library/roles/postfix-relay: Add the support for nagios nrpe checks.

infrastructure-services: Remove the smtp_relay_nagios_monitoring role, now is all handled by library/roles/postfix-relay.

postfix-relay/defaults/main.yml

@@ -1,4 +1,6 @@
 ---
+postfix_enabled: True
+postfix_install_packages: True
 # Set it to true when you want configure your machine to send email to a relay
 postfix_relay_client: False
 postfix_biff: "no"
@@ -30,3 +32,13 @@ postfix_message_size_limit: 10240000
 
 postfix_sasl_packages:
   - sasl2-bin
+
+postfix_nagios_check: False
+postfix_nagios_checks:
+  - check_postfix_mailqueue
+  - check_postfix_processed
+
+nagios_postfix_mailq_w: 20
+nagios_postfix_mailq_c: 50
+nagios_postfix_processed_w: 50
+nagios_postfix_processed_c: 150

postfix-relay/files/check_postfix_mailqueue

@@ -0,0 +1,181 @@
+#!/bin/bash
+###################################################################
+# check_postfix_mailqueue is developped with GPL Licence 2.0
+#
+# GPL License: http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+#
+# First version developped by : Bjoern Bongermino
+#
+###################################################################
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+####################################################################
+ 
+#
+# original https://gist.github.com/alexlehm/8084195
+#
+
+# created by McArt <hello@mcart.ru> http://www.mcart.ru/
+ 
+# Uncomment to enable debugging
+# set -x
+ 
+PROGNAME=`basename $0`
+VERSION="Version 2.0"
+AUTHOR="McArt (http://www.mcart.ru)"
+ 
+STATE_OK=0
+STATE_WARNING=1
+STATE_CRITICAL=2
+STATE_UNKNOWN=3
+ 
+warning=unknown
+critical=unknown
+ 
+print_version() {
+    echo "$PROGNAME $VERSION $AUTHOR"
+}
+ 
+print_help() {
+    print_version $PROGNAME $VERSION
+    echo ""
+    echo "$PROGNAME - Checks postfix mailqueue statistic"
+    echo ""
+    echo "$PROGNAME is a Nagios plugin which generates statistics"
+    echo "for the postfix mailqueue and checks for corrupt messages."
+	echo "The following values will be checked:"
+	echo "active: Mails being delivered (should be small)"
+	echo "deferred: Stuck mails (that will be retried later)"
+	echo "corrupt: Messages found to not be in correct format (should be 0)"
+	echo "hold: Recent addition, messages put on hold indefinitly - delete of free"
+	echo "bounced: Bounced mails"
+    echo ""
+    echo "Usage: $PROGNAME -w WARN-Level -c CRIT-Level"
+    echo ""
+    echo "Options:"
+    echo "  -w)"
+    echo "     Warning level for active mails"
+    echo "  -c)"
+    echo "     Critical level for active mail"
+    echo "  -h)"
+    echo "     This help"
+    echo "  -v)"
+    echo "     Version"
+    exit $STATE_OK
+}
+ 
+# Check for parameters
+while test -n "$1"; do
+    case "$1" in
+		-h)
+			print_help
+			exit $STATE_OK;;
+		-v)
+			print_version
+			exit $STATE_OK;;
+		-w)
+			warning=$2
+			shift
+			;;
+		-c)
+			critical=$2
+			shift
+			;;
+		*)
+			echo "Usage: ./check_postfix_mailqueue2.sh -w <Warning level for active mails> -c <Critical level for active mail>"
+			;;
+	esac
+	shift
+done
+
+if [ $warning == "unknown" ] || [ $critical == "unknown" ]; then
+	echo "You need to specify warning and critical for active mails"
+	echo "Usage: ./check_postfix_mailqueue2.sh -w <warn> -c <crit>"
+	exit $STATE_UNKNOWN
+fi
+
+# make sure CRIT is larger than WARN
+if [ $warning -ge $critical ];then
+	echo "UNKNOWN: WARN value may not be greater than or equal the CRIT value"
+	exit $OK
+fi
+ 
+check_postfix_mailqueue() {
+# Can be set via environment, but default is fetched by postconf (if available,
+# else /var/spool/postfix) 
+if which postconf > /dev/null ; then
+   SPOOLDIR=${spooldir:-`postconf -h queue_directory`}
+else
+   SPOOLDIR=${spooldir:-/var/spool/postfix}
+fi
+ 
+cd $SPOOLDIR >/dev/null 2>/dev/null || {
+     echo -n "Cannot cd to $SPOOLDIR"
+     exit $STATE_CRITICAL
+}
+ 
+for d in deferred active corrupt hold
+do
+  if [ ! -r $d ]
+  then
+      echo -n "queue dir '$d' is not readable"
+      exit $STATE_CRITICAL
+  fi
+done
+ 
+# Get values
+deferred=`(test -d deferred && find deferred -type f ) | wc -l`
+active=`(test -d active && find active -type f ) | wc -l`
+corrupt=`(test -d corrupt && find corrupt -type f ) | wc -l`
+hold=`( test -d hold && find hold -type f ) | wc -l`
+bounced=`cat /var/log/mail.log | grep bounced | wc -l`
+}
+ 
+check_postfix_mailqueue
+values="Deferred mails=$deferred Active deliveries=$active Corrupt mails=$corrupt Mails on hold=$hold Bounced mails=$bounced"
+perfdata="deferred=$deferred;; active=$active;; corrupt=$corrupt;; hold=$hold;; bounced=$bounced;;"
+ 
+if [ $corrupt -gt 0 ]; then
+	echo -n "Postfix Mailqueue WARNING - $corrupt corrupt messages found! | $perfdata"
+	exit $STATE_WARNING
+fi
+
+if [ $hold -gt 0 ]; then
+	echo -n "Postfix Mailqueue WARNING - $hold hold messages found! | $perfdata"
+	exit $STATE_WARNING
+fi
+
+if [ $deferred -gt 0 ]; then
+	echo -n "Postfix Mailqueue WARNING - $deferred deferred messages found! | $perfdata"
+	exit $STATE_WARNING
+fi
+
+if [ $bounced -gt 0 ]; then
+	echo -n "Postfix Mailqueue WARNING - $bounced bounced messages found! | $perfdata"
+	exit $STATE_WARNING
+fi
+
+
+   if [ $active -gt $critical ]; then
+      MES_TO_EXIT="Postfix Mailqueue CRITICAL - $values | $perfdata"
+      STATE_TO_EXIT=$STATE_CRITICAL
+   elif [ $active -gt $warning ]; then
+      MES_TO_EXIT="Postfix Mailqueue WARNING - $values | $perfdata"
+      STATE_TO_EXIT=$STATE_WARNING
+   else
+      MES_TO_EXIT="Postfix Mailqueue OK - $values | $perfdata"
+      STATE_TO_EXIT=$STATE_OK
+   fi
+
+
+echo -n $MES_TO_EXIT
+echo -e "\n"
+exit $STATE_TO_EXIT

postfix-relay/files/check_postfix_processed

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+
+##    This program is free software: you can redistribute it and/or modify
+##    it under the terms of the GNU General Public License as published by
+##    the Free Software Foundation, either version 3 of the License, or
+##    (at your option) any later version.
+##
+##    This program is distributed in the hope that it will be useful,
+##    but WITHOUT ANY WARRANTY; without even the implied warranty of
+##    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+##    GNU General Public License for more details.
+##
+
+# ===============
+# check_postfixprocessed - plugin to check the number of mail processed by parsing logfiles
+# ===============
+# * mail processor written by Cecil Westerhof & Modifications for nagios by Frank IJskes
+# * Christian Nutz identified the IF as slow on large logfiles, by only checking from the bottom up performance went back to normal
+
+# version 2 uses AWK to improve processing / lower cpu load
+# plugin return codes:
+# 0     OK
+# 1     Warning
+# 2     Critical
+# 3     Unknown
+
+NO_OF_SECONDS=300
+POSTFIX_LOG="/var/log/mail.log"
+
+while getopts "hvw:c:" opt
+do
+        case $opt in
+                h)
+                        showhelp=1
+                        break
+                ;;
+                w)
+                        warning="$OPTARG"
+                ;;
+                c)
+                        critical="$OPTARG"
+                ;;
+                v)
+                        verbose=1
+                ;;
+        esac
+done
+
+printUsage() {
+        echo "Usage: $0 [-h] [-v] -w <warning> -c <critical>"
+        echo ""
+        echo "Example: $0 -w 50 -c 100"
+}
+
+printHelp() {
+        printUsage
+        echo ""
+        echo "This plugin checks the number of messages processed by Postfix in the last 5 minutes."
+        echo ""
+        echo "For more details, see inside the script ;)"
+        echo ""
+        exit 3
+}
+
+if [ "$showhelp" = "1" ]; then
+        printHelp
+        exit 3
+fi
+
+if [ ! "$warning" ] || [ ! "$critical" ]; then
+        printUsage
+        exit 3
+fi
+
+if [ $warning -ge $critical ]; then
+        echo "<warning> has to be smaller than <critical>!"
+        exit 3
+fi
+
+if [ ! "$POSTFIX_LOG" ]; then
+        echo "Could not find postfix log!"
+        exit 3
+fi
+
+countSentMessages () {
+        NOW=`date +%s`
+
+        DATE_FROM=`awk -v now=$NOW -v seconds=$NO_OF_SECONDS 'BEGIN{print strftime("%b %d %T", now-seconds)}'`
+        DATE_TO=`awk -v now=$NOW 'BEGIN{print strftime("%b %d %T", now)}'`
+
+        echo `awk '$0>=from && $0<=to' from="$DATE_FROM" to="$DATE_TO" ${POSTFIX_LOG} | grep ' postfix/smtp\[.*, status=sent ' | wc -l`
+}
+
+sentMessagesCount=`countSentMessages`
+
+echo "Messages processed in the last $NO_OF_SECONDS seconds: $sentMessagesCount | mailsprocessed=$sentMessagesCount"
+
+if [ "$sentMessagesCount" -ge "$critical" ]; then
+        exit 2
+elif [ "$sentMessagesCount" -ge "$warning" ]; then
+        exit 1
+else
+        exit 0
+fi

postfix-relay/handlers/main.yml

@@ -3,15 +3,19 @@
 
 - name: Reload postfix
   service: name=postfix state=reloaded
+  when: postfix_enabled
 
 - name: Restart postfix
   service: name=postfix state=restarted
+  when: postfix_enabled
 
 - name: Update the network hash table
   shell: postmap hash:/etc/postfix/network_table
 
 - name: start saslauth daemon
   service: name=saslauthd state=started enabled=yes
+  when: postfix_enabled
 
 - name: restart saslauth daemon
   service: name=saslauthd state=restarted
+  when: postfix_enabled

postfix-relay/tasks/smtp-common-packages.yml

@@ -1,21 +1,50 @@
 ---
-- name: Install postfix and libsas to do mail relay
+- block:
-  action: apt pkg={{ item }} state=present
-  with_items:
-    - postfix
-    - libsasl2-2
-  tags:
-    - postfix-relay
 
-- name: Write the postfix main configuration file
+    - name: Install postfix and libsas to do mail relay
-  template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
+      action: apt pkg={{ item }} state=present update_cache=yes cache_valid_time=1800
-  notify: Restart postfix
+      with_items:
-  tags:
+        - postfix
-    - postfix-relay
+        - libsasl2-2
 
-- name: Activate the submission port on the postfix master file
+    - name: Write the postfix main configuration file
-  template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
+      template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444
-  notify: Restart postfix
+      notify: Restart postfix
-  tags:
+
-    - postfix-relay
+    - name: Activate the submission port on the postfix master file
-  
+      template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444
+      notify: Restart postfix
+
+    - name: Install the postfix NRPE nagios check
+      copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }}  owner=root group=nagios mode=0555
+      with_items: '{{ postfix_nagios_checks }}'
+      when: postfix_nagios_check
+      tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
+
+    - name: Install the postfix NRPE command configuration
+      template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg  owner=root group=root mode=0444
+      notify: Reload NRPE server
+      when: postfix_nagios_check
+      tags: [ 'postfix-relay', 'nagios', 'nrpe' ]
+
+    - name: Ensure that postfix is started and enabled
+      service: name=postfix state=started enabled=yes
+      when: postfix_enabled
+
+    - name: Ensure that postfix is stopped and disabled
+      service: name=postfix state=stopped enabled=no
+      when: not postfix_enabled
+
+  when: postfix_install_packages
+  tags: postfix-relay 
+
+- block:
+
+    - name: Remove postfix and libsas
+      action: apt pkg={{ item }} state=absent
+      with_items:
+        - postfix
+        - libsasl2-2
+
+  when: not postfix_install_packages
+  tags: postfix-relay 

postfix-relay/templates/postfix-nrpe.cfg.j2

@@ -0,0 +1,4 @@
+# Postfix mailq
+command[postfix_check_mailqueue]=/usr/bin/sudo {{ nagios_plugins_dir }}/check_postfix_mailqueue -w {{ nagios_postfix_mailq_w }} -c {{ nagios_postfix_mailq_c }}
+# Postfix processed
+command[postfix_check_processed]=/usr/bin/sudo {{ nagios_plugins_dir }}/check_postfix_processed -w {{ nagios_postfix_processed_w }} -c {{ nagios_postfix_processed_c }}