Predefined check types reference

Infracheck comes by default with some standard checks, there is a list of them:

http

Performs a HTTP call using curl.

Example:

{
    "type": "http",
    "input": {
        "url": "http://iwa-ait.org",
        "expect_keyword": "iwa",
        "not_expect_keyword": "Server error"
    }
}

Parameters:

  • url
  • expect_keyword
  • not_expect_keyword

dir-present

Checks whenever a directory exists.

Parameters:

  • dir

file-present

Checks if file is present.

Parameters:

  • file_path

docker-bahub

Monitors RiotKit’s File Repository “Bahub” API client for errors.

Parameters:

  • container

docker-health

Checks if containers are healthy.

Parameters:

  • docker_env_name (it’s a prefix, to check only containers that names begins with this - idea of docker-compose)

port-open

Checks if the port is open.

Parameters:

  • po_host
  • po_port (in seconds)
  • po_timeout (in seconds)

replication-running

Checks if the MySQL replication is in good state. Works with Docker only.

Parameters:

  • container
  • mysql_root_password

free-ram

Monitors RAM memory usage to notify that a maximum percent of memory was used.

Parameters:

  • max_ram_percentage (in percents eg. 80)

domain-expiration

Check if the domain is close to expiration date or if it is already expired.

Notice: Multiple usage of this check can cause a “request limit exceeded” error to happen

Suggestion: If you check multiple domains, then separate domains checking from regular health checks and set CHECK_INTERVAL (docker) to once a day, and WAIT_TIME=300 for non-docker installations - in crontab set a check with –force once a day

Parameters:

  • domain (domain name)
  • alert_days_before (number of days before expiration date to start alerting)

disk-space

Monitors disk space.

Parameters:

  • min_req_space (in gigabytes)
  • dir (path)

ovh-expiration

Checks if a VPS is not expired. Grab credentials at https://api.ovh.com/createToken/index.cgi

Required privileges on OVH API: “GET /vps*”

Parameters:

  • endpoint (ex. ovh-eu)
  • app_key
  • app_secret
  • app_consumer_key
  • service_name (ex. somevps.ovh.net)
  • days_to_alert (ex. 30 for 30 days)

ssh-fingerprint

Verifies if remote host fingerprint matches. Helps detecting man-in-the-middle and server takeover attacks.

Parameters:

  • expected_fingerprint (example: zsp.net.pl ssh-rsa SOMESOMESOMESOMESOMEKEYHERE)
  • method (default: rsa)
  • host (example: zsp.net.pl)
  • port (example: 22)

ssh-files-checksum

Calls remote process using SSH and expects: the listed files and checksums will be matching

Parameters:

  • user (default: root)
  • host
  • port (default: 22)
  • private_key
  • password
  • ssh_bin (default: ssh)
  • sshpass_bin (default: sshpass)
  • ssh_opts (example: -o StrictHostKeyChecking=no)
  • known_hosts_file (default: ~/.ssh/known_hosts)
  • command (default: uname -a)
  • timeout: (default: 15, unit: seconds)
  • method (default: sha256sum)
  • expects (json dict, example: {“/usr/bin/bahub”: “d6e85b50756a08e24c1d46f07b68e288c9e7e565fd662a15baca214f576c34be”})

ssh-command

Calls remote process using SSH and expects: exit code, keywords in the output

Parameters:

  • user (default: root)
  • host
  • port (default: 22)
  • private_key
  • password
  • ssh_bin (default: ssh)
  • sshpass_bin (default: sshpass)
  • ssh_opts (example: -o StrictHostKeyChecking=no)
  • known_hosts_file (default: ~/.ssh/known_hosts)
  • command (default: uname -a)
  • timeout: (default: 15, unit: seconds)
  • expected_keywords (Keywords expected to be in stdout/stderr. Separated by “;”)
  • unexpected_keywords (Keywords not expected to be present in stdout/stderr. Separated by “;”)
  • expected_exit_code (default: 0)

reminder

Reminds about the recurring date. Example: To extend validity of your hosting account

Parameters:

  • ref_date (example: 2019-05-01 for a 1th of May 2019)
  • each (values: week; month; year, default: year)
  • alert_days_before (default: 5, the health check will be red when there will be 5 days before)

load-average-auto

Checks if the load average is not more than 100%

Parameters:

  • maximum_above (unit: processor cores, default: 0.5 - half of a core)
  • timing (default: 15. The load average time: 1, 5, 15)

load-average

Checks if the load average is not below specified number

Parameters:

  • max_load (unit: processor cores, example: 5.0, default: 1)
  • timing (default: 15. The load average time: 1, 5, 15)

swap-usage-max-percent

Defines maximum percentage of allowed swap usage

Parameters:

  • max_allowed_percentage (default: 0.0)

postgres

Uses pg_isready tool to verify if PostgreSQL is up and ready to connect.

Parameters:

  • pg_host (hostname or socket path, defaults to “localhost” which will use local unix socket, use IP address eg. 127.0.0.1 to connect via tcp)
  • pg_port (port, defaults to 5432)
  • pg_db_name (database name to connect to, defaults to “postgres”)
  • pg_user (username, defaults to “postgres”)
  • pg_conn_timeout (defaults to 15 which means 15 seconds)

postgres-primary-streaming-status

Verifies if local PostgreSQL instance is currently serving WALs to a specified replica. The SQL command that is validated: select * from pg_stat_replication;

Parameters:

  • pg_host (hostname or socket path, defaults to “localhost” which will use local unix socket, use IP address eg. 127.0.0.1 to connect via tcp)
  • pg_port (port, defaults to 5432)
  • pg_db_name (database name to connect to, defaults to “postgres”)
  • pg_user (username, defaults to “postgres”)
  • pg_password
  • pg_conn_timeout (defaults to 15 which means 15 seconds)
  • expected_status (defaults to “streaming”)
  • expected_replication_user: Expected user that will be used for replication connection (defaults to “replication”)

postgres-replica-status

Checks if local PostgreSQL server acts as a replication server, by validating the list of active wal receivers. The SQL command that is validated: select * from pg_stat_wal_receiver;

Parameters:

  • pg_host (hostname or socket path, defaults to “localhost” which will use local unix socket, use IP address eg. 127.0.0.1 to connect via tcp)
  • pg_port (port, defaults to 5432)
  • pg_db_name (database name to connect to, defaults to “postgres”)
  • pg_user (username, defaults to “postgres”)
  • pg_password
  • pg_conn_timeout (defaults to 15 which means 15 seconds)
  • expected_status (defaults to “streaming”)
  • expected_replication_user: Expected user that will be used for replication connection (defaults to “replication”)