ajout de logs plus parlant

2026-03-16 15:28:50 +01:00
parent 1a612d0a4e
commit 9e5d7456b6
2 changed files with 56 additions and 34 deletions
--- a/servers/linux/monitoring/bin/monitor-update-config.sh
+++ b/servers/linux/monitoring/bin/monitor-update-config.sh
@@ -11,7 +11,6 @@
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 set -u
 SCRIPT_NAME="$(basename "$0")"
@@ -23,61 +22,84 @@ if [ "${EUID}" -ne 0 ]; then
    exit 1
 fi
 extract_keys() {
    local file="$1"
    grep -E '^[A-Za-z_][A-Za-z0-9_]*=' "$file" | cut -d'=' -f1 | sort -u
 }
 check_config_drift() {
    local conf_dir="/opt/monitoring/conf"
    local base_conf local_conf
    local found_issue=false
    local reviewed_files=0
    local files_requiring_action=0
-    log_info "audit_start" "Début de l'audit des configurations"
+    log_info "audit_start" "Début de l'audit des configurations locales"
    while IFS= read -r base_conf; do
        reviewed_files=$((reviewed_files + 1))
    # Parcourir tous les fichiers .conf officiels
    find "$conf_dir" -type f -name "*.conf" ! -name "*.local.conf" | while read -r base_conf; do
        local_conf="${base_conf%.conf}.local.conf"
-        local file_name
+        local file_name local_file_name
-        file_name=$(basename "$base_conf")
+        file_name="$(basename "$base_conf")"
        local_file_name="$(basename "$local_conf")"
        # 1. Si le .local.conf n'existe pas : on le crée proprement
        if [ ! -f "$local_conf" ]; then
-            log_notice "audit_missing_local" "Création du fichier local manquant" "file=$file_name"
+            cp "$base_conf" "$local_conf" || {
-            # On copie le template en commentant les valeurs par défaut pour inciter à la config
+                log_error "audit_create_local_failed" \
-            cp "$base_conf" "$local_conf"
+                    "Impossible de créer ${local_file_name} à partir de ${file_name}"
-            chmod 600 "$local_conf"
+                found_issue=true
                files_requiring_action=$((files_requiring_action + 1))
                continue
            }
            chmod 600 "$local_conf" 2>/dev/null || true
            log_notice "audit_missing_local" \
                "Le fichier ${local_file_name} n'existait pas ; il a été créé par copie de ${file_name}"
            continue
        fi
        # 2. Si le .local.conf existe : on compare les clés (options)
        local tmp_base tmp_local
-        tmp_base=$(mktemp)
+        tmp_base="$(mktemp)" || fail_internal "mktemp a échoué"
-        tmp_local=$(mktemp)
+        tmp_local="$(mktemp)" || fail_internal "mktemp a échoué"
-        # Extraction des noms de variables uniquement (Clés)
+        extract_keys "$base_conf" > "$tmp_base"
-        grep -E '^[A-Za-z0-9_]+=' "$base_conf" | cut -d'=' -f1 | sort > "$tmp_base"
+        extract_keys "$local_conf" > "$tmp_local"
        grep -E '^[A-Za-z0-9_]+=' "$local_conf" | cut -d'=' -f1 | sort > "$tmp_local"
-        # Options présentes dans le .conf mais absentes du .local.conf
+        local missing obsolete
-        local missing
+        missing="$(comm -23 "$tmp_base" "$tmp_local" | xargs)"
-        missing=$(comm -23 "$tmp_base" "$tmp_local" | tr '\n' ' ' | xargs)
+        obsolete="$(comm -13 "$tmp_base" "$tmp_local" | xargs)"
-        if [ -n "$missing" ]; then
+        if [ -n "$missing" ] || [ -n "$obsolete" ]; then
            log_warning "audit_keys_missing" "Nouvelles options disponibles à configurer" \
                "file=${file_name%.conf}.local.conf" "keys=$missing"
            found_issue=true
-        fi
+            files_requiring_action=$((files_requiring_action + 1))
-        # Options présentes dans le .local.conf mais qui n'existent plus dans le .conf (Obsolètes)
+            log_warning "audit_file_requires_action" \
-        local obsolete
+                "Le fichier ${local_file_name} nécessite une vérification"
-        obsolete=$(comm -13 "$tmp_base" "$tmp_local" | tr '\n' ' ' | xargs)
+
-        
+            if [ -n "$missing" ]; then
-        if [ -n "$obsolete" ]; then
+                log_warning "audit_keys_missing" \
-            log_info "audit_keys_obsolete" "Options locales obsolètes détectées" \
+                    "Dans ${local_file_name}, options disponibles dans ${file_name} mais absentes du local : ${missing}"
-                "file=${file_name%.conf}.local.conf" "keys=$obsolete"
+            fi
            if [ -n "$obsolete" ]; then
                log_info "audit_keys_obsolete" \
                    "Dans ${local_file_name}, options présentes uniquement dans le local et à vérifier ou supprimer : ${obsolete}"
            fi
        else
            log_info "audit_file_ok" \
                "Le fichier ${local_file_name} contient les mêmes options que ${file_name}"
        fi
        rm -f "$tmp_base" "$tmp_local"
-    done
+    done < <(find "$conf_dir" -maxdepth 1 -type f -name "*.conf" ! -name "*.local.conf" | sort)
    if [ "$found_issue" = false ]; then
-        log_info "audit_success" "Toutes les configurations locales sont à jour"
+        log_info "audit_success" \
            "Toutes les configurations locales sont à jour (${reviewed_files} fichier(s) vérifié(s))"
    else
        log_warning "audit_requires_action" \
            "Certaines configurations locales doivent être mises à jour (${files_requiring_action} fichier(s) à vérifier sur ${reviewed_files})"
    fi
 }
--- a/servers/linux/monitoring/manifest.txt
+++ b/servers/linux/monitoring/manifest.txt
@@ -3,7 +3,7 @@ f433b3e2ca25c76cccebf971072255dae64169a8ae162d6baa10776904d733e9 755 bin/alert-e
 4fae83b48dc25c5e2a59bba944d8c3f2c6dff89bf2adb932d4dd9201f6305ca4 755 bin/install-monitoring.sh
 36528963f2e78a160738a2cf3b8da67b9d12dbe495d9d01ca6c1ba97956288fa 755 bin/monitoring.sh
 78ccebfd1da7cf885fddb8d5a967c23e379c495d8f43490584ace7133690ec55 755 bin/monitoring-update.sh
-4d9b28a1e5b93b74a904ed991621ac5baa507e0e439c9c8d2adb2cea901f6b13 755 bin/monitor-update-config.sh
+54eb520360c80b3146c5cdb846330a8743cbeb9fe6de0559357114b92d090c29 755 bin/monitor-update-config.sh
 83db39c8d0cfd6f6e9d3cc5b961a67db29dc73666304a91e0d4a6d5831c623cb 644 conf/alert-engine.conf
 caaa8f6031d66bc43a897ac2804124ce2050a64523734195d5505ae863836bf4 644 conf/monitoring.conf
 654cd98ecda1c485a0ea1224f160a3c4d7396ab95a491603574e2ad1981fe010 644 lib/monitoring-lib.sh