add new test

author Ian Kelling <ian@iankelling.org>

Mon, 4 Apr 2022 06:49:30 +0000 (02:49 -0400)

committer Ian Kelling <ian@iankelling.org>

Mon, 4 Apr 2022 06:49:30 +0000 (02:49 -0400)
author Ian Kelling <ian@iankelling.org>
Mon, 4 Apr 2022 06:49:30 +0000 (02:49 -0400)
committer Ian Kelling <ian@iankelling.org>
Mon, 4 Apr 2022 06:49:30 +0000 (02:49 -0400)
diff --git a/check-crypttab b/check-crypttab

new file mode 100755 (executable)

index 0000000..2bbbdea
--- /dev/null
+++ b/check-crypttab
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# I somehow ended up with an empty crypttab, and had to rescue my
+# system. So, lets check for some basic validity.
+
+if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
+shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" exit status: $?, PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
+
+debug=false
+if [[ $1 ]]; then
+  debug=true
+fi
+d() {
+  if $debug; then
+    printf "%s\n" "$*"
+  fi
+}
+
+metric_dir=/var/lib/prometheus/node-exporter
+mnt="$(findmnt -fn -o SOURCE /)"
+case $mnt in
+  /dev/mapper/crypt_dev_*)
+    tmp=${mnt#/dev/mapper/}
+    dev=${tmp%%\[*}
+    if ! grep -qF $dev /etc/crypttab; then
+      d $dev
+      if [[ -e $metric_dir  ]]; then
+        echo "crypttab_check 1" > $metric_dir/crypttab_check.prom
+        exit 0
+      fi
+    fi
+    ;;
+esac
+if [[ -e $metric_dir  ]]; then
+  echo "crypttab_check 0" > $metric_dir/crypttab_check.prom
+fi
diff --git a/filesystem/etc/cron.d/ian b/filesystem/etc/cron.d/ian

index 867f6c981c02c260d5c215e86b5691a749c5f16c..8a0ac9552de7006a4cafcbddd018a0ce414da3ec 100644 (file)
--- a/filesystem/etc/cron.d/ian
+++ b/filesystem/etc/cron.d/ian
@@ -14,3 +14,4 @@ MAILTO=root
  # maybe try this again sometime. it needs updating to be like
  # myupgrade.
  #0  * * * * root mycheckrestart |& log-once -1 mycheckrestart
+19 * * * *   root check-crypttab
diff --git a/filesystem/etc/prometheus/rules/iank.yml b/filesystem/etc/prometheus/rules/iank.yml

index 40fc4040c11efc719a9b164b447c117da141b2d2..0ee3335fdbd76bef63547daca50fc9bc41d321e6 100644 (file)
--- a/filesystem/etc/prometheus/rules/iank.yml
+++ b/filesystem/etc/prometheus/rules/iank.yml
@@ -98,6 +98,12 @@ groups:
      labels:
        severity: warn
  
+  - alert: check_crypttab
+    expr: |-
+      check_crypttab > 0
+    labels:
+      severity: prod
+
    - alert: mailtest_check_vps
      expr: |-
        time() - mailtest_check_last_usec{job="tlsnode"} >= 60 * 12
diff --git a/install-my-scripts b/install-my-scripts

index 27c5c4b30bbd8f9e34adc72949c9df8e5b3e97fa..c932cfef6a256467a06d2d470a9eb0a8624b6ff1 100755 (executable)
--- a/install-my-scripts
+++ b/install-my-scripts
@@ -44,6 +44,7 @@ rsync -t --chmod=755 --chown=root:root switch-mail-host btrbk-run mount-latest-s
        iptables-exim \
        ip6tables-exim \
        exim-nn-iptables \
+      check-crypttab \
        /usr/local/bin
  rsync -t --chmod=755 --chown=root:root /a/bin/errhandle/err /usr/local/lib
author	Ian Kelling <ian@iankelling.org>
	Mon, 4 Apr 2022 06:49:30 +0000 (02:49 -0400)
committer	Ian Kelling <ian@iankelling.org>
	Mon, 4 Apr 2022 06:49:30 +0000 (02:49 -0400)
check-crypttab	[new file with mode: 0755]	patch \| blob
filesystem/etc/cron.d/ian		patch \| blob \| history
filesystem/etc/prometheus/rules/iank.yml		patch \| blob \| history
install-my-scripts		patch \| blob \| history