monit常用例子和坑

monit 基本命令

1
2
3
4
monit # 默认文件启动 /etc/monit/monitrc
monit -c  /XXX/_config/monit/monitrc # 以指定配置文件启动
monit reload -c  /XXX/_config/monit/monitrc  #重载
monit procmatch "/usr/bin/ddns-go" #测试正则表达式 适合 没有pid的进程

monit 基本配置

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
set daemon  5             # 多久检测一次
#   with start delay 240    # 第一次检查 延迟 多久，默认启动后就检查
#set log /var/log/monit.log
set log /XXX/log/monit.log
# set pidfile /var/run/monit.pid # 没太大必要
set pidfile /XXX/pid/monit.pid
# set idfile /var/.monit.id 设置Monit实例的id文件路径。id文件记录了Monit实例的唯一ID（标识），id在第一次Monit启动时生成并存储。默# 认情况下，文件放置在$HOME/.monit.id
#set idfile /var/lib/monit/id
#set idfile /monit/id
set idfile /XXX/pid/monit.idfile
# set statefile /var/.monit.state #保存监视状态的Monit状态文件的位置
#set statefile /var/lib/monit/state
set statefile /XXX/pid/monit.state
 set eventqueue
     basedir /XXX/pid/monit.events  # 设置存储事件的基本目录
     slots 100                      # 可选择限制队列大小
set httpd port 8022 and #这里允许公网访问 不绑定ip
    with ssl {
        pemfile:/XXX/my_ssl/domain_aio.pem # 二合一证书文件
        selfsigned: allow #允许自签名
    }
    allow 用户名:密码
include /XXX/_config/monit/include/*.conf #包含文件

常用配置

几个注意点

守护进程优先使用pid，其次再选择 matching 进程名称
启动和关闭进程优先使用/etc/init.d/
monitrc 文件权限必须是700 include的文件权限无所谓

控制sshd

1
2
3
4
5
6
7
check process sshd  with pidfile /run/sshd.pid
  start program = "/etc/init.d/ssh start" with timeout 120 seconds
  stop  program = "/usr/bin/killall sshd" with timeout 120 seconds
---- 或者 mkdir -p /run/sshd 后- ---------
check process sshd with matching "/usr/sbin/sshd"
  if does not exist then exec "/usr/sbin/sshd"
  stop  program = "/usr/bin/killall sshd" with timeout 120 seconds

注意 /etc/init.d/ssh stop 无法彻底关闭sshd

控制crontab

1
2
3
check process crontab  with pidfile /var/run/crond.pid
  start program = "/etc/init.d/cron start" with timeout 120 seconds
  stop  program = "/etc/init.d/cron stop" with timeout 120 seconds

注意crontabl是使用 /usr/sbin/cron 而不是 /usr/bin/crontab

控制ddns-go 等没有pid的

1
2
3
check process ddns-go with matching "ddns-go"
  if does not exist then exec "/usr/bin/ddns-go"
  stop  program = "/usr/bin/killall ddns-go"    with timeout 120 seconds

指定用户运行redis

1
2
3
4
5
check process redis6001 with pidfile /XXX/pid/redis6001.pid
  start program = "/bin/su - userRedis -c '/usr/bin/redis-server /XXX/_config/redis/redis6001.conf  &' "
    with timeout 120 seconds
  stop  program = "/bin/su - userRedis -c '/usr/bin/redis-cli  -p 6001 -a 密码   -h localhost  SHUTDOWN & /usr/bin/sleep 5 &&/usr/bin/kill -9 $( lsof -t -i:6001)'"
    with timeout 120 seconds

控制rclone挂载

1
2
3
4
5
CHECK FILESYSTEM rclone_dev_log PATH /localPath
  start program = "/usr/bin/rclone mount --allow-other --daemon  oss-qd:xxx/ /localPath/   --config  /XXX/_config/rclone.conf"
    with timeout 120 seconds
  stop  program = "/usr/bin/fusermount -u /localPath "
    with timeout 120 seconds

多用户环境这里注意 –allow-other 参数不然其他用户无法访问