From ce5e4a48de4bae991f1bc7ffb6a22bd098f6de6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Dubois?= <jdubois@evolix.fr>
Date: Mon, 12 Sep 2022 14:31:30 +0200
Subject: [PATCH] nagios-nrpe: multiples IP can now be checked with
 check_ipsecctl_critiques.sh

---
 CHANGELOG                                     |  1 +
 .../plugins_bsd/check_ipsecctl_critiques.sh   | 30 ++++++++++++++-----
 2 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 03a6611..49f9757 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -44,6 +44,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - base: vmd and pass are not used in our infrastructure, deletion of autocompletion
 - nagios-nrpe: do not erase custom configuration of servers in nrpe.d/evolix.cfg, and do not use zzz_evolix.cfg anymore
 - base: export evomaintenance and evobackup tasks into their own roles
+- nagios-nrpe: multiples IP can now be checked with check_ipsecctl_critiques.sh
 
 ### Fixed
 
diff --git a/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh b/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh
index 8d560f8..c5ad4bf 100755
--- a/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh
+++ b/roles/nagios-nrpe/files/plugins_bsd/check_ipsecctl_critiques.sh
@@ -56,25 +56,41 @@ if [ $STATUS -eq 0 ]; then
     # Definition of VPNs to be checked
     VPNS="A_from_vlan1 A_from_vlan2 B_from_vlan1 C_from_vlan2"
 
-    # Definition of destination IPs (client side) to ping for each VPN
-    A_from_vlan1_IP="192.168.1.1"
-    A_from_vlan2_IP="192.168.2.1"
+    # Definition of destination IPs (client side) to ping for each VPN ; multiples IPs can be given, the check will be OK if at least one IP is answering for each VPN
+    A_from_vlan1_IP="192.168.1.1 192.168.1.50 192.168.1.254"
+    A_from_vlan2_IP="192.168.2.1 192.168.2.10"
 
     B_from_vlan1_IP="172.16.1.1"
 
-    C_from_vlan2_IP="10.0.1.1"
+    C_from_vlan2_IP="10.0.1.1 10.0.1.5"
 
     for vpn in $VPNS; do
         # dst_ip takes the value of VPNS_IP
         eval dst_ip=\$"${vpn}"_IP
+        pingok=0
     
         # Definition of the source IP of the ping according to the source network used (our side, adjust the -I option)
         case $vpn in
-            *vlan1*) ping -q -i 0.1 -I 192.168.5.5 -c 3 -w 1 "$dst_ip" >/dev/null ;;
-            *vlan2*) ping -q -i 0.1 -I 172.16.2.5  -c 3 -w 1 "$dst_ip" >/dev/null ;;
+            *vlan1*)
+                for i in $dst_ip; do
+                    ping -q -i 0.1 -I 192.168.5.5 -c 3 -w 1 "$dst_ip" >/dev/null
+                    if [ $? -eq 0 ]; then
+                        pingok=$(($pingok + 1))
+                    fi
+                done
+                ;;
+
+            *vlan2*)
+                for i in $dst_ip; do
+                    ping -q -i 0.1 -I 172.16.2.5  -c 3 -w 1 "$dst_ip" >/dev/null
+                    if [ $? -eq 0 ]; then
+                        pingok=$(($pingok + 1))
+                    fi
+                done
+                ;;
         esac
     
-        if [ $? -ne 0 ]; then
+        if [ "$pingok" -eq 0 ]; then
             VPN_KO="$VPN_KO $vpn"
         fi
     done