Forge Evolix: Demandeshttps://forge.evolix.org/https://forge.evolix.org/favicon.ico2018-11-14T22:46:27ZForge Evolix
Redmine [moved-to-gitea]evobackup - Evolution #2498 (Nouveau): bkctld ip delhttps://forge.evolix.org/issues/24982018-11-14T22:46:27ZGregory C.
<p>Feature request: have an option to delete ip address :)</p> [moved-to-gitea]evobackup - Evolution #2478 (Nouveau): log in file by defaulthttps://forge.evolix.org/issues/24782018-08-21T11:34:30ZGregory C.
<p>Please log in file by default, syslog could be just an option.</p> [moved-to-gitea]evobackup - Evolution #2454 (Nouveau): cat: /backup/jails/www00//run/sshd.pid: No...https://forge.evolix.org/issues/24542018-07-18T12:44:51ZBenoît S.
<pre>
+ DUC=/usr/bin/duc-nox
+ mkdir -p /etc/evobackup /backup/jails /backup/incs /backup/index
+ subcommand=start
+ jail=www00
+ option=
+ case "${subcommand}" in
+ '[' -n www00 ']'
+ '[' www00 = all ']'
+ '[' start '!=' restart ']'
+ sub_start www00
+ jail=www00
+ check_jail www00
+ jail=www00
+ '[' -d /backup/jails/www00 ']'
+ return 0
+ check_jail_on www00
+ jail=www00
+ return=1
+ '[' -f /backup/jails/www00//run/sshd.pid ']'
+ '[' 1 -eq 1 ']'
+ rm -f /backup/jails/www00//run/sshd.pid
+ grep -q /backup/jails/www00/proc /proc/mounts
+ umount --lazy /backup/jails/www00/proc/
+ grep -q /backup/jails/www00/dev /proc/mounts
+ umount --lazy --recursive /backup/jails/www00/dev
+ return 1
+ cd /backup/jails/www00
+ grep -q /backup/jails/www00/proc /proc/mounts
+ mount -t proc proc-www00 proc
+ grep -q /backup/jails/www00/dev /proc/mounts
+ mount -nt tmpfs dev-www00 dev
+ '[' -e dev/console ']'
+ mknod -m 622 dev/console c 5 1
+ '[' -e dev/null ']'
+ mknod -m 666 dev/null c 1 3
+ '[' -e dev/zero ']'
+ mknod -m 666 dev/zero c 1 5
+ '[' -e dev/ptmx ']'
+ mknod -m 666 dev/ptmx c 5 2
+ '[' -e dev/tty ']'
+ mknod -m 666 dev/tty c 5 0
+ '[' -e dev/random ']'
+ mknod -m 444 dev/random c 1 8
+ '[' -e dev/urandom ']'
+ mknod -m 444 dev/urandom c 1 9
+ chown root:tty dev/console dev/ptmx dev/tty
+ ln -fs proc/self/fd dev/fd
+ ln -fs proc/self/fd/0 dev/stdin
+ ln -fs proc/self/fd/1 dev/stdout
+ ln -fs proc/self/fd/2 dev/stderr
+ ln -fs proc/kcore dev/core
+ mkdir -p dev/pts
+ mkdir -p dev/shm
+ grep -q /backup/jails/www00/dev/pts /proc/mounts
+ mount -t devpts -o gid=4,mode=620 none dev/pts
+ grep -q /backup/jails/www00/dev/shm /proc/mounts
+ mount -t tmpfs none dev/shm
+ chroot /backup/jails/www00 /usr/sbin/sshd -E /var/log/authlog
++ cat /backup/jails/www00//run/sshd.pid
cat: /backup/jails/www00//run/sshd.pid: No such file or directory
+ pid=
+ notice 'www00 was started []'
+ msg='www00 was started []'
+ tty -s
+ echo 'www00 was started []'
www00 was started []
+ '[' 6 -ge 5 ']'
+ logger -t bkctld -p daemon.notice 'www00 was started []'
</pre>
<p>Il manque de vérifier le code de sortie ?<br />ou de fail/exit si ! -f /backup/jails/www00//run/sshd.pid ?</p>
<pre>
+ chroot /backup/jails/www00 /usr/sbin/sshd -E /var/log/authlog
++ cat /backup/jails/www00//run/sshd.pid
cat: /backup/jails/www00//run/sshd.pid: No such file or directory
+ pid=
</pre>
<p>Note : pas grave, mais y'a un / en trop au cat.</p> [moved-to-gitea]evobackup - Anomalie #2391 (In Progress): check_nrpe doesn't raise a CRITICAL sta...https://forge.evolix.org/issues/23912018-02-15T15:57:18ZRomain D.
<p>The check should be run as root but doesn't complaint if it is not:</p>
<pre># sudo -u nagios /usr/lib/nagios/plugins/check_bkctld
ls: cannot open directory '/backup/jails': Permission denied
OK - Nothing to signal</pre>
I suggest the following changes:
<ul>
<li>add a <code>set -e</code> so that the script exits with code ≠ 0 if anything goes wrong</li>
<li>add a portion of code to explicitly check if /backup is mounted (usually not the case after rebooting a server if /backup have to be decrypted manually.</li>
<li>and of course the check must be run as root</li>
</ul>
<p>Here is a full patch (ignoring indentation change):<br /><pre>--- check_nrpe 2018-02-15 10:50:13.430996320 -0500
+++ check_nrpe.suggest 2018-02-15 10:50:28.994950465 -0500
@@ -4,6 +4,10 @@
#
# Copyright (c) 2017 Victor Laborie <vlaborie@evolix.fr>
#
+# Note: the script must be run as root.
+#
+
+set -e
[ -f /etc/default/bkctld ] && . /etc/default/bkctld
@@ -15,6 +19,7 @@
cur_time=$(date "+%s")
return=0
+if mount |grep -q "on /backup "; then
jails=$(ls "$JAILDIR")
for jail in $jails; do
if [ -f "$JAILDIR/$jail/var/log/lastlog" ]; then
@@ -32,6 +37,10 @@
return=2
fi
done
+else
+ echo "CRITICAL - /backup not mounted"
+ return=2
+fi
[ "$return" -eq 0 ] && echo "OK - Nothing to signal"
</pre></p> [moved-to-gitea]evocheck - Evolution #2333 (Nouveau): Vérifier la locale du serveurhttps://forge.evolix.org/issues/23332017-10-27T09:25:16ZBenoît S.
<p>Parfois le serveur est installé par le client avec une locale fr_FR… ou autre cas qui fait que la locale est FR est pas en_US.</p>
<p>Je propose de rajouter un evocheck pour être sur que la locale soit en_US.</p> [moved-to-gitea]evocheck - Evolution #2329 (Nouveau): Absence date dans commande history https://forge.evolix.org/issues/23292017-10-24T15:12:24ZBruno T.
<p>Sur certains serveur, il manque la date dans la commande history.</p>
<p>Cf ticket #26897</p> [moved-to-gitea]evocheck - Evolution #2328 (Nouveau): IS_BADRESOLVERhttps://forge.evolix.org/issues/23282017-10-23T15:29:40ZBenoît S.
<p>Détecter la présence de mauvais résolveur dans /etc/resolv.conf<br />Surtout : 31.170.8.53<br />Bonus : 8.8.8.8 et 8.8.4.4 ?</p> [moved-to-gitea]evocheck - Evolution #2261 (Nouveau): no output error if iptables not installedhttps://forge.evolix.org/issues/22612017-09-28T23:35:05ZGregory C.
<p>if no iptables, output is :</p>
<p>IS_ALERT5MINIFW FAILED!<br />/usr/share/scripts/evocheck.sh: line 238: /sbin/iptables: No such file or directory<br />IS_MINIFW FAILED!</p>
<p>We should verify if /sbin/iptables exists and avoid "No such file or directory" line</p> [moved-to-gitea]evobackup - Evolution #2237 (Nouveau): Warning when start a jail in stretchhttps://forge.evolix.org/issues/22372017-08-17T13:00:49ZBenoît S.
<pre>
root@componize-backup2:~# bkctld start customer-eu
Start jail customer-eu .../etc/ssh/sshd_config line 8: Deprecated option KeyRegenerationInterval
/etc/ssh/sshd_config line 9: Deprecated option ServerKeyBits
/etc/ssh/sshd_config line 15: Deprecated option RSAAuthentication
/etc/ssh/sshd_config line 20: Deprecated option RhostsRSAAuthentication
/etc/ssh/sshd_config line 31: Deprecated option UseLogin
...OK
</pre> [moved-to-gitea]evocheck - Evolution #2210 (Nouveau): add initrd verificationhttps://forge.evolix.org/issues/22102017-07-07T09:51:11ZGregory C.
<p>we could add a check to verify if the initrd is here et is right for the installed kernel</p>
<p>VERSION = dpkg -l linux-image* blabla<br />test if /boot/initrd*VERSION is gzip compressed data</p> [moved-to-gitea]evocheck - Anomalie #2171 (Nouveau): Condition IS_NOTUPGRADEDhttps://forge.evolix.org/issues/21712017-04-04T13:34:48ZBenoît S.
<pre>
15:26:58 <benpro> +++ zgrep -h upgrade /var/log/dpkg.log
15:26:58 <benpro> ++ date +%s -d
15:26:58 <benpro> date: option requires an argument -- 'd'
15:26:58 <benpro> Try 'date --help' for more information.
15:26:59 <benpro> + last_upgrade=
15:27:10 <benpro> y'a un cas à gérer si le grep retourne rien
</pre>
<p>Il semblerait que dans certains cas <code>zgrep -h upgrade /var/log/dpkg.log</code> ne retourne rien et casse le check.<br />Il faudrait ajouter une condition.</p> [moved-to-gitea]evocheck - Evolution #2133 (Nouveau): IS_BACKUPEDhttps://forge.evolix.org/issues/21332017-02-06T16:10:25ZBenoît S.
<p>Un simple check qui vérifie que evobackup (zzz_evobackup ou équivalent) est lancé et fonctionne (grep log cron ?).<br />S'il n'est pas présent ou qu'il sort une erreur : IS_BACKUPED FAIL!<br />Si le serveur n'est pas backupé pour une raison précise ou pourra l'exclure via evocheck.cf</p> [moved-to-gitea]evobackup - Evolution #2126 (Nouveau): bkctld ip domain_namehttps://forge.evolix.org/issues/21262017-02-01T15:29:40ZVictor Evolix L.
<p>Allow usage of domain name for bkctl ip command.</p> [moved-to-gitea]evocheck - Evolution #2116 (Nouveau): IS_USERLOGROTATE cherche que dans cron.weeklyhttps://forge.evolix.org/issues/21162017-01-18T10:44:36ZBenoît S.
<p>Devrait aussi chercher dans cron.daily.</p> [moved-to-gitea]evocheck - Evolution #2114 (Nouveau): IS_BADLOGhttps://forge.evolix.org/issues/21142017-01-12T08:51:57ZBenoît S.
<p>L'idée c'est de repérer des logs « mal nommés » qui ne passeront pas au logrotate.</p>
<p>Par exemple, le logrotate nginx c'est /var/log/nginx/*.log.<br />Or, il arrive (pourquoi ?) qu'il y ait des fichiers de type /var/log/nginx/access_log. Ça ne matche pas et ce n'est pas rotaté.<br />Pour moi il faudrait un check qui interdissent des logs sans le format « .log » « _log » à banir.<br />Ou on modifie nos logrotate pour gérer « *_log », mais bon…</p>