1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
#!/bin/bash
#############################################################################
# #
# This script was initially developed by Infoxchange for internal use #
# and has kindly been made available to the Open Source community for #
# redistribution and further development under the terms of the #
# GNU General Public License v3: http://www.gnu.org/licenses/gpl.html #
# #
#############################################################################
# #
# This script is supplied 'as-is', in the hope that it will be useful, but #
# neither Infoxchange nor the authors make any warranties or guarantees #
# as to its correct operation, including its intended function. #
# #
# Or in other words: #
# Test it yourself, and make sure it works for YOU. #
# #
#############################################################################
# Author: George Hansper e-mail: george@hansper.id.au #
#############################################################################
TIMEOUT=30
TIME_WARN=5
TIME_CRIT=10
HOST=`hostname --fqdn`
PUPPETMASTER=puppet
PORT=8140
SSLDIR=/var/lib/puppet/ssl
OPTS=`getopt -o ht:H:p:w:c: --long hostname:,timeout:,port:,warn:,crit: \
-n '$0' -- "$@"`
function usage () {
cat <<-EOF
Usage: $0 [ -h ] [ --help ] [ -H hostname ] [ --hostname hostname ]
[ -w decimal ] [ --warn decimal ] [ -c decimal ] [ --crit decimal ]
[ -t integer ] [ --timeout integer ]
-H, --hostname ... name of puppetmaster host (default is $PUPPETMASTER)
-w, --warn ... Warning if check takss longer than this many seconds (floating point, default is $TIME_WARN)
-c, --crit ... Critical if check takss longer than this many seconds (floating point, default is $TIME_CRIT)
-t, --timeout ... timeout for this check (integer, default is $TIMEOUT)
-p, --port ... port number (default is $PORT)
Example
$0 --warn 2 --crit 3.5 --timeout 60
Notes
This check must be run on a host that is a client of the puppetmaster being checked.
It will look for the key and certificates in the directory $SSLDIR
In order to read the hosts's private key, this script needs to be run under sudo as the user puppet (or root)
Sample Configuration:
/etc/sudoers
nagios ALL=(puppet) NOPASSWD: /usr/lib/nagios/plugins/check_puppetmaster.sh
/etc/nagios/commands.cfg entry
define command {
command_name check_puppetmaster
command_line /usr/bin/sudo /usr/lib/nagios/plugins/check_puppetmaster.sh -H \$HOSTNAME\$ \$ARG1\$
}
EOF
}
if [ $? != 0 ] ; then
echo "Terminating..." >&2
usage
exit 1
fi
eval set -- "$OPTS"
# This command has to run under sudo - so we need to check the args carefully in case of character-injection (eg ;)
while true ; do
case "$1" in
-h|--help)
usage
exit
;;
-H|--hostname)
PUPPETMASTER=$( echo $2 |sed -e 's/[^-0-9a-z._]//ig')
shift 2
;;
-w|--warn)
TIME_WARN=$( echo $2 |sed -e 's/[^0-9.]//g')
shift 2
;;
-c|--crit)
TIME_CRIT=$( echo $2 |sed -e 's/[^0-9.]//g')
shift 2
;;
-t|--timeout)
# We accept floating point, but truncate to integer for curl
TIMEOUT=$( echo $2 |sed -e 's/[^0-9.]//g; s/\..*//; s/^0$/1/')
shift 2
;;
-p|--port)
PORT=$( echo $2 |sed -e 's/[^0-9]//g')
shift 2
;;
--) shift ; break ;;
*) echo "Internal error!" ; exit 1 ;;
esac
done
URL="https://${PUPPETMASTER}:${PORT}/puppet/v3/node/${HOST}?environment=production"
T1=`date +%s.%N`
CURL_NODE="`curl -sS --max-time $TIMEOUT --insecure -H 'Accept: pson' --cert $SSLDIR/certs/${HOST}.pem --key $SSLDIR/private_keys/${HOST}.pem --cacert $SSLDIR/certs/ca.pem "${URL}" 2>&1`"
CURL_RESULT=$?
T2=`date +%s.%N`
PERF_TIME=$( perl -e "printf('%1.3f', $T2 - $T1);" )
if [ "$CURL_RESULT" != 0 ]; then
EXIT=2
MESSAGE="${URL} $CURL_NODE"
elif echo $CURL_NODE | grep -q '"environment":'; then
FOUND=$( echo "$CURL_NODE" | sed -r -e 's/.*"environment":"([^"]+)".*/\1/' )
EXIT=0
MESSAGE="found '${FOUND}' in https://${PUPPETMASTER}:${PORT}/puppet/v3/node/${HOST}?environment=production"
else
EXIT=1
MESSAGE="environment not found in https://${PUPPETMASTER}:${PORT}/puppet/v3/node/${HOST}?environment=production"
fi
if ! perl -e "exit( $PERF_TIME >= $TIME_CRIT )" ; then
MESSAGE="Response time $PERF_TIME>=$TIME_CRIT - $MESSAGE"
EXIT=$(( $EXIT | 2 ))
elif ! perl -e "exit( $PERF_TIME >= $TIME_WARN )" ; then
MESSAGE="Response time $PERF_TIME>=$TIME_WARN - $MESSAGE"
EXIT=$(( $EXIT | 1 ))
else
MESSAGE="Response time ${PERF_TIME}s - $MESSAGE"
fi
case "$EXIT" in
0) MESSAGE="OK: $MESSAGE" ;;
1) MESSAGE="Warning: $MESSAGE" ;;
2|3) MESSAGE="Critical: $MESSAGE" ; EXIT=2;;
esac
echo "$MESSAGE|time=${PERF_TIME}s;$TIME_WARN;$TIME_CRIT;0"
exit $EXIT
|