From 8f630bbb4003b78855bf29e1276bdead1267f20e Mon Sep 17 00:00:00 2001
From: Jean-Yves LEBLEU <jlebleu@gmail.com>
Date: Thu, 9 Dec 2021 17:50:47 +0100
Subject: [PATCH] Enable application data volume to be monitored

Added documentation
Added some default variables in base server role
---
 doc/README.md                                 |  8 +++++--
 doc/hosts.prod                                | 22 ++++++++++++++++++-
 .../project_installation}/readme.md           |  0
 roles/_app_monit/README.md                    | 10 +++++++++
 roles/_app_monit/defaults/main.yml            |  2 ++
 roles/_app_monit/handlers/main.yml            |  6 +++++
 roles/_app_monit/tasks/install.yml            |  7 ++----
 roles/_app_monit/tasks/main.yml               |  6 +++++
 roles/_app_monit/tasks/uninstall.yml          |  6 +----
 roles/_app_monit/templates/app_monit.j2       |  5 +++++
 roles/base_server/defaults/main.yml           |  9 ++++++++
 11 files changed, 68 insertions(+), 13 deletions(-)
 rename {project_installation => doc/project_installation}/readme.md (100%)
 create mode 100644 roles/_app_monit/handlers/main.yml

diff --git a/doc/README.md b/doc/README.md
index 0fa64771..88217ad7 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -8,6 +8,10 @@ Better than all, try it following [quickstart.md](./quickstart.md "The quickstar
 
 Base configuration file for inventory.py and play.py utilities is here : [paquerette_utils.conf.yml](./paquerette_utils.conf.yml "The best configuration file you ever read") and should be copied when easily filled with your host list into the install directory
 
-Base server configuration file is here : [host_template.yml](./host_template.yml "The template of the century")
+Host configuration file is here : [host_template.yml](./host_template.yml "The template of the century")
 
-Sample for production server inventory is here : [hosts.prod](./hosts.prod "The ultimate revelation")
\ No newline at end of file
+Base server configuration file : [base_server_template.yml]() to be copied in group_vars/base_server/baser_serve.yml
+
+Sample for production server inventory is here : [hosts.prod](./hosts.prod "The ultimate revelation")
+
+If you want to user ansible paquerette roles in your own project follows [how to setup your own project](./project_installation/readme.md)
\ No newline at end of file
diff --git a/doc/hosts.prod b/doc/hosts.prod
index 4368140e..fbd76f05 100644
--- a/doc/hosts.prod
+++ b/doc/hosts.prod
@@ -2,11 +2,24 @@
 ### hosts
 prodhost1 hostvar=...
 prodhost2 hostvar=...
+prodhost3 hostvar=...
 
 testhost1 hostvar=...
 
 ### groups
 
+[secured]
+prodhost1
+prodhost2
+prodhost3
+
+[application_servers]
+prodhost1
+prodhost3
+
+[large_hosts]
+prodhost3
+
 [test]
 testhost1
 
@@ -22,4 +35,11 @@ prod
 test
 
 [secret:children]
-base_server
\ No newline at end of file
+base_server
+
+[all:vars]
+#
+# default for new machines
+#
+ansible_user=....
+ansible_ssh_private_key_file=..........
diff --git a/project_installation/readme.md b/doc/project_installation/readme.md
similarity index 100%
rename from project_installation/readme.md
rename to doc/project_installation/readme.md
diff --git a/roles/_app_monit/README.md b/roles/_app_monit/README.md
index cee3710b..179fbacc 100644
--- a/roles/_app_monit/README.md
+++ b/roles/_app_monit/README.md
@@ -5,6 +5,16 @@
   - monit_expect: expected string expression in http response (regular expression)
   - monit_timeout : **3**
 
+## monitoring a data volume 
+
+When an application instance uses its own data volume you may define 
+
+- **volume_name** is the volume to be monitored
+- **volume_path** with default to "/mnt/{{ volume_name }}
+
+Usage alert threshold is set to **monit_system_data_partition_usage** defined in base_server_template.yml
+
+
 uses 
 - [monit](https://mmonit.com/documentation/)
 - http_check utility (see templates)
diff --git a/roles/_app_monit/defaults/main.yml b/roles/_app_monit/defaults/main.yml
index 83f26431..d1356233 100644
--- a/roles/_app_monit/defaults/main.yml
+++ b/roles/_app_monit/defaults/main.yml
@@ -7,4 +7,6 @@
   monit_timeout: 3
   # default status 200
   monit_status: ""
+  # default volumes
+  volume_path: "/mnt/{{ volume_name | default()}}"
 
diff --git a/roles/_app_monit/handlers/main.yml b/roles/_app_monit/handlers/main.yml
new file mode 100644
index 00000000..d1da6932
--- /dev/null
+++ b/roles/_app_monit/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: reload monit app monit
+  service: name=monit state=reloaded
+  tags: 
+    - always
\ No newline at end of file
diff --git a/roles/_app_monit/tasks/install.yml b/roles/_app_monit/tasks/install.yml
index 616a868e..e0b3db7a 100644
--- a/roles/_app_monit/tasks/install.yml
+++ b/roles/_app_monit/tasks/install.yml
@@ -10,13 +10,10 @@
       src: "http_check.py.j2"
       dest: "{{ base_prod_options }}/http_check/http_check.py"
       mode: "755"
+    notify: reload monit app monit
 
   - name: "monitoring configuration for {{ app_domain }}"
     template:
       src: "app_monit.j2"
       dest: "/etc/monit/conf.d/{{ app_instance_id }}.conf"
-    register: monit_conf
-
-  - name: reload monit
-    service: name=monit state=reloaded
-    when: monit_conf.changed
+    notify: reload monit app monit
diff --git a/roles/_app_monit/tasks/main.yml b/roles/_app_monit/tasks/main.yml
index 50001f2b..197ce89e 100644
--- a/roles/_app_monit/tasks/main.yml
+++ b/roles/_app_monit/tasks/main.yml
@@ -7,3 +7,9 @@
 - import_tasks: uninstall.yml
   when: app_run == 'uninstall'
   tags: _app_monit
+
+- name: ensure monit is started
+  service:
+    name: monit
+    state: started
+  tags: _app_monit
diff --git a/roles/_app_monit/tasks/uninstall.yml b/roles/_app_monit/tasks/uninstall.yml
index 3a2195e6..c0c64549 100644
--- a/roles/_app_monit/tasks/uninstall.yml
+++ b/roles/_app_monit/tasks/uninstall.yml
@@ -4,8 +4,4 @@
     file:
       path: "/etc/monit/conf.d/{{ app_instance_id }}.conf"
       state: absent
-    register: monit_conf
-
-  - name: reload monit
-    service: name=monit state=reloaded
-    when: monit_conf.changed
+    notify: reload monit _app_monit
diff --git a/roles/_app_monit/templates/app_monit.j2 b/roles/_app_monit/templates/app_monit.j2
index bb1e5528..4991b22c 100644
--- a/roles/_app_monit/templates/app_monit.j2
+++ b/roles/_app_monit/templates/app_monit.j2
@@ -6,3 +6,8 @@ with path "{{ base_prod_options }}/http_check/http_check.py -t {{ monit_timeout
 
 if status != 0 for 3 cycles then alert
 
+{% if volume_name | default() %}
+check filesystem {{ volume_name }} with path {{ volume_path }}
+    if space usage > {{ monit_system_data_partition_usage }}% for 5 times within 15 cycles then alert
+    if changed fsflags then alert
+{% endif %}
\ No newline at end of file
diff --git a/roles/base_server/defaults/main.yml b/roles/base_server/defaults/main.yml
index e028a9bf..0b427b71 100644
--- a/roles/base_server/defaults/main.yml
+++ b/roles/base_server/defaults/main.yml
@@ -12,3 +12,12 @@ _monit_ssl_option: "tls"
 
 monit_system_loadavg_1min: 2
 monit_system_loadavg_5min: 1.5
+
+
+# system monitoring defaults
+# when % raised then alert
+monit_system_cpu_usage: 95
+monit_system_memory_usage: 95
+monit_system_swap_usage: 90
+monit_system_root_partition_usage: 80
+monit_system_data_partition_usage: 90
-- 
GitLab