diff options
| author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2016-12-20 16:26:13 +0100 |
|---|---|---|
| committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2016-12-20 16:28:19 +0100 |
| commit | ac1202e6a3b153a8668a21cd786f2088938e4331 (patch) | |
| tree | 8f581b1eed1f87b08800e59b72483f11862f23f0 /usr-lib-nagios-plugins | |
| parent | 3904d43ace1ac13a6329e71c43a144179ce94444 (diff) | |
| download | itzks-systems-ac1202e6a3b153a8668a21cd786f2088938e4331.tar.gz itzks-systems-ac1202e6a3b153a8668a21cd786f2088938e4331.tar.bz2 itzks-systems-ac1202e6a3b153a8668a21cd786f2088938e4331.zip | |
Icinga2/Puppet: Add check_puppetmaster.sh monitoring plugin.
Diffstat (limited to 'usr-lib-nagios-plugins')
| -rwxr-xr-x | usr-lib-nagios-plugins/check_puppetmaster | 3 | ||||
| -rwxr-xr-x | usr-lib-nagios-plugins/check_puppetmaster.sh | 145 |
2 files changed, 148 insertions, 0 deletions
diff --git a/usr-lib-nagios-plugins/check_puppetmaster b/usr-lib-nagios-plugins/check_puppetmaster new file mode 100755 index 0000000..ed785c5 --- /dev/null +++ b/usr-lib-nagios-plugins/check_puppetmaster @@ -0,0 +1,3 @@ +#!/bin/bash + +sudo -u puppet "$(dirname $0)/check_puppetmaster.sh" diff --git a/usr-lib-nagios-plugins/check_puppetmaster.sh b/usr-lib-nagios-plugins/check_puppetmaster.sh new file mode 100755 index 0000000..5799a41 --- /dev/null +++ b/usr-lib-nagios-plugins/check_puppetmaster.sh @@ -0,0 +1,145 @@ +#!/bin/bash + +############################################################################# +# # +# This script was initially developed by Infoxchange for internal use # +# and has kindly been made available to the Open Source community for # +# redistribution and further development under the terms of the # +# GNU General Public License v3: http://www.gnu.org/licenses/gpl.html # +# # +############################################################################# +# # +# This script is supplied 'as-is', in the hope that it will be useful, but # +# neither Infoxchange nor the authors make any warranties or guarantees # +# as to its correct operation, including its intended function. # +# # +# Or in other words: # +# Test it yourself, and make sure it works for YOU. # +# # +############################################################################# +# Author: George Hansper e-mail: george@hansper.id.au # +############################################################################# + +TIMEOUT=30 +TIME_WARN=5 +TIME_CRIT=10 +HOST=`hostname --fqdn` +PUPPETMASTER=puppet +PORT=8140 +SSLDIR=/var/lib/puppet/ssl + +OPTS=`getopt -o ht:H:p:w:c: --long hostname:,timeout:,port:,warn:,crit: \ + -n '$0' -- "$@"` + +function usage () { + cat <<-EOF + Usage: $0 [ -h ] [ --help ] [ -H hostname ] [ --hostname hostname ] + [ -w decimal ] [ --warn decimal ] [ -c decimal ] [ --crit decimal ] + [ -t integer ] [ --timeout integer ] + -H, --hostname ... name of puppetmaster host (default is $PUPPETMASTER) + -w, --warn ... Warning if check takss longer than this many seconds (floating point, default is $TIME_WARN) + -c, --crit ... Critical if check takss longer than this many seconds (floating point, default is $TIME_CRIT) + -t, --timeout ... timeout for this check (integer, default is $TIMEOUT) + -p, --port ... port number (default is $PORT) + + Example + $0 --warn 2 --crit 3.5 --timeout 60 + + Notes + This check must be run on a host that is a client of the puppetmaster being checked. + It will look for the key and certificates in the directory $SSLDIR + + In order to read the hosts's private key, this script needs to be run under sudo as the user puppet (or root) + Sample Configuration: + + /etc/sudoers + nagios ALL=(puppet) NOPASSWD: /usr/lib/nagios/plugins/check_puppetmaster.sh + + /etc/nagios/commands.cfg entry + define command { + command_name check_puppetmaster + command_line /usr/bin/sudo /usr/lib/nagios/plugins/check_puppetmaster.sh -H \$HOSTNAME\$ \$ARG1\$ + } + +EOF +} + +if [ $? != 0 ] ; then + echo "Terminating..." >&2 + usage + exit 1 +fi +eval set -- "$OPTS" + +# This command has to run under sudo - so we need to check the args carefully in case of character-injection (eg ;) +while true ; do + case "$1" in + -h|--help) + usage + exit + ;; + -H|--hostname) + PUPPETMASTER=$( echo $2 |sed -e 's/[^-0-9a-z._]//ig') + shift 2 + ;; + -w|--warn) + TIME_WARN=$( echo $2 |sed -e 's/[^0-9.]//g') + shift 2 + ;; + -c|--crit) + TIME_CRIT=$( echo $2 |sed -e 's/[^0-9.]//g') + shift 2 + ;; + -t|--timeout) + # We accept floating point, but truncate to integer for curl + TIMEOUT=$( echo $2 |sed -e 's/[^0-9.]//g; s/\..*//; s/^0$/1/') + shift 2 + ;; + -p|--port) + PORT=$( echo $2 |sed -e 's/[^0-9]//g') + shift 2 + ;; + --) shift ; break ;; + *) echo "Internal error!" ; exit 1 ;; + esac +done + +URL="https://${PUPPETMASTER}:${PORT}/production/node/${HOST}" +T1=`date +%s.%N` +CURL_NODE="`curl -sS --max-time $TIMEOUT --insecure -H 'Accept: yaml' --cert $SSLDIR/certs/${HOST}.pem --key $SSLDIR/private_keys/${HOST}.pem --cacert $SSLDIR/certs/ca.pem "${URL}" 2>&1`" +CURL_RESULT=$? +T2=`date +%s.%N` + +PERF_TIME=$( perl -e "printf('%1.3f', $T2 - $T1);" ) + +if [ "$CURL_RESULT" != 0 ]; then + EXIT=2 + MESSAGE="${URL} $CURL_NODE" +elif FOUND=$( echo "$CURL_NODE" | grep -m 1 environment: ) ; then + # trim spaces... + FOUND=`sed 's/^ *.//' <<<$FOUND` + EXIT=0 + MESSAGE="found '${FOUND}' in https://${PUPPETMASTER}:${PORT}/production/node/${HOST}" +else + EXIT=1 + MESSAGE="environment not found in https://${PUPPETMASTER}:${PORT}/production/node/${HOST}" +fi + +if ! perl -e "exit( $PERF_TIME >= $TIME_CRIT )" ; then + MESSAGE="Response time $PERF_TIME>=$TIME_CRIT - $MESSAGE" + EXIT=$(( $EXIT | 2 )) +elif ! perl -e "exit( $PERF_TIME >= $TIME_WARN )" ; then + MESSAGE="Response time $PERF_TIME>=$TIME_WARN - $MESSAGE" + EXIT=$(( $EXIT | 1 )) +else + MESSAGE="Response time ${PERF_TIME}s - $MESSAGE" +fi + +case "$EXIT" in + 0) MESSAGE="OK: $MESSAGE" ;; + 1) MESSAGE="Warning: $MESSAGE" ;; + 2|3) MESSAGE="Critical: $MESSAGE" ; EXIT=2;; +esac + +echo "$MESSAGE|time=${PERF_TIME}s;$TIME_WARN;$TIME_CRIT;0" +exit $EXIT |