mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-11 13:49:23 -05:00
services: monitoring: Add 'zabbix-server'.
* gnu/services/monitoring.scm (uglify-field-name, serialize-field, serialize-number, serialize-list, serialize-string, group?, serialize-group, include-files?, serialize-include-files, zabbix-server-account, zabbix-server-config-file, zabbix-server-activation, zabbix-server-shepherd-service, generate-zabbix-server-documentation, extra-options, serialize-extra-options): New procedures. (zabbix-server-service-type): New variable. * gnu/tests/monitoring.scm (%psql-user-create-zabbix, %psql-db-zabbix-create-script, %psql-db-create-zabbix, %psql-db-import-zabbix, %zabbix-os, %test-zabbix): New variables. (run-zabbix-server-test): New procedure. * doc/guix.texi (Monitoring Services): Document 'zabbix-server'. squash! services: monitoring: Add 'zabbix-server'.
This commit is contained in:
parent
2c9ac8392a
commit
6b1c4179e2
3 changed files with 497 additions and 2 deletions
141
doc/guix.texi
141
doc/guix.texi
|
@ -16662,6 +16662,147 @@ Bind the web interface to the specified address.
|
|||
@end table
|
||||
@end deftp
|
||||
|
||||
@subsubheading Zabbix server
|
||||
@cindex zabbix zabbix-server
|
||||
Zabbix provides monitoring metrics, among others network utilization, CPU load
|
||||
and disk space consumption:
|
||||
|
||||
@itemize
|
||||
@item High performance, high capacity (able to monitor hundreds of thousands of devices).
|
||||
@item Auto-discovery of servers and network devices and interfaces.
|
||||
@item Low-level discovery, allows to automatically start monitoring new items, file systems or network interfaces among others.
|
||||
@item Distributed monitoring with centralized web administration.
|
||||
@item Native high performance agents.
|
||||
@item SLA, and ITIL KPI metrics on reporting.
|
||||
@item High-level (business) view of monitored resources through user-defined visual console screens and dashboards.
|
||||
@item Remote command execution through Zabbix proxies.
|
||||
@end itemize
|
||||
|
||||
@c %start of fragment
|
||||
|
||||
Available @code{zabbix-server-configuration} fields are:
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} package zabbix-server
|
||||
The zabbix-server package.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string user
|
||||
User who will run the Zabbix server.
|
||||
|
||||
Defaults to @samp{"zabbix"}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} group group
|
||||
Group who will run the Zabbix server.
|
||||
|
||||
Defaults to @samp{"zabbix"}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string db-host
|
||||
Database host name.
|
||||
|
||||
Defaults to @samp{"127.0.0.1"}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string db-name
|
||||
Database name.
|
||||
|
||||
Defaults to @samp{"zabbix"}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string db-user
|
||||
Database user.
|
||||
|
||||
Defaults to @samp{"zabbix"}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string db-password
|
||||
Database password. Please, use @code{include-files} with
|
||||
@code{DBPassword=SECRET} inside a specified file instead.
|
||||
|
||||
Defaults to @samp{""}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} number db-port
|
||||
Database port.
|
||||
|
||||
Defaults to @samp{5432}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string log-type
|
||||
Specifies where log messages are written to:
|
||||
|
||||
@itemize @bullet
|
||||
@item
|
||||
@code{system} - syslog.
|
||||
|
||||
@item
|
||||
@code{file} - file specified with @code{log-file} parameter.
|
||||
|
||||
@item
|
||||
@code{console} - standard output.
|
||||
|
||||
@end itemize
|
||||
|
||||
Defaults to @samp{""}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string log-file
|
||||
Log file name for @code{log-type} @code{file} parameter.
|
||||
|
||||
Defaults to @samp{"/var/log/zabbix/server.log"}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string pid-file
|
||||
Name of PID file.
|
||||
|
||||
Defaults to @samp{"/var/run/zabbix/zabbix_server.pid"}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string ssl-ca-location
|
||||
The location of certificate authority (CA) files for SSL server
|
||||
certificate verification.
|
||||
|
||||
Defaults to @samp{"/etc/ssl/certs/ca-certificates.crt"}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string ssl-cert-location
|
||||
Location of SSL client certificates.
|
||||
|
||||
Defaults to @samp{"/etc/ssl/certs"}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} string extra-options
|
||||
Extra options will be appended to Zabbix server configuration file.
|
||||
|
||||
Defaults to @samp{""}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
@deftypevr {@code{zabbix-server-configuration} parameter} include-files include-files
|
||||
You may include individual files or all files in a directory in the
|
||||
configuration file.
|
||||
|
||||
Defaults to @samp{()}.
|
||||
|
||||
@end deftypevr
|
||||
|
||||
|
||||
@c %end of fragment
|
||||
|
||||
@node Kerberos Services
|
||||
@subsubsection Kerberos Services
|
||||
@cindex Kerberos
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2018 Sou Bunnbu <iyzsong@member.fsf.org>
|
||||
;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>
|
||||
;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -19,17 +20,23 @@
|
|||
|
||||
(define-module (gnu services monitoring)
|
||||
#:use-module (gnu services)
|
||||
#:use-module (gnu services configuration)
|
||||
#:use-module (gnu services shepherd)
|
||||
#:use-module (gnu packages admin)
|
||||
#:use-module (gnu packages monitoring)
|
||||
#:use-module (gnu system shadow)
|
||||
#:use-module (guix gexp)
|
||||
#:use-module (guix packages)
|
||||
#:use-module (guix records)
|
||||
#:use-module (ice-9 match)
|
||||
#:use-module (srfi srfi-26)
|
||||
#:export (darkstat-configuration
|
||||
prometheus-node-exporter-configuration
|
||||
darkstat-service-type
|
||||
prometheus-node-exporter-service-type))
|
||||
prometheus-node-exporter-service-type
|
||||
|
||||
zabbix-server-configuration
|
||||
zabbix-server-service-type))
|
||||
|
||||
|
||||
;;;
|
||||
|
@ -125,3 +132,185 @@ (define prometheus-node-exporter-service-type
|
|||
(list (service-extension
|
||||
shepherd-root-service-type
|
||||
(compose list prometheus-node-exporter-shepherd-service))))))
|
||||
|
||||
|
||||
;;;
|
||||
;;; Zabbix server
|
||||
;;;
|
||||
|
||||
(define (uglify-field-name field-name)
|
||||
(apply string-append
|
||||
(map (lambda (str)
|
||||
(if (member (string->symbol str) '(ca db ssl))
|
||||
(string-upcase str)
|
||||
(string-capitalize str)))
|
||||
(string-split (string-delete #\?
|
||||
(symbol->string field-name))
|
||||
#\-))))
|
||||
|
||||
(define (serialize-field field-name val)
|
||||
(format #t "~a=~a~%" (uglify-field-name field-name) val))
|
||||
|
||||
(define (serialize-number field-name val)
|
||||
(serialize-field field-name (number->string val)))
|
||||
|
||||
(define (serialize-list field-name val)
|
||||
(if (null? val) "" (serialize-field field-name (string-join val ","))))
|
||||
|
||||
(define (serialize-string field-name val)
|
||||
(if (and (string? val) (string=? val ""))
|
||||
""
|
||||
(serialize-field field-name val)))
|
||||
|
||||
(define group? string?)
|
||||
|
||||
(define serialize-group
|
||||
(const ""))
|
||||
|
||||
(define include-files? list?)
|
||||
|
||||
(define (serialize-include-files field-name val)
|
||||
(if (null? val) "" (for-each (cut serialize-field 'include <>) val)))
|
||||
|
||||
(define extra-options? string?)
|
||||
|
||||
(define (serialize-extra-options field-name val)
|
||||
(if (null? val) "" (display val)))
|
||||
|
||||
(define-configuration zabbix-server-configuration
|
||||
(zabbix-server
|
||||
(package zabbix-server)
|
||||
"The zabbix-server package.")
|
||||
(user
|
||||
(string "zabbix")
|
||||
"User who will run the Zabbix server.")
|
||||
(group ;for zabbix-server-account procedure
|
||||
(group "zabbix")
|
||||
"Group who will run the Zabbix server.")
|
||||
(db-host
|
||||
(string "127.0.0.1")
|
||||
"Database host name.")
|
||||
(db-name
|
||||
(string "zabbix")
|
||||
"Database name.")
|
||||
(db-user
|
||||
(string "zabbix")
|
||||
"Database user.")
|
||||
(db-password
|
||||
(string "")
|
||||
"Database password. Please, use @code{include-files} with
|
||||
@code{DBPassword=SECRET} inside a specified file instead.")
|
||||
(db-port
|
||||
(number 5432)
|
||||
"Database port.")
|
||||
(log-type
|
||||
(string "")
|
||||
"Specifies where log messages are written to:
|
||||
@itemize
|
||||
@item @code{system} - syslog.
|
||||
@item @code{file} - file specified with @code{log-file} parameter.
|
||||
@item @code{console} - standard output.
|
||||
@end itemize\n")
|
||||
(log-file
|
||||
(string "/var/log/zabbix/server.log")
|
||||
"Log file name for @code{log-type} @code{file} parameter.")
|
||||
(pid-file
|
||||
(string "/var/run/zabbix/zabbix_server.pid")
|
||||
"Name of PID file.")
|
||||
(ssl-ca-location
|
||||
(string "/etc/ssl/certs/ca-certificates.crt")
|
||||
"The location of certificate authority (CA) files for SSL server
|
||||
certificate verification.")
|
||||
(ssl-cert-location
|
||||
(string "/etc/ssl/certs")
|
||||
"Location of SSL client certificates.")
|
||||
(extra-options
|
||||
(extra-options "")
|
||||
"Extra options will be appended to Zabbix server configuration file.")
|
||||
(include-files
|
||||
(include-files '())
|
||||
"You may include individual files or all files in a directory in the
|
||||
configuration file."))
|
||||
|
||||
(define (zabbix-server-account config)
|
||||
"Return the user accounts and user groups for CONFIG."
|
||||
(let ((zabbix-user (zabbix-server-configuration-user config))
|
||||
(zabbix-group (zabbix-server-configuration-group config)))
|
||||
(list (user-group (name zabbix-group) (system? #t))
|
||||
(user-account
|
||||
(name zabbix-user)
|
||||
(system? #t)
|
||||
(group zabbix-group)
|
||||
(comment "zabbix privilege separation user")
|
||||
(home-directory (string-append "/var/run/" zabbix-user))
|
||||
(shell #~(string-append #$shadow "/sbin/nologin"))))))
|
||||
|
||||
(define (zabbix-server-config-file config)
|
||||
"Return the zabbix-server configuration file corresponding to CONFIG."
|
||||
(computed-file
|
||||
"zabbix_server.conf"
|
||||
#~(begin
|
||||
(call-with-output-file #$output
|
||||
(lambda (port)
|
||||
(display "# Generated by 'zabbix-server-service'.\n" port)
|
||||
(display #$(with-output-to-string
|
||||
(lambda ()
|
||||
(serialize-configuration
|
||||
config zabbix-server-configuration-fields)))
|
||||
port)
|
||||
#t)))))
|
||||
|
||||
(define (zabbix-server-activation config)
|
||||
"Return the activation gexp for CONFIG."
|
||||
(with-imported-modules '((guix build utils)
|
||||
(ice-9 rdelim))
|
||||
#~(begin
|
||||
(use-modules (guix build utils)
|
||||
(ice-9 rdelim))
|
||||
(let ((user (getpw #$(zabbix-server-configuration-user config))))
|
||||
(for-each (lambda (file)
|
||||
(let ((directory (dirname file)))
|
||||
(mkdir-p directory)
|
||||
(chown directory (passwd:uid user) (passwd:gid user))
|
||||
(chmod directory #o755)))
|
||||
(list #$(zabbix-server-configuration-log-file config)
|
||||
#$(zabbix-server-configuration-pid-file config)
|
||||
"/etc/zabbix/maintenance.inc.php"))))))
|
||||
|
||||
(define (zabbix-server-shepherd-service config)
|
||||
"Return a <shepherd-service> for Zabbix server with CONFIG."
|
||||
(list (shepherd-service
|
||||
(provision '(zabbix-server))
|
||||
(documentation "Run Zabbix server daemon.")
|
||||
(start #~(make-forkexec-constructor
|
||||
(list #$(file-append (zabbix-server-configuration-zabbix-server config)
|
||||
"/sbin/zabbix_server")
|
||||
"--config" #$(zabbix-server-config-file config)
|
||||
"--foreground")
|
||||
#:user #$(zabbix-server-configuration-user config)
|
||||
#:group #$(zabbix-server-configuration-group config)
|
||||
#:pid-file #$(zabbix-server-configuration-pid-file config)
|
||||
#:environment-variables
|
||||
(list "SSL_CERT_DIR=/run/current-system/profile\
|
||||
/etc/ssl/certs"
|
||||
"SSL_CERT_FILE=/run/current-system/profile\
|
||||
/etc/ssl/certs/ca-certificates.crt")))
|
||||
(stop #~(make-kill-destructor)))))
|
||||
|
||||
(define zabbix-server-service-type
|
||||
(service-type
|
||||
(name 'zabbix-server)
|
||||
(extensions
|
||||
(list (service-extension shepherd-root-service-type
|
||||
zabbix-server-shepherd-service)
|
||||
(service-extension account-service-type
|
||||
zabbix-server-account)
|
||||
(service-extension activation-service-type
|
||||
zabbix-server-activation)))
|
||||
(default-value (zabbix-server-configuration))))
|
||||
|
||||
(define (generate-zabbix-server-documentation)
|
||||
(generate-documentation
|
||||
`((zabbix-server-configuration
|
||||
,zabbix-server-configuration-fields))
|
||||
'zabbix-server-configuration))
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
;;; GNU Guix --- Functional package management for GNU
|
||||
;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>
|
||||
;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -17,13 +18,19 @@
|
|||
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
(define-module (gnu tests monitoring)
|
||||
#:use-module (gnu packages databases)
|
||||
#:use-module (gnu packages monitoring)
|
||||
#:use-module (gnu services)
|
||||
#:use-module (gnu services monitoring)
|
||||
#:use-module (gnu services networking)
|
||||
#:use-module (gnu services databases)
|
||||
#:use-module (gnu services shepherd)
|
||||
#:use-module (gnu system vm)
|
||||
#:use-module (gnu system)
|
||||
#:use-module (gnu tests)
|
||||
#:use-module (guix gexp)
|
||||
#:export (%test-prometheus-node-exporter))
|
||||
#:export (%test-prometheus-node-exporter
|
||||
%test-zabbix))
|
||||
|
||||
|
||||
;;;
|
||||
|
@ -95,3 +102,161 @@ (define %test-prometheus-node-exporter
|
|||
(description "Connect to a running prometheus-node-exporter server.")
|
||||
(value (run-prometheus-node-exporter-server-test
|
||||
name %prometheus-node-exporter-os))))
|
||||
|
||||
|
||||
;;;
|
||||
;;; Zabbix
|
||||
;;;
|
||||
|
||||
(define %psql-user-create-zabbix
|
||||
"\
|
||||
sudo -u postgres psql <<< \"create user zabbix password 'zabbix';\"
|
||||
")
|
||||
|
||||
(define %psql-db-zabbix-create-script
|
||||
"\
|
||||
sudo -u postgres psql --no-align <<< \\\\du
|
||||
")
|
||||
|
||||
(define %psql-db-create-zabbix
|
||||
"\
|
||||
sudo -u postgres createdb -O zabbix -E Unicode -T template0 zabbix
|
||||
")
|
||||
|
||||
(define %psql-db-import-zabbix
|
||||
#~(format #f "\
|
||||
cat ~a | sudo -u zabbix psql zabbix;
|
||||
cat ~a | sudo -u zabbix psql zabbix;
|
||||
cat ~a | sudo -u zabbix psql zabbix;
|
||||
"
|
||||
(string-append #$zabbix-server:schema
|
||||
"/database/postgresql/schema.sql")
|
||||
(string-append #$zabbix-server:schema
|
||||
"/database/postgresql/images.sql")
|
||||
(string-append #$zabbix-server:schema
|
||||
"/database/postgresql/data.sql")))
|
||||
|
||||
(define* (run-zabbix-server-test name test-os)
|
||||
"Run tests in %ZABBIX-OS, which has zabbix running."
|
||||
(define os
|
||||
(marionette-operating-system
|
||||
test-os
|
||||
#:imported-modules '((gnu services herd))))
|
||||
|
||||
(define vm
|
||||
(virtual-machine
|
||||
(operating-system os)
|
||||
(port-forwardings '((8080 . 80)))
|
||||
(memory-size 1024)))
|
||||
|
||||
(define test
|
||||
(with-imported-modules '((gnu build marionette))
|
||||
#~(begin
|
||||
(use-modules (srfi srfi-11)
|
||||
(srfi srfi-64)
|
||||
(gnu build marionette)
|
||||
(web client)
|
||||
(web response)
|
||||
(ice-9 popen)
|
||||
(ice-9 rdelim))
|
||||
|
||||
(define marionette
|
||||
(make-marionette (list #$vm)))
|
||||
|
||||
(mkdir #$output)
|
||||
(chdir #$output)
|
||||
|
||||
(test-begin #$name)
|
||||
|
||||
;; XXX: Shepherd reads the config file *before* binding its control
|
||||
;; socket, so /var/run/shepherd/socket might not exist yet when the
|
||||
;; 'marionette' service is started.
|
||||
(test-assert "shepherd socket ready"
|
||||
(marionette-eval
|
||||
`(begin
|
||||
(use-modules (gnu services herd))
|
||||
(let loop ((i 10))
|
||||
(cond ((file-exists? (%shepherd-socket-file))
|
||||
#t)
|
||||
((> i 0)
|
||||
(sleep 1)
|
||||
(loop (- i 1)))
|
||||
(else
|
||||
'failure))))
|
||||
marionette))
|
||||
|
||||
(test-assert "postgres service running"
|
||||
(marionette-eval
|
||||
'(begin
|
||||
(use-modules (gnu services herd))
|
||||
(start-service 'postgres))
|
||||
marionette))
|
||||
|
||||
(test-eq "postgres create zabbix user"
|
||||
0
|
||||
(marionette-eval '(begin (system #$%psql-user-create-zabbix))
|
||||
marionette))
|
||||
|
||||
(test-equal "postgres find zabbix user"
|
||||
"List of roles
|
||||
Role name|Attributes|Member of
|
||||
postgres|Superuser, Create role, Create DB, Replication, Bypass RLS|{}
|
||||
zabbix||{}
|
||||
"
|
||||
(marionette-eval
|
||||
'(begin (let* ((port (open-pipe #$%psql-db-zabbix-create-script
|
||||
OPEN_READ))
|
||||
(output (read-string port))
|
||||
(status (close-pipe port)))
|
||||
output))
|
||||
marionette))
|
||||
|
||||
(test-eq "postgres create zabbix db"
|
||||
0
|
||||
(marionette-eval '(begin (system #$%psql-db-create-zabbix))
|
||||
marionette))
|
||||
|
||||
(test-eq "postgres import zabbix db"
|
||||
0
|
||||
(marionette-eval '(begin (system #$%psql-db-import-zabbix))
|
||||
marionette))
|
||||
|
||||
;; Wait for zabbix-server to be up and running.
|
||||
(test-assert "zabbix-server running"
|
||||
(marionette-eval
|
||||
'(begin
|
||||
(use-modules (gnu services herd))
|
||||
(start-service 'zabbix-server))
|
||||
marionette))
|
||||
|
||||
;; Make sure the PID file is created.
|
||||
(test-assert "zabbix-server PID file"
|
||||
(marionette-eval
|
||||
'(file-exists? "/var/run/zabbix/zabbix_server.pid")
|
||||
marionette))
|
||||
|
||||
(test-end)
|
||||
|
||||
(exit (= (test-runner-fail-count (test-runner-current)) 0)))))
|
||||
|
||||
(gexp->derivation (string-append name "-test") test))
|
||||
|
||||
(define %zabbix-os
|
||||
;; Return operating system under test.
|
||||
(let ((base-os
|
||||
(simple-operating-system
|
||||
(service dhcp-client-service-type)
|
||||
(postgresql-service)
|
||||
(service zabbix-server-service-type
|
||||
(zabbix-server-configuration
|
||||
(db-password "zabbix")
|
||||
(log-type "console"))))))
|
||||
(operating-system
|
||||
(inherit base-os)
|
||||
(packages (cons* postgresql (operating-system-packages base-os))))))
|
||||
|
||||
(define %test-zabbix
|
||||
(system-test
|
||||
(name "zabbix")
|
||||
(description "Connect to a running Zabbix")
|
||||
(value (run-zabbix-server-test name %zabbix-os))))
|
||||
|
|
Loading…
Reference in a new issue