Monit

De Biblioteca Unix

Conteúdo

Monit

O Monit é uma ferramenta de monitoramento pró-ativo, que além do tradicional monitoramento, toma decisões pré-definidas para manter os serviços essenciais da rede o maior tempo possível em funcionamento. Esta ferramenta funciona de forma standaloneem cada servidor, mas pode ser agregada a ferramenta paga M/Monit para gerenciar todos os servidores da sua rede.

Nosso objetivo é configurar vários sistemas operacionais Unix-like e, integra-los ao M/Monit.

FreeBSD 9.0

Instalando os Pacotes Necessários

Para instalar o Monit no FreeBSD9, vamos utilizar o sistema de pacotes padrão:

# pkg_add -r monit
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-9.0-release/Latest/monit.tbz... Done.
**************************************************************************
USAGE:

To enable monit you need to add monit_enable="YES" to rc.conf file.
Before running monit you have to configure monitrc file. There is
example configuration file monitrc.sample.

/usr/local/etc/monitrc.sample
**************************************************************************

Configurações Básicas

Para utilizá-lo é necessário adicionar o Monit no arquivo de inicialização padrão:

# /usr/local/etc/rc.d/monit rcvar >> /etc/rc.conf

agora vamos editar a configuracão do Monit de NO para YES:

# ee /etc/rc.conf
...
monit_enable="YES"
...

feito isso, vamos ativar as configurações padrões:

# mv /usr/local/etc/monitrc.sample /usr/local/etc/monitrc

Vamos inicializar o serviço:

# /usr/local/etc/rc.d/monit start
Starting monit.
monit: generated unique Monit id 5b6d9bd73674ce9f9f947b67d7a7453b and stored to '/root/.monit.id'
Starting monit daemon with http interface at [localhost:2812]

na primeira inicialização será gerado o identificador único de máquina. Agora podemos acessar a interface do M/Monit, vejam como ficou:

Mmonit-freebsd9.png

O FreeBSD aparece normalmente na interface de gerenciamento local também:

Monit-freebsd9.png

Não esqueça de configurar os IPs ou redes que deseja tornar acessível o [Monit] via navegador liberando seus IPs nas entradas allow:

# ee 
...
set httpd port 2812 and
   #use address localhost  # somente aceita conexões locais, comente isso para acesso externo
   allow localhost        
   allow 10.0.1.20        # permite um IP privado
   allow 192.168.0.0/24   # permite uma rede privada
   allow admin:monit      # pede usuário: admin e senha: monit
   allow monit:monit      # permite o acesso o M/Monit para coletar informações
   allow @monit           # permite usuários do grupo 'monit' conectar com permissões (rw)
   allow @users readonly  # todos os usuários como somente leitura
...

as configurações de serviços podem serguir a lógica dos arquivos do Debian.

Debian Squeeze 6.0

Instalando os Pacotes Necessários

Vamos instalar os pacotes necessários (pacote backported versão 5.3.2):

# apt-get install monit

Feito isso o [Monit] já estará pré-configurado e podemos iniciá-lo:

# /etc/init.d/monit start

Pronto, o Monit está quase pronto para execução.

Configurações Básicas

Com o Monit instalado, vamos agora gerenciar alguns serviços do nosso servidor. Os serviços que serão gerenciados são o: OpenSSH e o Ntp. Por isso vamos configurar o arquivo de configuração principal do Monit:

# vim/etc/monit/monitrc
set daemon 120            # check services at 2-minute intervals
set logfile /var/log/monit.log
set idfile /var/lib/monit/id
set statefile /var/lib/monit/state
set eventqueue
    basedir /var/lib/monit/events # set the base directory where events will be stored
    slots 100                     # optionally limit the queue size

set mmonit http://monit:monit@IP_DO_MMONIT:8080/collector
     and register without credentials     

set alert administrador@exemplo.com.br only on { timeout } 
set httpd port 2812 and
    allow localhost
    allow admin:monit
include /etc/monit/conf.d/*

Quando iniciarmos o serviço do Monit ele já estará monitorando o próprio servidor, mas não os serviços que desejamos. Veja como fica a tela do Monit local:

Monit-local-5.3.2.png

e no M/Monit:

Mmonit-local-sistema.png

Para monitorar serviços é necessário configurar cada um deles dentro do diretório /etc/monit/conf.d. Por isso vamos criar os dois arquivos de configuração de serviços, primeiro o OpenSSH:

# vim/etc/monit/conf.d/ssh
check process sshd with pidfile /var/run/sshd.pid
  start program  "/etc/init.d/ssh start"
  stop program  "/etc/init.d/ssh stop"
  if failed port 22 protocol ssh then restart
  if 5 restarts within 5 cycles then timeout

e agora o Ntp:

# vim/etc/monit/conf.d/ntp
check process ntpd with pidfile /var/run/ntpd.pid
  start program = "/etc/init.d/ntp start"
  stop  program = "/etc/init.d/ntp stop"
  if failed host 127.0.0.1 port 123 type udp then alert
  if 5 restarts within 5 cycles then timeout

pronto, vamos reiniciar o Monit para que ele recarregue as configurações:

# /etc/init.d/monit restart

Veja como ficou a nova tela do M/Monit:

Mmonit-com-servicos.png

Feito isso, basta configurar mais serviços e monitorá-los. Abaixo estão os arquivos de configurações adaptados para o Debian/Ubuntu10.04 LTS.

Serviços do Debian no Monit

Amavisd-New

# vim/etc/monit/conf.d/amavis
check process amavisd with pidfile /var/run/amavis/amavisd.pid
  group mail
  start program = "/etc/init.d/amavis start"
  stop  program = "/etc/init.d/amavis stop"
  if failed host localhost port 10024 protocol smtp then restart
  if 5 restarts within 5 cycles then timeout
  depends on amavisd_bin
  depends on amavisd_init

check file amavisd_bin with path /usr/sbin/amavisd-new
  group mail
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor

check file amavisd_init with path /etc/init.d/amavis
  group mail
  if failed checksum then unmonitor
  if failed permission 755 then unmonitor
  if failed uid root then unmonitor
  if failed gid root then unmonitor

Apache2

# vim/etc/monit/conf.d/apache2
check process apache2 with pidfile /var/run/apache2.pid
  group www-data
  start program = "/etc/init.d/apache2 start"
  stop  program = "/etc/init.d/apache2 stop"

  if failed host localhost port 80 then restart 
  if 5 restarts within 5 cycles then timeout

Bacula

O director não deve usar os testes abaixo, pois você começará a receber mensagens do tipo:

ERROR in authenticate.c:304 UA Hello from client:127.0.0.1:36131

Estas mensagens são relacionadas a tentativa de autenticação no Diretor sem sucesso, o que de fato acontece no teste abaixo.

# vim/etc/monit/conf.d/bacula-director
check process bacula-director with pidfile /var/run/bacula/bacula-dir.9101.pid
  start program = "/etc/init.d/bacula-director start"
  stop  program = "/etc/init.d/bacula-director stop"
  if failed port 9101 type tcp then alert
  if 5 restarts within 5 cycles then timeout

deixei as configurações do Diretor do Bacula apenas como conteúdo histórico que não deve ser utilizado.

# vim/etc/monit/conf.d/bacula-storage-daemon
 check process bacula-sd with pidfile /var/run/bacula/bacula-sd.9103.pid
  start program = "/etc/init.d/bacula-sd start"
  stop  program = "/etc/init.d/bacula-sd stop"
  if failed port 9103 type tcp then alert
  if 5 restarts within 5 cycles then timeout
# vim/etc/monit/conf.d/bacula-file-daemon
 check process bacula-fd with pidfile /var/run/bacula/bacula-fd.9102.pid
  start program = "/etc/init.d/bacula-fd start"
  stop  program = "/etc/init.d/bacula-fd stop"
  if failed port 9102 type tcp then alert
  if 5 restarts within 5 cycles then timeout

Bind9

# vim/etc/monit/conf.d/bind9
check process named with pidfile /var/run/bind/run/named.pid
  start program = "/etc/init.d/bind9 start"
  stop program = "/etc/init.d/bind9 stop"
  if failed host 127.0.0.1 port 53 type tcp protocol dns then alert
  if failed host 127.0.0.1 port 53 type udp protocol dns then alert
  if 5 restarts within 5 cycles then timeout

Clamav

# vim/etc/monit/conf.d/clamav
check process clamd with pidfile /var/run/clamav/clamd.pid
  group clamav
  start program = "/etc/init.d/clamav-daemon start"
  stop  program = "/etc/init.d/clamav-daemon stop"
  if failed unixsocket /var/run/clamav/clamd.ctl then restart
  if 5 restarts within 5 cycles then timeout

check process freshclamd with pidfile /var/run/clamav/freshclam.pid
  group clamav
  start program = "/etc/init.d/clamav-freshclam start"
  stop  program = "/etc/init.d/clamav-freshclam stop"
  if 5 restarts within 5 cycles then timeout

DHCPD

# vim /etc/monit/conf.d/dhcpd
check process dhcpd with pidfile /var/run/dhcpcd.pid
 start program = "/etc/init.d/isc-dhcp-server start"
 stop program = "/etc/init.d/isc-dhcp-server stop"
 if failed host 127.0.0.1 port 67 type udp then alert
 if failed unixsocket /var/run/dhcpcd.sock then restart
 if 5 restarts within 5 cycles then timeout

Dovecot

# vim/etc/monit/conf.d/dovecot
check process dovecot with pidfile /var/run/dovecot/master.pid
  start program = "/etc/init.d/dovecot start"
  stop program = "/etc/init.d/dovecot stop"
  group mail
  if failed host nxmail.ufms.br port 110 protocol pop for 5 cycles then restart
  if failed host nxmail.ufms.br port 143 protocol imap for 5 cycles then restart
  if failed host nxmail.ufms.br port 993 type tcpssl sslauto protocol imap for 5 cycles then restart
  if failed host nxmail.ufms.br port 995 type tcpssl sslauto protocol pop for 5 cycles then restart
  if 3 restarts within 5 cycles then timeout

FreeRadius

# vim/etc/monit/conf.d/freeradius
check process freeradius with pidfile /var/run/freeradius/freeradius.pid
  start program = "/etc/init.d/freeradius start"
  stop program = "/etc/init.d/freeradius stop"
  if failed host 127.0.0.1 port 1812 type udp protocol radius secret testing123 then alert
  if failed host 127.0.0.1 port 1812 type udp protocol radius secret testing123 then alert
  if 5 restarts within 5 cycles then timeout

miniDLNA

# vim /etc/monit/conf.d/minidlna
check process miniDLNA with pidfile /run/minidlna/minidlna.pid
   start program = "/usr/sbin/service minidlna start"
   stop program = "/usr/sbin/service minidlna stop"
   if failed host 127.0.0.1 port 8200 then restart

MySQL

# vim/etc/monit/conf.d/mysql
check process mysql with pidfile /var/run/mysqld/mysqld.pid
  group database
  start program = "/etc/init.d/mysql start"
  stop program = "/etc/init.d/mysql stop"
  if failed host localhost port 3306 protocol mysql then restart
  if 5 restarts within 5 cycles then timeout

Ntp

# vim/etc/monit/conf.d/ntp
check process ntpd with pidfile /var/run/ntpd.pid
  start program = "/etc/init.d/ntp start"
  stop  program = "/etc/init.d/ntp stop"
  if failed host 127.0.0.1 port 123 type udp then alert
  if 5 restarts within 5 cycles then timeout

OpenFire

# vim /etc/monit/conf.d/openfire
check process openfire with pidfile /var/run/openfire.pid
  start program  "/etc/init.d/openfire start"
  stop program  "/etc/init.d/openfire stop"

  if failed port 5222 protocol ssh then restart
  if failed port 5223 protocol ssh then restart
  if failed port 5229 protocol ssh then restart
  if failed port 5269 protocol ssh then restart
  if failed port 7070 protocol ssh then restart
  if failed port 7777 protocol ssh then restart
  if failed port 9090 protocol ssh then restart
  if failed port 9091 protocol ssh then restart

  if 5 restarts within 5 cycles then timeout

OpenLDAP

# vim /etc/monit/conf.d/openldap
check process slapd with pidfile /var/run/slapd/slapd.pid
  start program  "/etc/init.d/slapd start"
  stop program  "/etc/init.d/slapd stop"
  if failed port 389 protocol slapd then restart
  if 5 restarts within 5 cycles then timeout

Postfix

# vim/etc/monit/conf.d/postfix
check process postfix with pidfile /var/spool/postfix/pid/master.pid
  group mail
  start program = "/etc/init.d/postfix start"
  stop  program = "/etc/init.d/postfix stop"
  if failed port 25 protocol smtp then restart
  if 5 restarts within 5 cycles then timeout

PostgreSQL

Versão 8.3:

# vim/etc/monit/conf.d/postgresql-8.3
check process postgres with pidfile /var/run/postgresql/8.3-main.pid
  group postgres
  start program = "/etc/init.d/postgresql-8.3 start"
  stop  program = "/etc/init.d/postgresql-8.3 stop"
  if failed unixsocket /var/run/postgresql/.s.PGSQL.5432 protocol pgsql 
     then restart
  if failed host localhost port 5432 protocol pgsql then restart
  if 5 restarts within 5 cycles then timeout

Versão 8.4:

# vim/etc/monit/conf.d/postgresql-8.4
 check process postgres with pidfile /var/run/postgresql/8.4-main.pid
  group postgres
  start program = "/etc/init.d/postgresql start"
  stop  program = "/etc/init.d/postgresql stop"
  if failed unixsocket /var/run/postgresql/.s.PGSQL.5432 protocol pgsql 
     then restart
  if failed host localhost port 5432 protocol pgsql then restart
  if 5 restarts within 5 cycles then timeout

Versão 9.1:

# vim /etc/monit/conf.d/postgresql-9.1
check process postgres with pidfile /var/run/postgresql/9.1-main.pid
 group postgres
 start program = "/etc/init.d/postgresql start"
 stop  program = "/etc/init.d/postgresql stop"
 if failed unixsocket /var/run/postgresql/.s.PGSQL.5432 protocol pgsql 
    then restart
 if failed host localhost port 5432 protocol pgsql then restart
 if 5 restarts within 5 cycles then timeout

Spamassassin

# vim/etc/monit/conf.d/spamassassin
check process spamassassin with pidfile /var/run/spamd.pid
  group mail
  start program = "/etc/init.d/spamassassin start"
  stop  program = "/etc/init.d/spamassassin stop"
  if 5 restarts within 5 cycles then timeout
  if cpu usage > 99% for 5 cycles then alert
  if mem usage > 99% for 5 cycles then alert

SSH

# vim/etc/monit/conf.d/ssh
check process sshd with pidfile /var/run/sshd.pid
  start program  "/etc/init.d/ssh start"
  stop program  "/etc/init.d/ssh stop"
  if failed port 22 protocol ssh then restart
  if 5 restarts within 5 cycles then timeout

Tomcat6

# vim /etc/monit/conf.d/tomcat6
check process tomcat with pidfile /var/run/tomcat6.pid
     start program = "/etc/init.d/tomcat6 start"
     stop program  = "/etc/init.d/tomcat6 stop"
     if failed port 8080 then alert

Transmission-Daemon

# vim /etc/monit/conf.d/tranmission
check process Transmission matching "transmission-daemon"
   start program = "/usr/sbin/service transmission-daemon start"
   stop program = "/usr/sbin/service transmission-daemon stop"
   if failed host 127.0.0.1 port 9091 then restart
   if failed host 127.0.0.1 port 51413 with timeout 30 seconds for 3 cycles then restart

XEN

# vim /etc/monit/conf.d/xen
check process xend with pidfile /var/run/xend.pid
  start program = "/etc/init.d/xend start"
  stop  program = "/etc/init.d/xend stop"
  if failed unixsocket /var/lib/xend/xend-socket then restart
  if 5 restarts within 5 cycles then timeout

Sistemas de Arquivos

# vim/etc/monit/conf.d/home-filesystem
check filesystem homefs with path /dev/sda2
   start program  = "/bin/mount /home"
   stop program  = "/bin/umount /home"
   if failed permission 660 then unmonitor
   if failed uid root then unmonitor
   if failed gid disk then unmonitor
   if space usage > 80% for 5 times within 15 cycles then alert
   if space usage > 99% then stop
   if inode usage > 99% then stop
   #if inode usage > 30000 then alert
   

--Brivaldo 22h44min de 23 de janeiro de 2012 (AMST)

Ferramentas pessoais