forked from SUSE/fissile-stemcell-SLE
-
Notifications
You must be signed in to change notification settings - Fork 0
/
monitrc.erb
26 lines (21 loc) · 1.21 KB
/
monitrc.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
set daemon 10
set logfile /var/vcap/monit/monit.log
# We use a random account here that's not read-only to allow local access to
# monit via the monit CLI. This is the only mechanism we've found that ensures
# remote access is read-only and accessible using the "knowable" credentials
# provided by the user. We're afraid of exposing writable access to remote clients
# using a non-TLS enabled connection.
set httpd port <%= p("fissile.monit.port") %> and use address 0.0.0.0
allow "<%= SecureRandom.hex %>":"<%= SecureRandom.hex %>"
allow "<%= p("fissile.monit.user") %>":"<%= p("fissile.monit.password") %>" read-only
include /etc/monit/monitrc.d/cron
include /etc/monit/monitrc.d/rsyslog
include /var/vcap/monit/*.monitrc
# Standard fissile job to handle post-start scripts. Currently the
# start command does its own dependency checking to work around issues
# in monit. When we reach use of monit 5.15+ the dependency
# information can shift out of the script to this job. It makes the
# job dynamic however, i.e. it will then have to be created and added
# by run.sh (As a post-start.monitrc file in the standard place).
check file post-start path /var/vcap/monit/ready
start program = "/opt/fissile/post-start.sh"