m (cleanup) |
m (Überschriften) |
||
| Line 13: | Line 13: | ||
[http://github.com/chaosdorf/chaosdorf-admin-toolkit chaosdorf-admin-toolkit on github] | [http://github.com/chaosdorf/chaosdorf-admin-toolkit chaosdorf-admin-toolkit on github] | ||
= Fabric = | == Fabric == | ||
We use [http://fabfile.org/ fabric] to roll out package updates. The software still got some problems, but "fab configs deploy:2011.09.07" is way more comfortable than running scp and ssh for every host. | We use [http://fabfile.org/ fabric] to roll out package updates. The software still got some problems, but "fab configs deploy:2011.09.07" is way more comfortable than running scp and ssh for every host. | ||
| Line 19: | Line 19: | ||
* [https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/fabfile.py fabfile.py] | * [https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/fabfile.py fabfile.py] | ||
= NSCA helpers = | == NSCA helpers == | ||
Our nagios checks run locally via cron, the results are transmitted via "send_nsca". They are configured for all hosts in one central file, which is parsed by a custom perl script. | Our nagios checks run locally via cron, the results are transmitted via "send_nsca". They are configured for all hosts in one central file, which is parsed by a custom perl script. | ||
| Line 26: | Line 26: | ||
* [https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/nagios-passive/submit_checks submit_checks] | * [https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/nagios-passive/submit_checks submit_checks] | ||
= Nagios checks = | == Nagios checks == | ||
Custom or not shipped by Debian. | Custom or not shipped by Debian. | ||
| Line 34: | Line 34: | ||
* [https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/nagios-checks/remote/check_websites check_websites] reads a little [https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/nagios-checks/remote/chaosdorf_websites.ini config] to see if all URL / VHost combinations work or redirect as expected. | * [https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/nagios-checks/remote/check_websites check_websites] reads a little [https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/nagios-checks/remote/chaosdorf_websites.ini config] to see if all URL / VHost combinations work or redirect as expected. | ||
= Icinga goodies = | == Icinga goodies == | ||
We have a bot called '''icinga''' in #chaosdorf. It's a simple perl script connected to Icinga, which immediately spams service alerts / recoveries into the channel. Handy if you check IRC more frequently than mail and if people wonder if something is b0rked or not. | We have a bot called '''icinga''' in #chaosdorf. It's a simple perl script connected to Icinga, which immediately spams service alerts / recoveries into the channel. Handy if you check IRC more frequently than mail and if people wonder if something is b0rked or not. | ||
= checkrestart hook = | == checkrestart hook == | ||
After every system upgrade, a dpkg hook runs checkrestart to find daemons running with outdated library versions. | After every system upgrade, a dpkg hook runs checkrestart to find daemons running with outdated library versions. | ||
= Backups = | == Backups == | ||
[https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/backup/backup_external backup_external] locally collects, compresses and encrypts important data and then transmits it to a remote host via SFTP. The backups are encrypted with a dedicated Admin key. | [https://github.com/chaosdorf/chaosdorf-admin-toolkit/blob/master/backup/backup_external backup_external] locally collects, compresses and encrypts important data and then transmits it to a remote host via SFTP. The backups are encrypted with a dedicated Admin key. | ||
= Dependencies = | == Dependencies == | ||
Like vim, etckeeper, git, zsh. So we don't need to install our standard software by hand (or maybe forget a package). | Like vim, etckeeper, git, zsh. So we don't need to install our standard software by hand (or maybe forget a package). | ||
[[Category:Projects]] | [[Category:Projects]] | ||
Revision as of 00:11, 8 July 2012
| Admin-Toolkit stable | |
|---|---|
| |
| Debian / ArchLinux Admin Helpers | |
| Beteiligt | derf, mxey |
| Quelltext | chaosdorf-admin-toolkit |
For easier management of Chaosdorf hosts.
The admin toolkit is a git tracked Debian package, which is installed on any host administrated by us (like the chaosdorf.de servers and the space's router). It provides the hosts with most of the required scripts and configs, which saves a lot of fiddling around in /usr/local and especially ensures that all hosts are up-to-date.
chaosdorf-admin-toolkit on github
Fabric
We use fabric to roll out package updates. The software still got some problems, but "fab configs deploy:2011.09.07" is way more comfortable than running scp and ssh for every host.
NSCA helpers
Our nagios checks run locally via cron, the results are transmitted via "send_nsca". They are configured for all hosts in one central file, which is parsed by a custom perl script.
Nagios checks
Custom or not shipped by Debian.
- check_cert_expire reminds us when it's time to renew our SSL certificate. Much better than calendar entries.
- check_git_status makes sure noone forgot to commit their changes in /etc (etckeeper) or /usr/local (plain git repo). The check intervals are pretty long, so it doesn't interfere with administrative work.
- check_websites reads a little config to see if all URL / VHost combinations work or redirect as expected.
Icinga goodies
We have a bot called icinga in #chaosdorf. It's a simple perl script connected to Icinga, which immediately spams service alerts / recoveries into the channel. Handy if you check IRC more frequently than mail and if people wonder if something is b0rked or not.
checkrestart hook
After every system upgrade, a dpkg hook runs checkrestart to find daemons running with outdated library versions.
Backups
backup_external locally collects, compresses and encrypts important data and then transmits it to a remote host via SFTP. The backups are encrypted with a dedicated Admin key.
Dependencies
Like vim, etckeeper, git, zsh. So we don't need to install our standard software by hand (or maybe forget a package).