From f54c2bb4576f9c767af37d83d31f3ae758137121 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Tue, 9 Aug 2016 18:57:37 +0200 Subject: [PATCH] library/roles/postfix-relay: Add the support for nagios nrpe checks. infrastructure-services: Remove the smtp_relay_nagios_monitoring role, now is all handled by library/roles/postfix-relay. --- postfix-relay/defaults/main.yml | 12 ++ postfix-relay/files/check_postfix_mailqueue | 181 +++++++++++++++++++ postfix-relay/files/check_postfix_processed | 104 +++++++++++ postfix-relay/handlers/main.yml | 4 + postfix-relay/tasks/smtp-common-packages.yml | 65 +++++-- postfix-relay/templates/postfix-nrpe.cfg.j2 | 4 + 6 files changed, 352 insertions(+), 18 deletions(-) create mode 100644 postfix-relay/files/check_postfix_mailqueue create mode 100755 postfix-relay/files/check_postfix_processed create mode 100644 postfix-relay/templates/postfix-nrpe.cfg.j2 diff --git a/postfix-relay/defaults/main.yml b/postfix-relay/defaults/main.yml index 9596ed49..fc5782ad 100644 --- a/postfix-relay/defaults/main.yml +++ b/postfix-relay/defaults/main.yml @@ -1,4 +1,6 @@ --- +postfix_enabled: True +postfix_install_packages: True # Set it to true when you want configure your machine to send email to a relay postfix_relay_client: False postfix_biff: "no" @@ -30,3 +32,13 @@ postfix_message_size_limit: 10240000 postfix_sasl_packages: - sasl2-bin + +postfix_nagios_check: False +postfix_nagios_checks: + - check_postfix_mailqueue + - check_postfix_processed + +nagios_postfix_mailq_w: 20 +nagios_postfix_mailq_c: 50 +nagios_postfix_processed_w: 50 +nagios_postfix_processed_c: 150 diff --git a/postfix-relay/files/check_postfix_mailqueue b/postfix-relay/files/check_postfix_mailqueue new file mode 100644 index 00000000..98721b5c --- /dev/null +++ b/postfix-relay/files/check_postfix_mailqueue @@ -0,0 +1,181 @@ +#!/bin/bash +################################################################### +# check_postfix_mailqueue is developped with GPL Licence 2.0 +# +# GPL License: http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt +# +# First version developped by : Bjoern Bongermino +# +################################################################### +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +#################################################################### + +# +# original https://gist.github.com/alexlehm/8084195 +# + +# created by McArt http://www.mcart.ru/ + +# Uncomment to enable debugging +# set -x + +PROGNAME=`basename $0` +VERSION="Version 2.0" +AUTHOR="McArt (http://www.mcart.ru)" + +STATE_OK=0 +STATE_WARNING=1 +STATE_CRITICAL=2 +STATE_UNKNOWN=3 + +warning=unknown +critical=unknown + +print_version() { + echo "$PROGNAME $VERSION $AUTHOR" +} + +print_help() { + print_version $PROGNAME $VERSION + echo "" + echo "$PROGNAME - Checks postfix mailqueue statistic" + echo "" + echo "$PROGNAME is a Nagios plugin which generates statistics" + echo "for the postfix mailqueue and checks for corrupt messages." + echo "The following values will be checked:" + echo "active: Mails being delivered (should be small)" + echo "deferred: Stuck mails (that will be retried later)" + echo "corrupt: Messages found to not be in correct format (should be 0)" + echo "hold: Recent addition, messages put on hold indefinitly - delete of free" + echo "bounced: Bounced mails" + echo "" + echo "Usage: $PROGNAME -w WARN-Level -c CRIT-Level" + echo "" + echo "Options:" + echo " -w)" + echo " Warning level for active mails" + echo " -c)" + echo " Critical level for active mail" + echo " -h)" + echo " This help" + echo " -v)" + echo " Version" + exit $STATE_OK +} + +# Check for parameters +while test -n "$1"; do + case "$1" in + -h) + print_help + exit $STATE_OK;; + -v) + print_version + exit $STATE_OK;; + -w) + warning=$2 + shift + ;; + -c) + critical=$2 + shift + ;; + *) + echo "Usage: ./check_postfix_mailqueue2.sh -w -c " + ;; + esac + shift +done + +if [ $warning == "unknown" ] || [ $critical == "unknown" ]; then + echo "You need to specify warning and critical for active mails" + echo "Usage: ./check_postfix_mailqueue2.sh -w -c " + exit $STATE_UNKNOWN +fi + +# make sure CRIT is larger than WARN +if [ $warning -ge $critical ];then + echo "UNKNOWN: WARN value may not be greater than or equal the CRIT value" + exit $OK +fi + +check_postfix_mailqueue() { +# Can be set via environment, but default is fetched by postconf (if available, +# else /var/spool/postfix) +if which postconf > /dev/null ; then + SPOOLDIR=${spooldir:-`postconf -h queue_directory`} +else + SPOOLDIR=${spooldir:-/var/spool/postfix} +fi + +cd $SPOOLDIR >/dev/null 2>/dev/null || { + echo -n "Cannot cd to $SPOOLDIR" + exit $STATE_CRITICAL +} + +for d in deferred active corrupt hold +do + if [ ! -r $d ] + then + echo -n "queue dir '$d' is not readable" + exit $STATE_CRITICAL + fi +done + +# Get values +deferred=`(test -d deferred && find deferred -type f ) | wc -l` +active=`(test -d active && find active -type f ) | wc -l` +corrupt=`(test -d corrupt && find corrupt -type f ) | wc -l` +hold=`( test -d hold && find hold -type f ) | wc -l` +bounced=`cat /var/log/mail.log | grep bounced | wc -l` +} + +check_postfix_mailqueue +values="Deferred mails=$deferred Active deliveries=$active Corrupt mails=$corrupt Mails on hold=$hold Bounced mails=$bounced" +perfdata="deferred=$deferred;; active=$active;; corrupt=$corrupt;; hold=$hold;; bounced=$bounced;;" + +if [ $corrupt -gt 0 ]; then + echo -n "Postfix Mailqueue WARNING - $corrupt corrupt messages found! | $perfdata" + exit $STATE_WARNING +fi + +if [ $hold -gt 0 ]; then + echo -n "Postfix Mailqueue WARNING - $hold hold messages found! | $perfdata" + exit $STATE_WARNING +fi + +if [ $deferred -gt 0 ]; then + echo -n "Postfix Mailqueue WARNING - $deferred deferred messages found! | $perfdata" + exit $STATE_WARNING +fi + +if [ $bounced -gt 0 ]; then + echo -n "Postfix Mailqueue WARNING - $bounced bounced messages found! | $perfdata" + exit $STATE_WARNING +fi + + + if [ $active -gt $critical ]; then + MES_TO_EXIT="Postfix Mailqueue CRITICAL - $values | $perfdata" + STATE_TO_EXIT=$STATE_CRITICAL + elif [ $active -gt $warning ]; then + MES_TO_EXIT="Postfix Mailqueue WARNING - $values | $perfdata" + STATE_TO_EXIT=$STATE_WARNING + else + MES_TO_EXIT="Postfix Mailqueue OK - $values | $perfdata" + STATE_TO_EXIT=$STATE_OK + fi + + +echo -n $MES_TO_EXIT +echo -e "\n" +exit $STATE_TO_EXIT diff --git a/postfix-relay/files/check_postfix_processed b/postfix-relay/files/check_postfix_processed new file mode 100755 index 00000000..1dd64219 --- /dev/null +++ b/postfix-relay/files/check_postfix_processed @@ -0,0 +1,104 @@ +#!/usr/bin/env bash + +## This program is free software: you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation, either version 3 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. +## + +# =============== +# check_postfixprocessed - plugin to check the number of mail processed by parsing logfiles +# =============== +# * mail processor written by Cecil Westerhof & Modifications for nagios by Frank IJskes +# * Christian Nutz identified the IF as slow on large logfiles, by only checking from the bottom up performance went back to normal + +# version 2 uses AWK to improve processing / lower cpu load +# plugin return codes: +# 0 OK +# 1 Warning +# 2 Critical +# 3 Unknown + +NO_OF_SECONDS=300 +POSTFIX_LOG="/var/log/mail.log" + +while getopts "hvw:c:" opt +do + case $opt in + h) + showhelp=1 + break + ;; + w) + warning="$OPTARG" + ;; + c) + critical="$OPTARG" + ;; + v) + verbose=1 + ;; + esac +done + +printUsage() { + echo "Usage: $0 [-h] [-v] -w -c " + echo "" + echo "Example: $0 -w 50 -c 100" +} + +printHelp() { + printUsage + echo "" + echo "This plugin checks the number of messages processed by Postfix in the last 5 minutes." + echo "" + echo "For more details, see inside the script ;)" + echo "" + exit 3 +} + +if [ "$showhelp" = "1" ]; then + printHelp + exit 3 +fi + +if [ ! "$warning" ] || [ ! "$critical" ]; then + printUsage + exit 3 +fi + +if [ $warning -ge $critical ]; then + echo " has to be smaller than !" + exit 3 +fi + +if [ ! "$POSTFIX_LOG" ]; then + echo "Could not find postfix log!" + exit 3 +fi + +countSentMessages () { + NOW=`date +%s` + + DATE_FROM=`awk -v now=$NOW -v seconds=$NO_OF_SECONDS 'BEGIN{print strftime("%b %d %T", now-seconds)}'` + DATE_TO=`awk -v now=$NOW 'BEGIN{print strftime("%b %d %T", now)}'` + + echo `awk '$0>=from && $0<=to' from="$DATE_FROM" to="$DATE_TO" ${POSTFIX_LOG} | grep ' postfix/smtp\[.*, status=sent ' | wc -l` +} + +sentMessagesCount=`countSentMessages` + +echo "Messages processed in the last $NO_OF_SECONDS seconds: $sentMessagesCount | mailsprocessed=$sentMessagesCount" + +if [ "$sentMessagesCount" -ge "$critical" ]; then + exit 2 +elif [ "$sentMessagesCount" -ge "$warning" ]; then + exit 1 +else + exit 0 +fi diff --git a/postfix-relay/handlers/main.yml b/postfix-relay/handlers/main.yml index 547c6bb8..0dc65050 100644 --- a/postfix-relay/handlers/main.yml +++ b/postfix-relay/handlers/main.yml @@ -3,15 +3,19 @@ - name: Reload postfix service: name=postfix state=reloaded + when: postfix_enabled - name: Restart postfix service: name=postfix state=restarted + when: postfix_enabled - name: Update the network hash table shell: postmap hash:/etc/postfix/network_table - name: start saslauth daemon service: name=saslauthd state=started enabled=yes + when: postfix_enabled - name: restart saslauth daemon service: name=saslauthd state=restarted + when: postfix_enabled diff --git a/postfix-relay/tasks/smtp-common-packages.yml b/postfix-relay/tasks/smtp-common-packages.yml index 6cc48027..a07eb470 100644 --- a/postfix-relay/tasks/smtp-common-packages.yml +++ b/postfix-relay/tasks/smtp-common-packages.yml @@ -1,21 +1,50 @@ --- -- name: Install postfix and libsas to do mail relay - action: apt pkg={{ item }} state=present - with_items: - - postfix - - libsasl2-2 - tags: - - postfix-relay +- block: -- name: Write the postfix main configuration file - template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444 - notify: Restart postfix - tags: - - postfix-relay + - name: Install postfix and libsas to do mail relay + action: apt pkg={{ item }} state=present update_cache=yes cache_valid_time=1800 + with_items: + - postfix + - libsasl2-2 -- name: Activate the submission port on the postfix master file - template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444 - notify: Restart postfix - tags: - - postfix-relay - + - name: Write the postfix main configuration file + template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0444 + notify: Restart postfix + + - name: Activate the submission port on the postfix master file + template: src=postfix-master.cf.j2 dest=/etc/postfix/master.cf owner=root group=root mode=0444 + notify: Restart postfix + + - name: Install the postfix NRPE nagios check + copy: src={{ item }} dest={{ nagios_plugins_dir }}/{{ item }} owner=root group=nagios mode=0555 + with_items: '{{ postfix_nagios_checks }}' + when: postfix_nagios_check + tags: [ 'postfix-relay', 'nagios', 'nrpe' ] + + - name: Install the postfix NRPE command configuration + template: src=postfix-nrpe.cfg.j2 dest={{ nrpe_include_dir }}/postfix-nrpe.cfg owner=root group=root mode=0444 + notify: Reload NRPE server + when: postfix_nagios_check + tags: [ 'postfix-relay', 'nagios', 'nrpe' ] + + - name: Ensure that postfix is started and enabled + service: name=postfix state=started enabled=yes + when: postfix_enabled + + - name: Ensure that postfix is stopped and disabled + service: name=postfix state=stopped enabled=no + when: not postfix_enabled + + when: postfix_install_packages + tags: postfix-relay + +- block: + + - name: Remove postfix and libsas + action: apt pkg={{ item }} state=absent + with_items: + - postfix + - libsasl2-2 + + when: not postfix_install_packages + tags: postfix-relay diff --git a/postfix-relay/templates/postfix-nrpe.cfg.j2 b/postfix-relay/templates/postfix-nrpe.cfg.j2 new file mode 100644 index 00000000..65d2fdcd --- /dev/null +++ b/postfix-relay/templates/postfix-nrpe.cfg.j2 @@ -0,0 +1,4 @@ +# Postfix mailq +command[postfix_check_mailqueue]=/usr/bin/sudo {{ nagios_plugins_dir }}/check_postfix_mailqueue -w {{ nagios_postfix_mailq_w }} -c {{ nagios_postfix_mailq_c }} +# Postfix processed +command[postfix_check_processed]=/usr/bin/sudo {{ nagios_plugins_dir }}/check_postfix_processed -w {{ nagios_postfix_processed_w }} -c {{ nagios_postfix_processed_c }}