monitモニタリングサービスのテスト


monitモニタリングサービスのテスト
 、    
1、 tvm-rpm      。
2、  :
eth0:host-only(      ,    IP,               vm)
eth1:NAT(     ,  IP)
[root@tvm-rpm ~]# cd /etc/sysconfig/network-scripts/
[root@tvm-rpm network-scripts]# cat ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
IPADDR=192.168.56.253
PREFIX=24
GATEWAY=192.168.56.1
DNS1=192.168.56.254

[root@tvm-rpm network-scripts]# cat ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=dhcp
DNS1=192.168.56.254


 、  monit  
1、     salt-master  ,     ,   pid。
[root@tvm-rpm ~]# vim /etc/salt/master 
pidfile: /var/run/salt-master.pid

2、  monit
[root@tvm-rpm ~]# yum -y install monit

      log   :
/var/log/monit

          :
[root@tvm-rpm ~]# cat /etc/logrotate.d/monit    
/var/log/monit {
    missingok
    notifempty
    size 100k
    create 0644 root root
    postrotate
        /sbin/service monit condrestart > /dev/null 2>&1 || :
    endscript

}

3、     
1)     
/etc/monit.conf
/etc/monit.d

2)         log   :
[root@tvm-rpm ~]# cat /etc/monit.d/logging 
# log to monit.log
set logfile /var/log/monit


3)    :
[root@tvm-rpm ~]# vim /etc/monit.d/monit-mail.conf
# mail server
set mailserver smtp.xxx.com port 25
    username "[email protected]" password "xxx"

# later delivery retry
set eventqueue
    basedir /var/monit
    slots 100

# mail format
set mail-format {
        from: [email protected]
        subject: [monit Alter][test from xxx] $HOST $SERVICE $EVENT
        message: $EVENT Service $SERVICE
                Date:        $DATE
                Action:      $ACTION
                Host:        $HOST
                Description: $DESCRIPTION

               Your faithful employee,
               monit
    }

# mail recipients
set alert [email protected]


4)         :
[root@tvm-rpm ~]# vim /etc/monit.d/salt-master.conf 
check process salt-master with pidfile /var/run/salt-master.pid
  start program = "/etc/init.d/salt-master start"
  stop program = "/etc/init.d/salt-master stop"

 1:      ,                。
 2:             。
  
4、    
[root@tvm-rpm ~]# service monit start
Starting monit: monit: generated unique Monit id 5701f8ce7fd7a6a69c713ec2b1b5f22e and stored to '/root/.monit.id'
                                                           [  OK  ]
  log:   。

      :
[root@tvm-rpm ~]# chkconfig monit on


5.     
[monit Alter][test from xxx] tvm-rpm tvm-rpm Monit instance changed  
   :test <[email protected]>  
     :2015 7 21 (   )   2:42
   :admin <[email protected]> 
Monit instance changed Service tvm-rpm
                Date:        Tue, 21 Jul 2015 14:42:47 +0800
                Action:      start
                Host:        tvm-rpm
                Description: Monit started

               Your faithful employee,
               monit

6、      salt-master  ,    
[root@tvm-rpm ~]# service salt-master stop
Stopping salt-master daemon:                               [  OK  ]
[root@tvm-rpm ~]# tail -f /var/log/monit
[CST Jul 21 14:42:47] info     : 'tvm-rpm' Monit started
[CST Jul 21 14:48:49] error    : 'salt-master' process is not running
[CST Jul 21 14:48:50] info     : 'salt-master' trying to restart
[CST Jul 21 14:48:50] info     : 'salt-master' start: /etc/init.d/salt-master


     2 :
[monit Alter][test from xxx] tvm-rpm salt-master Does not exist
Does not exist Service salt-master
                Date:        Tue, 21 Jul 2015 14:48:49 +0800
                Action:      restart
                Host:        tvm-rpm
                Description: process is not running

               Your faithful employee,
               monit
               
[monit Alter][test from xxx] tvm-rpm salt-master Exists
Exists Service salt-master
                Date:        Tue, 21 Jul 2015 14:49:51 +0800
                Action:      alert
                Host:        tvm-rpm
                Description: process is running with pid 8380

               Your faithful employee,
               monit
               
  salt-master  :
[root@tvm-rpm ~]# service salt-master status
salt-master (pid  8380) is running...  

7、  monit   web  
[root@tvm-rpm ~]# vim /etc/monit.d/monit-web.conf 
set httpd port 2812 and
    use address 192.168.56.253
    allow localhost
    allow 192.168.56.0/24
    allow admin:monit
    :
[root@tvm-rpm ~]# service monit restart

        admin,  monit    :
http://192.168.56.253:2812/


8.  monit web    ssl
1)    
[root@tvm-rpm ~]# ls /etc/pki/tls
cert.pem  certs  misc  openssl.cnf  private

     ssl         :
[root@tvm-rpm ~]# echo 'abc' >/tmp/openssl.rnd
[root@tvm-rpm ~]# cat /tmp/monit.ssl.conf 
# create RSA certs - Server

  RANDFILE = /tmp/openssl.rnd

  [ req ]
  default_bits = 2048
  default_md = sha256
  encrypt_key = yes
  distinguished_name = req_dn
  x509_extensions = cert_type

  [ req_dn ]
  countryName = Country Name (2 letter code)
  countryName_default = ZH

  stateOrProvinceName             = State or Province Name (full name)
  stateOrProvinceName_default     = TESTPROV

  localityName                    = Locality Name (eg, city)
  localityName_default            = TESTCITY

  organizationName                = Organization Name (eg, company)
  organizationName_default        = TESTCOMP

  organizationalUnitName          = Organizational Unit Name (eg, section)
  organizationalUnitName_default  = TESTSVR

  commonName                      = Common Name (FQDN of your server)
  commonName_default              = server.office.com

  emailAddress                    = Email Address
  emailAddress_default            = [email protected]

  [ cert_type ]
  nsCertType = server
  
       :
[root@tvm-rpm ~]# openssl req -new -x509 -days 365 -nodes \
-config /tmp/monit.ssl.conf -out /etc/pki/tls/certs/monit.pem \
-keyout /etc/pki/tls/certs/monit.pem

    /etc/pki/tls/certs/monit.pem    :
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

  Diffie-Hellman  :
[root@tvm-rpm ~]# openssl gendh 1024 >> /etc/pki/tls/certs/monit.pem

    /etc/pki/tls/certs/monit.pem    :
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----

    :
[root@tvm-rpm ~]# chmod 600 /etc/pki/tls/certs/monit.pem

      :
[root@tvm-rpm ~]# openssl x509 -text -noout -in /etc/pki/tls/certs/monit.pem


2)  monit  
[root@tvm-rpm ~]# vim /etc/monit.d/monit-web.conf 
set httpd port 2812 and
    use address 192.168.56.253
    allow localhost
    allow 192.168.56.0/24
    allow admin:monit
    SSL ENABLE
    PEMFILE /etc/pki/tls/certs/monit.pem

3)  
https://192.168.56.253:2812/


ZYXW、  
1、Real-world configuration examples
https://mmonit.com/wiki/Monit/ConfigurationExamples
2、Enable SSL In Monit
https://mmonit.com/wiki/Monit/EnableSSLInMonit
3、  Openssl
http://blog.csdn.net/jiangwlee/article/details/7724274