implemented health-nginx

2024-09-19 16:03:11 +02:00 · 2023-11-17 09:36:40 +01:00 · 2023-11-17 09:36:40 +01:00 · 090f7adccf
commit 090f7adccf
parent 756c4d7f77
10 changed files with 118 additions and 1 deletions
--- a/group_vars/all
+++ b/group_vars/all
@ -4,10 +4,11 @@

 randomized_delay_sec:                         "15min"

-on_calendar_btrfs_health_check:               "*-*-* 00:00:00"
+on_calendar_btrfs_health_check:               "*-*-* 00:00:00" 
 on_calendar_journalctl_health_check:          "*-*-* 00:00:00"
 on_calendar_disc_space_check:                 "*-*-* 06,12,18,00:00:00"
 on_calendar_docker_health_check:              "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:00:00"
+on_calendar_nginx_health_check:               "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:15:00"

 on_calendar_backups_cleanup:                  "*-*-* 06,12,18,00:30:00"
 on_calendar_free_disc_space:                  "*-*-* 07,13,19,01:30:00"
--- a/roles/health-nginx/README.md
+++ b/roles/health-nginx/README.md
@ -0,0 +1,7 @@
+# health-nginx
+
+Sends a health report for nginx configurations. This role was created with the help of ChatGPT. The conversation you will find [here](https://chat.openai.com/share/4033be29-12a6-40a3-bf3c-fc5d57dba8cb).
+
+## see
+- https://nginx.org/en/docs/
+- https://docs.ansible.com/ansible/latest/modules/uri_module.html
--- a/roles/health-nginx/files/health-nginx.py
+++ b/roles/health-nginx/files/health-nginx.py
@ -0,0 +1,46 @@
+import os
+import requests
+import sys
+
+# Define the path to the nginx configuration directory
+config_path = '/etc/nginx/conf.d/'
+
+# Initialize the error counter
+error_counter = 0
+
+# Iterate over each file in the configuration directory
+for filename in os.listdir(config_path):
+    if filename.endswith('.conf'):
+        # Extract the domain and subdomain from the filename
+        name = filename.replace('.conf', '')
+        parts = name.split('.')
+        
+        # Prepare the URL and expected status codes
+        url = f"http://{name}"
+        
+        # Determine expected status codes based on subdomain
+        if parts[0] == 'www':
+            expected_statuses = [301]
+        elif parts[0] == 's':
+            expected_statuses = [403]
+        else:
+            # For domain.tld where no specific subdomain is present
+            expected_statuses = [200, 301]
+
+        try:
+            # Send a HEAD request to get only the response header
+            response = requests.head(url, allow_redirects=True)
+
+            # Check if the status code matches the expected statuses
+            if response.status_code in expected_statuses:
+                print(f"{name}: ok")
+            else:
+                print(f"{name}: error")
+                error_counter += 1
+        except requests.RequestException as e:
+            # Handle exceptions for requests like connection errors
+            print(f"{name}: error due to {e}")
+            error_counter += 1
+
+# Exit the script with the number of errors as the exit code
+sys.exit(error_counter)
--- a/roles/health-nginx/handlers/main.yml
+++ b/roles/health-nginx/handlers/main.yml
@ -0,0 +1,12 @@
+- name: "reload health-nginx.service"
+  systemd:
+    name: health-nginx.service
+    enabled: yes
+    daemon_reload: yes
+
+- name: "restart health-nginx.timer"
+  systemd:
+    name: health-nginx.timer
+    state: restarted
+    enabled: yes
+    daemon_reload: yes
--- a/roles/health-nginx/meta/main.yml
+++ b/roles/health-nginx/meta/main.yml
@ -0,0 +1,3 @@
+dependencies:
+  - python-pip
+  - systemd_notifier
--- a/roles/health-nginx/tasks/main.yml
+++ b/roles/health-nginx/tasks/main.yml
@ -0,0 +1,28 @@
+- name: Install required Python modules
+  pip:
+    name: requests
+
+- name: "create {{ nginx_health_check_folder }}"
+  file:
+    path: "{{ nginx_health_check_folder }}"
+    state: directory
+    mode: 0755
+
+- name: create health-nginx.py
+  copy:
+    src: health-nginx.py
+    dest: "{{ nginx_health_check_folder }}health-nginx.py"
+
+- name: create health-nginx.service
+  template: 
+    src: health-nginx.service.j2
+    dest: /etc/systemd/system/health-nginx.service
+  notify: reload health-nginx.service
+
+- name: create health-nginx.timer
+  template:
+    src: health-nginx.timer.j2
+    dest: "/etc/systemd/system/health-nginx.timer"
+  register: health_nginx_timer
+  changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool
+  notify: restart health-nginx.timer
--- a/roles/health-nginx/templates/health-nginx.service.j2
+++ b/roles/health-nginx/templates/health-nginx.service.j2
@ -0,0 +1,7 @@
+[Unit]
+Description=Check nginx configuration status
+OnFailure=systemd-notifier@%n.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/python3 {{ nginx_health_check_folder }}health-nginx.py
--- a/roles/health-nginx/templates/health-nginx.timer.j2
+++ b/roles/health-nginx/templates/health-nginx.timer.j2
@ -0,0 +1,10 @@
+[Unit]
+Description=starts health-nginx.service
+
+[Timer]
+OnCalendar={{ on_calendar_nginx_health_check }}
+RandomizedDelaySec={{ randomized_delay_sec }}
+Persistent=false
+
+[Install]
+WantedBy=timers.target
--- a/roles/health-nginx/vars/main.yml
+++ b/roles/health-nginx/vars/main.yml
@ -0,0 +1 @@
+nginx_health_check_folder: "{{ path_administrator_scripts }}health-nginx/"
--- a/roles/nginx/meta/main.yml
+++ b/roles/nginx/meta/main.yml
@ -0,0 +1,2 @@
+dependencies:
+  - health-nginx
				`@ -0,0 +1 @@`
				`nginx_health_check_folder: "{{ path_administrator_scripts }}health-nginx/"`