Monit - system monitorization tool

10 August 2015

Sources:

Installation

# yum install monit

Start service

# systemctl start monit.service

Status

# monit status
# service monit status   == systemctl status monit.service

Reload after config changes

# monit reload

Permissions

# groupadd monit
# usermod -a -G monit <username>

In monitrc, allow access to users of group monit set httpd port 2812 allow @monit

Configuration

# vi /etc/monitrc


#
#       Mail format
#
set mail-format {
     from: monit@67webs.com
     subject: Monit :: $EVENT $SERVICE - $DATE
     message:
        $EVENT Service $SERVICE

        Date:           $DATE
        Action:         $ACTION
        Host:           $HOST
        Description:    $DESCRIPTION
}

#
#       Mail server: Gmail
#
# using gmail as mail server
# Must allow less secure apps in gmail my_account/sign-in & security/connected apps & sites/
#
set mailserver smtp.gmail.com port 587
        username "67webssysadm@gmail.com"
        password "monitalerts"
        using tlsv1
        with timeout 30 seconds

#
#       alerts recipient
#
set alert 67webs@gmail.com                       # receive all alerts


#
#       embedded web server
#
set httpd port 2812 and
    allow localhost      # require user 'admin' with password 'monit'
    allow alfredo:monitalerts      # require user 'admin' with password 'monit'
    allow @monit           # allow users of group 'monit' to connect (rw)
#    allow @users readonly  # allow users of group 'users' to connect readonly


###############################################################################
## Services
###############################################################################
##
## Check general system resources such as load average, cpu and memory
## usage. Each test specifies a resource, conditions and the action to be
## performed should a test fail.
#
check system system_localhost
    if loadavg (1min) > 4 then alert
    if loadavg (5min) > 3 for 4 cycles then alert
    if loadavg (15min) > 1 for 4 cycles then alert
    if memory usage > 80% for 4 cycles then alert
    if swap usage > 20% for 4 cycles then alert
    if cpu usage (user) > 80% for 4 cycles then alert
    if cpu usage (system) > 20% for 4 cycles then alert
    if cpu usage (wait) > 20% for 4 cycles then alert


    #
    #       HTTPD service
    #
    check host localhost with address localhost
        if failed port 80 protocol http then alert

    #
    #       local web
            if failed url http://67webs.com
            timeout 20 seconds for 2 cycles
            then alert


    #
    #       production web
    #
    check host production_shk.com with address www.sharingkitchn.com
            if failed url http://sharingkitchn.com/version
            timeout 20 seconds for 2 cycles
            then alert

    #
    #       staging web
    #
    check host staging_shk.com with address www.67webs.com
            if failed url http://67webs.com/version
            timeout 20 seconds for 2 cycles
            then alert

    ## Check a remote host availability by issuing a ping test and check the
    ## content of a response from a web server. Up to three pings are sent and
    ## connection to a port and an application level network check is performed.
    #
    #  check host myserver with address 192.168.1.1
    #    if failed icmp type echo count 3 with timeout 3 seconds then alert
    #    if failed port 3306 protocol mysql with timeout 15 seconds then alert
    #    if failed url http://user:password@www.foo.bar:8080/?querystring
    #       and content == 'action="j_security_check"'
    #       then alert
    #

    #
    #       nginx
    #
    check process nginx with pidfile /run/nginx.pid
        start program = "/usr/bin/systemctl start nginx.service" with timeout 60 seconds
        stop program  = "/usr/bin/systemctl stop nginx.service"
        if cpu > 60% for 2 cycles then alert
        if cpu > 80% for 5 cycles then restart
        if totalmem > 200.0 MB for 5 cycles then restart
        if children > 250 then restart
        if loadavg(5min) greater than 10 for 8 cycles then stop
        if failed host www.67webs.com port 80 protocol http
           and request "/version"
           then restart
    #    if failed port 443 type tcpssl protocol http
    #       with timeout 15 seconds
    #       then restart
        if 3 restarts within 5 cycles then timeout
        group server


    #
    #       thin server in shk-2
    #
    check process thin with pidfile /var/www/shk/shared/tmp/pids/thin.pid
         start program = "/home/deployer/.rvm/wrappers/ruby-2.2.0@shk/thin start -C /etc/thin/shk.yml" with timeout 60 seconds
         stop program = "/home/deployer/.rvm/wrappers/ruby-2.2.0@shk/thin stop -C /etc/thin/shk.yml"
         group server


    #
    #       thin server in nairobi (sharingkitchn.com)
    #
    #check process thin with pidfile /home/alfredo/rails_apps/shk/shared/tmp/pids/thin.pid
    #     start program = "/home/alfredo/.rvm/wrappers/ruby-2.2.0@global/thin start -C /etc/thin/shk.yml" with timeout 60 seconds
    #     stop program = "/home/alfredo/.rvm/wrappers/ruby-2.2.0@global/thin stop -C /etc/thin/shk.yml"
    #     group server



    #
    #       postgreSQL
    #
    check process postgresql with pidfile /var/lib/pgsql/data/postmaster.pid
        group database
        start program = "/bin/systemctl start postgresql"
        stop  program = "/bin/systemctl stop postgresql"
     if failed unixsocket /tmp/.s.PGSQL.5432 protocol pgsql then restart
     if failed unixsocket /tmp/.s.PGSQL.5432 protocol pgsql then alert
     if failed host localhost port 5432 protocol pgsql then restart
     if failed host localhost port 5432 protocol pgsql then alert
     if 5 restarts within 5 cycles then timeout



    #
    #       filesystem
    #
    check filesystem main_disk with path /dev/vda1
        if space usage > 10% then alert
        group server











set alert sysop@example.com                       # receive all alerts
set alert sysadm@example.com not on { instance }  # receive only real alerts

Logging

/var/log/monit.log

Nginx config to serve monit embedded web server: 67webs.com/monit

server {
    client_max_body_size 20M;
    client_body_temp_path /var/www/uploads_temp;
    listen  80;
    # server_name  sharingkitchn.com *.sharingkitchn.com;
    server_name  67webs.com *.67webs.com;
    root         /var/www/shk;

    location / {
            proxy_pass_header Server;
            proxy_temp_path /tmp/nginx 1 2;

            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-FORWARDED-PROTO $scheme;
            proxy_redirect off;
            proxy_pass http://localhost:3000;
            break;
            }

    # monit embedded web server
    location /monit/ {
            proxy_set_header Host $host;
            proxy_set_header  X-Real-IP  $remote_addr;
            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:2812;
            proxy_redirect false;
            rewrite ^/monit/(.*) /$1 break;
            proxy_ignore_client_abort on;
    }

    error_page 503 @503;
    # Return a 503 error if the maintenance page exists.
    if (-f /var/www/shk/shared/public/system/maintenance.html) {
      return 503;
    }

    location @503 {
      # Serve static assets if found.
      if (-f $request_filename) {
        break;
      }

      # Set root to the shared directory.
      root /var/www/shk/shared/public;
      rewrite ^(.*)$ /system/maintenance.html break;
    }

}