From fa1e05175f80484391d7a2f773137a45d8dfe0d2 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Fri, 18 Jul 2025 20:28:14 -0600 Subject: [PATCH 01/27] introduce bastille monitor service monitoring sub-command --- usr/local/bin/bastille | 2 + usr/local/etc/bastille/bastille.conf.sample | 9 +- usr/local/share/bastille/monitor.sh | 199 ++++++++++++++++++++ 3 files changed, 208 insertions(+), 2 deletions(-) create mode 100644 usr/local/share/bastille/monitor.sh diff --git a/usr/local/bin/bastille b/usr/local/bin/bastille index e127226a..73bd7787 100755 --- a/usr/local/bin/bastille +++ b/usr/local/bin/bastille @@ -95,6 +95,7 @@ Available Commands: limits Apply resources limits to targeted container(s). See rctl(8). list List containers (running). migrate Migrate targetted jail(s) to a remote system. + monitor Monitor and attempt to restart container service(s). Manual and cron execution. mount Mount a volume inside the targeted container(s). network Add/remove network interfaces from targeted container. pkg Manipulate binary packages within targeted container(s). See pkg(8). @@ -216,6 +217,7 @@ case "${CMD}" in limits| \ list| \ migrate| \ + monitor| \ network| \ pkg| \ rcp| \ diff --git a/usr/local/etc/bastille/bastille.conf.sample b/usr/local/etc/bastille/bastille.conf.sample index 5287c8eb..128858e3 100644 --- a/usr/local/etc/bastille/bastille.conf.sample +++ b/usr/local/etc/bastille/bastille.conf.sample @@ -34,8 +34,8 @@ bastille_tzdata="" ## default bastille_resolv_conf="/etc/resolv.conf" ## default: "/etc/resolv.conf" ## bootstrap urls -bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/" ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/" -bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/" +bastille_url_freebsd="http://ftp.freebsd.org/pub/FreeBSD/releases/" ## default: "http://ftp.freebsd.org/pub/FreeBSD/releases/" +bastille_url_hardenedbsd="https://installers.hardenedbsd.org/pub/" ## default: "https://installer.hardenedbsd.org/pub/HardenedBSD/releases/" bastille_url_midnightbsd="https://www.midnightbsd.org/ftp/MidnightBSD/releases/" ## default: "https://www.midnightbsd.org/pub/MidnightBSD/releases/" ## ZFS options @@ -68,3 +68,8 @@ bastille_template_clone="default/clone" ## default bastille_template_thin="default/thin" ## default: "default/thin" bastille_template_vnet="default/vnet" ## default: "default/vnet" bastille_template_vlan="default/vlan" ## default: "default/vlan" + +## Monitoring +bastille_monitor_cron_path="/usr/local/etc/cron.d/bastille-monitor" ## default: "/usr/local/etc/cron.d/bastille-monitor" +bastille_monitor_cron="* * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" # default: "*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" +bastille_monitor_healthchecks="" ## default: "" diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh new file mode 100644 index 00000000..4a17acf5 --- /dev/null +++ b/usr/local/share/bastille/monitor.sh @@ -0,0 +1,199 @@ +#!/bin/sh +# +# SPDX-License-Identifier: BSD-3-Clause +# +# Copyright (c) 2018-2025, Christer Edwards +# All rights reserved. +# Ressource limits added by Lars Engels github.com/bsdlme +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# * Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# * Neither the name of the copyright holder nor the names of its +# contributors may be used to endorse or promote products derived from +# this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +. /usr/local/share/bastille/common.sh + +usage() { + error_notify "Usage: bastille monitor [option(s)] TARGET [add|delete|list] [service1 service2]" + cat << EOF + + Options: + + -x | --debug Enable debug mode. + -e | --enable Enable (install) bastille-monitor cronjob. Configurable in bastille.conf. + -d | --disable Disable (uninstall) bastille-monitor cronjob. + -s | --status Return monitor status (Enabled or Disabled). + +EOF + exit 1 +} + +LOGFILE="/var/log/bastille/monitor.log" + +# Handle options. +while [ "$#" -gt 0 ]; do + case "${1}" in + -h|--help|help) + usage + ;; + -x|--debug) + enable_debug + shift + ;; + -e|--enable) + if [ ! -f "${bastille_monitor_cron_path}" ]; then + mkdir -p /usr/local/etc/cron.d + echo "${bastille_monitor_cron}" >> "${bastille_monitor_cron_path}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Added cron entry at ${bastille_monitor_cron_path}" >> "${LOGFILE}" + echo "Cron entry enabled." + else + echo "Cron entry already enabled." + fi + shift + exit 0 + ;; + -d|--disable) + if [ -f "${bastille_monitor_cron_path}" ]; then + rm -f "${bastille_monitor_cron_path}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed cron entry at ${bastille_monitor_cron_path}" >> "${LOGFILE}" + echo "Cron entry disabled." + else + echo "Cron entry already disabled." + fi + shift + exit 0 + ;; + -s|--status) + if [ -f "${bastille_monitor_cron_path}" ]; then + echo "Bastille Monitor is Enabled." + exit 0 + else + echo "Bastille Monitor is Disabled." + exit 1 + fi + shift + ;; + -*) + error_exit "[ERROR]: Unknown Option: \"${1}\"" + ;; + *) + break + ;; + esac +done + +if [ $# -gt 3 ]; then + usage +fi + +TARGET="${1}" +ACTION="${2}" +SERVICE="${3}" +SERVICE_FAILED=0 + +bastille_root_check +set_target "${TARGET}" + +for _jail in ${JAILS}; do + + bastille_jail_monitor="${bastille_jailsdir}/${_jail}/monitor" + + ## skip if no monitor file + if [ $? -eq 1 ] && [ ! -f "${bastille_jail_monitor}" ]; then + continue + fi + + ## iterate service(s) and check service status; restart on failure + if [ $# -eq 1 ] && [ -z "${ACTION}" ] && [ -f "${bastille_jail_monitor}" ]; then + for _service in $(xargs < "${bastille_jail_monitor}"); do + ## check service status + if ! bastille service "${_jail}" "${_service}" status; then + echo "$(date '+%Y-%m-%d %H:%M:%S'): ${_service} service not running in ${_jail}. Restarting..." | tee -a "$LOGFILE" + + ## attempt to restart the service if needed; update logs if unable + if ! bastille service "${_jail}" "${_service}" restart; then + echo "$(date '+%Y-%m-%d %H:%M:%S'): Failed to restart ${_service} service in ${_jail}." | tee -a "$LOGFILE" + SERVICE_FAILED=1 + fi + fi + done + fi + + if [ -n "${ACTION}" ]; then + case ${ACTION} in + add) + for _service in $(echo "${SERVICE}" | tr , ' '); do + echo "${_service}" >> "${bastille_jail_monitor}" + tmpfile="$(mktemp)" + sort "${bastille_jail_monitor}" | uniq > "${tmpfile}" + mv "${tmpfile}" "${bastille_jail_monitor}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${LOGFILE}" + done + ;; + del*) + for _service in $(echo "${SERVICE}" | tr , ' '); do + [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file + tmpfile="$(mktemp)" + grep -Ev "^${_service}\$" "${bastille_jail_monitor}" > "${tmpfile}" + mv "${tmpfile}" "${bastille_jail_monitor}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${LOGFILE}" + # delete monitor file if empty + [ ! -s "${bastille_jail_monitor}" ] && rm "${bastille_jail_monitor}" + done + ;; + list) + if [ -n "${SERVICE}" ]; then + if echo "${SERVICE}" | grep ','; then + usage # Only one service per query + fi + [ ! -f "${bastille_jail_monitor}" ] && continue # skip if there is no monitor file + if grep -qE "^${SERVICE}\$" "${bastille_jail_monitor}"; then + #echo "${_jail}" + continue + fi + else + if [ -f "${bastille_jail_monitor}" ]; then + echo -n "${_jail}: " + xargs < "${bastille_jail_monitor}" + fi + fi + ;; + *) + usage + ;; + esac + fi + + bastille_running_jobs "${bastille_process_limit}" + + +done + +# Final ping to healthcheck URL +if [ "$SERVICE_FAILED" -eq 0 ]; then + curl -fsS --retry 3 "${bastille_monitor_healthchecks}" > /dev/null 2>&1 +else + curl -fsS --retry 3 "${bastille_monitor_healthchecks}/fail" > /dev/null 2>&1 +fi + +wait From 91dd8b2c032e9020a5ad61b60949c6acd30c68f0 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Fri, 18 Jul 2025 20:30:24 -0600 Subject: [PATCH 02/27] set default cron to every 5 minutes --- usr/local/etc/bastille/bastille.conf.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/etc/bastille/bastille.conf.sample b/usr/local/etc/bastille/bastille.conf.sample index 128858e3..e246854b 100644 --- a/usr/local/etc/bastille/bastille.conf.sample +++ b/usr/local/etc/bastille/bastille.conf.sample @@ -71,5 +71,5 @@ bastille_template_vlan="default/vlan" ## default ## Monitoring bastille_monitor_cron_path="/usr/local/etc/cron.d/bastille-monitor" ## default: "/usr/local/etc/cron.d/bastille-monitor" -bastille_monitor_cron="* * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" # default: "*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" +bastille_monitor_cron="*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" # default: "*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" bastille_monitor_healthchecks="" ## default: "" From 64fc818fa7c4bf9b79f7fa11bf4f5e4192d67402 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Fri, 18 Jul 2025 20:33:27 -0600 Subject: [PATCH 03/27] only attempt healthchecks URL if non-empty --- usr/local/share/bastille/monitor.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 4a17acf5..b1c36bf6 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -191,9 +191,11 @@ done # Final ping to healthcheck URL if [ "$SERVICE_FAILED" -eq 0 ]; then - curl -fsS --retry 3 "${bastille_monitor_healthchecks}" > /dev/null 2>&1 -else - curl -fsS --retry 3 "${bastille_monitor_healthchecks}/fail" > /dev/null 2>&1 + if [ -n "${bastille_monitor_healthchecks}" ]; then + curl -fsS --retry 3 "${bastille_monitor_healthchecks}" > /dev/null 2>&1 + else + curl -fsS --retry 3 "${bastille_monitor_healthchecks}/fail" > /dev/null 2>&1 + fi fi wait From cda262d115ea21d23a7a3ebb74a870af92367d22 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Fri, 18 Jul 2025 20:38:14 -0600 Subject: [PATCH 04/27] make monitor logfile configurable --- usr/local/etc/bastille/bastille.conf.sample | 1 + usr/local/share/bastille/monitor.sh | 14 ++++++-------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/usr/local/etc/bastille/bastille.conf.sample b/usr/local/etc/bastille/bastille.conf.sample index e246854b..a3f9b7c2 100644 --- a/usr/local/etc/bastille/bastille.conf.sample +++ b/usr/local/etc/bastille/bastille.conf.sample @@ -72,4 +72,5 @@ bastille_template_vlan="default/vlan" ## default ## Monitoring bastille_monitor_cron_path="/usr/local/etc/cron.d/bastille-monitor" ## default: "/usr/local/etc/cron.d/bastille-monitor" bastille_monitor_cron="*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" # default: "*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" +bastille_monitor_logfile="${bastille_logsdir}/monitor.log" ## default: "${bastille_logsdir}/monitor.log" bastille_monitor_healthchecks="" ## default: "" diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index b1c36bf6..444f7280 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -48,8 +48,6 @@ EOF exit 1 } -LOGFILE="/var/log/bastille/monitor.log" - # Handle options. while [ "$#" -gt 0 ]; do case "${1}" in @@ -64,7 +62,7 @@ while [ "$#" -gt 0 ]; do if [ ! -f "${bastille_monitor_cron_path}" ]; then mkdir -p /usr/local/etc/cron.d echo "${bastille_monitor_cron}" >> "${bastille_monitor_cron_path}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Added cron entry at ${bastille_monitor_cron_path}" >> "${LOGFILE}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Added cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" echo "Cron entry enabled." else echo "Cron entry already enabled." @@ -75,7 +73,7 @@ while [ "$#" -gt 0 ]; do -d|--disable) if [ -f "${bastille_monitor_cron_path}" ]; then rm -f "${bastille_monitor_cron_path}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed cron entry at ${bastille_monitor_cron_path}" >> "${LOGFILE}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" echo "Cron entry disabled." else echo "Cron entry already disabled." @@ -128,11 +126,11 @@ for _jail in ${JAILS}; do for _service in $(xargs < "${bastille_jail_monitor}"); do ## check service status if ! bastille service "${_jail}" "${_service}" status; then - echo "$(date '+%Y-%m-%d %H:%M:%S'): ${_service} service not running in ${_jail}. Restarting..." | tee -a "$LOGFILE" + echo "$(date '+%Y-%m-%d %H:%M:%S'): ${_service} service not running in ${_jail}. Restarting..." | tee -a "${bastille_monitor_logfile}" ## attempt to restart the service if needed; update logs if unable if ! bastille service "${_jail}" "${_service}" restart; then - echo "$(date '+%Y-%m-%d %H:%M:%S'): Failed to restart ${_service} service in ${_jail}." | tee -a "$LOGFILE" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Failed to restart ${_service} service in ${_jail}." | tee -a "${bastille_monitor_logfile}" SERVICE_FAILED=1 fi fi @@ -147,7 +145,7 @@ for _jail in ${JAILS}; do tmpfile="$(mktemp)" sort "${bastille_jail_monitor}" | uniq > "${tmpfile}" mv "${tmpfile}" "${bastille_jail_monitor}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${LOGFILE}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" done ;; del*) @@ -156,7 +154,7 @@ for _jail in ${JAILS}; do tmpfile="$(mktemp)" grep -Ev "^${_service}\$" "${bastille_jail_monitor}" > "${tmpfile}" mv "${tmpfile}" "${bastille_jail_monitor}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${LOGFILE}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" # delete monitor file if empty [ ! -s "${bastille_jail_monitor}" ] && rm "${bastille_jail_monitor}" done From 57b4bb548c2929b883cffec391a5ced755fe4b16 Mon Sep 17 00:00:00 2001 From: Christer Edwards Date: Fri, 18 Jul 2025 20:59:26 -0600 Subject: [PATCH 05/27] update docs to describe monitor command --- docs/chapters/configuration.rst | 7 ++++ docs/chapters/subcommands/monitor.rst | 55 +++++++++++++++++++++++++++ docs/chapters/usage.rst | 3 +- 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 docs/chapters/subcommands/monitor.rst diff --git a/docs/chapters/configuration.rst b/docs/chapters/configuration.rst index 7212e6e2..5c6b7de0 100644 --- a/docs/chapters/configuration.rst +++ b/docs/chapters/configuration.rst @@ -81,6 +81,13 @@ This is the default `bastille.conf` file. bastille_template_thin="default/thin" ## default: "default/thin" bastille_template_vnet="default/vnet" ## default: "default/vnet" + ## Monitoring + bastille_monitor_cron_path="/usr/local/etc/cron.d/bastille-monitor" ## default: "/usr/local/etc/cron.d/bastille-monitor" + bastille_monitor_cron="*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" # default: "*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" + bastille_monitor_logfile="${bastille_logsdir}/monitor.log" ## default: "${bastille_logsdir}/monitor.log" + bastille_monitor_healthchecks="" ## default: "" + + Notes ----- diff --git a/docs/chapters/subcommands/monitor.rst b/docs/chapters/subcommands/monitor.rst new file mode 100644 index 00000000..567342e0 --- /dev/null +++ b/docs/chapters/subcommands/monitor.rst @@ -0,0 +1,55 @@ +Monitor +======= + +NEW in Bastille version 1.1.20250814 + +The ``monitor`` sub-command adds, removes, lists and enables/disables monitoring for container services. + +.. code-block:: shell + + ishmael ~ # bastille monitor help ## display monitor help + ishmael ~ # bastille monitor TARGET add "service1 service2" ## add the services "service1" and "service2" to TARGET monitoring + ishmael ~ # bastille monitor TARGET delete service1 ## delete service "service1" from TARGET monitoring + ishmael ~ # bastille monitor TARGET list ## list services monitored on TARGET + ishmael ~ # bastille monitor ALL list ## list monitored services from ALL containers + + ishmael ~ # bastille monitor -s ## return monitoring cronjob status + ishmael ~ # bastille monitor -e ## enable monitoring cronjob + ishmael ~ # bastille monitor -d ## disable monitoring cronjob + +.. code-block:: shell + + ishmael ~ # bastille monitor help + Usage: bastille monitor [option(s)] TARGET [add|delete|list] [service1 service2] + + Options: + + -x | --debug Enable debug mode. + -e | --enable Enable (install) bastille-monitor cronjob. Configurable in bastille.conf. + -d | --disable Disable (uninstall) bastille-monitor cronjob. + -s | --status Return monitor status (Enabled or Disabled). + + +Configuration +------------- + +The monitor sub-command is configurable via the `bastille.conf` file. See below +for configuration defaults: + +.. code-block:: shell + + bastille_monitor_cron_path="/usr/local/etc/cron.d/bastille-monitor" + bastille_monitor_cron="*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2&>1" + bastille_monitor_logfile="${bastille_logsdir}/monitor.log" + bastille_monitor_healthchecks="" + + +Alerting modules +---------------- + +The first alerting module to be supported is Health Checks +(https://healthchecks.io), which is both a free SaaS service (up to 20 checks) +and provides a self-hosted option (see `sysutils/py-healthchecks`). + +Simply configure the `${bastille_monitor_healthchecks}` variable with your Ping +URL and you're done! diff --git a/docs/chapters/usage.rst b/docs/chapters/usage.rst index b6623a8f..ace08701 100644 --- a/docs/chapters/usage.rst +++ b/docs/chapters/usage.rst @@ -29,6 +29,7 @@ Usage limits Apply resources limits to targeted jail(s). See rctl(8) and cpuset(1). list List jails, releases, templates and more... migrate Migrate targeted jail(s) to a remote system. + monitor Monitor and attempt to restart container service(s). Manual and cron execution. mount Mount a volume inside targeted jail(s). network Add or remove interfaces from targeted jail(s). pkg Manipulate binary packages within targeted jail(s). See pkg(8). @@ -53,4 +54,4 @@ Usage Use "bastille -v|--version" for version information. Use "bastille command -h|--help" for more information about a command. Use "bastille -c|--config config.conf command" to specify a non-default config file. - Use "bastille -p|--parallel VALUE command" to run bastille in parallel mode. \ No newline at end of file + Use "bastille -p|--parallel VALUE command" to run bastille in parallel mode. From 3133a20f622ccb8f46f09ad7637d1eb762968a21 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 21 Jul 2025 07:51:54 -0600 Subject: [PATCH 06/27] monitor: Organize options alphabetically + remove parallel --- usr/local/share/bastille/monitor.sh | 39 +++++++++++++---------------- 1 file changed, 17 insertions(+), 22 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 444f7280..2caea9c5 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -39,10 +39,10 @@ usage() { Options: - -x | --debug Enable debug mode. - -e | --enable Enable (install) bastille-monitor cronjob. Configurable in bastille.conf. - -d | --disable Disable (uninstall) bastille-monitor cronjob. - -s | --status Return monitor status (Enabled or Disabled). + -e | --enable Enable (install) bastille-monitor cronjob. Configurable in bastille.conf. + -d | --disable Disable (uninstall) bastille-monitor cronjob. + -s | --status Return monitor status (Enabled or Disabled). + -x | --debug Enable debug mode. EOF exit 1 @@ -53,34 +53,30 @@ while [ "$#" -gt 0 ]; do case "${1}" in -h|--help|help) usage - ;; - -x|--debug) - enable_debug - shift - ;; + ;; -e|--enable) if [ ! -f "${bastille_monitor_cron_path}" ]; then mkdir -p /usr/local/etc/cron.d echo "${bastille_monitor_cron}" >> "${bastille_monitor_cron_path}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Added cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" echo "Cron entry enabled." - else + else echo "Cron entry already enabled." - fi + fi shift exit 0 - ;; + ;; -d|--disable) if [ -f "${bastille_monitor_cron_path}" ]; then rm -f "${bastille_monitor_cron_path}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" echo "Cron entry disabled." - else + else echo "Cron entry already disabled." fi shift exit 0 - ;; + ;; -s|--status) if [ -f "${bastille_monitor_cron_path}" ]; then echo "Bastille Monitor is Enabled." @@ -90,13 +86,17 @@ while [ "$#" -gt 0 ]; do exit 1 fi shift - ;; + ;; + -x|--debug) + enable_debug + shift + ;; -*) error_exit "[ERROR]: Unknown Option: \"${1}\"" - ;; + ;; *) break - ;; + ;; esac done @@ -182,9 +182,6 @@ for _jail in ${JAILS}; do esac fi - bastille_running_jobs "${bastille_process_limit}" - - done # Final ping to healthcheck URL @@ -195,5 +192,3 @@ if [ "$SERVICE_FAILED" -eq 0 ]; then curl -fsS --retry 3 "${bastille_monitor_healthchecks}/fail" > /dev/null 2>&1 fi fi - -wait From 05f4453af163d848b4306222106125d8b61e2683 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 16:31:56 -0600 Subject: [PATCH 07/27] monitor: Adjust for actions that do not have TARGET --- usr/local/share/bastille/monitor.sh | 94 +++++++++++++++-------------- 1 file changed, 50 insertions(+), 44 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 2caea9c5..3a64f719 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -34,14 +34,14 @@ . /usr/local/share/bastille/common.sh usage() { - error_notify "Usage: bastille monitor [option(s)] TARGET [add|delete|list] [service1 service2]" + error_notify "Usage: bastille monitor [option(s)] enable|disable|status" + error_notify " TARGET add|delete service1,service2" + error_notify " TARGET list" + error_notify " TARGET" cat << EOF Options: - -e | --enable Enable (install) bastille-monitor cronjob. Configurable in bastille.conf. - -d | --disable Disable (uninstall) bastille-monitor cronjob. - -s | --status Return monitor status (Enabled or Disabled). -x | --debug Enable debug mode. EOF @@ -54,39 +54,6 @@ while [ "$#" -gt 0 ]; do -h|--help|help) usage ;; - -e|--enable) - if [ ! -f "${bastille_monitor_cron_path}" ]; then - mkdir -p /usr/local/etc/cron.d - echo "${bastille_monitor_cron}" >> "${bastille_monitor_cron_path}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Added cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" - echo "Cron entry enabled." - else - echo "Cron entry already enabled." - fi - shift - exit 0 - ;; - -d|--disable) - if [ -f "${bastille_monitor_cron_path}" ]; then - rm -f "${bastille_monitor_cron_path}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" - echo "Cron entry disabled." - else - echo "Cron entry already disabled." - fi - shift - exit 0 - ;; - -s|--status) - if [ -f "${bastille_monitor_cron_path}" ]; then - echo "Bastille Monitor is Enabled." - exit 0 - else - echo "Bastille Monitor is Disabled." - exit 1 - fi - shift - ;; -x|--debug) enable_debug shift @@ -100,15 +67,54 @@ while [ "$#" -gt 0 ]; do esac done -if [ $# -gt 3 ]; then - usage -fi +# Handle global actions. +case "${1}" in + enable) + [ "$#" -eq 1 ] || usage + if [ ! -f "${bastille_monitor_cron_path}" ]; then + mkdir -p /usr/local/etc/cron.d + echo "${bastille_monitor_cron}" >> "${bastille_monitor_cron_path}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Added cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" + echo "Cron entry enabled." + exit 0 + else + echo "Cron entry already enabled." + exit 1 + fi + ;; + disable) + [ "$#" -eq 1 ] || usage + if [ -f "${bastille_monitor_cron_path}" ]; then + rm -f "${bastille_monitor_cron_path}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" + echo "Cron entry disabled." + exit 0 + else + echo "Cron entry already disabled." + exit 1 + fi + ;; + status) + [ "$#" -eq 1 ] || usage + if [ -f "${bastille_monitor_cron_path}" ]; then + echo "Bastille Monitor is Enabled." + exit 0 + else + echo "Bastille Monitor is Disabled." + exit 1 + fi + ;; +esac TARGET="${1}" ACTION="${2}" SERVICE="${3}" SERVICE_FAILED=0 +if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then + usage +fi + bastille_root_check set_target "${TARGET}" @@ -147,7 +153,7 @@ for _jail in ${JAILS}; do mv "${tmpfile}" "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" done - ;; + ;; del*) for _service in $(echo "${SERVICE}" | tr , ' '); do [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file @@ -158,7 +164,7 @@ for _jail in ${JAILS}; do # delete monitor file if empty [ ! -s "${bastille_jail_monitor}" ] && rm "${bastille_jail_monitor}" done - ;; + ;; list) if [ -n "${SERVICE}" ]; then if echo "${SERVICE}" | grep ','; then @@ -175,10 +181,10 @@ for _jail in ${JAILS}; do xargs < "${bastille_jail_monitor}" fi fi - ;; + ;; *) usage - ;; + ;; esac fi From 019b27ab329b862545d3d11d257cb630a89fb1ef Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 16:40:53 -0600 Subject: [PATCH 08/27] monitor: set args number for each action --- usr/local/share/bastille/monitor.sh | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 3a64f719..339513b0 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -75,11 +75,10 @@ case "${1}" in mkdir -p /usr/local/etc/cron.d echo "${bastille_monitor_cron}" >> "${bastille_monitor_cron_path}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Added cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" - echo "Cron entry enabled." + info "\nBastille Monitor enabled.\n" exit 0 else - echo "Cron entry already enabled." - exit 1 + error_exit "\nBastille Monitor already enabled.\n" fi ;; disable) @@ -87,20 +86,19 @@ case "${1}" in if [ -f "${bastille_monitor_cron_path}" ]; then rm -f "${bastille_monitor_cron_path}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" - echo "Cron entry disabled." + info "\nBastille Monitor disabled.\n" exit 0 else - echo "Cron entry already disabled." - exit 1 + error_exit "\nBastille Monitor already disabled.\n" fi ;; status) [ "$#" -eq 1 ] || usage if [ -f "${bastille_monitor_cron_path}" ]; then - echo "Bastille Monitor is Enabled." + info "\nBastille Monitor is Enabled.\n" exit 0 else - echo "Bastille Monitor is Disabled." + info "\nBastille Monitor is Disabled.\n" exit 1 fi ;; @@ -111,10 +109,6 @@ ACTION="${2}" SERVICE="${3}" SERVICE_FAILED=0 -if [ "$#" -lt 2 ] || [ "$#" -gt 3 ]; then - usage -fi - bastille_root_check set_target "${TARGET}" @@ -128,7 +122,7 @@ for _jail in ${JAILS}; do fi ## iterate service(s) and check service status; restart on failure - if [ $# -eq 1 ] && [ -z "${ACTION}" ] && [ -f "${bastille_jail_monitor}" ]; then + if [ "$#" -eq 1 ] && [ -z "${ACTION}" ] && [ -f "${bastille_jail_monitor}" ]; then for _service in $(xargs < "${bastille_jail_monitor}"); do ## check service status if ! bastille service "${_jail}" "${_service}" status; then @@ -146,6 +140,7 @@ for _jail in ${JAILS}; do if [ -n "${ACTION}" ]; then case ${ACTION} in add) + [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do echo "${_service}" >> "${bastille_jail_monitor}" tmpfile="$(mktemp)" @@ -155,6 +150,7 @@ for _jail in ${JAILS}; do done ;; del*) + [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file tmpfile="$(mktemp)" @@ -166,6 +162,7 @@ for _jail in ${JAILS}; do done ;; list) + [ -z "${SERVICE}" ] || usage if [ -n "${SERVICE}" ]; then if echo "${SERVICE}" | grep ','; then usage # Only one service per query From da0f8c1d169c885c0f87c57c76121f5f69547eb6 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 17:12:37 -0600 Subject: [PATCH 09/27] monitor: simplify some things --- usr/local/share/bastille/monitor.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 339513b0..688538a5 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -67,6 +67,8 @@ while [ "$#" -gt 0 ]; do esac done +[ "$#" -eq 0 ] && usage + # Handle global actions. case "${1}" in enable) @@ -142,39 +144,37 @@ for _jail in ${JAILS}; do add) [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do - echo "${_service}" >> "${bastille_jail_monitor}" - tmpfile="$(mktemp)" - sort "${bastille_jail_monitor}" | uniq > "${tmpfile}" - mv "${tmpfile}" "${bastille_jail_monitor}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" + if ! grep -qE "^${_service}\$" "${bastille_jail_monitor}"; then + echo "${_service}" >> "${bastille_jail_monitor}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" + fi done ;; del*) [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file - tmpfile="$(mktemp)" - grep -Ev "^${_service}\$" "${bastille_jail_monitor}" > "${tmpfile}" - mv "${tmpfile}" "${bastille_jail_monitor}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" + if grep -qE "^${_service}\$" "${bastille_jail_monitor}"; then + sed -i '' "/^${_service}\$/d" "${bastille_jail_monitor}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" + fi # delete monitor file if empty [ ! -s "${bastille_jail_monitor}" ] && rm "${bastille_jail_monitor}" done ;; list) - [ -z "${SERVICE}" ] || usage if [ -n "${SERVICE}" ]; then if echo "${SERVICE}" | grep ','; then usage # Only one service per query fi [ ! -f "${bastille_jail_monitor}" ] && continue # skip if there is no monitor file if grep -qE "^${SERVICE}\$" "${bastille_jail_monitor}"; then - #echo "${_jail}" - continue + echo "${_jail}" + continue fi else if [ -f "${bastille_jail_monitor}" ]; then - echo -n "${_jail}: " + info "\n[${_jail}]:" xargs < "${bastille_jail_monitor}" fi fi From e84e39e313eea1759dcc47c72a92be559024f879 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 17:13:43 -0600 Subject: [PATCH 10/27] Update monitor.sh --- usr/local/share/bastille/monitor.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 688538a5..44ffe3c7 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -67,8 +67,6 @@ while [ "$#" -gt 0 ]; do esac done -[ "$#" -eq 0 ] && usage - # Handle global actions. case "${1}" in enable) @@ -106,6 +104,8 @@ case "${1}" in ;; esac +[ "$#" -eq 0 ] && usage + TARGET="${1}" ACTION="${2}" SERVICE="${3}" From 29e9c7baf71aff825a45ee097d5600a942d23529 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 17:16:01 -0600 Subject: [PATCH 11/27] monitor: Suppress errors --- usr/local/share/bastille/monitor.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 44ffe3c7..d68ef0f3 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -144,7 +144,7 @@ for _jail in ${JAILS}; do add) [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do - if ! grep -qE "^${_service}\$" "${bastille_jail_monitor}"; then + if ! grep -qE "^${_service}\$" "${bastille_jail_monitor}" 2>&1; then echo "${_service}" >> "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" fi @@ -154,7 +154,7 @@ for _jail in ${JAILS}; do [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file - if grep -qE "^${_service}\$" "${bastille_jail_monitor}"; then + if grep -qE "^${_service}\$" "${bastille_jail_monitor}" 2>&1; then sed -i '' "/^${_service}\$/d" "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" fi @@ -168,7 +168,7 @@ for _jail in ${JAILS}; do usage # Only one service per query fi [ ! -f "${bastille_jail_monitor}" ] && continue # skip if there is no monitor file - if grep -qE "^${SERVICE}\$" "${bastille_jail_monitor}"; then + if grep -qE "^${SERVICE}\$" "${bastille_jail_monitor}" 2>&1; then echo "${_jail}" continue fi From 21f871264316b6d17ee59482b121dc3b336bf7d5 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 17:17:30 -0600 Subject: [PATCH 12/27] Update monitor.sh --- usr/local/share/bastille/monitor.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index d68ef0f3..25960735 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -144,7 +144,7 @@ for _jail in ${JAILS}; do add) [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do - if ! grep -qE "^${_service}\$" "${bastille_jail_monitor}" 2>&1; then + if ! grep -qE "^${_service}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then echo "${_service}" >> "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" fi @@ -154,7 +154,7 @@ for _jail in ${JAILS}; do [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file - if grep -qE "^${_service}\$" "${bastille_jail_monitor}" 2>&1; then + if grep -qE "^${_service}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then sed -i '' "/^${_service}\$/d" "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" fi @@ -168,7 +168,7 @@ for _jail in ${JAILS}; do usage # Only one service per query fi [ ! -f "${bastille_jail_monitor}" ] && continue # skip if there is no monitor file - if grep -qE "^${SERVICE}\$" "${bastille_jail_monitor}" 2>&1; then + if grep -qE "^${SERVICE}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then echo "${_jail}" continue fi From a3f450c3e3d04d33cdc3e71ccb6b1ac9f40ee40b Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 17:18:25 -0600 Subject: [PATCH 13/27] monitor: suppress more errors --- usr/local/share/bastille/monitor.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 25960735..0c691cfd 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -144,7 +144,7 @@ for _jail in ${JAILS}; do add) [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do - if ! grep -qE "^${_service}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then + if ! grep -qEs "^${_service}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then echo "${_service}" >> "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" fi @@ -154,7 +154,7 @@ for _jail in ${JAILS}; do [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file - if grep -qE "^${_service}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then + if grep -qEs "^${_service}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then sed -i '' "/^${_service}\$/d" "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" fi @@ -168,7 +168,7 @@ for _jail in ${JAILS}; do usage # Only one service per query fi [ ! -f "${bastille_jail_monitor}" ] && continue # skip if there is no monitor file - if grep -qE "^${SERVICE}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then + if grep -qEs "^${SERVICE}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then echo "${_jail}" continue fi From 974ec635089dd37303c6ee4119d61239ce7984c8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 19:03:29 -0600 Subject: [PATCH 14/27] monitor: final revision --- usr/local/share/bastille/monitor.sh | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 0c691cfd..fdce9f5c 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -36,7 +36,7 @@ usage() { error_notify "Usage: bastille monitor [option(s)] enable|disable|status" error_notify " TARGET add|delete service1,service2" - error_notify " TARGET list" + error_notify " TARGET list [service]" error_notify " TARGET" cat << EOF @@ -78,7 +78,7 @@ case "${1}" in info "\nBastille Monitor enabled.\n" exit 0 else - error_exit "\nBastille Monitor already enabled.\n" + error_exit "\nBastille Monitor already enabled." fi ;; disable) @@ -89,7 +89,7 @@ case "${1}" in info "\nBastille Monitor disabled.\n" exit 0 else - error_exit "\nBastille Monitor already disabled.\n" + error_exit "\nBastille Monitor already disabled." fi ;; status) @@ -104,7 +104,9 @@ case "${1}" in ;; esac -[ "$#" -eq 0 ] && usage +if [ "$#" -eq 0 ]; then + usage +fi TARGET="${1}" ACTION="${2}" @@ -124,10 +126,10 @@ for _jail in ${JAILS}; do fi ## iterate service(s) and check service status; restart on failure - if [ "$#" -eq 1 ] && [ -z "${ACTION}" ] && [ -f "${bastille_jail_monitor}" ]; then + if [ -z "${ACTION}" ] && [ -f "${bastille_jail_monitor}" ]; then for _service in $(xargs < "${bastille_jail_monitor}"); do ## check service status - if ! bastille service "${_jail}" "${_service}" status; then + if ! bastille service "${_jail}" "${_service}" status >/dev/null 2>/dev/null; then echo "$(date '+%Y-%m-%d %H:%M:%S'): ${_service} service not running in ${_jail}. Restarting..." | tee -a "${bastille_monitor_logfile}" ## attempt to restart the service if needed; update logs if unable @@ -137,14 +139,12 @@ for _jail in ${JAILS}; do fi fi done - fi - - if [ -n "${ACTION}" ]; then + elif [ -n "${ACTION}" ]; then case ${ACTION} in add) [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do - if ! grep -qEs "^${_service}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then + if ! grep -Eqs "^${_service}\$" "${bastille_jail_monitor}"; then echo "${_service}" >> "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" fi @@ -154,7 +154,7 @@ for _jail in ${JAILS}; do [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file - if grep -qEs "^${_service}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then + if grep -Eqs "^${_service}\$" "${bastille_jail_monitor}"; then sed -i '' "/^${_service}\$/d" "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" fi @@ -168,13 +168,13 @@ for _jail in ${JAILS}; do usage # Only one service per query fi [ ! -f "${bastille_jail_monitor}" ] && continue # skip if there is no monitor file - if grep -qEs "^${SERVICE}\$" "${bastille_jail_monitor}" 2>/dev/null 2>&1; then + if grep -Eqs "^${SERVICE}\$" "${bastille_jail_monitor}"; then echo "${_jail}" continue fi else if [ -f "${bastille_jail_monitor}" ]; then - info "\n[${_jail}]:" + echo -n "${_jail}: " xargs < "${bastille_jail_monitor}" fi fi From a8820a90eaf637ee2842d56ed96d577c9f27ad87 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 19:06:09 -0600 Subject: [PATCH 15/27] docs: add monitor to index --- docs/chapters/subcommands/index.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/chapters/subcommands/index.rst b/docs/chapters/subcommands/index.rst index ca46d87c..9139bb7e 100644 --- a/docs/chapters/subcommands/index.rst +++ b/docs/chapters/subcommands/index.rst @@ -23,6 +23,7 @@ Bastille sub-commands limits list migrate + monitor mount network pkg From 995281396c2a2f6cf26ac254fab6e9d63efadd76 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 19:50:04 -0600 Subject: [PATCH 16/27] docs: monitor: more detail --- docs/chapters/subcommands/monitor.rst | 68 ++++++++++++++++++--------- 1 file changed, 47 insertions(+), 21 deletions(-) diff --git a/docs/chapters/subcommands/monitor.rst b/docs/chapters/subcommands/monitor.rst index 567342e0..cd1a57a2 100644 --- a/docs/chapters/subcommands/monitor.rst +++ b/docs/chapters/subcommands/monitor.rst @@ -1,39 +1,49 @@ -Monitor +monitor ======= NEW in Bastille version 1.1.20250814 The ``monitor`` sub-command adds, removes, lists and enables/disables monitoring for container services. -.. code-block:: shell - ishmael ~ # bastille monitor help ## display monitor help - ishmael ~ # bastille monitor TARGET add "service1 service2" ## add the services "service1" and "service2" to TARGET monitoring - ishmael ~ # bastille monitor TARGET delete service1 ## delete service "service1" from TARGET monitoring - ishmael ~ # bastille monitor TARGET list ## list services monitored on TARGET - ishmael ~ # bastille monitor ALL list ## list monitored services from ALL containers +Managing Bastille Monitor +------------------------- - ishmael ~ # bastille monitor -s ## return monitoring cronjob status - ishmael ~ # bastille monitor -e ## enable monitoring cronjob - ishmael ~ # bastille monitor -d ## disable monitoring cronjob +To enable Bastille monitoring, run ``bastille monitor enable``. -.. code-block:: shell +To disable Bastille monitoring, run ``bastille monitor disable``. - ishmael ~ # bastille monitor help - Usage: bastille monitor [option(s)] TARGET [add|delete|list] [service1 service2] +We can always check if Bastille monitoring is active with ``bastille monitor status``. - Options: - -x | --debug Enable debug mode. - -e | --enable Enable (install) bastille-monitor cronjob. Configurable in bastille.conf. - -d | --disable Disable (uninstall) bastille-monitor cronjob. - -s | --status Return monitor status (Enabled or Disabled). +Managing Services +----------------- + +Bastille Monitor will attempt to monitor any services defined for any given container. If the service is +stopped, Bastille will attempt to restart it. Everything is logged in ``${bastille_monitor_logfile}``. + +To have Bastille monitor a service, run ``bastille monitor TARGET add SERVICE``. The ``SERVICE`` arg can also be a +comma-separated list of services such as ``bastille monitor TARGET add SERVICE1,SERVICE2``. + +To remove a service from monitoring, we can run ``bastille monitor TARGET delete SERVICE``. These can also be a +comma-separated list. + +To show all services that Bastille is monitoring, run ``bastille monitor TARGET list``. + +To list all jails that have a selected service defined for monitoring, run ``bastille monitor TARGET list SERVICE``. +This option only accepts a single ``SERVICE``, and cannot be a comma-separated list. + +If you run ``bastille monitor TARGET``, without any args or actions, Bastille will run through the process of +checking the status of each defined service, and attempt to start any that are stopped. + +Services can also be manually added or removed by editing the ``monitor`` file inside the jail directory, but +is not recommended unless you are an advanced user. Configuration ------------- -The monitor sub-command is configurable via the `bastille.conf` file. See below +The monitor sub-command is configurable via the ``bastille.conf`` file. See below for configuration defaults: .. code-block:: shell @@ -49,7 +59,23 @@ Alerting modules The first alerting module to be supported is Health Checks (https://healthchecks.io), which is both a free SaaS service (up to 20 checks) -and provides a self-hosted option (see `sysutils/py-healthchecks`). +and provides a self-hosted option (see ``sysutils/py-healthchecks``). -Simply configure the `${bastille_monitor_healthchecks}` variable with your Ping +Simply configure the ``${bastille_monitor_healthchecks}`` variable with your Ping URL and you're done! + + +Help +---- + +.. code-block:: shell + + ishmael ~ # bastille monitor help + Usage: bastille monitor [option(s)] enable|disable|status + TARGET add|delete|list service1,service2 + TARGET list [service] + TARGET + + Options: + + -x | --debug Enable debug mode. From 4c1997620b49359100fd5b02c91df004b116cea2 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 22 Jul 2025 21:24:05 -0600 Subject: [PATCH 17/27] monitor: use jexec --- usr/local/share/bastille/monitor.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index fdce9f5c..29776cb5 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -129,11 +129,11 @@ for _jail in ${JAILS}; do if [ -z "${ACTION}" ] && [ -f "${bastille_jail_monitor}" ]; then for _service in $(xargs < "${bastille_jail_monitor}"); do ## check service status - if ! bastille service "${_jail}" "${_service}" status >/dev/null 2>/dev/null; then + if ! jexec -l -u root "${_jail}" service "${_service}" status >/dev/null 2>/dev/null; then echo "$(date '+%Y-%m-%d %H:%M:%S'): ${_service} service not running in ${_jail}. Restarting..." | tee -a "${bastille_monitor_logfile}" ## attempt to restart the service if needed; update logs if unable - if ! bastille service "${_jail}" "${_service}" restart; then + if ! jexec -l -u root "${_jail}" service "${_service}" restart; then echo "$(date '+%Y-%m-%d %H:%M:%S'): Failed to restart ${_service} service in ${_jail}." | tee -a "${bastille_monitor_logfile}" SERVICE_FAILED=1 fi @@ -174,7 +174,7 @@ for _jail in ${JAILS}; do fi else if [ -f "${bastille_jail_monitor}" ]; then - echo -n "${_jail}: " + info "\n[${_jail}]:" xargs < "${bastille_jail_monitor}" fi fi From 0f8e2fc89423ae94bb700d721c08dd3870fc3d5e Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Thu, 24 Jul 2025 15:15:11 -0600 Subject: [PATCH 18/27] monitor: use -U --- usr/local/share/bastille/monitor.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 29776cb5..c79236d9 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -129,11 +129,11 @@ for _jail in ${JAILS}; do if [ -z "${ACTION}" ] && [ -f "${bastille_jail_monitor}" ]; then for _service in $(xargs < "${bastille_jail_monitor}"); do ## check service status - if ! jexec -l -u root "${_jail}" service "${_service}" status >/dev/null 2>/dev/null; then + if ! jexec -l -U root "${_jail}" service "${_service}" status >/dev/null 2>/dev/null; then echo "$(date '+%Y-%m-%d %H:%M:%S'): ${_service} service not running in ${_jail}. Restarting..." | tee -a "${bastille_monitor_logfile}" ## attempt to restart the service if needed; update logs if unable - if ! jexec -l -u root "${_jail}" service "${_service}" restart; then + if ! jexec -l -U root "${_jail}" service "${_service}" restart; then echo "$(date '+%Y-%m-%d %H:%M:%S'): Failed to restart ${_service} service in ${_jail}." | tee -a "${bastille_monitor_logfile}" SERVICE_FAILED=1 fi From 8b7385c1b0d2fc7f69dc639a5ea8a6f89c2f4b5a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 1 Dec 2025 23:17:33 -0500 Subject: [PATCH 19/27] monitor: spacing --- usr/local/share/bastille/monitor.sh | 41 ++++++++++++++--------------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index c79236d9..91831b1d 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -75,31 +75,31 @@ case "${1}" in mkdir -p /usr/local/etc/cron.d echo "${bastille_monitor_cron}" >> "${bastille_monitor_cron_path}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Added cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" - info "\nBastille Monitor enabled.\n" - exit 0 - else - error_exit "\nBastille Monitor already enabled." - fi + info "\nBastille Monitor: Enabled\n" + exit 0 + else + error_exit "\nBastille Monitor is already enabled." + fi ;; disable) [ "$#" -eq 1 ] || usage if [ -f "${bastille_monitor_cron_path}" ]; then rm -f "${bastille_monitor_cron_path}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed cron entry at ${bastille_monitor_cron_path}" >> "${bastille_monitor_logfile}" - info "\nBastille Monitor disabled.\n" - exit 0 - else - error_exit "\nBastille Monitor already disabled." + info "\nBastille Monitor: Disabled\n" + exit 0 + else + error_exit "\nBastille Monitor is not enabled." fi ;; status) [ "$#" -eq 1 ] || usage if [ -f "${bastille_monitor_cron_path}" ]; then - info "\nBastille Monitor is Enabled.\n" - exit 0 + info "\nBastille Monitor: Active\n" + exit 0 else - info "\nBastille Monitor is Disabled.\n" - exit 1 + info "\nBastille Monitor: Inactive\n" + exit 1 fi ;; esac @@ -147,17 +147,17 @@ for _jail in ${JAILS}; do if ! grep -Eqs "^${_service}\$" "${bastille_jail_monitor}"; then echo "${_service}" >> "${bastille_jail_monitor}" echo "$(date '+%Y-%m-%d %H:%M:%S'): Added monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" - fi + fi done ;; del*) - [ -z "${SERVICE}" ] && usage + [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do [ ! -f "${bastille_jail_monitor}" ] && break # skip if no monitor file if grep -Eqs "^${_service}\$" "${bastille_jail_monitor}"; then - sed -i '' "/^${_service}\$/d" "${bastille_jail_monitor}" - echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" - fi + sed -i '' "/^${_service}\$/d" "${bastille_jail_monitor}" + echo "$(date '+%Y-%m-%d %H:%M:%S'): Removed monitor for ${_service} on ${_jail}" >> "${bastille_monitor_logfile}" + fi # delete monitor file if empty [ ! -s "${bastille_jail_monitor}" ] && rm "${bastille_jail_monitor}" done @@ -170,11 +170,11 @@ for _jail in ${JAILS}; do [ ! -f "${bastille_jail_monitor}" ] && continue # skip if there is no monitor file if grep -Eqs "^${SERVICE}\$" "${bastille_jail_monitor}"; then echo "${_jail}" - continue + continue fi else if [ -f "${bastille_jail_monitor}" ]; then - info "\n[${_jail}]:" + info "\n[${_jail}]:" xargs < "${bastille_jail_monitor}" fi fi @@ -184,7 +184,6 @@ for _jail in ${JAILS}; do ;; esac fi - done # Final ping to healthcheck URL From c8a473e845c0ef180606e2dbb0334eb586c2ede1 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 1 Dec 2025 23:18:24 -0500 Subject: [PATCH 20/27] monotor: more spacing --- usr/local/share/bastille/monitor.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 91831b1d..1a1964ba 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -142,7 +142,7 @@ for _jail in ${JAILS}; do elif [ -n "${ACTION}" ]; then case ${ACTION} in add) - [ -z "${SERVICE}" ] && usage + [ -z "${SERVICE}" ] && usage for _service in $(echo "${SERVICE}" | tr , ' '); do if ! grep -Eqs "^${_service}\$" "${bastille_jail_monitor}"; then echo "${_service}" >> "${bastille_jail_monitor}" From f92463f345573d19b32abc59e0b10c9a417b61ad Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 2 Dec 2025 10:42:54 -0500 Subject: [PATCH 21/27] add missing vlan trmplate --- docs/chapters/configuration.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/chapters/configuration.rst b/docs/chapters/configuration.rst index 9b3b186c..f6ffc5bd 100644 --- a/docs/chapters/configuration.rst +++ b/docs/chapters/configuration.rst @@ -99,12 +99,13 @@ This is the default `bastille.conf` file. bastille_template_clone="default/clone" ## default: "default/clone" bastille_template_thin="default/thin" ## default: "default/thin" bastille_template_vnet="default/vnet" ## default: "default/vnet" + bastille_template_vnet="default/vlan" ## default: "default/vlan" ## Monitoring - bastille_monitor_cron_path="/usr/local/etc/cron.d/bastille-monitor" ## default: "/usr/local/etc/cron.d/bastille-monitor" - bastille_monitor_cron="*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" # default: "*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" - bastille_monitor_logfile="${bastille_logsdir}/monitor.log" ## default: "${bastille_logsdir}/monitor.log" - bastille_monitor_healthchecks="" ## default: "" + bastille_monitor_cron_path="/usr/local/etc/cron.d/bastille-monitor" ## default: "/usr/local/etc/cron.d/bastille-monitor" + bastille_monitor_cron="*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" ## default: "*/5 * * * * root /usr/local/bin/bastille monitor ALL >/dev/null 2>&1" + bastille_monitor_logfile="${bastille_logsdir}/monitor.log" ## default: "${bastille_logsdir}/monitor.log" + bastille_monitor_healthchecks="" ## default: "" Notes From 16e1cafd4737caaff64fb538d6c6e78ecff1a013 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 2 Dec 2025 10:43:55 -0500 Subject: [PATCH 22/27] Update configuration.rst --- docs/chapters/configuration.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/chapters/configuration.rst b/docs/chapters/configuration.rst index f6ffc5bd..11dd54e6 100644 --- a/docs/chapters/configuration.rst +++ b/docs/chapters/configuration.rst @@ -99,7 +99,7 @@ This is the default `bastille.conf` file. bastille_template_clone="default/clone" ## default: "default/clone" bastille_template_thin="default/thin" ## default: "default/thin" bastille_template_vnet="default/vnet" ## default: "default/vnet" - bastille_template_vnet="default/vlan" ## default: "default/vlan" + bastille_template_vlan="default/vlan" ## default: "default/vlan" ## Monitoring bastille_monitor_cron_path="/usr/local/etc/cron.d/bastille-monitor" ## default: "/usr/local/etc/cron.d/bastille-monitor" From 5dfffbf28d1d3f91ac4deffa13078121dfda9b7f Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 2 Dec 2025 15:57:23 -0700 Subject: [PATCH 23/27] monitor: continue on stopped jail --- usr/local/share/bastille/monitor.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 1a1964ba..a44e8904 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -95,10 +95,10 @@ case "${1}" in status) [ "$#" -eq 1 ] || usage if [ -f "${bastille_monitor_cron_path}" ]; then - info "\nBastille Monitor: Active\n" + info "\nBastille Monitor Status: Active\n" exit 0 else - info "\nBastille Monitor: Inactive\n" + info "\nBastille Monitor Status: Inactive\n" exit 1 fi ;; @@ -120,8 +120,8 @@ for _jail in ${JAILS}; do bastille_jail_monitor="${bastille_jailsdir}/${_jail}/monitor" - ## skip if no monitor file - if [ $? -eq 1 ] && [ ! -f "${bastille_jail_monitor}" ]; then + # Skip if no monitor file or stopped jail + if [ $? -eq 1 ] && { [ ! -f "${bastille_jail_monitor}" ] || ! check_target_is_running; }; then continue fi From 28d7528102f21cf28f8b4e4ca096eab60eb2cbf5 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 2 Dec 2025 16:26:01 -0700 Subject: [PATCH 24/27] monitor: fix jail stop check --- usr/local/share/bastille/monitor.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index a44e8904..392154c1 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -120,8 +120,8 @@ for _jail in ${JAILS}; do bastille_jail_monitor="${bastille_jailsdir}/${_jail}/monitor" - # Skip if no monitor file or stopped jail - if [ $? -eq 1 ] && { [ ! -f "${bastille_jail_monitor}" ] || ! check_target_is_running; }; then + # Skip if jail is not running or no monitor file + if ! check_target_is_running || [ ! -f "${bastille_jail_monitor}" ]; then continue fi From 4daa29efbda38f57120e68f2660bc354cc02585a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Tue, 2 Dec 2025 16:29:47 -0700 Subject: [PATCH 25/27] missid jail --- usr/local/share/bastille/monitor.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/monitor.sh b/usr/local/share/bastille/monitor.sh index 392154c1..e46611e5 100644 --- a/usr/local/share/bastille/monitor.sh +++ b/usr/local/share/bastille/monitor.sh @@ -121,7 +121,7 @@ for _jail in ${JAILS}; do bastille_jail_monitor="${bastille_jailsdir}/${_jail}/monitor" # Skip if jail is not running or no monitor file - if ! check_target_is_running || [ ! -f "${bastille_jail_monitor}" ]; then + if ! check_target_is_running "${_jail}" || [ ! -f "${bastille_jail_monitor}" ]; then continue fi From 3f54413b04407f87a0da6f655eead9759d5719c1 Mon Sep 17 00:00:00 2001 From: Victor Tschetter Date: Fri, 12 Dec 2025 08:27:10 -0700 Subject: [PATCH 26/27] monitor: man pages --- usr/local/share/man/man1/bastille-monitor.1 | 133 ++++++++++++++++++++ usr/local/share/man/man1/bastille.1 | 2 + usr/local/share/man/man5/bastille.conf.5 | 10 ++ 3 files changed, 145 insertions(+) create mode 100644 usr/local/share/man/man1/bastille-monitor.1 diff --git a/usr/local/share/man/man1/bastille-monitor.1 b/usr/local/share/man/man1/bastille-monitor.1 new file mode 100644 index 00000000..47e6af0e --- /dev/null +++ b/usr/local/share/man/man1/bastille-monitor.1 @@ -0,0 +1,133 @@ +.Dd 2025/12/12 +.Dt bastille-monitor 1 +.Os +.Sh NAME +.Nm bastille monitor +.Nd Monitor and attempt to restart jail service(s). +.Sh SYNOPSIS +.Nm +.Op Fl x +.Nm +.Op Fl x +.Ar enable|disable|status +.Nm +.Op Fl x +.Ar TARGET +.Sy add|delete +.Ar SERVICE1,SERVICE2 +.Nm +.Op Fl x +.Sy list +.Op SERVICE +.Sh DESCRIPTION +The +.Nm +sub-command will monitor jail services using the cron +mechanism. It will attempt to restart them if/when +they stop. See also +.Xr bastille.conf 5 . +.Bl -tag -width Ds +.It Sy bastille monitor Oo Fl x Oc Ar TARGET +.Bl -tag -width Ds +.It Fl x , Fl -debug +Enable debug mode. +.El +.Pp +Calling +.Nm +with only a +.Ar TARGET +is how we initiante the checking/restarting +of services. Any service(s) defined for +.Ar TARGET +will be restarted if they are stopped. +.It Sy bastille monitor Oo Fl x Oc Sy enable|disable|status +.Bl -tag -width Ds +.It Sy enable +This will enable monitoring, adding a cron entry to be +executed every 5 minutes, or the duration set +in 'bastille_monitor_cron'. See +.Xr bastille.conf 5 . +.It Sy disable +Disable the monitoring function. This will remove the +cron entry. +.It Sy status +Check if the monitor is currently active or inactive. +.It Fl x , Fl -debug +Enable debug mode. +.El +.It Sy bastille monitor Oo Fl x Oc Ar TARGET Sy add|delete Ar SERVICE1,SERVICE2 +.Bl -tag -width Ds +.It Sy add +Add the +.Ar SERVICE +to the list of services to be monitored. +.It Sy delete +Remove the +.Ar SERVICE +from the monitoring list. +.It Fl x , Fl -debug +Enable debug mode. +.El +.It Sy bastille monitor Oo Fl x Oc Ar TARGET Sy list Op SERVICE +.Bl -tag -width Ds +.It Sy list +List monitored service(s) for +.Ar TARGET . +If +.Ar SERVICE +is specified, list jail(s) that are monitoring that service. +Note that it will only list the jails given in +.Ar TARGET . +.It Fl x , Fl -debug +Enable debug mode. +.Sh EXAMPLES +.Bl -tag -width Ds +.It Enable the monitoring service: +.Sy bastille monitor enable +.It Add nginx to the monitor list for myjail: +.Sy bastille monitor myjail add nginx +.It Add nginx and caddy to the monitor list for myjail: +.Sy bastille monitor myjail add nginx,caddy +.It Check which jails are monitoring caddy: +.Sy bastille monitor ALL list caddy +.Sh SEE ALSO +.Xr bastille.conf 5 , +.Xr bastille-bootstrap 1 , +.Xr bastille-clone 1 , +.Xr bastille-cmd 1 , +.Xr bastille-config 1 , +.Xr bastille-console 1 , +.Xr bastille-convert 1 , +.Xr bastille-cp 1 , +.Xr bastille-create 1 , +.Xr bastille-destroy 1 , +.Xr bastille-edit 1 , +.Xr bastille-etcupdate 1 , +.Xr bastille-export 1 , +.Xr bastille-htop 1 , +.Xr bastille-import 1 , +.Xr bastille-jcp 1 , +.Xr bastille-limits 1 , +.Xr bastille-list 1 , +.Xr bastille-migrate 1 , +.Xr bastille-mount 1 , +.Xr bastille-network 1 , +.Xr bastille-pkg 1 , +.Xr bastille-rcp 1 , +.Xr bastille-rdr 1 , +.Xr bastille-rename 1 , +.Xr bastille-restart 1 , +.Xr bastille-service 1 , +.Xr bastille-setup 1 , +.Xr bastille-start 1 , +.Xr bastille-stop 1 , +.Xr bastille-sysrc 1 , +.Xr bastille-tags 1 , +.Xr bastille-template 1 , +.Xr bastille-top 1 , +.Xr bastille-umount 1 , +.Xr bastille-update 1 , +.Xr bastille-upgrade 1 , +.Xr bastille-verify 1 , +.Xr bastille-zfs 1 \ No newline at end of file diff --git a/usr/local/share/man/man1/bastille.1 b/usr/local/share/man/man1/bastille.1 index 2fbd8972..a52b4c4c 100644 --- a/usr/local/share/man/man1/bastille.1 +++ b/usr/local/share/man/man1/bastille.1 @@ -69,6 +69,8 @@ and List jails, releases, templates and more... .It Sy migrate Migrate jail(s) to a remote system. +.It Sy monitor +Monitor and attempt to restart jail service(s). .It Sy mount Mount files(s)/directorie(s) inside jail(s). .It Sy network diff --git a/usr/local/share/man/man5/bastille.conf.5 b/usr/local/share/man/man5/bastille.conf.5 index b16a932e..bc0fd2c0 100644 --- a/usr/local/share/man/man5/bastille.conf.5 +++ b/usr/local/share/man/man5/bastille.conf.5 @@ -128,6 +128,16 @@ The default template that is appled to thin jails. The default template that is appled to vnet jails. .It bastille_template_vlan The default template that is appled to vnet+vlan jails. +.Ss MONITORING +.It bastille_monitor_cron_path +Cron file for automatic monitoring entry. +.It bastille_monitor_cron +Actual cron entry. The default is to check every 5 minutes. +.It bastille_monitor_logfile +Log storage. +.It bastille_monitor_healthchecks +This is the FQDN for optional alert services. +Currently only supports 'healthchecks.io'. .Sh SEE ALSO .Xr bastille-bootstrap 1 , .Xr bastille-clone 1 , From 6f741a1e78485444a1c5211ab00fb3212c840c68 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Fri, 12 Dec 2025 08:37:19 -0700 Subject: [PATCH 27/27] config: remove unneeded notes --- docs/chapters/configuration.rst | 7 ------- 1 file changed, 7 deletions(-) diff --git a/docs/chapters/configuration.rst b/docs/chapters/configuration.rst index 2f1f07c5..64b39472 100644 --- a/docs/chapters/configuration.rst +++ b/docs/chapters/configuration.rst @@ -116,13 +116,6 @@ Notes The options here are fairly self-explanitory, but there are some things to note. -* If you use ZFS, DO NOT create the bastille dataset. You must only create the - parent. Bastille must be allowed to create the ``bastille`` child dataset, or - you will have issues. So, if you want bastille to live at - ``zroot/data/bastille`` you should set ``bastille_zfs_zpool`` to ``zroot`` and - ``bastille_zfs_prefix`` to ``data/bastille`` but you should only create - ``zroot/data`` before running bastille for the first time. - * Bastille will mount the dataset it creates at ``bastille_prefix`` which defaults to ``/usr/local/bastille``. So if you want to navigate to your jails, you will use the ``bastille_prefix`` as the location because this is where the