diff options
Diffstat (limited to 'gnu/services/monitoring.scm')
-rw-r--r-- | gnu/services/monitoring.scm | 187 |
1 files changed, 120 insertions, 67 deletions
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index f15450eed5..92c49c513b 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2018 Sou Bunnbu <iyzsong@member.fsf.org> ;;; Copyright © 2018, 2019 Gábor Boskovits <boskovits@gmail.com> ;;; Copyright © 2018, 2019, 2020 Oleg Pykhalov <go.wigust@gmail.com> +;;; Copyright © 2022 Marius Bakke <marius@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -211,13 +212,16 @@ Prometheus.") #\-)))) (define (serialize-field field-name val) - (format #t "~a=~a~%" (uglify-field-name field-name) val)) + #~(format #f "~a=~a~%" #$(uglify-field-name field-name) #$val)) (define (serialize-number field-name val) (serialize-field field-name (number->string val))) (define (serialize-list field-name val) - (if (null? val) "" (serialize-field field-name (string-join val ",")))) + #~(if (null? '#$val) + "" + #$(serialize-field field-name (string-join val ",")))) + (define (serialize-string field-name val) (if (and (string? val) (string=? val "")) @@ -232,12 +236,12 @@ Prometheus.") (define include-files? list?) (define (serialize-include-files field-name val) - (if (null? val) "" (for-each (cut serialize-field 'include <>) val))) + #~(string-append #$@(map (cut serialize-field 'include <>) val))) (define extra-options? string?) (define (serialize-extra-options field-name val) - (if (null? val) "" (display val))) + #~(if (= 0 (string-length #$val)) "" #$(format #f "~a~%" val))) (define (nginx-server-configuration-list? val) (and (list? val) (and-map nginx-server-configuration? val))) @@ -320,13 +324,9 @@ configuration file.")) #~(begin (call-with-output-file #$output (lambda (port) - (display "# Generated by 'zabbix-server-service'.\n" port) - (display #$(with-output-to-string - (lambda () - (serialize-configuration - config zabbix-server-configuration-fields))) - port) - #t))))) + (format port "# Generated by 'zabbix-server-service'.~%") + (format port #$(serialize-configuration + config zabbix-server-configuration-fields))))))) (define (zabbix-server-activation config) "Return the activation gexp for CONFIG." @@ -334,7 +334,6 @@ configuration file.")) #~(begin (use-modules (guix build utils) (ice-9 rdelim)) - (let ((user (getpw #$(zabbix-server-configuration-user config)))) (for-each (lambda (file) (let ((directory (dirname file))) @@ -345,25 +344,69 @@ configuration file.")) #$(zabbix-server-configuration-pid-file config) "/etc/zabbix/maintenance.inc.php")))))) +(define (zabbix-server-runtime-control-procedure zabbix-server config command) + ;; XXX: This is duplicated from mcron; factorize. + #~(lambda (_ . args) + ;; Run 'zabbix_server' in a pipe so we can explicitly redirect its output + ;; to 'current-output-port', which at this stage is bound to the client + ;; connection. + (let ((pipe (apply open-pipe* OPEN_READ #$zabbix-server + "--config" #$config + "-R" #$command args))) + (let loop () + (match (read-line pipe 'concat) + ((? eof-object?) + (catch 'system-error + (lambda () + (zero? (close-pipe pipe))) + (lambda args + ;; There's a race with the SIGCHLD handler, which could + ;; call 'waitpid' before 'close-pipe' above does. If we + ;; get ECHILD, that means we lost the race; in that case, we + ;; cannot tell what the exit code was (FIXME). + (or (= ECHILD (system-error-errno args)) + (apply throw args))))) + (line + (display line) + (loop))))))) + +;; Provide shepherd actions for common "zabbix_server -R" commands +;; mainly for a convenient way to use the correct configuration file. +(define (zabbix-server-actions zabbix-server config) + (list (shepherd-action + (name 'reload-config-cache) + (documentation "Reload the configuration cache.") + (procedure (zabbix-server-runtime-control-procedure + zabbix-server config "config_cache_reload"))) + (shepherd-action + (name 'reload-snmp-cache) + (documentation "Reload SNMP cache.") + (procedure (zabbix-server-runtime-control-procedure + zabbix-server config "snmp_cache_reload"))))) + (define (zabbix-server-shepherd-service config) "Return a <shepherd-service> for Zabbix server with CONFIG." - (list (shepherd-service - (provision '(zabbix-server)) - (documentation "Run Zabbix server daemon.") - (start #~(make-forkexec-constructor - (list #$(file-append (zabbix-server-configuration-zabbix-server config) - "/sbin/zabbix_server") - "--config" #$(zabbix-server-config-file config) - "--foreground") - #:user #$(zabbix-server-configuration-user config) - #:group #$(zabbix-server-configuration-group config) - #:pid-file #$(zabbix-server-configuration-pid-file config) - #:environment-variables - (list "SSL_CERT_DIR=/run/current-system/profile\ + (let ((zabbix-server + (file-append (zabbix-server-configuration-zabbix-server config) + "/sbin/zabbix_server")) + (config-file (zabbix-server-config-file config))) + (list (shepherd-service + (provision '(zabbix-server)) + (documentation "Run the Zabbix server daemon.") + (actions (zabbix-server-actions zabbix-server config-file)) + (start #~(make-forkexec-constructor + (list #$zabbix-server + "--config" #$config-file + "--foreground") + #:user #$(zabbix-server-configuration-user config) + #:group #$(zabbix-server-configuration-group config) + #:pid-file #$(zabbix-server-configuration-pid-file config) + #:environment-variables + (list "SSL_CERT_DIR=/run/current-system/profile\ /etc/ssl/certs" - "SSL_CERT_FILE=/run/current-system/profile\ + "SSL_CERT_FILE=/run/current-system/profile\ /etc/ssl/certs/ca-certificates.crt"))) - (stop #~(make-kill-destructor))))) + (stop #~(make-kill-destructor)))))) (define zabbix-server-service-type (service-type @@ -431,8 +474,8 @@ configuration file.")) (define (zabbix-agent-account config) "Return the user accounts and user groups for CONFIG." - (let ((zabbix-user "zabbix") - (zabbix-group "zabbix")) + (let ((zabbix-user (zabbix-agent-configuration-user config)) + (zabbix-group (zabbix-agent-configuration-group config))) (list (user-group (name zabbix-group) (system? #t)) (user-account (name zabbix-user) @@ -465,13 +508,9 @@ configuration file.")) #~(begin (call-with-output-file #$output (lambda (port) - (display "# Generated by 'zabbix-agent-service'.\n" port) - (display #$(with-output-to-string - (lambda () - (serialize-configuration - config zabbix-agent-configuration-fields))) - port) - #t))))) + (format port "# Generated by 'zabbix-agent-service'.~%") + (format port #$(serialize-configuration + config zabbix-agent-configuration-fields))))))) (define (zabbix-agent-shepherd-service config) "Return a <shepherd-service> for Zabbix agent with CONFIG." @@ -490,7 +529,9 @@ configuration file.")) (list "SSL_CERT_DIR=/run/current-system/profile\ /etc/ssl/certs" "SSL_CERT_FILE=/run/current-system/profile\ -/etc/ssl/certs/ca-certificates.crt"))) +/etc/ssl/certs/ca-certificates.crt" + "PATH=/run/setuid-programs:\ +/run/current-system/profile/bin:/run/current-system/profile/sbin"))) (stop #~(make-kill-destructor))))) (define zabbix-agent-service-type @@ -526,15 +567,25 @@ fastcgi_param PHP_VALUE \"post_max_size = 16M "))))))) (listen '("80")))) +(define (zabbix-front-end-nginx-extension config) + (match config + (($ <zabbix-front-end-configuration> _ server nginx) + (if (null? nginx) + (list + (nginx-server-configuration + (inherit %zabbix-front-end-configuration-nginx) + (root #~(string-append #$server:front-end "/share/zabbix/php")))) + nginx)))) + (define-configuration zabbix-front-end-configuration - ;; TODO: Specify zabbix front-end package. - ;; (zabbix- - ;; (file-like zabbix-front-end) - ;; "The zabbix-front-end package.") + (zabbix-server + (file-like zabbix-server) + "The Zabbix server package to use.") (nginx - (nginx-server-configuration-list - (list %zabbix-front-end-configuration-nginx)) - "NGINX configuration.") + (list '()) + "List of @ref{nginx-server-configuration,@code{nginx-server-configuration}} +blocks for the Zabbix front-end. When empty, a default that listens on port 80 +is used.") (db-host (string "localhost") "Database host name.") @@ -577,33 +628,35 @@ $DB['SERVER'] = '" db-host "'; $DB['PORT'] = '" (number->string db-port) "'; $DB['DATABASE'] = '" db-name "'; $DB['USER'] = '" db-user "'; -$DB['PASSWORD'] = '" (let ((file (location-file %location)) - (line (location-line %location)) - (column (location-column %location))) - (if (string-null? db-password) - (if (string-null? db-secret-file) - (raise (make-compound-condition - (condition - (&message - (message - (format #f "no '~A' or '~A' field in your '~A' record" - 'db-secret-file 'db-password - 'zabbix-front-end-configuration)))) - (condition - (&error-location - (location %location))))) - (string-trim-both - (with-input-from-file db-secret-file - read-string))) - (begin - (display-hint (format #f (G_ "~a:~a:~a: ~a: +$DB['PASSWORD'] = " (let ((file (location-file %location)) + (line (location-line %location)) + (column (location-column %location))) + (if (string-null? db-password) + (if (string-null? db-secret-file) + (raise (make-compound-condition + (condition + (&message + (message + (format #f "no '~A' or '~A' field in your '~A' record" + 'db-secret-file 'db-password + 'zabbix-front-end-configuration)))) + (condition + (&error-location + (location %location))))) + (string-append "trim(file_get_contents('" + db-secret-file "'));\n")) + (begin + (display-hint (format #f (G_ "~a:~a:~a: ~a: Consider using @code{db-secret-file} instead of @code{db-password} for better security.") file line column 'zabbix-front-end-configuration)) - db-password))) "'; - + (format #f "'~a';~%" db-password)))) + " // Schema name. Used for IBM DB2 and PostgreSQL. $DB['SCHEMA'] = ''; +// Use IEEE754 compatible value range for 64-bit Numeric (float) history values. +$DB['DOUBLE_IEEE754'] = true; + $ZBX_SERVER = '" zabbix-host "'; $ZBX_SERVER_PORT = '" (number->string zabbix-port) "'; $ZBX_SERVER_NAME = ''; @@ -637,7 +690,7 @@ $IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG; (list (service-extension activation-service-type zabbix-front-end-activation) (service-extension nginx-service-type - zabbix-front-end-configuration-nginx) + zabbix-front-end-nginx-extension) ;; Make sure php-fpm is instantiated. (service-extension php-fpm-service-type (const #t)))) |