From 2ff1b9b8eae79a14ccc57a5565c8651aaf232a8e Mon Sep 17 00:00:00 2001 From: bjanssens Date: Fri, 31 Jul 2015 17:09:57 +0200 Subject: [PATCH 001/190] Update the config::clients class to have the nrpe_command_prefix in the local scope so the template can check it for being undef or not Signed-off-by: bjanssens --- manifests/config/client.pp | 3 +++ templates/common/nrpe.cfg.erb | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/manifests/config/client.pp b/manifests/config/client.pp index 5b64189..cd4d131 100644 --- a/manifests/config/client.pp +++ b/manifests/config/client.pp @@ -4,6 +4,9 @@ # class icinga::config::client { + # Get the param in the local scope for the template + $nrpe_command_prefix = $::icinga::nrpe_command_prefix + File { owner => $::icinga::client_user, group => $::icinga::client_group, diff --git a/templates/common/nrpe.cfg.erb b/templates/common/nrpe.cfg.erb index 58ad89d..410bafa 100644 --- a/templates/common/nrpe.cfg.erb +++ b/templates/common/nrpe.cfg.erb @@ -101,8 +101,8 @@ dont_blame_nrpe=<%= scope.lookupvar('icinga::nrpe_allow_arguments') %> # This lets the nagios user run all commands in that directory (and only them) # without asking for a password. If you do this, make sure you don't give # random users write access to that directory or its contents! -<% if scope.lookupvar('icinga::nrpe_command_prefix') != '' -%> -command_prefix=<%= scope.lookupvar('icinga::nrpe_command_prefix') -%> +<% if @nrpe_command_prefix -%> +command_prefix=<%= @nrpe_command_prefix -%> <% else -%> # command_prefix=/usr/bin/sudo <% end -%> @@ -195,4 +195,4 @@ command[check_total_procs]=<%= scope.lookupvar('icinga::usrlib') %>/nagios/plugi command[check_total_procs]=<%= scope.lookupvar('icinga::usrlib') %>/nagios/plugins/check_procs -w <%= scope.lookupvar('icinga::params::checktotalprocs_warning_level') %> -c <%= scope.lookupvar('icinga::params::checktotalprocs_critical_level') %> <% end -%> command[check_mem]=<%= scope.lookupvar('icinga::usrlib') %>/nagios/plugins/check_mem -w 90,25 -c 95,50 -command[check_ping]=<%= scope.lookupvar('icinga::usrlib') %>/nagios/plugins/check_ping -H $ARG1$ -4 -w $ARG2$ -c $ARG3$ -p 5 \ No newline at end of file +command[check_ping]=<%= scope.lookupvar('icinga::usrlib') %>/nagios/plugins/check_ping -H $ARG1$ -4 -w $ARG2$ -c $ARG3$ -p 5 From e18b6ddf8ceea317c9614c1764f695d8c9fe5435 Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 10:57:32 +0200 Subject: [PATCH 002/190] Add check_sslscan check: checks ssl grade Signed-off-by: Patrick Van Brussel --- files/check_sslscan.pl | 179 ++++++++++++++++++++++++++++++ manifests/plugins/checksslscan.pp | 82 ++++++++++++++ 2 files changed, 261 insertions(+) create mode 100644 files/check_sslscan.pl create mode 100644 manifests/plugins/checksslscan.pp diff --git a/files/check_sslscan.pl b/files/check_sslscan.pl new file mode 100644 index 0000000..194006d --- /dev/null +++ b/files/check_sslscan.pl @@ -0,0 +1,179 @@ +#!/usr/bin/perl +# +# $Id: check_sslscan.pl 468 2015-04-13 08:09:53Z phil $ +# +# program: check_sslscan +# author, (c): Philippe Kueck +# +# requires: LWP::UserAgent, JSON, Getopt::Long, Pod::Usage +# + +use strict; +use warnings; + +use LWP::UserAgent; +use JSON; +use Getopt::Long; +use Pod::Usage; + +my $api = "https://api.ssllabs.com/api/v2"; +my $score = { + 'A+' => 7, 'A' => 6, 'A-' => 5, 'B' => 4, 'C' => 3, + 'D' => 2, 'E' => 1, 'F' => 0, 'T' => 0, 'M' => 0 +}; + +sub nagexit { + my $exitc = {0 => 'OK', 1 => 'WARNING', 2 => 'CRITICAL', 3 => 'UNKNOWN'}; + printf "%s - %s\n", $exitc->{$_[0]}, $_[1]; + exit $_[0] +} + +my $config = {'warn' => 'B', 'crit' => 'C'}; +Getopt::Long::Configure("no_ignore_case"); +GetOptions( + 'H=s' => \$config->{'host'}, + 'w=s' => \$config->{'warn'}, + 'c=s' => \$config->{'crit'}, + 'ip=s' => \$config->{'ip'}, + 'p' => \$config->{'publish'}, + 'x' => \$config->{'nocache'}, + 'a=i' => sub {$config->{'nocache'} = 0; $config->{'maxage'} = $_[1]}, + 'd' => \$config->{'debug'}, + 'h|help' => sub {pod2usage({'-exitval' => 3, '-verbose' => 2})} +) or pod2usage({'-exitval' => 3, '-verbose' => 0}); +pod2usage({'-exitval' => 3, '-verbose' => 0}) unless $config->{'host'}; + +my $ua = new LWP::UserAgent; +$ua->agent("nagios/check_sslscan ". ('$Revision: 468 $' =~ /(\d+)/)[0]); + +my ($resp, $result); +local $SIG{ALRM} = sub {nagexit 3, "timeout"}; +alarm 900; + +$resp = $ua->get( + sprintf "%s/analyze?host=%s&all=done&publish=%s&%s", + $api, $config->{'host'}, $config->{'publish'}?'on':'off', + $config->{'nocache'}?"startNew=on": + "fromCache=on".($config->{'maxage'}?'&maxAge='.$config->{'maxage'}:'') +); + +for (;;) { + nagexit 3, $resp->status_line unless $resp->is_success; + $result = from_json($resp->decoded_content); + last if $result->{'status'} eq 'READY'; + sleep 10; + $resp = $ua->get( + sprintf "%s/analyze?host=%s&all=done", + $api, $config->{'host'} + ) +} +alarm 0; + +if ($config->{'ip'}) { + $resp = $ua->get( + sprintf "%s/getEndpointData?host=%s&s=%s", + $api, $config->{'host'}, $config->{'ip'} + ); + $result = from_json($resp->decoded_content); + $result->{'endpoints'}[0] = $result +} + +if ($config->{'debug'}) { + use Data::Dumper; + print Dumper $result +} + +nagexit 3, "unknown result set" unless + exists $result->{'endpoints'} && + exists $result->{'endpoints'}[0] && + exists $result->{'endpoints'}[0]->{'grade'}; + +my $grade = $result->{'endpoints'}[0]->{'grade'}; + +nagexit 2, sprintf "score is %s", $grade + if $score->{$grade} <= $score->{$config->{'crit'}}; +nagexit 1, sprintf "score is %s", $grade + if $score->{$grade} <= $score->{$config->{'warn'}}; +nagexit 0, sprintf "score is %s", $grade + + +__END__ +=encoding utf8 + +=head1 NAME + +check_sslscan + +=head1 VERSION + +$Revision: 468 $ + +=head1 SYNOPSIS + + check_sslscan -H HOST -w GRADE -c GRADE [-p] [-x] [-a MAXAGE] [-ip IP address] + +=head1 OPTIONS + +=over 8 + +=item B + +Host to check using Qualys SSL Labs' sslscan. + +=item B + +IP to check when the Host has more than one endpoint + +=item B + +Warn at or below grade I (defaults to I). + +=item B + +Critical at or below I (defaults to I). + +=item B

+ +Publish results at Qualys SSL Labs. + +=item B + +do not accept cached results. + +=item B + +max cache age in hours (unsets C<-x> implicitly). + +=item B + +debug mode, print resulting json. + +=back + +=head1 DESCRIPTION + +This nagios/icinga check script checks the website's ssllabs grade. + +Possible grades: 'A+', 'A', 'A-', 'B'..'F', 'T' (trust issues), 'M' (certificate name mismatch). + +=head1 DEPENDENCIES + +=over 8 + +=item C + +=item C + +=item C + +=item C + +=back + +=head1 AUTHOR + +Philippe Kueck +credit for maxage goes to Alexander Prinz +credit for endpoint ip selection to José Miranda + +=cut \ No newline at end of file diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp new file mode 100644 index 0000000..8d11004 --- /dev/null +++ b/manifests/plugins/checksslscan.pp @@ -0,0 +1,82 @@ +# == Class: icinga::plugins::checksslscan +# +# This class provides a checksslscan plugin. +# +class icinga::plugins::checksslscan ( + $host_url = undef, + $host_ip = undef, + $warning_grade = 'B', + $critical_grade = 'C', + $publish_results = false, + $accept_cached_results = true, + $max_cache_age = undef, + $debug_mode = false, + $max_check_attempts = $::icinga::max_check_attempts, + $contact_groups = $::environment, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + $additional_options = '', +) inherits icinga { + + validate_string($host_url) + validate_string($warning_grade) + validate_string($critical_grade) + validate_bool($publish_results) + validate_bool($accept_cached_results) + validate_bool($debug_mode) + + $_publish_results = '' + $_accept_cached_results = '' + $_debug_mode = '' + $_max_cache_age = '' + $_ip_address = '' + + if $publish_results { + $_publish_results = '-p ' + } + if $accept_cached_results { + $_accept_cached_results = '-x ' + } + if $debug_mode { + $_debug_mode = '-d' + } + if $max_cache_age { + $_max_cache_age = "-a ${max_cache_age} " + } + if $host_ip { + $_ip_address = "-ip ${host_ip} " + } + + if $icinga::client { + file { "${::icinga::plugindir}/check_sslscan.pl": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_sslscan.pl', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + + file{"${::icinga::includedir_client}/check_sslscan.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_sslscan]=${::icinga::plugindir}/check_sslscan.pl -H ${host_name} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode}\n", + notify => Service[$::icinga::service_client], + } + + @@nagios_service { "check_all_disks_${::fqdn}_${host_name}": + check_command => 'check_nrpe_command!check_all_disks', + service_description => 'Disks', + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + } + +} From b5fa35e2cb6d6712ed7229325c806b0988d761a4 Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 11:53:39 +0200 Subject: [PATCH 003/190] Make sslscan a defined type, so we can include it multiple times on the same host Signed-off-by: Patrick Van Brussel --- manifests/plugins/checksslscan.pp | 32 +++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 8d11004..62c93c1 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -1,8 +1,8 @@ # == Class: icinga::plugins::checksslscan # -# This class provides a checksslscan plugin. +# This defined type provides a checksslscan plugin. # -class icinga::plugins::checksslscan ( +define icinga::plugins::checksslscan ( $host_url = undef, $host_ip = undef, $warning_grade = 'B', @@ -48,14 +48,18 @@ } if $icinga::client { - file { "${::icinga::plugindir}/check_sslscan.pl": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_sslscan.pl', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; + + # Only include this file once + if (!defined(File["${::icinga::plugindir}/check_sslscan.pl]")) { + file { "${::icinga::plugindir}/check_sslscan.pl": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_sslscan.pl', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } } file{"${::icinga::includedir_client}/check_sslscan.cfg": @@ -63,13 +67,13 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_sslscan]=${::icinga::plugindir}/check_sslscan.pl -H ${host_name} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode}\n", + content => "command[check_sslscan_${host_url}]=${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode}\n", notify => Service[$::icinga::service_client], } - @@nagios_service { "check_all_disks_${::fqdn}_${host_name}": - check_command => 'check_nrpe_command!check_all_disks', - service_description => 'Disks', + @@nagios_service { "check_sslscan_${::fqdn}_${host_url}": + check_command => "check_nrpe_command!check_sslscan_${host_url}", + service_description => 'SSL Quality', host_name => $::fqdn, contact_groups => $contact_groups, max_check_attempts => $max_check_attempts, From feb4302af1617d03d97f07163f70b1b9e10b357c Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 11:58:41 +0200 Subject: [PATCH 004/190] checkssl scan require icinga Signed-off-by: Patrick Van Brussel --- manifests/plugins/checksslscan.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 62c93c1..a2e4f7d 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -16,7 +16,9 @@ $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, $additional_options = '', -) inherits icinga { +) { + + require icinga validate_string($host_url) validate_string($warning_grade) From 8445a9519643a9f2b007e199cbf6d91267bac19b Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 12:01:43 +0200 Subject: [PATCH 005/190] Fix typo in checkssl Signed-off-by: Patrick Van Brussel --- manifests/plugins/checksslscan.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index a2e4f7d..bbac3a8 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -52,7 +52,7 @@ if $icinga::client { # Only include this file once - if (!defined(File["${::icinga::plugindir}/check_sslscan.pl]")) { + if (!defined(File["${::icinga::plugindir}/check_sslscan.pl"])) { file { "${::icinga::plugindir}/check_sslscan.pl": ensure => present, mode => '0755', From d0df1d875c03bf3d5f11796c58ee5b4144090864 Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 12:08:41 +0200 Subject: [PATCH 006/190] checksslscan: puppet doesnt allow variable replacement Signed-off-by: Patrick Van Brussel --- manifests/plugins/checksslscan.pp | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index bbac3a8..df461ca 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -27,26 +27,34 @@ validate_bool($accept_cached_results) validate_bool($debug_mode) - $_publish_results = '' - $_accept_cached_results = '' - $_debug_mode = '' - $_max_cache_age = '' - $_ip_address = '' - if $publish_results { $_publish_results = '-p ' + } else { + $_publish_results = '' } + if $accept_cached_results { $_accept_cached_results = '-x ' + } else { + $_accept_cached_results = '' } + if $debug_mode { $_debug_mode = '-d' + } else { + $_debug_mode = '' } + if $max_cache_age { $_max_cache_age = "-a ${max_cache_age} " + } else { + $_max_cache_age = '' } + if $host_ip { $_ip_address = "-ip ${host_ip} " + } else { + $_ip_address = '' } if $icinga::client { From 6a82c455891973fb19af5836932ae8eab8a27b7e Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 12:50:48 +0200 Subject: [PATCH 007/190] Checkssl scan needs perl-json package Signed-off-by: Patrick Van Brussel --- manifests/plugins/checksslscan.pp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index df461ca..b5c77f2 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -72,7 +72,13 @@ } } - file{"${::icinga::includedir_client}/check_sslscan.cfg": + if (!defined(Package['perl-JSON'])) { + package { 'perl-JSON': + ensure => installed, + } + } + + file{"${::icinga::includedir_client}/check_sslscan_${host_url}.cfg": ensure => 'file', mode => '0644', owner => $::icinga::client_user, From f14cecdcf7d01d672c38772f25b9c52405019d00 Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 13:09:31 +0200 Subject: [PATCH 008/190] Increase check nrpe timeout for checkssl command Signed-off-by: Patrick Van Brussel --- manifests/plugins/checksslscan.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index b5c77f2..ed463d3 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -33,7 +33,7 @@ $_publish_results = '' } - if $accept_cached_results { + if $accept_cached_results == false { $_accept_cached_results = '-x ' } else { $_accept_cached_results = '' @@ -88,7 +88,7 @@ } @@nagios_service { "check_sslscan_${::fqdn}_${host_url}": - check_command => "check_nrpe_command!check_sslscan_${host_url}", + check_command => "\$USER1\$/check_nrpe -u -t 180 -H \$HOSTADDRESS\$ -c check_sslscan_${host_url}", service_description => 'SSL Quality', host_name => $::fqdn, contact_groups => $contact_groups, From e7b3c3442701f0a6e29732c420d6cf61204440d4 Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 13:51:57 +0200 Subject: [PATCH 009/190] sslcheck: define a nrpe command that has an increasable timeout Signed-off-by: Patrick Van Brussel --- manifests/config/server/common.pp | 5 +++++ manifests/plugins/checksslscan.pp | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/config/server/common.pp b/manifests/config/server/common.pp index d3696e1..001abfc 100644 --- a/manifests/config/server/common.pp +++ b/manifests/config/server/common.pp @@ -115,6 +115,11 @@ target => "${::icinga::targetdir}/commands/check_nrpe_command.cfg", } + nagios_command{'check_nrpe_command_timeout': + command_line => "\$USER1\$/check_nrpe -u -t \$ARG1\$ -H \$HOSTADDRESS\$ -c \$ARG2\$", + target => "${::icinga::targetdir}/commands/check_nrpe_command_timeout.cfg", + } + nagios_service {'schedule_downtimes': check_command => 'schedule_script!-d0', service_description => 'Schedule Downtimes', diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index ed463d3..d087501 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -88,7 +88,7 @@ } @@nagios_service { "check_sslscan_${::fqdn}_${host_url}": - check_command => "\$USER1\$/check_nrpe -u -t 180 -H \$HOSTADDRESS\$ -c check_sslscan_${host_url}", + check_command => "check_nrpe_command_timeout!180!check_sslscan_${host_url}", service_description => 'SSL Quality', host_name => $::fqdn, contact_groups => $contact_groups, From 5af357f439b4f2873c1943bf25c5d0e626cd6095 Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 14:05:56 +0200 Subject: [PATCH 010/190] checkssl: more verbose line in icinga gui Signed-off-by: Patrick Van Brussel --- manifests/plugins/checksslscan.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index d087501..c9f195b 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -89,7 +89,7 @@ @@nagios_service { "check_sslscan_${::fqdn}_${host_url}": check_command => "check_nrpe_command_timeout!180!check_sslscan_${host_url}", - service_description => 'SSL Quality', + service_description => "SSL Quality ${host_url}", host_name => $::fqdn, contact_groups => $contact_groups, max_check_attempts => $max_check_attempts, From ec1d84170e87febd6c2baad285da7779efaaaed8 Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 6 Aug 2015 15:23:07 +0200 Subject: [PATCH 011/190] check ssl quality: run check every hour, and add extra perl packages Signed-off-by: Patrick Van Brussel --- manifests/plugins/checksslscan.pp | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index c9f195b..c4f0565 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -78,6 +78,18 @@ } } + if (!defined(Package['perl-Crypt-SSLeay'])) { + package { 'perl-Crypt-SSLeay': + ensure => installed, + } + } + + if (!defined(Package['perl-Net-SSLeay'])) { + package { 'perl-Net-SSLeay': + ensure => installed, + } + } + file{"${::icinga::includedir_client}/check_sslscan_${host_url}.cfg": ensure => 'file', mode => '0644', @@ -89,6 +101,7 @@ @@nagios_service { "check_sslscan_${::fqdn}_${host_url}": check_command => "check_nrpe_command_timeout!180!check_sslscan_${host_url}", + check_interval => '3600', # Every hour is fine service_description => "SSL Quality ${host_url}", host_name => $::fqdn, contact_groups => $contact_groups, From 3be04b2c34b8e0cad5a91c78775590a005fac905 Mon Sep 17 00:00:00 2001 From: Hrachos Date: Wed, 12 Aug 2015 13:27:28 +0200 Subject: [PATCH 012/190] fixing additional options Signed-off-by: Hrachos --- manifests/plugins/checkalldisks.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkalldisks.pp b/manifests/plugins/checkalldisks.pp index 6fb42d0..67960e0 100644 --- a/manifests/plugins/checkalldisks.pp +++ b/manifests/plugins/checkalldisks.pp @@ -18,7 +18,7 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_all_disks]=sudo ${::icinga::plugindir}/check_disk -w ${check_warning} -c ${check_critical} -W ${check_warning} -C ${additional_options}\n", + content => "command[check_all_disks]=sudo ${::icinga::plugindir}/check_disk -w ${check_warning} -c ${check_critical} -W ${check_warning} ${additional_options}\n", notify => Service[$::icinga::service_client], } From c3fababc4400b055fcbcd86b2d8074aacfc46ea8 Mon Sep 17 00:00:00 2001 From: bjanssens Date: Wed, 12 Aug 2015 15:24:14 +0200 Subject: [PATCH 013/190] Bugfix: Gave the ssl check more time before timeout, changed running hourly to every 12 hours refs #15623 Signed-off-by: bjanssens --- manifests/plugins/checksslscan.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index c4f0565..da71dcd 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -100,8 +100,8 @@ } @@nagios_service { "check_sslscan_${::fqdn}_${host_url}": - check_command => "check_nrpe_command_timeout!180!check_sslscan_${host_url}", - check_interval => '3600', # Every hour is fine + check_command => "check_nrpe_command_timeout!240!check_sslscan_${host_url}", + check_interval => '86400', # Every 12 hours is fine service_description => "SSL Quality ${host_url}", host_name => $::fqdn, contact_groups => $contact_groups, From 67fcf273379512311cf602db83fe196b4519f693 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 13 Aug 2015 09:56:15 +0200 Subject: [PATCH 014/190] add the check_cron_logs class refs #15477 Signed-off-by: honza --- files/check_cron_logs.sh | 40 ++++++++++++++++++++++ manifests/plugins/checkcronlogs.pp | 52 +++++++++++++++++++++++++++++ templates/plugins/cron_logs.cfg.erb | 5 +++ 3 files changed, 97 insertions(+) create mode 100644 files/check_cron_logs.sh create mode 100644 manifests/plugins/checkcronlogs.pp create mode 100644 templates/plugins/cron_logs.cfg.erb diff --git a/files/check_cron_logs.sh b/files/check_cron_logs.sh new file mode 100644 index 0000000..216d73e --- /dev/null +++ b/files/check_cron_logs.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +REGEX="("$(echo "$@" | sed 's/ /)|(/g')")" +#echo $REGEX +LOG_FILE='/var/log/messages' +DATE=$(date --date="24 hours ago" '+%b %-d %H') +NAME=$(hostname --short) +CRONS_FAILING='' + +##By defualt, only logs newer than 24h are checked, let's check if there even are that old logs + +if grep -q "$DATE" /var/log/messages; then + if [ $REGEX != '()' ]; then + CRONS_FAILING=$(cat $LOG_FILE | sed "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | + sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) + else + CRONS_FAILING=$(cat $LOG_FILE | sed "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | + sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq) + fi + +##if not, we're simply reading the whole file + +else + if [ $REGEX != '()' ]; then + CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | + sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) + else + CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | + sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq) + fi +fi + +if [ -z "$CRONS_FAILING" ]; then + echo "No cron jobs have failed over the past 24 hours." + exit 0 +else + echo "Cron jobs that have failed over the past 24 hours: "$CRONS_FAILING + exit 1 +fi + diff --git a/manifests/plugins/checkcronlogs.pp b/manifests/plugins/checkcronlogs.pp new file mode 100644 index 0000000..226e7d0 --- /dev/null +++ b/manifests/plugins/checkcronlogs.pp @@ -0,0 +1,52 @@ +# == Class: icinga::plugins::checkcronlogs +# +# This defined type provides a checkcronlogs plugin. +# +class icinga::plugins::checkcronlogs ( + $max_check_attempts = $::icinga::max_check_attempts, + $contact_groups = $::environment, + $notification_period = $::icinga::notification_period, + $notifications_enabled = false, + $ignored_jobs = hiera(ignored_jobs, undef), + +) inherits icinga { + + + file { "${::icinga::plugindir}/check_cron_logs.sh": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_cron_logs.sh', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + file{"${::icinga::includedir_client}/check_cron_logs.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => template('icinga/plugins/cron_logs.cfg.erb'), + notify => Service[$::icinga::service_client], + } + + + + @@nagios_service { 'check_cron_logs': + check_command => 'check_nrpe_command!check_cron_logs', + check_interval => '3600', + service_description => 'Check cron logs', + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + sudo::conf{'cron_logs_check_conf': + content => "Defaults:nagios !requiretty + nagios ALL=(ALL) NOPASSWD:/usr/lib64/nagios/plugins/check_cron_logs.sh\n", + } + + } + diff --git a/templates/plugins/cron_logs.cfg.erb b/templates/plugins/cron_logs.cfg.erb new file mode 100644 index 0000000..385fb02 --- /dev/null +++ b/templates/plugins/cron_logs.cfg.erb @@ -0,0 +1,5 @@ +<% if @ignored_jobs -%> +command[check_cron_logs]=/usr/lib64/nagios/plugins/check_cron_logs.sh <%= Array(@ignored_jobs).join(' ') %> +<% else %> +command[check_cron_logs]=/usr/lib64/nagios/plugins/check_cron_logs.sh +<% end -%> From e31e00685bed08ccffdeb03ebb13c7eead9f1220 Mon Sep 17 00:00:00 2001 From: bjanssens Date: Wed, 12 Aug 2015 17:25:07 +0200 Subject: [PATCH 015/190] Bugfix: Check ssl in a async way Signed-off-by: bjanssens --- manifests/plugins/checksslscan.pp | 26 ++++++++++++++++++++++++-- templates/plugins/check_ssl.erb | 21 +++++++++++++++++++++ 2 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 templates/plugins/check_ssl.erb diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index da71dcd..1b9213c 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -72,6 +72,18 @@ } } + if (!defined(File["${::icinga::plugindir}/check_ssl"])) { + file { "${::icinga::plugindir}/check_ssl": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_ssl', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + } + if (!defined(Package['perl-JSON'])) { package { 'perl-JSON': ensure => installed, @@ -95,12 +107,22 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_sslscan_${host_url}]=${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode}\n", + content => "command[check_sslscan_${host_url}]=${::icinga::plugindir}/check_ssl\n", notify => Service[$::icinga::service_client], } + cron { "check-ssl-${host_url}": + command => "${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_a ge}${_ip_address}${_debug_mode}\n", + user => $::icinga::client_user, + month => '*', + monthday => '*', + hour => '09', + minute => '30', + } + + @@nagios_service { "check_sslscan_${::fqdn}_${host_url}": - check_command => "check_nrpe_command_timeout!240!check_sslscan_${host_url}", + check_command => "check_nrpe_command_timeout!60!check_sslscan_${host_url}", check_interval => '86400', # Every 12 hours is fine service_description => "SSL Quality ${host_url}", host_name => $::fqdn, diff --git a/templates/plugins/check_ssl.erb b/templates/plugins/check_ssl.erb new file mode 100644 index 0000000..7397270 --- /dev/null +++ b/templates/plugins/check_ssl.erb @@ -0,0 +1,21 @@ +#!/bin/bash +# +# This script checks the content of a file to match with the ssl status. +# +VHOST=$1 + +if [ ! -f "/home/icinga/${VHOST}" ] +then + STATUS=$(cat /home/icinga/${VHOST}_sslresult) + if [ "$STATUS" == 'OK - score is A' ] + then + echo "OK - score is A" && exit 0 + elif [ "$STATUS" == 'WARNING - score is B' ] + then + echo "WARNING - score is B" && exit 1 + else + echo "Critical - score is lower then B" && exit 2 + fi +else + echo "Status file not found in /home/icinga" && exit 3 +fi From 6e50b2d6063952a03b67c9ab18685bf312d7b0eb Mon Sep 17 00:00:00 2001 From: Tom Ritserveldt Date: Thu, 13 Aug 2015 11:14:16 +0200 Subject: [PATCH 016/190] fixed a copy past error. --- manifests/plugins/checksslscan.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 1b9213c..1b0d68c 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -112,7 +112,7 @@ } cron { "check-ssl-${host_url}": - command => "${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_a ge}${_ip_address}${_debug_mode}\n", + command => "${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode}\n", user => $::icinga::client_user, month => '*', monthday => '*', From a1bc3cd68bc4f7149b05e7a69321615f97bb393e Mon Sep 17 00:00:00 2001 From: bjanssens Date: Thu, 13 Aug 2015 11:37:09 +0200 Subject: [PATCH 017/190] Bugfix: Updated the file name to check_ssl.erb Signed-off-by: bjanssens --- manifests/plugins/checksslscan.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 1b0d68c..4d02766 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -78,7 +78,7 @@ mode => '0755', owner => 'root', group => 'root', - source => 'puppet:///modules/icinga/check_ssl', + source => 'puppet:///modules/icinga/check_ssl.erb', notify => Service[$icinga::service_client], require => Class['icinga::config']; } From d91f72a9c65392c6c32f756f283c587fbee9cbb3 Mon Sep 17 00:00:00 2001 From: bjanssens Date: Thu, 13 Aug 2015 11:58:35 +0200 Subject: [PATCH 018/190] Bugfix: Added the check in the right place aka files directory Signed-off-by: bjanssens --- templates/plugins/check_ssl.erb => files/check_ssl | 0 manifests/plugins/checksslscan.pp | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename templates/plugins/check_ssl.erb => files/check_ssl (100%) diff --git a/templates/plugins/check_ssl.erb b/files/check_ssl similarity index 100% rename from templates/plugins/check_ssl.erb rename to files/check_ssl diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 4d02766..1b0d68c 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -78,7 +78,7 @@ mode => '0755', owner => 'root', group => 'root', - source => 'puppet:///modules/icinga/check_ssl.erb', + source => 'puppet:///modules/icinga/check_ssl', notify => Service[$icinga::service_client], require => Class['icinga::config']; } From 4bcc559af2ac98f74bb2ff420583682e4e5860ab Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 13 Aug 2015 12:20:09 +0200 Subject: [PATCH 019/190] added fqdn to the check_cron_logs exported resource name Signed-off-by: honza --- manifests/plugins/checkcronlogs.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkcronlogs.pp b/manifests/plugins/checkcronlogs.pp index 226e7d0..10fb3f9 100644 --- a/manifests/plugins/checkcronlogs.pp +++ b/manifests/plugins/checkcronlogs.pp @@ -32,7 +32,7 @@ - @@nagios_service { 'check_cron_logs': + @@nagios_service { "check_cron_logs_${::fqdn}": check_command => 'check_nrpe_command!check_cron_logs', check_interval => '3600', service_description => 'Check cron logs', From abd3e2a06089ce0f95ab651121d892ac1ca7bddc Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 13 Aug 2015 13:47:43 +0200 Subject: [PATCH 020/190] fixed the cron_logs.cfg.erb template Signed-off-by: honza --- templates/plugins/cron_logs.cfg.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/plugins/cron_logs.cfg.erb b/templates/plugins/cron_logs.cfg.erb index 385fb02..9d217bc 100644 --- a/templates/plugins/cron_logs.cfg.erb +++ b/templates/plugins/cron_logs.cfg.erb @@ -1,5 +1,5 @@ <% if @ignored_jobs -%> -command[check_cron_logs]=/usr/lib64/nagios/plugins/check_cron_logs.sh <%= Array(@ignored_jobs).join(' ') %> +command[check_cron_logs]=sudo /usr/lib64/nagios/plugins/check_cron_logs.sh <%= Array(@ignored_jobs).join(' ') %> <% else %> -command[check_cron_logs]=/usr/lib64/nagios/plugins/check_cron_logs.sh +command[check_cron_logs]=sudo /usr/lib64/nagios/plugins/check_cron_logs.sh <% end -%> From 6b9f95dd263d59765a0bc84c8993d6d49f071a68 Mon Sep 17 00:00:00 2001 From: bjanssens Date: Fri, 14 Aug 2015 08:29:34 +0200 Subject: [PATCH 021/190] Bugfix: Added host_url to the check for ssl Signed-off-by: bjanssens --- manifests/plugins/checksslscan.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 1b0d68c..1eb683b 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -107,7 +107,7 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_sslscan_${host_url}]=${::icinga::plugindir}/check_ssl\n", + content => "command[check_sslscan_${host_url}]=${::icinga::plugindir}/check_ssl ${host_url}\n", notify => Service[$::icinga::service_client], } From 18ceefbb04f1e8b0778e14e2e1d591248606ae53 Mon Sep 17 00:00:00 2001 From: honza Date: Fri, 14 Aug 2015 09:32:15 +0200 Subject: [PATCH 022/190] bugfix in the cron_logs.cfg.erb template Signed-off-by: honza --- templates/plugins/cron_logs.cfg.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/plugins/cron_logs.cfg.erb b/templates/plugins/cron_logs.cfg.erb index 9d217bc..385c4aa 100644 --- a/templates/plugins/cron_logs.cfg.erb +++ b/templates/plugins/cron_logs.cfg.erb @@ -1,5 +1,5 @@ <% if @ignored_jobs -%> -command[check_cron_logs]=sudo /usr/lib64/nagios/plugins/check_cron_logs.sh <%= Array(@ignored_jobs).join(' ') %> +command[check_cron_logs]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_cron_logs.sh <%= Array(@ignored_jobs).join(' ') %> <% else %> -command[check_cron_logs]=sudo /usr/lib64/nagios/plugins/check_cron_logs.sh +command[check_cron_logs]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_cron_logs.sh <% end -%> From d4583adb49151a50a4a39178ef0d43d1652b3962 Mon Sep 17 00:00:00 2001 From: honza Date: Fri, 14 Aug 2015 10:29:34 +0200 Subject: [PATCH 023/190] change in sudo permissions required by the checkcronlogs plugins Signed-off-by: honza --- manifests/plugins/checkcronlogs.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkcronlogs.pp b/manifests/plugins/checkcronlogs.pp index 10fb3f9..5f23754 100644 --- a/manifests/plugins/checkcronlogs.pp +++ b/manifests/plugins/checkcronlogs.pp @@ -45,7 +45,7 @@ } sudo::conf{'cron_logs_check_conf': content => "Defaults:nagios !requiretty - nagios ALL=(ALL) NOPASSWD:/usr/lib64/nagios/plugins/check_cron_logs.sh\n", + nagios ALL=(ALL) NOPASSWD:${::icinga::plugindir}/check_cron_logs.sh\n", } } From e199fac8a1918a81c3fd36ea9e71b61227f16586 Mon Sep 17 00:00:00 2001 From: bjanssens Date: Fri, 14 Aug 2015 11:01:11 +0200 Subject: [PATCH 024/190] Bugfix: ssl check Signed-off-by: bjanssens --- manifests/plugins/checksslscan.pp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 1eb683b..2fed45e 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -102,6 +102,12 @@ } } + if (!defined(File['/home/icinga'])) { + file { '/home/icinga': + ensure => present, + } + } + file{"${::icinga::includedir_client}/check_sslscan_${host_url}.cfg": ensure => 'file', mode => '0644', @@ -112,7 +118,7 @@ } cron { "check-ssl-${host_url}": - command => "${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode}\n", + command => "${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode} > /home/icinga/${host_url}_sslresult\n", user => $::icinga::client_user, month => '*', monthday => '*', From f8c8ede1b504b3a155fb5bba9038a2118fae08f8 Mon Sep 17 00:00:00 2001 From: bjanssens Date: Fri, 14 Aug 2015 11:25:39 +0200 Subject: [PATCH 025/190] Bugfix: check ssl: setup cleanup Signed-off-by: bjanssens --- files/check_ssl | 6 +++--- manifests/plugins/checksslscan.pp | 10 ++++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/files/check_ssl b/files/check_ssl index 7397270..2bf5b68 100644 --- a/files/check_ssl +++ b/files/check_ssl @@ -4,9 +4,9 @@ # VHOST=$1 -if [ ! -f "/home/icinga/${VHOST}" ] +if [ ! -f "/tmp/checksslscan/${VHOST}_sslresult" ] then - STATUS=$(cat /home/icinga/${VHOST}_sslresult) + STATUS=$(cat /tmp/checksslscan/${VHOST}_sslresult) if [ "$STATUS" == 'OK - score is A' ] then echo "OK - score is A" && exit 0 @@ -14,7 +14,7 @@ then then echo "WARNING - score is B" && exit 1 else - echo "Critical - score is lower then B" && exit 2 + echo "WARNING - score is lower then B" && exit 1 fi else echo "Status file not found in /home/icinga" && exit 3 diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 2fed45e..2ade65d 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -102,9 +102,11 @@ } } - if (!defined(File['/home/icinga'])) { - file { '/home/icinga': - ensure => present, + if (!defined(File['/tmp/checksslscan'])) { + file { '/tmp/checksslscan': + ensure => directory, + owner => $::icinga::client_user, + group => $::icinga::clinet_group, } } @@ -118,7 +120,7 @@ } cron { "check-ssl-${host_url}": - command => "${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode} > /home/icinga/${host_url}_sslresult\n", + command => "${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode} > /tmp/checksslscan/${host_url}_sslresult\n", user => $::icinga::client_user, month => '*', monthday => '*', From 6d3b6eafe23808d211bcbfeefe47ad28f9957e88 Mon Sep 17 00:00:00 2001 From: bjanssens Date: Fri, 14 Aug 2015 11:51:06 +0200 Subject: [PATCH 026/190] Bugfix: Setup check ssl again Signed-off-by: bjanssens --- files/check_ssl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/files/check_ssl b/files/check_ssl index 2bf5b68..22532b1 100644 --- a/files/check_ssl +++ b/files/check_ssl @@ -4,7 +4,7 @@ # VHOST=$1 -if [ ! -f "/tmp/checksslscan/${VHOST}_sslresult" ] +if [ -f "/tmp/checksslscan/${VHOST}_sslresult" ] then STATUS=$(cat /tmp/checksslscan/${VHOST}_sslresult) if [ "$STATUS" == 'OK - score is A' ] @@ -17,5 +17,5 @@ then echo "WARNING - score is lower then B" && exit 1 fi else - echo "Status file not found in /home/icinga" && exit 3 + echo "Status file not found in /tmp/checksslscan" && exit 3 fi From a40adf235b852f986d3c70d15f74c4129da14d64 Mon Sep 17 00:00:00 2001 From: Honza Novak Date: Tue, 18 Aug 2015 12:59:09 +0200 Subject: [PATCH 027/190] Add option to not to monitor mongo replication --- manifests/plugins/checkmongodb.pp | 84 ++++++++++++++++--------------- 1 file changed, 44 insertions(+), 40 deletions(-) diff --git a/manifests/plugins/checkmongodb.pp b/manifests/plugins/checkmongodb.pp index 64b67f4..5104027 100644 --- a/manifests/plugins/checkmongodb.pp +++ b/manifests/plugins/checkmongodb.pp @@ -12,6 +12,7 @@ $mongod_graphite_io_read_url = 'http://graphite/render?target=mongo_host.processes.mongod.ps_disk_octets.read&from=-5minutes&rawData=true', $mongod_graphite_io_write_url = 'http://graphite/render?target=mongo_host.processes.mongod.ps_disk_octets.write&from=-5minutes&rawData=true', $graphite_host = undef, + $monitor_replication = true, ) inherits icinga { if $icinga::client { @@ -48,37 +49,51 @@ notify => Service[$::icinga::service_client], } - @@nagios_service { "check_mongodb_replication_lag_${::fqdn}": - check_command => 'check_nrpe_command!check_mongodb_replication_lag', - service_description => 'MongoDB Replication Lag', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => 'workhours', - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } + if $monitor_replication { + @@nagios_service { "check_mongodb_replication_lag_${::fqdn}": + check_command => 'check_nrpe_command!check_mongodb_replication_lag', + service_description => 'MongoDB Replication Lag', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => 'workhours', + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } - @@nagios_service { "check_mongodb_replication_lag_percentage_${::fqdn}": - check_command => 'check_nrpe_command!check_mongodb_replication_lag_percentage', - service_description => 'MongoDB Replication Lag Percentage', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } + @@nagios_service { "check_mongodb_replication_lag_percentage_${::fqdn}": + check_command => 'check_nrpe_command!check_mongodb_replication_lag_percentage', + service_description => 'MongoDB Replication Lag Percentage', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + + @@nagios_service { "check_mongodb_replicaset_${::fqdn}": + check_command => 'check_nrpe_command!check_mongodb_replicaset', + service_description => 'MongoDB Replicaset', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + + @@nagios_service { "check_mongodb_replset_state_${::fqdn}": + check_command => 'check_nrpe_command!check_mongodb_replset_state', + service_description => 'MongoDB Replication State', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } - @@nagios_service { "check_mongodb_replicaset_${::fqdn}": - check_command => 'check_nrpe_command!check_mongodb_replicaset', - service_description => 'MongoDB Replicaset', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } @@nagios_service { "check_mongodb_connect_${::fqdn}": @@ -103,17 +118,6 @@ target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } - @@nagios_service { "check_mongodb_replset_state_${::fqdn}": - check_command => 'check_nrpe_command!check_mongodb_replset_state', - service_description => 'MongoDB Replication State', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } - if $graphite_host != undef { @@nagios_service{"check_mongod_io_read_operations${::fqdn}": check_command => "check_graphite!${mongod_graphite_io_read_url}!10000000!50000000", From 8b9568d6ab48d1603278b90ced98bfd85f468875 Mon Sep 17 00:00:00 2001 From: Honza Novak Date: Mon, 31 Aug 2015 18:22:23 +0200 Subject: [PATCH 028/190] Add nrpe command that allows icinga to send 4 parameters --- templates/common/commands.cfg.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/common/commands.cfg.erb b/templates/common/commands.cfg.erb index d28be13..ec3fc73 100644 --- a/templates/common/commands.cfg.erb +++ b/templates/common/commands.cfg.erb @@ -254,6 +254,11 @@ define command { command_line $USER1$/check_nrpe -t <%= scope.lookupvar('icinga::nrpe_command_timeout') %> -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ } +define command { + command_name check_nrpe_4_args + command_line $USER1$/check_nrpe -t <%= scope.lookupvar('icinga::nrpe_command_timeout') %> -H $HOSTADDRESS$ -c $ARG1$ -a $ARG2$ $ARG3$ $ARG4$ $ARG5$ +} + define command { command_name tcp_nrpe command_line $USER1$/check_nrpe -t 60 -H $HOSTADDRESS$ From 3b3496b31441c2be705847a66b31a337b0c23f75 Mon Sep 17 00:00:00 2001 From: honza Date: Fri, 4 Sep 2015 10:44:46 +0200 Subject: [PATCH 029/190] bugfix in check_cron_logs.sh Signed-off-by: honza --- files/check_cron_logs.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/files/check_cron_logs.sh b/files/check_cron_logs.sh index 216d73e..1825107 100644 --- a/files/check_cron_logs.sh +++ b/files/check_cron_logs.sh @@ -3,18 +3,18 @@ REGEX="("$(echo "$@" | sed 's/ /)|(/g')")" #echo $REGEX LOG_FILE='/var/log/messages' -DATE=$(date --date="24 hours ago" '+%b %-d %H') +DATE=$(date --date="24 hours ago" '+%b %-d %H' | sed -r 's/^([a-zA-Z]+) /\1 {1,2}/g') NAME=$(hostname --short) CRONS_FAILING='' ##By defualt, only logs newer than 24h are checked, let's check if there even are that old logs -if grep -q "$DATE" /var/log/messages; then +if egrep -q "$DATE" /var/log/messages; then if [ $REGEX != '()' ]; then - CRONS_FAILING=$(cat $LOG_FILE | sed "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | + CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) else - CRONS_FAILING=$(cat $LOG_FILE | sed "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | + CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq) fi From f3546a274f720552e2faeb367eee72b55ecb9aea Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 9 Sep 2015 15:03:52 +0200 Subject: [PATCH 030/190] install and use newer package with nagios plugin Signed-off-by: Pavel Pulec --- manifests/plugins/checkdrupalcron.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/plugins/checkdrupalcron.pp b/manifests/plugins/checkdrupalcron.pp index 82294ca..a291375 100644 --- a/manifests/plugins/checkdrupalcron.pp +++ b/manifests/plugins/checkdrupalcron.pp @@ -5,8 +5,8 @@ # Warning and Critical expressed in seconds. 3600sec = 1h, 7200sec = 2h define icinga::plugins::checkdrupalcron ( $pkgname = $::operatingsystem ? { - 'centos' => 'nagios-plugins-drupalcron', - 'debian' => 'nagios-plugin-drupalcron', + 'centos' => 'nagios-plugins-drupal-cron', + 'debian' => 'nagios-plugins-drupal-cron', }, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, @@ -33,7 +33,7 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_drupal_cron_${title}]=sudo ${::icinga::plugindir}/check_drupal_cron -u ${uri} -r ${root} -w ${warning} -c ${critical}\n", + content => "command[check_drupal_cron_${title}]=sudo ${::icinga::plugindir}/check_drupal-cron -u ${uri} -r ${root} -w ${warning} -c ${critical}\n", notify => Service[$::icinga::service_client], } From d13bb98f5b0a70ce50a82125e98751b75aa2757b Mon Sep 17 00:00:00 2001 From: Tom Ritserveldt Date: Wed, 16 Sep 2015 15:52:24 +0200 Subject: [PATCH 031/190] check_nginx template --- templates/plugins/check_nginx | 108 ++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 templates/plugins/check_nginx diff --git a/templates/plugins/check_nginx b/templates/plugins/check_nginx new file mode 100644 index 0000000..ddf14ed --- /dev/null +++ b/templates/plugins/check_nginx @@ -0,0 +1,108 @@ +# -*- coding: utf-8 -*- +#!/usr/bin/python +# check_nginx is a Nagios to monitor nginx status +# The version is 1.0.2 +# fixed by Nikolay Kandalintsev (twitter: @nicloay) +# Based on yangzi2008@126.com from http://www.nginxs.com +# which available here http://exchange.nagios.org/directory/Plugins/Web-Servers/nginx/check_nginx/details + +import string +import urllib2 +import getopt +import sys + +def usage(): + print """check_nginx is a Nagios to monitor nginx status + Usage: + + check_nginx [-h|--help][-U|--url][-P|--path][-u|--user][-p|--passwd][-w|--warning][-c|--critical] + + Options: + --help|-h) + print check_nginx help. + --url|-U) + Sets nginx status url. + --path|-P) + Sets nginx status url path. Default is: off + --user|-u) + Sets nginx status BasicAuth user. Default is: off + --passwd|-p) + Sets nginx status BasicAuth passwd. Default is: off + --warning|-w) + Sets a warning level for nginx Active connections. Default is: off + --critical|-c) + Sets a critical level for nginx Active connections. Default is: off + Example: + The url is www.nginxs.com/status + ./check_nginx -U www.nginxs.com -P /status -u eric -p nginx -w 1000 -c 2000 + if dont't have password: + ./check_nginx -U www.nginxs.com -P /status -w 1000 -c 2000 + if don't have path and password: + ./check_nginx -U www.nginxs.com -w 1000 -c 2000""" + + sys.exit(3) + +try: + options,args = getopt.getopt(sys.argv[1:],"hU:P:u:p:w:c:",["help","url=","path=","user=","passwd=","warning=","critical="]) + +except getopt.GetoptError: + usage() + sys.exit(3) + +for name,value in options: + if name in ("-h","--help"): + usage() + if name in ("-U","--url"): + url = "http://"+value + if name in ("-P","--path"): + path = value + if name in ("-u","--user"): + user = value + if name in ("-p","--passwd"): + passwd = value + if name in ("-w","--warning"): + warning = value + if name in ("-c","--critical"): + critical = value +try: + if 'path' in dir(): + req = urllib2.Request(url+path) + else: + req = urllib2.Request(url) + if 'user' in dir() and 'passwd' in dir(): + passman = urllib2.HTTPPasswordMgrWithDefaultRealm() + passman.add_password(None, url+path, user, passwd) + authhandler = urllib2.HTTPBasicAuthHandler(passman) + opener = urllib2.build_opener(authhandler) + urllib2.install_opener(opener) + response = urllib2.urlopen(req) + the_page = response.readline() + conn = the_page.split() + ActiveConn = conn[2] + the_page1 = response.readline() + the_page2 = response.readline() + the_page3 = response.readline() + response.close() + b = the_page3.split() + reading = b[1] + writing = b[3] + waiting = b[5] + output = 'ActiveConn:%s,reading:%s,writing:%s,waiting:%s' % (ActiveConn,reading,writing,waiting) + perfdata = 'ActiveConn:%s,reading:%s,writing:%s,waiting:%s' % (ActiveConn,reading,writing,waiting) + +except Exception: + print "NGINX STATUS unknown: Error while getting Connection" + sys.exit(3) +if 'warning' in dir() and 'critical' in dir(): + if int(ActiveConn) >= int(critical): + print 'CRITICAL - %s|%s' % (output,perfdata) + sys.exit(1) + elif int(ActiveConn) >= int(warning): + print 'WARNING - %s|%s' % (output,perfdata) + sys.exit(2) + else: + print 'OK - %s|%s' % (output,perfdata) + sys.exit(0) +else: + print 'OK - %s|%s' % (output,perfdata) + sys.exit(0) From 0c6c4faf27cc2618901bd5cf0f7daf413c1ef85e Mon Sep 17 00:00:00 2001 From: Tom Ritserveldt Date: Wed, 16 Sep 2015 16:23:33 +0200 Subject: [PATCH 032/190] check nginx --- manifests/plugins/checknginx.pp | 46 +++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 manifests/plugins/checknginx.pp diff --git a/manifests/plugins/checknginx.pp b/manifests/plugins/checknginx.pp new file mode 100644 index 0000000..813b4cf --- /dev/null +++ b/manifests/plugins/checknginx.pp @@ -0,0 +1,46 @@ +# == Class: icinga::plugins::checknginx +# +# This class provides a checknginx plugin. +# +class icinga::plugins::checknginx ( + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) inherits icinga { + + if $icinga::client { + file { "${::icinga::plugindir}/check_nginx": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + seltype => 'nagios_admin_plugin_exec_t', + content => template ('icinga/plugins/check_nginx'), + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + + file{"${::icinga::includedir_client}/nginx.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_nginx]=${::icinga::plugindir}/check_nginx -U 10.0.192.1:80 -P /bootstrap -w 300 -c 500\n", + notify => Service[$::icinga::service_client], + } + + @@nagios_service { "check_nginx_${::fqdn}": + check_command => 'check_nrpe_command!check_nginx', + service_description => 'Nginx', + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + } + +} + From 57f7a2e1f60235fbb6ea4364b1c26684edfbc2e5 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 21 Sep 2015 11:04:49 +0200 Subject: [PATCH 033/190] right sudo perms for nrpe commands Signed-off-by: Pavel Pulec --- manifests/plugins/checkcrm.pp | 6 +++++- manifests/plugins/checkpercona-replication-delay.pp | 4 ++++ manifests/plugins/checkpercona-replication.pp | 6 +++++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checkcrm.pp b/manifests/plugins/checkcrm.pp index c58a6f6..b35a6d8 100644 --- a/manifests/plugins/checkcrm.pp +++ b/manifests/plugins/checkcrm.pp @@ -45,6 +45,10 @@ notify => Service[$::icinga::service_client], } + sudo::conf{'nrpe_crm_mon': + content => "Defaults:nagios !requiretty\nnagios ALL=(ALL) NOPASSWD:/usr/sbin/crm_mon -1 -r -f\n", + } + @@nagios_service{"check_crm_${host_name}": check_command => "check_nrpe_command!check_crm_${host_name}", service_description => 'Pacemaker', @@ -56,4 +60,4 @@ target => "${::icinga::targetdir}/services/${host_name}.cfg", } } -} \ No newline at end of file +} diff --git a/manifests/plugins/checkpercona-replication-delay.pp b/manifests/plugins/checkpercona-replication-delay.pp index dbafb4a..6f4e787 100644 --- a/manifests/plugins/checkpercona-replication-delay.pp +++ b/manifests/plugins/checkpercona-replication-delay.pp @@ -51,6 +51,10 @@ notify => Service[$::icinga::service_client], } + sudo::conf{'nrpe_pmp-check-mysql-replication-delay': + content => "Defaults:nagios !requiretty\nnagios ALL=(ALL) NOPASSWD:/usr/lib64/nagios/plugins/pmp-check-mysql-replication-delay\n", + } + @@nagios_service { "check_percona_replication_delay${::fqdn}": check_command => 'check_nrpe_command!check_percona_replication_delay', service_description => 'Percona: Replication Delay', diff --git a/manifests/plugins/checkpercona-replication.pp b/manifests/plugins/checkpercona-replication.pp index 982e172..e7d6dd7 100644 --- a/manifests/plugins/checkpercona-replication.pp +++ b/manifests/plugins/checkpercona-replication.pp @@ -48,9 +48,13 @@ notify => Service[$::icinga::service_client], } + sudo::conf{'nrpe_pmp-check-mysql-replication-running': + content => "Defaults:nagios !requiretty\nnagios ALL=(ALL) NOPASSWD:/usr/lib64/nagios/plugins/pmp-check-mysql-replication-running\n", + } + @@nagios_service { "check_percona_replication_running${::fqdn}": check_command => 'check_nrpe_command!check_percona_replication_running', service_description => 'Percona: Replication Running', } -} \ No newline at end of file +} From 386d8394b8980b6413b3b8d4d2da616ac7b5b60f Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 22 Sep 2015 11:11:22 +0200 Subject: [PATCH 034/190] add icinga::plugins::checkmysqlclient plugin Signed-off-by: Pavel Pulec --- manifests/plugins/checkmysqlclient.pp | 32 +++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 manifests/plugins/checkmysqlclient.pp diff --git a/manifests/plugins/checkmysqlclient.pp b/manifests/plugins/checkmysqlclient.pp new file mode 100644 index 0000000..7e0b525 --- /dev/null +++ b/manifests/plugins/checkmysqlclient.pp @@ -0,0 +1,32 @@ +# == Class: icinga::plugins::checkmysqld +# +# This class provides a checkmysqld plugin. +# +class icinga::plugins::checkmysqlclient ( + $db_name, + $db_host, + $db_user, + $db_pass, + $ensure = present, + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) inherits icinga { + + file { "${::icinga::includedir_client}/mysql_client_${db_name}.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + notify => Service[$::icinga::service_client], + content => "command[check_mysql_${db_name}]=/usr/lib64/nagios/plugins/check_mysql -H ${db_host} -u ${db_user} -p ${db_pass} -d ${db_name}" + } + + @@nagios_service { "check_mysql_client_${::fqdn}_${db_name}": + check_command => "check_nrpe_command!check_mysql_${db_name}", + service_description => "mysql client db: ${db_name}", + } + +} + From b99e3a01d39c70480ef8eda01170405f3e114b1d Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 22 Sep 2015 11:19:26 +0200 Subject: [PATCH 035/190] change variables for mysqlclient corresponding to percona::rights Signed-off-by: Pavel Pulec --- manifests/plugins/checkmysqlclient.pp | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/manifests/plugins/checkmysqlclient.pp b/manifests/plugins/checkmysqlclient.pp index 7e0b525..1562edd 100644 --- a/manifests/plugins/checkmysqlclient.pp +++ b/manifests/plugins/checkmysqlclient.pp @@ -3,29 +3,33 @@ # This class provides a checkmysqld plugin. # class icinga::plugins::checkmysqlclient ( - $db_name, - $db_host, - $db_user, - $db_pass, - $ensure = present, + $database, + $host, + $user, + $password, $contact_groups = $::environment, $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, ) inherits icinga { - file { "${::icinga::includedir_client}/mysql_client_${db_name}.cfg": + file { "${::icinga::includedir_client}/mysql_client_${database}.cfg": ensure => 'file', mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, notify => Service[$::icinga::service_client], - content => "command[check_mysql_${db_name}]=/usr/lib64/nagios/plugins/check_mysql -H ${db_host} -u ${db_user} -p ${db_pass} -d ${db_name}" + content => "command[check_mysql_${database}]=/usr/lib64/nagios/plugins/check_mysql -H ${host} -u ${user} -p ${password} -d ${database}" } - @@nagios_service { "check_mysql_client_${::fqdn}_${db_name}": - check_command => "check_nrpe_command!check_mysql_${db_name}", - service_description => "mysql client db: ${db_name}", + @@nagios_service { "check_mysql_client_${::fqdn}_${database}": + check_command => "check_nrpe_command!check_mysql_${database}", + service_description => "mysql client db: ${database}", + contact_groups => $contact_groups, + host_name => $::fqdn, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, } } From 5b90f64733146de0d43bbbd7aa0ade6cc9a6fa4b Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 22 Sep 2015 14:24:57 +0200 Subject: [PATCH 036/190] fix class/define misconfiguration Signed-off-by: Pavel Pulec --- manifests/plugins/checkmysqlclient.pp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/plugins/checkmysqlclient.pp b/manifests/plugins/checkmysqlclient.pp index 1562edd..63587bf 100644 --- a/manifests/plugins/checkmysqlclient.pp +++ b/manifests/plugins/checkmysqlclient.pp @@ -1,8 +1,6 @@ -# == Class: icinga::plugins::checkmysqld +# == Class: icinga::plugins::checkmysqlclient # -# This class provides a checkmysqld plugin. -# -class icinga::plugins::checkmysqlclient ( +define icinga::plugins::checkmysqlclient ( $database, $host, $user, @@ -11,7 +9,9 @@ $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, -) inherits icinga { +) { + + require icinga file { "${::icinga::includedir_client}/mysql_client_${database}.cfg": ensure => 'file', From 85d85a584a069ad99d4bf7dfc08b66de8a5a8f59 Mon Sep 17 00:00:00 2001 From: honza Date: Mon, 5 Oct 2015 11:26:59 +0200 Subject: [PATCH 037/190] parametrize is the drupal cron check should be run with sudo --- manifests/plugins/checkdrupalcron.pp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checkdrupalcron.pp b/manifests/plugins/checkdrupalcron.pp index a291375..d669668 100644 --- a/manifests/plugins/checkdrupalcron.pp +++ b/manifests/plugins/checkdrupalcron.pp @@ -12,6 +12,7 @@ $notifications_enabled = $::icinga::notifications_enabled, $host_name = $::fqdn, $contact_groups = $::environment, + $use_sudo = true, $warning = '3600', $critical = '7200', $uri = '', @@ -28,12 +29,19 @@ } } + if $use_sudo { + $content="command[check_drupal_cron_${title}]=sudo ${::icinga::plugindir}/check_drupal-cron -u ${uri} -r ${root} -w ${warning} -c ${critical}\n" + } + else { + $content="command[check_drupal_cron_${title}]=${::icinga::plugindir}/check_drupal-cron -u ${uri} -r ${root} -w ${warning} -c ${critical}\n" + } + file{"${::icinga::includedir_client}/check_drupal_cron_${title}.cfg": ensure => 'file', mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_drupal_cron_${title}]=sudo ${::icinga::plugindir}/check_drupal-cron -u ${uri} -r ${root} -w ${warning} -c ${critical}\n", + content => $content, notify => Service[$::icinga::service_client], } From e20b4405db79964adac276bf5c04f2c8fd3c68ff Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 8 Oct 2015 12:20:30 +0200 Subject: [PATCH 038/190] allow to ignore cron jobs based on tags, ignore drush by default, as it has its own check Signed-off-by: honza --- files/check_cron_logs.sh | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/files/check_cron_logs.sh b/files/check_cron_logs.sh index 1825107..a4125a9 100644 --- a/files/check_cron_logs.sh +++ b/files/check_cron_logs.sh @@ -1,20 +1,34 @@ #!/bin/sh -REGEX="("$(echo "$@" | sed 's/ /)|(/g')")" -#echo $REGEX LOG_FILE='/var/log/messages' DATE=$(date --date="24 hours ago" '+%b %-d %H' | sed -r 's/^([a-zA-Z]+) /\1 {1,2}/g') NAME=$(hostname --short) CRONS_FAILING='' +IGNORE_TAG='drush' + +while getopts ":i:" o; do + case "${o}" in + i) + IGNORE_TAG="("$(echo "${OPTARG}" | sed 's/ /)|(/g')")" + ;; + *) + echo "Bad param" + ;; + esac +done +shift $((OPTIND-1)) + + +REGEX="("$(echo "$@" | sed 's/ /)|(/g')")" ##By defualt, only logs newer than 24h are checked, let's check if there even are that old logs if egrep -q "$DATE" /var/log/messages; then if [ $REGEX != '()' ]; then - CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | + CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) else - CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | + CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq) fi @@ -22,10 +36,10 @@ if egrep -q "$DATE" /var/log/messages; then else if [ $REGEX != '()' ]; then - CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | + CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) else - CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | + CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq) fi fi From 52f87a0d37faddfbb7f246b913dfb52ea643299f Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 27 Oct 2015 15:34:30 +0100 Subject: [PATCH 039/190] the dns sync check reworked Signed-off-by: honza --- manifests/plugins/check_dns_sync.pp | 22 ++++++++++++++++++---- templates/plugins/dns_sync.cfg.erb | 5 ++++- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/manifests/plugins/check_dns_sync.pp b/manifests/plugins/check_dns_sync.pp index 3195317..f69a66f 100644 --- a/manifests/plugins/check_dns_sync.pp +++ b/manifests/plugins/check_dns_sync.pp @@ -9,6 +9,8 @@ $notification_period = 'workhours', $notifications_enabled = $::icinga::notifications_enabled, $full_zonelist = hiera('inuits::nameserver::full_zonelist', undef), + $icinga_host = hiera('icinga_host'), + $ignored_domains = hiera('ignored_domains', undef), ) inherits icinga { package { 'perl-Net-DNS.x86_64': @@ -19,6 +21,10 @@ ensure => present, } + package { 'nsca-client': + ensure => present, + } + file { "${::icinga::plugindir}/check_dns_sync.pl": ensure => present, mode => '0755', @@ -28,17 +34,25 @@ notify => Service[$icinga::service_client], require => Class['icinga::config']; } - file { "${::icinga::includedir_client}/dns_sync.cfg": + file { "${::icinga::plugindir}/dns_sync.sh": ensure => 'file', - mode => '0644', + mode => '0755', owner => $::icinga::client_user, group => $::icinga::client_group, content => template('icinga/plugins/dns_sync.cfg.erb'), - notify => Service[$::icinga::service_client], + } + + cron { 'dns sync check': + ensure => present, + command => "${::icinga::plugindir}/dns_sync.sh", + user => 'root', + minute => '*/10', } @@nagios_service { "check_dns_sync_${::fqdn}": - check_command => 'check_nrpe_command!check_dns_sync', + check_command => 'check_dummy!0 "All ok"', + active_checks_enabled => '0', + freshness_threshold => '600', service_description => 'dns sync', host_name => $::fqdn, contact_groups => $contact_groups, diff --git a/templates/plugins/dns_sync.cfg.erb b/templates/plugins/dns_sync.cfg.erb index b6d0467..61c1019 100644 --- a/templates/plugins/dns_sync.cfg.erb +++ b/templates/plugins/dns_sync.cfg.erb @@ -1,3 +1,4 @@ +#!/bin/bash <% views=@full_zonelist.keys.select{ |i| i[/^view/] } -%> <% domains=[] -%> <% customers=[] -%> @@ -8,4 +9,6 @@ <% domains+= @full_zonelist[customer].keys -%> <% end -%> <% domains.map! {|domain| domain[/[^:]+/]} -%> -command[check_dns_sync]=/usr/lib64/nagios/plugins/check_dns_sync.pl -T1 <%= Array(domains).uniq.sort.join(" ") %> +MSG=$(/usr/lib64/nagios/plugins/check_dns_sync.pl -T1 <%= (Array(domains)-Array(@ignored_domains)).uniq.sort.join(" ") %>) +RET_VAL=$? +echo "<% @fqdn -%>;dns sync;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <% @icinga_host -%> -p 5667 -d ";" From 682abea52135a55797341cfc5b12caf3bd7c3af2 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 27 Oct 2015 16:46:24 +0100 Subject: [PATCH 040/190] update the dns_sync check Signed-off-by: honza --- templates/plugins/dns_sync.cfg.erb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/plugins/dns_sync.cfg.erb b/templates/plugins/dns_sync.cfg.erb index 61c1019..94a1f50 100644 --- a/templates/plugins/dns_sync.cfg.erb +++ b/templates/plugins/dns_sync.cfg.erb @@ -11,4 +11,5 @@ <% domains.map! {|domain| domain[/[^:]+/]} -%> MSG=$(/usr/lib64/nagios/plugins/check_dns_sync.pl -T1 <%= (Array(domains)-Array(@ignored_domains)).uniq.sort.join(" ") %>) RET_VAL=$? -echo "<% @fqdn -%>;dns sync;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <% @icinga_host -%> -p 5667 -d ";" +echo "<%= @fqdn %>;dns sync;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <%= @icinga_host %> -p 5667 -d ";" + From a0d36f8a6325f6fd0cff5bd8888a2ba54dac6e68 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 29 Oct 2015 10:35:48 +0100 Subject: [PATCH 041/190] rename dns_sync.cfg.erb to dns_sync.sh.erb Signed-off-by: honza --- manifests/plugins/check_dns_sync.pp | 2 +- templates/plugins/{dns_sync.cfg.erb => dns_sync.sh.erb} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename templates/plugins/{dns_sync.cfg.erb => dns_sync.sh.erb} (100%) diff --git a/manifests/plugins/check_dns_sync.pp b/manifests/plugins/check_dns_sync.pp index f69a66f..3bc3715 100644 --- a/manifests/plugins/check_dns_sync.pp +++ b/manifests/plugins/check_dns_sync.pp @@ -39,7 +39,7 @@ mode => '0755', owner => $::icinga::client_user, group => $::icinga::client_group, - content => template('icinga/plugins/dns_sync.cfg.erb'), + content => template('icinga/plugins/dns_sync.sh.erb'), } cron { 'dns sync check': diff --git a/templates/plugins/dns_sync.cfg.erb b/templates/plugins/dns_sync.sh.erb similarity index 100% rename from templates/plugins/dns_sync.cfg.erb rename to templates/plugins/dns_sync.sh.erb From 6e526333f33d79cc3460eebcf53ad8afcab313e8 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 3 Nov 2015 09:31:42 +0100 Subject: [PATCH 042/190] remove time limit for dns_sync check, its not using nrpe now, so we dont need to limit it Signed-off-by: honza --- templates/plugins/dns_sync.sh.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/plugins/dns_sync.sh.erb b/templates/plugins/dns_sync.sh.erb index 94a1f50..2c427cf 100644 --- a/templates/plugins/dns_sync.sh.erb +++ b/templates/plugins/dns_sync.sh.erb @@ -9,7 +9,7 @@ <% domains+= @full_zonelist[customer].keys -%> <% end -%> <% domains.map! {|domain| domain[/[^:]+/]} -%> -MSG=$(/usr/lib64/nagios/plugins/check_dns_sync.pl -T1 <%= (Array(domains)-Array(@ignored_domains)).uniq.sort.join(" ") %>) +MSG=$(/usr/lib64/nagios/plugins/check_dns_sync.pl <%= (Array(domains)-Array(@ignored_domains)).uniq.sort.join(" ") %>) RET_VAL=$? echo "<%= @fqdn %>;dns sync;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <%= @icinga_host %> -p 5667 -d ";" From bd30ba395d2276ea50e902ecbb83009978dcb476 Mon Sep 17 00:00:00 2001 From: Honza Novak Date: Wed, 18 Nov 2015 14:58:16 +0100 Subject: [PATCH 043/190] Do not inherit from icinga, just require it already instantiated in checkmongo plugin --- manifests/plugins/checkmongodb.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checkmongodb.pp b/manifests/plugins/checkmongodb.pp index 5104027..fbcc352 100644 --- a/manifests/plugins/checkmongodb.pp +++ b/manifests/plugins/checkmongodb.pp @@ -13,7 +13,9 @@ $mongod_graphite_io_write_url = 'http://graphite/render?target=mongo_host.processes.mongod.ps_disk_octets.write&from=-5minutes&rawData=true', $graphite_host = undef, $monitor_replication = true, -) inherits icinga { +) { + + require icinga if $icinga::client { if !defined(Package['python-pip']) { From d0996721e704d6dfe2106bfbf846b7f405cdfe86 Mon Sep 17 00:00:00 2001 From: Honza Novak Date: Thu, 19 Nov 2015 15:10:41 +0100 Subject: [PATCH 044/190] Manage perl nagios plugin package only if it is not handled yet by other module --- manifests/plugins/checkcrm.pp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/manifests/plugins/checkcrm.pp b/manifests/plugins/checkcrm.pp index b35a6d8..ba7f690 100644 --- a/manifests/plugins/checkcrm.pp +++ b/manifests/plugins/checkcrm.pp @@ -31,9 +31,7 @@ ensure => installed, } - package { $pkg_perl_nagios_plugin: - ensure => installed, - } + ensure_resource ('package', $pkg_perl_nagios_plugin, { 'ensure' => 'installed' }) file{"${::icinga::includedir_client}/check_crm_${host_name}.cfg": From 628ffe7e5c728280712e5309d38a8c13724760ff Mon Sep 17 00:00:00 2001 From: Honza Novak Date: Mon, 30 Nov 2015 11:09:47 +0100 Subject: [PATCH 045/190] Inherits icinga is necessary, further code relies on some attributes to exist with default values from icinga class (like plugindir) --- manifests/plugins/checkmongodb.pp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/manifests/plugins/checkmongodb.pp b/manifests/plugins/checkmongodb.pp index fbcc352..a78cc51 100644 --- a/manifests/plugins/checkmongodb.pp +++ b/manifests/plugins/checkmongodb.pp @@ -13,9 +13,7 @@ $mongod_graphite_io_write_url = 'http://graphite/render?target=mongo_host.processes.mongod.ps_disk_octets.write&from=-5minutes&rawData=true', $graphite_host = undef, $monitor_replication = true, -) { - - require icinga +) inherits icinga { if $icinga::client { if !defined(Package['python-pip']) { From 4d5e2f2c524b6ff31d3dff692deb21aa63531fed Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 1 Dec 2015 10:53:23 +0100 Subject: [PATCH 046/190] add the 'target' parameter to the checkmysqlclient plugin Signed-off-by: honza --- manifests/plugins/checkmysqlclient.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/plugins/checkmysqlclient.pp b/manifests/plugins/checkmysqlclient.pp index 63587bf..6be2d65 100644 --- a/manifests/plugins/checkmysqlclient.pp +++ b/manifests/plugins/checkmysqlclient.pp @@ -30,6 +30,7 @@ max_check_attempts => $max_check_attempts, notification_period => $notification_period, notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } } From fd81aa60284d68a06f49da3c80892f41f3cb1d63 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 3 Dec 2015 12:00:47 +0100 Subject: [PATCH 047/190] only use the checkmysql plugin if a password is given refs #18991 Signed-off-by: honza --- manifests/plugins/checkmysqlclient.pp | 39 ++++++++++++++------------- 1 file changed, 21 insertions(+), 18 deletions(-) diff --git a/manifests/plugins/checkmysqlclient.pp b/manifests/plugins/checkmysqlclient.pp index 6be2d65..1f805ef 100644 --- a/manifests/plugins/checkmysqlclient.pp +++ b/manifests/plugins/checkmysqlclient.pp @@ -4,7 +4,8 @@ $database, $host, $user, - $password, + $password = undef, + $hash = undef, $contact_groups = $::environment, $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, @@ -13,24 +14,26 @@ require icinga - file { "${::icinga::includedir_client}/mysql_client_${database}.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - notify => Service[$::icinga::service_client], - content => "command[check_mysql_${database}]=/usr/lib64/nagios/plugins/check_mysql -H ${host} -u ${user} -p ${password} -d ${database}" - } + if $password { + file { "${::icinga::includedir_client}/mysql_client_${database}.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + notify => Service[$::icinga::service_client], + content => "command[check_mysql_${database}]=/usr/lib64/nagios/plugins/check_mysql -H ${host} -u ${user} -p ${password} -d ${database}" + } - @@nagios_service { "check_mysql_client_${::fqdn}_${database}": - check_command => "check_nrpe_command!check_mysql_${database}", - service_description => "mysql client db: ${database}", - contact_groups => $contact_groups, - host_name => $::fqdn, - max_check_attempts => $max_check_attempts, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + @@nagios_service { "check_mysql_client_${::fqdn}_${database}": + check_command => "check_nrpe_command!check_mysql_${database}", + service_description => "mysql client db: ${database}", + contact_groups => $contact_groups, + host_name => $::fqdn, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } } } From d79426dd8a94c5e1a52f57793ad6e4813aee40b3 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 15 Dec 2015 16:22:37 +0100 Subject: [PATCH 048/190] turn checksslscan into a passive check refs #15623 Signed-off-by: honza --- manifests/plugins/checksslscan.pp | 76 ++++++++++---------------- templates/plugins/check_sslscan.sh.erb | 5 ++ 2 files changed, 34 insertions(+), 47 deletions(-) create mode 100644 templates/plugins/check_sslscan.sh.erb diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 2ade65d..74f71a5 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -59,31 +59,6 @@ if $icinga::client { - # Only include this file once - if (!defined(File["${::icinga::plugindir}/check_sslscan.pl"])) { - file { "${::icinga::plugindir}/check_sslscan.pl": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_sslscan.pl', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - } - - if (!defined(File["${::icinga::plugindir}/check_ssl"])) { - file { "${::icinga::plugindir}/check_ssl": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_ssl', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - } - if (!defined(Package['perl-JSON'])) { package { 'perl-JSON': ensure => installed, @@ -102,42 +77,49 @@ } } - if (!defined(File['/tmp/checksslscan'])) { - file { '/tmp/checksslscan': - ensure => directory, - owner => $::icinga::client_user, - group => $::icinga::clinet_group, + package { 'nsca-client': + ensure => present, + } + + # Only include this file once + if (!defined(File["${::icinga::plugindir}/check_sslscan.pl"])) { + file { "${::icinga::plugindir}/check_sslscan.pl": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_sslscan.pl', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; } } - file{"${::icinga::includedir_client}/check_sslscan_${host_url}.cfg": + file { "${::icinga::plugindir}/check_sslscan-${host_url}.sh": ensure => 'file', - mode => '0644', + mode => '0755', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_sslscan_${host_url}]=${::icinga::plugindir}/check_ssl ${host_url}\n", - notify => Service[$::icinga::service_client], + content => template('icinga/plugins/check_sslscan.sh.erb'), } - - cron { "check-ssl-${host_url}": - command => "${::icinga::plugindir}/check_sslscan.pl -H ${host_url} -w ${warning_grade} -c ${critical_grade} ${_publish_results}${_accept_cached_results}${_max_cache_age}${_ip_address}${_debug_mode} > /tmp/checksslscan/${host_url}_sslresult\n", - user => $::icinga::client_user, - month => '*', - monthday => '*', - hour => '09', - minute => '30', + + cron { "sslscan check-${host_url}": + ensure => present, + command => "${::icinga::plugindir}/check_sslscan-${host_url}.sh", + user => 'root', + hour => '11', + minute => fqdn_rand(60, $host_url), } - @@nagios_service { "check_sslscan_${::fqdn}_${host_url}": - check_command => "check_nrpe_command_timeout!60!check_sslscan_${host_url}", - check_interval => '86400', # Every 12 hours is fine - service_description => "SSL Quality ${host_url}", + check_command => 'check_dummy!0 "All ok"', + active_checks_enabled => '0', + freshness_threshold => '600', + service_description => "sslscan ${host_url}", host_name => $::fqdn, contact_groups => $contact_groups, - max_check_attempts => $max_check_attempts, notification_period => $notification_period, notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } } diff --git a/templates/plugins/check_sslscan.sh.erb b/templates/plugins/check_sslscan.sh.erb new file mode 100644 index 0000000..b1580e7 --- /dev/null +++ b/templates/plugins/check_sslscan.sh.erb @@ -0,0 +1,5 @@ +#!/bin/bash +MSG=$(/usr/lib64/nagios/plugins/check_sslscan.pl -H <%= @host_url %> -w B -c C) +RET_VAL=$? +echo "<%= @fqdn %>;SSL Quality <%= @host_url %>;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <%= @icinga_host %> -p 5667 -d ";" + From ff98050bd34d5678116a690524cd35c738789e46 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 15 Dec 2015 16:29:10 +0100 Subject: [PATCH 049/190] fix duplicit declaration Signed-off-by: honza --- manifests/plugins/checksslscan.pp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 74f71a5..12ad9ab 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -77,10 +77,13 @@ } } - package { 'nsca-client': - ensure => present, + if (!defined(Package['nsca-client'])) { + package { 'nsca-client': + ensure => installed, + } } + # Only include this file once if (!defined(File["${::icinga::plugindir}/check_sslscan.pl"])) { file { "${::icinga::plugindir}/check_sslscan.pl": From 0c6bcabb97e511a88240827bab6c111f1c0232ab Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 15 Dec 2015 16:37:17 +0100 Subject: [PATCH 050/190] fix checksslscan template Signed-off-by: honza --- templates/plugins/check_sslscan.sh.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/plugins/check_sslscan.sh.erb b/templates/plugins/check_sslscan.sh.erb index b1580e7..a01d97d 100644 --- a/templates/plugins/check_sslscan.sh.erb +++ b/templates/plugins/check_sslscan.sh.erb @@ -1,5 +1,5 @@ #!/bin/bash MSG=$(/usr/lib64/nagios/plugins/check_sslscan.pl -H <%= @host_url %> -w B -c C) RET_VAL=$? -echo "<%= @fqdn %>;SSL Quality <%= @host_url %>;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <%= @icinga_host %> -p 5667 -d ";" +echo "<%= @fqdn %>;SSL Quality <%= @host_url %>;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <%= @icinga_host %> -p 5667 -d ";" From 87e2375f1765539e2e92fb483c8c5c88384492e6 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 15 Dec 2015 17:03:15 +0100 Subject: [PATCH 051/190] add the icinga_host variable to the checksslscan check Signed-off-by: honza --- manifests/plugins/checksslscan.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 12ad9ab..6e51778 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -16,6 +16,7 @@ $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, $additional_options = '', + $icinga_host = hiera('icinga_host'), ) { require icinga From 9ef4a81e5ed0f5406446eb80f2dedf4569055dab Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 15 Dec 2015 17:31:06 +0100 Subject: [PATCH 052/190] change service description of the checksslscan check Signed-off-by: honza --- manifests/plugins/checksslscan.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 6e51778..cb738a0 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -118,7 +118,7 @@ check_command => 'check_dummy!0 "All ok"', active_checks_enabled => '0', freshness_threshold => '600', - service_description => "sslscan ${host_url}", + service_description => "SSL Quality ${host_url}", host_name => $::fqdn, contact_groups => $contact_groups, notification_period => $notification_period, From 52577f0ddd1391b55d91a7d841f466a0028c8f5c Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 17 Dec 2015 12:29:55 +0100 Subject: [PATCH 053/190] increase the time range during which the checksslscan check runs Signed-off-by: honza --- manifests/plugins/checksslscan.pp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index cb738a0..1db568d 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -17,6 +17,9 @@ $notifications_enabled = $::icinga::notifications_enabled, $additional_options = '', $icinga_host = hiera('icinga_host'), + $hour_range = hiera('hour_range', 7), + $hour_shift = hiera('hour_shift', 9), + ) { require icinga @@ -105,12 +108,12 @@ group => $::icinga::client_group, content => template('icinga/plugins/check_sslscan.sh.erb'), } - + $hour = fqdn_rand($hour_range, $host_url) + $hour_shift cron { "sslscan check-${host_url}": ensure => present, command => "${::icinga::plugindir}/check_sslscan-${host_url}.sh", user => 'root', - hour => '11', + hour => $hour, minute => fqdn_rand(60, $host_url), } From 856a5fca79710fc168e7ed37db3ebdf1ab6ea9f9 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 23 Dec 2015 08:06:28 +0100 Subject: [PATCH 054/190] fix check_cron_logs.sh for centos7, allow check_sslscan to try again if the first try returns uknown Signed-off-by: honza --- files/check_cron_logs.sh | 8 ++++---- templates/plugins/check_sslscan.sh.erb | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/files/check_cron_logs.sh b/files/check_cron_logs.sh index a4125a9..a00e05f 100644 --- a/files/check_cron_logs.sh +++ b/files/check_cron_logs.sh @@ -26,10 +26,10 @@ REGEX="("$(echo "$@" | sed 's/ /)|(/g')")" if egrep -q "$DATE" /var/log/messages; then if [ $REGEX != '()' ]; then CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) + sed -r "s/^.*$NAME [^ ]+ [^ ]* cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) else CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq) + sed -r "s/^.*$NAME [^ ]+ [^ ]* cron ([^\[]+).*/\1/g" | sort | uniq) fi ##if not, we're simply reading the whole file @@ -37,10 +37,10 @@ if egrep -q "$DATE" /var/log/messages; then else if [ $REGEX != '()' ]; then CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) + sed -r "s/^.*$NAME [^ ]+ [^ ]* cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) else CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*$NAME [^ ]+ cron ([^\[]+).*/\1/g" | sort | uniq) + sed -r "s/^.*$NAME [^ ]+ [^ ]* cron ([^\[]+).*/\1/g" | sort | uniq) fi fi diff --git a/templates/plugins/check_sslscan.sh.erb b/templates/plugins/check_sslscan.sh.erb index a01d97d..89e5c86 100644 --- a/templates/plugins/check_sslscan.sh.erb +++ b/templates/plugins/check_sslscan.sh.erb @@ -1,5 +1,11 @@ #!/bin/bash MSG=$(/usr/lib64/nagios/plugins/check_sslscan.pl -H <%= @host_url %> -w B -c C) RET_VAL=$? +if [ $RET_VAL -eq 3 ]; then +# we probably got the "too many connections" error, we'll wait some time and try again + sleep $(($RANDOM % 800 + 240)) + MSG=$(/usr/lib64/nagios/plugins/check_sslscan.pl -H <%= @host_url %> -w B -c C) + RET_VAL=$? +fi echo "<%= @fqdn %>;SSL Quality <%= @host_url %>;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <%= @icinga_host %> -p 5667 -d ";" From b77c1e0170aad68da123382fb139f5b2f74ae37d Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 27 Jan 2016 09:49:30 +0100 Subject: [PATCH 055/190] fix notifications_enabled for cron check - we had them permanently disabled Signed-off-by: Pavel Pulec --- manifests/plugins/checkcronlogs.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkcronlogs.pp b/manifests/plugins/checkcronlogs.pp index 5f23754..1de1418 100644 --- a/manifests/plugins/checkcronlogs.pp +++ b/manifests/plugins/checkcronlogs.pp @@ -6,7 +6,7 @@ $max_check_attempts = $::icinga::max_check_attempts, $contact_groups = $::environment, $notification_period = $::icinga::notification_period, - $notifications_enabled = false, + $notifications_enabled = $::icinga::notifications_enabled, $ignored_jobs = hiera(ignored_jobs, undef), ) inherits icinga { From 8c6358d9b66d7025791ddf8d984a33291edb7896 Mon Sep 17 00:00:00 2001 From: Honza Novak Date: Fri, 5 Feb 2016 10:31:41 +0100 Subject: [PATCH 056/190] Add command for check-host-alive over ipv4 only --- templates/common/commands.cfg.erb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/templates/common/commands.cfg.erb b/templates/common/commands.cfg.erb index ec3fc73..94a7148 100644 --- a/templates/common/commands.cfg.erb +++ b/templates/common/commands.cfg.erb @@ -60,6 +60,14 @@ define command{ command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5 } +# 'check-host-alive-ipv4' command definition +# force use of ipv4 only because of issue with newer version of check_ping binary which in +# some cases prefers ipv6 even though it fails +define command{ + command_name check-host-alive-ipv4 + command_line $USER1$/check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 5 -4 + } + From a6d95c83e1e35ab2bfb0f0b9a9c9aa5d5a6ad507 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 15 Feb 2016 16:08:32 +0100 Subject: [PATCH 057/190] fix the class names below beacuse of future parser ( '-' is not allowed) icinga::plugins::checkpercona-replication icinga::plugins::checkpercona-replication-delay Signed-off-by: Pavel Pulec --- ...{checkpercona-replication.pp => checkpercona_replication.pp} | 2 +- ...a-replication-delay.pp => checkpercona_replication_delay.pp} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename manifests/plugins/{checkpercona-replication.pp => checkpercona_replication.pp} (97%) rename manifests/plugins/{checkpercona-replication-delay.pp => checkpercona_replication_delay.pp} (97%) diff --git a/manifests/plugins/checkpercona-replication.pp b/manifests/plugins/checkpercona_replication.pp similarity index 97% rename from manifests/plugins/checkpercona-replication.pp rename to manifests/plugins/checkpercona_replication.pp index e7d6dd7..1cd06f9 100644 --- a/manifests/plugins/checkpercona-replication.pp +++ b/manifests/plugins/checkpercona_replication.pp @@ -4,7 +4,7 @@ # # http://www.percona.com/doc/percona-monitoring-plugins/nagios/ # -class icinga::plugins::checkpercona-replication ( +class icinga::plugins::checkpercona_replication ( $ensure = present, $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, diff --git a/manifests/plugins/checkpercona-replication-delay.pp b/manifests/plugins/checkpercona_replication_delay.pp similarity index 97% rename from manifests/plugins/checkpercona-replication-delay.pp rename to manifests/plugins/checkpercona_replication_delay.pp index 6f4e787..48989ac 100644 --- a/manifests/plugins/checkpercona-replication-delay.pp +++ b/manifests/plugins/checkpercona_replication_delay.pp @@ -4,7 +4,7 @@ # # http://www.percona.com/doc/percona-monitoring-plugins/nagios/ # -class icinga::plugins::checkpercona-replication-delay ( +class icinga::plugins::checkpercona_replication_delay ( $serverid = undef, $ensure = present, $max_check_attempts = $::icinga::max_check_attempts, From 19377bfbd7380aadefa34ac9151e68337ed74eb1 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 15 Feb 2016 16:32:50 +0100 Subject: [PATCH 058/190] fix variable names + remove duplication of variables (future parser) Signed-off-by: Pavel Pulec --- manifests/plugins/checktotalprocs.pp | 2 -- manifests/reports.pp | 10 +++++----- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/manifests/plugins/checktotalprocs.pp b/manifests/plugins/checktotalprocs.pp index 36d3c30..a4368b3 100644 --- a/manifests/plugins/checktotalprocs.pp +++ b/manifests/plugins/checktotalprocs.pp @@ -3,8 +3,6 @@ # This class provides a checktotalprocs plugin. # class icinga::plugins::checktotalprocs ( - $check_warning = '', - $check_critical = '', $contact_groups = $::environment, $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, diff --git a/manifests/reports.pp b/manifests/reports.pp index 6f1ec81..40908d3 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -20,9 +20,9 @@ $icingaReportsVersion = '1.10.0', $icingaReportsHome = $::icinga::params::confdir_server, $icingaAvailabilityFunctionName = 'icinga_availability', - $IdoDbName = $::icinga::params::idoutils_dbname, - $IdoDbUsername = $::icinga::params::idoutils_dbuser, - $IdoDbPassword = $::icinga::params::idoutils_dbpass, + $idoDbName = $::icinga::params::idoutils_dbname, + $idoDbUsername = $::icinga::params::idoutils_dbuser, + $idoDbPassword = $::icinga::params::idoutils_dbpass, ) inherits icinga { include tomcat6 @@ -130,8 +130,8 @@ exec { 'install-ido-icinga-availability-sql-function': refreshonly => true, path => '/bin:/usr/bin:/sbin:/usr/sbin', - unless => "mysql -u${IdoDbUsername} -p${IdoDbPassword} ${IdoDbName} -e 'select name from mysql.proc where name='${icingaAvailabilityFunctionName}';'", - command => "mysql -u${IdoDbUsername} -p${IdoDbPassword} ${IdoDbName} < ${icingaReportsHome}/icinga-reports-${icingaReportsVersion}/db/icinga/mysql/availability.sql", + unless => "mysql -u${idoDbUsername} -p${idoDbPassword} ${idoDbName} -e 'select name from mysql.proc where name='${icingaAvailabilityFunctionName}';'", + command => "mysql -u${idoDbUsername} -p${idoDbPassword} ${idoDbName} < ${icingaReportsHome}/icinga-reports-${icingaReportsVersion}/db/icinga/mysql/availability.sql", require => [ Service[$db_service_name], Exec['install-jar-files'] ] } } From 2cd1254252ab3a4e3bfbb0d7879fdf15a17dd1a5 Mon Sep 17 00:00:00 2001 From: Hrachos Date: Mon, 22 Feb 2016 13:20:53 +0100 Subject: [PATCH 059/190] Facter returns strings, not numbers Signed-off-by: Hrachos --- manifests/config/client.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/config/client.pp b/manifests/config/client.pp index cd4d131..f0fa960 100644 --- a/manifests/config/client.pp +++ b/manifests/config/client.pp @@ -36,7 +36,7 @@ ensure => directory, } - if $::operatingsystemmajrelease == 7 { + if $::operatingsystemmajrelease == '7' { file{'/etc/systemd/system/nrpe.service': ensure => present, content => template('icinga/redhat/nrpe.service.erb'), From caf96e68bb7224404621fc8941e28fee95897550 Mon Sep 17 00:00:00 2001 From: vdmkenny Date: Mon, 7 Mar 2016 12:39:41 +0100 Subject: [PATCH 060/190] added livestatus broker_module --- templates/redhat/icinga.cfg.erb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/redhat/icinga.cfg.erb b/templates/redhat/icinga.cfg.erb index 86c2111..dcc0ab6 100644 --- a/templates/redhat/icinga.cfg.erb +++ b/templates/redhat/icinga.cfg.erb @@ -248,6 +248,8 @@ event_broker_options=-1 #broker_module=/somewhere/module2.o arg1 arg2=3 debug=0 +broker_module=/usr/lib64/mk-livestatus/livestatus.o /tmp/live.sock + <%- if @use_ido -%> broker_module=/usr/lib64/icinga/idomod.so config_file=/etc/icinga/idomod.cfg <% end %> From 153fa86489dad94b677ebc40bade2828828414a8 Mon Sep 17 00:00:00 2001 From: vdmkenny Date: Mon, 7 Mar 2016 13:08:29 +0100 Subject: [PATCH 061/190] undo broker module --- templates/redhat/icinga.cfg.erb | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/redhat/icinga.cfg.erb b/templates/redhat/icinga.cfg.erb index dcc0ab6..ea32622 100644 --- a/templates/redhat/icinga.cfg.erb +++ b/templates/redhat/icinga.cfg.erb @@ -248,7 +248,6 @@ event_broker_options=-1 #broker_module=/somewhere/module2.o arg1 arg2=3 debug=0 -broker_module=/usr/lib64/mk-livestatus/livestatus.o /tmp/live.sock <%- if @use_ido -%> broker_module=/usr/lib64/icinga/idomod.so config_file=/etc/icinga/idomod.cfg From 99f11366d749bf565749858d0ee77d802d0b7193 Mon Sep 17 00:00:00 2001 From: vdmkenny Date: Mon, 7 Mar 2016 14:40:04 +0100 Subject: [PATCH 062/190] added livestatus broker module and parameter to enable this --- manifests/params.pp | 1 + templates/redhat/icinga.cfg.erb | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/manifests/params.pp b/manifests/params.pp index 4b2bfde..b21c383 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -28,6 +28,7 @@ $notification_service_opts = 'w,u,c,r' $notification_interval = '0' $max_check_attempts = '4' + $use_livestatus = false $use_ido = false $use_flapjackfeeder = false $parents = undef diff --git a/templates/redhat/icinga.cfg.erb b/templates/redhat/icinga.cfg.erb index ea32622..53e38ce 100644 --- a/templates/redhat/icinga.cfg.erb +++ b/templates/redhat/icinga.cfg.erb @@ -257,6 +257,13 @@ broker_module=/usr/lib64/icinga/idomod.so config_file=/etc/icinga/idomod.cfg broker_module=/usr/local/lib/flapjackfeeder.o redis_host=10.0.64.34,redis_port=6380 <% end %> +<% if @use_livestatus and not @use_ido and not @use_flapjackfeeder %> +broker_module=/usr/lib64/mk-livestatus/livestatus.o /tmp/live.sock +<% end %> + + + + # LOG ROTATION METHOD # This is the log rotation method that Icinga should use to rotate # the main log file. Values are as follows.. From 8ceb00f040b02bdbd46352919029cc4b7cd6d724 Mon Sep 17 00:00:00 2001 From: vdmkenny Date: Mon, 7 Mar 2016 14:59:52 +0100 Subject: [PATCH 063/190] enabled livestatus parameter --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index b21c383..06e3681 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -28,7 +28,7 @@ $notification_service_opts = 'w,u,c,r' $notification_interval = '0' $max_check_attempts = '4' - $use_livestatus = false + $use_livestatus = true $use_ido = false $use_flapjackfeeder = false $parents = undef From 7ab11ce78eec44529e25be9987ad7fb9299a4cef Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 8 Mar 2016 20:20:24 +0100 Subject: [PATCH 064/190] implementation of scheduling downtimes for all services with notification_period = "workhours" refs #20810 Signed-off-by: Pavel Pulec --- .../schedule_downtime_for_workhours.pp | 54 +++++++++++++++++++ .../get_services_with_workhours.py.erb | 39 ++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 manifests/plugins/schedule_downtime_for_workhours.pp create mode 100644 templates/plugins/get_services_with_workhours.py.erb diff --git a/manifests/plugins/schedule_downtime_for_workhours.pp b/manifests/plugins/schedule_downtime_for_workhours.pp new file mode 100644 index 0000000..494f32b --- /dev/null +++ b/manifests/plugins/schedule_downtime_for_workhours.pp @@ -0,0 +1,54 @@ +# == Class: icinga::plugins::schedule_downtime_for_workhours +# +# This class is kind of specific. +# +# We use aNag android app which does not have implemented feature which +# handles $notification_period at all. It means that even when you configure +# notification period to 'workhours', you will be notified in aNag app. +# +# So as a workaround, I created this class which will regularly check all +# the services and for services with 'workhours' will schedule downtime. +# +class icinga::plugins::schedule_downtime_for_workhours ( + $icinga_user, + $icinga_pass, + $icinga_url = 'https://icinga.inuits.eu/icinga/cgi-bin/config.cgi?type=services&jsonoutput', + $work_dir = '/var/lib/icinga', +) inherits icinga { + + file { '/usr/local/bin/get_services_with_workhours.py': + ensure => 'file', + mode => '0755', + owner => 'root', + group => 'root', + content => template('icinga/plugins/get_services_with_workhours.py.erb'), + } + + file { $work_dir: + ensure => 'directory', + mode => '0755', + owner => $::icinga::server_user, + group => $::icinga::server_group, + } + + cron { "${name}-cron-get-and-save-services-with-workhours": + command => "/usr/local/bin/get_services_with_workhours.py > ${work_dir}/workhours_downtimes.cfg", + user => 'root', + minute => '54', + } + + nagios_command {'schedule_downtime_for_workhours': + command_line => "${::icinga::sharedir_server}/bin/sched_down.pl -c ${::icinga::confdir_server}/icinga.cfg -s ${work_dir}/workhours_downtimes.cfg \$ARG1\$", + target => "${::icinga::targetdir}/commands/schedule_downtime_for_workhours.cfg", + } + + nagios_service {'schedule_downtime_for_workhours': + check_command => 'schedule_downtime_for_workhours!-d0', + service_description => 'Schedule downtimes for services with workhours', + host_name => $::fqdn, + target => "/etc/icinga/objects/services/${::fqdn}.cfg", + max_check_attempts => '4', + } + +} + diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb new file mode 100644 index 0000000..77e54f1 --- /dev/null +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -0,0 +1,39 @@ +#!/usr/bin/python + +import urllib2 +import json + +url = '<%= @icinga_url %>' +username = '<%= @icinga_user %>' +password = '<%= @icinga_pass %>' + +passman = urllib2.HTTPPasswordMgrWithDefaultRealm() +passman.add_password(None, url, username, password) +urllib2.install_opener(urllib2.build_opener(urllib2.HTTPBasicAuthHandler(passman))) + +req = urllib2.Request(url) +f = urllib2.urlopen(req) +data = f.read() + +parsed_data = json.loads(data) + +print('# this output is generated by /usr/local/bin/get_services_with_workhours.py, probably by cron\n') + +for service in parsed_data['config']['services']: + if service['notification_period'] == 'workhours': + print('define downtime {') + print(" host_name %s " % (service['host_name']) ) + print(" service_description %s " % (service['service_description']) ) + print(' author monitor') + print(' comment Schedule downtime for services with workhours notifications') + print(' downtime_period monday 00:00-09:00,18:00-24:00') + print(' downtime_period tuesday 00:00-09:00,18:00-24:00') + print(' downtime_period wednesday 00:00-09:00,18:00-24:00') + print(' downtime_period thursday 00:00-09:00,18:00-24:00') + print(' downtime_period friday 00:00-09:00,18:00-24:00') + print(' downtime_period saturday 00:00-24:00') + print(' downtime_period sunday 00:00-24:00') + print(' propagate 1') + print(' register 1') + print('}\n') + From f0a1554c49ab7aca273f16e513b54251770dc53a Mon Sep 17 00:00:00 2001 From: birgitcroux Date: Thu, 17 Mar 2016 11:51:37 +0100 Subject: [PATCH 065/190] Added symlink for pip provider --- manifests/plugins/checkelasticsearch.pp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checkelasticsearch.pp b/manifests/plugins/checkelasticsearch.pp index ea7338f..1c9d107 100644 --- a/manifests/plugins/checkelasticsearch.pp +++ b/manifests/plugins/checkelasticsearch.pp @@ -17,7 +17,13 @@ package{$pkgname: ensure => present, provider => 'pip', - require => Package['python-pip'], + require => File['/usr/bin/pip-python'], + } + file { '/usr/bin/pip-python': + ensure => 'link', + target => '/usr/bin/pip', + require => Package['python-pip'], + } } From b5fdb4b5eee39730c51f70efddab4d6a4bda48b7 Mon Sep 17 00:00:00 2001 From: Patrick Van Brussel Date: Thu, 17 Mar 2016 14:42:25 +0100 Subject: [PATCH 066/190] Make ssl quality configurable, not hardcoded Signed-off-by: Patrick Van Brussel --- templates/plugins/check_sslscan.sh.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/plugins/check_sslscan.sh.erb b/templates/plugins/check_sslscan.sh.erb index 89e5c86..5f60b15 100644 --- a/templates/plugins/check_sslscan.sh.erb +++ b/templates/plugins/check_sslscan.sh.erb @@ -1,10 +1,10 @@ #!/bin/bash -MSG=$(/usr/lib64/nagios/plugins/check_sslscan.pl -H <%= @host_url %> -w B -c C) +MSG=$(/usr/lib64/nagios/plugins/check_sslscan.pl -H <%= @host_url %> -w <%= @warning_grade %> -c <%= @critical_grade %>) RET_VAL=$? if [ $RET_VAL -eq 3 ]; then # we probably got the "too many connections" error, we'll wait some time and try again sleep $(($RANDOM % 800 + 240)) - MSG=$(/usr/lib64/nagios/plugins/check_sslscan.pl -H <%= @host_url %> -w B -c C) + MSG=$(/usr/lib64/nagios/plugins/check_sslscan.pl -H <%= @host_url %> -w <%= @warning_grade %> -c <%= @critical_grade %>) RET_VAL=$? fi echo "<%= @fqdn %>;SSL Quality <%= @host_url %>;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <%= @icinga_host %> -p 5667 -d ";" From 2fcfb718437dc708348ea04d36e2247350ef70dc Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 21 Mar 2016 11:25:38 +0100 Subject: [PATCH 067/190] do not install pymongo by pip refs #19428 Signed-off-by: Pavel Pulec --- manifests/plugins/checkmongodb.pp | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/manifests/plugins/checkmongodb.pp b/manifests/plugins/checkmongodb.pp index a78cc51..2289b36 100644 --- a/manifests/plugins/checkmongodb.pp +++ b/manifests/plugins/checkmongodb.pp @@ -16,17 +16,9 @@ ) inherits icinga { if $icinga::client { - if !defined(Package['python-pip']) { - package { 'python-pip': - ensure => present, - } - } - - if !defined(Package['pymongo']) { - package { 'pymongo': + if !defined(Package['python-pymongo']) { + package { 'python-pymongo': ensure => present, - provider => 'pip', - require => Package['python-pip'], } } From 0f287c5ada7ebf429e4f4683571cb966ddb54773 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 21 Mar 2016 13:02:37 +0100 Subject: [PATCH 068/190] fix compatibily with Mongo v3 Signed-off-by: Pavel Pulec --- files/check_mongodb.py | 194 +++++++++++++++++++++++++++++------------ 1 file changed, 136 insertions(+), 58 deletions(-) diff --git a/files/check_mongodb.py b/files/check_mongodb.py index 86a88d7..5b1db7f 100755 --- a/files/check_mongodb.py +++ b/files/check_mongodb.py @@ -1,7 +1,5 @@ #!/usr/bin/env python -### File managed with puppet ### - # # A MongoDB Nagios check script # @@ -18,6 +16,8 @@ # - @jbraeuer on github # - Dag Stockstad # - @Andor on github +# - Steven Richards - Captainkrtek on github +# - Max Vernimmen - @mvernimmen-CG / @mvernimmen on github # # USAGE # @@ -125,16 +125,16 @@ def main(argv): p = optparse.OptionParser(conflict_handler="resolve", description="This Nagios plugin checks the health of mongodb.") p.add_option('-H', '--host', action='store', type='string', dest='host', default='127.0.0.1', help='The hostname you want to connect to') - p.add_option('-P', '--port', action='store', type='int', dest='port', default=27017, help='The port mongodb is runnung on') + p.add_option('-P', '--port', action='store', type='int', dest='port', default=27017, help='The port mongodb is running on') p.add_option('-u', '--user', action='store', type='string', dest='user', default=None, help='The username you want to login as') p.add_option('-p', '--pass', action='store', type='string', dest='passwd', default=None, help='The password you want to use for that user') - p.add_option('-W', '--warning', action='store', dest='warning', default=None, help='The warning threshold we want to set') - p.add_option('-C', '--critical', action='store', dest='critical', default=None, help='The critical threshold we want to set') + p.add_option('-W', '--warning', action='store', dest='warning', default=None, help='The warning threshold you want to set') + p.add_option('-C', '--critical', action='store', dest='critical', default=None, help='The critical threshold you want to set') p.add_option('-A', '--action', action='store', type='choice', dest='action', default='connect', help='The action you want to take', choices=['connect', 'connections', 'replication_lag', 'replication_lag_percent', 'replset_state', 'memory', 'memory_mapped', 'lock', 'flushing', 'last_flush_time', 'index_miss_ratio', 'databases', 'collections', 'database_size', 'database_indexes', 'collection_indexes', 'collection_size', - 'queues', 'oplog', 'journal_commits_in_wl', 'write_data_files', 'journaled', 'opcounters', 'current_lock', 'replica_primary', 'page_faults', - 'asserts', 'queries_per_second', 'page_faults', 'chunks_balance', 'connect_primary', 'collection_state', 'row_count', 'replset_quorum']) + 'collection_storageSize', 'queues', 'oplog', 'journal_commits_in_wl', 'write_data_files', 'journaled', 'opcounters', 'current_lock', 'replica_primary', + 'page_faults', 'asserts', 'queries_per_second', 'page_faults', 'chunks_balance', 'connect_primary', 'collection_state', 'row_count', 'replset_quorum']) p.add_option('--max-lag', action='store_true', dest='max_lag', default=False, help='Get max replication lag (for replication_lag action only)') p.add_option('--mapped-memory', action='store_true', dest='mapped_memory', default=False, help='Get mapped memory instead of resident (if resident memory can not be read)') p.add_option('-D', '--perf-data', action='store_true', dest='perf_data', default=False, help='Enable output of Nagios performance data') @@ -145,6 +145,8 @@ def main(argv): p.add_option('-q', '--querytype', action='store', dest='query_type', default='query', help='The query type to check [query|insert|update|delete|getmore|command] from queries_per_second') p.add_option('-c', '--collection', action='store', dest='collection', default='admin', help='Specify the collection to check') p.add_option('-T', '--time', action='store', type='int', dest='sample_time', default=1, help='Time used to sample number of pages faults') + p.add_option('-M', '--mongoversion', action='store', type='choice', dest='mongo_version', default='2', help='The MongoDB version you are talking with, either 2 or 3', + choices=['2','3']) options, arguments = p.parse_args() host = options.host @@ -164,18 +166,13 @@ def main(argv): action = options.action perf_data = options.perf_data max_lag = options.max_lag + mongo_version = options.mongo_version database = options.database ssl = options.ssl replicaset = options.replicaset - if action == 'replica_primary': - err_f, con_f = mongo_connect(host, port, ssl, user, passwd) - if err_f != 0: - return err_f - if not replicaset: - replicaset = con_f.admin.command("replSetGetStatus")['set'] - if not replicaset: - return "replicaset must be passed in when using replica_primary check" + if action == 'replica_primary' and replicaset is None: + return "replicaset must be passed in when using replica_primary check" elif not action == 'replica_primary' and replicaset: return "passing a replicaset while not checking replica_primary does not work" @@ -199,13 +196,13 @@ def main(argv): elif action == "replset_state": return check_replset_state(con, perf_data, warning, critical) elif action == "memory": - return check_memory(con, warning, critical, perf_data, options.mapped_memory) + return check_memory(con, warning, critical, perf_data, options.mapped_memory, host) elif action == "memory_mapped": return check_memory_mapped(con, warning, critical, perf_data) elif action == "queues": return check_queues(con, warning, critical, perf_data) elif action == "lock": - return check_lock(con, warning, critical, perf_data) + return check_lock(con, warning, critical, perf_data, mongo_version) elif action == "current_lock": return check_current_lock(con, host, warning, critical, perf_data) elif action == "flushing": @@ -233,6 +230,8 @@ def main(argv): return check_collection_indexes(con, database, collection, warning, critical, perf_data) elif action == "collection_size": return check_collection_size(con, database, collection, warning, critical, perf_data) + elif action == "collection_storageSize": + return check_collection_storageSize(con, database, collection, warning, critical, perf_data) elif action == "journaled": return check_journaled(con, warning, critical, perf_data) elif action == "write_data_files": @@ -242,9 +241,9 @@ def main(argv): elif action == "asserts": return check_asserts(con, host, warning, critical, perf_data) elif action == "replica_primary": - return check_replica_primary(con, host, warning, critical, perf_data, replicaset) + return check_replica_primary(con, host, warning, critical, perf_data, replicaset, mongo_version) elif action == "queries_per_second": - return check_queries_per_second(con, query_type, warning, critical, perf_data) + return check_queries_per_second(con, query_type, warning, critical, perf_data, mongo_version) elif action == "page_faults": check_page_faults(con, sample_time, warning, critical, perf_data) elif action == "chunks_balance": @@ -307,10 +306,11 @@ def exit_with_general_critical(e): def set_read_preference(db): - if pymongo.version >= "2.1": + if pymongo.version >= "2.2": + pymongo.read_preferences.Secondary + else: db.read_preference = pymongo.ReadPreference.SECONDARY - def check_connect(host, port, warning, critical, perf_data, user, passwd, conn_time): warning = warning or 3 critical = critical or 6 @@ -343,6 +343,10 @@ def check_connections(con, warning, critical, perf_data): def check_rep_lag(con, host, port, warning, critical, percent, perf_data, max_lag, user, passwd): # Get mongo to tell us replica set member name when connecting locally if "127.0.0.1" == host: + if not "me" in con.admin.command("ismaster","1").keys(): + print "OK - This is not replicated MongoDB" + sys.exit(3) + host = con.admin.command("ismaster","1")["me"].split(':')[0] if percent: @@ -360,7 +364,7 @@ def check_rep_lag(con, host, port, warning, critical, percent, perf_data, max_la try: rs_status = con.admin.command("replSetGetStatus") except pymongo.errors.OperationFailure, e: - if e.code == None and str(e).find('failed: not running with --replSet"'): + if ((e.code == None and str(e).find('failed: not running with --replSet"')) or (e.code == 76 and str(e).find('not running with --replSet"'))): print "OK - Not running with replSet" return 0 @@ -369,7 +373,7 @@ def check_rep_lag(con, host, port, warning, critical, percent, perf_data, max_la # # check for version greater then 2.0 # - rs_conf = con.local.system.replset.find_one() + rs_conf = con.local.system.replset.findOne() for member in rs_conf['members']: if member.get('slaveDelay') is not None: slaveDelays[member['host']] = member.get('slaveDelay') @@ -383,7 +387,7 @@ def check_rep_lag(con, host, port, warning, critical, percent, perf_data, max_la for member in rs_status["members"]: if member["stateStr"] == "PRIMARY": primary_node = member - if member["name"].split(':')[0] == host and int(member["name"].split(':')[1]) == port: + if member.get('self') == True: host_node = member # Check if we're in the middle of an election and don't have a primary @@ -504,13 +508,35 @@ def check_rep_lag(con, host, port, warning, critical, percent, perf_data, max_la except Exception, e: return exit_with_general_critical(e) +# +# Check the memory usage of mongo. Alerting on this may be hard to get right +# because it'll try to get as much memory as it can. And that's probably +# a good thing. +# +def check_memory(con, warning, critical, perf_data, mapped_memory, host): + # Get the total system memory of this system (This is totally bogus if you + # are running this command remotely) and calculate based on that how much + # memory used by Mongodb is ok or not. + meminfo = open('/proc/meminfo').read() + matched = re.search(r'^MemTotal:\s+(\d+)', meminfo) + if matched: + mem_total_kB = int(matched.groups()[0]) + + if host != "127.0.0.1" and not warning: + # Running remotely and value was not set by user, use hardcoded value + warning = 12 + else: + # running locally or user provided value + warning = warning or (mem_total_kB * 0.8) / 1024.0 / 1024.0 + + if host != "127.0.0.1" and not critical: + critical = 16 + else: + critical = critical or (mem_total_kB * 0.9) / 1024.0 / 1024.0 + + # debugging + #print "mem total: {0}kb, warn: {1}GB, crit: {2}GB".format(mem_total_kB,warning, critical) -def check_memory(con, warning, critical, perf_data, mapped_memory): - # - # These thresholds are basically meaningless, and must be customized to your system's ram - # - warning = warning or 8 - critical = critical or 16 try: data = get_server_status(con) if not data['mem']['supported'] and not mapped_memory: @@ -581,7 +607,7 @@ def check_memory_mapped(con, warning, critical, perf_data): message += " %.2fGB mappedWithJournal" % mem_mapped_journal except: mem_mapped_journal = 0 - message += performance_data(perf_data, [("%.2f" % mem_mapped, "memory_mapped"), ("%.2f" % mem_mapped_journal, "mappedWithJournal")]) + message += performance_data(perf_data, [("%.2f" % mem_mapped, "memory_mapped", warning, critical), ("%.2f" % mem_mapped_journal, "mappedWithJournal")]) if not mem_mapped == -1: return check_levels(mem_mapped, warning, critical, message) @@ -593,21 +619,33 @@ def check_memory_mapped(con, warning, critical, perf_data): return exit_with_general_critical(e) -def check_lock(con, warning, critical, perf_data): +# +# Return the percentage of the time there was a global Lock +# +def check_lock(con, warning, critical, perf_data, mongo_version): warning = warning or 10 critical = critical or 30 - try: - data = get_server_status(con) - # - # calculate percentage - # - lock_percentage = float(data['globalLock']['lockTime']) / float(data['globalLock']['totalTime']) * 100 - message = "Lock Percentage: %.2f%%" % lock_percentage - message += performance_data(perf_data, [("%.2f" % lock_percentage, "lock_percentage", warning, critical)]) - return check_levels(lock_percentage, warning, critical, message) - - except Exception, e: - return exit_with_general_critical(e) + if mongo_version == "2": + try: + data = get_server_status(con) + lockTime = data['globalLock']['lockTime'] + totalTime = data['globalLock']['totalTime'] + # + # calculate percentage + # + if lockTime > totalTime: + lock_percentage = 0.00 + else: + lock_percentage = float(lockTime) / float(totalTime) * 100 + message = "Lock Percentage: %.2f%%" % lock_percentage + message += performance_data(perf_data, [("%.2f" % lock_percentage, "lock_percentage", warning, critical)]) + return check_levels(lock_percentage, warning, critical, message) + except Exception, e: + print "Couldn't get globalLock lockTime info from mongo, are you sure you're not using version 3? See the -M option." + return exit_with_general_critical(e) + else: + print "FAIL - Mongo3 doesn't report on global locks" + return 1 def check_flushing(con, warning, critical, avg, perf_data): @@ -710,7 +748,7 @@ def check_replset_state(con, perf_data, warning="", critical=""): data = con.admin.command(son.SON([('replSetGetStatus', 1)])) state = int(data['myState']) except pymongo.errors.OperationFailure, e: - if e.code == None and str(e).find('failed: not running with --replSet"'): + if ((e.code == None and str(e).find('failed: not running with --replSet"')) or (e.code == 76 and str(e).find('not running with --replSet"'))): state = -1 if state == 8: @@ -921,7 +959,32 @@ def check_collection_size(con, database, collection, warning, critical, perf_dat except Exception, e: return exit_with_general_critical(e) -def check_queries_per_second(con, query_type, warning, critical, perf_data): + +def check_collection_storageSize(con, database, collection, warning, critical, perf_data): + warning = warning or 100 + critical = critical or 1000 + perfdata = "" + try: + set_read_preference(con.admin) + data = con[database].command('collstats', collection) + storageSize = data['storageSize'] / 1024 / 1024 + if perf_data: + perfdata += " | collection_storageSize=%i;%i;%i" % (storageSize, warning, critical) + + if storageSize >= critical: + print "CRITICAL - %s.%s storageSize: %.0f MB %s" % (database, collection, storageSize, perfdata) + return 2 + elif storageSize >= warning: + print "WARNING - %s.%s storageSize: %.0f MB %s" % (database, collection, storageSize, perfdata) + return 1 + else: + print "OK - %s.%s storageSize: %.0f MB %s" % (database, collection, storageSize, perfdata) + return 0 + except Exception, e: + return exit_with_general_critical(e) + + +def check_queries_per_second(con, query_type, warning, critical, perf_data, mongo_version): warning = warning or 250 critical = critical or 500 @@ -936,7 +999,7 @@ def check_queries_per_second(con, query_type, warning, critical, perf_data): num = int(data['opcounters'][query_type]) # do the math - last_count = db.nagios_check.find_one({'check': 'query_counts'}) + last_count = db.nagios_check.findOne({'check': 'query_counts'}) try: ts = int(time.time()) diff_query = num - last_count['data'][query_type]['count'] @@ -945,7 +1008,10 @@ def check_queries_per_second(con, query_type, warning, critical, perf_data): query_per_sec = float(diff_query) / float(diff_ts) # update the count now - db.nagios_check.update({u'_id': last_count['_id']}, {'$set': {"data.%s" % query_type: {'count': num, 'ts': int(time.time())}}}) + if mongo_version == "2": + db.nagios_check.update({u'_id': last_count['_id']}, {'$set': {"data.%s" % query_type: {'count': num, 'ts': int(time.time())}}}) + else: + db.nagios_check.updateOne({u'_id': last_count['_id']}, {'$set': {"data.%s" % query_type: {'count': num, 'ts': int(time.time())}}}) message = "Queries / Sec: %f" % query_per_sec message += performance_data(perf_data, [(query_per_sec, "%s_per_sec" % query_type, warning, critical, message)]) @@ -954,13 +1020,20 @@ def check_queries_per_second(con, query_type, warning, critical, perf_data): # since it is the first run insert it query_per_sec = 0 message = "First run of check.. no data" - db.nagios_check.update({u'_id': last_count['_id']}, {'$set': {"data.%s" % query_type: {'count': num, 'ts': int(time.time())}}}) + if mongo_version == "2": + db.nagios_check.update({u'_id': last_count['_id']}, {'$set': {"data.%s" % query_type: {'count': num, 'ts': int(time.time())}}}) + else: + db.nagios_check.updateOne({u'_id': last_count['_id']}, {'$set': {"data.%s" % query_type: {'count': num, 'ts': int(time.time())}}}) + except TypeError: # # since it is the first run insert it query_per_sec = 0 message = "First run of check.. no data" - db.nagios_check.insert({'check': 'query_counts', 'data': {query_type: {'count': num, 'ts': int(time.time())}}}) + if mongo_version == "2": + db.nagios_check.insert({'check': 'query_counts', 'data': {query_type: {'count': num, 'ts': int(time.time())}}}) + else: + db.nagios_check.insert_one({'check': 'query_counts', 'data': {query_type: {'count': num, 'ts': int(time.time())}}}) return check_levels(query_per_sec, warning, critical, message) @@ -978,12 +1051,12 @@ def check_oplog(con, warning, critical, perf_data): critical = critical or 4 try: db = con.local - ol = db.system.namespaces.find_one({"name": "local.oplog.rs"}) - if (db.system.namespaces.find_one({"name": "local.oplog.rs"}) != None): + ol = db.system.namespaces.findOne({"name": "local.oplog.rs"}) + if (db.system.namespaces.findOne({"name": "local.oplog.rs"}) != None): oplog = "oplog.rs" else: - ol = db.system.namespaces.find_one({"name": "local.oplog.$main"}) - if (db.system.namespaces.find_one({"name": "local.oplog.$main"}) != None): + ol = db.system.namespaces.findOne({"name": "local.oplog.$main"}) + if (db.system.namespaces.findOne({"name": "local.oplog.$main"}) != None): oplog = "oplog.$main" else: message = "neither master/slave nor replica set replication detected" @@ -1187,13 +1260,15 @@ def get_stored_primary_server_name(db): """ get the stored primary server name from db. """ if "last_primary_server" in db.collection_names(): stored_primary_server = db.last_primary_server.find_one()["server"] + elif "last_primary_server" in db.command('listCollections').get('cursor').get('firstBatch')[0].get('name'): + stored_primary_server = db.last_primary_server.find_one()["server"] else: stored_primary_server = None return stored_primary_server -def check_replica_primary(con, host, warning, critical, perf_data, replicaset): +def check_replica_primary(con, host, warning, critical, perf_data, replicaset, mongo_version): """ A function to check if the primary server of a replica set has changed """ if warning is None and critical is None: warning = 1 @@ -1216,7 +1291,10 @@ def check_replica_primary(con, host, warning, critical, perf_data, replicaset): saved_primary = "None" if current_primary != saved_primary: last_primary_server_record = {"server": current_primary} - db.last_primary_server.update({"_id": "last_primary"}, {"$set": last_primary_server_record}, upsert=True, safe=True) + if mongo_version == "2": + db.last_primary_server.update({"_id": "last_primary"}, {"$set": last_primary_server_record}, upsert=True, safe=True) + else: + db.last_primary_server.update({"_id": "last_primary"}, {"$set": last_primary_server_record}, upsert=True, safe=True) message = "Primary server has changed from %s to %s" % (saved_primary, current_primary) primary_status = 1 return check_levels(primary_status, warning, critical, message) @@ -1332,7 +1410,7 @@ def check_connect_primary(con, warning, critical, perf_data): def check_collection_state(con, database, collection): try: - con[database][collection].find_one() + con[database][collection].findOne() print "OK - Collection %s.%s is reachable " % (database, collection) return 0 @@ -1424,7 +1502,7 @@ def maintain_delta(new_vals, host, action): def replication_get_time_diff(con): col = 'oplog.rs' local = con.local - ol = local.system.namespaces.find_one({"name": "local.oplog.$main"}) + ol = local.system.namespaces.findOne({"name": "local.oplog.$main"}) if ol: col = 'oplog.$main' firstc = local[col].find().sort("$natural", 1).limit(1) From 7ffa5d6402b2e08575b8d04454e1fd04dac5ce56 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 21 Mar 2016 13:11:40 +0100 Subject: [PATCH 069/190] pass replica_set param to one of the check Signed-off-by: Pavel Pulec --- manifests/plugins/checkmongodb.pp | 1 + templates/plugins/mongodb.cfg.erb | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checkmongodb.pp b/manifests/plugins/checkmongodb.pp index 2289b36..8900239 100644 --- a/manifests/plugins/checkmongodb.pp +++ b/manifests/plugins/checkmongodb.pp @@ -13,6 +13,7 @@ $mongod_graphite_io_write_url = 'http://graphite/render?target=mongo_host.processes.mongod.ps_disk_octets.write&from=-5minutes&rawData=true', $graphite_host = undef, $monitor_replication = true, + $replica_set = 'replica_name', ) inherits icinga { if $icinga::client { diff --git a/templates/plugins/mongodb.cfg.erb b/templates/plugins/mongodb.cfg.erb index 9e65047..cebe919 100644 --- a/templates/plugins/mongodb.cfg.erb +++ b/templates/plugins/mongodb.cfg.erb @@ -5,7 +5,7 @@ command[check_mongodb_replication_lag]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A replication_lag -P 27017 -W 15 -C 30 command[check_mongodb_replication_lag_percentage]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A replication_lag_percent -P 27017 -W 50 -C 75 -command[check_mongodb_replicaset]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A replica_primary -P 27017 -W 0 -C 1 +command[check_mongodb_replicaset]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A replica_primary -P 27017 -W 0 -C 1 -r <%= @replica_set %> command[check_mongodb_connect]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A connect -P 27017 -W 2 -C 4 command[check_mongodb_connections]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A connections -P 27017 -W 70 -C 80 command[check_mongodb_replset_state]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A replset_state -P 27017 From 95e07fc1a4ced089d10b84f278a6c912c729a7f3 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 21 Mar 2016 14:00:32 +0100 Subject: [PATCH 070/190] fix wrong replacement of find_one by findOne + fix set_read_preference function Signed-off-by: Pavel Pulec --- files/check_mongodb.py | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/files/check_mongodb.py b/files/check_mongodb.py index 5b1db7f..87c39eb 100755 --- a/files/check_mongodb.py +++ b/files/check_mongodb.py @@ -306,10 +306,14 @@ def exit_with_general_critical(e): def set_read_preference(db): - if pymongo.version >= "2.2": - pymongo.read_preferences.Secondary - else: - db.read_preference = pymongo.ReadPreference.SECONDARY + #if pymongo.version >= "2.2": + # pymongo.read_preferences.Secondary + #else: + # db.read_preference = pymongo.ReadPreference.SECONDARY + # I haven't found the reason why it does not work. Anyway this dirty fix works + # The clue is probalby in older version of pymongo (installed from Centos repo instead + # of by pip) + db.read_preference = pymongo.ReadPreference.SECONDARY def check_connect(host, port, warning, critical, perf_data, user, passwd, conn_time): warning = warning or 3 @@ -373,7 +377,7 @@ def check_rep_lag(con, host, port, warning, critical, percent, perf_data, max_la # # check for version greater then 2.0 # - rs_conf = con.local.system.replset.findOne() + rs_conf = con.local.system.replset.find_one() for member in rs_conf['members']: if member.get('slaveDelay') is not None: slaveDelays[member['host']] = member.get('slaveDelay') @@ -999,7 +1003,7 @@ def check_queries_per_second(con, query_type, warning, critical, perf_data, mong num = int(data['opcounters'][query_type]) # do the math - last_count = db.nagios_check.findOne({'check': 'query_counts'}) + last_count = db.nagios_check.find_one({'check': 'query_counts'}) try: ts = int(time.time()) diff_query = num - last_count['data'][query_type]['count'] @@ -1051,12 +1055,12 @@ def check_oplog(con, warning, critical, perf_data): critical = critical or 4 try: db = con.local - ol = db.system.namespaces.findOne({"name": "local.oplog.rs"}) - if (db.system.namespaces.findOne({"name": "local.oplog.rs"}) != None): + ol = db.system.namespaces.find_one({"name": "local.oplog.rs"}) + if (db.system.namespaces.find_one({"name": "local.oplog.rs"}) != None): oplog = "oplog.rs" else: - ol = db.system.namespaces.findOne({"name": "local.oplog.$main"}) - if (db.system.namespaces.findOne({"name": "local.oplog.$main"}) != None): + ol = db.system.namespaces.find_one({"name": "local.oplog.$main"}) + if (db.system.namespaces.find_one({"name": "local.oplog.$main"}) != None): oplog = "oplog.$main" else: message = "neither master/slave nor replica set replication detected" @@ -1410,7 +1414,7 @@ def check_connect_primary(con, warning, critical, perf_data): def check_collection_state(con, database, collection): try: - con[database][collection].findOne() + con[database][collection].find_one() print "OK - Collection %s.%s is reachable " % (database, collection) return 0 @@ -1502,7 +1506,7 @@ def maintain_delta(new_vals, host, action): def replication_get_time_diff(con): col = 'oplog.rs' local = con.local - ol = local.system.namespaces.findOne({"name": "local.oplog.$main"}) + ol = local.system.namespaces.find_one({"name": "local.oplog.$main"}) if ol: col = 'oplog.$main' firstc = local[col].find().sort("$natural", 1).limit(1) From c4658b4294ff6681d9c334d40d598fb7dfdccb36 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 21 Mar 2016 15:25:40 +0100 Subject: [PATCH 071/190] fix the failing first run of check_mongodb.py Signed-off-by: Pavel Pulec --- files/check_mongodb.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/files/check_mongodb.py b/files/check_mongodb.py index 87c39eb..24fc11d 100755 --- a/files/check_mongodb.py +++ b/files/check_mongodb.py @@ -1262,9 +1262,16 @@ def check_asserts(con, host, warning, critical, perf_data): def get_stored_primary_server_name(db): """ get the stored primary server name from db. """ + + collections = '' + try: + collections = db.command('listCollections').get('cursor').get('firstBatch')[0].get('name') + except: + pass + if "last_primary_server" in db.collection_names(): stored_primary_server = db.last_primary_server.find_one()["server"] - elif "last_primary_server" in db.command('listCollections').get('cursor').get('firstBatch')[0].get('name'): + elif "last_primary_server" in collections: stored_primary_server = db.last_primary_server.find_one()["server"] else: stored_primary_server = None From 264a4844004c6ee44f48b1d89fd989f0beb02f72 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 4 Apr 2016 14:46:59 +0200 Subject: [PATCH 072/190] remove explicit hiera calls from checK_dns_sync Signed-off-by: Pavel Pulec --- manifests/plugins/check_dns_sync.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/plugins/check_dns_sync.pp b/manifests/plugins/check_dns_sync.pp index 3bc3715..0a90331 100644 --- a/manifests/plugins/check_dns_sync.pp +++ b/manifests/plugins/check_dns_sync.pp @@ -3,14 +3,14 @@ # This class provides a check_dns_sync plugin. # class icinga::plugins::check_dns_sync ( + $icinga_host, $ensure = present, $contact_groups = $::environment, $max_check_attempts = $::icinga::max_check_attempts, $notification_period = 'workhours', $notifications_enabled = $::icinga::notifications_enabled, - $full_zonelist = hiera('inuits::nameserver::full_zonelist', undef), - $icinga_host = hiera('icinga_host'), - $ignored_domains = hiera('ignored_domains', undef), + $full_zonelist = {}, + $ignored_domains = undef, ) inherits icinga { package { 'perl-Net-DNS.x86_64': From 3f3362bff8901c4864f836e914334f0aa6bde3c3 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 6 Apr 2016 14:12:49 +0200 Subject: [PATCH 073/190] add plugins for monitoring ES Signed-off-by: honza --- manifests/plugins/check_es_cluster_status.pp | 33 +++++++++++++++++ manifests/plugins/check_es_jvm_usage.pp | 33 +++++++++++++++++ manifests/plugins/check_es_nodes.pp | 35 +++++++++++++++++++ .../plugins/check_es_unassigned_shards.pp | 33 +++++++++++++++++ 4 files changed, 134 insertions(+) create mode 100644 manifests/plugins/check_es_cluster_status.pp create mode 100644 manifests/plugins/check_es_jvm_usage.pp create mode 100644 manifests/plugins/check_es_nodes.pp create mode 100644 manifests/plugins/check_es_unassigned_shards.pp diff --git a/manifests/plugins/check_es_cluster_status.pp b/manifests/plugins/check_es_cluster_status.pp new file mode 100644 index 0000000..b73b586 --- /dev/null +++ b/manifests/plugins/check_es_cluster_status.pp @@ -0,0 +1,33 @@ +# == Class: icinga::plugins::check_es_cluster_status +class icinga::plugins::check_es_cluster_status ( + $ensure = present, + $contact_groups = $::environment, + $host = 'localhost', + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + +) inherits icinga { + file{"${::icinga::includedir_client}/check_es_cluster_status.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_es_cluster_status]=${::icinga::plugindir}/check_es-cluster-status.py --host=${host}", + notify => Service[$::icinga::service_client], + } + + + @@nagios_service{"check_es_cluster_status_${::fqdn}": + check_command => 'check_nrpe_command!check_es_cluster_status', + service_description => "Check ElasticSearch Cluster Status ${::fqdn}", + host_name => $::fqdn, + contact_groups => $::environment, + use => 'generic-service', + notification_period => $::icinga::notification_period, + notifications_enabled => $::icinga::notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } +} + + diff --git a/manifests/plugins/check_es_jvm_usage.pp b/manifests/plugins/check_es_jvm_usage.pp new file mode 100644 index 0000000..aabdf08 --- /dev/null +++ b/manifests/plugins/check_es_jvm_usage.pp @@ -0,0 +1,33 @@ +# == Class: icinga::plugins::check_es_jvm_usage +class icinga::plugins::check_es_jvm_usage ( + $ensure = present, + $contact_groups = $::environment, + $host = 'localhost', + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + +) inherits icinga { + file{"${::icinga::includedir_client}/check_es_jvm_usage.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_es_jvm_usage]=${::icinga::plugindir}/check_es-jvm-usage.py --host=${host}", + notify => Service[$::icinga::service_client], + } + + + @@nagios_service{"check_es_jvm_usage_${::fqdn}": + check_command => 'check_nrpe_command!check_es_jvm_usage', + service_description => "Check ElasticSearch JVM usage ${::fqdn}", + host_name => $::fqdn, + contact_groups => $::environment, + use => 'generic-service', + notification_period => $::icinga::notification_period, + notifications_enabled => $::icinga::notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } +} + + diff --git a/manifests/plugins/check_es_nodes.pp b/manifests/plugins/check_es_nodes.pp new file mode 100644 index 0000000..ae0588f --- /dev/null +++ b/manifests/plugins/check_es_nodes.pp @@ -0,0 +1,35 @@ +# == Class: icinga::plugins::check_es_nodes +class icinga::plugins::check_es_nodes ( + $ensure = present, + $expected_nodes_in_cluster = 2, + $contact_groups = $::environment, + $host = 'localhost', + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + +) inherits icinga { + file{"${::icinga::includedir_client}/check_es_nodes.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_es_nodes]=${::icinga::plugindir}/check_es-nodes.py --host=${host} --expected_nodes_in_cluster=${expected_nodes_in_cluster}", + notify => Service[$::icinga::service_client], + } + + ## Exported config to be included in the Icinga/Nagios host + + @@nagios_service{"check_es_nodes_${::fqdn}": + check_command => 'check_nrpe_command!check_es_nodes', + service_description => "Check ElasticSearch Nodes${::fqdn}", + host_name => $::fqdn, + contact_groups => $::environment, + use => 'generic-service', + notification_period => $::icinga::notification_period, + notifications_enabled => $::icinga::notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } +} + + diff --git a/manifests/plugins/check_es_unassigned_shards.pp b/manifests/plugins/check_es_unassigned_shards.pp new file mode 100644 index 0000000..50bc97e --- /dev/null +++ b/manifests/plugins/check_es_unassigned_shards.pp @@ -0,0 +1,33 @@ +# == Class: icinga::plugins::check_es_unassigned_shards +class icinga::plugins::check_es_unassigned_shards ( + $ensure = present, + $contact_groups = $::environment, + $host = 'localhost', + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + +) inherits icinga { + file{"${::icinga::includedir_client}/check_es_unassigned_shards.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_es_unassigned_shards]=${::icinga::plugindir}/check_es-unassigned-shards.py --host=${host} ", + notify => Service[$::icinga::service_client], + } + + + @@nagios_service{"check_es_unassigned_shards_${::fqdn}": + check_command => 'check_nrpe_command!check_es_unassigned_shards', + service_description => "Check ElasticSearch Unassigned Shards Status ${::fqdn}", + host_name => $::fqdn, + contact_groups => $::environment, + use => 'generic-service', + notification_period => $::icinga::notification_period, + notifications_enabled => $::icinga::notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } +} + + From 15fa78784c635a5596b2823e75662db33a932d63 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 7 Apr 2016 12:05:01 +0200 Subject: [PATCH 074/190] change default number of expected nodes in es cluster to one Signed-off-by: honza --- manifests/plugins/check_es_nodes.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/check_es_nodes.pp b/manifests/plugins/check_es_nodes.pp index ae0588f..fd9af33 100644 --- a/manifests/plugins/check_es_nodes.pp +++ b/manifests/plugins/check_es_nodes.pp @@ -1,7 +1,7 @@ # == Class: icinga::plugins::check_es_nodes class icinga::plugins::check_es_nodes ( $ensure = present, - $expected_nodes_in_cluster = 2, + $expected_nodes_in_cluster = 1, $contact_groups = $::environment, $host = 'localhost', $max_check_attempts = $::icinga::max_check_attempts, From 7d008ff321f5c1c302538d45d7f858f6aa584471 Mon Sep 17 00:00:00 2001 From: birgitcroux Date: Thu, 7 Apr 2016 16:43:43 +0200 Subject: [PATCH 075/190] package checkelasticsearch plugin --- manifests/plugins/checkelasticsearch.pp | 42 +++++++++++++++---------- 1 file changed, 25 insertions(+), 17 deletions(-) diff --git a/manifests/plugins/checkelasticsearch.pp b/manifests/plugins/checkelasticsearch.pp index 1c9d107..b50ccef 100644 --- a/manifests/plugins/checkelasticsearch.pp +++ b/manifests/plugins/checkelasticsearch.pp @@ -3,36 +3,44 @@ # This class provides a checkelasticsearch plugin. # class icinga::plugins::checkelasticsearch ( - $pkgname = 'nagios-plugin-elasticsearch', + $pkgname = 'nagios-plugins-elasticsearch', ) { + # if $icinga::client { + # if !defined(Package['python-pip']){ + # package{'python-pip': + # ensure => present, + # } + # } + # + # if !defined(Package[$pkgname]) { + # package{$pkgname: + # ensure => present, + # provider => 'pip', + # require => File['/usr/bin/pip-python'], + # } + # file { '/usr/bin/pip-python': + # ensure => 'link', + # target => '/usr/bin/pip', + # require => Package['python-pip'], + # + # } + # } + if $icinga::client { - if !defined(Package['python-pip']){ - package{'python-pip': + if !defined(Package[$pkgname]) { + package {$pkgname: ensure => present, } } - if !defined(Package[$pkgname]) { - package{$pkgname: - ensure => present, - provider => 'pip', - require => File['/usr/bin/pip-python'], - } - file { '/usr/bin/pip-python': - ensure => 'link', - target => '/usr/bin/pip', - require => Package['python-pip'], - - } - } file { "${::icinga::includedir_client}/elasticsearch.cfg": ensure => 'file', mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => 'command[check_elasticsearch]=/usr/bin/check_elasticsearch', + content => "command[check_elasticsearch]=${::icinga::plugindir}/check_elasticsearch.py", notify => Service[$::icinga::service_client], } From aa525228944f05251f0798f7fc1ded5b9d3c6e61 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 12 Apr 2016 10:01:02 +0200 Subject: [PATCH 076/190] run check_puppet as root because of occasional permissions issue refs #20521 Signed-off-by: Pavel Pulec --- manifests/plugins/checkpuppet.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkpuppet.pp b/manifests/plugins/checkpuppet.pp index 2fd1e52..bdabb25 100644 --- a/manifests/plugins/checkpuppet.pp +++ b/manifests/plugins/checkpuppet.pp @@ -26,7 +26,7 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_puppet]=${::icinga::plugindir}/check_puppet -w 604800 -c 907200\n", + content => "command[check_puppet]=sudo ${::icinga::plugindir}/check_puppet -w 604800 -c 907200\n", notify => Service[$::icinga::service_client], } From 6299c60dd893ea22097419b2d6eb6270de633eda Mon Sep 17 00:00:00 2001 From: bjanssens Date: Mon, 18 Apr 2016 12:39:13 +0200 Subject: [PATCH 077/190] Plugins: Checksslscan: Added "2&>1 >/dev/null" to cron Signed-off-by: bjanssens --- manifests/plugins/checksslscan.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checksslscan.pp b/manifests/plugins/checksslscan.pp index 1db568d..03a7f21 100644 --- a/manifests/plugins/checksslscan.pp +++ b/manifests/plugins/checksslscan.pp @@ -111,7 +111,7 @@ $hour = fqdn_rand($hour_range, $host_url) + $hour_shift cron { "sslscan check-${host_url}": ensure => present, - command => "${::icinga::plugindir}/check_sslscan-${host_url}.sh", + command => "${::icinga::plugindir}/check_sslscan-${host_url}.sh 2&>1 >/dev/null", user => 'root', hour => $hour, minute => fqdn_rand(60, $host_url), From a4b70be3c4a8da72d41fbdbfadb9818427e4d594 Mon Sep 17 00:00:00 2001 From: bjanssens Date: Mon, 18 Apr 2016 13:35:07 +0200 Subject: [PATCH 078/190] Plugin: checkpuppet: Added sudo config to the check Signed-off-by: bjanssens --- manifests/plugins/checkpuppet.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/plugins/checkpuppet.pp b/manifests/plugins/checkpuppet.pp index bdabb25..2a668ae 100644 --- a/manifests/plugins/checkpuppet.pp +++ b/manifests/plugins/checkpuppet.pp @@ -30,6 +30,10 @@ notify => Service[$::icinga::service_client], } + sudo::conf{'nrpe_check_puppet': + content => "Defaults:nagios !requiretty\nnagios ALL=(ALL) NOPASSWD:${::icinga::plugindir}/check_puppet\n", + } + @@nagios_service { "check_puppet_${::fqdn}": check_command => 'check_nrpe_command!check_puppet', service_description => 'Puppet', From c67d133df5d1ed46e328795be0eeaece1927125e Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 10 May 2016 08:53:12 +0200 Subject: [PATCH 079/190] add Author: $SERVICEACKAUTHOR$ to notification e-mail Signed-off-by: Pavel Pulec --- templates/common/commands.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/common/commands.cfg.erb b/templates/common/commands.cfg.erb index 94a7148..b9bc362 100644 --- a/templates/common/commands.cfg.erb +++ b/templates/common/commands.cfg.erb @@ -35,7 +35,7 @@ define command{ # 'notify-service-by-email' command definition define command{ command_name notify-service-by-email - command_line /usr/bin/printf "%b" "***** Icinga *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info: $SERVICEOUTPUT$\n\nComment: $SERVICEACKCOMMENT$\n" | <%= scope.lookupvar('icinga::mail_command') %> -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$ || logger "ERROR: icinga: e-mail notification failed" + command_line /usr/bin/printf "%b" "***** Icinga *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info: $SERVICEOUTPUT$\n\nAuthor: $SERVICEACKAUTHOR$\nComment: $SERVICEACKCOMMENT$\n" | <%= scope.lookupvar('icinga::mail_command') %> -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$ || logger "ERROR: icinga: e-mail notification failed" } From 52ef6d5e02cd0bbe8eea38ffd9b8f52f35049901 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 11 May 2016 13:23:48 +0200 Subject: [PATCH 080/190] dns_sync: set 3 seconds timeout for DNS request Signed-off-by: Pavel Pulec --- templates/plugins/dns_sync.sh.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/plugins/dns_sync.sh.erb b/templates/plugins/dns_sync.sh.erb index 2c427cf..9aa2569 100644 --- a/templates/plugins/dns_sync.sh.erb +++ b/templates/plugins/dns_sync.sh.erb @@ -9,7 +9,7 @@ <% domains+= @full_zonelist[customer].keys -%> <% end -%> <% domains.map! {|domain| domain[/[^:]+/]} -%> -MSG=$(/usr/lib64/nagios/plugins/check_dns_sync.pl <%= (Array(domains)-Array(@ignored_domains)).uniq.sort.join(" ") %>) +MSG=$(/usr/lib64/nagios/plugins/check_dns_sync.pl -T 3 <%= (Array(domains)-Array(@ignored_domains)).uniq.sort.join(" ") %>) RET_VAL=$? echo "<%= @fqdn %>;dns sync;$RET_VAL;$MSG" | /usr/sbin/send_nsca -H <%= @icinga_host %> -p 5667 -d ";" From 2c7474bea7c2b826cc35de4fbc4ceb22466e46e1 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 18 May 2016 10:01:36 +0200 Subject: [PATCH 081/190] check cron logs: not alert on service notifications sent to icinga from other hosts Signed-off-by: honza --- files/check_cron_logs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/check_cron_logs.sh b/files/check_cron_logs.sh index a00e05f..b2baa77 100644 --- a/files/check_cron_logs.sh +++ b/files/check_cron_logs.sh @@ -4,7 +4,7 @@ LOG_FILE='/var/log/messages' DATE=$(date --date="24 hours ago" '+%b %-d %H' | sed -r 's/^([a-zA-Z]+) /\1 {1,2}/g') NAME=$(hostname --short) CRONS_FAILING='' -IGNORE_TAG='drush' +IGNORE_TAG='drush|SERVICE NOTIFICATION|SERVICE ALERT' while getopts ":i:" o; do case "${o}" in From 342ffddace3c7880e420a97732404e9915ed42d4 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 25 May 2016 10:17:49 +0200 Subject: [PATCH 082/190] add the check_generic command Signed-off-by: honza --- templates/common/commands.cfg.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/common/commands.cfg.erb b/templates/common/commands.cfg.erb index b9bc362..41714ff 100644 --- a/templates/common/commands.cfg.erb +++ b/templates/common/commands.cfg.erb @@ -224,6 +224,11 @@ define command{ command_line $USER1$/check_dummy $ARG1$ } +define command{ + command_name check_generic + command_line $USER1$/$ARG1$ $ARG2$ +} + ################################################################################ # # SAMPLE PERFORMANCE DATA COMMANDS From 4dfc7b9fbb4d876b2f1826f7f579c9eb62efddd9 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 25 May 2016 11:28:57 +0200 Subject: [PATCH 083/190] fix parsing with the check_cron_logs check Signed-off-by: honza --- files/check_cron_logs.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/files/check_cron_logs.sh b/files/check_cron_logs.sh index b2baa77..cebc96f 100644 --- a/files/check_cron_logs.sh +++ b/files/check_cron_logs.sh @@ -26,10 +26,10 @@ REGEX="("$(echo "$@" | sed 's/ /)|(/g')")" if egrep -q "$DATE" /var/log/messages; then if [ $REGEX != '()' ]; then CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*$NAME [^ ]+ [^ ]* cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) + sed -r "s/^.*ldap-dooku [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq | egrep -v $REGEX) else CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*$NAME [^ ]+ [^ ]* cron ([^\[]+).*/\1/g" | sort | uniq) + sed -r "s/^.*ldap-dooku [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq) fi ##if not, we're simply reading the whole file @@ -37,10 +37,10 @@ if egrep -q "$DATE" /var/log/messages; then else if [ $REGEX != '()' ]; then CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*$NAME [^ ]+ [^ ]* cron ([^\[]+).*/\1/g" | sort | uniq | egrep -v $REGEX) + sed -r "s/^.*ldap-dooku [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq | egrep -v $REGEX) else CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*$NAME [^ ]+ [^ ]* cron ([^\[]+).*/\1/g" | sort | uniq) + sed -r "s/^.*ldap-dooku [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq) fi fi From 8d3d9e6cb679fbd805b29ee210004cbf459ff786 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 25 May 2016 12:53:13 +0200 Subject: [PATCH 084/190] check_cron_log.sh: fix typo Signed-off-by: honza --- files/check_cron_logs.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/files/check_cron_logs.sh b/files/check_cron_logs.sh index cebc96f..29543a9 100644 --- a/files/check_cron_logs.sh +++ b/files/check_cron_logs.sh @@ -26,10 +26,10 @@ REGEX="("$(echo "$@" | sed 's/ /)|(/g')")" if egrep -q "$DATE" /var/log/messages; then if [ $REGEX != '()' ]; then CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*ldap-dooku [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq | egrep -v $REGEX) + sed -r "s/^.*$NAME [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq | egrep -v $REGEX) else CRONS_FAILING=$(cat $LOG_FILE | sed -r "1,/$DATE/d" |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*ldap-dooku [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq) + sed -r "s/^.*$NAME [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq) fi ##if not, we're simply reading the whole file @@ -37,10 +37,10 @@ if egrep -q "$DATE" /var/log/messages; then else if [ $REGEX != '()' ]; then CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*ldap-dooku [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq | egrep -v $REGEX) + sed -r "s/^.*$NAME [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq | egrep -v $REGEX) else CRONS_FAILING=$(cat $LOG_FILE |egrep "cron .*\[[0-9]+\].*\[error\]" | egrep -v "$IGNORE_TAG" | - sed -r "s/^.*ldap-dooku [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq) + sed -r "s/^.*$NAME [^ ]+ ([^ ]* )?cron ([^\[]+).*/\2/g" | sort | uniq) fi fi From 518f224ecabf2cdf16fb3a701a480e876b28c412 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 1 Jun 2016 16:30:20 +0200 Subject: [PATCH 085/190] checkmysqlclient.pp: fix possible duplicate declaration Signed-off-by: honza --- manifests/plugins/checkmysqlclient.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkmysqlclient.pp b/manifests/plugins/checkmysqlclient.pp index 1f805ef..8241c14 100644 --- a/manifests/plugins/checkmysqlclient.pp +++ b/manifests/plugins/checkmysqlclient.pp @@ -15,7 +15,7 @@ require icinga if $password { - file { "${::icinga::includedir_client}/mysql_client_${database}.cfg": + file { "${::icinga::includedir_client}/mysql_client_${database}-${user}.cfg": ensure => 'file', mode => '0644', owner => $::icinga::client_user, From 4a69ba0628f47e88c2c39146b2fb536d44299240 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 1 Jun 2016 17:05:13 +0200 Subject: [PATCH 086/190] checkmysqlclient.pp add user to service description Signed-off-by: honza --- manifests/plugins/checkmysqlclient.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/plugins/checkmysqlclient.pp b/manifests/plugins/checkmysqlclient.pp index 8241c14..3940087 100644 --- a/manifests/plugins/checkmysqlclient.pp +++ b/manifests/plugins/checkmysqlclient.pp @@ -21,12 +21,12 @@ owner => $::icinga::client_user, group => $::icinga::client_group, notify => Service[$::icinga::service_client], - content => "command[check_mysql_${database}]=/usr/lib64/nagios/plugins/check_mysql -H ${host} -u ${user} -p ${password} -d ${database}" + content => "command[check_mysql_${database}_${user}]=/usr/lib64/nagios/plugins/check_mysql -H ${host} -u ${user} -p ${password} -d ${database}" } - @@nagios_service { "check_mysql_client_${::fqdn}_${database}": - check_command => "check_nrpe_command!check_mysql_${database}", - service_description => "mysql client db: ${database}", + @@nagios_service { "check_mysql_client_${::fqdn}_${database}_${user}": + check_command => "check_nrpe_command!check_mysql_${database}_${user}", + service_description => "mysql client db: ${database} user: ${user}", contact_groups => $contact_groups, host_name => $::fqdn, max_check_attempts => $max_check_attempts, From 380c2288c0d2e83b3ef8caf23db8ed5f43436c81 Mon Sep 17 00:00:00 2001 From: honza Date: Mon, 27 Jun 2016 13:11:04 +0200 Subject: [PATCH 087/190] add collective-access check refs #22484 Signed-off-by: honza --- manifests/plugins/checkcollectiveaccess.pp | 43 ++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 manifests/plugins/checkcollectiveaccess.pp diff --git a/manifests/plugins/checkcollectiveaccess.pp b/manifests/plugins/checkcollectiveaccess.pp new file mode 100644 index 0000000..968cc1a --- /dev/null +++ b/manifests/plugins/checkcollectiveaccess.pp @@ -0,0 +1,43 @@ +# == Class: icinga::plugins::checkcollectiveaccess +class icinga::plugins::checkcollectiveaccess ( + $host, + $user, + $password, + $configuration, + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) inherits ::icinga { + + + + file{"${::icinga::includedir_client}/collectiveaccess.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_collectiveaccess]=${::icinga::usrlib}/nagios/plugins/check_collective-access.rb -h ${host} -u ${user} -p ${password} -c ca_config.yaml\n", + notify => Service[$::icinga::service_client], + } + + file {"${::icinga::includedir_client}/ca_config.yaml": + content => inline_template("<%= @configuration.to_yaml %>"), + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + notify => Service[$::icinga::service_client], + } + + @@nagios_service{"check_collectiveaccess_${::fqdn}": + check_command => 'check_nrpe_command!check_collectiveaccess', + service_description => 'CollectiveAccess', + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + +} From 8f35d80eba6ddc87d8d3d2bcb53a429e3a0c9bef Mon Sep 17 00:00:00 2001 From: honza Date: Mon, 27 Jun 2016 13:43:22 +0200 Subject: [PATCH 088/190] checkcollectiveaccess: fix path to the config file Signed-off-by: honza --- manifests/plugins/checkcollectiveaccess.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checkcollectiveaccess.pp b/manifests/plugins/checkcollectiveaccess.pp index 968cc1a..f776172 100644 --- a/manifests/plugins/checkcollectiveaccess.pp +++ b/manifests/plugins/checkcollectiveaccess.pp @@ -17,12 +17,12 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_collectiveaccess]=${::icinga::usrlib}/nagios/plugins/check_collective-access.rb -h ${host} -u ${user} -p ${password} -c ca_config.yaml\n", + content => "command[check_collectiveaccess]=${::icinga::usrlib}/nagios/plugins/check_collective-access.rb -h ${host} -u ${user} -p ${password} -c ${::icinga::includedir_client}/ca_config.yaml\n", notify => Service[$::icinga::service_client], } file {"${::icinga::includedir_client}/ca_config.yaml": - content => inline_template("<%= @configuration.to_yaml %>"), + content => inline_template('<%= @configuration.to_yaml %>'), mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, From d565828309eb7e4b4735127a9d55e637a22a0b50 Mon Sep 17 00:00:00 2001 From: Bart Willems Date: Wed, 6 Jul 2016 17:06:34 +0200 Subject: [PATCH 089/190] Addes required sudo config Signed-off-by: Bart Willems --- manifests/plugins/checkalldisks.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/manifests/plugins/checkalldisks.pp b/manifests/plugins/checkalldisks.pp index 67960e0..bfa1a22 100644 --- a/manifests/plugins/checkalldisks.pp +++ b/manifests/plugins/checkalldisks.pp @@ -34,4 +34,7 @@ } } + sudo::conf{"configure_sudo_checkalldisks": + content => "Defaults:${::icinga::client_user} !requiretty\n${::icinga::client_user} ALL=(ALL) NOPASSWD:${::icinga::plugindir}/check_disk\n", + } } From e24ff197f04597c153218703f86a3c1dd90f6399 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 26 Jul 2016 11:38:14 +0200 Subject: [PATCH 090/190] add checkfileage.pp Signed-off-by: honza --- manifests/plugins/checkfileage.pp | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 manifests/plugins/checkfileage.pp diff --git a/manifests/plugins/checkfileage.pp b/manifests/plugins/checkfileage.pp new file mode 100644 index 0000000..2db1fca --- /dev/null +++ b/manifests/plugins/checkfileage.pp @@ -0,0 +1,34 @@ +# == Class: icinga::plugins::checkfileage +class icinga::plugins::checkfileage ( + $critical, + $warning, + $file, + $datetype = 'M', + $not_found_exit_code = 3, + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) inherits ::icinga { + + file{"${::icinga::includedir_client}/check_file_age_${file}.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_file_age_${file}]=${::icinga::usrlib}/nagios/plugins/check_fileage.py -w ${warning} -c ${critical} -f ${file} -d ${datetype} -n ${not_found_exit_code}", + notify => Service[$::icinga::service_client], + } + + @@nagios_service{"check_collectiveaccess_${::fqdn}": + check_command => "check_nrpe_command!check_file_age_${file}", + service_description => "Check File Age ${file}", + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + +} From 32b31edfd4751f4cd7edda365b3fe54862396b87 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 2 Aug 2016 11:21:17 +0200 Subject: [PATCH 091/190] add checkfileage.pp Signed-off-by: honza --- manifests/plugins/checkfileage.pp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/manifests/plugins/checkfileage.pp b/manifests/plugins/checkfileage.pp index 2db1fca..6b7e5bc 100644 --- a/manifests/plugins/checkfileage.pp +++ b/manifests/plugins/checkfileage.pp @@ -1,5 +1,5 @@ # == Class: icinga::plugins::checkfileage -class icinga::plugins::checkfileage ( +define icinga::plugins::checkfileage ( $critical, $warning, $file, @@ -9,19 +9,21 @@ $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, -) inherits ::icinga { +) { - file{"${::icinga::includedir_client}/check_file_age_${file}.cfg": + require ::icinga + $_file = inline_template("<%= @file.gsub('/','_') %>") + file{"${::icinga::includedir_client}/check_file_age${_file}.cfg": ensure => 'file', mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_file_age_${file}]=${::icinga::usrlib}/nagios/plugins/check_fileage.py -w ${warning} -c ${critical} -f ${file} -d ${datetype} -n ${not_found_exit_code}", + content => "command[check_file_age${_file}]=${::icinga::usrlib}/nagios/plugins/check_fileage.py -w ${warning} -c ${critical} -f ${file} -d ${datetype} -n ${not_found_exit_code}", notify => Service[$::icinga::service_client], } @@nagios_service{"check_collectiveaccess_${::fqdn}": - check_command => "check_nrpe_command!check_file_age_${file}", + check_command => "check_nrpe_command!check_file_age${_file}", service_description => "Check File Age ${file}", host_name => $::fqdn, contact_groups => $contact_groups, From b88d873675abceb2fe65b6d7296790a67afe9bf9 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 2 Aug 2016 12:46:17 +0200 Subject: [PATCH 092/190] remove check_zimbra_snapshot.pp Signed-off-by: honza --- files/zimbra_snapshot.rb | 15 ------- manifests/plugins/check_zimbra_snapshot.pp | 47 ---------------------- 2 files changed, 62 deletions(-) delete mode 100644 files/zimbra_snapshot.rb delete mode 100644 manifests/plugins/check_zimbra_snapshot.pp diff --git a/files/zimbra_snapshot.rb b/files/zimbra_snapshot.rb deleted file mode 100644 index d24e870..0000000 --- a/files/zimbra_snapshot.rb +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/ruby - -if !File.exist?('/dev/zimbra/opt-snapshot') - puts "OK, opt-snapshot doesn't exist" - exit 0 -elsif (Time.now-File.mtime('/dev/zimbra/opt-snapshot'))/3600 < 2 - puts "OK, opt-snapshot is newer than 2h" - exit 0 -elsif (Time.now-File.mtime('/dev/zimbra/opt-snapshot'))/3600 >= 2 and (Time.now-File.mtime('/dev/zimbra/opt-snapshot'))/3600 <= 4 - puts "Warning, opt-snapshot is older than 2h" - exit 1 -elsif (Time.now-File.mtime('/dev/zimbra/opt-snapshot'))/3600 > 4 - puts "Critical, opt-snapshot is older than 4h" - exit 2 -end diff --git a/manifests/plugins/check_zimbra_snapshot.pp b/manifests/plugins/check_zimbra_snapshot.pp deleted file mode 100644 index d1f8421..0000000 --- a/manifests/plugins/check_zimbra_snapshot.pp +++ /dev/null @@ -1,47 +0,0 @@ -# == Class: icinga::plugins::check_zimbra_snapshot -# -# This class provides a check_zimbra_snapshot plugin. -# -class icinga::plugins::check_zimbra_snapshot ( - $ensure = present, - $contact_groups = $::environment, - $max_check_attempts = $::icinga::max_check_attempts, - $notification_period = $::icinga::notification_period, - $notifications_enabled = $::icinga::notifications_enabled, - -) inherits icinga { - - - file { "${::icinga::plugindir}/zimbra_snapshot.rb": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/zimbra_snapshot.rb', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - file { "${::icinga::includedir_client}/zimbra_snapshot.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - content => template('icinga/plugins/zimbra_snapshot.cfg.erb'), - notify => Service[$::icinga::service_client], - } - - - - @@nagios_service { "check_zimbra_snapshot_${::fqdn}": - check_command => 'check_nrpe_command!check_zimbra_snapshot', - service_description => 'zimbra snapshot', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } - - } - From 2b969bf5e3fe24ee4f08a2e7705ee0f9527cf1ba Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 3 Aug 2016 09:44:39 +0200 Subject: [PATCH 093/190] checkfileage.pp: fix the exported resource name Signed-off-by: honza --- manifests/plugins/checkfileage.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkfileage.pp b/manifests/plugins/checkfileage.pp index 6b7e5bc..ad02dd7 100644 --- a/manifests/plugins/checkfileage.pp +++ b/manifests/plugins/checkfileage.pp @@ -22,7 +22,7 @@ notify => Service[$::icinga::service_client], } - @@nagios_service{"check_collectiveaccess_${::fqdn}": + @@nagios_service{"check_fileage${_file}_${::fqdn}": check_command => "check_nrpe_command!check_file_age${_file}", service_description => "Check File Age ${file}", host_name => $::fqdn, From 00f0002d938b0976f0b85f61b8cf7ca554c62e1f Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 4 Aug 2016 11:50:46 +0200 Subject: [PATCH 094/190] implement ES checks for LPA application logs refs #22929 Signed-off-by: Pavel Pulec --- .puppet-lint.rc | 2 +- .../check_number_of_documents.sh | 76 +++++++++++++++++++ .../check_number_of_documents.pp | 58 ++++++++++++++ manifests/plugins/elasticsearch/readme.txt | 9 +++ 4 files changed, 144 insertions(+), 1 deletion(-) create mode 100644 files/elasticsearch/check_number_of_documents.sh create mode 100644 manifests/plugins/elasticsearch/check_number_of_documents.pp create mode 100644 manifests/plugins/elasticsearch/readme.txt diff --git a/.puppet-lint.rc b/.puppet-lint.rc index 1f2d205..366ec39 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1,3 +1,3 @@ ---no-80chars-check +--no-140chars-check --no-names_containing_dash-check --no-class_inherits_from_params_class-check diff --git a/files/elasticsearch/check_number_of_documents.sh b/files/elasticsearch/check_number_of_documents.sh new file mode 100644 index 0000000..5d2b91e --- /dev/null +++ b/files/elasticsearch/check_number_of_documents.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +set -o pipefail + +PROGRAM_NAME="$1" + +[[ -z "$PROGRAM_NAME" ]] && { echo "The parameter with program name is missing"; exit 3; } +which jq &>/dev/null || { echo 'Jq is not installed'; exit 3; } + +INTERVAL=${2:-15 minutes ago} +CURRENT_EPOCH=$(date +%s%N | cut -b1-13) # ES uses epoch format in miliseconds +CURRENT_EPOCH_15MIN_LESS=$(date +%s%N -d "$INTERVAL" | cut -b1-13) +TWO_LATEST_INDEXES=$(curl -s 'localhost:9200/_stats/indexes' | jq -r '.indices | keys | .[]' | grep logstash | sort | tail -n2 | tr '\n' ',') + +[[ "$?" != 0 ]] && { echo "The request for the list of indexes failed"; exit 3; } + +NUMBER_OF_EVENTS=$(curl -s "localhost:9200/${TWO_LATEST_INDEXES}/syslog/_search?pretty" -d "{ + \"size\": 0, + \"aggs\": {}, + \"query\": { + \"filtered\": { + \"query\": { + \"query_string\": { + \"analyze_wildcard\": true, + \"query\": \"*\" + } + }, + \"filter\": { + \"bool\": { + \"must\": [ + { + \"query\": { + \"match\": { + \"program\": { + \"query\": \"${PROGRAM_NAME}\", + \"type\": \"phrase\" + } + } + } + }, + { + \"query\": { + \"exists\": { + \"field\": \"json_data.data.routing_key\" + } + } + }, + { + \"range\": { + \"@timestamp\": { + \"gte\": ${CURRENT_EPOCH_15MIN_LESS}, + \"lte\": ${CURRENT_EPOCH}, + \"format\": \"epoch_millis\" + } + } + } + ], + \"must_not\": [] + } + } + } + } +}" | +jq -r '.hits.total') + +[[ "$?" != 0 ]] && { echo "The request for the actually processed data failed"; exit 3; } + +if [[ "$NUMBER_OF_EVENTS" -gt 5 ]] +then + echo "OK - ${NUMBER_OF_EVENTS} events were processed during range: '${INTERVAL}'" && exit 0 +elif [[ "$NUMBER_OF_EVENTS" -gt 0 ]] +then + echo "WARNING - only ${NUMBER_OF_EVENTS} event(s) was/were processed during range: '${INTERVAL}'" && exit 1 +else + echo "ERROR - No event was processed during range: '${INTERVAL}'" && exit 2 +fi diff --git a/manifests/plugins/elasticsearch/check_number_of_documents.pp b/manifests/plugins/elasticsearch/check_number_of_documents.pp new file mode 100644 index 0000000..fefb064 --- /dev/null +++ b/manifests/plugins/elasticsearch/check_number_of_documents.pp @@ -0,0 +1,58 @@ +# == Class: icinga::plugins::elasticsearch::check_number_of_documents +# +# This defined type provides a check of number of documents. When the number +# of documents is too low than you are alerted. +# +define icinga::plugins::elasticsearch::check_number_of_documents ( + $program_name, + $interval = '', + $max_check_attempts = $::icinga::max_check_attempts, + $contact_groups = $::environment, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + $icinga_host = hiera('icinga_host'), + +) { + + require icinga + + validate_string($interval) + validate_string($program_name) + + if $icinga::client { + + if (!defined(Package['jq'])) { + package { 'jq': + ensure => installed, + } + } + + file { "${::icinga::plugindir}/check_number_of_documents.sh": + ensure => present, + mode => '0755', + owner => $::icinga::client_user, + group => $::icinga::client_group, + source => "puppet:///modules/${module_name}/elasticsearch/check_number_of_documents.sh", + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + + file { "${::icinga::includedir_client}/check_number_of_documents_${program_name}.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_number_of_documents_${program_name}]=${::icinga::plugindir}/check_number_of_documents.sh \$ARG1$ \$ARG2$", + notify => Service[$::icinga::service_client], + } + + @@nagios_service { "check_number_of_documents_${::fqdn}_${program_name}": + check_command => "check_nrpe_command!check_number_of_documents_${program_name}!${program_name} ${interval}", + service_description => "ES data - occurrence counter of program: ${program_name}", + host_name => $::fqdn, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + } + +} diff --git a/manifests/plugins/elasticsearch/readme.txt b/manifests/plugins/elasticsearch/readme.txt new file mode 100644 index 0000000..5fc01f5 --- /dev/null +++ b/manifests/plugins/elasticsearch/readme.txt @@ -0,0 +1,9 @@ +I created extra directory for all the checks which are related to Elasticsearch +querying. All the checks placed here should process the logs/documents +of applications. I feel that it's impossible to create one universal check so +it's better to create more checks which are mainly customer/appication specific. + +Do not move here the checks for Elasticsearch status itself. The are not related. + + +Any improvements are welcomed! Pavel (kayn) From 0e9a39c870f2237b16a33dcd8949747979120036 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 4 Aug 2016 12:54:26 +0200 Subject: [PATCH 095/190] fix duplication logs in messages use local facility when logging to syslog Signed-off-by: Pavel Pulec --- templates/redhat/icinga.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/redhat/icinga.cfg.erb b/templates/redhat/icinga.cfg.erb index 53e38ce..a00833c 100644 --- a/templates/redhat/icinga.cfg.erb +++ b/templates/redhat/icinga.cfg.erb @@ -305,7 +305,7 @@ use_syslog=1 # If you enabled use_syslog you can set icinga to use a local facility # instead of the default.To enable set this option to 1, if not, set it to 0. -use_syslog_local_facility=0 +use_syslog_local_facility=1 From dd04fb44799804aaa10d10510b81d7bb2de6191d Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 4 Aug 2016 13:06:41 +0200 Subject: [PATCH 096/190] disable logging passive checks and external command Passive checks are sent from logstash. When some application will go haywire then the logs on icinga can be very quickly filled up. Signed-off-by: Pavel Pulec --- manifests/plugins/elasticsearch/check_number_of_documents.pp | 2 +- templates/redhat/icinga.cfg.erb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/plugins/elasticsearch/check_number_of_documents.pp b/manifests/plugins/elasticsearch/check_number_of_documents.pp index fefb064..be9424d 100644 --- a/manifests/plugins/elasticsearch/check_number_of_documents.pp +++ b/manifests/plugins/elasticsearch/check_number_of_documents.pp @@ -1,7 +1,7 @@ # == Class: icinga::plugins::elasticsearch::check_number_of_documents # # This defined type provides a check of number of documents. When the number -# of documents is too low than you are alerted. +# of documents is too low then you are alerted. # define icinga::plugins::elasticsearch::check_number_of_documents ( $program_name, diff --git a/templates/redhat/icinga.cfg.erb b/templates/redhat/icinga.cfg.erb index a00833c..0b2cd4f 100644 --- a/templates/redhat/icinga.cfg.erb +++ b/templates/redhat/icinga.cfg.erb @@ -369,7 +369,7 @@ log_initial_states=0 # checks - see the option below for controlling whether or not # passive checks are logged. -log_external_commands=1 +log_external_commands=0 @@ -378,7 +378,7 @@ log_external_commands=1 # this value to 0. If passive checks should be logged, set # this value to 1. -log_passive_checks=1 +log_passive_checks=0 From 54189c9923b852ac5eb6b59d1496c29f7ff05828 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 4 Aug 2016 13:39:34 +0200 Subject: [PATCH 097/190] remove useless parameter Signed-off-by: Pavel Pulec --- manifests/plugins/elasticsearch/check_number_of_documents.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/plugins/elasticsearch/check_number_of_documents.pp b/manifests/plugins/elasticsearch/check_number_of_documents.pp index be9424d..e412629 100644 --- a/manifests/plugins/elasticsearch/check_number_of_documents.pp +++ b/manifests/plugins/elasticsearch/check_number_of_documents.pp @@ -10,8 +10,6 @@ $contact_groups = $::environment, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, - $icinga_host = hiera('icinga_host'), - ) { require icinga From 8cc30893dc40c0c574cf2f1056611b798305885e Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 4 Aug 2016 14:44:27 +0200 Subject: [PATCH 098/190] fix check_number_of_documents plugin - args wrongly passed Signed-off-by: Pavel Pulec --- manifests/plugins/elasticsearch/check_number_of_documents.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/elasticsearch/check_number_of_documents.pp b/manifests/plugins/elasticsearch/check_number_of_documents.pp index e412629..9e06ca5 100644 --- a/manifests/plugins/elasticsearch/check_number_of_documents.pp +++ b/manifests/plugins/elasticsearch/check_number_of_documents.pp @@ -45,7 +45,7 @@ } @@nagios_service { "check_number_of_documents_${::fqdn}_${program_name}": - check_command => "check_nrpe_command!check_number_of_documents_${program_name}!${program_name} ${interval}", + check_command => "check_nrpe_command_args!check_number_of_documents_${program_name}!${program_name} ${interval}", service_description => "ES data - occurrence counter of program: ${program_name}", host_name => $::fqdn, max_check_attempts => $max_check_attempts, From e04fd2d37f119b8c24298c0a0d95c2571d4a0bbe Mon Sep 17 00:00:00 2001 From: honza Date: Mon, 8 Aug 2016 13:40:22 +0200 Subject: [PATCH 099/190] puppetize changing icinga user credentials Signed-off-by: honza --- manifests/user.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/user.pp b/manifests/user.pp index 1f88db1..791a3a0 100644 --- a/manifests/user.pp +++ b/manifests/user.pp @@ -38,7 +38,7 @@ if ! $hash { exec { "Add Icinga user ${name}": command => "htpasswd -b -s ${htpasswd} ${name} ${password}", - unless => "grep -iE '^${name}:' ${htpasswd}", + unless => "grep -q \"^$(htpasswd -s -b -n ${name} ${password} | head -n1)$\" ${htpasswd}", cwd => $::icinga::confdir_server, } } else { From 520232d18744adac7604266f24b36a727d5527e7 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 9 Aug 2016 11:58:41 +0200 Subject: [PATCH 100/190] check "15 minutes ago" by default in check_number_of_documents.pp it fix the bug when icinga was restarted every hour because when $interval parameter was undefine, then the check contained the space at the end. And that space was ignored by icinga so every puppet run tried to change the command because it was stored in icinga without the space at the end refs #23143 Signed-off-by: Pavel Pulec --- manifests/plugins/elasticsearch/check_number_of_documents.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/elasticsearch/check_number_of_documents.pp b/manifests/plugins/elasticsearch/check_number_of_documents.pp index 9e06ca5..bac4015 100644 --- a/manifests/plugins/elasticsearch/check_number_of_documents.pp +++ b/manifests/plugins/elasticsearch/check_number_of_documents.pp @@ -5,7 +5,7 @@ # define icinga::plugins::elasticsearch::check_number_of_documents ( $program_name, - $interval = '', + $interval = '15 minutes ago', $max_check_attempts = $::icinga::max_check_attempts, $contact_groups = $::environment, $notification_period = $::icinga::notification_period, From 35e7cb30141bfd3311930761f9a0d0d9e88acd4c Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 9 Aug 2016 12:43:25 +0200 Subject: [PATCH 101/190] force recursive purge of dirs - fix icinga restart refs #22831 Signed-off-by: Pavel Pulec --- manifests/config/server/common.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/config/server/common.pp b/manifests/config/server/common.pp index 001abfc..e39ea45 100644 --- a/manifests/config/server/common.pp +++ b/manifests/config/server/common.pp @@ -19,6 +19,7 @@ file{$::icinga::confdir_server: recurse => true, purge => true, + force => true, } file{"${::icinga::confdir_server}/resource.cfg": @@ -29,6 +30,7 @@ file{$::icinga::targetdir: recurse => true, purge => true, + force => true, } file{"${::icinga::targetdir}/hosts": From 3c0eba0f2745c88b5fe25be48e0ad6a952916743 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 9 Aug 2016 14:35:03 +0200 Subject: [PATCH 102/190] adapt the server load thresholds to the processor count Signed-off-by: Pavel Pulec --- manifests/plugins/checkload.pp | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/manifests/plugins/checkload.pp b/manifests/plugins/checkload.pp index 2750851..0c27c22 100644 --- a/manifests/plugins/checkload.pp +++ b/manifests/plugins/checkload.pp @@ -4,8 +4,8 @@ # class icinga::plugins::checkload ( $pkgname = 'nagios-plugins-load', - $check_warning = hiera('nagios_load_warning', '15,10,5'), - $check_critical = hiera('nagios_load_critical', '30,25,20'), + $check_warning = hiera('nagios_load_warning', undef), + $check_critical = hiera('nagios_load_critical', undef), $contact_groups = $::environment, $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, @@ -19,12 +19,30 @@ } } + if !$check_warning { + $warn_1 = $::processorcount * 3 + $warn_5 = $::processorcount * 2 + $warn_15 = $::processorcount + $_check_warning = "${warn_1},${warn_5},${warn_15}" + } else { + $_check_warning = $check_warning + } + + if !$check_critical { + $crit_1 = $::processorcount * 4 + $crit_5 = $::processorcount * 3 + $crit_15 = $::processorcount * 2 + $_check_critical = "${crit_1},${crit_5},${crit_15}" + } else { + $_check_critical = $check_critical + } + file{"${::icinga::includedir_client}/load.cfg": ensure => 'file', mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_load]=${::icinga::plugindir}/check_load -w ${check_warning} -c ${check_critical}\n", + content => "command[check_load]=${::icinga::plugindir}/check_load -w ${_check_warning} -c ${_check_critical}\n", notify => Service[$::icinga::service_client], } From fe7ba886c2274e499af6c08f600629d5f306f00f Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 9 Aug 2016 18:24:10 +0200 Subject: [PATCH 103/190] increase minimal level for server load Signed-off-by: Pavel Pulec --- manifests/plugins/checkload.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkload.pp b/manifests/plugins/checkload.pp index 0c27c22..36bf43e 100644 --- a/manifests/plugins/checkload.pp +++ b/manifests/plugins/checkload.pp @@ -22,7 +22,7 @@ if !$check_warning { $warn_1 = $::processorcount * 3 $warn_5 = $::processorcount * 2 - $warn_15 = $::processorcount + $warn_15 = $::processorcount + 1 $_check_warning = "${warn_1},${warn_5},${warn_15}" } else { $_check_warning = $check_warning From f5555418cd7c8eaf852011f10812500236e564d3 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 10 Aug 2016 11:06:00 +0200 Subject: [PATCH 104/190] fix check_number_of_documents - quote _interval_ parameter Signed-off-by: Pavel Pulec --- manifests/plugins/elasticsearch/check_number_of_documents.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/elasticsearch/check_number_of_documents.pp b/manifests/plugins/elasticsearch/check_number_of_documents.pp index bac4015..73842ec 100644 --- a/manifests/plugins/elasticsearch/check_number_of_documents.pp +++ b/manifests/plugins/elasticsearch/check_number_of_documents.pp @@ -40,12 +40,12 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_number_of_documents_${program_name}]=${::icinga::plugindir}/check_number_of_documents.sh \$ARG1$ \$ARG2$", + content => "command[check_number_of_documents_${program_name}]=${::icinga::plugindir}/check_number_of_documents.sh \$ARG1$ '\$ARG2$'", notify => Service[$::icinga::service_client], } @@nagios_service { "check_number_of_documents_${::fqdn}_${program_name}": - check_command => "check_nrpe_command_args!check_number_of_documents_${program_name}!${program_name} ${interval}", + check_command => "check_nrpe_command_args!check_number_of_documents_${program_name}!${program_name} '${interval}'", service_description => "ES data - occurrence counter of program: ${program_name}", host_name => $::fqdn, max_check_attempts => $max_check_attempts, From e7aa35e6e1be359ced7cafb21477768eb4364c57 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 10 Aug 2016 13:52:45 +0200 Subject: [PATCH 105/190] add checkrabbitmqsync.pp Signed-off-by: honza --- manifests/plugins/checkrabbitmqsync.pp | 36 ++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 manifests/plugins/checkrabbitmqsync.pp diff --git a/manifests/plugins/checkrabbitmqsync.pp b/manifests/plugins/checkrabbitmqsync.pp new file mode 100644 index 0000000..e3ac5f0 --- /dev/null +++ b/manifests/plugins/checkrabbitmqsync.pp @@ -0,0 +1,36 @@ +# == Class: icinga::plugins::checkrabbitmqsync +class icinga::plugins::checkrabbitmqsync ( + $user, + $password, + $vhost = $name, + $host = 'localhost', + $port = '15672', + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) inherits ::icinga { + + + + file{"${::icinga::includedir_client}/check_rabbit_sync_${vhost}.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_rabbit_sync_${vhost}]=${::icinga::usrlib}/nagios/plugins/check_rabbitmq_sync.rb -h ${host} -u ${user} -p ${password} -P ${port} -v ${vhost}\n", + notify => Service[$::icinga::service_client], + } + + @@nagios_service{"check_rabbit_sync_${vhost}_${::fqdn}": + check_command => "check_nrpe_command!check_rabbit_sync_${vhost}", + service_description => "Rabbit node sync vhost: ${vhost}", + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + +} From a13e20bc405ba5824e4c16a1cb2598568f1b8b18 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 10 Aug 2016 14:03:17 +0200 Subject: [PATCH 106/190] checkrabbitmqsync.pp class > define Signed-off-by: honza --- manifests/plugins/checkrabbitmqsync.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkrabbitmqsync.pp b/manifests/plugins/checkrabbitmqsync.pp index e3ac5f0..1973bfb 100644 --- a/manifests/plugins/checkrabbitmqsync.pp +++ b/manifests/plugins/checkrabbitmqsync.pp @@ -1,5 +1,5 @@ # == Class: icinga::plugins::checkrabbitmqsync -class icinga::plugins::checkrabbitmqsync ( +define icinga::plugins::checkrabbitmqsync ( $user, $password, $vhost = $name, From 59e07a653ec7560ac0ad8d1c33a074c153b3fb3c Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 10 Aug 2016 14:09:19 +0200 Subject: [PATCH 107/190] checkrabbitmqsync.pp: inherits > require Signed-off-by: honza --- manifests/plugins/checkrabbitmqsync.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checkrabbitmqsync.pp b/manifests/plugins/checkrabbitmqsync.pp index 1973bfb..f313340 100644 --- a/manifests/plugins/checkrabbitmqsync.pp +++ b/manifests/plugins/checkrabbitmqsync.pp @@ -9,9 +9,9 @@ $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, -) inherits ::icinga { - +) { + require icinga file{"${::icinga::includedir_client}/check_rabbit_sync_${vhost}.cfg": ensure => 'file', From dbc50b197579b149525020c87cc227871a498726 Mon Sep 17 00:00:00 2001 From: honza Date: Wed, 10 Aug 2016 14:42:45 +0200 Subject: [PATCH 108/190] checkrabbitmqsync.pp: correct the name of the executable file-s --- manifests/plugins/checkrabbitmqsync.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkrabbitmqsync.pp b/manifests/plugins/checkrabbitmqsync.pp index f313340..0235de7 100644 --- a/manifests/plugins/checkrabbitmqsync.pp +++ b/manifests/plugins/checkrabbitmqsync.pp @@ -18,7 +18,7 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_rabbit_sync_${vhost}]=${::icinga::usrlib}/nagios/plugins/check_rabbitmq_sync.rb -h ${host} -u ${user} -p ${password} -P ${port} -v ${vhost}\n", + content => "command[check_rabbit_sync_${vhost}]=${::icinga::usrlib}/nagios/plugins/check_rabbitmq-sync.rb -h ${host} -u ${user} -p ${password} -P ${port} -v ${vhost}\n", notify => Service[$::icinga::service_client], } From 4a5d33d9ebb5da86169aeb49a8a3bddd982e7a40 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 11 Aug 2016 09:09:42 +0200 Subject: [PATCH 109/190] remove bacula related stuff - we do not use bacula anymore refs #19441 Signed-off-by: Pavel Pulec --- manifests/plugins/checkbacula.pp | 45 -------------------------------- 1 file changed, 45 deletions(-) delete mode 100644 manifests/plugins/checkbacula.pp diff --git a/manifests/plugins/checkbacula.pp b/manifests/plugins/checkbacula.pp deleted file mode 100644 index 454c98b..0000000 --- a/manifests/plugins/checkbacula.pp +++ /dev/null @@ -1,45 +0,0 @@ -# == Class: icinga::plugins::checkbacula -# -# This class provides a checkbacula plugin. -# -define icinga::plugins::checkbacula ( - $pkgname = 'nagios-plugins-bacula', - $jobname = $::fqdn, - $warning = '1', - $critical = '0', - $contact_groups = $::environment, - $notification_period = 'workhours', - $notifications_enabled = $::icinga::notifications_enabled, -) { - - require ::icinga - - if $icinga::client { - if ! defined(Package[$pkgname]) { - package{$pkgname: - ensure => '0.0.5-2' - } - } - - file{"${::icinga::includedir_client}/bacula_${jobname}.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - content => "command[check_bacula_${jobname}]=${::icinga::plugindir}/check_bacula -j ${jobname} -w ${warning} -c ${critical}\n", - notify => Service[$::icinga::service_client], - } - - @@nagios_service{"check_bacula_${jobname}": - check_command => "check_nrpe_command!check_bacula_${jobname}", - service_description => "Bacula Job: ${jobname}", - host_name => $::fqdn, - use => 'generic-service', - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } - } - -} From c0a1280f2e3bc401bb24fd9c2b09b98fea79d8dd Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 24 Aug 2016 11:44:44 +0200 Subject: [PATCH 110/190] mod icinga: increase thresholds of load check for critical Signed-off-by: Pavel Pulec --- manifests/plugins/checkload.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/plugins/checkload.pp b/manifests/plugins/checkload.pp index 36bf43e..02c1a4e 100644 --- a/manifests/plugins/checkload.pp +++ b/manifests/plugins/checkload.pp @@ -29,9 +29,9 @@ } if !$check_critical { - $crit_1 = $::processorcount * 4 - $crit_5 = $::processorcount * 3 - $crit_15 = $::processorcount * 2 + $crit_1 = $::processorcount * 5 + $crit_5 = $::processorcount * 4 + $crit_15 = $::processorcount * 3 $_check_critical = "${crit_1},${crit_5},${crit_15}" } else { $_check_critical = $check_critical From 13118638b48e3cb06e523e3a745b2c5dc4418a14 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 26 Aug 2016 08:20:01 +0200 Subject: [PATCH 111/190] update haproxy check refs #23353 Signed-off-by: Pavel Pulec --- files/check_haproxy.rb | 157 +++++++++++------- manifests/plugins/checkhaproxy.pp | 68 ++++---- .../plugins/checkhaproxy/nagios_service.pp | 26 +++ templates/plugins/haproxy.cfg.erb | 2 +- 4 files changed, 155 insertions(+), 98 deletions(-) mode change 100755 => 100644 files/check_haproxy.rb create mode 100644 manifests/plugins/checkhaproxy/nagios_service.pp diff --git a/files/check_haproxy.rb b/files/check_haproxy.rb old mode 100755 new mode 100644 index a94ea08..c3718eb --- a/files/check_haproxy.rb +++ b/files/check_haproxy.rb @@ -1,20 +1,33 @@ #!/usr/bin/ruby -require "net/http" +# This file is managed by puppet. +# +# Source of this script: https://github.com/benprew/nagios-checks +# which actually contains the changes from this pull request +# https://github.com/benprew/nagios-checks/pull/8/commits + require 'optparse' require 'open-uri' require 'ostruct' require 'csv' +require 'openssl' + OK = 0 WARNING = 1 CRITICAL = 2 UNKNOWN = 3 +# allows https with invalid certificate on ruby 1.8+ +# +# src: also://snippets.aktagon.com/snippets/370-hack-for-using-openuri-with-ssl +OpenSSL::SSL::VERIFY_PEER = OpenSSL::SSL::VERIFY_NONE + status = ['OK', 'WARN', 'CRIT', 'UNKN'] @proxies = [] @errors = [] +@perfdata = [] exit_code = OK options = OpenStruct.new @@ -28,22 +41,10 @@ # Required arguments opts.on("-u", "--url URL", "Statistics URL to check (eg. http://demo.1wt.eu/)") do |v| - options.url = v+":18080" -# puts options.url + options.url = v options.url += "/;csv" unless options.url =~ /;/ - options.url="http://"+options.url - - begin - response = Net::HTTP.get_response(URI(options.url)); - rescue - puts "Service not running" - exit CRITICAL end - - end - - # Optional Arguments opts.on("-p", "--proxies [PROXIES]", "Only check these proxies (eg. proxy1,proxy2,proxylive)") do |v| options.proxies = v.split(/,/) @@ -97,54 +98,91 @@ exit UNKNOWN end -open(options.url, :http_basic_authentication => [options.user, options.password]) do |f| - f.each do |line| +begin + f = open(options.url, :http_basic_authentication => [options.user, options.password]) +rescue OpenURI::HTTPError => e + puts "ERROR: #{e.message}" + exit UNKNOWN +rescue Errno::ECONNREFUSED => e + puts "ERROR: #{e.message}" + exit UNKNOWN +end - if line =~ /^# / - HAPROXY_COLUMN_NAMES = line[2..-1].split(',') - next - elsif ! defined? HAPROXY_COLUMN_NAMES - puts "ERROR: CSV header is missing" - exit UNKNOWN - end +f.each do |line| - row = HAPROXY_COLUMN_NAMES.zip(CSV.parse(line)[0]).reduce({}) { |hash, val| hash.merge({val[0] => val[1]}) } - - next unless options.proxies.empty? || options.proxies.include?(row['pxname']) - next if row['pxname'] == 'statistics' - - role = row['act'].to_i > 0 ? 'active ' : (row['bck'].to_i > 0 ? 'backup ' : '') - message = sprintf("%s: %s %s%s", row['pxname'], row['status'], role, row['svname']) - - if %w(FRONTEND BACKEND).include? row['svname'] - if options.critical && row['scur'].to_i * 100 >= options.critical.to_i * row['slim'].to_i - @errors << sprintf("%s has too many sessions (%s/%s) on %s proxy", - row['svname'], - row['scur'], - row['slim'], - row['pxname']) - exit_code = CRITICAL - elsif options.warning && row['scur'].to_i * 100 >= options.warning.to_i * row['slim'].to_i - @errors << sprintf("%s has too many sessions (%s/%s) on %s proxy", - row['svname'], - row['scur'], - row['slim'], - row['pxname']) - exit_code = WARNING if exit_code == OK || exit_code == UNKNOWN - end + if line =~ /^# / + HAPROXY_COLUMN_NAMES = line[2..-1].split(',') + next + elsif ! defined? HAPROXY_COLUMN_NAMES + puts "ERROR: CSV header is missing" + exit UNKNOWN + end - if row['status'] != 'OPEN' && row['status'] != 'UP' - @errors << message - exit_code = CRITICAL - end + row = HAPROXY_COLUMN_NAMES.zip(CSV.parse(line)[0]).reduce({}) { |hash, val| hash.merge({val[0] => val[1]}) } + + next unless options.proxies.empty? || options.proxies.include?(row['pxname']) + next if ['statistics', 'admin_stats', 'stats'].include? row['pxname'] + + role = row['act'].to_i > 0 ? 'active ' : (row['bck'].to_i > 0 ? 'backup ' : '') + message = sprintf("%s: %s %s%s", row['pxname'], row['status'], role, row['svname']) + perf_id = "#{row['pxname']}".downcase + + if row['svname'] == 'FRONTEND' + if row['slim'].to_i == 0 + session_percent_usage = 0 + else + session_percent_usage = row['scur'].to_i * 100 / row['slim'].to_i + end + @perfdata << "#{perf_id}_sessions=#{session_percent_usage}%;#{options.warning ? options.warning : ""};#{options.critical ? options.critical : ""};;" + @perfdata << "#{perf_id}_rate=#{row['rate']};;;;#{row['rate_max']}" + if options.critical && session_percent_usage > options.critical.to_i + @errors << sprintf("%s has way too many sessions (%s/%s) on %s proxy", + row['svname'], + row['scur'], + row['slim'], + row['pxname']) + exit_code = CRITICAL + elsif options.warning && session_percent_usage > options.warning.to_i + @errors << sprintf("%s has too many sessions (%s/%s) on %s proxy", + row['svname'], + row['scur'], + row['slim'], + row['pxname']) + exit_code = WARNING if exit_code == OK || exit_code == UNKNOWN + end - elsif row['status'] != 'no check' - @proxies << message + if row['status'] != 'OPEN' && row['status'] != 'UP' + @errors << message + exit_code = CRITICAL + end + + elsif row['svname'] == 'BACKEND' + # It has no point to check sessions number for backends, against the alert limits, + # as the SLIM number is actually coming from the "fullconn" parameter. + # So we just collect perfdata. See the following url for more info: + # http://comments.gmane.org/gmane.comp.web.haproxy/9715 + current_sessions = row['scur'].to_i + @perfdata << "#{perf_id}_sessions=#{current_sessions};;;;" + @perfdata << "#{perf_id}_rate=#{row['rate']};;;;#{row['rate_max']}" + if row['status'] != 'OPEN' && row['status'] != 'UP' + @errors << message + exit_code = CRITICAL + end - if row['status'] != 'UP' - @errors << message - exit_code = WARNING if exit_code == OK || exit_code == UNKNOWN + elsif row['status'] != 'no check' + @proxies << message + + if row['status'] != 'UP' + @errors << message + exit_code = WARNING if exit_code == OK || exit_code == UNKNOWN + else + if row['slim'].to_i == 0 + session_percent_usage = 0 + else + session_percent_usage = row['scur'].to_i * 100 / row['slim'].to_i end + @perfdata << "#{perf_id}-#{row['svname']}_sessions=#{session_percent_usage}%;;;;" + @perfdata << "#{perf_id}-#{row['svname']}_rate=#{row['rate']};;;;#{row['rate_max']}" end end end @@ -158,7 +196,7 @@ exit_code = UNKNOWN if exit_code == OK end -puts "HAPROXY " + status[exit_code] + ": " + @errors.join('; ') +puts "HAPROXY " + status[exit_code] + ": " + @errors.join('; ') + "|" + @perfdata.join(" ") puts @proxies exit exit_code @@ -166,17 +204,16 @@ =begin Copyright (C) 2013 Ben Prew Copyright (C) 2013 Mark Ruys, Peercode - +Copyright (C) 2015 Hector Sanjuan. Nugg.ad +Copyright (C) 2015 Roger Torrentsgeneros This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. - This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License along with this program. If not, see . =end diff --git a/manifests/plugins/checkhaproxy.pp b/manifests/plugins/checkhaproxy.pp index d6fea1f..23cd5f9 100644 --- a/manifests/plugins/checkhaproxy.pp +++ b/manifests/plugins/checkhaproxy.pp @@ -3,47 +3,41 @@ # This class provides a checkhaproxy plugin. # class icinga::plugins::checkhaproxy ( - $ensure = present, - $contact_groups = $::environment, - $max_check_attempts = $::icinga::max_check_attempts, - $notification_period = $::icinga::notification_period, - $notifications_enabled = $::icinga::notifications_enabled, - $username = hiera('haproxy_username', 'haproxy'), - $password = hiera('haproxy_pass', 'V3ry_Str0ng_P4ssword'), + $ensure = present, + $urls_to_check = [ 'http://127.0.0.1/haproxy?stats' ], + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, ) inherits icinga { + file { "${::icinga::plugindir}/check_haproxy.rb": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_haproxy.rb', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } - file { "${::icinga::plugindir}/check_haproxy.rb": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_haproxy.rb', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - file { "${::icinga::includedir_client}/haproxy.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - content => template('icinga/plugins/haproxy.cfg.erb'), - notify => Service[$::icinga::service_client], - } - - + file { "${::icinga::includedir_client}/haproxy.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => template('icinga/plugins/haproxy.cfg.erb'), + notify => Service[$::icinga::service_client], + } - @@nagios_service { "check_haproxy_${::fqdn}": - check_command => 'check_nrpe_command!check_haproxy', - service_description => 'HAproxy backends', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } + create_resources('::icinga::plugins::checkhaproxy::nagios_service', $urls_to_check, { + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + }) - } +} diff --git a/manifests/plugins/checkhaproxy/nagios_service.pp b/manifests/plugins/checkhaproxy/nagios_service.pp new file mode 100644 index 0000000..ba84f46 --- /dev/null +++ b/manifests/plugins/checkhaproxy/nagios_service.pp @@ -0,0 +1,26 @@ +# == Define: icinga::plugins::checkhaproxy +# +# This define exports all IP addresses we want +# to check. +# +define icinga::plugins::checkhaproxy::nagios_service ( + $contact_groups, + $max_check_attempts, + $notification_period, + $notifications_enabled, + $target, + $url_to_check = $title, +) { + + @@nagios_service { "check_haproxy_${::fqdn}_${url_to_check}": + check_command => "check_nrpe_command_args!check_haproxy!'${url_to_check}'", + service_description => "HAproxy check on ${url_to_check}", + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => $target, + } + +} diff --git a/templates/plugins/haproxy.cfg.erb b/templates/plugins/haproxy.cfg.erb index 94530a7..e9c1a84 100644 --- a/templates/plugins/haproxy.cfg.erb +++ b/templates/plugins/haproxy.cfg.erb @@ -3,4 +3,4 @@ ### Module: '<%= scope.to_hash['module_name'] %>' ### Template source: '<%= template_source %>' -command[check_haproxy]=<%= @plugindir %>/check_haproxy.rb -u localhost -U <%= @username %> -P <%= @password %> +command[check_haproxy]=<%= @plugindir %>/check_haproxy.rb -u '$ARG2$' 2>/dev/null From 74d491710e15f2c59e5dcab07021a73290489e0f Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 26 Aug 2016 09:00:38 +0200 Subject: [PATCH 112/190] checkhaproxy: move exported resources to define refs #23353 Signed-off-by: Pavel Pulec --- manifests/plugins/checkhaproxy.pp | 17 ++++------------- .../plugins/checkhaproxy/nagios_service.pp | 12 +++++++----- 2 files changed, 11 insertions(+), 18 deletions(-) diff --git a/manifests/plugins/checkhaproxy.pp b/manifests/plugins/checkhaproxy.pp index 23cd5f9..75eece1 100644 --- a/manifests/plugins/checkhaproxy.pp +++ b/manifests/plugins/checkhaproxy.pp @@ -1,15 +1,15 @@ # == Class: icinga::plugins::checkhaproxy # -# This class provides a checkhaproxy plugin. +# This class only creates proper NRPE config with command 'check_haproxy' but +# the exported resource is defined in icinga::plugins::checkhaproxy::nagios_service +# # class icinga::plugins::checkhaproxy ( - $ensure = present, - $urls_to_check = [ 'http://127.0.0.1/haproxy?stats' ], $contact_groups = $::environment, $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, - + $target = "${::icinga::targetdir}/services/${::fqdn}.cfg", ) inherits icinga { file { "${::icinga::plugindir}/check_haproxy.rb": @@ -31,13 +31,4 @@ notify => Service[$::icinga::service_client], } - create_resources('::icinga::plugins::checkhaproxy::nagios_service', $urls_to_check, { - contact_groups => $contact_groups, - max_check_attempts => $max_check_attempts, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - }) - } - diff --git a/manifests/plugins/checkhaproxy/nagios_service.pp b/manifests/plugins/checkhaproxy/nagios_service.pp index ba84f46..886fb7d 100644 --- a/manifests/plugins/checkhaproxy/nagios_service.pp +++ b/manifests/plugins/checkhaproxy/nagios_service.pp @@ -12,15 +12,17 @@ $url_to_check = $title, ) { + include ::icinga::plugins::checkhaproxy + @@nagios_service { "check_haproxy_${::fqdn}_${url_to_check}": check_command => "check_nrpe_command_args!check_haproxy!'${url_to_check}'", service_description => "HAproxy check on ${url_to_check}", host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => $target, + contact_groups => $::icinga::plugins::checkhaproxy::contact_groups, + notification_period => $::icinga::plugins::checkhaproxy::notification_period, + notifications_enabled => $::icinga::plugins::checkhaproxy::notifications_enabled, + max_check_attempts => $::icinga::plugins::checkhaproxy::max_check_attempts, + target => $::icinga::plugins::checkhaproxy::target, } } From 8151ba08ac12282fa7e76ff8bfe78872bd9464ce Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 26 Aug 2016 09:32:49 +0200 Subject: [PATCH 113/190] check_haproxy.rb allow first redirect Signed-off-by: Pavel Pulec --- files/check_haproxy.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/files/check_haproxy.rb b/files/check_haproxy.rb index c3718eb..e20e51c 100644 --- a/files/check_haproxy.rb +++ b/files/check_haproxy.rb @@ -98,8 +98,15 @@ exit UNKNOWN end + +tries = 2 + begin - f = open(options.url, :http_basic_authentication => [options.user, options.password]) + f = open(options.url, :http_basic_authentication => [options.user, options.password], redirect: false) +rescue OpenURI::HTTPRedirect => redirect + options.url = redirect.uri # assigned from the "Location" response header + retry if (tries -= 1) > 0 + raise rescue OpenURI::HTTPError => e puts "ERROR: #{e.message}" exit UNKNOWN From a536e61f594f8adcf448ff67780d82c14d16479e Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 26 Aug 2016 09:34:59 +0200 Subject: [PATCH 114/190] checkhaproxy - remove unnecessary params Signed-off-by: Pavel Pulec --- manifests/plugins/checkhaproxy/nagios_service.pp | 5 ----- 1 file changed, 5 deletions(-) diff --git a/manifests/plugins/checkhaproxy/nagios_service.pp b/manifests/plugins/checkhaproxy/nagios_service.pp index 886fb7d..daef490 100644 --- a/manifests/plugins/checkhaproxy/nagios_service.pp +++ b/manifests/plugins/checkhaproxy/nagios_service.pp @@ -4,11 +4,6 @@ # to check. # define icinga::plugins::checkhaproxy::nagios_service ( - $contact_groups, - $max_check_attempts, - $notification_period, - $notifications_enabled, - $target, $url_to_check = $title, ) { From 7f2ca441056468a4b0b396fa7260713b545940c2 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 26 Aug 2016 11:00:54 +0200 Subject: [PATCH 115/190] haproxy check: fix service name Signed-off-by: Pavel Pulec --- manifests/plugins/checkhaproxy/nagios_service.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checkhaproxy/nagios_service.pp b/manifests/plugins/checkhaproxy/nagios_service.pp index daef490..7b79777 100644 --- a/manifests/plugins/checkhaproxy/nagios_service.pp +++ b/manifests/plugins/checkhaproxy/nagios_service.pp @@ -9,9 +9,11 @@ include ::icinga::plugins::checkhaproxy + $ip_address_from_string = inline_template("<%= @url_to_check.gsub(/.*?([1-9][0-9.]*[0-9]).*/, '\\1') %>") + @@nagios_service { "check_haproxy_${::fqdn}_${url_to_check}": check_command => "check_nrpe_command_args!check_haproxy!'${url_to_check}'", - service_description => "HAproxy check on ${url_to_check}", + service_description => "HAproxy check on ${ip_address_from_string}", host_name => $::fqdn, contact_groups => $::icinga::plugins::checkhaproxy::contact_groups, notification_period => $::icinga::plugins::checkhaproxy::notification_period, From 798e7a7541e9cea4b561f2296cdf5a4071bb44b0 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 26 Aug 2016 11:52:36 +0200 Subject: [PATCH 116/190] haproxy check: fix redirection for ruby 1.8 Signed-off-by: Pavel Pulec --- files/check_haproxy.rb | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/files/check_haproxy.rb b/files/check_haproxy.rb index e20e51c..6499bcb 100644 --- a/files/check_haproxy.rb +++ b/files/check_haproxy.rb @@ -102,19 +102,24 @@ tries = 2 begin - f = open(options.url, :http_basic_authentication => [options.user, options.password], redirect: false) -rescue OpenURI::HTTPRedirect => redirect - options.url = redirect.uri # assigned from the "Location" response header - retry if (tries -= 1) > 0 - raise + f = open(options.url, :http_basic_authentication => [options.user, options.password]) rescue OpenURI::HTTPError => e puts "ERROR: #{e.message}" - exit UNKNOWN + exit CRITICAL rescue Errno::ECONNREFUSED => e puts "ERROR: #{e.message}" - exit UNKNOWN + exit CRITICAL +rescue Exception => e + if e.message =~ /redirection forbidden/ + options.url = e.message.gsub(/.*-> (.*)/, '\1') # extract redirect URL + retry if (tries -= 1) > 0 + raise + else + exit UNKNOWN + end end + f.each do |line| if line =~ /^# / From 3ccb7efac34cc912a3ceae40e2509683ae6f5dd5 Mon Sep 17 00:00:00 2001 From: Christophe Vanlancker Date: Fri, 26 Aug 2016 11:53:05 +0200 Subject: [PATCH 117/190] Ensure python-nagioscheck is installed for the elasticsearch python based check Signed-off-by: Christophe Vanlancker --- manifests/plugins/checkelasticsearch.pp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manifests/plugins/checkelasticsearch.pp b/manifests/plugins/checkelasticsearch.pp index b50ccef..2c334a4 100644 --- a/manifests/plugins/checkelasticsearch.pp +++ b/manifests/plugins/checkelasticsearch.pp @@ -34,6 +34,11 @@ } } + if !defined(Package['python-nagioscheck']) { + package {'python-nagioscheck': + ensure => present, + } + } file { "${::icinga::includedir_client}/elasticsearch.cfg": ensure => 'file', From ec77368af57b849db8d4f0d61beb1d5717dd4f90 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 26 Aug 2016 13:23:14 +0200 Subject: [PATCH 118/190] haproxy check: fix the number of argument Signed-off-by: Pavel Pulec --- templates/plugins/haproxy.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/plugins/haproxy.cfg.erb b/templates/plugins/haproxy.cfg.erb index e9c1a84..a5c6dcb 100644 --- a/templates/plugins/haproxy.cfg.erb +++ b/templates/plugins/haproxy.cfg.erb @@ -3,4 +3,4 @@ ### Module: '<%= scope.to_hash['module_name'] %>' ### Template source: '<%= template_source %>' -command[check_haproxy]=<%= @plugindir %>/check_haproxy.rb -u '$ARG2$' 2>/dev/null +command[check_haproxy]=<%= @plugindir %>/check_haproxy.rb -u '$ARG1$' 2>/dev/null From 28378818bbe75749c1148ba837038bdcd57988b4 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 26 Aug 2016 13:53:52 +0200 Subject: [PATCH 119/190] puppet-lint satisfied Signed-off-by: Pavel Pulec --- manifests/params.pp | 2 +- manifests/plugins/checkalldisks.pp | 4 +- manifests/plugins/checkcarbon.pp | 57 +++++++------ manifests/plugins/checkgluster.pp | 64 +++++++------- .../plugins/checkhaproxy/nagios_service.pp | 2 +- manifests/plugins/checkipmi.pp | 83 +++++++++---------- manifests/plugins/checkipmichassis.pp | 66 +++++++-------- manifests/plugins/checkmdraid.pp | 4 +- manifests/plugins/checkmdsbackend.pp | 2 +- manifests/plugins/checkmongodb.pp | 2 +- manifests/plugins/checkrsnapshot.pp | 2 +- manifests/plugins/checksmart.pp | 78 ++++++++--------- manifests/plugins/checkstatsd.pp | 49 +++++------ manifests/reports.pp | 46 +++++----- 14 files changed, 229 insertions(+), 232 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 06e3681..0d74517 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -219,7 +219,7 @@ } default: { - fail("${module_name}: Unsupported operatingsystem ${::operatingsystem}") + fail("${module_name}: Unsupported operatingsystem ${::operatingsystem}") } } diff --git a/manifests/plugins/checkalldisks.pp b/manifests/plugins/checkalldisks.pp index bfa1a22..f198707 100644 --- a/manifests/plugins/checkalldisks.pp +++ b/manifests/plugins/checkalldisks.pp @@ -9,7 +9,7 @@ $contact_groups = $::environment, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, - $additional_options = '', + $additional_options = '', ) inherits icinga { if $icinga::client { @@ -34,7 +34,7 @@ } } - sudo::conf{"configure_sudo_checkalldisks": + sudo::conf{'configure_sudo_checkalldisks': content => "Defaults:${::icinga::client_user} !requiretty\n${::icinga::client_user} ALL=(ALL) NOPASSWD:${::icinga::plugindir}/check_disk\n", } } diff --git a/manifests/plugins/checkcarbon.pp b/manifests/plugins/checkcarbon.pp index ca8be48..ac93914 100644 --- a/manifests/plugins/checkcarbon.pp +++ b/manifests/plugins/checkcarbon.pp @@ -10,36 +10,35 @@ $notifications_enabled = $::icinga::notifications_enabled, ) inherits icinga { - file { "${::icinga::plugindir}/check_process": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_process', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - file { "${::icinga::includedir_client}/carbon.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - content => template('icinga/plugins/carbon.cfg.erb'), - notify => Service[$::icinga::service_client], - } - - + file { "${::icinga::plugindir}/check_process": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_process', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } - @@nagios_service { "check_carbon_cache_${::fqdn}": - check_command => 'check_nrpe_command!check_carbon', - service_description => 'Carbon cache', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } + file { "${::icinga::includedir_client}/carbon.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => template('icinga/plugins/carbon.cfg.erb'), + notify => Service[$::icinga::service_client], + } + @@nagios_service { "check_carbon_cache_${::fqdn}": + check_command => 'check_nrpe_command!check_carbon', + service_description => 'Carbon cache', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } +} + diff --git a/manifests/plugins/checkgluster.pp b/manifests/plugins/checkgluster.pp index c4263b2..2b72653 100644 --- a/manifests/plugins/checkgluster.pp +++ b/manifests/plugins/checkgluster.pp @@ -10,41 +10,41 @@ $notifications_enabled = $::icinga::notifications_enabled, ) inherits icinga { - file { "${::icinga::plugindir}/check_gluster.sh": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_gluster.sh', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - file { "${::icinga::includedir_client}/check_gluster.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - content => template('icinga/plugins/gluster.cfg.erb'), - notify => Service[$::icinga::service_client], - } - + file { "${::icinga::plugindir}/check_gluster.sh": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_gluster.sh', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + file { "${::icinga::includedir_client}/check_gluster.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => template('icinga/plugins/gluster.cfg.erb'), + notify => Service[$::icinga::service_client], + } - @@nagios_service { "check_gluster_${::fqdn}": - check_command => 'check_nrpe_command!check_gluster', - service_description => 'check gluster', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } - sudo::conf{'gluster_check_conf': - content => "Defaults:nagios !requiretty - nagios ALL=(ALL) NOPASSWD:/usr/sbin/gluster *\n", - } + @@nagios_service { "check_gluster_${::fqdn}": + check_command => 'check_nrpe_command!check_gluster', + service_description => 'check gluster', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + sudo::conf{'gluster_check_conf': + content => "Defaults:nagios !requiretty + nagios ALL=(ALL) NOPASSWD:/usr/sbin/gluster *\n", } +} + diff --git a/manifests/plugins/checkhaproxy/nagios_service.pp b/manifests/plugins/checkhaproxy/nagios_service.pp index 7b79777..c545d32 100644 --- a/manifests/plugins/checkhaproxy/nagios_service.pp +++ b/manifests/plugins/checkhaproxy/nagios_service.pp @@ -13,7 +13,7 @@ @@nagios_service { "check_haproxy_${::fqdn}_${url_to_check}": check_command => "check_nrpe_command_args!check_haproxy!'${url_to_check}'", - service_description => "HAproxy check on ${ip_address_from_string}", + service_description => "HAProxy check on ${ip_address_from_string}", host_name => $::fqdn, contact_groups => $::icinga::plugins::checkhaproxy::contact_groups, notification_period => $::icinga::plugins::checkhaproxy::notification_period, diff --git a/manifests/plugins/checkipmi.pp b/manifests/plugins/checkipmi.pp index 3a591c5..b07200c 100644 --- a/manifests/plugins/checkipmi.pp +++ b/manifests/plugins/checkipmi.pp @@ -11,49 +11,48 @@ $ignored_sensors = hiera('ignored_sensors', undef), ) inherits icinga { - package { 'perl-IPC-Run.noarch': - ensure => present, - } - - package { 'freeipmi': - ensure => present, - } - - file { "${::icinga::plugindir}/check_ipmi_sensor": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_ipmi_sensor', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - file { "${::icinga::includedir_client}/ipmi.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - content => template('icinga/plugins/ipmi.cfg.erb'), - notify => Service[$::icinga::service_client], - } - - - - @@nagios_service { "check_ipmi_${::fqdn}": - check_command => 'check_nrpe_command!check_ipmi', - service_description => 'IPMI', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } - - sudo::conf{'ipmi_check_conf': + package { 'perl-IPC-Run.noarch': + ensure => present, + } + + package { 'freeipmi': + ensure => present, + } + + file { "${::icinga::plugindir}/check_ipmi_sensor": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_ipmi_sensor', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + file { "${::icinga::includedir_client}/ipmi.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => template('icinga/plugins/ipmi.cfg.erb'), + notify => Service[$::icinga::service_client], + } + + + @@nagios_service { "check_ipmi_${::fqdn}": + check_command => 'check_nrpe_command!check_ipmi', + service_description => 'IPMI', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + + sudo::conf{'ipmi_check_conf': content => "Defaults:nagios !requiretty nagios ALL=(ALL) NOPASSWD:/usr/sbin/ipmimonitoring,/usr/sbin/ipmi-sensors\n", - } - } +} + diff --git a/manifests/plugins/checkipmichassis.pp b/manifests/plugins/checkipmichassis.pp index 4a10981..18b3e1c 100644 --- a/manifests/plugins/checkipmichassis.pp +++ b/manifests/plugins/checkipmichassis.pp @@ -10,45 +10,43 @@ $notifications_enabled = $::icinga::notifications_enabled, ) inherits icinga { - package { 'perl-Nagios-Plugin': + package { 'perl-Nagios-Plugin': ensure => 'installed' - } - - file { "${::icinga::plugindir}/check_ipmitool.pl": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_ipmitool.pl', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - file { "${::icinga::includedir_client}/ipmi_chassis.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - content => template('icinga/plugins/ipmi_chassis.cfg.erb'), - notify => Service[$::icinga::service_client], - } - + } + file { "${::icinga::plugindir}/check_ipmitool.pl": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_ipmitool.pl', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + file { "${::icinga::includedir_client}/ipmi_chassis.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => template('icinga/plugins/ipmi_chassis.cfg.erb'), + notify => Service[$::icinga::service_client], + } - @@nagios_service { "ipmi_chassis_status${::fqdn}": - check_command => 'check_nrpe_command!check_ipmi_chassis', - service_description => 'IPMI chassis status', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } + @@nagios_service { "ipmi_chassis_status${::fqdn}": + check_command => 'check_nrpe_command!check_ipmi_chassis', + service_description => 'IPMI chassis status', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } - sudo::conf{'ipmi_chassis_conf': + sudo::conf{'ipmi_chassis_conf': content => "Defaults:nagios !requiretty nagios ALL=(ALL) NOPASSWD:/usr/bin/ipmitool\n", - } - } +} + diff --git a/manifests/plugins/checkmdraid.pp b/manifests/plugins/checkmdraid.pp index 0084439..7bd3a74 100644 --- a/manifests/plugins/checkmdraid.pp +++ b/manifests/plugins/checkmdraid.pp @@ -10,12 +10,12 @@ $notifications_enabled = $::icinga::notifications_enabled, ) inherits icinga { - file { "${::icinga::plugindir}/check_md_raid": + file { "${::icinga::plugindir}/check_md_raid": ensure => present, mode => '0755', owner => 'root', group => 'root', - source => 'puppet:///modules/icinga/check_md_raid', + source => 'puppet:///modules/icinga/check_md_raid', notify => Service[$icinga::service_client], require => Class['icinga::config']; } diff --git a/manifests/plugins/checkmdsbackend.pp b/manifests/plugins/checkmdsbackend.pp index b1f3a4a..e4a4fe7 100644 --- a/manifests/plugins/checkmdsbackend.pp +++ b/manifests/plugins/checkmdsbackend.pp @@ -16,7 +16,7 @@ mode => '0755', owner => 'root', group => 'root', - source => 'puppet:///modules/icinga/mds_backend.rb', + source => 'puppet:///modules/icinga/mds_backend.rb', notify => Service[$icinga::service_client], require => Class['icinga::config']; } diff --git a/manifests/plugins/checkmongodb.pp b/manifests/plugins/checkmongodb.pp index 8900239..19765cb 100644 --- a/manifests/plugins/checkmongodb.pp +++ b/manifests/plugins/checkmongodb.pp @@ -28,7 +28,7 @@ mode => '0755', owner => 'root', group => 'root', - source => 'puppet:///modules/icinga/check_mongodb.py', + source => 'puppet:///modules/icinga/check_mongodb.py', notify => Service[$icinga::service_client], require => Class['icinga::config']; } diff --git a/manifests/plugins/checkrsnapshot.pp b/manifests/plugins/checkrsnapshot.pp index 0acc7e3..df1f346 100644 --- a/manifests/plugins/checkrsnapshot.pp +++ b/manifests/plugins/checkrsnapshot.pp @@ -19,7 +19,7 @@ mode => '0755', owner => 'root', group => 'root', - source => 'puppet:///modules/icinga/check_rsnapshot.rb', + source => 'puppet:///modules/icinga/check_rsnapshot.rb', notify => Service[$icinga::service_client], require => Class['icinga::config']; } diff --git a/manifests/plugins/checksmart.pp b/manifests/plugins/checksmart.pp index c24bba6..a7036a3 100644 --- a/manifests/plugins/checksmart.pp +++ b/manifests/plugins/checksmart.pp @@ -16,51 +16,51 @@ } - file { "${::icinga::plugindir}/check_smart.rb": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_smart.rb', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - file { "${::icinga::plugindir}/check_smart.pl": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_smart.pl', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } + file { "${::icinga::plugindir}/check_smart.rb": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_smart.rb', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } - file { "${::icinga::includedir_client}/SMART.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - content => template('icinga/plugins/SMART.cfg.erb'), - notify => Service[$::icinga::service_client], - } + file { "${::icinga::plugindir}/check_smart.pl": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_smart.pl', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + file { "${::icinga::includedir_client}/SMART.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => template('icinga/plugins/SMART.cfg.erb'), + notify => Service[$::icinga::service_client], + } - @@nagios_service { "check_smart_${::fqdn}": - check_command => 'check_nrpe_command!check_smart', - service_description => 'S.M.A.R.T.', - host_name => $::fqdn, - contact_groups => $contact_groups, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } + @@nagios_service { "check_smart_${::fqdn}": + check_command => 'check_nrpe_command!check_smart', + service_description => 'S.M.A.R.T.', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } - sudo::conf{'check_smart': + sudo::conf{'check_smart': content => "Defaults:nagios !requiretty nagios ALL=(ALL) NOPASSWD:/usr/sbin/smartctl\n", - } - } +} + diff --git a/manifests/plugins/checkstatsd.pp b/manifests/plugins/checkstatsd.pp index 0c2e008..39213f1 100644 --- a/manifests/plugins/checkstatsd.pp +++ b/manifests/plugins/checkstatsd.pp @@ -1,39 +1,40 @@ +# Class icinga::plugins::checkstatsd class icinga::plugins::checkstatsd ( - $ensure = present, + $ensure = present, $contact_groups = $::environment, $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, ) inherits icinga { - - file{"${::icinga::plugindir}/check_service.sh": - ensure => present, - mode => '0755', - owner => 'root', - group => 'root', - source => 'puppet:///modules/icinga/check_service.sh', - notify => Service[$icinga::service_client], - require => Class['icinga::config']; - } - file { "${::icinga::includedir_client}/check_statsd.cfg": - ensure => file, - mode => '0644', - owner => $::icinga::client_user, + file{"${::icinga::plugindir}/check_service.sh": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/check_service.sh', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + + file { "${::icinga::includedir_client}/check_statsd.cfg": + ensure => file, + mode => '0644', + owner => $::icinga::client_user, group => $::icinga::client_group, content => template('icinga/plugins/check_statsd.cfg.erb'), notify => Service[$icinga::service_client], - } + } - @@nagios_service { "check_statsd_${::fqdn}": - check_command => 'check_nrpe_command!check_statsd', - service_description => 'Statsd status', - host_name => $::fqdn, + @@nagios_service { "check_statsd_${::fqdn}": + check_command => 'check_nrpe_command!check_statsd', + service_description => 'Statsd status', + host_name => $::fqdn, contact_groups => $contact_groups, notification_period => $notification_period, notifications_enabled => $notifications_enabled, max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } - -} \ No newline at end of file + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + +} diff --git a/manifests/reports.pp b/manifests/reports.pp index 40908d3..666ec0e 100644 --- a/manifests/reports.pp +++ b/manifests/reports.pp @@ -17,12 +17,12 @@ class icinga::reports ( $db_module = 'percona', - $icingaReportsVersion = '1.10.0', - $icingaReportsHome = $::icinga::params::confdir_server, - $icingaAvailabilityFunctionName = 'icinga_availability', - $idoDbName = $::icinga::params::idoutils_dbname, - $idoDbUsername = $::icinga::params::idoutils_dbuser, - $idoDbPassword = $::icinga::params::idoutils_dbpass, + $icinga_reports_version = '1.10.0', + $icinga_reports_home = $::icinga::params::confdir_server, + $icinga_availability_function_name = 'icinga_availability', + $ido_db_name = $::icinga::params::idoutils_dbname, + $ido_db_username = $::icinga::params::idoutils_dbuser, + $ido_db_password = $::icinga::params::idoutils_dbpass, ) inherits icinga { include tomcat6 @@ -50,9 +50,9 @@ package {'wget': ensure => 'installed'} } - $jasperHome = $jasperserver::jasperHome - $tomcatHome = $jasperserver::tomcatHome - $tomcatName = $tomcat6::params::tomcat_name + $jasper_home = $jasperserver::jasper_home + $tomcat_home = $jasperserver::tomcat_home + $tomcat_name = $tomcat6::params::tomcat_name # required for icinga-web connector php::module{ 'soap': } @@ -63,7 +63,7 @@ notify => Service[$::icinga::params::service_webserver], } - file { "${icingaReportsHome}/icinga-reports-${icingaReportsVersion}": + file { "${icinga_reports_home}/icinga-reports-${icinga_reports_version}": ensure => 'directory', owner => $::icinga::params::server_user, group => $::icinga::params::server_group, @@ -71,11 +71,11 @@ exec { 'get-icinga-reports': path => '/bin:/usr/bin:/sbin:/usr/sbin', - command => "/usr/bin/wget -O /tmp/icinga-reports-${icingaReportsVersion}.zip https://github.com/Icinga/icinga-reports/archive/v${icingaReportsVersion}.zip", + command => "/usr/bin/wget -O /tmp/icinga-reports-${icinga_reports_version}.zip https://github.com/Icinga/icinga-reports/archive/v${icinga_reports_version}.zip", timeout => 0, provider => 'shell', user => root, - unless => "test -d ${icingaReportsHome}/icinga-reports-${icingaReportsVersion}", + unless => "test -d ${icinga_reports_home}/icinga-reports-${icinga_reports_version}", require => Package['wget'], notify => Exec[unzip-icinga-reports], } @@ -83,7 +83,7 @@ exec { 'unzip-icinga-reports': refreshonly => true, path => '/bin:/usr/bin:/sbin:/usr/sbin', - command => "unzip -o -q /tmp/icinga-reports-${icingaReportsVersion}.zip -d ${icingaReportsHome}", + command => "unzip -o -q /tmp/icinga-reports-${icinga_reports_version}.zip -d ${icinga_reports_home}", require => Package['unzip'], notify => Exec['install-tomcat-mysql-connector'], } @@ -92,7 +92,7 @@ exec { 'install-tomcat-mysql-connector': refreshonly => true, path => '/bin:/usr/bin:/sbin:/usr/sbin', - command => "cp /usr/share/java/mysql-connector-java.jar ${tomcatHome}/lib/", + command => "cp /usr/share/java/mysql-connector-java.jar ${tomcat_home}/lib/", require => [ Package['mysql-connector-java'], Package['tomcat6'] ], notify => Exec['install-tomcat-mysql-connector-restart-tomcat'], } @@ -100,20 +100,20 @@ exec { 'install-tomcat-mysql-connector-restart-tomcat': refreshonly => true, path => '/bin:/usr/bin:/sbin:/usr/sbin', - command => "/etc/init.d/${tomcatName} restart", + command => "/etc/init.d/${tomcat_name} restart", require => Exec['install-tomcat-mysql-connector'], notify => Exec['js-import-icinga'], } exec { 'js-import-icinga': refreshonly => true, - command => "${jasperHome}/buildomatic/js-import.sh --input-zip ${icingaReportsHome}/icinga-reports-${icingaReportsVersion}/reports/icinga/package/js-icinga-reports.zip", + command => "${jasper_home}/buildomatic/js-import.sh --input-zip ${icinga_reports_home}/icinga-reports-${icinga_reports_version}/reports/icinga/package/js-icinga-reports.zip", require => [ Exec['install-tomcat-mysql-connector'], Package['tomcat6'], Anchor['jasperserver::end'] ], - cwd => "${icingaReportsHome}/icinga-reports-${icingaReportsVersion}", + cwd => "${icinga_reports_home}/icinga-reports-${icinga_reports_version}", notify => [Service['tomcat6'], Exec['install-jar-files']], } - file { "${tomcatHome}/webapps/jasperserver/WEB-INF/lib": + file { "${tomcat_home}/webapps/jasperserver/WEB-INF/lib": ensure => 'directory', require => [ Anchor['jasperserver::end'], Exec['js-import-icinga'] ] } @@ -121,17 +121,17 @@ exec { 'install-jar-files': refreshonly => true, path => '/bin:/usr/bin:/sbin:/usr/sbin', - command => "cp ${icingaReportsHome}/icinga-reports-${icingaReportsVersion}/jsp-server/classes/icinga/icinga-reporting.jar ${tomcatHome}/webapps/jasperserver/WEB-INF/lib/", - require => File["${tomcatHome}/webapps/jasperserver/WEB-INF/lib"], - cwd => "${icingaReportsHome}/icinga-reports-${icingaReportsVersion}", + command => "cp ${icinga_reports_home}/icinga-reports-${icinga_reports_version}/jsp-server/classes/icinga/icinga-reporting.jar ${tomcat_home}/webapps/jasperserver/WEB-INF/lib/", + require => File["${tomcat_home}/webapps/jasperserver/WEB-INF/lib"], + cwd => "${icinga_reports_home}/icinga-reports-${icinga_reports_version}", notify => [Service['tomcat6'], Exec['install-ido-icinga-availability-sql-function']], } exec { 'install-ido-icinga-availability-sql-function': refreshonly => true, path => '/bin:/usr/bin:/sbin:/usr/sbin', - unless => "mysql -u${idoDbUsername} -p${idoDbPassword} ${idoDbName} -e 'select name from mysql.proc where name='${icingaAvailabilityFunctionName}';'", - command => "mysql -u${idoDbUsername} -p${idoDbPassword} ${idoDbName} < ${icingaReportsHome}/icinga-reports-${icingaReportsVersion}/db/icinga/mysql/availability.sql", + unless => "mysql -u${ido_db_username} -p${ido_db_password} ${ido_db_name} -e 'select name from mysql.proc where name='${icinga_availability_function_name}';'", + command => "mysql -u${ido_db_username} -p${ido_db_password} ${ido_db_name} < ${icinga_reports_home}/icinga-reports-${icinga_reports_version}/db/icinga/mysql/availability.sql", require => [ Service[$db_service_name], Exec['install-jar-files'] ] } } From c8bd8efea969de5a3c0f75e11f85286f292bb06b Mon Sep 17 00:00:00 2001 From: Christophe Vanlancker Date: Fri, 26 Aug 2016 16:16:02 +0200 Subject: [PATCH 120/190] Install relevant nagios packages for the various es plugins Signed-off-by: Christophe Vanlancker --- manifests/plugins/check_es_cluster_status.pp | 5 +++-- manifests/plugins/check_es_jvm_usage.pp | 5 +++-- manifests/plugins/check_es_nodes.pp | 6 ++++-- manifests/plugins/check_es_unassigned_shards.pp | 5 +++-- 4 files changed, 13 insertions(+), 8 deletions(-) diff --git a/manifests/plugins/check_es_cluster_status.pp b/manifests/plugins/check_es_cluster_status.pp index b73b586..574fde3 100644 --- a/manifests/plugins/check_es_cluster_status.pp +++ b/manifests/plugins/check_es_cluster_status.pp @@ -17,6 +17,9 @@ notify => Service[$::icinga::service_client], } + package { 'nagios-plugins-es-cluster-status': + ensure => 'present', + } @@nagios_service{"check_es_cluster_status_${::fqdn}": check_command => 'check_nrpe_command!check_es_cluster_status', @@ -29,5 +32,3 @@ target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } } - - diff --git a/manifests/plugins/check_es_jvm_usage.pp b/manifests/plugins/check_es_jvm_usage.pp index aabdf08..791f64e 100644 --- a/manifests/plugins/check_es_jvm_usage.pp +++ b/manifests/plugins/check_es_jvm_usage.pp @@ -17,6 +17,9 @@ notify => Service[$::icinga::service_client], } + package { 'nagios-plugins-es-jvm-usage': + ensure => 'present', + } @@nagios_service{"check_es_jvm_usage_${::fqdn}": check_command => 'check_nrpe_command!check_es_jvm_usage', @@ -29,5 +32,3 @@ target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } } - - diff --git a/manifests/plugins/check_es_nodes.pp b/manifests/plugins/check_es_nodes.pp index fd9af33..cf9b334 100644 --- a/manifests/plugins/check_es_nodes.pp +++ b/manifests/plugins/check_es_nodes.pp @@ -18,6 +18,10 @@ notify => Service[$::icinga::service_client], } + package { 'nagios-plugins-es-nodes': + ensure => 'present', + } + ## Exported config to be included in the Icinga/Nagios host @@nagios_service{"check_es_nodes_${::fqdn}": @@ -31,5 +35,3 @@ target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } } - - diff --git a/manifests/plugins/check_es_unassigned_shards.pp b/manifests/plugins/check_es_unassigned_shards.pp index 50bc97e..5fd1c04 100644 --- a/manifests/plugins/check_es_unassigned_shards.pp +++ b/manifests/plugins/check_es_unassigned_shards.pp @@ -17,6 +17,9 @@ notify => Service[$::icinga::service_client], } + package { 'nagios-plugins-es-unassigned-shards': + ensure => 'present', + } @@nagios_service{"check_es_unassigned_shards_${::fqdn}": check_command => 'check_nrpe_command!check_es_unassigned_shards', @@ -29,5 +32,3 @@ target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } } - - From 6b3d5df3d90f99367dc866977a70e3e84a426008 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 30 Aug 2016 13:46:04 +0200 Subject: [PATCH 121/190] check_gluster: do not alert on unsynced entries, monitor split-brain refs #16115 Signed-off-by: honza --- files/check_gluster.sh | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/files/check_gluster.sh b/files/check_gluster.sh index ef75291..955a911 100644 --- a/files/check_gluster.sh +++ b/files/check_gluster.sh @@ -92,14 +92,9 @@ ex_stat=OK BRICKS=$(sudo gluster volume info $VOLUME | grep "Number of Bricks" | cut -f8 -d" ") # get volume heal status -heal=0 -for entries in $(sudo gluster volume heal ${VOLUME} info | awk '/^Number of entries: /{print $4}'); do - if [ "$entries" -gt 0 ]; then - let $((heal+=entries)) - fi -done -if [ "$heal" -gt 0 ]; then - errors=("${errors[@]}" "$heal unsynched entries") +entries=$(sudo gluster volume heal data info split-brain | grep 'Number of entries in split-brain: ' | awk '{print $NF}') +if [ "$entries" -gt 0 ]; then + errors=("${errors[@]}" "$entries in split-brain") fi # get volume status From 6e5dde63ea0cc8a23fe7e2900eafaa13ae0a87f9 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 1 Sep 2016 09:16:36 +0200 Subject: [PATCH 122/190] add IP address duplication check refs #23350 Signed-off-by: Pavel Pulec --- files/ip_address_duplication_check.sh | 23 +++++++++ .../plugins/check_ip_addr_duplication.pp | 47 +++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 files/ip_address_duplication_check.sh create mode 100644 manifests/plugins/check_ip_addr_duplication.pp diff --git a/files/ip_address_duplication_check.sh b/files/ip_address_duplication_check.sh new file mode 100644 index 0000000..d6f2059 --- /dev/null +++ b/files/ip_address_duplication_check.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# This file is managed by puppet + +# ignore localhost, and addresses with subnet /32 (because of Hetzner failover IP) +ips=$(ip addr show | grep "inet\b" | awk '{print $2}' | grep -E -v '127\.0\.0\.1|\/32' | cut -d/ -f1) +duplications='' + +arping=$(which arping) || { echo 'UNKNOWN - arping command not found'; exit 3; } + +for ip in $ips +do + $arping -q -D -c 1 "$ip" &>/dev/null + [[ $? -ne 0 ]] && duplications="${duplications}${ip} " +done + +if [[ -z "$duplications" ]]; then + echo "OK - No duplicate address found." + exit 0 +else + echo "CRITICAL - Found duplicate addresses: ${duplications}!!!" + exit 2 +fi diff --git a/manifests/plugins/check_ip_addr_duplication.pp b/manifests/plugins/check_ip_addr_duplication.pp new file mode 100644 index 0000000..a6237e4 --- /dev/null +++ b/manifests/plugins/check_ip_addr_duplication.pp @@ -0,0 +1,47 @@ +# == Class: icinga::plugins::check_ip_addr_duplication +# +# This class provides a check_ip_addr_duplication plugin. +# +class icinga::plugins::check_ip_addr_duplication ( + $max_check_attempts = $::icinga::max_check_attempts, + $contact_groups = $::environment, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + $additional_options = '', +) inherits icinga { + + file{"${::icinga::includedir_client}/check_ip_addr_duplication.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_ip_addr_duplication]=sudo ${::icinga::plugindir}/ip_address_duplication_check.sh\n", + notify => Service[$::icinga::service_client], + } + + file{"${::icinga::plugindir}/ip_address_duplication_check.sh": + ensure => present, + mode => '0755', + owner => 'root', + group => 'root', + source => 'puppet:///modules/icinga/ip_address_duplication_check.sh', + notify => Service[$icinga::service_client], + require => Class['icinga::config']; + } + + @@nagios_service { "check_ip_addr_duplication_${::fqdn}": + check_command => 'check_nrpe_command!check_ip_addr_duplication', + service_description => 'IP duplicates', + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + + sudo::conf{'configure_sudo_check_ip_addr_duplication': + content => "#managed by puppetDefaults:${::icinga::client_user} !requiretty\n +${::icinga::client_user} ALL=(ALL) NOPASSWD:${::icinga::plugindir}/ip_address_duplication_check.sh\n", + } +} From 2065e1b8c1ce395f74ac67ad7865d9cc506a7530 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 1 Sep 2016 10:30:35 +0200 Subject: [PATCH 123/190] fix ip_address_duplication_check.sh for boxes with more ifaces refs #23350 Signed-off-by: Pavel Pulec --- files/ip_address_duplication_check.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/files/ip_address_duplication_check.sh b/files/ip_address_duplication_check.sh index d6f2059..358514e 100644 --- a/files/ip_address_duplication_check.sh +++ b/files/ip_address_duplication_check.sh @@ -4,14 +4,18 @@ # ignore localhost, and addresses with subnet /32 (because of Hetzner failover IP) ips=$(ip addr show | grep "inet\b" | awk '{print $2}' | grep -E -v '127\.0\.0\.1|\/32' | cut -d/ -f1) +interfaces=$(ls /sys/class/net/) duplications='' arping=$(which arping) || { echo 'UNKNOWN - arping command not found'; exit 3; } for ip in $ips do - $arping -q -D -c 1 "$ip" &>/dev/null - [[ $? -ne 0 ]] && duplications="${duplications}${ip} " + for iface in $interfaces + do + $arping -q -D -c 1 -I "$iface" "$ip" &>/dev/null + [[ $? -ne 0 ]] && duplications="${duplications}${ip} " + done done if [[ -z "$duplications" ]]; then From de3029871ea844f0acb1b97bc899747fb473bdfd Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 1 Sep 2016 11:09:50 +0200 Subject: [PATCH 124/190] ip_address_duplication_check.sh sent output to icinga, ignore localhost Signed-off-by: Pavel Pulec --- files/ip_address_duplication_check.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/files/ip_address_duplication_check.sh b/files/ip_address_duplication_check.sh index 358514e..64cb3b4 100644 --- a/files/ip_address_duplication_check.sh +++ b/files/ip_address_duplication_check.sh @@ -4,8 +4,9 @@ # ignore localhost, and addresses with subnet /32 (because of Hetzner failover IP) ips=$(ip addr show | grep "inet\b" | awk '{print $2}' | grep -E -v '127\.0\.0\.1|\/32' | cut -d/ -f1) -interfaces=$(ls /sys/class/net/) +interfaces=$(ls /sys/class/net/ | grep -v '^lo$') duplications='' +arping_output='' arping=$(which arping) || { echo 'UNKNOWN - arping command not found'; exit 3; } @@ -13,15 +14,15 @@ for ip in $ips do for iface in $interfaces do - $arping -q -D -c 1 -I "$iface" "$ip" &>/dev/null + arping_output="${arping_output}\n\n$($arping -D -c 1 -I "$iface" "$ip")" [[ $? -ne 0 ]] && duplications="${duplications}${ip} " done done if [[ -z "$duplications" ]]; then - echo "OK - No duplicate address found." + echo -e "OK - No duplicate address found.${arping_output}" exit 0 else - echo "CRITICAL - Found duplicate addresses: ${duplications}!!!" + echo -e "CRITICAL - Found duplicate addresses: ${duplications}!!!${arping_output}" exit 2 fi From 260d6206a73ac433af6b4f02ce5ef8a9c1d9412f Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 1 Sep 2016 11:39:24 +0200 Subject: [PATCH 125/190] files/ip_address_duplication_check.sh - check only active ifaces Signed-off-by: Pavel Pulec --- files/ip_address_duplication_check.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/ip_address_duplication_check.sh b/files/ip_address_duplication_check.sh index 64cb3b4..3d969f5 100644 --- a/files/ip_address_duplication_check.sh +++ b/files/ip_address_duplication_check.sh @@ -4,7 +4,7 @@ # ignore localhost, and addresses with subnet /32 (because of Hetzner failover IP) ips=$(ip addr show | grep "inet\b" | awk '{print $2}' | grep -E -v '127\.0\.0\.1|\/32' | cut -d/ -f1) -interfaces=$(ls /sys/class/net/ | grep -v '^lo$') +interfaces=$(ip link show | grep 'state UP' | cut -d ':' -f2 | tr -d ' ') duplications='' arping_output='' From 22d0997c74b4bd570e07b332477f933a710cda9d Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 1 Sep 2016 13:03:28 +0200 Subject: [PATCH 126/190] files/ip_address_duplication_check.sh - do not check drac iface Signed-off-by: Pavel Pulec --- files/ip_address_duplication_check.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/ip_address_duplication_check.sh b/files/ip_address_duplication_check.sh index 3d969f5..3f31ed2 100644 --- a/files/ip_address_duplication_check.sh +++ b/files/ip_address_duplication_check.sh @@ -4,7 +4,7 @@ # ignore localhost, and addresses with subnet /32 (because of Hetzner failover IP) ips=$(ip addr show | grep "inet\b" | awk '{print $2}' | grep -E -v '127\.0\.0\.1|\/32' | cut -d/ -f1) -interfaces=$(ip link show | grep 'state UP' | cut -d ':' -f2 | tr -d ' ') +interfaces=$(ip link show | grep 'state UP' | cut -d ':' -f2 | tr -d ' ' | grep -v '\-drac') duplications='' arping_output='' From 0c535b5d6321cd0609f0c7c3e17cc9a5a63edc75 Mon Sep 17 00:00:00 2001 From: honza Date: Mon, 5 Sep 2016 13:00:16 +0200 Subject: [PATCH 127/190] checkrabbitmqsync: change service description Signed-off-by: honza --- manifests/plugins/checkrabbitmqsync.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkrabbitmqsync.pp b/manifests/plugins/checkrabbitmqsync.pp index 0235de7..6f04e38 100644 --- a/manifests/plugins/checkrabbitmqsync.pp +++ b/manifests/plugins/checkrabbitmqsync.pp @@ -24,7 +24,7 @@ @@nagios_service{"check_rabbit_sync_${vhost}_${::fqdn}": check_command => "check_nrpe_command!check_rabbit_sync_${vhost}", - service_description => "Rabbit node sync vhost: ${vhost}", + service_description => "RabbitMQ node sync vhost: ${vhost}", host_name => $::fqdn, contact_groups => $contact_groups, max_check_attempts => $max_check_attempts, From 224638dfb82703ac317147d7913f174836fd9be9 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Wed, 14 Sep 2016 12:28:02 +0200 Subject: [PATCH 128/190] added checkvufwatcher.pp --- manifests/plugins/checkvufwatcher.pp | 34 ++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 manifests/plugins/checkvufwatcher.pp diff --git a/manifests/plugins/checkvufwatcher.pp b/manifests/plugins/checkvufwatcher.pp new file mode 100644 index 0000000..e53e085 --- /dev/null +++ b/manifests/plugins/checkvufwatcher.pp @@ -0,0 +1,34 @@ +# == Class: icinga::plugins::checkvufwatcher +# +# This class provides a checkvufwatcher plugin. +# +class icinga::plugins::checkvufwatcher ( + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) inherits icinga { + + if $icinga::client { + file{"${::icinga::includedir_client}/vufwatcher.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_vufwatcher]=${::icinga::plugindir}/check_procs -c 1: -C vufwatcher\n", + notify => Service[$::icinga::service_client], + } + + @@nagios_service{"check_vufwatcher_${::fqdn}": + check_command => 'check_nrpe_command!check_vufwatcher', + service_description => 'Vufwatcher', + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + } + +} From a1ef10d08e39a5f9d41b0f02b45651b3f9db2999 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Wed, 14 Sep 2016 13:43:10 +0200 Subject: [PATCH 129/190] changed check_vufwatcher command --- manifests/plugins/checkvufwatcher.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkvufwatcher.pp b/manifests/plugins/checkvufwatcher.pp index e53e085..a01566b 100644 --- a/manifests/plugins/checkvufwatcher.pp +++ b/manifests/plugins/checkvufwatcher.pp @@ -15,7 +15,7 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_vufwatcher]=${::icinga::plugindir}/check_procs -c 1: -C vufwatcher\n", + content => "command[check_vufwatcher]=${::icinga::plugindir}/check_procs -c 1: -C python --argument-array=vufwatcher.py\n", notify => Service[$::icinga::service_client], } From e36e10845619013444076c0355d8bae005ee8d19 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Wed, 14 Sep 2016 14:02:42 +0200 Subject: [PATCH 130/190] only 1 vufwatcher process allowed --- manifests/plugins/checkvufwatcher.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkvufwatcher.pp b/manifests/plugins/checkvufwatcher.pp index a01566b..2dedcff 100644 --- a/manifests/plugins/checkvufwatcher.pp +++ b/manifests/plugins/checkvufwatcher.pp @@ -15,7 +15,7 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_vufwatcher]=${::icinga::plugindir}/check_procs -c 1: -C python --argument-array=vufwatcher.py\n", + content => "command[check_vufwatcher]=${::icinga::plugindir}/check_procs -c 1:1 -C python --argument-array=vufwatcher.py\n", notify => Service[$::icinga::service_client], } From 928aae8a75c1ab7f3937dcd9c53442f604a36b13 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 15 Sep 2016 12:15:40 +0200 Subject: [PATCH 131/190] check_rsnapshot.rb: support backup scripts in config file Signed-off-by: honza --- files/check_rsnapshot.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/check_rsnapshot.rb b/files/check_rsnapshot.rb index 885af9e..f6723fd 100644 --- a/files/check_rsnapshot.rb +++ b/files/check_rsnapshot.rb @@ -161,7 +161,7 @@ def run status=0 errors=[] File.open(ARGV[0]).each do |line| - if line.match(/^backup/) + if line.match(/^backup\t/) #puts line.split("\s")[2] folder='/rsnapshots/daily.0/'+line.split("\s")[2] if !File.directory?(folder) From 1bc5136e5e95d3fe71f9c5c04a691d3fcca1a30a Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 22 Sep 2016 08:08:45 +0200 Subject: [PATCH 132/190] nagios-plugins-checkcrm packae replaced by nagios-plugins-crm refs #23832 Signed-off-by: Pavel Pulec --- manifests/plugins/checkcrm.pp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checkcrm.pp b/manifests/plugins/checkcrm.pp index ba7f690..6b6806a 100644 --- a/manifests/plugins/checkcrm.pp +++ b/manifests/plugins/checkcrm.pp @@ -15,10 +15,18 @@ require icinga + # we used this package in the past on Centos boxes + # but it was replaced with nagios-plugins-crm. The + # check is the same but the naming convention is + # correct + package { 'nagios-plugins-checkcrm': + ensure => absent, + } + if $icinga::client { $pkg_nagios_plugin_checkcrm = $::operatingsystem ? { - /CentOS|RedHat/ => 'nagios-plugins-checkcrm', + /CentOS|RedHat/ => 'nagios-plugins-crm', default => fail('Operating system not supported'), } @@ -28,7 +36,8 @@ } package { $pkg_nagios_plugin_checkcrm: - ensure => installed, + ensure => installed, + require => Package['nagios-plugins-checkcrm'], } ensure_resource ('package', $pkg_perl_nagios_plugin, { 'ensure' => 'installed' }) From 7c79f7e0f682df7180333ff889516dd4f04fde92 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 22 Sep 2016 08:33:35 +0200 Subject: [PATCH 133/190] set sudo perm for whhole check_crm file + check constraints refs #23832 Signed-off-by: Pavel Pulec --- manifests/plugins/checkcrm.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checkcrm.pp b/manifests/plugins/checkcrm.pp index 6b6806a..c1134fa 100644 --- a/manifests/plugins/checkcrm.pp +++ b/manifests/plugins/checkcrm.pp @@ -48,12 +48,12 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_crm_${host_name}]=${::icinga::plugindir}/check_crm\n", + content => "command[check_crm_${host_name}]=sudo ${::icinga::plugindir}/check_crm -c\n", notify => Service[$::icinga::service_client], } sudo::conf{'nrpe_crm_mon': - content => "Defaults:nagios !requiretty\nnagios ALL=(ALL) NOPASSWD:/usr/sbin/crm_mon -1 -r -f\n", + content => "Defaults:nagios !requiretty\nnagios ALL=(ALL) NOPASSWD:${::icinga::plugindir}/check_crm\n", } @@nagios_service{"check_crm_${host_name}": From 96ca704b846ae47e9b60e3da71cea061f55e89a1 Mon Sep 17 00:00:00 2001 From: honza Date: Fri, 7 Oct 2016 10:17:43 +0200 Subject: [PATCH 134/190] make the gluster check work with TB drives refs #24311 Signed-off-by: honza --- files/check_gluster.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/files/check_gluster.sh b/files/check_gluster.sh index 955a911..1236d67 100644 --- a/files/check_gluster.sh +++ b/files/check_gluster.sh @@ -91,12 +91,11 @@ VOLUME=$1 ex_stat=OK BRICKS=$(sudo gluster volume info $VOLUME | grep "Number of Bricks" | cut -f8 -d" ") -# get volume heal status -entries=$(sudo gluster volume heal data info split-brain | grep 'Number of entries in split-brain: ' | awk '{print $NF}') -if [ "$entries" -gt 0 ]; then - errors=("${errors[@]}" "$entries in split-brain") +if sudo gluster volume heal data info split-brain | grep 'Number of entries in split-brain: [1-9]'; then + errors=("${errors[@]}" "entries in split-brain present!") fi + # get volume status bricksfound=0 freegb=9999999 @@ -117,9 +116,9 @@ sudo gluster volume status $VOLUME detail | while IFS='\n' read line; do key=${field[@]:0:3} if [ "${key}" = "Disk Space Free" ]; then freeunit=${field[@]:4} - free=${freeunit%'GB'} + unit=${freeunit: -2} + free=${freeunit::${#freeunit}-4} freeconvgb=`echo "($free*1024)" | bc` - unit=${freeunit#$free} if [ "$unit" = "TB" ]; then free=$freeconvgb unit="GB" From e5eb246759112d108ce745238da8b07a5c41ee52 Mon Sep 17 00:00:00 2001 From: honza Date: Fri, 7 Oct 2016 11:11:19 +0200 Subject: [PATCH 135/190] check_gluster.sh: fix substring index Signed-off-by: honza --- files/check_gluster.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/check_gluster.sh b/files/check_gluster.sh index 1236d67..49f9f1d 100644 --- a/files/check_gluster.sh +++ b/files/check_gluster.sh @@ -117,7 +117,7 @@ sudo gluster volume status $VOLUME detail | while IFS='\n' read line; do if [ "${key}" = "Disk Space Free" ]; then freeunit=${field[@]:4} unit=${freeunit: -2} - free=${freeunit::${#freeunit}-4} + free=${freeunit::${#freeunit}-2} freeconvgb=`echo "($free*1024)" | bc` if [ "$unit" = "TB" ]; then free=$freeconvgb From cccfd40db8dda91f1b966a296189209c136601da Mon Sep 17 00:00:00 2001 From: honza Date: Mon, 31 Oct 2016 14:32:36 +0100 Subject: [PATCH 136/190] add check_sshuttle.pp refs #24100 Signed-off-by: honza --- manifests/plugins/check_sshuttle.pp | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 manifests/plugins/check_sshuttle.pp diff --git a/manifests/plugins/check_sshuttle.pp b/manifests/plugins/check_sshuttle.pp new file mode 100644 index 0000000..774c3e5 --- /dev/null +++ b/manifests/plugins/check_sshuttle.pp @@ -0,0 +1,28 @@ +# == Class: icinga::plugins::check_sshuttle +# +# This class provides a check_sshuttle plugin. +# +define icinga::plugins::check_sshuttle ( + $host, + $ensure = present, + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + $port = 22, +) { + require ::icinga + + @@nagios_service { "check_sshuttle_tunnel_${::fqdn}_${name}": + check_command => "check_tcp!${host}!${port}! -e SSH", + service_description => "sshuttle tunnel - ${name}", + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + +} + From 36c6f8de651f9175ae931ab3ebc02990ffe97989 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 3 Nov 2016 10:58:26 +0100 Subject: [PATCH 137/190] check_sshuttle: add subnets param Signed-off-by: honza --- manifests/plugins/check_sshuttle.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/plugins/check_sshuttle.pp b/manifests/plugins/check_sshuttle.pp index 774c3e5..a17ce5d 100644 --- a/manifests/plugins/check_sshuttle.pp +++ b/manifests/plugins/check_sshuttle.pp @@ -10,6 +10,7 @@ $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, $port = 22, + $subnets = [] ) { require ::icinga From 3d0656e89d25eefaa044db2f7fe81ce4caeb04f5 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 3 Nov 2016 11:29:43 +0100 Subject: [PATCH 138/190] testing commit Signed-off-by: honza --- manifests/plugins/check_sshuttle.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/check_sshuttle.pp b/manifests/plugins/check_sshuttle.pp index a17ce5d..da01db7 100644 --- a/manifests/plugins/check_sshuttle.pp +++ b/manifests/plugins/check_sshuttle.pp @@ -10,7 +10,7 @@ $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, $port = 22, - $subnets = [] + $subnets = [], ) { require ::icinga From 3b2ae9fce3d42656be2943ee691c5f05e94189dc Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 3 Nov 2016 12:23:46 +0100 Subject: [PATCH 139/190] add the check_tcp_other_host command Signed-off-by: honza --- templates/common/commands.cfg.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/templates/common/commands.cfg.erb b/templates/common/commands.cfg.erb index 41714ff..d690591 100644 --- a/templates/common/commands.cfg.erb +++ b/templates/common/commands.cfg.erb @@ -203,6 +203,11 @@ define command{ command_line $USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$ } +# 'check_tcp' command definition +define command{ + command_name check_tcp_other_host + command_line $USER1$/check_tcp -H $ARG1$ -p $ARG2$ $ARG3$ +} # 'check_udp' command definition define command{ From 3315af13a8d23489364399c644e60c8703e1c770 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 3 Nov 2016 15:16:02 +0100 Subject: [PATCH 140/190] check_sshuttle: use check_tcp_other_host instead of check_tcp Signed-off-by: honza --- manifests/plugins/check_sshuttle.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/check_sshuttle.pp b/manifests/plugins/check_sshuttle.pp index da01db7..f2d422b 100644 --- a/manifests/plugins/check_sshuttle.pp +++ b/manifests/plugins/check_sshuttle.pp @@ -15,7 +15,7 @@ require ::icinga @@nagios_service { "check_sshuttle_tunnel_${::fqdn}_${name}": - check_command => "check_tcp!${host}!${port}! -e SSH", + check_command => "check_tcp_other_host!${host}!${port}! -e SSH", service_description => "sshuttle tunnel - ${name}", host_name => $::fqdn, contact_groups => $contact_groups, From 8f42e988073568cea257977452dfaf9762785460 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Wed, 9 Nov 2016 10:52:58 +0100 Subject: [PATCH 141/190] moved checkvufwatcher.pp to profile_vufwatcher --- manifests/plugins/checkvufwatcher.pp | 34 ---------------------------- 1 file changed, 34 deletions(-) delete mode 100644 manifests/plugins/checkvufwatcher.pp diff --git a/manifests/plugins/checkvufwatcher.pp b/manifests/plugins/checkvufwatcher.pp deleted file mode 100644 index 2dedcff..0000000 --- a/manifests/plugins/checkvufwatcher.pp +++ /dev/null @@ -1,34 +0,0 @@ -# == Class: icinga::plugins::checkvufwatcher -# -# This class provides a checkvufwatcher plugin. -# -class icinga::plugins::checkvufwatcher ( - $contact_groups = $::environment, - $max_check_attempts = $::icinga::max_check_attempts, - $notification_period = $::icinga::notification_period, - $notifications_enabled = $::icinga::notifications_enabled, -) inherits icinga { - - if $icinga::client { - file{"${::icinga::includedir_client}/vufwatcher.cfg": - ensure => 'file', - mode => '0644', - owner => $::icinga::client_user, - group => $::icinga::client_group, - content => "command[check_vufwatcher]=${::icinga::plugindir}/check_procs -c 1:1 -C python --argument-array=vufwatcher.py\n", - notify => Service[$::icinga::service_client], - } - - @@nagios_service{"check_vufwatcher_${::fqdn}": - check_command => 'check_nrpe_command!check_vufwatcher', - service_description => 'Vufwatcher', - host_name => $::fqdn, - contact_groups => $contact_groups, - max_check_attempts => $max_check_attempts, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } - } - -} From aa89d421e78478d88a758dcdb7224e7f343b1be0 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Thu, 10 Nov 2016 17:09:01 +0100 Subject: [PATCH 142/190] changed check_interval to 60 minutes for check_cron_log --- manifests/plugins/checkcronlogs.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checkcronlogs.pp b/manifests/plugins/checkcronlogs.pp index 1de1418..9be5965 100644 --- a/manifests/plugins/checkcronlogs.pp +++ b/manifests/plugins/checkcronlogs.pp @@ -34,7 +34,7 @@ @@nagios_service { "check_cron_logs_${::fqdn}": check_command => 'check_nrpe_command!check_cron_logs', - check_interval => '3600', + check_interval => '60', service_description => 'Check cron logs', host_name => $::fqdn, contact_groups => $contact_groups, From 095d2a2cb792fd41f0452e42f8d00c54b80b1598 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Mon, 14 Nov 2016 11:26:54 +0100 Subject: [PATCH 143/190] add sportoaseOpeningHours definition to get_services_with_workhours.py.erb --- .../plugins/get_services_with_workhours.py.erb | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb index 77e54f1..610ecb0 100644 --- a/templates/plugins/get_services_with_workhours.py.erb +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -36,4 +36,20 @@ for service in parsed_data['config']['services']: print(' propagate 1') print(' register 1') print('}\n') + if service['notification_period'] == 'sportoaseOpeningHours': + print('define downtime {') + print(" host_name %s " % (service['host_name']) ) + print(" service_description %s " % (service['service_description']) ) + print(' author monitor') + print(' comment Schedule downtime for services with workhours notifications') + print(' downtime_period monday 00:00-08:00,22:00-24:00') + print(' downtime_period tuesday 00:00-08:00,22:00-24:00') + print(' downtime_period wednesday 00:00-08:00,22:00-24:00') + print(' downtime_period thursday 00:00-08:00,22:00-24:00') + print(' downtime_period friday 00:00-08:00,22:00-24:00') + print(' downtime_period saturday 00:00-08:00,18:00-24:00') + print(' downtime_period sunday 00:00-08:00,18:00-24:00') + print(' propagate 1') + print(' register 1') + print('}\n') From 98a9c13b7e420eab432eb068647025f9b44229be Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Mon, 14 Nov 2016 11:39:32 +0100 Subject: [PATCH 144/190] Revert "add sportoaseOpeningHours definition to get_services_with_workhours.py.erb" This reverts commit 095d2a2cb792fd41f0452e42f8d00c54b80b1598. --- .../plugins/get_services_with_workhours.py.erb | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb index 610ecb0..77e54f1 100644 --- a/templates/plugins/get_services_with_workhours.py.erb +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -36,20 +36,4 @@ for service in parsed_data['config']['services']: print(' propagate 1') print(' register 1') print('}\n') - if service['notification_period'] == 'sportoaseOpeningHours': - print('define downtime {') - print(" host_name %s " % (service['host_name']) ) - print(" service_description %s " % (service['service_description']) ) - print(' author monitor') - print(' comment Schedule downtime for services with workhours notifications') - print(' downtime_period monday 00:00-08:00,22:00-24:00') - print(' downtime_period tuesday 00:00-08:00,22:00-24:00') - print(' downtime_period wednesday 00:00-08:00,22:00-24:00') - print(' downtime_period thursday 00:00-08:00,22:00-24:00') - print(' downtime_period friday 00:00-08:00,22:00-24:00') - print(' downtime_period saturday 00:00-08:00,18:00-24:00') - print(' downtime_period sunday 00:00-08:00,18:00-24:00') - print(' propagate 1') - print(' register 1') - print('}\n') From 907fd16cc1ced610799acdd6842d401b21084e5d Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Tue, 15 Nov 2016 09:16:08 +0100 Subject: [PATCH 145/190] schedule downtimes based on hiera data --- .../schedule_downtime_for_workhours.pp | 3 +++ .../get_services_with_workhours.py.erb | 21 +++++++++---------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/manifests/plugins/schedule_downtime_for_workhours.pp b/manifests/plugins/schedule_downtime_for_workhours.pp index 494f32b..8c280bc 100644 --- a/manifests/plugins/schedule_downtime_for_workhours.pp +++ b/manifests/plugins/schedule_downtime_for_workhours.pp @@ -14,8 +14,11 @@ $icinga_pass, $icinga_url = 'https://icinga.inuits.eu/icinga/cgi-bin/config.cgi?type=services&jsonoutput', $work_dir = '/var/lib/icinga', + $downtimes = {}, ) inherits icinga { + validate_hash($downtimes) + file { '/usr/local/bin/get_services_with_workhours.py': ensure => 'file', mode => '0755', diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb index 77e54f1..380d21b 100644 --- a/templates/plugins/get_services_with_workhours.py.erb +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -20,20 +20,19 @@ parsed_data = json.loads(data) print('# this output is generated by /usr/local/bin/get_services_with_workhours.py, probably by cron\n') for service in parsed_data['config']['services']: - if service['notification_period'] == 'workhours': +<% @downtimes.each do |downtimes_key, downtimes_value| -%> + <% @downtimes_value.each do |downtime_parameter_key, downtime_paramater_value| -%> + if service['notification_period'] == '<%= downtimes_key -%>': print('define downtime {') print(" host_name %s " % (service['host_name']) ) print(" service_description %s " % (service['service_description']) ) - print(' author monitor') - print(' comment Schedule downtime for services with workhours notifications') - print(' downtime_period monday 00:00-09:00,18:00-24:00') - print(' downtime_period tuesday 00:00-09:00,18:00-24:00') - print(' downtime_period wednesday 00:00-09:00,18:00-24:00') - print(' downtime_period thursday 00:00-09:00,18:00-24:00') - print(' downtime_period friday 00:00-09:00,18:00-24:00') - print(' downtime_period saturday 00:00-24:00') - print(' downtime_period sunday 00:00-24:00') + print(' author <%= downtime_parameter_value['author'] -%>') + print(' comment <%= downtime_parameter_value['comment'] -%>') + <% downtime_parameter_value['downtime_period'].each do |dtperiod| -%> + print(' downtime_period <%= dtperiod -%>') + <% end -%> print(' propagate 1') print(' register 1') print('}\n') - + <% end -%> +<% end -%> From f1fa838fe78db5e084208c0a269d7440a4299057 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Tue, 15 Nov 2016 09:36:15 +0100 Subject: [PATCH 146/190] fix in schedule downtime script --- templates/plugins/get_services_with_workhours.py.erb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb index 380d21b..ce0d662 100644 --- a/templates/plugins/get_services_with_workhours.py.erb +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -21,18 +21,16 @@ print('# this output is generated by /usr/local/bin/get_services_with_workhours. for service in parsed_data['config']['services']: <% @downtimes.each do |downtimes_key, downtimes_value| -%> - <% @downtimes_value.each do |downtime_parameter_key, downtime_paramater_value| -%> if service['notification_period'] == '<%= downtimes_key -%>': print('define downtime {') print(" host_name %s " % (service['host_name']) ) print(" service_description %s " % (service['service_description']) ) - print(' author <%= downtime_parameter_value['author'] -%>') - print(' comment <%= downtime_parameter_value['comment'] -%>') - <% downtime_parameter_value['downtime_period'].each do |dtperiod| -%> + print(' author <%= downtimes_value['author'] -%>') + print(' comment <%= downtimes_value['comment'] -%>') + <% downtimes_value['downtime_period'].each do |dtperiod| -%> print(' downtime_period <%= dtperiod -%>') <% end -%> print(' propagate 1') print(' register 1') print('}\n') - <% end -%> <% end -%> From 26048349fb205c99909590541d3eb9f55e4a64e2 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Tue, 15 Nov 2016 09:45:54 +0100 Subject: [PATCH 147/190] Revert "fix in schedule downtime script" This reverts commit f1fa838fe78db5e084208c0a269d7440a4299057. --- templates/plugins/get_services_with_workhours.py.erb | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb index ce0d662..380d21b 100644 --- a/templates/plugins/get_services_with_workhours.py.erb +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -21,16 +21,18 @@ print('# this output is generated by /usr/local/bin/get_services_with_workhours. for service in parsed_data['config']['services']: <% @downtimes.each do |downtimes_key, downtimes_value| -%> + <% @downtimes_value.each do |downtime_parameter_key, downtime_paramater_value| -%> if service['notification_period'] == '<%= downtimes_key -%>': print('define downtime {') print(" host_name %s " % (service['host_name']) ) print(" service_description %s " % (service['service_description']) ) - print(' author <%= downtimes_value['author'] -%>') - print(' comment <%= downtimes_value['comment'] -%>') - <% downtimes_value['downtime_period'].each do |dtperiod| -%> + print(' author <%= downtime_parameter_value['author'] -%>') + print(' comment <%= downtime_parameter_value['comment'] -%>') + <% downtime_parameter_value['downtime_period'].each do |dtperiod| -%> print(' downtime_period <%= dtperiod -%>') <% end -%> print(' propagate 1') print(' register 1') print('}\n') + <% end -%> <% end -%> From 068580436b8a0bb1bf7ebdb0274e620d4be01839 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Tue, 15 Nov 2016 09:48:31 +0100 Subject: [PATCH 148/190] typo fix --- templates/plugins/get_services_with_workhours.py.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb index 380d21b..6af2235 100644 --- a/templates/plugins/get_services_with_workhours.py.erb +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -20,8 +20,8 @@ parsed_data = json.loads(data) print('# this output is generated by /usr/local/bin/get_services_with_workhours.py, probably by cron\n') for service in parsed_data['config']['services']: -<% @downtimes.each do |downtimes_key, downtimes_value| -%> - <% @downtimes_value.each do |downtime_parameter_key, downtime_paramater_value| -%> +<% @downtimes.each do |downtimes_key, downtimes_value_hash| -%> + <% downtimes_value_hash.each do |downtime_parameter_key, downtime_paramater_value| -%> if service['notification_period'] == '<%= downtimes_key -%>': print('define downtime {') print(" host_name %s " % (service['host_name']) ) From 56346adb0dca579bb4d7ef630e31af7f6acd3594 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Tue, 15 Nov 2016 10:17:45 +0100 Subject: [PATCH 149/190] syntax fix get_services_with_workhours.py.erb --- templates/plugins/get_services_with_workhours.py.erb | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb index 6af2235..65b1026 100644 --- a/templates/plugins/get_services_with_workhours.py.erb +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -21,18 +21,16 @@ print('# this output is generated by /usr/local/bin/get_services_with_workhours. for service in parsed_data['config']['services']: <% @downtimes.each do |downtimes_key, downtimes_value_hash| -%> - <% downtimes_value_hash.each do |downtime_parameter_key, downtime_paramater_value| -%> if service['notification_period'] == '<%= downtimes_key -%>': print('define downtime {') print(" host_name %s " % (service['host_name']) ) print(" service_description %s " % (service['service_description']) ) - print(' author <%= downtime_parameter_value['author'] -%>') - print(' comment <%= downtime_parameter_value['comment'] -%>') - <% downtime_parameter_value['downtime_period'].each do |dtperiod| -%> + print(' author <%= downtimes_value_hash['author'] -%>') + print(' comment <%= downtimes_value_hash['comment'] -%>') + <% downtimes_value_hash['downtime_period'].each do |dtperiod| -%> print(' downtime_period <%= dtperiod -%>') <% end -%> print(' propagate 1') print(' register 1') print('}\n') - <% end -%> <% end -%> From 732f70eb8ef0c3c5c884968acc1e6e633d50a84d Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Tue, 15 Nov 2016 10:39:03 +0100 Subject: [PATCH 150/190] layout fix in python script --- templates/plugins/get_services_with_workhours.py.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb index 65b1026..990346b 100644 --- a/templates/plugins/get_services_with_workhours.py.erb +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -27,9 +27,9 @@ for service in parsed_data['config']['services']: print(" service_description %s " % (service['service_description']) ) print(' author <%= downtimes_value_hash['author'] -%>') print(' comment <%= downtimes_value_hash['comment'] -%>') - <% downtimes_value_hash['downtime_period'].each do |dtperiod| -%> + <%- downtimes_value_hash['downtime_period'].each do |dtperiod| -%> print(' downtime_period <%= dtperiod -%>') - <% end -%> + <%- end -%> print(' propagate 1') print(' register 1') print('}\n') From 73b714069aae407daba76d43bfb6010871f9b14d Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Wed, 16 Nov 2016 12:20:28 +0100 Subject: [PATCH 151/190] schedule downtime for hostchecks --- .../schedule_downtime_for_workhours.pp | 4 +-- .../get_services_with_workhours.py.erb | 29 +++++++++++++++++-- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/manifests/plugins/schedule_downtime_for_workhours.pp b/manifests/plugins/schedule_downtime_for_workhours.pp index 8c280bc..67476e8 100644 --- a/manifests/plugins/schedule_downtime_for_workhours.pp +++ b/manifests/plugins/schedule_downtime_for_workhours.pp @@ -12,7 +12,8 @@ class icinga::plugins::schedule_downtime_for_workhours ( $icinga_user, $icinga_pass, - $icinga_url = 'https://icinga.inuits.eu/icinga/cgi-bin/config.cgi?type=services&jsonoutput', + $icinga_url_services = 'https://icinga.inuits.eu/icinga/cgi-bin/config.cgi?type=services&jsonoutput', + $icinga_url_hosts = 'https://icinga.inuits.eu/icinga/cgi-bin/config.cgi?type=hosts&jsonoutput', $work_dir = '/var/lib/icinga', $downtimes = {}, ) inherits icinga { @@ -54,4 +55,3 @@ } } - diff --git a/templates/plugins/get_services_with_workhours.py.erb b/templates/plugins/get_services_with_workhours.py.erb index 990346b..31196f4 100644 --- a/templates/plugins/get_services_with_workhours.py.erb +++ b/templates/plugins/get_services_with_workhours.py.erb @@ -3,15 +3,17 @@ import urllib2 import json -url = '<%= @icinga_url %>' +urlServices = '<%= @icinga_url_services %>' +urlHosts = '<%= @icinga_url_hosts %>' username = '<%= @icinga_user %>' password = '<%= @icinga_pass %>' passman = urllib2.HTTPPasswordMgrWithDefaultRealm() -passman.add_password(None, url, username, password) +passman.add_password(None, urlServices, username, password) +passman.add_password(None, urlHosts, username, password) urllib2.install_opener(urllib2.build_opener(urllib2.HTTPBasicAuthHandler(passman))) -req = urllib2.Request(url) +req = urllib2.Request(urlServices) f = urllib2.urlopen(req) data = f.read() @@ -34,3 +36,24 @@ for service in parsed_data['config']['services']: print(' register 1') print('}\n') <% end -%> + +req = urllib2.Request(urlHosts) +f = urllib2.urlopen(req) +data = f.read() + +parsed_data = json.loads(data) + +for host in parsed_data['config']['hosts']: +<% @downtimes.each do |downtimes_key, downtimes_value_hash| -%> + if host['notification_period'] == '<%= downtimes_key -%>': + print('define downtime {') + print(" host_name %s " % (host['host_name']) ) + print(' author <%= downtimes_value_hash['author'] -%>') + print(' comment <%= downtimes_value_hash['comment'] -%>') + <%- downtimes_value_hash['downtime_period'].each do |dtperiod| -%> + print(' downtime_period <%= dtperiod -%>') + <%- end -%> + print(' propagate 1') + print(' register 1') + print('}\n') +<% end -%> From 94ebdfa061277b84e5a54603dbb27ec4cffa582a Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Mon, 28 Nov 2016 14:58:26 +0100 Subject: [PATCH 152/190] add check_pgactivity (moved here from profile_pgsql) Signed-off-by: Pavel Pulec --- manifests/plugins/check_pgactivity.pp | 40 +++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 manifests/plugins/check_pgactivity.pp diff --git a/manifests/plugins/check_pgactivity.pp b/manifests/plugins/check_pgactivity.pp new file mode 100644 index 0000000..5dce3cf --- /dev/null +++ b/manifests/plugins/check_pgactivity.pp @@ -0,0 +1,40 @@ +# == Class: icinga::plugins::check_pgactivity +class icinga::plugins::check_pgactivity ( + $pgsqlpassword, + $ensure = present, + $contact_groups = $::environment, + $host = 'localhost', + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) inherits icinga { + + package {'perl-Data-Dumper': + ensure => present, + } + + package { 'nagios-plugins-pgactivity': + ensure => installed, + } + + file { "${::icinga::includedir_client}/pgactivity.cfg": + content => "command[check_pgactivity]=/usr/lib64/nagios/plugins/check_pgactivity -h ${host} -s connection", + # notify => Service[$::icinga::service_client]; + } + + file { '/var/spool/nagios/.pgpass': + ensure => file, + mode => '0600', + owner => 'nagios', + group => 'nagios', + content => "#manged by puppet\n${host}:5432:*:postgres:${pgsqlpassword}", + } + + @@nagios_service { "check_pgactivity_${::fqdn}": + check_command => 'check_nrpe_command!check_pgactivity', + service_description => 'PostgreSQL Status', + host_name => $::fqdn, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + +} From 0a52efbec9f5f53ea9d49924393d652f957d47c6 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 1 Dec 2016 08:30:26 +0100 Subject: [PATCH 153/190] set owner/group of icinga::plugins::checkgraphite + do not export refs #19375 Signed-off-by: Pavel Pulec --- manifests/plugins/checkgraphite.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checkgraphite.pp b/manifests/plugins/checkgraphite.pp index 87abb8e..a49e26e 100644 --- a/manifests/plugins/checkgraphite.pp +++ b/manifests/plugins/checkgraphite.pp @@ -15,8 +15,10 @@ } } - @@nagios_command{'check_graphite': + nagios_command{'check_graphite': ensure => present, + owner => $::icinga::server_user, + group => $::icinga::server_group, command_line => '$USER1$/check_graphite -u \'$ARG1$\' -w $ARG2$ -c $ARG3$', target => "${::icinga::targetdir}/commands/check_graphite.cfg", } From daaa54baf0e627006973aca846ffad2b42c121f9 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 1 Dec 2016 14:37:15 +0100 Subject: [PATCH 154/190] do not require ::ntp it was causing duplicate resources and I guess that it is not necessary. Signed-off-by: Pavel Pulec --- manifests/plugins/checkntp.pp | 4 +--- manifests/plugins/checkntpdhealth.pp | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/manifests/plugins/checkntp.pp b/manifests/plugins/checkntp.pp index b9c55f8..c789b9b 100644 --- a/manifests/plugins/checkntp.pp +++ b/manifests/plugins/checkntp.pp @@ -11,7 +11,7 @@ $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, -) inherits ::icinga { +) inherits icinga { if is_array($ntp_server) { $_ntp_server = $ntp_server[0] @@ -19,8 +19,6 @@ $_ntp_server = $ntp_server } - require ::ntp - file{"${::icinga::includedir_client}/ntp.cfg": ensure => 'file', mode => '0644', diff --git a/manifests/plugins/checkntpdhealth.pp b/manifests/plugins/checkntpdhealth.pp index 137fa87..40a14b2 100644 --- a/manifests/plugins/checkntpdhealth.pp +++ b/manifests/plugins/checkntpdhealth.pp @@ -11,9 +11,7 @@ $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, -) inherits ::icinga { - - require ::ntp +) inherits icinga { $script_path = "${::icinga::plugindir}/check_ntpd_health.pl" From fd6f57e4fb2a7dc7d88aba102891218b356044a6 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 21 Dec 2016 11:29:35 +0100 Subject: [PATCH 155/190] monitor Mongoreplication only when replica_set is defined refs #25740 Signed-off-by: Pavel Pulec --- manifests/plugins/checkmongodb.pp | 5 ++--- templates/plugins/mongodb.cfg.erb | 6 ++++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/manifests/plugins/checkmongodb.pp b/manifests/plugins/checkmongodb.pp index 19765cb..358a588 100644 --- a/manifests/plugins/checkmongodb.pp +++ b/manifests/plugins/checkmongodb.pp @@ -12,8 +12,7 @@ $mongod_graphite_io_read_url = 'http://graphite/render?target=mongo_host.processes.mongod.ps_disk_octets.read&from=-5minutes&rawData=true', $mongod_graphite_io_write_url = 'http://graphite/render?target=mongo_host.processes.mongod.ps_disk_octets.write&from=-5minutes&rawData=true', $graphite_host = undef, - $monitor_replication = true, - $replica_set = 'replica_name', + $replica_set = undef, ) inherits icinga { if $icinga::client { @@ -42,7 +41,7 @@ notify => Service[$::icinga::service_client], } - if $monitor_replication { + if $replica_set { @@nagios_service { "check_mongodb_replication_lag_${::fqdn}": check_command => 'check_nrpe_command!check_mongodb_replication_lag', service_description => 'MongoDB Replication Lag', diff --git a/templates/plugins/mongodb.cfg.erb b/templates/plugins/mongodb.cfg.erb index cebe919..f233cd0 100644 --- a/templates/plugins/mongodb.cfg.erb +++ b/templates/plugins/mongodb.cfg.erb @@ -3,9 +3,11 @@ ### Module: '<%= scope.to_hash['module_name'] %>' ### Template source: '<%= template_source %>' +command[check_mongodb_connect]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A connect -P 27017 -W 2 -C 4 +command[check_mongodb_connections]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A connections -P 27017 -W 70 -C 80 +<% if @replica_set -%> command[check_mongodb_replication_lag]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A replication_lag -P 27017 -W 15 -C 30 command[check_mongodb_replication_lag_percentage]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A replication_lag_percent -P 27017 -W 50 -C 75 command[check_mongodb_replicaset]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A replica_primary -P 27017 -W 0 -C 1 -r <%= @replica_set %> -command[check_mongodb_connect]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A connect -P 27017 -W 2 -C 4 -command[check_mongodb_connections]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A connections -P 27017 -W 70 -C 80 command[check_mongodb_replset_state]=<%= @plugindir %>/check_mongodb.py -H <%= @mongod_bind_ip %> -A replset_state -P 27017 +<% end -%> From 7f78dba6d90ed27bca4b27ae27bd289c374cf526 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Thu, 5 Jan 2017 11:16:33 +0100 Subject: [PATCH 156/190] changed icinga.inuits.eu to localhost in sched_down_for_workhours.pp --- manifests/plugins/schedule_downtime_for_workhours.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/schedule_downtime_for_workhours.pp b/manifests/plugins/schedule_downtime_for_workhours.pp index 67476e8..a0c075c 100644 --- a/manifests/plugins/schedule_downtime_for_workhours.pp +++ b/manifests/plugins/schedule_downtime_for_workhours.pp @@ -12,8 +12,8 @@ class icinga::plugins::schedule_downtime_for_workhours ( $icinga_user, $icinga_pass, - $icinga_url_services = 'https://icinga.inuits.eu/icinga/cgi-bin/config.cgi?type=services&jsonoutput', - $icinga_url_hosts = 'https://icinga.inuits.eu/icinga/cgi-bin/config.cgi?type=hosts&jsonoutput', + $icinga_url_services = 'https://localhost/icinga/cgi-bin/config.cgi?type=services&jsonoutput', + $icinga_url_hosts = 'https://localhost/icinga/cgi-bin/config.cgi?type=hosts&jsonoutput', $work_dir = '/var/lib/icinga', $downtimes = {}, ) inherits icinga { From d82b87061215a35da687b594d8c7ac2d7ccdc47c Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Thu, 5 Jan 2017 12:50:26 +0100 Subject: [PATCH 157/190] ensure schedule_downtime_for_workhours file has right ownership --- manifests/plugins/schedule_downtime_for_workhours.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/plugins/schedule_downtime_for_workhours.pp b/manifests/plugins/schedule_downtime_for_workhours.pp index a0c075c..6773ea1 100644 --- a/manifests/plugins/schedule_downtime_for_workhours.pp +++ b/manifests/plugins/schedule_downtime_for_workhours.pp @@ -46,6 +46,13 @@ target => "${::icinga::targetdir}/commands/schedule_downtime_for_workhours.cfg", } + file {"${::icinga::targetdir}/commands/schedule_downtime_for_workhours.cfg": + ensure => 'present', + mode => '0600', + owner => $::icinga::server_user, + group => $::icinga::server_group, + } + nagios_service {'schedule_downtime_for_workhours': check_command => 'schedule_downtime_for_workhours!-d0', service_description => 'Schedule downtimes for services with workhours', From 8e9b4d537a874afd58b89dc7958169ff21dad289 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Thu, 5 Jan 2017 14:12:11 +0100 Subject: [PATCH 158/190] https => http in schedule_downtime_for_workhours --- manifests/plugins/schedule_downtime_for_workhours.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/schedule_downtime_for_workhours.pp b/manifests/plugins/schedule_downtime_for_workhours.pp index 6773ea1..7793caf 100644 --- a/manifests/plugins/schedule_downtime_for_workhours.pp +++ b/manifests/plugins/schedule_downtime_for_workhours.pp @@ -12,8 +12,8 @@ class icinga::plugins::schedule_downtime_for_workhours ( $icinga_user, $icinga_pass, - $icinga_url_services = 'https://localhost/icinga/cgi-bin/config.cgi?type=services&jsonoutput', - $icinga_url_hosts = 'https://localhost/icinga/cgi-bin/config.cgi?type=hosts&jsonoutput', + $icinga_url_services = 'http://localhost/icinga/cgi-bin/config.cgi?type=services&jsonoutput', + $icinga_url_hosts = 'http://localhost/icinga/cgi-bin/config.cgi?type=hosts&jsonoutput', $work_dir = '/var/lib/icinga', $downtimes = {}, ) inherits icinga { From 4ea7740feb6f0225d5bec16a25972a505b2617ab Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 5 Jan 2017 14:15:57 +0100 Subject: [PATCH 159/190] add checkhttps.pp and checkhttps_certificate.pp Signed-off-by: honza --- manifests/plugins/checkhttps.pp | 29 ++++++++++++++++++++ manifests/plugins/checkhttps_certificate.pp | 30 +++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 manifests/plugins/checkhttps.pp create mode 100644 manifests/plugins/checkhttps_certificate.pp diff --git a/manifests/plugins/checkhttps.pp b/manifests/plugins/checkhttps.pp new file mode 100644 index 0000000..1092d87 --- /dev/null +++ b/manifests/plugins/checkhttps.pp @@ -0,0 +1,29 @@ +# == Class: icinga::plugins::checkhttps +# +# This class provides a checkhttps plugin. +# +define icinga::plugins::checkhttps ( + $vhost = $name, + $port = 443, + $expected_codes = '200,301,302', + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) { + + require ::icinga + if $icinga::client { + @@nagios_service { "check_https_${::fqdn}_${host}": + check_command => "check_http!-H ${vhost} -S -p ${port} -e ${expeted_codes} --sni", + service_description => "check https ${vhost}", + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + } + +} diff --git a/manifests/plugins/checkhttps_certificate.pp b/manifests/plugins/checkhttps_certificate.pp new file mode 100644 index 0000000..f178e41 --- /dev/null +++ b/manifests/plugins/checkhttps_certificate.pp @@ -0,0 +1,30 @@ +# == Class: icinga::plugins::checkhttps_certificate +# +# This class provides a checkhttps_certificate plugin. +# +define icinga::plugins::checkhttps_certificate ( + $vhost = $name, + $port = 443, + $expected_codes = '200,301,302', + $cert_validity_days_required = 14, + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) { + + require ::icinga + if $icinga::client { + @@nagios_service { "check_https_certificate_${::fqdn}_${host}": + check_command => "check_http!-H ${vhost} -S -p ${port} -e ${expeted_codes} --sni -C ${cert_validity_days_required}", + service_description => "check https certificate ${vhost}", + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + } + +} From 4c3fa95e20264eb540257cadbc2d5198d368694e Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 5 Jan 2017 14:30:56 +0100 Subject: [PATCH 160/190] checkhttps.pp fix duplicate declaration Signed-off-by: honza --- manifests/plugins/checkhttps.pp | 2 +- manifests/plugins/checkhttps_certificate.pp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checkhttps.pp b/manifests/plugins/checkhttps.pp index 1092d87..05b86a6 100644 --- a/manifests/plugins/checkhttps.pp +++ b/manifests/plugins/checkhttps.pp @@ -14,7 +14,7 @@ require ::icinga if $icinga::client { - @@nagios_service { "check_https_${::fqdn}_${host}": + @@nagios_service { "check_https_${::fqdn}_${vhost}": check_command => "check_http!-H ${vhost} -S -p ${port} -e ${expeted_codes} --sni", service_description => "check https ${vhost}", host_name => $::fqdn, diff --git a/manifests/plugins/checkhttps_certificate.pp b/manifests/plugins/checkhttps_certificate.pp index f178e41..add4e26 100644 --- a/manifests/plugins/checkhttps_certificate.pp +++ b/manifests/plugins/checkhttps_certificate.pp @@ -15,7 +15,7 @@ require ::icinga if $icinga::client { - @@nagios_service { "check_https_certificate_${::fqdn}_${host}": + @@nagios_service { "check_https_certificate_${::fqdn}_${vhost}": check_command => "check_http!-H ${vhost} -S -p ${port} -e ${expeted_codes} --sni -C ${cert_validity_days_required}", service_description => "check https certificate ${vhost}", host_name => $::fqdn, From 2b28860e773b17a7c80a00c4e98b3164c4fb1958 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 5 Jan 2017 15:49:42 +0100 Subject: [PATCH 161/190] fix typo Signed-off-by: honza --- manifests/plugins/check_https.pp | 0 manifests/plugins/checkhttps.pp | 2 +- manifests/plugins/checkhttps_certificate.pp | 2 +- 3 files changed, 2 insertions(+), 2 deletions(-) create mode 100644 manifests/plugins/check_https.pp diff --git a/manifests/plugins/check_https.pp b/manifests/plugins/check_https.pp new file mode 100644 index 0000000..e69de29 diff --git a/manifests/plugins/checkhttps.pp b/manifests/plugins/checkhttps.pp index 05b86a6..4967ddf 100644 --- a/manifests/plugins/checkhttps.pp +++ b/manifests/plugins/checkhttps.pp @@ -15,7 +15,7 @@ require ::icinga if $icinga::client { @@nagios_service { "check_https_${::fqdn}_${vhost}": - check_command => "check_http!-H ${vhost} -S -p ${port} -e ${expeted_codes} --sni", + check_command => "check_http!-H ${vhost} -S -p ${port} -e ${expected_codes} --sni", service_description => "check https ${vhost}", host_name => $::fqdn, contact_groups => $contact_groups, diff --git a/manifests/plugins/checkhttps_certificate.pp b/manifests/plugins/checkhttps_certificate.pp index add4e26..40af75c 100644 --- a/manifests/plugins/checkhttps_certificate.pp +++ b/manifests/plugins/checkhttps_certificate.pp @@ -16,7 +16,7 @@ require ::icinga if $icinga::client { @@nagios_service { "check_https_certificate_${::fqdn}_${vhost}": - check_command => "check_http!-H ${vhost} -S -p ${port} -e ${expeted_codes} --sni -C ${cert_validity_days_required}", + check_command => "check_http!-H ${vhost} -S -p ${port} -e ${expected_codes} --sni -C ${cert_validity_days_required}", service_description => "check https certificate ${vhost}", host_name => $::fqdn, contact_groups => $contact_groups, From a77e79b03c281f64a6f1d636055145131a7393fc Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Fri, 6 Jan 2017 13:42:31 +0100 Subject: [PATCH 162/190] make icinga_user en _pass undef in schedule_downtime_for_workhours.pp --- manifests/plugins/schedule_downtime_for_workhours.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/schedule_downtime_for_workhours.pp b/manifests/plugins/schedule_downtime_for_workhours.pp index 7793caf..932bec1 100644 --- a/manifests/plugins/schedule_downtime_for_workhours.pp +++ b/manifests/plugins/schedule_downtime_for_workhours.pp @@ -10,8 +10,8 @@ # the services and for services with 'workhours' will schedule downtime. # class icinga::plugins::schedule_downtime_for_workhours ( - $icinga_user, - $icinga_pass, + $icinga_user = undef, + $icinga_pass = undef, $icinga_url_services = 'http://localhost/icinga/cgi-bin/config.cgi?type=services&jsonoutput', $icinga_url_hosts = 'http://localhost/icinga/cgi-bin/config.cgi?type=hosts&jsonoutput', $work_dir = '/var/lib/icinga', From 6a09db8aa6e596ea4d749ddcb6e5325daa416135 Mon Sep 17 00:00:00 2001 From: Yornik Heyl Date: Fri, 13 Jan 2017 13:56:51 +0100 Subject: [PATCH 163/190] changed date format to something sensebile --- templates/redhat/icinga.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/redhat/icinga.cfg.erb b/templates/redhat/icinga.cfg.erb index 0b2cd4f..87f8f31 100644 --- a/templates/redhat/icinga.cfg.erb +++ b/templates/redhat/icinga.cfg.erb @@ -1146,7 +1146,7 @@ high_host_flap_threshold=20.0 # strict-iso8601 (YYYY-MM-DDTHH:MM:SS) # -date_format=us +date_format=iso8601 From e6b5166ad19f1a7e9cd8dc4e4940beb370967abe Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 19 Jan 2017 10:19:39 +0100 Subject: [PATCH 164/190] update elasticsearch/check_number_of_documents.sh refs #26676 I added the condition which checks the total number of events. So simply, when ES is empty, then the check will be only warning...complaining that there is probably too few messages in ELK stack. Signed-off-by: Pavel Pulec --- .../check_number_of_documents.sh | 115 +++++++++++------- 1 file changed, 70 insertions(+), 45 deletions(-) diff --git a/files/elasticsearch/check_number_of_documents.sh b/files/elasticsearch/check_number_of_documents.sh index 5d2b91e..89f83ff 100644 --- a/files/elasticsearch/check_number_of_documents.sh +++ b/files/elasticsearch/check_number_of_documents.sh @@ -14,63 +14,88 @@ TWO_LATEST_INDEXES=$(curl -s 'localhost:9200/_stats/indexes' | jq -r '.indices | [[ "$?" != 0 ]] && { echo "The request for the list of indexes failed"; exit 3; } -NUMBER_OF_EVENTS=$(curl -s "localhost:9200/${TWO_LATEST_INDEXES}/syslog/_search?pretty" -d "{ - \"size\": 0, - \"aggs\": {}, - \"query\": { - \"filtered\": { - \"query\": { - \"query_string\": { - \"analyze_wildcard\": true, - \"query\": \"*\" - } - }, - \"filter\": { - \"bool\": { - \"must\": [ - { - \"query\": { - \"match\": { - \"program\": { - \"query\": \"${PROGRAM_NAME}\", - \"type\": \"phrase\" +number_of_events () { + + if [[ "$1" == 'get_all_events' ]];then + QUERY_PROGRAM='' + else + QUERY_PROGRAM=" + { + \"query\": { + \"match\": { + \"program\": { + \"query\": \"${1}\", + \"type\": \"phrase\" + } } + } - } - }, - { - \"query\": { - \"exists\": { - \"field\": \"json_data.data.routing_key\" + }, + { + \"query\": { + \"exists\": { + \"field\": \"json_data.data.routing_key\" + } } - } - }, - { - \"range\": { - \"@timestamp\": { - \"gte\": ${CURRENT_EPOCH_15MIN_LESS}, - \"lte\": ${CURRENT_EPOCH}, - \"format\": \"epoch_millis\" + }," + fi + + NUMBER_OF_EVENTS=$(curl -s "localhost:9200/${TWO_LATEST_INDEXES}/syslog/_search?pretty" -d "{ + \"size\": 0, + \"aggs\": {}, + \"query\": { + \"filtered\": { + \"query\": { + \"query_string\": { + \"analyze_wildcard\": true, + \"query\": \"*\" + } + }, + \"filter\": { + \"bool\": { + \"must\": [ + ${QUERY_PROGRAM} + { + \"range\": { + \"@timestamp\": { + \"gte\": ${CURRENT_EPOCH_15MIN_LESS}, + \"lte\": ${CURRENT_EPOCH}, + \"format\": \"epoch_millis\" + } } } - } - ], - \"must_not\": [] + ], + \"must_not\": [] + } } } } - } -}" | -jq -r '.hits.total') + }" | + jq -r '.hits.total') -[[ "$?" != 0 ]] && { echo "The request for the actually processed data failed"; exit 3; } + [[ "$?" != 0 ]] && { echo "The request for the actually processed data failed"; exit 3; } + + echo $NUMBER_OF_EVENTS + +} + +NUMBER_OF_PROGRAM_EVENTS=$(number_of_events "$PROGRAM_NAME") +NUMBER_OF_ALL_EVENTS=$(number_of_events 'get_all_events') + +#echo "the number of program events: $NUMBER_OF_PROGRAM_EVENTS" +#echo "the number of all events: $NUMBER_OF_ALL_EVENTS" + +if [[ "$NUMBER_OF_ALL_EVENTS" -lt 1000 ]] +then + echo "WARNING - there is only ${NUMBER_OF_ALL_EVENTS} event(s) in ES in totalduuring range: '${INTERVAL}'. Something wrong is probalby with ELK stack." && exit 1 +fi -if [[ "$NUMBER_OF_EVENTS" -gt 5 ]] +if [[ "$NUMBER_OF_PROGRAM_EVENTS" -gt 5 ]] then - echo "OK - ${NUMBER_OF_EVENTS} events were processed during range: '${INTERVAL}'" && exit 0 -elif [[ "$NUMBER_OF_EVENTS" -gt 0 ]] + echo "OK - ${NUMBER_OF_PROGRAM_EVENTS} events were processed during range: '${INTERVAL}'" && exit 0 +elif [[ "$NUMBER_OF_PROGRAM_EVENTS" -gt 0 ]] then - echo "WARNING - only ${NUMBER_OF_EVENTS} event(s) was/were processed during range: '${INTERVAL}'" && exit 1 + echo "WARNING - only ${NUMBER_OF_PROGRAM_EVENTS} event(s) was/were processed during range: '${INTERVAL}'" && exit 1 else echo "ERROR - No event was processed during range: '${INTERVAL}'" && exit 2 fi From 899aaf7eca5d769c4b81b91379a42eec3060619c Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Thu, 19 Jan 2017 10:24:38 +0100 Subject: [PATCH 165/190] mod icinga: update elasticsearch/check_number_of_documents.sh - typos + remove && operators refs #26676 Signed-off-by: Pavel Pulec --- files/elasticsearch/check_number_of_documents.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/files/elasticsearch/check_number_of_documents.sh b/files/elasticsearch/check_number_of_documents.sh index 89f83ff..2985d4c 100644 --- a/files/elasticsearch/check_number_of_documents.sh +++ b/files/elasticsearch/check_number_of_documents.sh @@ -87,15 +87,15 @@ NUMBER_OF_ALL_EVENTS=$(number_of_events 'get_all_events') if [[ "$NUMBER_OF_ALL_EVENTS" -lt 1000 ]] then - echo "WARNING - there is only ${NUMBER_OF_ALL_EVENTS} event(s) in ES in totalduuring range: '${INTERVAL}'. Something wrong is probalby with ELK stack." && exit 1 + echo "WARNING - there is only ${NUMBER_OF_ALL_EVENTS} event(s) in ES in total during range: '${INTERVAL}'. Something wrong is probalby with ELK stack."; exit 1 fi if [[ "$NUMBER_OF_PROGRAM_EVENTS" -gt 5 ]] then - echo "OK - ${NUMBER_OF_PROGRAM_EVENTS} events were processed during range: '${INTERVAL}'" && exit 0 + echo "OK - ${NUMBER_OF_PROGRAM_EVENTS} events were processed during range: '${INTERVAL}'"; exit 0 elif [[ "$NUMBER_OF_PROGRAM_EVENTS" -gt 0 ]] then - echo "WARNING - only ${NUMBER_OF_PROGRAM_EVENTS} event(s) was/were processed during range: '${INTERVAL}'" && exit 1 + echo "WARNING - only ${NUMBER_OF_PROGRAM_EVENTS} event(s) was/were processed during range: '${INTERVAL}'"; exit 1 else - echo "ERROR - No event was processed during range: '${INTERVAL}'" && exit 2 + echo "ERROR - No event was processed during range: '${INTERVAL}'"; exit 2 fi From 251655d8d3c08b1e1914d6b8a2159b6de517f8aa Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Thu, 26 Jan 2017 10:55:33 +0100 Subject: [PATCH 166/190] enable icinga notifications postgres check refs #26372 --- manifests/plugins/check_pgactivity.pp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/manifests/plugins/check_pgactivity.pp b/manifests/plugins/check_pgactivity.pp index 5dce3cf..341a052 100644 --- a/manifests/plugins/check_pgactivity.pp +++ b/manifests/plugins/check_pgactivity.pp @@ -31,10 +31,14 @@ } @@nagios_service { "check_pgactivity_${::fqdn}": - check_command => 'check_nrpe_command!check_pgactivity', - service_description => 'PostgreSQL Status', - host_name => $::fqdn, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + check_command => 'check_nrpe_command!check_pgactivity', + service_description => 'PostgreSQL Status', + host_name => $::fqdn, + contact_groups => $contact_groups, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + max_check_attempts => $max_check_attempts, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", } } From 7b5dbba24216319c17a82649a1174719417e0a32 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 26 Jan 2017 15:11:46 +0100 Subject: [PATCH 167/190] add checkcertexpiry.pp Signed-off-by: honza --- manifests/plugins/checkcertexpiry.pp | 38 +++++++++++++++++++++ templates/plugins/check_cert_expiry.cfg.erb | 1 + 2 files changed, 39 insertions(+) create mode 100644 manifests/plugins/checkcertexpiry.pp create mode 100644 templates/plugins/check_cert_expiry.cfg.erb diff --git a/manifests/plugins/checkcertexpiry.pp b/manifests/plugins/checkcertexpiry.pp new file mode 100644 index 0000000..42c1b8f --- /dev/null +++ b/manifests/plugins/checkcertexpiry.pp @@ -0,0 +1,38 @@ +# == Class: icinga::plugins::checkcertexpiry +# +# This defined type provides a checkcertexpiry plugin. +# +define icinga::plugins::checkcertexpiry ( + $max_check_attempts = $::icinga::max_check_attempts, + $contact_groups = $::environment, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + $warning_days = 14, + $critical_days = 4, +) { + require ::icinga + $cert = inline_template("<%= @name.gsub('/','_') %>") + file{"${::icinga::includedir_client}/check_cert_expiry_${cert}": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => template('icinga/plugins/check_cert_expiry.cfg.erb'), + notify => Service[$::icinga::service_client], + } + + + + @@nagios_service { "check_cert_expiry_${::fqdn}_${cert}": + check_command => "check_nrpe_command!check_local_cert_expiry_${cert}", + service_description => "Check Cert Expiry - ${cert}", + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + + } + diff --git a/templates/plugins/check_cert_expiry.cfg.erb b/templates/plugins/check_cert_expiry.cfg.erb new file mode 100644 index 0000000..a4ad244 --- /dev/null +++ b/templates/plugins/check_cert_expiry.cfg.erb @@ -0,0 +1 @@ +command[check_local_cert_expiry_<%= @cert %>]=/usr/lib64/nagios/plugins/check_ssl_cert -H localhost -f <%= @cert %> -C <%= @critical_days %> -W <%= @warning_days %> From f71bc848b6e0627c6fa1f147e3d9728a81b743ac Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 26 Jan 2017 15:42:26 +0100 Subject: [PATCH 168/190] fix template for checkcertexpiry.pp Signed-off-by: honza --- templates/plugins/check_cert_expiry.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/plugins/check_cert_expiry.cfg.erb b/templates/plugins/check_cert_expiry.cfg.erb index a4ad244..4411139 100644 --- a/templates/plugins/check_cert_expiry.cfg.erb +++ b/templates/plugins/check_cert_expiry.cfg.erb @@ -1 +1 @@ -command[check_local_cert_expiry_<%= @cert %>]=/usr/lib64/nagios/plugins/check_ssl_cert -H localhost -f <%= @cert %> -C <%= @critical_days %> -W <%= @warning_days %> +command[check_local_cert_expiry_<%= @cert %>]=/usr/lib64/nagios/plugins/check_ssl_cert -H localhost -f <%= @name %> -c <%= @critical_days %> -w <%= @warning_days %> From fc19a74eed17ba78d293c0945c455712b6da8c06 Mon Sep 17 00:00:00 2001 From: Tom Van Berlo Date: Thu, 26 Jan 2017 16:57:53 +0100 Subject: [PATCH 169/190] enable notifiction period in passivecheck refs #26372 --- manifests/plugins/passivecheck.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/passivecheck.pp b/manifests/plugins/passivecheck.pp index fdfed3a..474a27e 100644 --- a/manifests/plugins/passivecheck.pp +++ b/manifests/plugins/passivecheck.pp @@ -10,13 +10,18 @@ $service_description = $title, $unique_id = "${title}-${::fqdn}", $freshness_threshold = 3600, + $contact_groups = $::environment, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, ){ @@nagios_service{ $unique_id: active_checks_enabled => 0, check_freshness => 1, freshness_threshold => $freshness_threshold, - notifications_enabled => $::icinga::notifications_enabled, + notifications_enabled => $notifications_enabled, + notification_period => $notification_period, + contact_groups => $contact_groups, passive_checks_enabled => 1, service_description => $service_description, host_name => $::fqdn, From a843e4ad8875aac5bf31e441e5dad7a25347d659 Mon Sep 17 00:00:00 2001 From: honza Date: Fri, 27 Jan 2017 13:34:07 +0100 Subject: [PATCH 170/190] checkcertexpiry.pp: fix inline template Signed-off-by: honza --- manifests/plugins/checkcertexpiry.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checkcertexpiry.pp b/manifests/plugins/checkcertexpiry.pp index 42c1b8f..a75098f 100644 --- a/manifests/plugins/checkcertexpiry.pp +++ b/manifests/plugins/checkcertexpiry.pp @@ -11,8 +11,8 @@ $critical_days = 4, ) { require ::icinga - $cert = inline_template("<%= @name.gsub('/','_') %>") - file{"${::icinga::includedir_client}/check_cert_expiry_${cert}": + $cert = inline_template("<%= @name.gsub(/\/.*\//,'') %>") + file{"${::icinga::includedir_client}/check_cert_expiry_${cert}.cfg": ensure => 'file', mode => '0644', owner => $::icinga::client_user, From 50f2009a2ec82a581bdd76ef5d6c6b3fd2e58515 Mon Sep 17 00:00:00 2001 From: honza Date: Fri, 27 Jan 2017 15:19:45 +0100 Subject: [PATCH 171/190] checkcertexpiry.pp: change template Signed-off-by: honza --- templates/plugins/check_cert_expiry.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/plugins/check_cert_expiry.cfg.erb b/templates/plugins/check_cert_expiry.cfg.erb index 4411139..6cc8b4d 100644 --- a/templates/plugins/check_cert_expiry.cfg.erb +++ b/templates/plugins/check_cert_expiry.cfg.erb @@ -1 +1 @@ -command[check_local_cert_expiry_<%= @cert %>]=/usr/lib64/nagios/plugins/check_ssl_cert -H localhost -f <%= @name %> -c <%= @critical_days %> -w <%= @warning_days %> +command[check_local_cert_expiry_<%= @cert %>]=/usr/lib64/nagios/plugins/check_ssl-cert -H localhost -f <%= @name %> -c <%= @critical_days %> -w <%= @warning_days %> --ignore-ocsp From e1529b6d8a35696b33b94217601c5b52e87e2b48 Mon Sep 17 00:00:00 2001 From: honza Date: Mon, 30 Jan 2017 16:19:54 +0100 Subject: [PATCH 172/190] checkcertexpiry.pp: make the check work with sha1-signed certs, lpa needs it Signed-off-by: honza --- templates/plugins/check_cert_expiry.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/plugins/check_cert_expiry.cfg.erb b/templates/plugins/check_cert_expiry.cfg.erb index 6cc8b4d..cee5068 100644 --- a/templates/plugins/check_cert_expiry.cfg.erb +++ b/templates/plugins/check_cert_expiry.cfg.erb @@ -1 +1 @@ -command[check_local_cert_expiry_<%= @cert %>]=/usr/lib64/nagios/plugins/check_ssl-cert -H localhost -f <%= @name %> -c <%= @critical_days %> -w <%= @warning_days %> --ignore-ocsp +command[check_local_cert_expiry_<%= @cert %>]=/usr/lib64/nagios/plugins/check_ssl-cert -H localhost -f <%= @name %> -c <%= @critical_days %> -w <%= @warning_days %> --ignore-ocsp --ignore-sig-alg From bd30cfa85c0121127663c20c6788464779aea807 Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 31 Jan 2017 13:40:21 +0100 Subject: [PATCH 173/190] checkcertexpiry.pp execute the check with sudo refs #26044 Signed-off-by: honza --- manifests/plugins/checkcertexpiry.pp | 6 ++++++ templates/plugins/check_cert_expiry.cfg.erb | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/manifests/plugins/checkcertexpiry.pp b/manifests/plugins/checkcertexpiry.pp index a75098f..56af5a8 100644 --- a/manifests/plugins/checkcertexpiry.pp +++ b/manifests/plugins/checkcertexpiry.pp @@ -36,3 +36,9 @@ } + sudo::conf{'ssl_cert_expity': + content => "Defaults:nagios !requiretty + nagios ALL=(ALL) NOPASSWD:/usr/lib64/nagios/plugins/check_ssl-cert\n", + } + + diff --git a/templates/plugins/check_cert_expiry.cfg.erb b/templates/plugins/check_cert_expiry.cfg.erb index cee5068..c2694d1 100644 --- a/templates/plugins/check_cert_expiry.cfg.erb +++ b/templates/plugins/check_cert_expiry.cfg.erb @@ -1 +1 @@ -command[check_local_cert_expiry_<%= @cert %>]=/usr/lib64/nagios/plugins/check_ssl-cert -H localhost -f <%= @name %> -c <%= @critical_days %> -w <%= @warning_days %> --ignore-ocsp --ignore-sig-alg +command[check_local_cert_expiry_<%= @cert %>]=sudo /usr/lib64/nagios/plugins/check_ssl-cert -H localhost -f <%= @name %> -c <%= @critical_days %> -w <%= @warning_days %> --ignore-ocsp --ignore-sig-alg From 17db9c45c64356ab1d9c9f0ed0c479732acbde32 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 31 Jan 2017 13:52:15 +0100 Subject: [PATCH 174/190] add alternative to hiera call refs #23109 Signed-off-by: Pavel Pulec --- manifests/plugins/checkrsnapshot.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checkrsnapshot.pp b/manifests/plugins/checkrsnapshot.pp index df1f346..07a1a1a 100644 --- a/manifests/plugins/checkrsnapshot.pp +++ b/manifests/plugins/checkrsnapshot.pp @@ -8,9 +8,9 @@ $max_check_attempts = $::icinga::max_check_attempts, $notification_period = 'workhours', $notifications_enabled = $::icinga::notifications_enabled, - $config = $::rsnapshot::params::config, + $config = hiera('rsnapshot::params::config', $::rsnapshot::params::config), $logfile = '/var/log/rsnapshot', - $crontabs = hiera('rsnapshot::params::crontabs'), + $crontabs = hiera('rsnapshot::params::crontabs', $::rsnapshot::params::crontabs), ) inherits icinga { $timeshift = $crontabs['daily']['hour'] From 6f70c77ef131070912957bc83bcb3792dded8fb5 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 31 Jan 2017 14:17:48 +0100 Subject: [PATCH 175/190] check_rsnapshot - work with numbers properly refs #23109 Signed-off-by: Pavel Pulec --- templates/plugins/check_rsnapshot.cfg.erb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/plugins/check_rsnapshot.cfg.erb b/templates/plugins/check_rsnapshot.cfg.erb index 45b6abd..e5b43ec 100644 --- a/templates/plugins/check_rsnapshot.cfg.erb +++ b/templates/plugins/check_rsnapshot.cfg.erb @@ -1 +1,3 @@ -command[check_rsnapshot]=<%= @plugindir %>/check_rsnapshot.rb <%= @config %> <%= @logfile %> <%= @timeshift + 3 %> +# File managed by puppet +<% increased_timeshift = @timeshift.to_i + 3 -%> +command[check_rsnapshot]=<%= @plugindir %>/check_rsnapshot.rb <%= @config %> <%= @logfile %> <%= increased_timeshift.to_s %> From 7fb50f6deb950249837063d26ce6e9dff6ddf89b Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 31 Jan 2017 14:36:44 +0100 Subject: [PATCH 176/190] remomve sudo declaration from checkcertexpiry.pp Signed-off-by: honza --- manifests/plugins/checkcertexpiry.pp | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifests/plugins/checkcertexpiry.pp b/manifests/plugins/checkcertexpiry.pp index 56af5a8..8843fc1 100644 --- a/manifests/plugins/checkcertexpiry.pp +++ b/manifests/plugins/checkcertexpiry.pp @@ -36,9 +36,5 @@ } - sudo::conf{'ssl_cert_expity': - content => "Defaults:nagios !requiretty - nagios ALL=(ALL) NOPASSWD:/usr/lib64/nagios/plugins/check_ssl-cert\n", - } From a3c2cfd9cdfce9ca65e75d9708fd1dab83f42aa4 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 31 Jan 2017 15:09:41 +0100 Subject: [PATCH 177/190] check_rsnapshot.rb - use snapshot_root from config file refs #23109 Signed-off-by: Pavel Pulec --- files/check_rsnapshot.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/files/check_rsnapshot.rb b/files/check_rsnapshot.rb index f6723fd..e2297e1 100644 --- a/files/check_rsnapshot.rb +++ b/files/check_rsnapshot.rb @@ -160,10 +160,14 @@ def run ##now check if backup directories exist status=0 errors=[] +snapshot_root='/rsnapshot' File.open(ARGV[0]).each do |line| + if line.match(/^snapshot_root\t/) + snapshot_root = line.split("\s")[1] + end if line.match(/^backup\t/) #puts line.split("\s")[2] - folder='/rsnapshots/daily.0/'+line.split("\s")[2] + folder=snapshot_root+'/daily.0/'+line.split("\s")[2] if !File.directory?(folder) errors.push(folder) end @@ -179,4 +183,3 @@ def run #puts [status, stat[0]].max exit [status, stat[0]].max - From 2d0ceb3e327c34fcda74fc16c1bb585faebc8376 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 17 Feb 2017 09:41:25 +0100 Subject: [PATCH 178/190] install nagios-plugins-ssl-cert package for checkcertexpiry.pp refs #26044 Signed-off-by: Pavel Pulec --- manifests/plugins/checkcertexpiry.pp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/manifests/plugins/checkcertexpiry.pp b/manifests/plugins/checkcertexpiry.pp index 8843fc1..8fb4ae4 100644 --- a/manifests/plugins/checkcertexpiry.pp +++ b/manifests/plugins/checkcertexpiry.pp @@ -11,6 +11,13 @@ $critical_days = 4, ) { require ::icinga + + if ! defined(Package['nagios-plugins-ssl-cert']) { + package{ 'nagios-plugins-ssl-cert': + ensure => present, + } + } + $cert = inline_template("<%= @name.gsub(/\/.*\//,'') %>") file{"${::icinga::includedir_client}/check_cert_expiry_${cert}.cfg": ensure => 'file', @@ -21,8 +28,6 @@ notify => Service[$::icinga::service_client], } - - @@nagios_service { "check_cert_expiry_${::fqdn}_${cert}": check_command => "check_nrpe_command!check_local_cert_expiry_${cert}", service_description => "Check Cert Expiry - ${cert}", From c984b945ad407e6cf456034a20484faf31543253 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Fri, 17 Feb 2017 10:17:58 +0100 Subject: [PATCH 179/190] re-add sudo::conf for checkcertexpiry.pp refs #26044 Signed-off-by: Pavel Pulec --- manifests/plugins/checkcertexpiry.pp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifests/plugins/checkcertexpiry.pp b/manifests/plugins/checkcertexpiry.pp index 8fb4ae4..2dc44bd 100644 --- a/manifests/plugins/checkcertexpiry.pp +++ b/manifests/plugins/checkcertexpiry.pp @@ -18,6 +18,13 @@ } } + if ! defined(Sudo::Conf['ssl_cert_expity']) { + sudo::conf{'ssl_cert_expity': + content => "Defaults:nagios !requiretty + nagios ALL=(ALL) NOPASSWD:/usr/lib64/nagios/plugins/check_ssl-cert\n", + } + } + $cert = inline_template("<%= @name.gsub(/\/.*\//,'') %>") file{"${::icinga::includedir_client}/check_cert_expiry_${cert}.cfg": ensure => 'file', From 83d6ec3150b5df01f9582a63cfc9e432a0ba918f Mon Sep 17 00:00:00 2001 From: honza Date: Tue, 21 Feb 2017 14:25:32 +0100 Subject: [PATCH 180/190] checkelasticsearch.pp: remove the commented-out part using pip refs #26465 Signed-off-by: honza --- manifests/plugins/checkelasticsearch.pp | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/manifests/plugins/checkelasticsearch.pp b/manifests/plugins/checkelasticsearch.pp index 2c334a4..c96a014 100644 --- a/manifests/plugins/checkelasticsearch.pp +++ b/manifests/plugins/checkelasticsearch.pp @@ -6,26 +6,6 @@ $pkgname = 'nagios-plugins-elasticsearch', ) { - # if $icinga::client { - # if !defined(Package['python-pip']){ - # package{'python-pip': - # ensure => present, - # } - # } - # - # if !defined(Package[$pkgname]) { - # package{$pkgname: - # ensure => present, - # provider => 'pip', - # require => File['/usr/bin/pip-python'], - # } - # file { '/usr/bin/pip-python': - # ensure => 'link', - # target => '/usr/bin/pip', - # require => Package['python-pip'], - # - # } - # } if $icinga::client { if !defined(Package[$pkgname]) { From abfef62cc01b04124f005906a3880b4e5615dc58 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 9 Mar 2017 13:59:05 +0100 Subject: [PATCH 181/190] add checktopologylatency.pp refs #27218 Signed-off-by: honza --- manifests/plugins/checktopologylatency.pp | 38 +++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 manifests/plugins/checktopologylatency.pp diff --git a/manifests/plugins/checktopologylatency.pp b/manifests/plugins/checktopologylatency.pp new file mode 100644 index 0000000..87ac564 --- /dev/null +++ b/manifests/plugins/checktopologylatency.pp @@ -0,0 +1,38 @@ +# == Class: icinga::plugins::checktopologylatency +class icinga::plugins::checktopologylatency ( + $host = 'localhost', + $port = 8888, + $critical_latency = 1200, + $warning_latency = 1000, + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, +) inherits ::icinga { + + package {'nagios-plugins-topology-latency': + ensure => present, + } + + file{"${::icinga::includedir_client}/topology_latency.cfg": + ensure => 'file', + mode => '0644', + owner => $::icinga::client_user, + group => $::icinga::client_group, + content => "command[check_storm_latency]=${::icinga::usrlib}/nagios/plugins/check_topology_latency.rb -h ${host} -p ${port} -w ${warning_latency} -c ${critical_latency}\n", + notify => Service[$::icinga::service_client], + } + + @@nagios_service{"check_collectiveaccess_${::fqdn}": + check_command => 'check_nrpe_command!check_storm_latency', + service_description => 'Storm Topology Latency', + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + +} + From 948953d461d8c1233c0bacb54ca31ad2db880bc0 Mon Sep 17 00:00:00 2001 From: honza Date: Thu, 9 Mar 2017 16:04:55 +0100 Subject: [PATCH 182/190] fix file name Signed-off-by: honza --- manifests/plugins/checktopologylatency.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checktopologylatency.pp b/manifests/plugins/checktopologylatency.pp index 87ac564..d1fda4f 100644 --- a/manifests/plugins/checktopologylatency.pp +++ b/manifests/plugins/checktopologylatency.pp @@ -19,7 +19,7 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => "command[check_storm_latency]=${::icinga::usrlib}/nagios/plugins/check_topology_latency.rb -h ${host} -p ${port} -w ${warning_latency} -c ${critical_latency}\n", + content => "command[check_storm_latency]=${::icinga::usrlib}/nagios/plugins/check_topology-latency.rb -h ${host} -p ${port} -w ${warning_latency} -c ${critical_latency}\n", notify => Service[$::icinga::service_client], } From 4e2d4b8fbd683112fe23d88b488888404deaead0 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Tue, 21 Mar 2017 15:15:21 +0100 Subject: [PATCH 183/190] checksmart.pp - smart_devices is mandatory refs #28075 Signed-off-by: Pavel Pulec --- manifests/plugins/checksmart.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/plugins/checksmart.pp b/manifests/plugins/checksmart.pp index a7036a3..00172d7 100644 --- a/manifests/plugins/checksmart.pp +++ b/manifests/plugins/checksmart.pp @@ -3,12 +3,12 @@ # This class provides a checksmart plugin. # class icinga::plugins::checksmart ( + $smart_devices, $ensure = present, $contact_groups = $::environment, $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, - $smart_devices = hiera('smart_devices'), ) inherits icinga { package { 'smartmontools.x86_64': From 39f5bdf1f0b0abcd92784c5edc6dc7e55a6fe9b1 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 22 Mar 2017 17:15:25 +0100 Subject: [PATCH 184/190] S.M.A.R.T. check with device autodetect refs #28075 Signed-off-by: Pavel Pulec --- files/check_smart.rb | 146 ++++++++++++++++++++++++++++---- manifests/plugins/checksmart.pp | 4 +- templates/plugins/SMART.cfg.erb | 1 - 3 files changed, 130 insertions(+), 21 deletions(-) delete mode 100644 templates/plugins/SMART.cfg.erb diff --git a/files/check_smart.rb b/files/check_smart.rb index 602f322..94b6e8a 100644 --- a/files/check_smart.rb +++ b/files/check_smart.rb @@ -1,22 +1,132 @@ #!/usr/bin/ruby -exitStatus = 0 -msg = ['', ''] -ARGV.each { |x| - result = `perl /usr/lib64/nagios/plugins/check_smart.pl -d #{x}` - if $?.exitstatus > 0 - arr = result.split('|') - msg[0]= msg[0] + x.sub(' -i', '') + ": " + arr[0] +" " - msg[1]= msg[1] + x.sub(' -i', '')+": " + arr[1] + " " - end - if $?.exitstatus > exitStatus - exitStatus = $?.exitstatus - end -} -if exitStatus == 0 - puts "S.M.A.R.T. OK" -elsif - puts msg[0]+"|"+msg[1] +# This script is only wrapper for the original check written +# in Perl: /usr/lib64/nagios/plugins/check_smart.pl +# +# This script prepares the proper parameters for the Perl script, +# runs this script and collects a output. Then it returns proper +# valus as common NRPE check. +# +# +# This script does not require any input. It autodetects proper +# block devices and runs S.M.A.R.T. checks on them. +# + +def raid_controller() + + raid_controller = '' + + # the raid_controller detection is copied over from raid puppet module (lib/facter/raidcontroller.rb) + # + # this script supports only "megaraid" controller + if lspci = `/sbin/lspci` + lspci.split(/\n/).each do |line| + raid_controller = "sas2ircu" if line =~ /SAS2008/ + raid_controller = "megaraid" if line =~ /(MegaRAID SAS 1078|MegaSAS 9260|MegaRAID SAS 9240|MegaRAID SAS 2208|MegaRAID SAS 2008|MegaRAID SAS 2108)/ + raid_controller = "3ware" if line =~ /3ware Inc 9690SA/ + raid_controller = "aac-raid" if line =~ /Adaptec AAC-RAID/ + raid_controller = "cciss" if line =~ /Hewlett-Packard Company Smart Array G6 controllers/ + raid_controller = "areca" if line =~ /ARC-1210/ + end + else + puts 'UNKNOWN - /sbin/lspci: failed' + exit 3 + end + raid_controller +end + +def megaraid_check_params() + if File.exist?('/opt/MegaRAID/MegaCli/MegaCli64') + device_ids = `/opt/MegaRAID/MegaCli/MegaCli64 -PDList -aALL | grep -E '^Device Id: [0-9]+'` + else + puts "UNKNOWN - /opt/MegaRAID/MegaCli/MegaCli64 not found. You may want to install MegaCli" + exit 3 + end + + check_params = {} + device_ids.gsub(/^Device Id: /,'').split("\n").each_with_index do |id, index| + # it should not matter what device is used for the check, it just has to exist, hence /dev/sda + check_params.merge!({ index => { 'device' => '/dev/sda', 'interface' => "sat,auto+megaraid,#{id}"}}) + end + check_params +end + +def default_check_params() + check_params = {} + + if block_devices = `/usr/bin/facter blockdevices` + block_devices.strip.split(',').each_with_index do |dev,index| + check_params.merge!({ index => { 'device' => "/dev/#{dev}", 'interface' => 'sat'}}) + end + else + puts "UNKNOWN - I cannot get list of devices from facter. Try to run '/usr/bin/facter blockdevices'" + exit 3 + end + check_params +end + +def do_check(check_params) + warning = false + critical = false + unknown = false + output = '' + perf_data = '' + + check_params.each do |index, params| + device = params['device'] + interface = params['interface'] + + result = `perl /usr/lib64/nagios/plugins/check_smart.pl -d #{device} -i #{interface}` + exit_status = $?.exitstatus + + output += "#{device} - #{interface}: " + result.split('|')[0] + "; " + perf_data += "#{device} - #{interface}: " + result.split('|')[1] + "\n" + + case exit_status + when 0 + foo = 'bar' # don't do anything + when 1 + warning = true + when 2 + critical = true + else + unknown = true + end + + end + + if critical + puts output + "|" + perf_data + exit 2 + end + + if warning + puts output + "|" + perf_data + exit 1 + end + + if unknown + puts output + "|" + perf_data + exit 3 + end + + puts "S.M.A.R.T. OK |" + perf_data + exit 0 +end + + + +# MAIN + +raid_controller = raid_controller() + +if raid_controller == "megaraid" + check_params = megaraid_check_params() +elsif raid_controller == '' + check_params = default_check_params() +else + puts "UNKNOWN - Raid controller '#{raid_controller} is not supported by this check" + exit 3 end -exit exitStatus +do_check(check_params) diff --git a/manifests/plugins/checksmart.pp b/manifests/plugins/checksmart.pp index 00172d7..75590a5 100644 --- a/manifests/plugins/checksmart.pp +++ b/manifests/plugins/checksmart.pp @@ -41,7 +41,7 @@ mode => '0644', owner => $::icinga::client_user, group => $::icinga::client_group, - content => template('icinga/plugins/SMART.cfg.erb'), + content => "#Managed by puppet\ncommand[check_smart]=sudo /usr/lib64/nagios/plugins/check_smart.rb", notify => Service[$::icinga::service_client], } @@ -59,7 +59,7 @@ sudo::conf{'check_smart': content => "Defaults:nagios !requiretty - nagios ALL=(ALL) NOPASSWD:/usr/sbin/smartctl\n", + nagios ALL=(ALL) NOPASSWD:${::icinga::plugindir}/check_smart.rb\n", } } diff --git a/templates/plugins/SMART.cfg.erb b/templates/plugins/SMART.cfg.erb deleted file mode 100644 index 789efd3..0000000 --- a/templates/plugins/SMART.cfg.erb +++ /dev/null @@ -1 +0,0 @@ -command[check_smart]=/usr/lib64/nagios/plugins/check_smart.rb <%="'"+Array(@smart_devices).join("' '")+"'" %> From f70b75bf90932bf145e816a2076d5a2da89d43ec Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 22 Mar 2017 17:45:58 +0100 Subject: [PATCH 185/190] autodetect device type + update check_smart.pl #28075 Signed-off-by: Pavel Pulec --- files/check_smart.pl | 15 +++++++++------ files/check_smart.rb | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/files/check_smart.pl b/files/check_smart.pl index efb0a93..a2b223e 100644 --- a/files/check_smart.pl +++ b/files/check_smart.pl @@ -24,6 +24,9 @@ # Feb 5, 2015: Bastian de Groot - Different ATA vs. SCSI lookup (rev 5.4) # Feb 11, 2015: Josh Behrends - Allow script to run outside of nagios plugins dir / wiki url update (rev 5.5) # Feb 11, 2015: Claudio Kuenzler - Allow script to run outside of nagios plugins dir for FreeBSD too (rev 5.5) +# Mar 12, 2015: Claudio Kuenzler - Change syntax of -g parameter (regex is now awaited from input) (rev 5.6) +# Feb 6, 2017: Benedikt Heine - Fix Use of uninitialized value $device (rev 5.7) +# Mar 22, 2017: Pavel Pulec (Inuits) - allow type "auto" (rev 5.8) use strict; use Getopt::Long; @@ -31,7 +34,7 @@ use File::Basename qw(basename); my $basename = basename($0); -my $revision = '$Revision: 5.5 $'; +my $revision = '$Revision: 5.8 $'; use FindBin; use lib $FindBin::Bin; @@ -82,7 +85,7 @@ BEGIN push(@dev,$opt_d); } else { # glob all devices - try '?' first - @dev =glob($opt_g."*[a-z]"); + @dev =glob($opt_g); } foreach my $opt_dl (@dev){ @@ -103,7 +106,7 @@ BEGIN # Allow all device types currently supported by smartctl # See http://www.smartmontools.org/wiki/Supported_RAID-Controllers - if ($opt_i =~ m/(ata|scsi|3ware|areca|hpt|cciss|megaraid|sat)/) { + if ($opt_i =~ m/(ata|scsi|3ware|areca|hpt|cciss|megaraid|sat|auto)/) { $interface = $opt_i; } else { print "invalid interface $opt_i for $opt_d!\n\n"; @@ -113,7 +116,7 @@ BEGIN } -if ($device eq "") { +if (!defined($device) || $device eq "") { print "must specify a device!\n\n"; print_help(); exit $ERRORS{'UNKNOWN'}; @@ -413,11 +416,11 @@ BEGIN sub print_help { print_revision($basename,$revision); - print "\nUsage: $basename {-d=|-g=} -i=(ata|scsi|3ware,N|areca,N|hpt,L/M/N|cciss,N|megaraid,N) [-b N] [--debug]\n\n"; + print "\nUsage: $basename {-d=|-g=} -i=(auto|ata|scsi|3ware,N|areca,N|hpt,L/M/N|cciss,N|megaraid,N) [-b N] [--debug]\n\n"; print "At least one of the below. -d supersedes -g\n"; print " -d/--device: a physical block device to be SMART monitored, eg /dev/sda\n"; print " -g/--global: a regular expression name of physical devices to be SMART monitored\n"; - print " Example: /dev/sd will search for all /dev/sd* devices and report errors globally.\n"; + print " Example: '/dev/sd[a-z]' will search for all /dev/sda until /dev/sdz devices and report errors globally.\n"; print "Note that -g only works with a fixed interface input (e.g. scsi, ata), not with special interface ids like cciss,1\n"; print "\n"; print "Other options\n"; diff --git a/files/check_smart.rb b/files/check_smart.rb index 94b6e8a..310564e 100644 --- a/files/check_smart.rb +++ b/files/check_smart.rb @@ -56,7 +56,7 @@ def default_check_params() if block_devices = `/usr/bin/facter blockdevices` block_devices.strip.split(',').each_with_index do |dev,index| - check_params.merge!({ index => { 'device' => "/dev/#{dev}", 'interface' => 'sat'}}) + check_params.merge!({ index => { 'device' => "/dev/#{dev}", 'interface' => 'auto'}}) end else puts "UNKNOWN - I cannot get list of devices from facter. Try to run '/usr/bin/facter blockdevices'" From f0bdbaea4da80cc88c11d3016fec8c1cf78811f0 Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 22 Mar 2017 17:55:12 +0100 Subject: [PATCH 186/190] S.M.A.R.T. check with device autodetect - unused variable refs #28075 Signed-off-by: Pavel Pulec --- manifests/plugins/checksmart.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/plugins/checksmart.pp b/manifests/plugins/checksmart.pp index 75590a5..46dcd94 100644 --- a/manifests/plugins/checksmart.pp +++ b/manifests/plugins/checksmart.pp @@ -3,7 +3,6 @@ # This class provides a checksmart plugin. # class icinga::plugins::checksmart ( - $smart_devices, $ensure = present, $contact_groups = $::environment, $max_check_attempts = $::icinga::max_check_attempts, From 8fa9270f034eeca0189909c1f54cf84a5365417a Mon Sep 17 00:00:00 2001 From: Pavel Pulec Date: Wed, 22 Mar 2017 18:22:44 +0100 Subject: [PATCH 187/190] S.M.A.R.T - print number of monitoried devices refs #28075 Signed-off-by: Pavel Pulec --- files/check_smart.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/files/check_smart.rb b/files/check_smart.rb index 310564e..f082bcd 100644 --- a/files/check_smart.rb +++ b/files/check_smart.rb @@ -71,8 +71,10 @@ def do_check(check_params) unknown = false output = '' perf_data = '' + number_of_devices = 0 check_params.each do |index, params| + number_of_devices += 1 device = params['device'] interface = params['interface'] @@ -95,6 +97,11 @@ def do_check(check_params) end + if number_of_devices == 0 + puts 'CRITICAL - no device monitored' + exit 2 + end + if critical puts output + "|" + perf_data exit 2 @@ -110,7 +117,7 @@ def do_check(check_params) exit 3 end - puts "S.M.A.R.T. OK |" + perf_data + puts "S.M.A.R.T. OK on #{number_of_devices} devices |" + perf_data exit 0 end From f4147e4b0fa5532756a9b2a3da2a5ea3c2d1f4df Mon Sep 17 00:00:00 2001 From: Christophe Vanlancker Date: Wed, 5 Apr 2017 12:24:05 +0200 Subject: [PATCH 188/190] Fix typo Signed-off-by: Christophe Vanlancker --- templates/plugins/mysqld_performance.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/plugins/mysqld_performance.cfg.erb b/templates/plugins/mysqld_performance.cfg.erb index 294c69c..5bedb78 100644 --- a/templates/plugins/mysqld_performance.cfg.erb +++ b/templates/plugins/mysqld_performance.cfg.erb @@ -7,7 +7,7 @@ command[check_mysqld_performance_2]=sudo <%= scope.lookupvar('icinga::plugindir' command[check_mysqld_performance_3]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -A binlog_cache_disk_use,binlog_cache_use command[check_mysqld_performance_4]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -A bytes_received,bytes_sent,connections command[check_mysqld_performance_5]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -A created_tmp_disk_tables,created_tmp_files,created_tmp_tables -command[check_mysqld_performance_6]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -A elayed_errors,delayed_insert_threads,delayed_writes +command[check_mysqld_performance_6]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -A delayed_errors,delayed_insert_threads,delayed_writes command[check_mysqld_performance_7]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -A handler_update,handler_write,handler_delete,handler_read_first,handler_read_key,handler_read_next,handler_read_prev,handler_read_rnd,handler_read_rnd_next command[check_mysqld_performance_8]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -A key_blocks_not_flushed,key_blocks_unused,key_blocks_used,key_read_requests,key_reads,key_write_requests,key_writes command[check_mysqld_performance_9]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -A max_used_connections From 4ca321565fe1b450a0b34521e01854692bd30648 Mon Sep 17 00:00:00 2001 From: Christophe Vanlancker Date: Wed, 5 Apr 2017 13:40:59 +0200 Subject: [PATCH 189/190] Add monitoring for max_connections Signed-off-by: Christophe Vanlancker --- manifests/plugins/checkmysqld.pp | 48 +++++++++++++++++--------------- templates/plugins/mysqld.cfg.erb | 5 ++++ 2 files changed, 30 insertions(+), 23 deletions(-) create mode 100644 templates/plugins/mysqld.cfg.erb diff --git a/manifests/plugins/checkmysqld.pp b/manifests/plugins/checkmysqld.pp index 45d8cfe..59733e9 100644 --- a/manifests/plugins/checkmysqld.pp +++ b/manifests/plugins/checkmysqld.pp @@ -3,13 +3,15 @@ # This class provides a checkmysqld plugin. # class icinga::plugins::checkmysqld ( - $ensure = present, - $perfdata = true, - $contact_groups = $::environment, - $max_check_attempts = $::icinga::max_check_attempts, - $notification_period = $::icinga::notification_period, - $notifications_enabled = $::icinga::notifications_enabled, - $mgmt_cnf = '/root/.my.cnf', + $ensure = present, + $perfdata = true, + $contact_groups = $::environment, + $max_check_attempts = $::icinga::max_check_attempts, + $notification_period = $::icinga::notification_period, + $notifications_enabled = $::icinga::notifications_enabled, + $max_connections_warning = 140, + $max_connections_critical = 151, + $mgmt_cnf = '/root/.my.cnf', ) inherits icinga { $pkg_nagios_plugins_mysqld = $::operatingsystem ? { @@ -37,15 +39,26 @@ owner => $::icinga::client_user, group => $::icinga::client_group, notify => Service[$::icinga::service_client], - content => "command[check_mysqld]=sudo ${::icinga::plugindir}/check_mysqld.pl -F ${mgmt_cnf}", + content => template('icinga/plugins/mysqld.cfg.erb'), } - @@nagios_service { "check_mysqld_performance_${::fqdn}": + Nagios_service { + host_name => $::fqdn, + contact_groups => $contact_groups, + max_check_attempts => $max_check_attempts, + notification_period => $notification_period, + notifications_enabled => $notifications_enabled, + target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + + @@nagios_service { "check_mysqld_${::fqdn}": check_command => 'check_nrpe_command!check_mysqld', service_description => 'mysqld', - host_name => $::fqdn, - max_check_attempts => $max_check_attempts, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", + } + + @@nagios_service { "check_mysqld_max_connections_${::fqdn}": + check_command => 'check_nrpe_command!check_mysqld_max_connections', + service_description => 'mysqld max_connections', } sudo::conf{'nagios_mysqld_conf': @@ -53,7 +66,6 @@ nagios ALL=(ALL) NOPASSWD:${::icinga::plugindir}/check_mysqld.pl\n", } - if $perfdata { file { "${::icinga::includedir_client}/mysqld_performance.cfg": @@ -62,15 +74,6 @@ content => template('icinga/plugins/mysqld_performance.cfg.erb'); } - Nagios_service { - host_name => $::fqdn, - contact_groups => $contact_groups, - max_check_attempts => $max_check_attempts, - notification_period => $notification_period, - notifications_enabled => $notifications_enabled, - target => "${::icinga::targetdir}/services/${::fqdn}.cfg", - } - @@nagios_service { "check_mysqld_performance_1_${::fqdn}": check_command => 'check_nrpe_command!check_mysqld_performance_1', service_description => 'mysqld perf 1', @@ -162,4 +165,3 @@ } } } - diff --git a/templates/plugins/mysqld.cfg.erb b/templates/plugins/mysqld.cfg.erb new file mode 100644 index 0000000..6eea190 --- /dev/null +++ b/templates/plugins/mysqld.cfg.erb @@ -0,0 +1,5 @@ +# +# Managed by Puppet +# +command[check_mysqld]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> +command[check_mysqld_max_connections]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -a max_used_connections -w <%= scope.lookupvar('icinga::plugins::checkmysqld::max_connections_warning') %> -c <%= scope.lookupvar('icinga::plugins::checkmysqld::max_connections_critical') %> From 333ad189691ee146545919cd9cee012d6e83480f Mon Sep 17 00:00:00 2001 From: Christophe Vanlancker Date: Thu, 6 Apr 2017 12:11:19 +0200 Subject: [PATCH 190/190] Use correct value to monitor current mysql connections Signed-off-by: Christophe Vanlancker --- manifests/plugins/checkmysqld.pp | 10 +++++----- templates/plugins/mysqld.cfg.erb | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/plugins/checkmysqld.pp b/manifests/plugins/checkmysqld.pp index 59733e9..8662c59 100644 --- a/manifests/plugins/checkmysqld.pp +++ b/manifests/plugins/checkmysqld.pp @@ -9,8 +9,8 @@ $max_check_attempts = $::icinga::max_check_attempts, $notification_period = $::icinga::notification_period, $notifications_enabled = $::icinga::notifications_enabled, - $max_connections_warning = 140, - $max_connections_critical = 151, + $connections_warning = 140, + $connections_critical = 150, $mgmt_cnf = '/root/.my.cnf', ) inherits icinga { @@ -56,9 +56,9 @@ service_description => 'mysqld', } - @@nagios_service { "check_mysqld_max_connections_${::fqdn}": - check_command => 'check_nrpe_command!check_mysqld_max_connections', - service_description => 'mysqld max_connections', + @@nagios_service { "check_mysqld_connections_${::fqdn}": + check_command => 'check_nrpe_command!check_mysqld_connections', + service_description => 'mysqld connections', } sudo::conf{'nagios_mysqld_conf': diff --git a/templates/plugins/mysqld.cfg.erb b/templates/plugins/mysqld.cfg.erb index 6eea190..a4f8752 100644 --- a/templates/plugins/mysqld.cfg.erb +++ b/templates/plugins/mysqld.cfg.erb @@ -2,4 +2,4 @@ # Managed by Puppet # command[check_mysqld]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -command[check_mysqld_max_connections]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -a max_used_connections -w <%= scope.lookupvar('icinga::plugins::checkmysqld::max_connections_warning') %> -c <%= scope.lookupvar('icinga::plugins::checkmysqld::max_connections_critical') %> +command[check_mysqld_connections]=sudo <%= scope.lookupvar('icinga::plugindir') %>/check_mysqld.pl -F <%= scope.lookupvar('icinga::plugins::checkmysqld::mgmt_cnf') %> -f -a threads_connected -w <%= scope.lookupvar('icinga::plugins::checkmysqld::connections_warning') %> -c <%= scope.lookupvar('icinga::plugins::checkmysqld::connections_critical') %>