nagios-nrpe: multiples IP can now be checked with check_ipsecctl_critiques.sh

2022-09-12 14:31:30 +02:00 · 2022-09-12 14:31:30 +02:00 · ce5e4a48de
parent 6f1c10744b
commit ce5e4a48de
2 changed files with 24 additions and 7 deletions
--- a/1
+++ b/1
@ -44,6 +44,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - base: vmd and pass are not used in our infrastructure, deletion of autocompletion
 - nagios-nrpe: do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore
 - base: export evomaintenance and evobackup tasks into their own roles
+- nagios-nrpe: multiples IP can now be checked with check_ipsecctl_critiques.sh

 ### Fixed

--- a/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh
+++ b/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh
@ -56,25 +56,41 @@ if [ $STATUS -eq 0 ]; then
    # Definition of VPNs to be checked
    VPNS="A_from_vlan1 A_from_vlan2 B_from_vlan1 C_from_vlan2"

-    # Definition of destination IPs (client side) to ping for each VPN
-    A_from_vlan1_IP="192.168.1.1"
-    A_from_vlan2_IP="192.168.2.1"
+    # Definition of destination IPs (client side) to ping for each VPN ; multiples IPs can be given, the check will be OK if at least one IP is answering for each VPN
+    A_from_vlan1_IP="192.168.1.1 192.168.1.50 192.168.1.254"
+    A_from_vlan2_IP="192.168.2.1 192.168.2.10"

    B_from_vlan1_IP="172.16.1.1"

-    C_from_vlan2_IP="10.0.1.1"
+    C_from_vlan2_IP="10.0.1.1 10.0.1.5"

    for vpn in $VPNS; do
        # dst_ip takes the value of VPNS_IP
        eval dst_ip=\$"${vpn}"_IP
+        pingok=0
    
        # Definition of the source IP of the ping according to the source network used (our side, adjust the -I option)
        case $vpn in
-            *vlan1*) ping -q -i 0.1 -I 192.168.5.5 -c 3 -w 1 "$dst_ip" >/dev/null ;;
-            *vlan2*) ping -q -i 0.1 -I 172.16.2.5  -c 3 -w 1 "$dst_ip" >/dev/null ;;
+            *vlan1*)
+                for i in $dst_ip; do
+                    ping -q -i 0.1 -I 192.168.5.5 -c 3 -w 1 "$dst_ip" >/dev/null
+                    if [ $? -eq 0 ]; then
+                        pingok=$(($pingok + 1))
+                    fi
+                done
+                ;;
+
+            *vlan2*)
+                for i in $dst_ip; do
+                    ping -q -i 0.1 -I 172.16.2.5  -c 3 -w 1 "$dst_ip" >/dev/null
+                    if [ $? -eq 0 ]; then
+                        pingok=$(($pingok + 1))
+                    fi
+                done
+                ;;
        esac
    
-        if [ $? -ne 0 ]; then
+        if [ "$pingok" -eq 0 ]; then
            VPN_KO="$VPN_KO $vpn"
        fi
    done