Le serveur fonctionne bien. Mais qu'arrive-t-il si pour une raison ou une autre un des services tombe ? Pour l'instant, aucune alerte n'est en place et rien ne sera fait.
C'est là que monit intervient. Après quelques configurations, Monit vérifiera toutes les 10 minutes si l'ensemble des services fonctionnement bien. Si ce n'est pas le cas, une alerte est envoyée par email et il tente de le rédmarrer automatiquement.
L'installation du démon est très simple :
aptitude install monit
Puis déplaçon la configuration par défaut pour ne pas l'utiliser:
mv /etc/monit/monitrc /etc/monit/monitrc_default
Editons une nouvelle configuration dans le fichier /etc/monit/monitrc en y mettant :
set daemon 600
with start delay 120
set logfile syslog facility log_daemon
set mailserver localhost
set mail-format {
from: yourSender@email.com
subject: [monit] $SERVICE: $EVENT
}
set eventqueue basedir /home/var/monit slots 100
set alert you@email.com
set httpd port 9999 and
allow ADMINUSER:ADMINPASS
include /etc/monit/conf.d/*
Puis configurons chacun des services que nous avons installé dans le dossier /etc/monit/conf.d/.
Le fichier /etc/monit/conf.d/clamav :
check process clamav with pidfile /var/run/clamav/clamd.pid
group virus
start program = "/etc/init.d/clamav-daemon start"
stop program = "/etc/init.d/clamav-daemon stop"
if failed host localhost port 3310 then restart
if 5 restarts within 5 cycles then timeout
check process freshclam with pidfile /var/run/clamav/freshclam.pid
group virus
start program = "/etc/init.d/clamav-freshclam start"
stop program = "/etc/init.d/clamav-freshclam stop"
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/cron :
check process cron with pidfile /var/run/crond.pid
group system
start program = "/etc/init.d/cron start"
stop program = "/etc/init.d/cron stop"
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/dovecot :
check process dovecot with pidfile /var/run/dovecot/master.pid
group mail
start program = "/etc/init.d/dovecot start"
stop program = "/etc/init.d/dovecot stop"
if failed host localhost port 993 type tcpssl sslauto protocol imap then restart
if failed host localhost port 995 type tcpssl sslauto protocol pop then restart
if failed host localhost port 143 protocol imap then restart
if failed host localhost port 110 protocol pop then restart
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/dspam :
check process dspam with pidfile /var/run/dspam/dspam.pid
group mail
start program = "/etc/init.d/dspam start"
stop program = "/etc/init.d/dspam stop"
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/fail2ban :
check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
start program = "/etc/init.d/fail2ban start"
stop program = "/etc/init.d/fail2ban stop"
if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/munin :
check process munin-node with pidfile /var/run/munin/munin-node.pid
group system
start program = "/etc/init.d/munin-node start"
stop program = "/etc/init.d/munin-node stop"
if failed host localhost port 4949 then restart
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/mysql :
check process mysql with pidfile /var/run/mysqld/mysqld.pid
group database
start program = "/etc/init.d/mysql start"
stop program = "/etc/init.d/mysql stop"
if failed unix "/var/run/mysqld/mysqld.sock" then restart
if failed host 127.0.0.1 port 3306 then restart
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/nginx :
check process nginx with pidfile /var/run/nginx.pid
group www
start program = "/etc/init.d/nginx start"
stop program = "/etc/init.d/nginx stop"
if failed host localhost port 80 protocol http
and request "/nginx_status" then restart
if cpu > 60% for 2 cycles then alert
if cpu > 90% for 5 cycles then restart
if totalmem > 50% for 5 cycles then restart
if children > 250 then restart
if loadavg(5min) greater than 10 for 8 cycles then stop
if 3 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/phpfpm :
check process phpfpm with pidfile /var/run/php5-fpm.pid
group www
start program = "/etc/init.d/php5-fpm start"
stop program = "/etc/init.d/php5-fpm stop"
if failed unix "/var/run/php5-fpm.sock" then restart
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/postfix :
check process postfix with pidfile /var/spool/postfix/pid/master.pid
group mail
start program = "/etc/init.d/postfix start"
stop program = "/etc/init.d/postfix stop"
if failed port 10026 protocol smtp for 2 times within 2 cycles then restart
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/powerdns :
check process powerdns with pidfile /var/run/pdns.pid
start program = "/etc/init.d/pdns start"
stop program = "/etc/init.d/pdns stop"
if failed host localhost port 53 then restart
if 5 restarts within 5 cycles then timeout
check process powerdns-recursor with pidfile /var/run/pdns_recursor.pid
start program = "/etc/init.d/pdns-recursor start"
stop program = "/etc/init.d/pdns-recursor stop"
if failed host localhost port 54 then restart
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/rsyslog :
check process rsyslogd with pidfile /var/run/rsyslogd.pid
group system
start program = "/etc/init.d/rsyslog start"
stop program = "/etc/init.d/rsyslog stop"
if 5 restarts within 5 cycles then timeout
Le fichier /etc/monit/conf.d/sshd :
check process sshd with pidfile /var/run/sshd.pid
start program "/etc/init.d/ssh start"
stop program "/etc/init.d/ssh stop"
if failed port 22 protocol ssh then restart
if 5 restarts within 5 cycles then timeout
Pour que monit démarre, il faut aussi modifier le fichier /etc/default/monit pour y mettre :
startup=1
Un redémarrage de monit et le tour est joué :
/etc/init.d/monit force-reload
Il ne reste plus que quelques petits éléments à mettre en place.
Retour au sommaire du tutorial complet.