2017-09-20 16:56:49 +08:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
trap "exit" INT TERM
|
|
|
|
trap "kill 0" EXIT
|
|
|
|
|
|
|
|
# Prepare
|
|
|
|
BACKGROUND_TASKS=()
|
|
|
|
|
2017-10-03 18:05:38 +08:00
|
|
|
if [[ "${USE_WATCHDOG}" =~ ^([nN][oO]|[nN])+$ ]]; then
|
2017-10-03 18:07:48 +08:00
|
|
|
echo -e "$(date) - USE_WATCHDOG=n, skipping watchdog..."
|
2017-10-03 18:05:38 +08:00
|
|
|
sleep 365d
|
|
|
|
exec $(readlink -f "$0")
|
|
|
|
fi
|
|
|
|
|
2017-09-20 16:56:49 +08:00
|
|
|
# Checks pipe their corresponding container name in this pipe
|
|
|
|
if [[ ! -p /tmp/com_pipe ]]; then
|
|
|
|
mkfifo /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Common functions
|
|
|
|
progress() {
|
|
|
|
SERVICE=${1}
|
|
|
|
TOTAL=${2}
|
|
|
|
CURRENT=${3}
|
|
|
|
DIFF=${4}
|
|
|
|
[[ -z ${DIFF} ]] && DIFF=0
|
|
|
|
[[ -z ${TOTAL} || -z ${CURRENT} ]] && return
|
|
|
|
[[ ${CURRENT} -gt ${TOTAL} ]] && return
|
|
|
|
[[ ${CURRENT} -lt 0 ]] && CURRENT=0
|
2017-09-21 05:24:56 +08:00
|
|
|
PERCENT=$(( 200 * ${CURRENT} / ${TOTAL} % 2 + 100 * ${CURRENT} / ${TOTAL} ))
|
2017-12-09 20:15:24 +08:00
|
|
|
redis-cli -h redis LPUSH WATCHDOG_LOG "{\"time\":\"$(date +%s)\",\"service\":\"${SERVICE}\",\"lvl\":\"${PERCENT}\",\"hpnow\":\"${CURRENT}\",\"hptotal\":\"${TOTAL}\",\"hpdiff\":\"${DIFF}\"}" > /dev/null
|
|
|
|
log_msg "${SERVICE} health level: ${PERCENT}% (${CURRENT}/${TOTAL}), health trend: ${DIFF}" no_redis
|
2017-09-20 16:56:49 +08:00
|
|
|
}
|
|
|
|
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg() {
|
2017-12-09 20:15:24 +08:00
|
|
|
if [[ ${2} != "no_redis" ]]; then
|
|
|
|
redis-cli -h redis LPUSH WATCHDOG_LOG "{\"time\":\"$(date +%s)\",\"message\":\"$(printf '%s' "${1}" | \
|
|
|
|
tr '%&;$"_[]{}-\r\n' ' ')\"}" > /dev/null
|
|
|
|
fi
|
2017-11-14 17:44:00 +08:00
|
|
|
echo $(date) $(printf '%s\n' "${1}")
|
|
|
|
}
|
|
|
|
|
2017-10-06 05:38:33 +08:00
|
|
|
function mail_error() {
|
|
|
|
[[ -z ${1} ]] && return 1
|
|
|
|
[[ -z ${2} ]] && return 2
|
2018-10-14 06:21:31 +08:00
|
|
|
[[ -z ${3} ]] && BODY="Service was restarted, please check your mailcow installation." || BODY="${3}"
|
2017-10-06 05:38:33 +08:00
|
|
|
RCPT_DOMAIN=$(echo ${1} | awk -F @ {'print $NF'})
|
|
|
|
RCPT_MX=$(dig +short ${RCPT_DOMAIN} mx | sort -n | awk '{print $2; exit}')
|
|
|
|
if [[ -z ${RCPT_MX} ]]; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Cannot determine MX for ${1}, skipping email notification..."
|
2017-10-06 05:38:33 +08:00
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
./smtp-cli --missing-modules-ok \
|
2018-10-14 06:21:31 +08:00
|
|
|
--subject="Watchdog: ${2} hit the error rate limit" \
|
|
|
|
--body-plain="${BODY}" \
|
2017-10-06 05:38:33 +08:00
|
|
|
--to=${1} \
|
|
|
|
--from="watchdog@${MAILCOW_HOSTNAME}" \
|
|
|
|
--server="${RCPT_MX}" \
|
|
|
|
--hello-host=${MAILCOW_HOSTNAME}
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Sent notification email to ${1}"
|
2017-10-06 05:38:33 +08:00
|
|
|
}
|
|
|
|
|
2017-09-20 18:27:24 +08:00
|
|
|
get_container_ip() {
|
|
|
|
# ${1} is container
|
2018-05-27 04:19:17 +08:00
|
|
|
CONTAINER_ID=()
|
2018-09-10 03:17:59 +08:00
|
|
|
CONTAINER_IPS=()
|
2017-09-20 18:27:24 +08:00
|
|
|
CONTAINER_IP=
|
2017-09-21 05:24:56 +08:00
|
|
|
LOOP_C=1
|
|
|
|
until [[ ${CONTAINER_IP} =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]] || [[ ${LOOP_C} -gt 5 ]]; do
|
2018-10-14 06:21:31 +08:00
|
|
|
if [ ${IP_BY_DOCKER_API} -eq 0 ]; then
|
|
|
|
CONTAINER_IP=$(dig a "${1}" +short)
|
|
|
|
else
|
|
|
|
sleep 0.5
|
|
|
|
# get long container id for exact match
|
|
|
|
CONTAINER_ID=($(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | tostring == \"${1}\") | .id"))
|
|
|
|
# returned id can have multiple elements (if scaled), shuffle for random test
|
|
|
|
CONTAINER_ID=($(printf "%s\n" "${CONTAINER_ID[@]}" | shuf))
|
|
|
|
if [[ ! -z ${CONTAINER_ID} ]]; then
|
|
|
|
for matched_container in "${CONTAINER_ID[@]}"; do
|
|
|
|
CONTAINER_IPS=($(curl --silent --insecure https://dockerapi/containers/${matched_container}/json | jq -r '.NetworkSettings.Networks[].IPAddress'))
|
|
|
|
for ip_match in "${CONTAINER_IPS[@]}"; do
|
|
|
|
# grep will do nothing if one of these vars is empty
|
|
|
|
[[ -z ${ip_match} ]] && continue
|
|
|
|
[[ -z ${IPV4_NETWORK} ]] && continue
|
|
|
|
# only return ips that are part of our network
|
|
|
|
if ! grep -q ${IPV4_NETWORK} <(echo ${ip_match}); then
|
|
|
|
continue
|
|
|
|
else
|
|
|
|
CONTAINER_IP=${ip_match}
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
[[ ! -z ${CONTAINER_IP} ]] && break
|
2018-09-10 03:17:59 +08:00
|
|
|
done
|
2018-10-14 06:21:31 +08:00
|
|
|
fi
|
2017-11-14 17:44:00 +08:00
|
|
|
fi
|
2017-09-21 05:24:56 +08:00
|
|
|
LOOP_C=$((LOOP_C + 1))
|
2017-09-20 18:27:24 +08:00
|
|
|
done
|
2017-09-21 05:24:56 +08:00
|
|
|
[[ ${LOOP_C} -gt 5 ]] && echo 240.0.0.0 || echo ${CONTAINER_IP}
|
2017-09-20 18:27:24 +08:00
|
|
|
}
|
|
|
|
|
2017-09-20 16:56:49 +08:00
|
|
|
nginx_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
|
|
|
THRESHOLD=16
|
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
2017-09-21 05:24:56 +08:00
|
|
|
host_ip=$(get_container_ip nginx-mailcow)
|
2017-09-20 16:56:49 +08:00
|
|
|
err_c_cur=${err_count}
|
2017-09-21 05:24:56 +08:00
|
|
|
/usr/lib/nagios/plugins/check_http -4 -H ${host_ip} -u / -p 8081 1>&2; err_count=$(( ${err_count} + $? ))
|
2017-09-20 16:56:49 +08:00
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "Nginx" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
2017-09-22 22:40:02 +08:00
|
|
|
diff_c=0
|
2017-09-21 05:24:56 +08:00
|
|
|
sleep $(( ( RANDOM % 30 ) + 10 ))
|
2017-09-20 16:56:49 +08:00
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2018-10-14 06:21:31 +08:00
|
|
|
unbound_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
|
|
|
THRESHOLD=8
|
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
|
|
|
host_ip=$(get_container_ip unbound-mailcow)
|
|
|
|
err_c_cur=${err_count}
|
|
|
|
/usr/lib/nagios/plugins/check_dns -s ${host_ip} -H google.com 1>&2; err_count=$(( ${err_count} + $? ))
|
|
|
|
DNSSEC=$(dig com +dnssec | egrep 'flags:.+ad')
|
|
|
|
if [[ -z ${DNSSEC} ]]; then
|
|
|
|
echo "DNSSEC failure" 1>&2
|
|
|
|
err_count=$(( ${err_count} + 1))
|
|
|
|
else
|
|
|
|
echo "DNSSEC check succeeded" 1>&2
|
|
|
|
fi
|
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "Unbound" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
|
|
|
diff_c=0
|
|
|
|
sleep $(( ( RANDOM % 30 ) + 10 ))
|
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2017-09-20 16:56:49 +08:00
|
|
|
mysql_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
|
|
|
THRESHOLD=12
|
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
2017-09-21 05:24:56 +08:00
|
|
|
host_ip=$(get_container_ip mysql-mailcow)
|
2017-09-20 16:56:49 +08:00
|
|
|
err_c_cur=${err_count}
|
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
|
|
|
/usr/lib/nagios/plugins/check_mysql -s /var/run/mysqld/mysqld.sock -u ${DBUSER} -p ${DBPASS} -d ${DBNAME} 1>&2; err_count=$(( ${err_count} + $? ))
|
|
|
|
/usr/lib/nagios/plugins/check_mysql_query -s /var/run/mysqld/mysqld.sock -u ${DBUSER} -p ${DBPASS} -d ${DBNAME} -q "SELECT COUNT(*) FROM information_schema.tables" 1>&2; err_count=$(( ${err_count} + $? ))
|
2017-09-20 16:56:49 +08:00
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "MySQL/MariaDB" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
2017-09-22 22:40:02 +08:00
|
|
|
diff_c=0
|
2017-09-21 05:24:56 +08:00
|
|
|
sleep $(( ( RANDOM % 30 ) + 10 ))
|
2017-09-20 16:56:49 +08:00
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
sogo_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
2018-10-14 06:21:31 +08:00
|
|
|
THRESHOLD=10
|
2017-09-20 16:56:49 +08:00
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
2017-09-21 05:24:56 +08:00
|
|
|
host_ip=$(get_container_ip sogo-mailcow)
|
2017-09-20 16:56:49 +08:00
|
|
|
err_c_cur=${err_count}
|
2018-04-26 19:51:55 +08:00
|
|
|
/usr/lib/nagios/plugins/check_http -4 -H ${host_ip} -u /SOGo.index/ -p 20000 -R "SOGo\.MainUI" 1>&2; err_count=$(( ${err_count} + $? ))
|
2017-09-20 16:56:49 +08:00
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "SOGo" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
2017-09-22 22:40:02 +08:00
|
|
|
diff_c=0
|
2017-09-21 05:24:56 +08:00
|
|
|
sleep $(( ( RANDOM % 30 ) + 10 ))
|
2017-09-20 16:56:49 +08:00
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
postfix_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
2018-10-14 06:21:31 +08:00
|
|
|
THRESHOLD=8
|
2017-09-20 16:56:49 +08:00
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
2017-10-11 17:23:51 +08:00
|
|
|
host_ip=$(get_container_ip postfix-mailcow)
|
2017-09-20 16:56:49 +08:00
|
|
|
err_c_cur=${err_count}
|
2018-01-09 18:15:52 +08:00
|
|
|
/usr/lib/nagios/plugins/check_smtp -4 -H ${host_ip} -p 589 -f "watchdog@invalid" -C "RCPT TO:null@localhost" -C DATA -C . -R 250 1>&2; err_count=$(( ${err_count} + $? ))
|
2017-09-22 01:30:03 +08:00
|
|
|
/usr/lib/nagios/plugins/check_smtp -4 -H ${host_ip} -p 589 -S 1>&2; err_count=$(( ${err_count} + $? ))
|
2017-09-20 16:56:49 +08:00
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "Postfix" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
2017-09-22 22:40:02 +08:00
|
|
|
diff_c=0
|
2017-09-21 05:24:56 +08:00
|
|
|
sleep $(( ( RANDOM % 30 ) + 10 ))
|
2017-09-20 16:56:49 +08:00
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2018-10-14 06:21:31 +08:00
|
|
|
clamd_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
2018-10-14 20:29:03 +08:00
|
|
|
THRESHOLD=5
|
2018-10-14 06:21:31 +08:00
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
|
|
|
host_ip=$(get_container_ip clamd-mailcow)
|
|
|
|
err_c_cur=${err_count}
|
|
|
|
/usr/lib/nagios/plugins/check_clamd -4 -H ${host_ip} 1>&2; err_count=$(( ${err_count} + $? ))
|
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "Clamd" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
|
|
|
diff_c=0
|
2018-10-14 20:29:03 +08:00
|
|
|
# Don't check Clamd too often
|
|
|
|
sleep 1800
|
2018-10-14 06:21:31 +08:00
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2017-09-20 16:56:49 +08:00
|
|
|
dovecot_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
2018-10-14 06:21:31 +08:00
|
|
|
THRESHOLD=20
|
2017-09-20 16:56:49 +08:00
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
2017-09-21 05:24:56 +08:00
|
|
|
host_ip=$(get_container_ip dovecot-mailcow)
|
2017-09-20 16:56:49 +08:00
|
|
|
err_c_cur=${err_count}
|
2018-01-09 18:15:52 +08:00
|
|
|
/usr/lib/nagios/plugins/check_smtp -4 -H ${host_ip} -p 24 -f "watchdog@invalid" -C "RCPT TO:<watchdog@invalid>" -L -R "User doesn't exist" 1>&2; err_count=$(( ${err_count} + $? ))
|
2017-09-21 05:24:56 +08:00
|
|
|
/usr/lib/nagios/plugins/check_imap -4 -H ${host_ip} -p 993 -S -e "OK " 1>&2; err_count=$(( ${err_count} + $? ))
|
|
|
|
/usr/lib/nagios/plugins/check_imap -4 -H ${host_ip} -p 143 -e "OK " 1>&2; err_count=$(( ${err_count} + $? ))
|
|
|
|
/usr/lib/nagios/plugins/check_tcp -4 -H ${host_ip} -p 10001 -e "VERSION" 1>&2; err_count=$(( ${err_count} + $? ))
|
|
|
|
/usr/lib/nagios/plugins/check_tcp -4 -H ${host_ip} -p 4190 -e "Dovecot ready" 1>&2; err_count=$(( ${err_count} + $? ))
|
2017-09-20 16:56:49 +08:00
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "Dovecot" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
2017-09-22 22:40:02 +08:00
|
|
|
diff_c=0
|
2017-09-21 05:24:56 +08:00
|
|
|
sleep $(( ( RANDOM % 30 ) + 10 ))
|
2017-09-20 16:56:49 +08:00
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
|
|
|
phpfpm_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
2018-10-14 06:21:31 +08:00
|
|
|
THRESHOLD=5
|
2017-09-20 16:56:49 +08:00
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
2017-09-21 05:24:56 +08:00
|
|
|
host_ip=$(get_container_ip php-fpm-mailcow)
|
2017-09-20 16:56:49 +08:00
|
|
|
err_c_cur=${err_count}
|
2018-04-26 19:51:55 +08:00
|
|
|
nc -z ${host_ip} 9001 ; err_count=$(( ${err_count} + ($? * 2)))
|
|
|
|
nc -z ${host_ip} 9002 ; err_count=$(( ${err_count} + ($? * 2)))
|
2017-09-20 16:56:49 +08:00
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "PHP-FPM" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
2017-09-22 22:40:02 +08:00
|
|
|
diff_c=0
|
2017-09-21 05:24:56 +08:00
|
|
|
sleep $(( ( RANDOM % 30 ) + 10 ))
|
2017-09-20 16:56:49 +08:00
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2018-10-14 06:21:31 +08:00
|
|
|
cert_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
|
|
|
THRESHOLD=1
|
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
|
|
|
host_ip=$(get_container_ip nginx-mailcow)
|
|
|
|
err_c_cur=${err_count}
|
|
|
|
/usr/lib/nagios/plugins/check_http -H ${host_ip} -p ${HTTPS_PORT} -C 15 1>&2; err_count=$(( ${err_count} + $? ))
|
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "TLS certificate" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
|
|
|
diff_c=0
|
|
|
|
# Sleep 1 day, fixme: 1 day lag
|
|
|
|
sleep 86400
|
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2017-09-22 01:30:03 +08:00
|
|
|
rspamd_checks() {
|
|
|
|
err_count=0
|
|
|
|
diff_c=0
|
2018-10-14 06:21:31 +08:00
|
|
|
THRESHOLD=5
|
2017-09-22 01:30:03 +08:00
|
|
|
# Reduce error count by 2 after restarting an unhealthy container
|
|
|
|
trap "[ ${err_count} -gt 1 ] && err_count=$(( ${err_count} - 2 ))" USR1
|
|
|
|
while [ ${err_count} -lt ${THRESHOLD} ]; do
|
|
|
|
host_ip=$(get_container_ip rspamd-mailcow)
|
|
|
|
err_c_cur=${err_count}
|
2018-09-30 15:53:25 +08:00
|
|
|
SCORE=$(/usr/bin/curl -s --data-binary @- --unix-socket /var/lib/rspamd/rspamd.sock http://rspamd/scan -d '
|
2017-09-22 01:30:03 +08:00
|
|
|
To: null@localhost
|
|
|
|
From: watchdog@localhost
|
|
|
|
|
|
|
|
Empty
|
|
|
|
' | jq -rc .required_score)
|
|
|
|
if [[ ${SCORE} != "9999" ]]; then
|
|
|
|
echo "Rspamd settings check failed" 1>&2
|
|
|
|
err_count=$(( ${err_count} + 1))
|
|
|
|
else
|
|
|
|
echo "Rspamd settings check succeeded" 1>&2
|
|
|
|
fi
|
|
|
|
[ ${err_c_cur} -eq ${err_count} ] && [ ! $((${err_count} - 1)) -lt 0 ] && err_count=$((${err_count} - 1)) diff_c=1
|
|
|
|
[ ${err_c_cur} -ne ${err_count} ] && diff_c=$(( ${err_c_cur} - ${err_count} ))
|
|
|
|
progress "Rspamd" ${THRESHOLD} $(( ${THRESHOLD} - ${err_count} )) ${diff_c}
|
2017-09-22 22:40:02 +08:00
|
|
|
diff_c=0
|
2017-09-22 01:30:03 +08:00
|
|
|
sleep $(( ( RANDOM % 30 ) + 10 ))
|
|
|
|
done
|
|
|
|
return 1
|
|
|
|
}
|
|
|
|
|
2017-09-20 16:56:49 +08:00
|
|
|
# Create watchdog agents
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! nginx_checks; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Nginx hit error limit"
|
2017-10-06 05:38:33 +08:00
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "nginx-mailcow"
|
2017-09-20 16:56:49 +08:00
|
|
|
echo nginx-mailcow > /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! mysql_checks; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "MySQL hit error limit"
|
2017-10-06 05:38:33 +08:00
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "mysql-mailcow"
|
2017-09-20 16:56:49 +08:00
|
|
|
echo mysql-mailcow > /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! phpfpm_checks; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "PHP-FPM hit error limit"
|
2017-10-06 05:38:33 +08:00
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "php-fpm-mailcow"
|
2017-09-20 16:56:49 +08:00
|
|
|
echo php-fpm-mailcow > /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! sogo_checks; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "SOGo hit error limit"
|
2017-10-06 05:38:33 +08:00
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "sogo-mailcow"
|
2017-09-20 16:56:49 +08:00
|
|
|
echo sogo-mailcow > /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
2018-10-14 06:21:31 +08:00
|
|
|
if [ ${CHECK_UNBOUND} -eq 1 ]; then
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! unbound_checks; then
|
|
|
|
log_msg "Unbound hit error limit"
|
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "unbound-mailcow"
|
|
|
|
echo unbound-mailcow > /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [[ "${SKIP_CLAMD}" =~ ^([nN][oO]|[nN])+$ ]]; then
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! clamd_checks; then
|
|
|
|
log_msg "Clamd hit error limit"
|
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "clamd-mailcow"
|
|
|
|
echo clamd-mailcow > /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
fi
|
|
|
|
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! cert_checks; then
|
|
|
|
log_msg "TLS certificate hit error limit"
|
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "TLS check" "TLS certificate expires soon!"
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
2017-09-20 16:56:49 +08:00
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! postfix_checks; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Postfix hit error limit"
|
2017-10-06 05:38:33 +08:00
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "postfix-mailcow"
|
2017-09-20 16:56:49 +08:00
|
|
|
echo postfix-mailcow > /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! dovecot_checks; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Dovecot hit error limit"
|
2017-10-06 05:38:33 +08:00
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "dovecot-mailcow"
|
2017-09-20 16:56:49 +08:00
|
|
|
echo dovecot-mailcow > /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
2017-09-22 01:30:03 +08:00
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
if ! rspamd_checks; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Rspamd hit error limit"
|
2017-10-06 05:38:33 +08:00
|
|
|
[[ ! -z ${WATCHDOG_NOTIFY_EMAIL} ]] && mail_error "${WATCHDOG_NOTIFY_EMAIL}" "rspamd-mailcow"
|
2017-09-22 01:30:03 +08:00
|
|
|
echo rspamd-mailcow > /tmp/com_pipe
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
BACKGROUND_TASKS+=($!)
|
|
|
|
|
2017-09-20 16:56:49 +08:00
|
|
|
# Monitor watchdog agents, stop script when agents fails and wait for respawn by Docker (restart:always:n)
|
|
|
|
(
|
|
|
|
while true; do
|
|
|
|
for bg_task in ${BACKGROUND_TASKS[*]}; do
|
2017-10-15 05:26:08 +08:00
|
|
|
if ! kill -0 ${bg_task} 1>&2; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Worker ${bg_task} died, stopping watchdog and waiting for respawn..."
|
2017-10-15 05:26:08 +08:00
|
|
|
kill -TERM 1
|
2017-09-20 16:56:49 +08:00
|
|
|
fi
|
2017-10-15 05:26:08 +08:00
|
|
|
sleep 10
|
2017-09-20 16:56:49 +08:00
|
|
|
done
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
|
2017-10-27 17:22:39 +08:00
|
|
|
# Monitor dockerapi
|
|
|
|
(
|
|
|
|
while true; do
|
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
|
|
|
while nc -z dockerapi 443; do
|
2017-10-27 17:22:39 +08:00
|
|
|
sleep 3
|
|
|
|
done
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Cannot find dockerapi-mailcow, waiting to recover..."
|
2017-10-27 17:22:39 +08:00
|
|
|
kill -STOP ${BACKGROUND_TASKS[*]}
|
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
|
|
|
until nc -z dockerapi 443; do
|
2017-10-27 17:22:39 +08:00
|
|
|
sleep 3
|
|
|
|
done
|
|
|
|
kill -CONT ${BACKGROUND_TASKS[*]}
|
|
|
|
kill -USR1 ${BACKGROUND_TASKS[*]}
|
|
|
|
done
|
|
|
|
) &
|
|
|
|
|
2017-09-20 16:56:49 +08:00
|
|
|
# Restart container when threshold limit reached
|
|
|
|
while true; do
|
|
|
|
CONTAINER_ID=
|
|
|
|
read com_pipe_answer </tmp/com_pipe
|
|
|
|
if [[ ${com_pipe_answer} =~ .+-mailcow ]]; then
|
|
|
|
kill -STOP ${BACKGROUND_TASKS[*]}
|
|
|
|
sleep 3
|
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
|
|
|
CONTAINER_ID=$(curl --silent --insecure https://dockerapi/containers/json | jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | jq -rc "select( .name | tostring | contains(\"${com_pipe_answer}\")) | .id")
|
2017-09-20 16:56:49 +08:00
|
|
|
if [[ ! -z ${CONTAINER_ID} ]]; then
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Sending restart command to ${CONTAINER_ID}..."
|
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
|
|
|
curl --silent --insecure -XPOST https://dockerapi/containers/${CONTAINER_ID}/restart
|
2017-09-20 16:56:49 +08:00
|
|
|
fi
|
2017-11-14 17:44:00 +08:00
|
|
|
log_msg "Wait for restarted container to settle and continue watching..."
|
2017-09-20 16:56:49 +08:00
|
|
|
sleep 30s
|
|
|
|
kill -CONT ${BACKGROUND_TASKS[*]}
|
|
|
|
kill -USR1 ${BACKGROUND_TASKS[*]}
|
|
|
|
fi
|
|
|
|
done
|