monit常用例子和坑

linux
#monit

#monit 基本命令

bash 
monit # 默认文件启动 /etc/monit/monitrc
monit -c  /XXX/_config/monit/monitrc # 以指定配置文件启动
monit reload -c  /XXX/_config/monit/monitrc  #重载
monit procmatch "/usr/bin/ddns-go" #测试正则表达式 适合 没有pid的进程

#monit 基本配置

plaintext 
set daemon  5             # 多久检测一次
#   with start delay 240    # 第一次检查 延迟 多久,默认启动后就检查
#set log /var/log/monit.log
set log /XXX/log/monit.log
# set pidfile /var/run/monit.pid # 没太大必要
set pidfile /XXX/pid/monit.pid
# set idfile /var/.monit.id 设置Monit实例的id文件路径。id文件记录了Monit实例的唯一ID(标识),id在第一次Monit启动时生成并存储。默# 认情况下,文件放置在$HOME/.monit.id
#set idfile /var/lib/monit/id
#set idfile /monit/id
set idfile /XXX/pid/monit.idfile
# set statefile /var/.monit.state #保存监视状态的Monit状态文件的位置
#set statefile /var/lib/monit/state
set statefile /XXX/pid/monit.state
 set eventqueue
     basedir /XXX/pid/monit.events  # 设置存储事件的基本目录
     slots 100                      # 可选择限制队列大小
set httpd port 8022 and #这里允许公网访问 不绑定ip
    with ssl {
        pemfile:/XXX/my_ssl/domain_aio.pem # 二合一证书文件
        selfsigned: allow #允许自签名
    }
    allow 用户名:密码
include /XXX/_config/monit/include/*.conf #包含文件
23 行

#常用配置

#几个注意点

  • 守护进程 优先使用pid,其次再选择 matching 进程名称
  • 启动和关闭进程优先使用/etc/init.d/
  • monitrc 文件 权限必须是700 include的文件权限无所谓

#控制sshd

bash 
check process sshd  with pidfile /run/sshd.pid
  start program = "/etc/init.d/ssh start" with timeout 120 seconds
  stop  program = "/usr/bin/killall sshd" with timeout 120 seconds
---- 或者 mkdir -p /run/sshd 后- ---------
check process sshd with matching "/usr/sbin/sshd"
  if does not exist then exec "/usr/sbin/sshd"
  stop  program = "/usr/bin/killall sshd" with timeout 120 seconds
7 行

注意 /etc/init.d/ssh stop 无法彻底关闭sshd

#控制crontab

bash 
check process crontab  with pidfile /var/run/crond.pid
  start program = "/etc/init.d/cron start" with timeout 120 seconds
  stop  program = "/etc/init.d/cron stop" with timeout 120 seconds

注意crontabl是使用 /usr/sbin/cron 而不是 /usr/bin/crontab

#控制ddns-go 等没有pid的

bash 
check process ddns-go with matching "ddns-go"
  if does not exist then exec "/usr/bin/ddns-go"
  stop  program = "/usr/bin/killall ddns-go"    with timeout 120 seconds

#指定用户运行redis

bash 
check process redis6001 with pidfile /XXX/pid/redis6001.pid
  start program = "/bin/su - userRedis -c '/usr/bin/redis-server /XXX/_config/redis/redis6001.conf  &' "
    with timeout 120 seconds
  stop  program = "/bin/su - userRedis -c '/usr/bin/redis-cli  -p 6001 -a 密码   -h localhost  SHUTDOWN & /usr/bin/sleep 5 &&/usr/bin/kill -9 $( lsof -t -i:6001)'"
    with timeout 120 seconds

#控制rclone挂载

bash 
CHECK FILESYSTEM rclone_dev_log PATH /localPath
  start program = "/usr/bin/rclone mount --allow-other --daemon  oss-qd:xxx/ /localPath/   --config  /XXX/_config/rclone.conf"
    with timeout 120 seconds
  stop  program = "/usr/bin/fusermount -u /localPath "
    with timeout 120 seconds

多用户环境这里 注意 --allow-other 参数 不然其他用户无法访问

评论