Re: Some feature notes for monit

[Christian Hopp]

On Wed, 7 Jul 2004, Vlada Macek wrote:

Hi Vlada!

Many thanks for you notes, ideas and recommendations...

> ### MiB, GiB, KiB... units
>
> Although this might be controversial, I suggest using proper binary
> units in the textual configuration, the manual, reports etc.

We do use proper binary units... we just spare the "i" right now (:

> ### Usability: Hashes on the monit command line

(...)

> An example:
>
>     $ monit -H < /etc/passwd
>     MD5 (stdin) = 5676cffe1b85f738ad53bc8fcf4075f5
>     SHA1(stdin) = a9e98b7aa950d5cca495f9c83c357360005516b2
>     $

Looks okay, but is minor... most modern unices feature md5sum/sha1sum
command.

> ### Syntax inconsistence: CERTMD5
>
> Why "CERTMD5 12-34-56-78-90-AB-CD-EF-12-34-56-78-90-AB-CD-EF" uses
> another checksum syntax when everywhere in the monitrc the checksums
> are written without dashes? This is a bit confusing. Isn't there some
> additional unnecessary code in monit because of this?

"openssh fingerprint" command has the syntax above, the usual "-" free
syntax should be usable aswell.

> ### Syntax inconsistence: start/stop methods
>
> Wouldn't it be cleaner to write `set start "/etc/init.d/foo"' instead
> of `start="/etc/init.d/foo"'?
> I know it's conventional now... :-)

Afaik, "=" is just noise and can be omited.

> ### Static binary linking
>
> I'd wish to have the choice to not build monit with so many shared
> libraries. On my RH9 it's 14 lines of ldd output. I'd like to set up
> ./configure for each (or as much as possible) lib to use in .so or .a
> form. I believe it's small security improvement and it also helps
> administration of multiple boxes. Some of my servers where I wish to
> use single monit build do not have all the libraries and devel
> environment installed.

try....

 env LDFLAGS="-static" ./configure

> ### Mailserver must listen on port 25
>
> There is no way to specify other SMTP port than default 25 in the SET
> MAILSERVER statement. I missed this under some testing conditions. I
> imagine something like this:
>
>     set mailserver first.mail.srv port 8025
>     set mailserver second.mail.srv            # usual port 25

good idea... but I would prefer the syntax...

   set mailserver servername1:12345 servername2:54321 servername3 timeout

> ### Access time changed by checks
> ### Missing check: TIMESTAMP checks mtime only
> ### Missing check: general lstat(2) variable check

someone else on that?

> ### Untight permission check
>
> Currently monit offers `IF FAILED PERM(ISSION) octalnumber THEN'
> check. I think sometimes we do not require exact perm value and allow
> some range, i.e. check against AND or UMASK masked value somehow. Just
> a thought...
>
>
> ### Ability to run an arbitrary command and check:
>     - its return code in the expression (if retcode != 1 then alert)
>     - constant and variable checksum of its stdout
>     - send to stdin/expect from the stdout (like in the host check)
>     - send to stdin/checksum of the stdout
>
> There should be some timeout option with the default which kills the
> process when expired. Using this, virtually everyone could write its
> own checks unsupported by monit as an "external procedure". This will
> be handy for e.g. checking the peripherial sensors, UPS status, etc...
>
>
> ### Missing check: ext2/ext3 attributes (e.g. whether the file is
> still immutable)
>
> This is a filesystem dependend check. Other filesystems certainly
> offer other file attributes that could be checked too. There is ACL
> too. I don't know how to handle this... Immutable attr could also be
> checked by my "external procedures".

mmmhhh... sounds useful but personally not a big fan of that, cuz its
quite system dependant.  Believe me its hard to maintain code for several
OSes... and each might have X different FS types.

> ### Global resource (load avg, memory usage) check
>
> As I got it, monit can check system load or memory usage (+ swap
> space) only on per process basis. When the process is unmonitored
> intentionally, the global resources are not checked! The following
> example for the systemwide checks will make my wish clear:
>
>     check systemwide
>         if uptime < 5 minutes then
>             alert with mail-format {
>                 subject: "$HOST: Server booted recently!"
>             }
>         if loadavg(5min) > 10.0 for 8 cycles then
>             alert with mail-format {
>                 subject: "$HOST: Server overloaded!"
>             }
>         if freememory < 10% for 3 cycles then
>             alert with mail-format {
>                 subject: "$HOST: Server runs out of swap space!"
>             }

sounds reasonable...

> On Linux, some more interesting global resource data may be found in
> /proc (/proc/stat for instance, man 5 proc). But these additional
> tests could be accomplished by the "external procedure" check proposed
> previously. Loadavg and freememory global tests should still be
> hardwired in monit because starting an external process has another
> resource requirements.

Linux is always the least problem when it comes to this!  But for other
OSes you think the developers had serious problems with there life!

> Maybe reporting the saturation level of VM and IO subsystem could also
> be interesting.

If you can get the information from the system (:

> ### Join CHECK FILE and CHECK DIRECTORY together

possibly maybe!

> ### XML output

Where is the guy from the XML department???

> ### Multiple group membership
>
> I don't know whether such thing would be much usefull, but monit
> restricts the membership of a service to one group at most.

Do you have a service where that is applicable?

> -------------------
>
> Here it is. I've some more notes prepared, but it is enough for now.

Show them!

> Please have mercy. :-))

Merwhat???


Good night,

Christian

-- 
Christian Hopp                                email: address@hidden
Institut für Elektrische Informationstechnik             fon: +49-5323-72-2113
TU Clausthal, Leibnizstr. 28, 38678 Clausthal-Zellerf.   fax: +49-5323-72-3197
                             pgpkey: https://www.iei.tu-clausthal.de/pgp-keys/