blog
Table des matières
16 billet(s) pour mai 2025
| Notes memcache | 2025/05/27 12:51 | Jean-Baptiste |
| Vim comme éditeur par defaut | 2025/05/27 10:20 | Jean-Baptiste |
| Notes git et cerfificats HTTPS | 2025/05/26 15:47 | Jean-Baptiste |
| Notes réseaux | 2025/05/26 10:06 | Jean-Baptiste |
| Notes protocol FTP | 2025/05/22 15:31 | Jean-Baptiste |
| Notes Webasm Wasm WebAssembly | 2025/05/20 17:31 | Jean-Baptiste |
| Bash et Programmation Fonctionnelle | 2025/05/19 17:01 | Jean-Baptiste |
| Notes P2P | 2025/05/17 23:17 | Jean-Baptiste |
| Notes Python - programmation fonctionnelle - curry curryfication currying | 2025/05/17 14:14 | Jean-Baptiste |
| Notes Communication inter-processus RPC | 2025/05/15 12:13 | Jean-Baptiste |
| Notes nested virtualization | 2025/05/15 12:06 | Jean-Baptiste |
| Notes IPython derrière un reverse proxy | 2025/05/14 03:22 | Jean-Baptiste |
| Notes install IPython sous Android avec Termux | 2025/05/14 03:22 | Jean-Baptiste |
| Notes fichiers - binaire executable exe elf | 2025/05/06 14:48 | Jean-Baptiste |
| Notes HTML | 2025/05/03 10:02 | Jean-Baptiste |
| Notes IPFS | 2025/05/01 01:56 | Jean-Baptiste |
Git - Duplication d'un dépôt
git clone --bare https://github.com/EXAMPLE-USER/OLD-REPOSITORY.git cd OLD-REPOSITORY git push --mirror https://github.com/EXAMPLE-USER/NEW-REPOSITORY.git cd .. rm -rf OLD-REPOSITORY
Source : https://docs.github.com/en/repositories/creating-and-managing-repositories/duplicating-a-repository
Autres
git clone https://git.plop.org/depot.git cd depot #git pull --all git remote remove origin git remote add origin https://git.acme.fr/plop/depot.git git push -u origin --all # git push -u origin --mirror
Exemple simple de conf Nagios
Voir :
Voir aussi :
Arborescence proposée
Le fichier de conf principale appelant tous les autres :
- etc/nagios.cfg
Fichier contenant les commandes à exécuter :
- etc/objects/commands.cfg
Ce fichier ne doit pas contenir de mot de passe.
Le fichier contenant les mots de passe utilisés par commands.cfg :
- etc/resource.cfg
Ce fichier ne devrait être en lecture que pour l'utilisateur “nagios”
Fichiers de conf basiques modifiés peu souvent :
- etc/objects/templates.cfg
- etc/objects/timeperiods.cfg
- etc/objects/contacts.cfg
- etc/objects/localhost.cfg
Fichier de conf contenant la liste des hôtes à superviser :
- etc/objects/servers.cfg
Il est possible d'avoir plusieurs fichiers de ce genre. Exemple : switch.cfg, printer.cfg, windows.cfg…
Le nom des fichiers cfg est libre, mais ils doivent être appelés par nagios.cfg
Exemple de conf
Fichier de conf principale nagios.cfg
Extrait
nagios.cfg
#cfg_file=/usr/local/nagios/etc/objects/commands.cfg #cfg_file=/usr/local/nagios/etc/objects/contacts.cfg #cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg #cfg_file=/usr/local/nagios/etc/objects/templates.cfg #cfg_file=/usr/local/nagios/etc/objects/localhost.cfg #cfg_file=/usr/local/nagios/etc/objects/servers.cfg #cfg_file=/usr/local/nagios/etc/objects/windows.cfg #cfg_file=/usr/local/nagios/etc/objects/switch.cfg cfg_dir=/usr/local/nagios/etc/objects/ resource_file=/usr/local/nagios/etc/resource.cfg nagios_user=nagios nagios_group=nagios check_external_commands=1 max_concurrent_checks=0 retain_state_information=0 enable_flap_detection=1 date_format=iso8601 use_syslog=1 log_file=/usr/local/nagios/var/nagios.log debug_level=0 debug_file=/usr/local/nagios/var/nagios.debug
Fichier commands.cfg
commands.cfg
# 'check-host-alive' command definition define command { command_name check-host-alive command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5 } # 'notify-service-by-email' command definition define command { command_name notify-service-by-email command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | /bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$ } # 'notify-host-by-email' command definition define command { command_name notify-host-by-email command_line /usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$ } # NOTE: The following 'check_local_...' functions are designed to monitor # various metrics on the host that Nagios is running on (i.e. this one). define command { command_name check_local_users command_line $USER1$/check_users -w $ARG1$ -c $ARG2$ } define command { command_name check_centreon_snmp_linux_mem command_line $USER1$/centreon_plugins --plugin=os::linux::snmp::plugin --hostname=$HOSTADDRESS$ --snmp-version=3 --snmp-username $USER6$ --authprotocol MD5 --authpassphrase "$USER7$" --mode=memory --warning-usage-prct $ARG1$ --critical-usage-prct $ARG2$ } #define command { # command_name check_active_router # command_line $USER1$/check_snmp_active_router.sh -v 3 -a MD5 -A "$USER4$" -l authNoPriv -u $USER3$ #} #define command { # command_name trigger_memory # command_line /usr/bin/tclsh $USER1$/eventhandlers/app_snmp_pxy.tcl MEM $HOSTNAME$ $SERVICEDESC$ #$SERVICESTATE$ #}
Ce fichier contient les commandes qui seront exécutées.
Tous les scripts ne renvoyant que des données locales (de localhost), et donc ne contenant pas $HOSTADDRESS$, devraient avoir en command_name le préfixe “check_local_”
Seul le fichier localhost.cfg devrait faire appel aux commandes “check_local_*”
Fichier contenant les Templates
templates.cfg
define contact { name generic-contact ; The name of this contact template service_notification_period 24x7 ; service notifications can be sent anytime host_notification_period 24x7 ; host notifications can be sent anytime service_notification_options w,u,c,r,f,s ; send notifications for all service states, flapping events, and scheduled downtime events host_notification_options d,u,r,f,s ; send notifications for all host states, flapping events, and scheduled downtime events service_notification_commands notify-service-by-email ; send service notifications via email host_notification_commands notify-host-by-email ; send host notifications via email register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL CONTACT, JUST A TEMPLATE! } # Generic host definition template - This is NOT a real host, just a template! define host { name generic-host ; The name of this host template notifications_enabled 1 ; Host notifications are enabled event_handler_enabled 1 ; Host event handler is enabled flap_detection_enabled 1 ; Flap detection is enabled failure_prediction_enabled 1 ; Failure prediction is enabled process_perf_data 1 ; Process performance data retain_status_information 1 ; Retain status information across program restarts retain_nonstatus_information 1 ; Retain non-status information across program restarts notification_period 24x7 ; Send host notifications at any time register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE! } define host { name linux-server ; The name of this host template use generic-host ; This template inherits other values from the generic-host template check_period 24x7 ; By default, Linux hosts are checked round the clock check_interval 5 ; Actively check the host every 5 minutes retry_interval 1 ; Schedule host check retries at 1 minute intervals max_check_attempts 10 ; Check each Linux host 10 times (max) check_command check-host-alive ; Default command to check Linux hosts notification_period workhours ; Linux admins hate to be woken up, so we only notify during the day ; Note that the notification_period variable is being overridden from ; the value that is inherited from the generic-host template! notification_interval 120 ; Resend notifications every 2 hours notification_options d,u,r ; Only send notifications for specific host states contact_groups admins ; Notifications get sent to the admins by default register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST, JUST A TEMPLATE! } # Custom define host { name tpl-host-linux use linux-server hostgroups linux-hosts register 0 } define service { name generic-service ; The 'name' of this service template active_checks_enabled 1 ; Active service checks are enabled passive_checks_enabled 1 ; Passive service checks are enabled/accepted parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems) obsess_over_service 1 ; We should obsess over this service (if necessary) check_freshness 0 ; Default is to NOT check service 'freshness' notifications_enabled 1 ; Service notifications are enabled event_handler_enabled 1 ; Service event handler is enabled flap_detection_enabled 1 ; Flap detection is enabled failure_prediction_enabled 1 ; Failure prediction is enabled process_perf_data 1 ; Process performance data retain_status_information 1 ; Retain status information across program restarts retain_nonstatus_information 1 ; Retain non-status information across program restarts is_volatile 0 ; The service is not volatile check_period 24x7 ; The service can be checked at any time of the day max_check_attempts 3 ; Re-check the service up to 3 times in order to determine its final (hard) state normal_check_interval 10 ; Check the service every 10 minutes under normal conditions retry_check_interval 2 ; Re-check the service every two minutes until a hard state can be determined contact_groups admins ; Notifications get sent out to everyone in the 'admins' group notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events notification_interval 60 ; Re-notify about service problems every hour notification_period 24x7 ; Notifications can be sent out at any time register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE! } # Local service definition template - This is NOT a real service, just a template! define service { name local-service ; The name of this service template use generic-service ; Inherit default values from the generic-service definition max_check_attempts 4 ; Re-check the service up to 4 times in order to determine its final (hard) state normal_check_interval 5 ; Check the service every 5 minutes under normal conditions retry_check_interval 1 ; Re-check the service every minute until a hard state can be determined register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL SERVICE, JUST A TEMPLATE! } # Custom define service { name tpl-service-mca1 max_check_attempts 1 normal_check_interval 1 retry_check_interval 1 check_period 24x7 notification_interval 2000 notification_period 24x7 notification_options w,c,r contact_groups admins register 0 }
Ce fichier devrait être dédié aux Templates. Chaque bloque devrait contenir register 0.
Pour utiliser un template il faut utiliser la directive “use”. Nous verons des exemples dans la suite.
Pour tous les nouveaux objets templates, nous recommandons pour une meilleurs lisibilité de leurs appliquer une convention de nommage spécifique. Par exemple en les préfixant par “tpl-”
Passons rapidement sur timeperiods.cfg & contacts.cfg
timeperiods.cfg
# This defines a timeperiod where all times are valid for checks, # notifications, etc. The classic "24x7" support nightmare. :-) define timeperiod { timeperiod_name 24x7 alias 24 Hours A Day, 7 Days A Week sunday 00:00-24:00 monday 00:00-24:00 tuesday 00:00-24:00 wednesday 00:00-24:00 thursday 00:00-24:00 friday 00:00-24:00 saturday 00:00-24:00 } # 'workhours' timeperiod definition define timeperiod { timeperiod_name workhours alias Normal Work Hours monday 09:00-17:00 tuesday 09:00-17:00 wednesday 09:00-17:00 thursday 09:00-17:00 friday 09:00-17:00 }
contacts.cfg
define contact { contact_name nagiosadmin ; Short name of user use generic-contact ; Inherit default values from generic-contact template (defined above) alias Nagios Admin ; Full name of user email nagios@localhost ; <<***** CHANGE THIS TO YOUR EMAIL ADDRESS ****** } define contactgroup { contactgroup_name admins alias Nagios Administrators members nagiosadmin }
Notez ici la directive “use” parmetant d“hétirer du template.
Fichier localhost.cfg
localhost.cfg
define host { use linux-server ; Name of host template to use ; This host definition will inherit all variables that are defined ; in (or inherited by) the linux-server host template definition. host_name localhost alias localhost address 127.0.0.1 } define hostgroup { hostgroup_name linux-servers ; The name of the hostgroup alias Linux Servers ; Long name of the group members localhost ; Comma separated list of hosts that belong to this group } define service { use local-service ; Name of service template to use host_name localhost service_description Current Users check_command check_local_users!20!50 }
Toutes les commandes présentent dans ce fichier devraient avoir pour check_command “check_local_”. Voir commands.cfg
Fichier servers.cfg
servers.cfg
define host { host_name srv01 use tpl-host-linux alias srv01 } define host { host_name srv02 use tpl-host-linux alias srv01 } define hostgroup { hostgroup_name linux-hosts alias Linux Servers } define hostgroup { hostgroup_name RED alias RedondanceEnvLogique members srv01 } define hostgroup { hostgroup_name App alias ReseauGlobalApp # hostgroup_members linux-hosts, Switchs, Routeurs, printer-hosts hostgroup_members linux-hosts } define service { service_description Memory use tpl-service-mca1 hostgroup_name linux-hosts check_command check_centreon_snmp_linux_mem!80!90 # event_handler trigger_memory }
Notez que un hostgroup peut inclure des hôtes avec members
ou d'autres hostgroups avec hostgroup_members
Souvent on préférera utliser les templates à l'aide de la directive “use”. Voir notre exemple avec tpl-host-linux
Vérification de la conf
Vérif
/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
Commandes
Trouver les commandes non utilisées
for CMD in $(grep command_name etc/objects/commands.cfg | grep -v "^#" |awk '{ print $2}' | sort -u) ; do grep -q "$CMD" $(find etc/objects/ -type f -not -name commands.cfg) || echo $CMD; done
Trouver les commandes en double
diff <(grep -v ^# etc/objects/commands.cfg | awk '/command_name/ { print $NF }' | sort) <(grep -v ^# etc/objects/commands.cfg | awk '/command_name/ { print $NF }' | sort -u)
Sondes locales
Toutes les sondes locales (qui remonte des infos du host sur lequel le script est exécuté) devraient avoir un command_name commençant par “check_local_”
Sauf exception seules les fichiers suivants devraient contenir ce motif
$ rgrep -l check_local_ * objects/commands.cfg objects/localhost.cfg
Même chose avec les local-service
$ rgrep -l local-service * objects/templates.cfg objects/localhost.cfg
templates.cfg
- Tous les bloques de code
register 0devraient être dans le fichier templates.cfg - Tous les bloques de code présent dans le fichier templates.cfg devrait avoir
register 0
Autres conditions
- Pour toute directive “use” il doit y avoir un template corespondant (template.cfg)
- Pour chaque “check_command” il doit y avoir une entrée “command_name” correspondante (commands.cfg)
- Tous les noms indiqués par la directive “name” dans les objets de type “host” doivent être résolvables
Pb - Podman kind conmon - ERROR failed to create cluster
Sur Almalinux 8 : Podman Kind en userland depuis yum update
$ systemd-run --scope --user kind create cluster
Running scope as unit: run-r23f26f576bf84c9d8b8865500db7ee30.scope
using podman due to KIND_EXPERIMENTAL_PROVIDER
enabling experimental podman provider
Creating cluster "kind" ...
✓ Ensuring node image (kindest/node:v1.34.0) 🖼
✗ Preparing nodes 📦
Deleted nodes: ["kind-control-plane"]
ERROR: failed to create cluster: command "podman run --name kind-control-plane --hostname kind-control-plane --label io.x-k8s.kind.role=control-plane --privileged --tmpfs /tmp --tmpfs /run --volume 5ba6775d028f278398ee53a1fcc617c5ccb69621a9ef7c683465477179cc1107:/var:suid,exec,dev --volume /lib/modules:/lib/modules:ro -e KIND_EXPERIMENTAL_CONTAINERD_SNAPSHOTTER --detach --tty --net kind --label io.x-k8s.kind.cluster=kind -e container=podman --cgroupns=private -e http_proxy=http://192.168.10.221:3128/ -e HTTPS_PROXY=http://192.168.10.221:3128/ -e https_proxy=http://192.168.10.221:3128/ -e NO_PROXY=fc00:f853:ccd:e793::/64,10.89.0.0/24,127.0.0.1,localhost,10.96.0.0/16,10.244.0.0/16,kind-control-plane,.svc,.svc.cluster,.svc.cluster.local -e no_proxy=fc00:f853:ccd:e793::/64,10.89.0.0/24,127.0.0.1,localhost,10.96.0.0/16,10.244.0.0/16,kind-control-plane,.svc,.svc.cluster,.svc.cluster.local -e HTTP_PROXY=http://192.168.10.221:3128/ --volume /dev/mapper:/dev/mapper --device /dev/fuse --publish=127.0.0.1:41353:6443/tcp -e KUBECONFIG=/etc/kubernetes/admin.conf docker.io/kindest/node@sha256:7416a61b42b1662ca6ca89f02028ac133a309a2a30ba309614e8ec94d976dc5a" failed with error: exit status 126
Command Output: Error: container create failed (no logs from conmon): conmon bytes "": readObjectStart: expect { or n, but found , error found in #0 byte of ...||..., bigger context ...||...
Vraisemblablement la version de Podman n'est pas compatible avec la version de conmon.
Solution
- Passer à Almalinux 10
- Ne pas faire
systemd-run --scope --user kind create clustermaiskind create cluster
blog.txt · Dernière modification : de 127.0.0.1