aboutsummaryrefslogtreecommitdiff
path: root/gnu/services
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-12-22 15:26:30 +0100
committerMarius Bakke <mbakke@fastmail.com>2018-12-22 15:26:30 +0100
commitf30830b2e67d973f2363903dbe5b27269da1901a (patch)
tree851a3a361cde2e083c418c54a1932bd57096c5a0 /gnu/services
parent34f1838f04c7c359da8dbba86817499630ce7f01 (diff)
parent25ec3684e3529fae290d389ba11755c7e7c016ea (diff)
downloadpatches-f30830b2e67d973f2363903dbe5b27269da1901a.tar
patches-f30830b2e67d973f2363903dbe5b27269da1901a.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/base.scm10
-rw-r--r--gnu/services/monitoring.scm467
-rw-r--r--gnu/services/shepherd.scm12
-rw-r--r--gnu/services/web.scm48
4 files changed, 514 insertions, 23 deletions
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index b10f5cbaf1..67bdaef18c 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1967,7 +1967,15 @@ item of @var{packages}."
(respawn? #f)
;; We need additional modules.
(modules `((gnu build linux-boot)
- ,@%default-modules))))))))
+ ,@%default-modules))
+
+ (actions (list (shepherd-action
+ (name 'rules)
+ (documentation "Display the directory containing
+the udev rules in use.")
+ (procedure #~(lambda (_)
+ (display #$rules)
+ (newline))))))))))))
(define udev-service-type
(service-type (name 'udev)
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index aa3b63a0e4..685641f110 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Sou Bunnbu <iyzsong@member.fsf.org>
;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>
+;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -19,17 +20,32 @@
(define-module (gnu services monitoring)
#:use-module (gnu services)
+ #:use-module (gnu services configuration)
#:use-module (gnu services shepherd)
+ #:use-module (gnu services web)
#:use-module (gnu packages admin)
#:use-module (gnu packages monitoring)
#:use-module (gnu system shadow)
#:use-module (guix gexp)
+ #:use-module (guix packages)
#:use-module (guix records)
+ #:use-module ((guix ui) #:select (display-hint))
#:use-module (ice-9 match)
+ #:use-module (ice-9 rdelim)
+ #:use-module (srfi srfi-26)
+ #:use-module (srfi srfi-35)
#:export (darkstat-configuration
prometheus-node-exporter-configuration
darkstat-service-type
- prometheus-node-exporter-service-type))
+ prometheus-node-exporter-service-type
+
+ zabbix-server-configuration
+ zabbix-server-service-type
+ zabbix-agent-configuration
+ zabbix-agent-service-type
+ zabbix-front-end-configuration
+ zabbix-front-end-service-type
+ %zabbix-front-end-configuration-nginx))
;;;
@@ -125,3 +141,452 @@ prometheus.")
(list (service-extension
shepherd-root-service-type
(compose list prometheus-node-exporter-shepherd-service))))))
+
+
+;;;
+;;; Zabbix server
+;;;
+
+(define (uglify-field-name field-name)
+ (apply string-append
+ (map (lambda (str)
+ (if (member (string->symbol str) '(ca db ssl))
+ (string-upcase str)
+ (string-capitalize str)))
+ (string-split (string-delete #\?
+ (symbol->string field-name))
+ #\-))))
+
+(define (serialize-field field-name val)
+ (format #t "~a=~a~%" (uglify-field-name field-name) val))
+
+(define (serialize-number field-name val)
+ (serialize-field field-name (number->string val)))
+
+(define (serialize-list field-name val)
+ (if (null? val) "" (serialize-field field-name (string-join val ","))))
+
+(define (serialize-string field-name val)
+ (if (and (string? val) (string=? val ""))
+ ""
+ (serialize-field field-name val)))
+
+(define group? string?)
+
+(define serialize-group
+ (const ""))
+
+(define include-files? list?)
+
+(define (serialize-include-files field-name val)
+ (if (null? val) "" (for-each (cut serialize-field 'include <>) val)))
+
+(define extra-options? string?)
+
+(define (serialize-extra-options field-name val)
+ (if (null? val) "" (display val)))
+
+(define (nginx-server-configuration-list? val)
+ (and (list? val) (and-map nginx-server-configuration? val)))
+
+(define (serialize-nginx-server-configuration-list field-name val)
+ "")
+
+(define-configuration zabbix-server-configuration
+ (zabbix-server
+ (package zabbix-server)
+ "The zabbix-server package.")
+ (user
+ (string "zabbix")
+ "User who will run the Zabbix server.")
+ (group ;for zabbix-server-account procedure
+ (group "zabbix")
+ "Group who will run the Zabbix server.")
+ (db-host
+ (string "127.0.0.1")
+ "Database host name.")
+ (db-name
+ (string "zabbix")
+ "Database name.")
+ (db-user
+ (string "zabbix")
+ "Database user.")
+ (db-password
+ (string "")
+ "Database password. Please, use @code{include-files} with
+@code{DBPassword=SECRET} inside a specified file instead.")
+ (db-port
+ (number 5432)
+ "Database port.")
+ (log-type
+ (string "")
+ "Specifies where log messages are written to:
+@itemize
+@item @code{system} - syslog.
+@item @code{file} - file specified with @code{log-file} parameter.
+@item @code{console} - standard output.
+@end itemize\n")
+ (log-file
+ (string "/var/log/zabbix/server.log")
+ "Log file name for @code{log-type} @code{file} parameter.")
+ (pid-file
+ (string "/var/run/zabbix/zabbix_server.pid")
+ "Name of PID file.")
+ (ssl-ca-location
+ (string "/etc/ssl/certs/ca-certificates.crt")
+ "The location of certificate authority (CA) files for SSL server
+certificate verification.")
+ (ssl-cert-location
+ (string "/etc/ssl/certs")
+ "Location of SSL client certificates.")
+ (extra-options
+ (extra-options "")
+ "Extra options will be appended to Zabbix server configuration file.")
+ (include-files
+ (include-files '())
+ "You may include individual files or all files in a directory in the
+configuration file."))
+
+(define (zabbix-server-account config)
+ "Return the user accounts and user groups for CONFIG."
+ (let ((zabbix-user (zabbix-server-configuration-user config))
+ (zabbix-group (zabbix-server-configuration-group config)))
+ (list (user-group (name zabbix-group) (system? #t))
+ (user-account
+ (name zabbix-user)
+ (system? #t)
+ (group zabbix-group)
+ (comment "zabbix privilege separation user")
+ (home-directory (string-append "/var/run/" zabbix-user))
+ (shell #~(string-append #$shadow "/sbin/nologin"))))))
+
+(define (zabbix-server-config-file config)
+ "Return the zabbix-server configuration file corresponding to CONFIG."
+ (computed-file
+ "zabbix_server.conf"
+ #~(begin
+ (call-with-output-file #$output
+ (lambda (port)
+ (display "# Generated by 'zabbix-server-service'.\n" port)
+ (display #$(with-output-to-string
+ (lambda ()
+ (serialize-configuration
+ config zabbix-server-configuration-fields)))
+ port)
+ #t)))))
+
+(define (zabbix-server-activation config)
+ "Return the activation gexp for CONFIG."
+ (with-imported-modules '((guix build utils)
+ (ice-9 rdelim))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 rdelim))
+ (let ((user (getpw #$(zabbix-server-configuration-user config))))
+ (for-each (lambda (file)
+ (let ((directory (dirname file)))
+ (mkdir-p directory)
+ (chown directory (passwd:uid user) (passwd:gid user))
+ (chmod directory #o755)))
+ (list #$(zabbix-server-configuration-log-file config)
+ #$(zabbix-server-configuration-pid-file config)
+ "/etc/zabbix/maintenance.inc.php"))))))
+
+(define (zabbix-server-shepherd-service config)
+ "Return a <shepherd-service> for Zabbix server with CONFIG."
+ (list (shepherd-service
+ (provision '(zabbix-server))
+ (documentation "Run Zabbix server daemon.")
+ (start #~(make-forkexec-constructor
+ (list #$(file-append (zabbix-server-configuration-zabbix-server config)
+ "/sbin/zabbix_server")
+ "--config" #$(zabbix-server-config-file config)
+ "--foreground")
+ #:user #$(zabbix-server-configuration-user config)
+ #:group #$(zabbix-server-configuration-group config)
+ #:pid-file #$(zabbix-server-configuration-pid-file config)
+ #:environment-variables
+ (list "SSL_CERT_DIR=/run/current-system/profile\
+/etc/ssl/certs"
+ "SSL_CERT_FILE=/run/current-system/profile\
+/etc/ssl/certs/ca-certificates.crt")))
+ (stop #~(make-kill-destructor)))))
+
+(define zabbix-server-service-type
+ (service-type
+ (name 'zabbix-server)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ zabbix-server-shepherd-service)
+ (service-extension account-service-type
+ zabbix-server-account)
+ (service-extension activation-service-type
+ zabbix-server-activation)))
+ (default-value (zabbix-server-configuration))))
+
+(define (generate-zabbix-server-documentation)
+ (generate-documentation
+ `((zabbix-server-configuration
+ ,zabbix-server-configuration-fields))
+ 'zabbix-server-configuration))
+
+(define-configuration zabbix-agent-configuration
+ (zabbix-agent
+ (package zabbix-agentd)
+ "The zabbix-agent package.")
+ (user
+ (string "zabbix")
+ "User who will run the Zabbix agent.")
+ (group
+ (group "zabbix")
+ "Group who will run the Zabbix agent.")
+ (hostname
+ (string "Zabbix server")
+ "Unique, case sensitive hostname which is required for active checks and
+must match hostname as configured on the server.")
+ (log-type
+ (string "")
+ "Specifies where log messages are written to:
+@itemize
+@item @code{system} - syslog.
+@item @code{file} - file specified with @code{log-file} parameter.
+@item @code{console} - standard output.
+@end itemize\n")
+ (log-file
+ (string "/var/log/zabbix/agent.log")
+ "Log file name for @code{log-type} @code{file} parameter.")
+ (pid-file
+ (string "/var/run/zabbix/zabbix_agent.pid")
+ "Name of PID file.")
+ (server
+ (list '("127.0.0.1"))
+ "List of IP addresses, optionally in CIDR notation, or hostnames of Zabbix
+servers and Zabbix proxies. Incoming connections will be accepted only from
+the hosts listed here.")
+ (server-active
+ (list '("127.0.0.1"))
+ "List of IP:port (or hostname:port) pairs of Zabbix servers and Zabbix
+proxies for active checks. If port is not specified, default port is used.
+If this parameter is not specified, active checks are disabled.")
+ (extra-options
+ (extra-options "")
+ "Extra options will be appended to Zabbix server configuration file.")
+ (include-files
+ (include-files '())
+ "You may include individual files or all files in a directory in the
+configuration file."))
+
+(define (zabbix-agent-account config)
+ "Return the user accounts and user groups for CONFIG."
+ (let ((zabbix-user "zabbix")
+ (zabbix-group "zabbix"))
+ (list (user-group (name zabbix-group) (system? #t))
+ (user-account
+ (name zabbix-user)
+ (system? #t)
+ (group zabbix-group)
+ (comment "zabbix privilege separation user")
+ (home-directory (string-append "/var/run/" zabbix-user))
+ (shell #~(string-append #$shadow "/sbin/nologin"))))))
+
+(define (zabbix-agent-activation config)
+ "Return the activation gexp for CONFIG."
+ (with-imported-modules '((guix build utils)
+ (ice-9 rdelim))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 rdelim))
+ (let ((user
+ (getpw #$(zabbix-agent-configuration-user config))))
+ (for-each (lambda (file)
+ (let ((directory (dirname file)))
+ (mkdir-p directory)
+ (chown directory (passwd:uid user) (passwd:gid user))
+ (chmod directory #o755)))
+ (list #$(zabbix-agent-configuration-log-file config)
+ #$(zabbix-agent-configuration-pid-file config)))))))
+
+(define (zabbix-agent-config-file config)
+ "Return the zabbix-agent configuration file corresponding to CONFIG."
+ (computed-file
+ "zabbix_agent.conf"
+ #~(begin
+ (call-with-output-file #$output
+ (lambda (port)
+ (display "# Generated by 'zabbix-agent-service'.\n" port)
+ (display #$(with-output-to-string
+ (lambda ()
+ (serialize-configuration
+ config zabbix-agent-configuration-fields)))
+ port)
+ #t)))))
+
+(define (zabbix-agent-shepherd-service config)
+ "Return a <shepherd-service> for Zabbix agent with CONFIG."
+ (list (shepherd-service
+ (provision '(zabbix-agent))
+ (documentation "Run Zabbix agent daemon.")
+ (start #~(make-forkexec-constructor
+ (list #$(file-append (zabbix-agent-configuration-zabbix-agent config)
+ "/sbin/zabbix_agentd")
+ "--config" #$(zabbix-agent-config-file config)
+ "--foreground")
+ #:user #$(zabbix-agent-configuration-user config)
+ #:group #$(zabbix-agent-configuration-group config)
+ #:pid-file #$(zabbix-agent-configuration-pid-file config)
+ #:environment-variables
+ (list "SSL_CERT_DIR=/run/current-system/profile\
+/etc/ssl/certs"
+ "SSL_CERT_FILE=/run/current-system/profile\
+/etc/ssl/certs/ca-certificates.crt")))
+ (stop #~(make-kill-destructor)))))
+
+(define zabbix-agent-service-type
+ (service-type
+ (name 'zabbix-agent)
+ (extensions
+ (list (service-extension shepherd-root-service-type
+ zabbix-agent-shepherd-service)
+ (service-extension account-service-type
+ zabbix-agent-account)
+ (service-extension activation-service-type
+ zabbix-agent-activation)))
+ (default-value (zabbix-agent-configuration))))
+
+(define (generate-zabbix-agent-documentation)
+ (generate-documentation
+ `((zabbix-agent-configuration
+ ,zabbix-agent-configuration-fields))
+ 'zabbix-agent-configuration))
+
+(define %zabbix-front-end-configuration-nginx
+ (nginx-server-configuration
+ (root #~(string-append #$zabbix-server:front-end "/share/zabbix/php"))
+ (index '("index.php"))
+ (locations
+ (let ((php-location (nginx-php-location)))
+ (list (nginx-location-configuration
+ (inherit php-location)
+ (body (append (nginx-location-configuration-body php-location)
+ (list "
+fastcgi_param PHP_VALUE \"post_max_size = 16M
+ max_execution_time = 300\";
+")))))))))
+
+(define-configuration zabbix-front-end-configuration
+ ;; TODO: Specify zabbix front-end package.
+ ;; (zabbix-
+ ;; (package zabbix-front-end)
+ ;; "The zabbix-front-end package.")
+ (nginx
+ (nginx-server-configuration-list
+ (list %zabbix-front-end-configuration-nginx))
+ "NGINX configuration.")
+ (db-host
+ (string "localhost")
+ "Database host name.")
+ (db-port
+ (number 5432)
+ "Database port.")
+ (db-name
+ (string "zabbix")
+ "Database name.")
+ (db-user
+ (string "zabbix")
+ "Database user.")
+ (db-password
+ (string "")
+ "Database password. Please, use @code{db-secret-file} instead.")
+ (db-secret-file
+ (string "")
+ "Secret file which will be appended to @file{zabbix.conf.php} file. This
+file contains credentials for use by Zabbix front-end. You are expected to
+create it manually.")
+ (zabbix-host
+ (string "localhost")
+ "Zabbix server hostname.")
+ (zabbix-port
+ (number 10051)
+ "Zabbix server port."))
+
+(define zabbix-front-end-config
+ (match-lambda
+ (($ <zabbix-front-end-configuration>
+ _ db-host db-port db-name db-user db-password db-secret-file
+ zabbix-host zabbix-port)
+ (mixed-text-file "zabbix.conf.php"
+ "\
+<?php
+// Zabbix GUI configuration file.
+global $DB;
+
+$DB['TYPE'] = 'POSTGRESQL';
+$DB['SERVER'] = '" db-host "';
+$DB['PORT'] = '" (number->string db-port) "';
+$DB['DATABASE'] = '" db-name "';
+$DB['USER'] = '" db-user "';
+$DB['PASSWORD'] = '" (if (string-null? db-password)
+ (if (string-null? db-secret-file)
+ (raise (condition
+ (&message
+ (message "\
+you must provide either 'db-secret-file' or 'db-password'"))))
+ (string-trim-both
+ (with-input-from-file db-secret-file
+ read-string)))
+ (begin
+ (display-hint "\
+Consider using @code{db-secret-file} instead of @code{db-password} and unset
+@code{db-password} for security in @code{zabbix-front-end-configuration}.")
+ db-password)) "';
+
+// Schema name. Used for IBM DB2 and PostgreSQL.
+$DB['SCHEMA'] = '';
+
+$ZBX_SERVER = '" zabbix-host "';
+$ZBX_SERVER_PORT = '" (number->string zabbix-port) "';
+$ZBX_SERVER_NAME = '';
+
+$IMAGE_FORMAT_DEFAULT = IMAGE_FORMAT_PNG;
+"))))
+
+(define %maintenance.inc.php
+ ;; Empty php file to allow us move zabbix-frontend configs to ‘/etc/zabbix’
+ ;; directory. See ‘install-front-end’ phase in
+ ;; (@ (gnu packages monitoring) zabbix-server) package.
+ "\
+<?php
+")
+
+(define (zabbix-front-end-activation config)
+ "Return the activation gexp for CONFIG."
+ #~(begin
+ (use-modules (guix build utils))
+ (mkdir-p "/etc/zabbix")
+ (call-with-output-file "/etc/zabbix/maintenance.inc.php"
+ (lambda (port)
+ (display #$%maintenance.inc.php port)))
+ (copy-file #$(zabbix-front-end-config config)
+ "/etc/zabbix/zabbix.conf.php")))
+
+(define zabbix-front-end-service-type
+ (service-type
+ (name 'zabbix-front-end)
+ (extensions
+ (list (service-extension activation-service-type
+ zabbix-front-end-activation)
+ (service-extension nginx-service-type
+ zabbix-front-end-configuration-nginx)
+ ;; Make sure php-fpm is instantiated.
+ (service-extension php-fpm-service-type
+ (const #t))))
+ (default-value (zabbix-front-end-configuration))
+ (description
+ "Run the zabbix-front-end web interface, which allows users to interact
+with Zabbix server.")))
+
+(define (generate-zabbix-front-end-documentation)
+ (generate-documentation
+ `((zabbix-front-end-configuration
+ ,zabbix-front-end-configuration-fields))
+ 'zabbix-front-end-configuration))
diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index 49d08cc30f..12d649f542 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -281,7 +281,17 @@ stored."
(start service)))
'#$(append-map shepherd-service-provision
(filter shepherd-service-auto-start?
- services)))))))
+ services)))
+
+ ;; Hang up stdin. At this point, we assume that 'start' methods
+ ;; that required user interaction on the console (e.g.,
+ ;; 'cryptsetup open' invocations, post-fsck emergency REPL) have
+ ;; completed. User interaction becomes impossible after this
+ ;; call; this avoids situations where services wrongfully lead
+ ;; PID 1 to read from stdin (the console), which users may not
+ ;; have access to (see <https://bugs.gnu.org/23697>).
+ (redirect-port (open-input-file "/dev/null")
+ (current-input-port))))))
(scheme-file "shepherd.conf" config)))
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index fcf453c248..d71fed20ed 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -142,6 +142,7 @@
php-fpm-configuration-log-file
php-fpm-configuration-process-manager
php-fpm-configuration-display-errors
+ php-fpm-configuration-timezone
php-fpm-configuration-workers-log-file
php-fpm-configuration-file
@@ -773,6 +774,8 @@ of index files."
(default (php-fpm-dynamic-process-manager-configuration)))
(display-errors php-fpm-configuration-display-errors
(default #f))
+ (timezone php-fpm-configuration-timezone
+ (default #f))
(workers-log-file php-fpm-configuration-workers-log-file
(default (string-append "/var/log/php"
(version-major (package-version php))
@@ -827,7 +830,7 @@ of index files."
(shell (file-append shadow "/sbin/nologin")))))))
(define (default-php-fpm-config socket user group socket-user socket-group
- pid-file log-file pm display-errors workers-log-file)
+ pid-file log-file pm display-errors timezone workers-log-file)
(apply mixed-text-file "php-fpm.conf"
(flatten
"[global]\n"
@@ -840,6 +843,10 @@ of index files."
"listen.owner =" socket-user "\n"
"listen.group =" socket-group "\n"
+ (if timezone
+ (string-append "php_admin_value[date.timezone] = \"" timezone "\"\n")
+ "")
+
(match pm
(($ <php-fpm-dynamic-process-manager-configuration>
pm.max-children
@@ -879,7 +886,8 @@ of index files."
(define php-fpm-shepherd-service
(match-lambda
(($ <php-fpm-configuration> php socket user group socket-user socket-group
- pid-file log-file pm display-errors workers-log-file file)
+ pid-file log-file pm display-errors
+ timezone workers-log-file file)
(list (shepherd-service
(provision '(php-fpm))
(documentation "Run the php-fpm daemon.")
@@ -890,27 +898,27 @@ of index files."
#$(or file
(default-php-fpm-config socket user group
socket-user socket-group pid-file log-file
- pm display-errors workers-log-file)))
+ pm display-errors timezone workers-log-file)))
#:pid-file #$pid-file))
(stop #~(make-kill-destructor)))))))
-(define php-fpm-activation
- (match-lambda
- (($ <php-fpm-configuration> _ _ user _ _ _ _ log-file _ _ workers-log-file _)
- #~(begin
- (use-modules (guix build utils))
- (let* ((user (getpwnam #$user))
- (touch (lambda (file-name)
- (call-with-output-file file-name (const #t))))
- (init-log-file
- (lambda (file-name)
- (when #$workers-log-file
- (when (not (file-exists? file-name))
- (touch file-name))
- (chown file-name (passwd:uid user) (passwd:gid user))
- (chmod file-name #o660)))))
- (init-log-file #$log-file)
- (init-log-file #$workers-log-file))))))
+(define (php-fpm-activation config)
+ #~(begin
+ (use-modules (guix build utils))
+ (let* ((user (getpwnam #$(php-fpm-configuration-user config)))
+ (touch (lambda (file-name)
+ (call-with-output-file file-name (const #t))))
+ (workers-log-file
+ #$(php-fpm-configuration-workers-log-file config))
+ (init-log-file
+ (lambda (file-name)
+ (when workers-log-file
+ (when (not (file-exists? file-name))
+ (touch file-name))
+ (chown file-name (passwd:uid user) (passwd:gid user))
+ (chmod file-name #o660)))))
+ (init-log-file #$(php-fpm-configuration-log-file config))
+ (init-log-file workers-log-file))))
(define php-fpm-service-type