forked from msimerson/Mail-Toaster-6
-
Notifications
You must be signed in to change notification settings - Fork 0
/
provision-monitor.sh
executable file
·211 lines (173 loc) · 5.04 KB
/
provision-monitor.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
#!/bin/sh
# shellcheck disable=1091
. mail-toaster.sh || exit
export JAIL_START_EXTRA=""
export JAIL_CONF_EXTRA=""
install_monitor()
{
tell_status "installing swaks"
stage_pkg_install swaks p5-Net-SSLeay || exit
install_lighttpd
install_nagios
install_munin
}
install_lighttpd()
{
tell_status "installing lighttpd"
stage_pkg_install lighttpd
mkdir -p "$STAGE_MNT/var/spool/lighttpd/sockets"
chown -R www "$STAGE_MNT/var/spool/lighttpd/sockets"
}
install_nagios()
{
if [ -z "$TOASTER_NRPE" ]; then
echo "TOASTER_NRPE unset, skipping nagios install"
return
fi
tell_status "installing nagios & nrpe"
stage_pkg_install nagios nrpe3
}
install_munin()
{
if [ -z "$TOASTER_MUNIN" ]; then
echo "TOASTER_MUNIN unset, skipping munin install"
return
fi
tell_status "installing munin"
stage_pkg_install munin-node munin-master
}
configure_lighttpd()
{
local _lighttpd_dir="$STAGE_MNT/usr/local/etc/lighttpd"
local _lighttpd_conf="$_lighttpd_dir/lighttpd.conf"
# shellcheck disable=2016
sed -i .bak \
-e '/^var\.server_root/ s/""/"\/usr\/local\/www"/' \
-e '/^var\.log_root/ s/""/"\/var\/log\/lighttpd"/' \
-e '/^server\.username/ s/""/"www"/' \
-e '/^server\.groupname/ s/""/"www"/' \
-e '/^server\.use-ipv6/ s/"enable"/"disable"/' \
-e '/^$SERVER/ s/$S/#$S/' \
"$_lighttpd_conf"
tee -a "$_lighttpd_conf" <<EO_LIGHTTPD_MT6
server.modules += (
"mod_alias",
"mod_rewrite",
"mod_fastcgi",
"mod_extforward",
)
alias.url += ( "/munin-static" => "/usr/local/www/munin/static" )
alias.url += ( "/munin" => "/usr/local/www/munin/" )
fastcgi.server += (
"/munin-cgi/munin-cgi-graph" =>
( "munin-cgi-graph" => (
"bin-path" => "/usr/local/www/cgi-bin/munin-cgi-graph",
"socket" => "/var/spool/lighttpd/sockets/munin-cgi-graph.sock",
"bin-copy-environment" => ("PATH", "SHELL", "USER"),
"check-local" => "disable",
"broken-scriptfilename" => "enable",
)),
"/munin-cgi/munin-cgi-html" =>
( "munin-cgi-html" => (
"bin-path" => "/usr/local/www/cgi-bin/munin-cgi-html",
"socket" => "/var/spool/lighttpd/sockets/munin-cgi-html.sock",
"bin-copy-environment" => ("PATH", "SHELL", "USER"),
"check-local" => "disable",
"broken-scriptfilename" => "enable",
))
)
url.rewrite-repeat += (
"/munin/(.*)" => "/munin-cgi/munin-cgi-html/\$1",
"/munin-cgi/munin-cgi-html$" => "/munin-cgi/munin-cgi-html/",
"/munin-cgi/munin-cgi-html/static/(.*)" => "/munin-static/\$1"
)
extforward.forwarder = (
"$(get_jail_ip haproxy)" => "trust",
)
EO_LIGHTTPD_MT6
stage_sysrc lighttpd_enable="YES"
}
configure_munin()
{
if [ -d "$STAGE_MNT/data/etc/munin" ]; then
rm -r "$STAGE_MNT/usr/local/etc/munin"
else
mv "$STAGE_MNT/usr/local/etc/munin" "$STAGE_MNT/data/etc/"
fi
stage_exec ln -s /data/etc/munin /usr/local/etc/munin
if [ ! -d "$ZFS_DATA_MNT/monitor/var/munin" ]; then
mkdir -p "$ZFS_DATA_MNT/monitor/var/munin"
chown -R 842:842 "$ZFS_DATA_MNT/monitor/var/munin"
fi
if ! grep -qs ^#graph_strategy "$STAGE_MNT/data/etc/munin/munin.conf" ; then
tell_status "preserving munin.conf"
else
tell_status "update munin.conf to use ZFS_DATA_MNT"
sed -i .bak \
-e 's/^#dbdir.*/dbdir \/data\/var\/munin/' \
-e 's/^#graph_strategy cron/graph_strategy cgi/' \
-e 's/^#html_strategy cron/html_strategy cgi/' \
"$STAGE_MNT/data/etc/munin/munin.conf" || exit
fi
#Needed for CGI graph to work
stage_exec chmod -R 777 /var/log/munin
stage_exec mkdir -p /var/munin/cgi-tmp
stage_exec chmod -R 777 /var/munin/cgi-tmp
stage_exec chown -R www:www /var/munin/cgi-tmp
stage_sysrc munin_node_enable=YES
stage_sysrc munin_node_config=/data/etc/munin/munin-node.conf
}
configure_nrpe()
{
if [ -f "$ZFS_DATA_MNT/monitor/etc/nrpe.cfg" ]; then
tell_status "preserving nrpe.cfg"
rm "$STAGE_MNT/usr/local/etc/nrpe.cfg"
else
tell_status "installing default nrpe.cfg"
mv "$STAGE_MNT/usr/local/etc/nrpe.cfg" \
"$ZFS_DATA_MNT/monitor/etc/nrpe.cfg"
fi
stage_exec ln -s /data/etc/nrpe.cfg /usr/local/etc/nrpe.cfg
stage_sysrc nrpe3_enable="YES"
stage_sysrc nrpe3_configfile=/data/etc/nrpe.cfg
}
configure_monitor()
{
tell_status "configuring monitor"
if [ ! -d "$ZFS_DATA_MNT/monitor/etc" ]; then
mkdir "$ZFS_DATA_MNT/monitor/etc"
fi
configure_lighttpd
if [ -n "$TOASTER_NRPE" ]; then
configure_nrpe
fi
if [ -n "$TOASTER_MUNIN" ]; then
configure_munin
fi
}
start_monitor()
{
tell_status "starting monitor"
}
test_monitor()
{
tell_status "testing monitor"
local _email _server _pass
_email="postmaster@$TOASTER_MAIL_DOMAIN"
_server=$(get_jail_ip haraka)
_pass=$(jexec vpopmail /usr/local/vpopmail/bin/vuserinfo -C "$_email")
tell_status "sending an email to $_email"
stage_exec swaks -to "$_email" -server "$_server" -timeout 50 || exit
tell_status "sending a TLS encrypted and authenticated email"
stage_exec swaks -to "$_email" -server "$_server" -timeout 50 \
-tls -au "$_email" -ap "$_pass" || exit
echo "it worked"
}
base_snapshot_exists || exit
create_staged_fs monitor
start_staged_jail monitor
install_monitor
configure_monitor
start_monitor
test_monitor
promote_staged_jail monitor