69,15 @@ ynh_script_progression --message="Protecting directory..."
set_permission
ynh_use_logrotate --logfile "/var/log/$app"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
_ynh_systemd_restart_monitorix
ynh_systemd_action --service_name="$app" --action="start" --log_path 'systemd' --line_match ' - Ok, ready.'
save_vars_current_value
#=================================================
# END OF SCRIPT

28
scripts/remove
View file

@ -7,7 +7,9 @@
#=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
load_vars
#=================================================
# STANDARD REMOVE
@ -34,9 +36,27 @@ ynh_remove_nginx_config
ynh_remove_systemd_config
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Due of the backup core only feature the data directory in '/var/lib/monitorix' was not removed. It need to be removed manually to purge app user data."
# Remove the app-specific logrotate config
ynh_remove_logrotate
for pool_dir_by_version in /etc/php/*; do
pool_version=$(echo "$pool_dir_by_version" | cut -d/ -f4)
pool_file="/etc/php/$pool_version/fpm/pool.d/${app}_status.conf"
ynh_secure_remove --file="$pool_file"
if ynh_package_is_installed --package="php$pool_version-fpm"; then
ynh_systemd_action --service_name="php$pool_version"-fpm.service --action=reload
fi
done
if ynh_psql_user_exists --user=$db_user; then
ynh_psql_drop_user $db_user
fi
if ynh_mysql_user_exists --user=$db_user; then
ynh_mysql_drop_user $db_user
fi
ynh_package_autopurge monitorix
ynh_secure_remove --file=/var/log/"$app"
ynh_secure_remove --file="$install_dir"
ynh_script_progression --message="Removal of $app completed" --last

40
scripts/restore
View file

@ -8,8 +8,9 @@
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source ../settings/scripts/experimental_helper.sh
source /usr/share/yunohost/helpers
load_vars
#=================================================
# RESTORE THE DEPENDENCIES
@ -17,35 +18,30 @@ source /usr/share/yunohost/helpers
ynh_script_progression --message="Restoring the dependencies..." --weight=1
install_monitorix_package
ynh_systemd_action --service_name="$app" --action="stop" --log_path="systemd" --timeout=15
ynh_systemd_action --service_name="$app" --action=stop --log_path=systemd --timeout=15
mkdir -p /var/log/new_"${app}"
mv -t /var/log/new_"${app}" /var/log/monitorix*
mv /var/log/new_"${app}" /var/log/"${app}"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the MySQL database..." --weight=1
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
ynh_script_progression --message="Configuring databases access..."
configure_db
#=================================================
# RESTORE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_script_progression --message="Restoring files" --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path "/etc/nginx/conf.d/monitorix_status.conf"
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
ynh_restore
mkdir -p /var/log/$app
systemctl enable $app.service --quiet
ynh_script_progression --message="Configuring php fpm access if needed..."
if "$phpfpm_installed"; then
config_php_fpm
fi
yunohost service add $app --description="Monitorix" --log="systemd"
# Directories created by the dep package
ynh_secure_remove --file="/etc/$app"
ynh_secure_remove --file="/var/lib/$app"
ynh_restore_file --origin_path="/var/lib/$app" --not_mandatory
ynh_restore_file --origin_path="/etc/$app/"
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -53,6 +49,8 @@ ynh_script_progression --message="Protecting directory..."
set_permission
ynh_use_logrotate --logfile "/var/log/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -60,7 +58,7 @@ set_permission
#=================================================
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
_ynh_systemd_restart_monitorix
ynh_systemd_action --service_name="$app" --action=start --log_path 'systemd' --line_match ' - Ok, ready.'
ynh_systemd_action --service_name=nginx --action=reload

62
scripts/upgrade
View file

@ -7,12 +7,20 @@
#=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
load_vars
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# MIGRATION 5 : Manage old settings
#=================================================
ensure_vars_set
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
@ -29,7 +37,7 @@ ynh_secure_remove --file=/usr/share/yunohost/hooks/post_iptable_rules/50-$app
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app --action=stop --log_path="/var/log/$app/$app.log"
#=================================================
# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...)
@ -37,7 +45,7 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
if [ "$upgrade_type" == UPGRADE_APP ]
then
ynh_script_progression --message="Upgrading source files..." --weight=1
@ -45,28 +53,49 @@ then
install_monitorix_package
fi
ynh_systemd_action --service_name="$app" --action="stop" --log_path="systemd" --timeout=15
ynh_systemd_action --service_name="$app" --action=stop --log_path=systemd --timeout=15
#=================================================
# MIGRATION 2
#=================================================
# Migrate log files
if [ ! -d /var/log/"${app}" ]; then
mkdir -p /var/log/new_"${app}"
mv -t /var/log/new_"${app}" /var/log/monitorix*
mv /var/log/new_"${app}" /var/log/"${app}"
fi
# Migrate data directory
if [ -e /var/lib/monitorix/system.rrd ] && [ ! -e "$data_dir"/system.rrd ] ; then
mv -tf "$data_dir/" /var/lib/monitorix/*
fi
#=================================================
# REAPPLY SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
ynh_script_progression --message="Upgrading configurations related to $app..." --weight=1
ynh_add_config --template "nginx_status.conf" --destination "$nginx_status_conf"
ynh_add_jinja_config --template=monitorix.conf --destination=/etc/monitorix/monitorix.conf
ynh_add_jinja_config --template=nginx_status.conf --destination "$nginx_status_conf"
if "$phpfpm_installed"; then
config_php_fpm
fi
ynh_add_nginx_config
ynh_add_systemd_config
yunohost service add $app --description="Monitorix" --log="systemd"
yunohost service add "$app" --description=Monitorix --log=systemd
#=================================================
# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_script_progression --message="Configuring databases access..."
configure_db
config_monitorix
ynh_script_progression --message="Configuring php fpm access if needed..."
if "$phpfpm_installed"; then
config_php_fpm
fi
configure_hooks
configure_alerts_email
#=================================================
# GENERIC FINALIZATION
@ -75,12 +104,15 @@ ynh_script_progression --message="Protecting directory..."
set_permission
ynh_use_logrotate --logfile "/var/log/$app"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
_ynh_systemd_restart_monitorix
ynh_systemd_action --service_name="$app" --action=restart --log_path=systemd --line_match ' - Ok, ready.'
save_vars_current_value
#=================================================
# END OF SCRIPT

88
sources/update_config_if_needed.sh Normal file
View file

@ -0,0 +1,88 @@
#!/bin/bash
set -eu
app=__APP__
YNH_APP_BASEDIR=/etc/yunohost/apps/"$app"
pushd /etc/yunohost/apps/$app/conf
source ../scripts/_common.sh
source /usr/share/yunohost/helpers
# Must load experimental helper after because we need the patched version of ynh_package_is_installed
# To make the hook not too slow. It's mainly for optimization.
source ../scripts/experimental_helper.sh
load_vars
status_dirty=false
for var in $var_list_to_manage; do
value="$(ynh_app_setting_get --app="$app" --key=previous_$var)"
if [ "${!var}" != "$value" ]; then
status_dirty=true
break
fi
done
if "$status_dirty"; then
install_dir="$(ynh_app_setting_get --app="$app" --key=install_dir)"
data_dir="$(ynh_app_setting_get --app="$app" --key=data_dir)"
db_pwd="$(ynh_app_setting_get --app="$app" --key=db_pwd)"
domain="$(ynh_app_setting_get --app="$app" --key=domain)"
path="$(ynh_app_setting_get --app="$app" --key=path)"
port="$(ynh_app_setting_get --app="$app" --key=port)"
port_nginx_status="$(ynh_app_setting_get --app="$app" --key=port_nginx_status)"
port_nginx_status="$(ynh_app_setting_get --app="$app" --key=port_nginx_status)"
alerts_email="$(ynh_app_setting_get --app="$app" --key=alerts_email)"
enable_hourly_view="$(ynh_app_setting_get --app="$app" --key=enable_hourly_view)"
image_format="$(ynh_app_setting_get --app="$app" --key=image_format)"
theme_color="$(ynh_app_setting_get --app="$app" --key=theme_color)"
max_historic_years="$(ynh_app_setting_get --app="$app" --key=max_historic_years)"
process_priority="$(ynh_app_setting_get --app="$app" --key=process_priority)"
system_alerts_loadavg_enabled="$(ynh_app_setting_get --app="$app" --key=system_alerts_loadavg_enabled)"
system_alerts_loadavg_timeintvl="$(ynh_app_setting_get --app="$app" --key=system_alerts_loadavg_timeintvl)"
system_alerts_loadavg_threshold="$(ynh_app_setting_get --app="$app" --key=system_alerts_loadavg_threshold)"
disk_alerts_loadavg_enabled="$(ynh_app_setting_get --app="$app" --key=disk_alerts_loadavg_enabled)"
disk_alerts_loadavg_timeintvl="$(ynh_app_setting_get --app="$app" --key=disk_alerts_loadavg_timeintvl)"
disk_alerts_loadavg_threshold="$(ynh_app_setting_get --app="$app" --key=disk_alerts_loadavg_threshold)"
mail_delvd_enabled="$(ynh_app_setting_get --app="$app" --key=mail_delvd_enabled)"
mail_delvd_timeintvl="$(ynh_app_setting_get --app="$app" --key=mail_delvd_timeintvl)"
mail_delvd_threshold="$(ynh_app_setting_get --app="$app" --key=mail_delvd_threshold)"
mail_mqueued_enabled="$(ynh_app_setting_get --app="$app" --key=mail_mqueued_enabled)"
mail_mqueued_timeintvl="$(ynh_app_setting_get --app="$app" --key=mail_mqueued_timeintvl)"
mail_mqueued_threshold="$(ynh_app_setting_get --app="$app" --key=mail_mqueued_threshold)"
emailreports_enabled="$(ynh_app_setting_get --app="$app" --key=emailreports_enabled)"
emailreports_subject_prefix="$(ynh_app_setting_get --app="$app" --key=emailreports_subject_prefix)"
emailreports_hour="$(ynh_app_setting_get --app="$app" --key=emailreports_hour)"
emailreports_minute="$(ynh_app_setting_get --app="$app" --key=emailreports_minute)"
emailreports_daily_enabled="$(ynh_app_setting_get --app="$app" --key=emailreports_daily_enabled)"
emailreports_daily_graphs="$(ynh_app_setting_get --app="$app" --key=emailreports_daily_graphs)"
emailreports_daily_to="$(ynh_app_setting_get --app="$app" --key=emailreports_daily_to)"
emailreports_weekly_enabled="$(ynh_app_setting_get --app="$app" --key=emailreports_weekly_enabled)"
emailreports_weekly_graphs="$(ynh_app_setting_get --app="$app" --key=emailreports_weekly_graphs)"
emailreports_weekly_to="$(ynh_app_setting_get --app="$app" --key=emailreports_weekly_to)"
emailreports_monthly_enabled="$(ynh_app_setting_get --app="$app" --key=emailreports_monthly_enabled)"
emailreports_monthly_graphs="$(ynh_app_setting_get --app="$app" --key=emailreports_monthly_graphs)"
emailreports_monthly_to="$(ynh_app_setting_get --app="$app" --key=emailreports_monthly_to)"
emailreports_yearly_enabled="$(ynh_app_setting_get --app="$app" --key=emailreports_yearly_enabled)"
emailreports_yearly_graphs="$(ynh_app_setting_get --app="$app" --key=emailreports_yearly_graphs)"
emailreports_yearly_to="$(ynh_app_setting_get --app="$app" --key=emailreports_yearly_to)"
ynh_add_jinja_config --template=monitorix.conf --destination="/etc/monitorix/monitorix.conf"
ynh_add_jinja_config --template=nginx_status.conf --destination "$nginx_status_conf"
configure_db
if "$phpfpm_installed"; then
config_php_fpm
fi
ynh_systemd_action --service_name="$app" --action=restart --log_path 'systemd' --line_match ' - Ok, ready.'
ynh_systemd_action --service_name=nginx --action=reload
save_vars_current_value
fi

5
tests.toml
View file

@ -6,5 +6,6 @@ test_format = 1.0
exclude = []
[default.test_upgrade_from.6ea6f67f5d3b7a3303a5ff2f4640e6e01cb6bdae]
name = "v3.15.0~ynh3 (manifestv1)"
test_upgrade_from.6ea6f67f5d3b7a3303a5ff2f4640e6e01cb6bdae.name = "v3.15.0~ynh3 (manifestv1)"
test_upgrade_from.9b82e772d59aa586dd2e0d5c7e9adac09f2d030e.name = "v3.15.0~ynh4 (pre refactoring)"