Monit is a utility for managing and monitoring processes, programs, files, directories and filesystems on a Unix system. It is often used to restart daemons on failures (e.g., a daemon crashed) or if an abnormal situation occurs (e.g., a daemon consumes too much CPU or RAM). Sometimes it is also used as a “poor man’s IDS” to detect changes into critical files and / or daemon binaries.

However, this functionality does not play well with package managers.

Consider a situation: `monit` is configured to watch MySQL and restart when it crashes:

check process mysqld with pidfile '/var/run/mysqld.pid'
    start program = "/usr/bin/systemctl start mysql"
    stop program = "/usr/bin/systemctl stop mysql"
    if failed host 127.0.0.1 port 3306 protocol mysql with timeout 10 seconds then restart
    if 5 restarts within 5 cycles then timeout
    depends on mysql_bin

check file mysql_bin with path /usr/sbin/mysqld
    if failed checksum       then unmonitor
    if failed permission 755 then unmonitor
    if failed uid root       then unmonitor
    if failed gid root       then unmonitor

Then, when you run `yum update`, and there is an update for `mysql` available, `yum` will stop `mysql` daemon, replace its binary, and then start `mysql` again.

What can go wrong here?

  1. `monit` activates in the middle of the process, detects that mysql is no longer running, and tries to start it.
  2. `monit` detects that `/usr/sbin/mysqld`’s checksum is now different, and “unmonitors” MySQL (which means it will not be automatically restarted on crashes).

The solution is obvious: stop `monit` before `yum` is run and start it afterwards. If you are OK with stopping and starting `monit` manually, then everything is great (but note that `yum` can be called by some external software such as a server control panel).

With `apt`, the solution is pretty easy: we can use `DPkg::Pre-Invoke` and `DPkg::Post-Invoke` hooks to stop and start monit. Unfortunately, I am not aware of similar configuration options for `yum`. However, `yum` supports plugins, and we can write a custom plugin to stop and start monit automatically.

import os

import yum
from yum.plugins import TYPE_CORE

requires_api_version = '2.1'
plugin_type = (TYPE_CORE,)

def pretrans_hook(conduit):
    conduit.info(2, 'Stopping monit')
    command = '/usr/bin/systemctl stop monit.service'
    os.system(command)

def posttrans_hook(conduit):
    conduit.info(2, 'Starting monit')
    command = '/usr/bin/systemctl start monit.service'
    os.system(command)

This plugin (`/usr/lib/yum-plugins/monit.py`) uses two hooks: `pretrans` (called before yum begins the RPM update transaction), and `posttrans` (called just after yum has finished the RPM update transaction). The first one is used to stop monit, the second one starts it, it is that simple.

The only things that is left is to enable this plugin. To do that, we create a file called `/etc/yum/pluginconf.d/monit.conf` with this content:

[main]
enabled=1

Done!

I have also created a GitHub repository with all the code.

How to Integrate monit with yum
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *