-
Notifications
You must be signed in to change notification settings - Fork 4
plug:goss
Keith edited this page Jan 25, 2020
·
25 revisions
goss
provides a simple and efficient healthcheck.
- adds the goss binary directly as /usr/local/bin/goss
- adds a system user
goss
- perform health check via
ssh goss@host
#Add ssh key here (will attempt to envsubst users public key)
GOSS_SSH_KEY=${USER_id_ed25519}
storage.files[+]:
path: /usr/local/bin/goss
mode: 0555
contents:
source: https://github.com/aelsabbahy/goss/releases/download/v0.3.9/goss-linux-386
verification:
hash: sha512-de38857f9440ea82f9e29f9a7199bfbb71104763b166413b5d9d0fdb8b3e21d6990aafa9aee4e6c3831b35aa3ce6c6674406a166823fbca89b87283180e61e2e
storage.files[+]:
path: /etc/ssh/sshd_config.d/extra_keys.conf
mode: 0600
contents:
inline: |
# Added from ignition
Match User goss
AuthorizedKeysFile /etc/ssh/sshd_config.d/authorized-keys_%u
storage.files[+]:
path: /etc/ssh/sshd_config.d/authorized-keys_goss
mode: 0644
user:
id: 111
contents:
inline: |
command="sudo /usr/local/bin/goss -g /etc/goss/goss.yaml validate $SSH_ORIGINAL_COMMAND" ${GOSS_SSH_KEY}
# Healthz Check User
passwd.users[+]:
name: goss # health check
uid: 111
system: true
home_dir: /
no_create_home: true
no_user_group: true
groups:
- sudo
storage.files[+]:
path: /etc/goss/goss.yaml
mode: 0644
user:
id: 111
contents:
inline: |
service:
sshd:
enabled: true
running: true
fedora-coreos-pinger:
enabled: true
running: true
zincati:
enabled: true
running: true
user:
goss:
exists: true
uid: 111
home: /
command:
"disk_space_alert(>=95%)":
exit-status: 0
exec: "df --exclude-type=tmpfs --exclude-type=devtmpfs --local"
stdout: ["!/\\s(100|9[5-9])%/"] # >= 95%
stderr: []
timeout: 3000 #ms
skip: false
example client ~/.ssh/config
to use when using VM's
Host 192.168.*.*
UserKnownHostsFile=/dev/null
StrictHostKeyChecking=no
LogLevel ERROR
Match User goss
LogLevel QUIET