diff --git a/doc/guix.texi b/doc/guix.texi index 20b5013fd9..005ff83080 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -16662,6 +16662,147 @@ Bind the web interface to the specified address. @end table @end deftp +@subsubheading Zabbix server +@cindex zabbix zabbix-server +Zabbix provides monitoring metrics, among others network utilization, CPU load +and disk space consumption: + +@itemize +@item High performance, high capacity (able to monitor hundreds of thousands of devices). +@item Auto-discovery of servers and network devices and interfaces. +@item Low-level discovery, allows to automatically start monitoring new items, file systems or network interfaces among others. +@item Distributed monitoring with centralized web administration. +@item Native high performance agents. +@item SLA, and ITIL KPI metrics on reporting. +@item High-level (business) view of monitored resources through user-defined visual console screens and dashboards. +@item Remote command execution through Zabbix proxies. +@end itemize + +@c %start of fragment + +Available @code{zabbix-server-configuration} fields are: + +@deftypevr {@code{zabbix-server-configuration} parameter} package zabbix-server +The zabbix-server package. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string user +User who will run the Zabbix server. + +Defaults to @samp{"zabbix"}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} group group +Group who will run the Zabbix server. + +Defaults to @samp{"zabbix"}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string db-host +Database host name. + +Defaults to @samp{"127.0.0.1"}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string db-name +Database name. + +Defaults to @samp{"zabbix"}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string db-user +Database user. + +Defaults to @samp{"zabbix"}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string db-password +Database password. Please, use @code{include-files} with +@code{DBPassword=SECRET} inside a specified file instead. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} number db-port +Database port. + +Defaults to @samp{5432}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string log-type +Specifies where log messages are written to: + +@itemize @bullet +@item +@code{system} - syslog. + +@item +@code{file} - file specified with @code{log-file} parameter. + +@item +@code{console} - standard output. + +@end itemize + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string log-file +Log file name for @code{log-type} @code{file} parameter. + +Defaults to @samp{"/var/log/zabbix/server.log"}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string pid-file +Name of PID file. + +Defaults to @samp{"/var/run/zabbix/zabbix_server.pid"}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string ssl-ca-location +The location of certificate authority (CA) files for SSL server +certificate verification. + +Defaults to @samp{"/etc/ssl/certs/ca-certificates.crt"}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string ssl-cert-location +Location of SSL client certificates. + +Defaults to @samp{"/etc/ssl/certs"}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} string extra-options +Extra options will be appended to Zabbix server configuration file. + +Defaults to @samp{""}. + +@end deftypevr + +@deftypevr {@code{zabbix-server-configuration} parameter} include-files include-files +You may include individual files or all files in a directory in the +configuration file. + +Defaults to @samp{()}. + +@end deftypevr + + +@c %end of fragment + @node Kerberos Services @subsubsection Kerberos Services @cindex Kerberos diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm index aa3b63a0e4..cb1f71ebff 100644 --- a/gnu/services/monitoring.scm +++ b/gnu/services/monitoring.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Sou Bunnbu ;;; Copyright © 2018 Gábor Boskovits +;;; Copyright © 2018 Oleg Pykhalov ;;; ;;; This file is part of GNU Guix. ;;; @@ -19,17 +20,23 @@ (define-module (gnu services monitoring) #:use-module (gnu services) + #:use-module (gnu services configuration) #:use-module (gnu services shepherd) #:use-module (gnu packages admin) #:use-module (gnu packages monitoring) #:use-module (gnu system shadow) #:use-module (guix gexp) + #:use-module (guix packages) #:use-module (guix records) #:use-module (ice-9 match) + #:use-module (srfi srfi-26) #:export (darkstat-configuration prometheus-node-exporter-configuration darkstat-service-type - prometheus-node-exporter-service-type)) + prometheus-node-exporter-service-type + + zabbix-server-configuration + zabbix-server-service-type)) ;;; @@ -125,3 +132,185 @@ prometheus.") (list (service-extension shepherd-root-service-type (compose list prometheus-node-exporter-shepherd-service)))))) + + +;;; +;;; Zabbix server +;;; + +(define (uglify-field-name field-name) + (apply string-append + (map (lambda (str) + (if (member (string->symbol str) '(ca db ssl)) + (string-upcase str) + (string-capitalize str))) + (string-split (string-delete #\? + (symbol->string field-name)) + #\-)))) + +(define (serialize-field field-name val) + (format #t "~a=~a~%" (uglify-field-name field-name) val)) + +(define (serialize-number field-name val) + (serialize-field field-name (number->string val))) + +(define (serialize-list field-name val) + (if (null? val) "" (serialize-field field-name (string-join val ",")))) + +(define (serialize-string field-name val) + (if (and (string? val) (string=? val "")) + "" + (serialize-field field-name val))) + +(define group? string?) + +(define serialize-group + (const "")) + +(define include-files? list?) + +(define (serialize-include-files field-name val) + (if (null? val) "" (for-each (cut serialize-field 'include <>) val))) + +(define extra-options? string?) + +(define (serialize-extra-options field-name val) + (if (null? val) "" (display val))) + +(define-configuration zabbix-server-configuration + (zabbix-server + (package zabbix-server) + "The zabbix-server package.") + (user + (string "zabbix") + "User who will run the Zabbix server.") + (group ;for zabbix-server-account procedure + (group "zabbix") + "Group who will run the Zabbix server.") + (db-host + (string "127.0.0.1") + "Database host name.") + (db-name + (string "zabbix") + "Database name.") + (db-user + (string "zabbix") + "Database user.") + (db-password + (string "") + "Database password. Please, use @code{include-files} with +@code{DBPassword=SECRET} inside a specified file instead.") + (db-port + (number 5432) + "Database port.") + (log-type + (string "") + "Specifies where log messages are written to: +@itemize +@item @code{system} - syslog. +@item @code{file} - file specified with @code{log-file} parameter. +@item @code{console} - standard output. +@end itemize\n") + (log-file + (string "/var/log/zabbix/server.log") + "Log file name for @code{log-type} @code{file} parameter.") + (pid-file + (string "/var/run/zabbix/zabbix_server.pid") + "Name of PID file.") + (ssl-ca-location + (string "/etc/ssl/certs/ca-certificates.crt") + "The location of certificate authority (CA) files for SSL server +certificate verification.") + (ssl-cert-location + (string "/etc/ssl/certs") + "Location of SSL client certificates.") + (extra-options + (extra-options "") + "Extra options will be appended to Zabbix server configuration file.") + (include-files + (include-files '()) + "You may include individual files or all files in a directory in the +configuration file.")) + +(define (zabbix-server-account config) + "Return the user accounts and user groups for CONFIG." + (let ((zabbix-user (zabbix-server-configuration-user config)) + (zabbix-group (zabbix-server-configuration-group config))) + (list (user-group (name zabbix-group) (system? #t)) + (user-account + (name zabbix-user) + (system? #t) + (group zabbix-group) + (comment "zabbix privilege separation user") + (home-directory (string-append "/var/run/" zabbix-user)) + (shell #~(string-append #$shadow "/sbin/nologin")))))) + +(define (zabbix-server-config-file config) + "Return the zabbix-server configuration file corresponding to CONFIG." + (computed-file + "zabbix_server.conf" + #~(begin + (call-with-output-file #$output + (lambda (port) + (display "# Generated by 'zabbix-server-service'.\n" port) + (display #$(with-output-to-string + (lambda () + (serialize-configuration + config zabbix-server-configuration-fields))) + port) + #t))))) + +(define (zabbix-server-activation config) + "Return the activation gexp for CONFIG." + (with-imported-modules '((guix build utils) + (ice-9 rdelim)) + #~(begin + (use-modules (guix build utils) + (ice-9 rdelim)) + (let ((user (getpw #$(zabbix-server-configuration-user config)))) + (for-each (lambda (file) + (let ((directory (dirname file))) + (mkdir-p directory) + (chown directory (passwd:uid user) (passwd:gid user)) + (chmod directory #o755))) + (list #$(zabbix-server-configuration-log-file config) + #$(zabbix-server-configuration-pid-file config) + "/etc/zabbix/maintenance.inc.php")))))) + +(define (zabbix-server-shepherd-service config) + "Return a for Zabbix server with CONFIG." + (list (shepherd-service + (provision '(zabbix-server)) + (documentation "Run Zabbix server daemon.") + (start #~(make-forkexec-constructor + (list #$(file-append (zabbix-server-configuration-zabbix-server config) + "/sbin/zabbix_server") + "--config" #$(zabbix-server-config-file config) + "--foreground") + #:user #$(zabbix-server-configuration-user config) + #:group #$(zabbix-server-configuration-group config) + #:pid-file #$(zabbix-server-configuration-pid-file config) + #:environment-variables + (list "SSL_CERT_DIR=/run/current-system/profile\ +/etc/ssl/certs" + "SSL_CERT_FILE=/run/current-system/profile\ +/etc/ssl/certs/ca-certificates.crt"))) + (stop #~(make-kill-destructor))))) + +(define zabbix-server-service-type + (service-type + (name 'zabbix-server) + (extensions + (list (service-extension shepherd-root-service-type + zabbix-server-shepherd-service) + (service-extension account-service-type + zabbix-server-account) + (service-extension activation-service-type + zabbix-server-activation))) + (default-value (zabbix-server-configuration)))) + +(define (generate-zabbix-server-documentation) + (generate-documentation + `((zabbix-server-configuration + ,zabbix-server-configuration-fields)) + 'zabbix-server-configuration)) diff --git a/gnu/tests/monitoring.scm b/gnu/tests/monitoring.scm index 3320a19a77..edc41c4a30 100644 --- a/gnu/tests/monitoring.scm +++ b/gnu/tests/monitoring.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Gábor Boskovits +;;; Copyright © 2018 Oleg Pykhalov ;;; ;;; This file is part of GNU Guix. ;;; @@ -17,13 +18,19 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu tests monitoring) + #:use-module (gnu packages databases) + #:use-module (gnu packages monitoring) #:use-module (gnu services) #:use-module (gnu services monitoring) #:use-module (gnu services networking) + #:use-module (gnu services databases) + #:use-module (gnu services shepherd) #:use-module (gnu system vm) + #:use-module (gnu system) #:use-module (gnu tests) #:use-module (guix gexp) - #:export (%test-prometheus-node-exporter)) + #:export (%test-prometheus-node-exporter + %test-zabbix)) ;;; @@ -95,3 +102,161 @@ (description "Connect to a running prometheus-node-exporter server.") (value (run-prometheus-node-exporter-server-test name %prometheus-node-exporter-os)))) + + +;;; +;;; Zabbix +;;; + +(define %psql-user-create-zabbix + "\ +sudo -u postgres psql <<< \"create user zabbix password 'zabbix';\" +") + +(define %psql-db-zabbix-create-script + "\ +sudo -u postgres psql --no-align <<< \\\\du +") + +(define %psql-db-create-zabbix + "\ +sudo -u postgres createdb -O zabbix -E Unicode -T template0 zabbix +") + +(define %psql-db-import-zabbix + #~(format #f "\ +cat ~a | sudo -u zabbix psql zabbix; +cat ~a | sudo -u zabbix psql zabbix; +cat ~a | sudo -u zabbix psql zabbix; +" + (string-append #$zabbix-server:schema + "/database/postgresql/schema.sql") + (string-append #$zabbix-server:schema + "/database/postgresql/images.sql") + (string-append #$zabbix-server:schema + "/database/postgresql/data.sql"))) + +(define* (run-zabbix-server-test name test-os) + "Run tests in %ZABBIX-OS, which has zabbix running." + (define os + (marionette-operating-system + test-os + #:imported-modules '((gnu services herd)))) + + (define vm + (virtual-machine + (operating-system os) + (port-forwardings '((8080 . 80))) + (memory-size 1024))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) + (srfi srfi-64) + (gnu build marionette) + (web client) + (web response) + (ice-9 popen) + (ice-9 rdelim)) + + (define marionette + (make-marionette (list #$vm))) + + (mkdir #$output) + (chdir #$output) + + (test-begin #$name) + + ;; XXX: Shepherd reads the config file *before* binding its control + ;; socket, so /var/run/shepherd/socket might not exist yet when the + ;; 'marionette' service is started. + (test-assert "shepherd socket ready" + (marionette-eval + `(begin + (use-modules (gnu services herd)) + (let loop ((i 10)) + (cond ((file-exists? (%shepherd-socket-file)) + #t) + ((> i 0) + (sleep 1) + (loop (- i 1))) + (else + 'failure)))) + marionette)) + + (test-assert "postgres service running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'postgres)) + marionette)) + + (test-eq "postgres create zabbix user" + 0 + (marionette-eval '(begin (system #$%psql-user-create-zabbix)) + marionette)) + + (test-equal "postgres find zabbix user" + "List of roles +Role name|Attributes|Member of +postgres|Superuser, Create role, Create DB, Replication, Bypass RLS|{} +zabbix||{} +" + (marionette-eval + '(begin (let* ((port (open-pipe #$%psql-db-zabbix-create-script + OPEN_READ)) + (output (read-string port)) + (status (close-pipe port))) + output)) + marionette)) + + (test-eq "postgres create zabbix db" + 0 + (marionette-eval '(begin (system #$%psql-db-create-zabbix)) + marionette)) + + (test-eq "postgres import zabbix db" + 0 + (marionette-eval '(begin (system #$%psql-db-import-zabbix)) + marionette)) + + ;; Wait for zabbix-server to be up and running. + (test-assert "zabbix-server running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'zabbix-server)) + marionette)) + + ;; Make sure the PID file is created. + (test-assert "zabbix-server PID file" + (marionette-eval + '(file-exists? "/var/run/zabbix/zabbix_server.pid") + marionette)) + + (test-end) + + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation (string-append name "-test") test)) + +(define %zabbix-os + ;; Return operating system under test. + (let ((base-os + (simple-operating-system + (service dhcp-client-service-type) + (postgresql-service) + (service zabbix-server-service-type + (zabbix-server-configuration + (db-password "zabbix") + (log-type "console")))))) + (operating-system + (inherit base-os) + (packages (cons* postgresql (operating-system-packages base-os)))))) + +(define %test-zabbix + (system-test + (name "zabbix") + (description "Connect to a running Zabbix") + (value (run-zabbix-server-test name %zabbix-os))))