From edb49b9a09732176b317816c98f792394e4418c7 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 11:17:00 +0100 Subject: [PATCH 01/19] monit: add bundle with base config --- bundles/monit/files/monitrc | 45 +++++++++++++++++++++++++++++++++++++ bundles/monit/items.py | 38 +++++++++++++++++++++++++++++++ bundles/monit/metadata.py | 7 ++++++ 3 files changed, 90 insertions(+) create mode 100644 bundles/monit/files/monitrc create mode 100644 bundles/monit/items.py create mode 100644 bundles/monit/metadata.py diff --git a/bundles/monit/files/monitrc b/bundles/monit/files/monitrc new file mode 100644 index 0000000..b94e503 --- /dev/null +++ b/bundles/monit/files/monitrc @@ -0,0 +1,45 @@ +set daemon 30 + with start delay 30 +set log syslog + +set mailserver localhost + +set mail-format { from: ${monit['from_address']} } +% for alert_address in monit['alert_addresses']: +set alert ${alert_address} +% endfor + +set httpd unixsocket /var/run/monit.sock + use address 127.0.0.1 + allow 127.0.0.1 + +check system $HOST + if cpu usage > 95% for 10 cycles then alert + if memory usage > 80% then alert + if swap usage > 25% then alert + +check filesystem rootfs with path / + if space usage > 80% for 5 times within 15 cycles then alert + if space usage > 90% then alert + if inode usage > 90% then alert + +check process cron matching "/usr/sbin/cron" + start program = "/usr/bin/systemctl start cron.service" + stop program = "/usr/bin/systemctl stop cron.service" + +% for systemd_service in ('systemd-timesyncd', 'systemd-networkd', 'systemd-journald'): +check process ${systemd_service} matching "/lib/systemd/${systemd_service}" + start program = "/usr/bin/systemctl start ${systemd_service}.service" + stop program = "/usr/bin/systemctl stop ${systemd_service}.service" +% endfor + +check process sshd matching "/usr/sbin/sshd" + start program = "/bin/systemctl start sshd.service" + stop program = "/bin/systemctl stop sshd.service" + if failed port 22 for 2 cycles then restart + if 3 restarts within 5 cycles then alert + +check process postfix matching "/usr/lib/postfix/sbin/master" + start program = "/bin/systemctl start postfix.service" + stop program = "/bin/systemctl stop postfix.service" + if failed port 25 protocol smtp for 5 cycles then restart diff --git a/bundles/monit/items.py b/bundles/monit/items.py new file mode 100644 index 0000000..e5f8a2b --- /dev/null +++ b/bundles/monit/items.py @@ -0,0 +1,38 @@ +svc_systemd = { + 'monit': { + 'needs': [ + 'pkg_apt:monit', + ], + }, +} + +files = { + '/etc/monit/monitrc': { + 'mode': '0400', + 'content_type': 'mako', + 'needs': [ + 'pkg_apt:monit', + ], + 'triggers': [ + 'svc_systemd:monit:restart', + ], + 'context': { + 'monit': node.metadata['monit'], + }, + }, +} + +directories = { + '/etc/monit/conf-enabled': { + 'purge': True, + }, + '/etc/monit/conf-available': { + 'purge': True, + }, + '/etc/monit/conf.d': { + 'purge': True, + }, + '/etc/monit/templates': { + 'purge': True, + }, +} diff --git a/bundles/monit/metadata.py b/bundles/monit/metadata.py new file mode 100644 index 0000000..499f943 --- /dev/null +++ b/bundles/monit/metadata.py @@ -0,0 +1,7 @@ +defaults = { + 'apt': { + 'packages': { + 'monit': {}, + }, + }, +} From e4fa31464e81492176ea87c2f6633bea4b3e2828 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 11:17:27 +0100 Subject: [PATCH 02/19] qzwi: add basic monit metadata --- nodes/qzwi.toml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nodes/qzwi.toml b/nodes/qzwi.toml index a580fc1..c069cd9 100644 --- a/nodes/qzwi.toml +++ b/nodes/qzwi.toml @@ -3,6 +3,7 @@ hostname = "31.47.232.108" bundles = [ "ldap-frontend", "letsencrypt", + "monit", "nginx", "nextcloud", "openldap", @@ -75,3 +76,9 @@ manage = [ [metadata.vm] cpu = 4 ram = 4 + +[metadata.monit] +from_address = "monit@qzwi.de" +alert_addresses = [ + "rico@qzwi.de", +] \ No newline at end of file From 84df834f07f0c10f977a7e4dd71d0ddb526f0161 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 11:26:39 +0100 Subject: [PATCH 03/19] monit: add option to add checks for various services --- bundles/monit/files/monitrc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/bundles/monit/files/monitrc b/bundles/monit/files/monitrc index b94e503..55ce3f5 100644 --- a/bundles/monit/files/monitrc +++ b/bundles/monit/files/monitrc @@ -43,3 +43,10 @@ check process postfix matching "/usr/lib/postfix/sbin/master" start program = "/bin/systemctl start postfix.service" stop program = "/bin/systemctl stop postfix.service" if failed port 25 protocol smtp for 5 cycles then restart + +% for service,options in monit.get('services', {}).items(): +check process ${service} matching "${options['bin']}" + start program = "/bin/systemctl start ${options.get('systemd_unit', 'service')}.service" + stop program = "/bin/systemctl stop ${options.get('systemd_unit', 'service')}.service" + +% endfor From d8765f63a54c83728ec4249ece7d30f40cbfb388 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 11:26:52 +0100 Subject: [PATCH 04/19] nginx: monitor service with monit --- bundles/nginx/metadata.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index f802ea7..ce949ab 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -18,6 +18,13 @@ defaults = { 'nginx': { 'worker_connections': 768, }, + 'monit': { + 'services': { + 'nginx': { + 'bin': '/usr/sbin/nginx', + }, + }, + }, } From 65871f1d13640baf8fadce593d6a3e093b91bb4a Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 11:41:08 +0100 Subject: [PATCH 05/19] monit: add option to check ports for a specific service --- bundles/monit/files/monitrc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bundles/monit/files/monitrc b/bundles/monit/files/monitrc index 55ce3f5..10058fe 100644 --- a/bundles/monit/files/monitrc +++ b/bundles/monit/files/monitrc @@ -48,5 +48,8 @@ check process postfix matching "/usr/lib/postfix/sbin/master" check process ${service} matching "${options['bin']}" start program = "/bin/systemctl start ${options.get('systemd_unit', 'service')}.service" stop program = "/bin/systemctl stop ${options.get('systemd_unit', 'service')}.service" +% for port,port_options in options.get('ports', {}).items(): + if failed port ${port} protocol ${port_options['protocol']} for ${port_options.get('cycles', '5')} cycles then restart +% endfor % endfor From 1cb94a0d32d47e2fc8531a7a548b9a666b0e35d3 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 11:41:21 +0100 Subject: [PATCH 06/19] nginx: check port 80 with monit! --- bundles/nginx/metadata.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index ce949ab..27a8bdb 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -22,6 +22,11 @@ defaults = { 'services': { 'nginx': { 'bin': '/usr/sbin/nginx', + 'ports': { + '80': { + 'protocol': 'http', + }, + }, }, }, }, From 8afbfeb1e79f42b55c7037ef46f1b36a79dc7fc6 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 11:59:44 +0100 Subject: [PATCH 07/19] monit: add option to check http connections for various services --- bundles/monit/files/monitrc | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/bundles/monit/files/monitrc b/bundles/monit/files/monitrc index 10058fe..2682ad1 100644 --- a/bundles/monit/files/monitrc +++ b/bundles/monit/files/monitrc @@ -51,5 +51,16 @@ check process ${service} matching "${options['bin']}" % for port,port_options in options.get('ports', {}).items(): if failed port ${port} protocol ${port_options['protocol']} for ${port_options.get('cycles', '5')} cycles then restart % endfor +% for domain,http_options in options.get('http', {}).items(): + if failed host ${domain} +% if http_options['scheme'] == 'https': + port 443 + protocol https +% else: + port 80 + protocol http +% endif + then restart +% endfor % endfor From 18b2ebbcc0a965595a69719e6273a7b08d819676 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 12:00:15 +0100 Subject: [PATCH 08/19] nginx: check http/s connections with monit --- bundles/nginx/metadata.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index 27a8bdb..1999cab 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -148,6 +148,33 @@ def monitoring(metadata): }, } +@metadata_reactor.provides( + 'monit/services/nginx/http', +) +def monithttp(metadata): + http = {} + + for vname, vconfig in metadata.get('nginx/vhosts', {}).items(): + domain = vconfig.get('domain', vname) + + if vconfig['ssl']: + scheme = 'https' + else: + scheme = 'http' + + http[domain] = { + 'scheme': scheme, + } + + return { + 'monit': { + 'services': { + 'nginx': { + 'http': http, + }, + }, + }, + } @metadata_reactor.provides( 'firewall/port_rules/80', From 210eb40aa6f4e0c9c43ffeba7506fa4b641ff073 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 12:00:50 +0100 Subject: [PATCH 09/19] nginx: do not check port 80 explicitely with monit --- bundles/nginx/metadata.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index 1999cab..6ee402a 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -22,11 +22,6 @@ defaults = { 'services': { 'nginx': { 'bin': '/usr/sbin/nginx', - 'ports': { - '80': { - 'protocol': 'http', - }, - }, }, }, }, From 2960c1d5d8e9620f46a9886fd2c67b7daac55aa8 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 12:01:42 +0100 Subject: [PATCH 10/19] nginx: remove telegraf and icinga2 metadata reactors --- bundles/nginx/metadata.py | 72 +-------------------------------------- 1 file changed, 1 insertion(+), 71 deletions(-) diff --git a/bundles/nginx/metadata.py b/bundles/nginx/metadata.py index 6ee402a..f2b2855 100644 --- a/bundles/nginx/metadata.py +++ b/bundles/nginx/metadata.py @@ -98,51 +98,6 @@ def index_files(metadata): } -@metadata_reactor.provides( - 'icinga2_api/nginx/services', -) -def monitoring(metadata): - services = {} - - for vname, vconfig in metadata.get('nginx/vhosts', {}).items(): - domain = vconfig.get('domain', vname) - - if vconfig['ssl']: - scheme = 'https' - else: - scheme = 'http' - - if 'website_check_path' in vconfig and 'website_check_string' in vconfig: - services['NGINX VHOST {} CONTENT'.format(vname)] = { - 'check_command': 'check_http_wget', - 'vars.http_wget_contains': vconfig['website_check_string'], - 'vars.http_wget_url': '{}://{}{}'.format(scheme, domain, vconfig['website_check_path']), - 'vars.notification.sms': True, - } - - if vconfig.get('check_ssl', vconfig['ssl']): - services['NGINX VHOST {} CERTIFICATE'.format(vname)] = { - 'check_command': 'check_https_cert_at_url', - 'vars.domain': domain, - 'vars.notification.mail': True, - } - - max_connections = metadata.get('nginx/worker_connections') * metadata.get('nginx/worker_processes') - connections_warn = int(max_connections * 0.8) - connections_crit = int(max_connections * 0.9) - - services['NGINX STATUS'] = { - 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_nginx_status --warn={},-1,-1 --critical={},-1,-1 -H 127.0.0.1:22999'.format(connections_warn, connections_crit), - } - - return { - 'icinga2_api': { - 'nginx': { - 'services': services, - }, - }, - } - @metadata_reactor.provides( 'monit/services/nginx/http', ) @@ -171,6 +126,7 @@ def monithttp(metadata): }, } + @metadata_reactor.provides( 'firewall/port_rules/80', 'firewall/port_rules/443', @@ -184,29 +140,3 @@ def firewall(metadata): }, }, } - - -@metadata_reactor.provides( - 'telegraf/input_plugins/tail', -) -def telegraf_anon_timing(metadata): - result = {} - - for vhost in metadata.get('nginx/vhosts', {}): - result[f'nginx-{vhost}'] = { - 'files': [f'/var/log/nginx-timing/{vhost}.log'], - 'from_beginning': False, - 'grok_patterns': ['%{LOGPATTERN}'], - 'grok_custom_patterns': 'LOGPATTERN \[%{HTTPDATE:ts:ts-httpd}\] %{NUMBER:request_time:float} (?:%{NUMBER:upstream_response_time:float}|-) "%{WORD:verb:tag} %{NOTSPACE:request} HTTP/%{NUMBER:http_version:float}" %{NUMBER:resp_code:tag}', - 'data_format': 'grok', - 'name_override': 'nginx_timing', - } - - return { - 'telegraf': { - 'input_plugins': { - 'tail': result, - }, - }, - } - From 917d2b9a2c2bb3ad9a1252eaf48c98675ddf3431 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 13:15:36 +0100 Subject: [PATCH 11/19] monit: remove postfix check; sort service items --- bundles/monit/files/monitrc | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/bundles/monit/files/monitrc b/bundles/monit/files/monitrc index 2682ad1..46a4960 100644 --- a/bundles/monit/files/monitrc +++ b/bundles/monit/files/monitrc @@ -39,19 +39,14 @@ check process sshd matching "/usr/sbin/sshd" if failed port 22 for 2 cycles then restart if 3 restarts within 5 cycles then alert -check process postfix matching "/usr/lib/postfix/sbin/master" - start program = "/bin/systemctl start postfix.service" - stop program = "/bin/systemctl stop postfix.service" - if failed port 25 protocol smtp for 5 cycles then restart - -% for service,options in monit.get('services', {}).items(): +% for service,options in sorted(monit.get('services', {}).items()): check process ${service} matching "${options['bin']}" start program = "/bin/systemctl start ${options.get('systemd_unit', 'service')}.service" stop program = "/bin/systemctl stop ${options.get('systemd_unit', 'service')}.service" -% for port,port_options in options.get('ports', {}).items(): +% for port,port_options in sorted(options.get('ports', {}).items()): if failed port ${port} protocol ${port_options['protocol']} for ${port_options.get('cycles', '5')} cycles then restart % endfor -% for domain,http_options in options.get('http', {}).items(): +% for domain,http_options in sorted(options.get('http', {}).items()): if failed host ${domain} % if http_options['scheme'] == 'https': port 443 From 201487549e129809d71958e681569fe3cc0e015e Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 13:15:54 +0100 Subject: [PATCH 12/19] postfix: add monit integration --- bundles/postfix/metadata.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py index 266fcb1..0e443ee 100644 --- a/bundles/postfix/metadata.py +++ b/bundles/postfix/metadata.py @@ -4,4 +4,16 @@ defaults = { 'postfix': {}, }, }, + 'monit': { + 'services': { + 'postfix': { + 'bin': '/usr/lib/postfix/sbin/master', + 'ports': { + '25': { + 'protocol': 'smtp', + }, + }, + }, + }, + }, } \ No newline at end of file From 00d9152007c46318d193bbec931b22ee6ad10b30 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 13:19:27 +0100 Subject: [PATCH 13/19] ldap-frontend: add monit integration --- bundles/ldap-frontend/metadata.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/bundles/ldap-frontend/metadata.py b/bundles/ldap-frontend/metadata.py index 86b9212..819c9fa 100644 --- a/bundles/ldap-frontend/metadata.py +++ b/bundles/ldap-frontend/metadata.py @@ -17,5 +17,17 @@ defaults = { }, 'title': 'Usermanagement QZWI', }, + 'monit': { + 'services': { + 'ldap-frontend': { + 'bin': '/opt/ldap-frontend/venv/bin/python /opt/ldap-frontend/venv/bin/gunicorn', + 'ports': { + '23000': { + 'protocol': 'http', + }, + }, + }, + }, + }, } From 13805532bdda0a1ee2696dd47a0c4e0c5597de91 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 13:33:50 +0100 Subject: [PATCH 14/19] monit: add option to check a port without a specific protocol monit does not support all the protocol we use, e.g. ldaps. therefore we can only use a generic tcp check for some ports. --- bundles/monit/files/monitrc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bundles/monit/files/monitrc b/bundles/monit/files/monitrc index 46a4960..89b0dd2 100644 --- a/bundles/monit/files/monitrc +++ b/bundles/monit/files/monitrc @@ -44,7 +44,12 @@ check process ${service} matching "${options['bin']}" start program = "/bin/systemctl start ${options.get('systemd_unit', 'service')}.service" stop program = "/bin/systemctl stop ${options.get('systemd_unit', 'service')}.service" % for port,port_options in sorted(options.get('ports', {}).items()): - if failed port ${port} protocol ${port_options['protocol']} for ${port_options.get('cycles', '5')} cycles then restart + if failed port ${port} +% if port_options.get('protocol', {}): + protocol ${port_options['protocol']} +% endif + for ${port_options.get('cycles', '5')} cycles + then restart % endfor % for domain,http_options in sorted(options.get('http', {}).items()): if failed host ${domain} From 424e2948f8de3cbc8ba5fc36a1a6c1e0ddb4eefb Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 13:34:04 +0100 Subject: [PATCH 15/19] openldap: add monit integration --- bundles/openldap/metadata.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/bundles/openldap/metadata.py b/bundles/openldap/metadata.py index f1e5d6b..fdd07a1 100644 --- a/bundles/openldap/metadata.py +++ b/bundles/openldap/metadata.py @@ -29,6 +29,18 @@ defaults = { }, }, }, + 'monit': { + 'services': { + 'openldap': { + 'bin': '/usr/sbin/slapd', + 'systemd_unit': 'slapd', + 'ports': { + '389': {}, + '636': {}, + }, + }, + }, + }, 'openldap': { 'rootpw': repo.vault.password_for(f'{node.name} openldap rootpw'), }, From d5195f33552cffa8e7eb8b38f73b2d9f20bba8fb Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 13:37:24 +0100 Subject: [PATCH 16/19] monit: remove sshd monitoring --- bundles/monit/files/monitrc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/bundles/monit/files/monitrc b/bundles/monit/files/monitrc index 89b0dd2..6fd724f 100644 --- a/bundles/monit/files/monitrc +++ b/bundles/monit/files/monitrc @@ -33,12 +33,6 @@ check process ${systemd_service} matching "/lib/systemd/${systemd_service}" stop program = "/usr/bin/systemctl stop ${systemd_service}.service" % endfor -check process sshd matching "/usr/sbin/sshd" - start program = "/bin/systemctl start sshd.service" - stop program = "/bin/systemctl stop sshd.service" - if failed port 22 for 2 cycles then restart - if 3 restarts within 5 cycles then alert - % for service,options in sorted(monit.get('services', {}).items()): check process ${service} matching "${options['bin']}" start program = "/bin/systemctl start ${options.get('systemd_unit', 'service')}.service" From d317ef17d01b7bfff9fb77296eaab5848da1594e Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 13:37:32 +0100 Subject: [PATCH 17/19] openssh: add monit integration --- bundles/openssh/metadata.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/bundles/openssh/metadata.py b/bundles/openssh/metadata.py index c533fcb..7e5ef8b 100644 --- a/bundles/openssh/metadata.py +++ b/bundles/openssh/metadata.py @@ -1,5 +1,21 @@ from bundlewrap.metadata import atomic +defaults = { + 'monit': { + 'services': { + 'openssh': { + 'bin': '/usr/sbin/sshd', + 'systemd_unit': 'sshd', + 'ports': { + '22': { + 'protocol': 'ssh', + }, + }, + }, + }, + }, +} + @metadata_reactor.provides( 'firewall/port_rules/22', ) From 2cbe3e3b53863fc57abb884f440e6b8cdbc071ba Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 13:43:15 +0100 Subject: [PATCH 18/19] monit: fix service name definition --- bundles/monit/files/monitrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bundles/monit/files/monitrc b/bundles/monit/files/monitrc index 6fd724f..9f5d35a 100644 --- a/bundles/monit/files/monitrc +++ b/bundles/monit/files/monitrc @@ -35,8 +35,8 @@ check process ${systemd_service} matching "/lib/systemd/${systemd_service}" % for service,options in sorted(monit.get('services', {}).items()): check process ${service} matching "${options['bin']}" - start program = "/bin/systemctl start ${options.get('systemd_unit', 'service')}.service" - stop program = "/bin/systemctl stop ${options.get('systemd_unit', 'service')}.service" + start program = "/bin/systemctl start ${options.get('systemd_unit', service)}.service" + stop program = "/bin/systemctl stop ${options.get('systemd_unit', service)}.service" % for port,port_options in sorted(options.get('ports', {}).items()): if failed port ${port} % if port_options.get('protocol', {}): From 082b1fa07ddfb7b31bfca9775e433211b1f7d686 Mon Sep 17 00:00:00 2001 From: Rico Ullmann Date: Tue, 4 Jan 2022 13:43:34 +0100 Subject: [PATCH 19/19] redis: add monit integration --- bundles/redis/metadata.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bundles/redis/metadata.py b/bundles/redis/metadata.py index ff33513..8298bd9 100644 --- a/bundles/redis/metadata.py +++ b/bundles/redis/metadata.py @@ -9,4 +9,14 @@ defaults = { '/var/lib/redis', }, }, + 'monit': { + 'services': { + 'redis': { + 'bin': '/usr/bin/redis-server', + 'ports': { + '6379': {}, + }, + }, + }, + }, }