From 5daf712a957930467424d46e1a02a6d4f0dbfd6d Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 17 Nov 2023 09:36:40 +0100 Subject: [PATCH] implemented health-nginx --- group_vars/all | 3 +- roles/health-nginx/README.md | 7 +++ roles/health-nginx/files/health-nginx.py | 46 +++++++++++++++++++ roles/health-nginx/handlers/main.yml | 12 +++++ roles/health-nginx/meta/main.yml | 3 ++ roles/health-nginx/tasks/main.yml | 28 +++++++++++ .../templates/health-nginx.service.j2 | 7 +++ .../templates/health-nginx.timer.j2 | 10 ++++ roles/health-nginx/vars/main.yml | 1 + roles/nginx/meta/main.yml | 2 + 10 files changed, 118 insertions(+), 1 deletion(-) create mode 100644 roles/health-nginx/README.md create mode 100644 roles/health-nginx/files/health-nginx.py create mode 100644 roles/health-nginx/handlers/main.yml create mode 100644 roles/health-nginx/meta/main.yml create mode 100644 roles/health-nginx/tasks/main.yml create mode 100644 roles/health-nginx/templates/health-nginx.service.j2 create mode 100644 roles/health-nginx/templates/health-nginx.timer.j2 create mode 100644 roles/health-nginx/vars/main.yml create mode 100644 roles/nginx/meta/main.yml diff --git a/group_vars/all b/group_vars/all index cc7900bd..985dd627 100644 --- a/group_vars/all +++ b/group_vars/all @@ -4,10 +4,11 @@ randomized_delay_sec: "15min" -on_calendar_btrfs_health_check: "*-*-* 00:00:00" +on_calendar_btrfs_health_check: "*-*-* 00:00:00" on_calendar_journalctl_health_check: "*-*-* 00:00:00" on_calendar_disc_space_check: "*-*-* 06,12,18,00:00:00" on_calendar_docker_health_check: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:00:00" +on_calendar_nginx_health_check: "*-*-* 09,10,11,12,13,14,15,16,17,18,19,20,21,22,23,00,01,02:15:00" on_calendar_backups_cleanup: "*-*-* 06,12,18,00:30:00" on_calendar_free_disc_space: "*-*-* 07,13,19,01:30:00" diff --git a/roles/health-nginx/README.md b/roles/health-nginx/README.md new file mode 100644 index 00000000..bb80c5d0 --- /dev/null +++ b/roles/health-nginx/README.md @@ -0,0 +1,7 @@ +# health-nginx + +Sends a health report for nginx configurations. This role was created with the help of ChatGPT. The conversation you will find [here](https://chat.openai.com/share/4033be29-12a6-40a3-bf3c-fc5d57dba8cb). + +## see +- https://nginx.org/en/docs/ +- https://docs.ansible.com/ansible/latest/modules/uri_module.html diff --git a/roles/health-nginx/files/health-nginx.py b/roles/health-nginx/files/health-nginx.py new file mode 100644 index 00000000..1a24031c --- /dev/null +++ b/roles/health-nginx/files/health-nginx.py @@ -0,0 +1,46 @@ +import os +import requests +import sys + +# Define the path to the nginx configuration directory +config_path = '/etc/nginx/conf.d/' + +# Initialize the error counter +error_counter = 0 + +# Iterate over each file in the configuration directory +for filename in os.listdir(config_path): + if filename.endswith('.conf'): + # Extract the domain and subdomain from the filename + name = filename.replace('.conf', '') + parts = name.split('.') + + # Prepare the URL and expected status codes + url = f"http://{name}" + + # Determine expected status codes based on subdomain + if parts[0] == 'www': + expected_statuses = [301] + elif parts[0] == 's': + expected_statuses = [403] + else: + # For domain.tld where no specific subdomain is present + expected_statuses = [200, 301] + + try: + # Send a HEAD request to get only the response header + response = requests.head(url, allow_redirects=True) + + # Check if the status code matches the expected statuses + if response.status_code in expected_statuses: + print(f"{name}: ok") + else: + print(f"{name}: error") + error_counter += 1 + except requests.RequestException as e: + # Handle exceptions for requests like connection errors + print(f"{name}: error due to {e}") + error_counter += 1 + +# Exit the script with the number of errors as the exit code +sys.exit(error_counter) diff --git a/roles/health-nginx/handlers/main.yml b/roles/health-nginx/handlers/main.yml new file mode 100644 index 00000000..dd13fb19 --- /dev/null +++ b/roles/health-nginx/handlers/main.yml @@ -0,0 +1,12 @@ +- name: "reload health-nginx.service" + systemd: + name: health-nginx.service + enabled: yes + daemon_reload: yes + +- name: "restart health-nginx.timer" + systemd: + name: health-nginx.timer + state: restarted + enabled: yes + daemon_reload: yes diff --git a/roles/health-nginx/meta/main.yml b/roles/health-nginx/meta/main.yml new file mode 100644 index 00000000..9bc75d41 --- /dev/null +++ b/roles/health-nginx/meta/main.yml @@ -0,0 +1,3 @@ +dependencies: + - python-pip + - systemd_notifier diff --git a/roles/health-nginx/tasks/main.yml b/roles/health-nginx/tasks/main.yml new file mode 100644 index 00000000..e0d6621d --- /dev/null +++ b/roles/health-nginx/tasks/main.yml @@ -0,0 +1,28 @@ +- name: Install required Python modules + pip: + name: requests + +- name: "create {{ nginx_health_check_folder }}" + file: + path: "{{ nginx_health_check_folder }}" + state: directory + mode: 0755 + +- name: create health-nginx.py + copy: + src: health-nginx.py + dest: "{{ nginx_health_check_folder }}health-nginx.py" + +- name: create health-nginx.service + template: + src: health-nginx.service.j2 + dest: /etc/systemd/system/health-nginx.service + notify: reload health-nginx.service + +- name: create health-nginx.timer + template: + src: health-nginx.timer.j2 + dest: "/etc/systemd/system/health-nginx.timer" + register: health_nginx_timer + changed_when: health_nginx_timer.changed or activate_all_timers | default(false) | bool + notify: restart health-nginx.timer diff --git a/roles/health-nginx/templates/health-nginx.service.j2 b/roles/health-nginx/templates/health-nginx.service.j2 new file mode 100644 index 00000000..04a428b3 --- /dev/null +++ b/roles/health-nginx/templates/health-nginx.service.j2 @@ -0,0 +1,7 @@ +[Unit] +Description=Check nginx configuration status +OnFailure=systemd-notifier@%n.service + +[Service] +Type=oneshot +ExecStart=/usr/bin/python3 {{ nginx_health_check_folder }}health-nginx.py diff --git a/roles/health-nginx/templates/health-nginx.timer.j2 b/roles/health-nginx/templates/health-nginx.timer.j2 new file mode 100644 index 00000000..6d97f573 --- /dev/null +++ b/roles/health-nginx/templates/health-nginx.timer.j2 @@ -0,0 +1,10 @@ +[Unit] +Description=starts health-nginx.service + +[Timer] +OnCalendar={{ on_calendar_nginx_health_check }} +RandomizedDelaySec={{ randomized_delay_sec }} +Persistent=false + +[Install] +WantedBy=timers.target \ No newline at end of file diff --git a/roles/health-nginx/vars/main.yml b/roles/health-nginx/vars/main.yml new file mode 100644 index 00000000..4b0dfe4c --- /dev/null +++ b/roles/health-nginx/vars/main.yml @@ -0,0 +1 @@ +nginx_health_check_folder: "{{ path_administrator_scripts }}health-nginx/" diff --git a/roles/nginx/meta/main.yml b/roles/nginx/meta/main.yml new file mode 100644 index 00000000..eaf60b97 --- /dev/null +++ b/roles/nginx/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - health-nginx