services: monitoring: Add 'zabbix-server'.

* gnu/services/monitoring.scm (uglify-field-name, serialize-field,
serialize-number, serialize-list, serialize-string, group?, serialize-group,
include-files?, serialize-include-files, zabbix-server-account,
zabbix-server-config-file, zabbix-server-activation,
zabbix-server-shepherd-service, generate-zabbix-server-documentation,
extra-options, serialize-extra-options): New procedures.
(zabbix-server-service-type): New variable.
* gnu/tests/monitoring.scm (%psql-user-create-zabbix,
%psql-db-zabbix-create-script, %psql-db-create-zabbix, %psql-db-import-zabbix,
%zabbix-os, %test-zabbix): New variables.
(run-zabbix-server-test): New procedure.
* doc/guix.texi (Monitoring Services): Document 'zabbix-server'.

squash! services: monitoring: Add 'zabbix-server'.
This commit is contained in:
Oleg Pykhalov 2018-11-29 20:22:41 +03:00
parent 2c9ac8392a
commit 6b1c4179e2
No known key found for this signature in database
GPG Key ID: 167F8EA5001AFA9C
3 changed files with 497 additions and 2 deletions

View File

@ -16662,6 +16662,147 @@ Bind the web interface to the specified address.
@end table
@end deftp
@subsubheading Zabbix server
@cindex zabbix zabbix-server
Zabbix provides monitoring metrics, among others network utilization, CPU load
and disk space consumption:
@itemize
@item High performance, high capacity (able to monitor hundreds of thousands of devices).
@item Auto-discovery of servers and network devices and interfaces.
@item Low-level discovery, allows to automatically start monitoring new items, file systems or network interfaces among others.
@item Distributed monitoring with centralized web administration.
@item Native high performance agents.
@item SLA, and ITIL KPI metrics on reporting.
@item High-level (business) view of monitored resources through user-defined visual console screens and dashboards.
@item Remote command execution through Zabbix proxies.
@end itemize
@c %start of fragment
Available @code{zabbix-server-configuration} fields are:
@deftypevr {@code{zabbix-server-configuration} parameter} package zabbix-server
The zabbix-server package.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string user
User who will run the Zabbix server.
Defaults to @samp{"zabbix"}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} group group
Group who will run the Zabbix server.
Defaults to @samp{"zabbix"}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string db-host
Database host name.
Defaults to @samp{"127.0.0.1"}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string db-name
Database name.
Defaults to @samp{"zabbix"}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string db-user
Database user.
Defaults to @samp{"zabbix"}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string db-password
Database password. Please, use @code{include-files} with
@code{DBPassword=SECRET} inside a specified file instead.
Defaults to @samp{""}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} number db-port
Database port.
Defaults to @samp{5432}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string log-type
Specifies where log messages are written to:
@itemize @bullet
@item
@code{system} - syslog.
@item
@code{file} - file specified with @code{log-file} parameter.
@item
@code{console} - standard output.
@end itemize
Defaults to @samp{""}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string log-file
Log file name for @code{log-type} @code{file} parameter.
Defaults to @samp{"/var/log/zabbix/server.log"}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string pid-file
Name of PID file.
Defaults to @samp{"/var/run/zabbix/zabbix_server.pid"}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string ssl-ca-location
The location of certificate authority (CA) files for SSL server
certificate verification.
Defaults to @samp{"/etc/ssl/certs/ca-certificates.crt"}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string ssl-cert-location
Location of SSL client certificates.
Defaults to @samp{"/etc/ssl/certs"}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} string extra-options
Extra options will be appended to Zabbix server configuration file.
Defaults to @samp{""}.
@end deftypevr
@deftypevr {@code{zabbix-server-configuration} parameter} include-files include-files
You may include individual files or all files in a directory in the
configuration file.
Defaults to @samp{()}.
@end deftypevr
@c %end of fragment
@node Kerberos Services
@subsubsection Kerberos Services
@cindex Kerberos

View File

@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Sou Bunnbu <iyzsong@member.fsf.org>
;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>
;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -19,17 +20,23 @@
(define-module (gnu services monitoring)
#:use-module (gnu services)
#:use-module (gnu services configuration)
#:use-module (gnu services shepherd)
#:use-module (gnu packages admin)
#:use-module (gnu packages monitoring)
#:use-module (gnu system shadow)
#:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix records)
#:use-module (ice-9 match)
#:use-module (srfi srfi-26)
#:export (darkstat-configuration
prometheus-node-exporter-configuration
darkstat-service-type
prometheus-node-exporter-service-type))
prometheus-node-exporter-service-type
zabbix-server-configuration
zabbix-server-service-type))
;;;
@ -125,3 +132,185 @@ prometheus.")
(list (service-extension
shepherd-root-service-type
(compose list prometheus-node-exporter-shepherd-service))))))
;;;
;;; Zabbix server
;;;
(define (uglify-field-name field-name)
(apply string-append
(map (lambda (str)
(if (member (string->symbol str) '(ca db ssl))
(string-upcase str)
(string-capitalize str)))
(string-split (string-delete #\?
(symbol->string field-name))
#\-))))
(define (serialize-field field-name val)
(format #t "~a=~a~%" (uglify-field-name field-name) val))
(define (serialize-number field-name val)
(serialize-field field-name (number->string val)))
(define (serialize-list field-name val)
(if (null? val) "" (serialize-field field-name (string-join val ","))))
(define (serialize-string field-name val)
(if (and (string? val) (string=? val ""))
""
(serialize-field field-name val)))
(define group? string?)
(define serialize-group
(const ""))
(define include-files? list?)
(define (serialize-include-files field-name val)
(if (null? val) "" (for-each (cut serialize-field 'include <>) val)))
(define extra-options? string?)
(define (serialize-extra-options field-name val)
(if (null? val) "" (display val)))
(define-configuration zabbix-server-configuration
(zabbix-server
(package zabbix-server)
"The zabbix-server package.")
(user
(string "zabbix")
"User who will run the Zabbix server.")
(group ;for zabbix-server-account procedure
(group "zabbix")
"Group who will run the Zabbix server.")
(db-host
(string "127.0.0.1")
"Database host name.")
(db-name
(string "zabbix")
"Database name.")
(db-user
(string "zabbix")
"Database user.")
(db-password
(string "")
"Database password. Please, use @code{include-files} with
@code{DBPassword=SECRET} inside a specified file instead.")
(db-port
(number 5432)
"Database port.")
(log-type
(string "")
"Specifies where log messages are written to:
@itemize
@item @code{system} - syslog.
@item @code{file} - file specified with @code{log-file} parameter.
@item @code{console} - standard output.
@end itemize\n")
(log-file
(string "/var/log/zabbix/server.log")
"Log file name for @code{log-type} @code{file} parameter.")
(pid-file
(string "/var/run/zabbix/zabbix_server.pid")
"Name of PID file.")
(ssl-ca-location
(string "/etc/ssl/certs/ca-certificates.crt")
"The location of certificate authority (CA) files for SSL server
certificate verification.")
(ssl-cert-location
(string "/etc/ssl/certs")
"Location of SSL client certificates.")
(extra-options
(extra-options "")
"Extra options will be appended to Zabbix server configuration file.")
(include-files
(include-files '())
"You may include individual files or all files in a directory in the
configuration file."))
(define (zabbix-server-account config)
"Return the user accounts and user groups for CONFIG."
(let ((zabbix-user (zabbix-server-configuration-user config))
(zabbix-group (zabbix-server-configuration-group config)))
(list (user-group (name zabbix-group) (system? #t))
(user-account
(name zabbix-user)
(system? #t)
(group zabbix-group)
(comment "zabbix privilege separation user")
(home-directory (string-append "/var/run/" zabbix-user))
(shell #~(string-append #$shadow "/sbin/nologin"))))))
(define (zabbix-server-config-file config)
"Return the zabbix-server configuration file corresponding to CONFIG."
(computed-file
"zabbix_server.conf"
#~(begin
(call-with-output-file #$output
(lambda (port)
(display "# Generated by 'zabbix-server-service'.\n" port)
(display #$(with-output-to-string
(lambda ()
(serialize-configuration
config zabbix-server-configuration-fields)))
port)
#t)))))
(define (zabbix-server-activation config)
"Return the activation gexp for CONFIG."
(with-imported-modules '((guix build utils)
(ice-9 rdelim))
#~(begin
(use-modules (guix build utils)
(ice-9 rdelim))
(let ((user (getpw #$(zabbix-server-configuration-user config))))
(for-each (lambda (file)
(let ((directory (dirname file)))
(mkdir-p directory)
(chown directory (passwd:uid user) (passwd:gid user))
(chmod directory #o755)))
(list #$(zabbix-server-configuration-log-file config)
#$(zabbix-server-configuration-pid-file config)
"/etc/zabbix/maintenance.inc.php"))))))
(define (zabbix-server-shepherd-service config)
"Return a <shepherd-service> for Zabbix server with CONFIG."
(list (shepherd-service
(provision '(zabbix-server))
(documentation "Run Zabbix server daemon.")
(start #~(make-forkexec-constructor
(list #$(file-append (zabbix-server-configuration-zabbix-server config)
"/sbin/zabbix_server")
"--config" #$(zabbix-server-config-file config)
"--foreground")
#:user #$(zabbix-server-configuration-user config)
#:group #$(zabbix-server-configuration-group config)
#:pid-file #$(zabbix-server-configuration-pid-file config)
#:environment-variables
(list "SSL_CERT_DIR=/run/current-system/profile\
/etc/ssl/certs"
"SSL_CERT_FILE=/run/current-system/profile\
/etc/ssl/certs/ca-certificates.crt")))
(stop #~(make-kill-destructor)))))
(define zabbix-server-service-type
(service-type
(name 'zabbix-server)
(extensions
(list (service-extension shepherd-root-service-type
zabbix-server-shepherd-service)
(service-extension account-service-type
zabbix-server-account)
(service-extension activation-service-type
zabbix-server-activation)))
(default-value (zabbix-server-configuration))))
(define (generate-zabbix-server-documentation)
(generate-documentation
`((zabbix-server-configuration
,zabbix-server-configuration-fields))
'zabbix-server-configuration))

View File

@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Gábor Boskovits <boskovits@gmail.com>
;;; Copyright © 2018 Oleg Pykhalov <go.wigust@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@ -17,13 +18,19 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu tests monitoring)
#:use-module (gnu packages databases)
#:use-module (gnu packages monitoring)
#:use-module (gnu services)
#:use-module (gnu services monitoring)
#:use-module (gnu services networking)
#:use-module (gnu services databases)
#:use-module (gnu services shepherd)
#:use-module (gnu system vm)
#:use-module (gnu system)
#:use-module (gnu tests)
#:use-module (guix gexp)
#:export (%test-prometheus-node-exporter))
#:export (%test-prometheus-node-exporter
%test-zabbix))
;;;
@ -95,3 +102,161 @@
(description "Connect to a running prometheus-node-exporter server.")
(value (run-prometheus-node-exporter-server-test
name %prometheus-node-exporter-os))))
;;;
;;; Zabbix
;;;
(define %psql-user-create-zabbix
"\
sudo -u postgres psql <<< \"create user zabbix password 'zabbix';\"
")
(define %psql-db-zabbix-create-script
"\
sudo -u postgres psql --no-align <<< \\\\du
")
(define %psql-db-create-zabbix
"\
sudo -u postgres createdb -O zabbix -E Unicode -T template0 zabbix
")
(define %psql-db-import-zabbix
#~(format #f "\
cat ~a | sudo -u zabbix psql zabbix;
cat ~a | sudo -u zabbix psql zabbix;
cat ~a | sudo -u zabbix psql zabbix;
"
(string-append #$zabbix-server:schema
"/database/postgresql/schema.sql")
(string-append #$zabbix-server:schema
"/database/postgresql/images.sql")
(string-append #$zabbix-server:schema
"/database/postgresql/data.sql")))
(define* (run-zabbix-server-test name test-os)
"Run tests in %ZABBIX-OS, which has zabbix running."
(define os
(marionette-operating-system
test-os
#:imported-modules '((gnu services herd))))
(define vm
(virtual-machine
(operating-system os)
(port-forwardings '((8080 . 80)))
(memory-size 1024)))
(define test
(with-imported-modules '((gnu build marionette))
#~(begin
(use-modules (srfi srfi-11)
(srfi srfi-64)
(gnu build marionette)
(web client)
(web response)
(ice-9 popen)
(ice-9 rdelim))
(define marionette
(make-marionette (list #$vm)))
(mkdir #$output)
(chdir #$output)
(test-begin #$name)
;; XXX: Shepherd reads the config file *before* binding its control
;; socket, so /var/run/shepherd/socket might not exist yet when the
;; 'marionette' service is started.
(test-assert "shepherd socket ready"
(marionette-eval
`(begin
(use-modules (gnu services herd))
(let loop ((i 10))
(cond ((file-exists? (%shepherd-socket-file))
#t)
((> i 0)
(sleep 1)
(loop (- i 1)))
(else
'failure))))
marionette))
(test-assert "postgres service running"
(marionette-eval
'(begin
(use-modules (gnu services herd))
(start-service 'postgres))
marionette))
(test-eq "postgres create zabbix user"
0
(marionette-eval '(begin (system #$%psql-user-create-zabbix))
marionette))
(test-equal "postgres find zabbix user"
"List of roles
Role name|Attributes|Member of
postgres|Superuser, Create role, Create DB, Replication, Bypass RLS|{}
zabbix||{}
"
(marionette-eval
'(begin (let* ((port (open-pipe #$%psql-db-zabbix-create-script
OPEN_READ))
(output (read-string port))
(status (close-pipe port)))
output))
marionette))
(test-eq "postgres create zabbix db"
0
(marionette-eval '(begin (system #$%psql-db-create-zabbix))
marionette))
(test-eq "postgres import zabbix db"
0
(marionette-eval '(begin (system #$%psql-db-import-zabbix))
marionette))
;; Wait for zabbix-server to be up and running.
(test-assert "zabbix-server running"
(marionette-eval
'(begin
(use-modules (gnu services herd))
(start-service 'zabbix-server))
marionette))
;; Make sure the PID file is created.
(test-assert "zabbix-server PID file"
(marionette-eval
'(file-exists? "/var/run/zabbix/zabbix_server.pid")
marionette))
(test-end)
(exit (= (test-runner-fail-count (test-runner-current)) 0)))))
(gexp->derivation (string-append name "-test") test))
(define %zabbix-os
;; Return operating system under test.
(let ((base-os
(simple-operating-system
(service dhcp-client-service-type)
(postgresql-service)
(service zabbix-server-service-type
(zabbix-server-configuration
(db-password "zabbix")
(log-type "console"))))))
(operating-system
(inherit base-os)
(packages (cons* postgresql (operating-system-packages base-os))))))
(define %test-zabbix
(system-test
(name "zabbix")
(description "Connect to a running Zabbix")
(value (run-zabbix-server-test name %zabbix-os))))