Compare commits
15 commits
b2438dde80
...
a61f2423bc
Author | SHA1 | Date | |
---|---|---|---|
Jérémy Dubois | a61f2423bc | ||
Jérémy Dubois | 7dd930afcb | ||
Jérémy Dubois | 8e18b6972a | ||
Jérémy Dubois | 63212accdd | ||
Jérémy Dubois | aee18bfde9 | ||
Jérémy Dubois | 1f0011ad2a | ||
Jérémy Dubois | 6822eaa4f0 | ||
Jérémy Dubois | aed20187de | ||
Jérémy Dubois | 28021670f0 | ||
Jérémy Dubois | a217bb2e56 | ||
Jérémy Dubois | 832e93da0d | ||
Jérémy Dubois | ced4098192 | ||
Jérémy Dubois | 7aa588528c | ||
Jérémy Dubois | afba3ad7e1 | ||
Jérémy Dubois | 05bdef9ab8 |
13
CHANGELOG
13
CHANGELOG
|
@ -29,6 +29,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
* nagios-nrpe: allow older cipher suites for older Icinga version
|
||||
* evobackup: execute canary script before executing backup script
|
||||
* accounts: create only users who have a certain value for the `create` key (default: `always`)
|
||||
* nagios-nrpe: add the ipmi_sensor check
|
||||
* base: doas configuration for ipmi_sensor NRPE check
|
||||
* base: deactivate insults in sudo
|
||||
* base: added handlers for entries in fstab
|
||||
* forwarding: added tags to distinguish IPv4 from IPv6
|
||||
|
||||
### Changed
|
||||
|
||||
|
@ -68,13 +73,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
* nagios-nrpe: check_ipsecctl.sh is never used standalone for check_vpn, always called by check_ipsecctl_critiques.sh
|
||||
* evobackup: zzz_evobackup upstream release 22.12, and call zzz_evobackup with bash
|
||||
* base: install bash, now needed for zzz_evobackup script
|
||||
* post-install: execute motd-carp-state.sh only once an hour
|
||||
* post-install: execute motd-carp-state.sh every 10 minuts
|
||||
* collectd: modified collectd scripts directory and scripts files right so that only _collectd group can execute them
|
||||
* base: install ncdu and htop often used as diagnostic tools
|
||||
* base: dump-server-state.sh upstream release 23.06
|
||||
* evocheck: upstream release 23.06
|
||||
* base: add evobsd_alias_fwupdate variable and make kshrc file a template so we can set or not a fw_update alias to servers that need it
|
||||
* etc-git: add versioning for /var/unbound/etc
|
||||
* base: ignore errors on packages installation because it fails for some packages when run in check mode
|
||||
* evomaintenance: upstream release 23.10.1
|
||||
* accounts, etc-git, evocheck, nagios-nrpe: multiple changes to not fail when run in check mode
|
||||
* base: configure "/var/log" for servers that have a mount on it
|
||||
* nagios-nrpe: configure allowed_hosts in template and make use of the 'nagios_nrpe_additional_allowed_hosts' var in inventory for additional IP
|
||||
|
||||
### Fixed
|
||||
|
||||
|
@ -87,6 +97,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
* logsentry: fix variables for configuration files
|
||||
* nagios-nrpe: fix allowed_hosts configuration: keep potential added IP, but we cannot use backrefs if the line does not exist yet
|
||||
* accounts: configure user home, ssh keys and groups only if it already exists, so that there is no error when run in check mode and user doesn't exist yet
|
||||
* collectd: fix rights for collectd directory
|
||||
|
||||
### Removed
|
||||
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
- name: Install ansible's prerequisite
|
||||
# yamllint disable-line rule:line-length
|
||||
raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3
|
||||
ansible.builtin.raw: export PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -p)/; pkg_add -z python-3
|
||||
changed_when: true
|
||||
|
||||
# vim:ft=ansible
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
- name: reload sshd
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: sshd
|
||||
state: reloaded
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
- name: "Create {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
||||
group:
|
||||
ansible.builtin.group:
|
||||
name: "{{ item }}"
|
||||
system: true
|
||||
with_items:
|
||||
|
@ -25,7 +25,7 @@
|
|||
- admin
|
||||
|
||||
- name: "Verify AllowGroups directive"
|
||||
command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
|
||||
ansible.builtin.command: "grep -E '^AllowGroups' /etc/ssh/sshd_config"
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
check_mode: false
|
||||
|
@ -35,7 +35,7 @@
|
|||
- admin
|
||||
|
||||
- name: "Verify AllowUsers directive"
|
||||
command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
|
||||
ansible.builtin.command: "grep -E '^AllowUsers' /etc/ssh/sshd_config"
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
check_mode: false
|
||||
|
@ -45,7 +45,7 @@
|
|||
- admin
|
||||
|
||||
- name: "Check that AllowUsers and AllowGroup do not override each other"
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that: "not (grep_allowusers_ssh.rc == 0 and grep_allowgroups_ssh.rc == 0)"
|
||||
msg: "We can't deal with AllowUsers and AllowGroups at the same time"
|
||||
tags:
|
||||
|
@ -53,7 +53,7 @@
|
|||
- admin
|
||||
|
||||
- name: "If AllowGroups is present then use it"
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
ssh_allowgroups:
|
||||
"{{ (grep_allowgroups_ssh.rc == 0) or (grep_allowusers_ssh.rc != 0) }}"
|
||||
tags:
|
||||
|
@ -61,7 +61,7 @@
|
|||
- admin
|
||||
|
||||
- name: "Add AllowGroups sshd directive with '{{ evobsd_ssh_group }}'"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
line: "\nAllowGroups {{ evobsd_ssh_group }}"
|
||||
insertafter: 'Subsystem'
|
||||
|
@ -75,7 +75,7 @@
|
|||
- admin
|
||||
|
||||
- name: "Append '{{ evobsd_ssh_group }}' to AllowGroups sshd directive"
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: '^(AllowGroups ((?!\b{{ evobsd_ssh_group }}\b).)*)$'
|
||||
replace: '\1 {{ evobsd_ssh_group }}'
|
||||
|
@ -89,7 +89,7 @@
|
|||
- admin
|
||||
|
||||
- name: "Security directives for EvoBSD"
|
||||
blockinfile:
|
||||
ansible.builtin.blockinfile:
|
||||
dest: /etc/ssh/sshd_config
|
||||
marker: "# {mark} EVOBSD PASSWORD RESTRICTIONS"
|
||||
block: |
|
||||
|
@ -107,7 +107,7 @@
|
|||
- admin
|
||||
|
||||
- name: "Disable root login"
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: '^PermitRootLogin\s+(yes|without-password|prohibit-password)'
|
||||
replace: "PermitRootLogin {{ evobsd_root_login }}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
- name: "Group '{{ user.name }}' is present"
|
||||
group:
|
||||
ansible.builtin.group:
|
||||
state: present
|
||||
name: "{{ user.name }}"
|
||||
gid: "{{ user.uid }}"
|
||||
|
@ -10,7 +10,7 @@
|
|||
- admin
|
||||
|
||||
- name: "User '{{ user.name }}' is present"
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
state: present
|
||||
name: '{{ user.name }}'
|
||||
uid: '{{ user.uid }}'
|
||||
|
@ -23,12 +23,15 @@
|
|||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Gather available local users"
|
||||
getent:
|
||||
- name: "Gather available local users for usage in check_mode"
|
||||
ansible.builtin.getent:
|
||||
database: passwd
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Home directory for '{{ user.name }}' is only accesible by owner"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
name: '/home/{{ user.name }}'
|
||||
mode: "0700"
|
||||
owner: "{{ user.name }}"
|
||||
|
@ -40,7 +43,7 @@
|
|||
- admin
|
||||
|
||||
- name: "SSH public keys for '{{ user.name }}' are present"
|
||||
authorized_key:
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ user.name }}"
|
||||
key: "{{ ssk_key }}"
|
||||
state: present
|
||||
|
@ -54,8 +57,15 @@
|
|||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Gather available local groups for usage in check_mode"
|
||||
ansible.builtin.getent:
|
||||
database: group
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
||||
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
name: "{{ user.name }}"
|
||||
groups: "{{ groups_item }}"
|
||||
append: true
|
||||
|
@ -65,7 +75,9 @@
|
|||
- "{{ evobsd_sudo_group }}"
|
||||
loop_control:
|
||||
loop_var: groups_item
|
||||
when: user.name in getent_passwd.keys()
|
||||
when:
|
||||
- user.name in getent_passwd.keys()
|
||||
- groups_item in getent_group.keys()
|
||||
tags:
|
||||
- accounts
|
||||
- admin
|
||||
|
|
|
@ -1,38 +1,53 @@
|
|||
---
|
||||
- name: newaliases
|
||||
command: smtpctl update table aliases
|
||||
ansible.builtin.command: smtpctl update table aliases
|
||||
|
||||
- name: remount / noatime
|
||||
command: mount -u -o noatime /
|
||||
ansible.builtin.command: mount -u -o noatime /
|
||||
args:
|
||||
warn: false
|
||||
|
||||
- name: remount /var noatime
|
||||
command: mount -u -o noatime /var
|
||||
ansible.builtin.command: mount -u -o noatime /var
|
||||
args:
|
||||
warn: false
|
||||
|
||||
- name: remount /var/log noatime
|
||||
ansible.builtin.command: mount -u -o noatime /var/log
|
||||
args:
|
||||
warn: false
|
||||
|
||||
- name: remount /usr noatime
|
||||
command: mount -u -o noatime /usr
|
||||
ansible.builtin.command: mount -u -o noatime /usr
|
||||
args:
|
||||
warn: false
|
||||
|
||||
- name: remount /usr/X11R6 noatime
|
||||
ansible.builtin.command: mount -u -o noatime /usr/X11R6
|
||||
args:
|
||||
warn: false
|
||||
|
||||
- name: remount /usr/local noatime
|
||||
ansible.builtin.command: mount -u -o noatime /usr/local
|
||||
args:
|
||||
warn: false
|
||||
|
||||
- name: remount /tmp noexec
|
||||
command: mount -u -o noexec /tmp
|
||||
ansible.builtin.command: mount -u -o noexec /tmp
|
||||
args:
|
||||
warn: false
|
||||
|
||||
- name: remount /tmp noatime
|
||||
command: mount -u -o noatime /tmp
|
||||
ansible.builtin.command: mount -u -o noatime /tmp
|
||||
args:
|
||||
warn: false
|
||||
|
||||
- name: remount /home noatime
|
||||
command: mount -u -o noatime /home
|
||||
ansible.builtin.command: mount -u -o noatime /home
|
||||
args:
|
||||
warn: false
|
||||
|
||||
- name: restart ntpd
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: ntpd
|
||||
state: restarted
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Customize PATH variable of root crontab"
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: PATH
|
||||
env: true
|
||||
value: "{{ cron_root_path }}"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
- name: "Configure doas"
|
||||
blockinfile:
|
||||
ansible.builtin.blockinfile:
|
||||
dest: /etc/doas.conf
|
||||
owner: root
|
||||
group: wheel
|
||||
|
@ -24,5 +24,6 @@
|
|||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipsecctl_critiques.sh
|
||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_openvpn_certificates.sh
|
||||
permit nopass _nrpe as root cmd /usr/local/libexec/nagios/plugins/check_ipmi_sensor
|
||||
tags:
|
||||
- doas
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Customize root's .profile"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: profile.j2
|
||||
dest: /root/.profile
|
||||
mode: "0644"
|
||||
|
@ -9,7 +9,7 @@
|
|||
- dotfiles
|
||||
|
||||
- name: "Copy vim default configuration"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: vimrc
|
||||
dest: /root/.vimrc
|
||||
mode: "0644"
|
||||
|
@ -18,7 +18,7 @@
|
|||
- dotfiles
|
||||
|
||||
- name: "Customize .kshrc environment file"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: kshrc.j2
|
||||
dest: /root/.kshrc
|
||||
mode: "0644"
|
||||
|
@ -27,7 +27,7 @@
|
|||
- dotfiles
|
||||
|
||||
- name: "Change default .profile skeleton"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: profile.j2
|
||||
dest: /etc/skel/.profile
|
||||
mode: "0644"
|
||||
|
@ -36,7 +36,7 @@
|
|||
- dotfiles
|
||||
|
||||
- name: "Add evomaintenance trap .profile skeleton with doas"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
state: present
|
||||
dest: /etc/skel/.profile
|
||||
mode: "0644"
|
||||
|
@ -48,7 +48,7 @@
|
|||
- dotfiles
|
||||
|
||||
- name: "Add vim configuration to dotfiles for new users"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: vimrc
|
||||
dest: /etc/skel/.vimrc
|
||||
mode: "0644"
|
||||
|
@ -57,7 +57,7 @@
|
|||
- dotfiles
|
||||
|
||||
- name: "Customize .kshrc environment file for new users"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: kshrc.j2
|
||||
dest: /etc/skel/.kshrc
|
||||
mode: "0644"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Fetch fstab content"
|
||||
command: "grep -v '^#' /etc/fstab"
|
||||
ansible.builtin.command: "grep -v '^#' /etc/fstab"
|
||||
check_mode: false
|
||||
register: fstab_content
|
||||
failed_when: false
|
||||
|
@ -14,6 +14,7 @@
|
|||
with_items:
|
||||
- "/"
|
||||
- "/var"
|
||||
- "/var/log"
|
||||
- "/usr"
|
||||
- "/usr/X11R6"
|
||||
- "/usr/local"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
- name: "{{ fstab_path }} partition is customized - softdep"
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
dest: /etc/fstab
|
||||
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(.*)'
|
||||
replace: '\1,softdep\2'
|
||||
|
@ -13,7 +13,7 @@
|
|||
- fstab
|
||||
|
||||
- name: "{{ fstab_path }} partition is customized - noatime"
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
dest: /etc/fstab
|
||||
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw)(\S*)(\s+.*)'
|
||||
replace: '\1\2,noatime\3'
|
||||
|
@ -26,7 +26,7 @@
|
|||
- fstab
|
||||
|
||||
- name: "{{ fstab_path }} partition is customized - noexec"
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
dest: /etc/fstab
|
||||
regexp: '([^#]\s+{{ fstab_path }}\s+ffs\s+rw(,softdep)*)(.*)'
|
||||
replace: '\1,noexec\3'
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Fetch rc.local content"
|
||||
command: "grep -v '^#' /etc/rc.local"
|
||||
ansible.builtin.command: "grep -v '^#' /etc/rc.local"
|
||||
check_mode: false
|
||||
register: rclocal_content
|
||||
failed_when: false
|
||||
|
@ -9,7 +9,7 @@
|
|||
- alerting
|
||||
|
||||
- name: "Configure rc.local"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/rc.local
|
||||
line:
|
||||
'date | mail -s "boot/reboot of $(hostname -s)" {{ general_alert_email }}'
|
||||
|
@ -23,7 +23,7 @@
|
|||
- alerting
|
||||
|
||||
- name: "Delete rc.local entry of boot/reboot not precising hostname"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/rc.local
|
||||
regexp:
|
||||
"^.* mail -s (?!.*of.*).+$"
|
||||
|
@ -32,7 +32,7 @@
|
|||
- alerting
|
||||
|
||||
- name: "Set root mail alias"
|
||||
replace:
|
||||
ansible.builtin.replace:
|
||||
dest: /etc/mail/aliases
|
||||
regexp: "# root:"
|
||||
replace: "root: {{ general_alert_email }}"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Customize newsyslog"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: newsyslog.conf
|
||||
dest: /etc/newsyslog.conf
|
||||
mode: "0644"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Customize ntpd conf"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: ntpd.conf.j2
|
||||
dest: /etc/ntpd.conf
|
||||
owner: root
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: "Configure installurl"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
content: "{{ evobsd_install_url }}\n"
|
||||
dest: /etc/installurl
|
||||
mode: "0644"
|
||||
|
@ -9,7 +9,7 @@
|
|||
- pkg
|
||||
|
||||
- name: "Install packages (vim rsync mtr etc)"
|
||||
openbsd_pkg:
|
||||
community.general.openbsd_pkg:
|
||||
name:
|
||||
- wget
|
||||
- vim--no_x11
|
||||
|
@ -20,11 +20,12 @@
|
|||
- bash
|
||||
- ncdu
|
||||
- htop
|
||||
ignore_errors: true
|
||||
tags:
|
||||
- pkg
|
||||
|
||||
- name: "Disable sndiod"
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: sndiod
|
||||
enabled: false
|
||||
state: stopped
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Configure resolv.conf"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/resolv.conf
|
||||
line: "lookup file bind"
|
||||
insertbefore: BOF
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Configure sudoers umask"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/sudoers
|
||||
insertafter: '# Defaults specification'
|
||||
line: 'Defaults umask=0077'
|
||||
|
@ -8,8 +8,17 @@
|
|||
tags:
|
||||
- sudo
|
||||
|
||||
- name: "Deactivate sudo insults"
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/sudoers
|
||||
insertafter: 'Defaults umask=0077'
|
||||
line: 'Defaults !insults'
|
||||
validate: 'visudo -cf %s'
|
||||
tags:
|
||||
- sudo
|
||||
|
||||
- name: "Configure sudoers"
|
||||
blockinfile:
|
||||
ansible.builtin.blockinfile:
|
||||
state: present
|
||||
dest: /etc/sudoers
|
||||
insertafter: EOF
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "dump-server-state script is present"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: "dump-server-state.sh"
|
||||
dest: /usr/local/sbin/dump-server-state
|
||||
force: true
|
||||
|
@ -13,7 +13,7 @@
|
|||
- utils
|
||||
|
||||
- name: "update-evobackup-canary script is present"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: "update-evobackup-canary"
|
||||
dest: /usr/local/bin/update-evobackup-canary
|
||||
force: true
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Deploy bgp check script"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: bgpd-check-peers.sh.j2
|
||||
dest: /usr/share/scripts/bgpd-check-peers.sh
|
||||
when: group_names | select('search','bgp') | list | count > 0
|
||||
|
@ -8,7 +8,7 @@
|
|||
- bgp
|
||||
|
||||
- name: "Cron job for bgp check script is installed"
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: bgp check
|
||||
job: "/bin/sh /usr/share/scripts/bgpd-check-peers.sh"
|
||||
when: group_names | select('search','bgp') | list | count > 0
|
||||
|
@ -16,7 +16,7 @@
|
|||
- bgp
|
||||
|
||||
- name: "Create bgp log directory"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /var/log/bgp
|
||||
state: directory
|
||||
when: group_names | select('search','bgp') | list | count > 0
|
||||
|
@ -24,7 +24,7 @@
|
|||
- bgp
|
||||
|
||||
- name: "Daily best routes cron job is installed"
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: bgp best routes
|
||||
minute: 0
|
||||
hour: 4
|
||||
|
@ -36,7 +36,7 @@
|
|||
- bgp
|
||||
|
||||
- name: "Weekly best routes clean up cron job is installed"
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: bgp best routes clean up
|
||||
minute: 0
|
||||
hour: 4
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
- name: restart collectd
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: collectd
|
||||
state: restarted
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
- name: "Install Collectd package"
|
||||
openbsd_pkg:
|
||||
community.general.openbsd_pkg:
|
||||
name: "collectd"
|
||||
tags:
|
||||
- collectd
|
||||
|
||||
- name: "Deploy Collectd configuration"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "collectd.conf.j2"
|
||||
dest: "/etc/collectd.conf"
|
||||
notify: restart collectd
|
||||
|
@ -15,15 +15,26 @@
|
|||
- collectd
|
||||
|
||||
- name: "Enabling Collectd"
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: collectd
|
||||
enabled: true
|
||||
when: not ansible_check_mode
|
||||
tags:
|
||||
- collectd
|
||||
|
||||
- name: "Fix rights for collectd directory"
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/share/collectd
|
||||
state: directory
|
||||
owner: "root"
|
||||
group: "wheel"
|
||||
mode: "0755"
|
||||
when: collectd_plugin_exec_ifq_drops or collectd_plugin_exec_dns_stats or collectd_plugin_exec_dhcp_pool
|
||||
tags:
|
||||
- collectd
|
||||
|
||||
- name: "Create scripts directory for exec plugins"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/share/collectd/scripts
|
||||
state: directory
|
||||
owner: "root"
|
||||
|
@ -34,7 +45,7 @@
|
|||
- collectd
|
||||
|
||||
- name: "Copy ifq_drops.sh"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: ifq_drops.sh
|
||||
dest: /usr/local/share/collectd/scripts/ifq_drops.sh
|
||||
owner: "root"
|
||||
|
@ -46,7 +57,7 @@
|
|||
- collectd
|
||||
|
||||
- name: "Remove ifq_drops.sh"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/share/collectd/scripts/ifq_drops.sh
|
||||
state: absent
|
||||
when: not collectd_plugin_exec_ifq_drops
|
||||
|
@ -54,7 +65,7 @@
|
|||
- collectd
|
||||
|
||||
- name: "Copy dns_stats.sh"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: dns_stats.sh
|
||||
dest: /usr/local/share/collectd/scripts/dns_stats.sh
|
||||
owner: "root"
|
||||
|
@ -66,7 +77,7 @@
|
|||
- collectd
|
||||
|
||||
- name: "Remove dns_stats.sh"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/share/collectd/scripts/dns_stats.sh
|
||||
state: absent
|
||||
when: not collectd_plugin_exec_dns_stats
|
||||
|
@ -74,7 +85,7 @@
|
|||
- collectd
|
||||
|
||||
- name: "Add doas configuration for dns_stats.sh execution"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/doas.conf
|
||||
line: 'permit nopass _collectd as root cmd /usr/sbin/unbound-control args stats'
|
||||
when: collectd_plugin_exec_dns_stats
|
||||
|
@ -82,7 +93,7 @@
|
|||
- collectd
|
||||
|
||||
- name: "Copy dhcp_pool.pl"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: dhcp_pool.pl
|
||||
dest: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
||||
owner: "root"
|
||||
|
@ -94,7 +105,7 @@
|
|||
- collectd
|
||||
|
||||
- name: "Remove dhcp_pool.pl"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/share/collectd/scripts/dhcp_pool.pl
|
||||
state: absent
|
||||
when: not collectd_plugin_exec_dhcp_pool
|
||||
|
|
|
@ -2,10 +2,11 @@
|
|||
---
|
||||
|
||||
- name: "Execute ansible-commit"
|
||||
command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
|
||||
ansible.builtin.command: "/usr/local/bin/ansible-commit --verbose --message \"{{ commit_message | mandatory }}\""
|
||||
changed_when:
|
||||
- _ansible_commit.stdout
|
||||
- "'CHANGED:' in _ansible_commit.stdout"
|
||||
ignore_errors: true
|
||||
register: _ansible_commit
|
||||
tags: always
|
||||
tags:
|
||||
- always
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: "Git is installed"
|
||||
openbsd_pkg:
|
||||
community.general.openbsd_pkg:
|
||||
name: git
|
||||
state: present
|
||||
tags:
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Verify /usr/share/scripts presence"
|
||||
stat:
|
||||
ansible.builtin.stat:
|
||||
path: /usr/share/scripts
|
||||
register: _usr_share_scripts
|
||||
tags:
|
||||
|
@ -27,3 +27,10 @@
|
|||
- _usr_share_scripts.stat.isdir
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- include: repository.yml
|
||||
vars:
|
||||
repository_path: "/var/unbound/etc"
|
||||
gitignore_items: []
|
||||
tags:
|
||||
- etc-git
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: "{{ repository_path }} is versioned with git"
|
||||
command: "git init ."
|
||||
ansible.builtin.command: "git init ."
|
||||
args:
|
||||
chdir: "{{ repository_path }}"
|
||||
creates: "{{ repository_path }}/.git/"
|
||||
|
@ -11,16 +11,17 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Git user.email is configured"
|
||||
git_config:
|
||||
community.general.git_config:
|
||||
name: user.email
|
||||
repo: "{{ repository_path }}"
|
||||
scope: local
|
||||
value: "root@{{ inventory_hostname }}.{{ general_technical_realm }}"
|
||||
when: not ansible_check_mode
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "{{ repository_path }}/.git is restricted to root"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ repository_path }}/.git"
|
||||
owner: root
|
||||
mode: "0700"
|
||||
|
@ -28,34 +29,28 @@
|
|||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "{{ repository_path }}/.gitignore is present"
|
||||
copy:
|
||||
src: gitignore
|
||||
dest: "{{ repository_path }}/.gitignore"
|
||||
owner: root
|
||||
mode: "0600"
|
||||
force: false
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "Some entries MUST be in the {{ repository_path }}/.gitignore file"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
dest: "{{ repository_path }}/.gitignore"
|
||||
line: "{{ item }}"
|
||||
owner: root
|
||||
mode: "0600"
|
||||
create: true
|
||||
loop: "{{ gitignore_items | default([]) }}"
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "Set vim as default editor"
|
||||
git_config:
|
||||
community.general.git_config:
|
||||
name: core.editor
|
||||
scope: global
|
||||
value: vim
|
||||
when: not ansible_check_mode
|
||||
tags:
|
||||
- etc-git
|
||||
|
||||
- name: "Does {{ repository_path }}/ have any commit?"
|
||||
command: "git log"
|
||||
ansible.builtin.command: "git log"
|
||||
args:
|
||||
chdir: "{{ repository_path }}"
|
||||
warn: false
|
||||
|
@ -67,7 +62,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Initial commit is present?"
|
||||
shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
||||
ansible.builtin.shell: "git add -A . && git commit -m \"Initial commit via Ansible\""
|
||||
args:
|
||||
chdir: "{{ repository_path }}"
|
||||
warn: false
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
---
|
||||
|
||||
- name: "evocommit script is installed"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: evocommit
|
||||
dest: /usr/local/bin/evocommit
|
||||
mode: "0755"
|
||||
|
@ -12,7 +12,7 @@
|
|||
- etc-git-utils
|
||||
|
||||
- name: "ansible-commit script is installed"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: ansible-commit
|
||||
dest: /usr/local/bin/ansible-commit
|
||||
mode: "0755"
|
||||
|
@ -22,7 +22,7 @@
|
|||
- etc-git-utils
|
||||
|
||||
- name: "etc-git-optimize script is installed"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: etc-git-optimize
|
||||
dest: /usr/share/scripts/etc-git-optimize
|
||||
mode: "0755"
|
||||
|
@ -32,7 +32,7 @@
|
|||
- etc-git-utils
|
||||
|
||||
- name: "etc-git-status script is installed"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: etc-git-status
|
||||
dest: /usr/share/scripts/etc-git-status
|
||||
mode: "0755"
|
||||
|
@ -42,7 +42,7 @@
|
|||
- etc-git-utils
|
||||
|
||||
- name: "Legacy monthly cron job for /etc/.git optimization is absent"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/monthly.local
|
||||
line: '/usr/local/bin/git --git-dir /etc/.git gc --quiet'
|
||||
state: absent
|
||||
|
@ -50,7 +50,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Legacy hourly cron job for /etc/.git status is absent"
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: git status
|
||||
minute: "42"
|
||||
job: who > /dev/null || /usr/local/bin/git --git-dir=/etc/.git --work-tree=/etc status --short
|
||||
|
@ -59,7 +59,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Legacy daily cron jobs for /etc/.git status are absent"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
line: "{{ item }}"
|
||||
owner: root
|
||||
|
@ -72,7 +72,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Cron job for monthly git optimization"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/monthly.local
|
||||
line: "/usr/share/scripts/etc-git-optimize"
|
||||
owner: root
|
||||
|
@ -82,7 +82,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Cron job for monthly git optimization - next_part"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/monthly.local
|
||||
line: 'next_part "Monthly optimization:"'
|
||||
insertbefore: "/usr/share/scripts/etc-git-optimize"
|
||||
|
@ -93,7 +93,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Cron job for hourly git status"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/hourly.local
|
||||
line: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
||||
owner: root
|
||||
|
@ -104,7 +104,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Cron job for hourly git status - next_part"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/hourly.local
|
||||
line: 'next_part "Hourly warning for unclean Git repository if nobody is connected:"'
|
||||
insertbefore: "who > /dev/null || /usr/share/scripts/etc-git-status"
|
||||
|
@ -116,7 +116,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Cron job for daily git status"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
line: "/usr/share/scripts/etc-git-status"
|
||||
owner: root
|
||||
|
@ -127,7 +127,7 @@
|
|||
- etc-git
|
||||
|
||||
- name: "Cron job for daily git status - next_part"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
line: 'next_part "Daily warning for unclean Git repository:"'
|
||||
insertbefore: "/usr/share/scripts/etc-git-status"
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
# Info : old zzz_evobackup used sh, and since "sh" match "bash", we keep "sh" for regex commands
|
||||
|
||||
- name: "Copy zzz_evobackup script"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: zzz_evobackup
|
||||
dest: /usr/share/scripts/zzz_evobackup
|
||||
owner: root
|
||||
|
@ -13,7 +14,7 @@
|
|||
- evobackup
|
||||
|
||||
- name: "Copy update-evobackup-canary script"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: 000-update-evobackup-canary
|
||||
dest: /usr/share/scripts/000-update-evobackup-canary
|
||||
owner: root
|
||||
|
@ -24,7 +25,7 @@
|
|||
- evobackup
|
||||
|
||||
- name: "Fetch daily.local content"
|
||||
command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local'
|
||||
ansible.builtin.command: 'grep "sh /usr/share/scripts/zzz_evobackup" /etc/daily.local'
|
||||
check_mode: false
|
||||
register: daily_local_content
|
||||
failed_when: false
|
||||
|
@ -33,7 +34,7 @@
|
|||
- evobackup
|
||||
|
||||
- name: "Add evobackup cron (disabled)"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
line: '#bash /usr/share/scripts/zzz_evobackup'
|
||||
owner: root
|
||||
|
@ -45,7 +46,7 @@
|
|||
- evobackup
|
||||
|
||||
- name: "Add evobackup cron - next_part"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
line: 'next_part "EvoBackup output:"'
|
||||
insertbefore: 'sh /usr/share/scripts/zzz_evobackup'
|
||||
|
@ -56,7 +57,7 @@
|
|||
- evobackup
|
||||
|
||||
- name: "Add canary cron"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
line: 'sh /usr/share/scripts/000-update-evobackup-canary'
|
||||
insertafter: 'next_part "EvoBackup output:"'
|
||||
|
@ -67,7 +68,7 @@
|
|||
- evobackup
|
||||
|
||||
- name: "Delete legacy evobackup root crontab"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /var/cron/tabs/root
|
||||
regexp: '/usr/share/scripts/zzz_evobackup'
|
||||
validate: /usr/bin/crontab %s
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
---
|
||||
- name: "Run evocheck"
|
||||
command: "{{ evocheck_bin_dir }}/evocheck.sh"
|
||||
ansible.builtin.command:
|
||||
cmd: "{{ evocheck_bin_dir }}/evocheck.sh"
|
||||
register: evocheck_run
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
check_mode: false
|
||||
tags:
|
||||
- evocheck-exec
|
||||
|
||||
- debug:
|
||||
- ansible.builtin.debug:
|
||||
var: evocheck_run.stdout_lines
|
||||
when: evocheck_run.stdout | length != 0
|
||||
when: evocheck_run.stdout | length > 0
|
||||
tags:
|
||||
- evocheck-exec
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
- name: "Scripts dir is present"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: "{{ evocheck_bin_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
|
@ -11,7 +11,7 @@
|
|||
- evocheck
|
||||
|
||||
- name: "Copy evocheck.sh"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: evocheck.sh
|
||||
dest: "{{ evocheck_bin_dir }}/evocheck.sh"
|
||||
mode: "0700"
|
||||
|
@ -22,7 +22,7 @@
|
|||
- evocheck-utils
|
||||
|
||||
- name: "Copy evocheck.cf"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: evocheck.cf
|
||||
dest: /etc/evocheck.cf
|
||||
mode: "0644"
|
||||
|
@ -31,7 +31,7 @@
|
|||
- evocheck
|
||||
|
||||
- name: "Delete legacy evocheck cron"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
regexp: 'sh /usr/share/scripts/evocheck.sh --verbose --cron'
|
||||
state: absent
|
||||
|
@ -39,7 +39,7 @@
|
|||
- evocheck
|
||||
|
||||
- name: "Add evocheck cron"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
insertbefore: BOF
|
||||
line: 'sh /usr/share/scripts/evocheck.sh --verbose $cron_arg'
|
||||
|
@ -50,7 +50,7 @@
|
|||
- evocheck
|
||||
|
||||
- name: "Add evocheck cron - test for date"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
insertbefore: BOF
|
||||
line: 'if [ $(date +%d) -eq "01" ]; then cron_arg=""; else cron_arg="--cron"; fi'
|
||||
|
@ -61,7 +61,7 @@
|
|||
- evocheck
|
||||
|
||||
- name: "Add evocheck cron - next_part"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/daily.local
|
||||
insertbefore: BOF
|
||||
line: 'next_part "Evocheck output:"'
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Create scripts directory"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /usr/share/scripts/
|
||||
state: directory
|
||||
owner: root
|
||||
|
@ -10,7 +10,7 @@
|
|||
- evomaintenance
|
||||
|
||||
- name: "Copy evomaintenance script and template"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item.src }}"
|
||||
dest: "{{ item.dest }}"
|
||||
owner: 'root'
|
||||
|
@ -24,7 +24,7 @@
|
|||
- evomaintenance-utils
|
||||
|
||||
- name: "Configure evomaintenance"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: evomaintenance.j2
|
||||
dest: /etc/evomaintenance.cf
|
||||
owner: root
|
||||
|
|
|
@ -1,18 +1,20 @@
|
|||
---
|
||||
- name: "Enable IPv4 forwarding"
|
||||
sysctl:
|
||||
ansible.posix.sysctl:
|
||||
name: net.inet.ip.forwarding
|
||||
value: "1"
|
||||
state: present
|
||||
reload: true
|
||||
tags:
|
||||
- forwarding
|
||||
- forwarding-v4
|
||||
|
||||
- name: "Enable IPv6 forwarding"
|
||||
sysctl:
|
||||
ansible.posix.sysctl:
|
||||
name: net.inet6.ip6.forwarding
|
||||
value: "1"
|
||||
state: present
|
||||
reload: true
|
||||
tags:
|
||||
- forwarding
|
||||
- forwarding-v6
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Install logsentry"
|
||||
openbsd_pkg:
|
||||
community.general.openbsd_pkg:
|
||||
name:
|
||||
- logsentry--
|
||||
state: present
|
||||
|
@ -8,7 +8,7 @@
|
|||
- logsentry
|
||||
|
||||
- name: "Copy logsentry script to /usr/share/scripts"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: logsentry.sh
|
||||
dest: /usr/share/scripts/logsentry.sh
|
||||
owner: root
|
||||
|
@ -18,7 +18,7 @@
|
|||
- logsentry
|
||||
|
||||
- name: "Copy custom logsentry configuration files"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/etc/logsentry/{{ item }}"
|
||||
owner: root
|
||||
|
@ -32,12 +32,14 @@
|
|||
- logsentry-config
|
||||
|
||||
- name: "Delete unused default script"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
state: absent
|
||||
path: /etc/logsentry/logsentry.sh
|
||||
tags:
|
||||
- logsentry
|
||||
|
||||
- name: "Hourly cron job for logsentry.sh is installed"
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: logsentry
|
||||
minute: "11"
|
||||
job: >
|
||||
|
|
1074
roles/nagios-nrpe/files/plugins_bsd/check_ipmi_sensor
Executable file
1074
roles/nagios-nrpe/files/plugins_bsd/check_ipmi_sensor
Executable file
|
@ -0,0 +1,1074 @@
|
|||
#!/usr/bin/perl
|
||||
# check_ipmi_sensor: Nagios/Icinga plugin to check IPMI sensors
|
||||
#
|
||||
# Copyright (C) 2009-2019 Thomas-Krenn.AG,
|
||||
# additional contributors see changelog.txt
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify it under
|
||||
# the terms of the GNU General Public License as published by the Free Software
|
||||
# Foundation; either version 3 of the License, or (at your option) any later
|
||||
# version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
||||
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
|
||||
# details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License along with
|
||||
# this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
################################################################################
|
||||
# The following guides provide helpful information if you want to extend this
|
||||
# script:
|
||||
# http://tldp.org/LDP/abs/html/ (Advanced Bash-Scripting Guide)
|
||||
# http://www.gnu.org/software/gawk/manual/ (Gawk: Effective AWK Programming)
|
||||
# http://de.wikibooks.org/wiki/Awk (awk Wikibook, in German)
|
||||
# http://nagios.sourceforge.net/docs/3_0/customobjectvars.html (hints on
|
||||
# custom object variables)
|
||||
# http://nagiosplug.sourceforge.net/developer-guidelines.html (plug-in
|
||||
# development guidelines)
|
||||
# http://nagios.sourceforge.net/docs/3_0/pluginapi.html (plugin API)
|
||||
################################################################################
|
||||
use strict;
|
||||
use warnings;
|
||||
use Getopt::Long qw(:config no_ignore_case);
|
||||
use IPC::Run qw( run ); #interact with processes
|
||||
################################################################################
|
||||
# set text variables
|
||||
our $check_ipmi_sensor_version = "3.13";
|
||||
|
||||
sub get_version{
|
||||
return <<EOT;
|
||||
check_ipmi_sensor version $check_ipmi_sensor_version
|
||||
Copyright (C) 2009-2019 Thomas-Krenn.AG
|
||||
Current updates at https://github.com/thomas-krenn/check_ipmi_sensor_v3.git
|
||||
EOT
|
||||
}
|
||||
|
||||
sub get_usage{
|
||||
return <<EOT;
|
||||
Usage:
|
||||
check_ipmi_sensor -H <hostname>
|
||||
[-f <FreeIPMI config file> | -U <username> -P <password> -L <privilege level>]
|
||||
[-O <FreeIPMI options>] [-b] [-T <sensor type(s)>] [-ST <SEL sensor type(s)>]
|
||||
[-x <sensor id>] [-xT <sensor type(s)>] [-xST <SEL sensor type(s)]
|
||||
[-i <sensor id>] [-o zenoss] [-D <protocol LAN version>] [-h] [-V]
|
||||
[-fc <num_fans>] [--fru] [--nosel] [--selonly] [--seltail <count>]
|
||||
[-sx|--selexclude <sel exclude file>] [-xx|--sexclude <exclude file>]
|
||||
[-us|--unify-sensors <unify file>] [--nosudo [--nothresholds]
|
||||
[--noentityabsent] [-s <ipmi-sensor output file>] [-h] [-V]
|
||||
[-v|-vv|-vvv]
|
||||
EOT
|
||||
}
|
||||
|
||||
sub get_help{
|
||||
return <<EOT;
|
||||
[-H <hostname>]
|
||||
hostname or IP of the IPMI interface.
|
||||
For \"-H localhost\" or if no host is specified (local computer) the
|
||||
Nagios/Icinga user must be allowed to run
|
||||
ipmimonitoring/ipmi-sensors/ipmi-sel/[ipmi-fru] with root privileges
|
||||
or via sudo (ipmimonitoring/ipmi-sensors/ipmi-sel/[ipmi-fru] must be
|
||||
able to access the IPMI devices via the IPMI system interface).
|
||||
[-f <FreeIPMI config file>]
|
||||
path to the FreeIPMI configuration file.
|
||||
Only neccessary for communication via network.
|
||||
Not neccessary for access via IPMI system interface (\"-H localhost\").
|
||||
It should contain IPMI username, IPMI password, and IPMI privilege-level,
|
||||
for example:
|
||||
username monitoring
|
||||
password yourpassword
|
||||
privilege-level user
|
||||
As alternative you can use -U/-P/-L instead (see below).
|
||||
[-U <username> -P <password> -L <privilege level>]
|
||||
IPMI username, IPMI password and IPMI privilege level, provided as
|
||||
parameters and not by a FreeIPMI configuration file. Useful for RHEL/
|
||||
Centos 5.* with FreeIPMI 0.5.1 (this elder FreeIPMI version does not
|
||||
support config files).
|
||||
Warning: with this method the password is visible in the process list.
|
||||
So whenever possible use a FreeIPMI confiugration file instead.
|
||||
[-O <FreeIPMI options>]
|
||||
additional options for FreeIPMI. Useful for RHEL/CentOS 5.* with
|
||||
FreeIPMI 0.5.1 (this elder FreeIPMI version does not support config
|
||||
files).
|
||||
[-b]
|
||||
backward compatibility mode for FreeIPMI 0.5.* (this omits the FreeIPMI
|
||||
caching options --quiet-cache and --sdr-cache-recreate)
|
||||
[-T <sensor type(s)>]
|
||||
limit sensors to query based on IPMI sensor type.
|
||||
Examples for IPMI sensor types are 'Fan', 'Temperature', 'Voltage', ...
|
||||
See the output of the FreeIPMI command 'ipmi-sensors -L' and chapter
|
||||
'42.2 Sensor Type Codes and Data' of the IPMI 2.0 spec for a full list
|
||||
of possible sensor types. You can also find the full list of possible
|
||||
sensor types at https://www.thomas-krenn.com/en/wiki/IPMI_Sensor_Types
|
||||
The available types depend on your particular server and the available
|
||||
sensors there.
|
||||
Multiple sensor types can be specified as a comma-separated list.
|
||||
[-ST <SEL sensor type(s)>]
|
||||
limit SEL entries to specific types, run 'ipmi-sel -L' for a list of
|
||||
types. All sensors are populated to the SEL and per default all sensor
|
||||
types are monitored. E.g. to limit the sensor SEL types to Memory and
|
||||
Processsor use -ST 'Memory,Processor'.
|
||||
[-x <sensor id>]
|
||||
exclude sensor matching <sensor id>. Useful for cases when unused
|
||||
sensors cannot be deleted from SDR and are reported in a non-OK state.
|
||||
Option can be specified multiple times. The <sensor id> is a numeric
|
||||
value (sensor names are not used as some servers have multiple sensors
|
||||
with the same name). Use -vvv option to query the <sensor ids>.
|
||||
[-xT <sensor type(s)>]
|
||||
exclude sensors based on IPMI sensor type.
|
||||
Multiple sensor types can be specified as a comma-separated list.
|
||||
[-xST <SEL sensor type(s)]
|
||||
exclude SEL entries of specific sensor types.
|
||||
Multiple sensor types can be specified as a comma-separated list.
|
||||
[-i <sensor id>]
|
||||
include only sensor matching <sensor id>. Useful for cases when only
|
||||
specific sensors should be monitored. Be aware that only for the
|
||||
specified sensor errors/warnings are generated. Use -vvv option to query
|
||||
the <sensor ids>.
|
||||
[-v|-vv|-vvv]
|
||||
be verbose
|
||||
(no -v) .. single line output
|
||||
-v ..... single line output with additional details for warnings
|
||||
-vv ..... multi line output, also with additional details for warnings
|
||||
-vvv ..... debugging output, followed by normal multi line output
|
||||
[-o]
|
||||
change output format. Useful for using the plugin with other monitoring
|
||||
software than Nagios or Icinga.
|
||||
-o zenoss .. create ZENOSS compatible formatted output (output with
|
||||
underscores instead of whitespaces and no single quotes)
|
||||
[-D]
|
||||
change the protocol LAN version. Normally LAN_2_0 is used as protocol
|
||||
version if not overwritten with this option. Use 'default' here if you
|
||||
don't want to use LAN_2_0.
|
||||
[-fc <num fans>]
|
||||
number of installed fans. If the number of current installed
|
||||
fans reported by IPMI is not equal than <num fans> then a Warning state
|
||||
is returned. Please use this option carefully as number of fans and
|
||||
number of fan sensors can differ!
|
||||
[--fru]
|
||||
print the product serial number if it is available in the IPMI FRU data.
|
||||
For this purpose the tool 'ipmi-fru' is used. E.g.:
|
||||
IPMI Status: OK (9000096781)
|
||||
[--nosel]
|
||||
turn off system event log checking via ipmi-sel. If there are
|
||||
unintentional entries in SEL, use 'ipmi-sel --clear' or the -sx or -xST
|
||||
option.
|
||||
[--selonly]
|
||||
check only system event log checking via ipmi-sel. If there are
|
||||
unintentional entries in SEL, use 'ipmi-sel --clear' or the -sx or -xST
|
||||
option.
|
||||
[--seltail <count>]
|
||||
limit SEL output to specified count of last messages
|
||||
[-sx|--selexclude <sel exclude file>]
|
||||
use a sel exclude file to exclude entries from the system event log.
|
||||
Specify name and type pipe delimitered in this file to exclude an entry,
|
||||
for example: System Chassis Chassis Intru|Physical Security
|
||||
To get valid names and types use the -vvv option and take a look at:
|
||||
debug output for sel (-vvv is set). Don't use name and type from the
|
||||
web interface as sensor descriptions are not complete there.
|
||||
As with the '-xx' option if the first character of a line is '~' the
|
||||
name is treated as a regular expression.
|
||||
[-xx|--sexclude <exclude file>]
|
||||
use an exclude file to exclude sensors, each line specifies an exclude.
|
||||
Specify name and type pipe delimitered in this file to exclude a sensor,
|
||||
for example: System Chassis Chassis Intru|Physical Security
|
||||
If the first character of a line is '~' the name is treated as a regular
|
||||
expression. E.g. to exclude all sensor names from CPU0 to CPU9:
|
||||
~CPU[0-9] Temp|Temperature
|
||||
To get valid names and types use the -vvv option.
|
||||
[-us|--unify-sensors <unify file>]
|
||||
use an unify file to unify sensor names. This is an easy way to rename
|
||||
sensors with given patterns in the file. Once might use this option
|
||||
to get the same sensor names accross different platforms, e.g. to only
|
||||
have 'Mainboard Temperature' as sensor name and not 'MB1 Temperature' or 'System Temp'.
|
||||
Rules in the file follow simple regex patterns e.g.:
|
||||
^(MB1 Temperature|System Temp)\$/Mainboard Temperature
|
||||
Temp\$/TEMP
|
||||
[--nosudo]
|
||||
turn off sudo usage on localhost or if ipmi host is ommited.
|
||||
[--nothresholds]
|
||||
turn off performance data thresholds from output-sensor-thresholds.
|
||||
[--noentityabsent]
|
||||
skip sensor checks for sensors that have 'noentityabsent' as event state
|
||||
[-s <ipmi-sensor output file>]
|
||||
simulation mode - test the plugin with an ipmi-sensor output redirected
|
||||
to a file.
|
||||
[-h]
|
||||
show this help
|
||||
[-V]
|
||||
show version information
|
||||
|
||||
Examples:
|
||||
\$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user
|
||||
IPMI Status: OK | 'System Temp'=30.00 'Peripheral Temp'=32.00
|
||||
'FAN 1'=2775.00 [...]
|
||||
\$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user -x 205
|
||||
IPMI Status: OK | 'System Temp'=30.00 'Peripheral Temp'=32.00
|
||||
'FAN 2'=2775.00 [...]
|
||||
\$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user -i 4,71
|
||||
IPMI Status: OK | 'System Temp'=30.00 'Peripheral Temp'=32.00
|
||||
\$ check_ipmi_sensor -H 192.0.2.1 -U monitor -P monitor -L user -i 4 --fru
|
||||
IPMI Status: OK (0000012345) | 'System Temp'=30.00
|
||||
|
||||
Further information about this plugin can be found at
|
||||
http://www.thomas-krenn.com/en/wiki/IPMI_Sensor_Monitoring_Plugin
|
||||
|
||||
Use the github repo at https://github.com/thomas-krenn/check_ipmi_sensor_v3.git
|
||||
to submit patches, suggest improvements or if you have questions regarding
|
||||
use of this plugin.
|
||||
|
||||
Attention: the mailing list is no longer in use but an archive can be found at
|
||||
http://lists.thomas-krenn.com/
|
||||
EOT
|
||||
}
|
||||
|
||||
sub usage{
|
||||
my ($arg) = @_; #the list of inputs
|
||||
my ($exitcode);
|
||||
if ( defined $arg ){
|
||||
if ( $arg =~ m/^\d+$/ ){
|
||||
$exitcode = $arg;
|
||||
}
|
||||
else{
|
||||
print STDOUT $arg, "\n";
|
||||
$exitcode = 1;
|
||||
}
|
||||
}
|
||||
print STDOUT get_usage();
|
||||
exit($exitcode) if defined $exitcode;
|
||||
}
|
||||
################################################################################
|
||||
# set ipmimonitoring path
|
||||
our $MISSING_COMMAND_TEXT = '';
|
||||
our $IPMICOMMAND ="";
|
||||
if(-x "/usr/sbin/ipmimonitoring"){
|
||||
$IPMICOMMAND = "/usr/sbin/ipmimonitoring";
|
||||
}
|
||||
elsif (-x "/usr/bin/ipmimonitoring"){
|
||||
$IPMICOMMAND = "/usr/bin/ipmimonitoring";
|
||||
}
|
||||
elsif (-x "/usr/local/sbin/ipmimonitoring"){
|
||||
$IPMICOMMAND = "/usr/local/sbin/ipmimonitoring";
|
||||
}
|
||||
elsif (-x "/usr/local/bin/ipmimonitoring"){
|
||||
$IPMICOMMAND = "/usr/local/bin/ipmimonitoring";
|
||||
}
|
||||
else{
|
||||
$MISSING_COMMAND_TEXT = " ipmimonitoring/ipmi-sensors command not found!\n";
|
||||
}
|
||||
|
||||
# Identify the version of the ipmi-tool
|
||||
sub get_ipmi_version{
|
||||
my @ipmi_version_output = '';
|
||||
my $ipmi_version = '';
|
||||
@ipmi_version_output = `$IPMICOMMAND -V`;
|
||||
$ipmi_version = shift(@ipmi_version_output);
|
||||
$ipmi_version =~ /(\d+)\.(\d+)\.(\d+)/;
|
||||
@ipmi_version_output = ();
|
||||
push @ipmi_version_output,$1,$2,$3;
|
||||
return @ipmi_version_output;
|
||||
}
|
||||
|
||||
sub simulate{
|
||||
my $output = '';
|
||||
my $simul_file = $_[0];
|
||||
if( !defined $simul_file || (-x '\"'.$simul_file.'\"')){
|
||||
print "DEBUG: Using simulation file: $simul_file\n";
|
||||
print "Error: Simulation file with ipmi output not found.\n";
|
||||
exit(3);
|
||||
}
|
||||
return ($output = `cat $simul_file`);
|
||||
}
|
||||
|
||||
sub get_fru{
|
||||
my @frucmd = @{(shift)};
|
||||
my $verbosity = shift;
|
||||
my $fru;
|
||||
if(-e '/usr/sbin/ipmi-fru'){
|
||||
$fru = '/usr/sbin/ipmi-fru';
|
||||
}
|
||||
else{
|
||||
chomp($fru = `which ipmi-fru`);
|
||||
}
|
||||
#if sudo is used the command is the second element
|
||||
if($frucmd[0] eq 'sudo'){
|
||||
$frucmd[1] = $fru;
|
||||
}
|
||||
else{
|
||||
$frucmd[0] = $fru;
|
||||
}
|
||||
#skip checksum validation
|
||||
push @frucmd,'-s';
|
||||
my $fruoutput;
|
||||
my $returncode;
|
||||
run \@frucmd, '>&', \$fruoutput;
|
||||
#the upper eight bits contain the error condition (exit code)
|
||||
#see http://perldoc.perl.org/perlvar.html#Error-Variables
|
||||
$returncode = $? >> 8;
|
||||
if ( $returncode != 0 ){
|
||||
print "$fruoutput\n";
|
||||
print "-> Execution of $fru failed with return code $returncode.\n";
|
||||
print "-> $fru was executed with the following parameters:\n";
|
||||
print " ", join(' ', @frucmd), "\n";
|
||||
exit(3);
|
||||
}
|
||||
if($verbosity == 3){
|
||||
print "------------- debug output for fru (-vvv is set): ------------\n";
|
||||
print " $fru was executed with the following parameters:\n";
|
||||
print " ", join(' ', @frucmd), "\n";
|
||||
print " output of FreeIPMI:\n";
|
||||
print "$fruoutput";
|
||||
}
|
||||
return split('\n', $fruoutput);
|
||||
}
|
||||
|
||||
sub get_sel{
|
||||
my @selcmd = @{(shift)};
|
||||
my $verbosity = shift;
|
||||
my @sel_sensor_types = @{(shift)};
|
||||
my @exclude_sel_sensor_types = @{(shift)};
|
||||
my $sel;
|
||||
if(-e '/usr/sbin/ipmi-sel'){
|
||||
$sel = '/usr/sbin/ipmi-sel';
|
||||
}
|
||||
else{
|
||||
chomp($sel = `which ipmi-sel`);
|
||||
}
|
||||
#if sudo is used the command is the second element
|
||||
if($selcmd[0] eq 'sudo'){
|
||||
$selcmd[1] = $sel;
|
||||
}
|
||||
else{
|
||||
$selcmd[0] = $sel;
|
||||
}
|
||||
push @selcmd, '--output-event-state', '--interpret-oem-data', '--entity-sensor-names';
|
||||
push @selcmd, '--sensor-types=' . join(',', @sel_sensor_types);
|
||||
push @selcmd, '--exclude-sensor-types=' . join(',', @exclude_sel_sensor_types);
|
||||
my $seloutput;
|
||||
my $returncode;
|
||||
run \@selcmd, '>&', \$seloutput;
|
||||
$returncode = $? >> 8;
|
||||
if ( $returncode != 0 ){
|
||||
print "$seloutput\n";
|
||||
print "-> Execution of $sel failed with return code $returncode.\n";
|
||||
print "-> $sel was executed with the following parameters:\n";
|
||||
print " ", join(' ', @selcmd), "\n";
|
||||
exit(3);
|
||||
}
|
||||
if($verbosity == 3){
|
||||
print "------------- debug output for sel (-vvv is set): ------------\n";
|
||||
print " $sel was executed with the following parameters:\n";
|
||||
print " ", join(' ', @selcmd), "\n";
|
||||
print " output of FreeIPMI:\n";
|
||||
print "$seloutput";
|
||||
}
|
||||
return split('\n', $seloutput);
|
||||
}
|
||||
|
||||
sub parse_sel{
|
||||
my $selcmd = shift;
|
||||
my $verbosity = shift;
|
||||
my $sel_xfile = shift;
|
||||
my $sel_sensor_types = shift;
|
||||
my $exclude_sel_sensor_types = shift;
|
||||
my @seloutput = get_sel($selcmd, $verbosity, $sel_sensor_types, $exclude_sel_sensor_types);
|
||||
@seloutput = map { [ map { s/^\s*//; s/\s*$//; $_; } split(m/\|/, $_) ] } @seloutput;
|
||||
my $header = shift(@seloutput);
|
||||
|
||||
my @sel_rows;
|
||||
foreach my $row (@seloutput){
|
||||
my %curr_row;
|
||||
for(my $i = 0; $i < scalar(@{$header}); $i++){
|
||||
my $key = lc $header->[$i];
|
||||
$curr_row{$key} = $row->[$i];
|
||||
}
|
||||
if(!(exclude_with_file($sel_xfile, $curr_row{'name'}, $curr_row{'type'}))){
|
||||
push @sel_rows, \%curr_row;
|
||||
}
|
||||
}
|
||||
return \@sel_rows;
|
||||
}
|
||||
|
||||
sub get_dcmi{
|
||||
my @dcmicmd = @{(shift)};
|
||||
my $verbosity = shift;
|
||||
my $dcmi;
|
||||
if(-e '/usr/sbin/ipmi-dcmi'){
|
||||
$dcmi = '/usr/sbin/ipmi-dcmi';
|
||||
}
|
||||
else{
|
||||
chomp($dcmi = `which ipmi-dcmi`);
|
||||
}
|
||||
#if sudo is used the command is the second element
|
||||
if($dcmicmd[0] eq 'sudo'){
|
||||
$dcmicmd[1] = $dcmi;
|
||||
}
|
||||
else{
|
||||
$dcmicmd[0] = $dcmi;
|
||||
}
|
||||
push @dcmicmd, '--get-system-power-statistics';
|
||||
|
||||
my $dcmioutput;
|
||||
my $returncode;
|
||||
run \@dcmicmd, '>&', \$dcmioutput;
|
||||
$returncode = $? >> 8;
|
||||
if ( $returncode == 0 ){
|
||||
return split('\n', $dcmioutput);
|
||||
}
|
||||
}
|
||||
|
||||
sub parse_dcmi{
|
||||
my $dcmicmd = shift;
|
||||
my $verbosity = shift;
|
||||
my @dcmioutput = get_dcmi($dcmicmd, $verbosity);
|
||||
if(@dcmioutput){
|
||||
@dcmioutput = map { [ map { s/^\s*//; s/\s*$//; $_; } split(m/\:/, $_) ] } @dcmioutput;
|
||||
my %current_power;
|
||||
my $power_available = 0;
|
||||
foreach my $power (@dcmioutput){
|
||||
if(defined($power) && defined($power->[0]) && $power->[0] ne ''){
|
||||
if($power->[0] eq 'Current Power'){
|
||||
$power->[1] =~ m/^(\d+)/;
|
||||
my $watts = $1;
|
||||
$current_power{'Current Power'} = $watts;
|
||||
}
|
||||
if($power->[0] eq 'Power Measurement'){
|
||||
if($power->[1] eq 'Active'){
|
||||
$power_available = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if($power_available == 1){
|
||||
return \%current_power;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Excludes a name and type pair if it is present in the given file, pipe
|
||||
# delimitered.
|
||||
# @return 1 if name should be skipped, 0 if not
|
||||
sub exclude_with_file{
|
||||
my $file_name = shift;
|
||||
my $name = shift;
|
||||
my $type = shift;
|
||||
my @xlist;
|
||||
my $skip = 0;
|
||||
if($file_name){
|
||||
if(!(open (FH, "< $file_name"))){
|
||||
print "-> Reading exclude file $file_name failed with: $!.\n";
|
||||
exit(3);
|
||||
};
|
||||
@xlist = <FH>;
|
||||
}
|
||||
foreach my $exclude (@xlist){
|
||||
my @curr_exclude = map { s/^\s*//; s/\s*$//; $_; } split(/\|/,$exclude);
|
||||
if(@curr_exclude && $curr_exclude[0] ne '' && $curr_exclude[1] ne ''){
|
||||
#if the first char of the name in the exclude file is a '~' treat it as regex
|
||||
if(substr($curr_exclude[0], 0, 1 ) eq '~'){
|
||||
my $regex_curr_exclude = substr $curr_exclude[0], 1;
|
||||
if($name =~ m/$regex_curr_exclude/ && $curr_exclude[1] eq $type){
|
||||
$skip = 1;
|
||||
}
|
||||
}
|
||||
elsif($curr_exclude[0] eq $name && $curr_exclude[1] eq $type){
|
||||
$skip = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
close FH;
|
||||
return $skip;
|
||||
}
|
||||
|
||||
# Reads regular expressions from a file and applies the rules to sensor names.
|
||||
# This unifies sensor names across different platforms.
|
||||
# @return The sensor name with specified unify rules applied
|
||||
sub unify_with_file{
|
||||
my $file_name = shift;
|
||||
my $name = shift;# given sensor name
|
||||
my @ulist;# list of rules to apply
|
||||
if($file_name){
|
||||
if(!(open (FH, "< $file_name"))){
|
||||
print "-> Reading unify file $file_name failed with: $!.\n";
|
||||
exit(3);
|
||||
};
|
||||
@ulist = <FH>;
|
||||
}
|
||||
foreach my $unify_rule (@ulist){
|
||||
#split at the only / that is not masked with a \,
|
||||
#this is the separator in s/x/y/g to get x and y
|
||||
my @curr_rule = map { s/^\s*//; s/\s*$//; $_; } split(/(?<!\\)\//,$unify_rule);
|
||||
if(@curr_rule && $curr_rule[0] ne '' && $curr_rule[1] ne ''){
|
||||
$name =~ s/$curr_rule[0]/$curr_rule[1]/g;
|
||||
}
|
||||
}
|
||||
close FH;
|
||||
return $name;
|
||||
}
|
||||
|
||||
#define entire hashes
|
||||
our %hdrmap = (
|
||||
'Record_ID' => 'id', # FreeIPMI ...,0.7.x
|
||||
'Record ID' => 'id', # FreeIPMI 0.8.x,... with --legacy-output
|
||||
'ID' => 'id', # FreeIPMI 0.8.x
|
||||
'Sensor Name' => 'name',
|
||||
'Name' => 'name', # FreeIPMI 0.8.x
|
||||
'Sensor Group' => 'type',
|
||||
'Type' => 'type', # FreeIPMI 0.8.x
|
||||
'Monitoring Status' => 'state',
|
||||
'State' => 'state', # FreeIPMI 0.8.x
|
||||
'Sensor Units' => 'units',
|
||||
'Units' => 'units', # FreeIPMI 0.8.x
|
||||
'Sensor Reading' => 'reading',
|
||||
'Reading' => 'reading', # FreeIPMI 0.8.x
|
||||
'Event' => 'event', # FreeIPMI 0.8.x
|
||||
'Lower C' => 'lowerC',
|
||||
'Lower NC' => 'lowerNC',
|
||||
'Upper C' => 'upperC',
|
||||
'Upper NC' => 'upperNC',
|
||||
'Lower NR' => 'lowerNR',
|
||||
'Upper NR' => 'upperNR',
|
||||
);
|
||||
|
||||
our $verbosity = 0;
|
||||
|
||||
MAIN: {
|
||||
$| = 1; #force a flush after every write or print
|
||||
my @ARGV_SAVE = @ARGV;#keep args for verbose output
|
||||
my ($show_help, $show_version);
|
||||
my ($ipmi_host, $ipmi_user, $ipmi_password, $ipmi_privilege_level, $ipmi_config_file, $ipmi_outformat);
|
||||
my (@freeipmi_options, $freeipmi_compat);
|
||||
my (@ipmi_sensor_types, @ipmi_exclude_sensor_types, @ipmi_xlist, @ipmi_ilist);
|
||||
my (@ipmi_version);
|
||||
my $ipmi_sensors = 0;#states to use ipmi-sensors instead of ipmimonitoring
|
||||
my $fan_count;#number of fans that should be installed in unit
|
||||
my $lanVersion;#if desired use a different protocol version
|
||||
my $abort_text = '';
|
||||
my $zenoss = 0;
|
||||
my @sel_sensor_types;
|
||||
my @exclude_sel_sensor_types;
|
||||
my $sel_issues_present = 0;
|
||||
my $simulate = '';
|
||||
my ($use_fru, $no_sel, $sel_only, $sel_tail, $no_sudo, $use_thresholds, $no_thresholds, $sel_xfile, $s_xfile, $s_ufile, $no_entity_absent);
|
||||
|
||||
#read in command line arguments and init hash variables with the given values from argv
|
||||
if ( !( GetOptions(
|
||||
'H|host=s' => \$ipmi_host,
|
||||
'f|config-file=s' => \$ipmi_config_file,
|
||||
'U|user=s' => \$ipmi_user,
|
||||
'P|password=s' => \$ipmi_password,
|
||||
'L|privilege-level=s' => \$ipmi_privilege_level,
|
||||
'O|options=s' => \@freeipmi_options,
|
||||
'b|compat' => \$freeipmi_compat,
|
||||
'T|sensor-types=s' => \@ipmi_sensor_types,
|
||||
'xT|exclude-sensor-types=s' => \@ipmi_exclude_sensor_types,
|
||||
'ST|sel-sensor-types=s' => \@sel_sensor_types,
|
||||
'xST|exclude-sel-sensor-types=s' => \@exclude_sel_sensor_types,
|
||||
'fru' => \$use_fru,
|
||||
'nosel' => \$no_sel,
|
||||
'selonly' => \$sel_only,
|
||||
'seltail=s' => \$sel_tail,
|
||||
'nosudo' => \$no_sudo,
|
||||
'nothresholds' => \$no_thresholds,
|
||||
'noentityabsent' => \$no_entity_absent,
|
||||
'v|verbosity' => \$verbosity,
|
||||
'vv' => sub{$verbosity=2},
|
||||
'vvv' => sub{$verbosity=3},
|
||||
'x|exclude=s' => \@ipmi_xlist,
|
||||
'sx|selexclude=s' => \$sel_xfile,
|
||||
'xx|sexclude=s' => \$s_xfile,
|
||||
'us|unify-sensors=s'=> \$s_ufile,
|
||||
'i|include=s' => \@ipmi_ilist,
|
||||
'o|outformat=s' => \$ipmi_outformat,
|
||||
'fc|fancount=i' => \$fan_count,
|
||||
'D=s' => \$lanVersion,
|
||||
's=s' => \$simulate,
|
||||
'h|help' =>
|
||||
sub{print STDOUT get_version();
|
||||
print STDOUT "\n";
|
||||
print STDOUT get_usage();
|
||||
print STDOUT "\n";
|
||||
print STDOUT get_help();
|
||||
exit(0)
|
||||
},
|
||||
'V|version' =>
|
||||
sub{
|
||||
print STDOUT get_version();
|
||||
exit(0);
|
||||
},
|
||||
'usage|?' =>
|
||||
sub{print STDOUT get_usage();
|
||||
exit(3);
|
||||
}
|
||||
) ) ){
|
||||
usage(1);#call usage if GetOptions failed
|
||||
}
|
||||
usage(1) if @ARGV;#print usage if unknown arg list is left
|
||||
|
||||
################################################################################
|
||||
# check for ipmimonitoring or ipmi-sensors. Since version > 0.8 ipmi-sensors is used
|
||||
# if '--legacy-output' is given ipmi-sensors cannot be used
|
||||
if( $MISSING_COMMAND_TEXT ne "" ){
|
||||
print STDOUT "Error:$MISSING_COMMAND_TEXT";
|
||||
exit(3);
|
||||
}
|
||||
else{
|
||||
@ipmi_version = get_ipmi_version();
|
||||
if( $ipmi_version[0] > 0 && (grep(/legacy\-output/,@freeipmi_options)) == 0){
|
||||
$IPMICOMMAND =~ s/ipmimonitoring/ipmi-sensors/;
|
||||
$ipmi_sensors = 1;
|
||||
}
|
||||
if( $ipmi_version[0] > 0 && (grep(/legacy\-output/,@freeipmi_options)) == 1){
|
||||
print "Error: Cannot use ipmi-sensors with option \'--legacy-output\'. Remove it to work correctly.\n";
|
||||
exit(3);
|
||||
}
|
||||
# check if output-sensor-thresholds can be used, this is supported
|
||||
# since 1.2.1. Version 1.2.0 was not released, so skip the third minor
|
||||
# version number
|
||||
if($ipmi_version[0] > 1 || ($ipmi_version[0] == 1 && $ipmi_version[1] >= 2)){
|
||||
$use_thresholds = 1;
|
||||
}
|
||||
else{
|
||||
$use_thresholds = 0;
|
||||
}
|
||||
}
|
||||
###############################################################################
|
||||
# verify if all mandatory parameters are set and initialize various variables
|
||||
#\s defines any whitespace characters
|
||||
#first join the list, then split it at whitespace ' '
|
||||
#also cf. http://perldoc.perl.org/Getopt/Long.html#Options-with-multiple-values
|
||||
@freeipmi_options = split(/\s+/, join(' ', @freeipmi_options)); # a bit hack, shell word splitting should be implemented...
|
||||
@ipmi_sensor_types = split(/,/, join(',', @ipmi_sensor_types));
|
||||
@ipmi_exclude_sensor_types = split(/,/, join(',', @ipmi_exclude_sensor_types));
|
||||
@sel_sensor_types = split(/,/, join(',', @sel_sensor_types));
|
||||
@exclude_sel_sensor_types = split(/,/, join(',', @exclude_sel_sensor_types));
|
||||
@ipmi_xlist = split(/,/, join(',', @ipmi_xlist));
|
||||
@ipmi_ilist = split(/,/, join(',', @ipmi_ilist));
|
||||
|
||||
#check for zenoss output
|
||||
if(defined $ipmi_outformat && $ipmi_outformat eq "zenoss"){
|
||||
$zenoss = 1;
|
||||
}
|
||||
|
||||
# Per default monitor all sensor types, use -ST to specify your sensor types
|
||||
if(!@sel_sensor_types){
|
||||
@sel_sensor_types = ('all');
|
||||
}
|
||||
# If -xST has not been set, set this array to empty.
|
||||
if(!@exclude_sel_sensor_types){
|
||||
@exclude_sel_sensor_types = ('');
|
||||
}
|
||||
|
||||
# Define basic ipmi command
|
||||
my @basecmd = $IPMICOMMAND;
|
||||
# If host is omitted localhost is assumed, if not turned off sudo is used
|
||||
if(!(defined $ipmi_host) || ($ipmi_host eq 'localhost')){
|
||||
if(!defined($no_sudo)){
|
||||
# Only add sudo if not already root
|
||||
@basecmd = ($> != 0 ? 'sudo' : (), $IPMICOMMAND);
|
||||
}
|
||||
}
|
||||
# If we are not local, we need authentication credentials
|
||||
else{
|
||||
# Add the ipmi desired host
|
||||
push @basecmd, '-h', $ipmi_host;
|
||||
if(defined $ipmi_config_file){
|
||||
push @basecmd, '--config-file', $ipmi_config_file;
|
||||
}
|
||||
elsif(defined $ipmi_user && defined $ipmi_password && defined $ipmi_privilege_level ){
|
||||
push @basecmd, '-u', $ipmi_user, '-p', $ipmi_password, '-l', $ipmi_privilege_level;
|
||||
}
|
||||
else{
|
||||
$abort_text = $abort_text . " -f <FreeIPMI config file> or -U <username> -P <password> -L <privilege level>";
|
||||
}
|
||||
if( $abort_text ne ""){
|
||||
print STDOUT "Error: " . $abort_text . " missing.";
|
||||
print STDOUT get_usage();
|
||||
exit(3);
|
||||
}
|
||||
}
|
||||
# copy command for fru usage
|
||||
my @frucmd;
|
||||
if($use_fru){
|
||||
@frucmd = @basecmd
|
||||
}
|
||||
my @selcmd = @basecmd;
|
||||
my @dcmicmd = @basecmd;
|
||||
|
||||
if(@ipmi_sensor_types){
|
||||
# , is the seperator in the new string
|
||||
# -g option is older name for ipmi-sensors -t or --sensor-types and
|
||||
# compatible with both older and newer version of FreeIPMI
|
||||
push @basecmd, '-g', join(',', @ipmi_sensor_types);
|
||||
}
|
||||
|
||||
# add sensor types to exclude
|
||||
if(@ipmi_exclude_sensor_types){
|
||||
push @basecmd, '--exclude-sensor-types', join(',', @ipmi_exclude_sensor_types);
|
||||
}
|
||||
|
||||
|
||||
if(@freeipmi_options){
|
||||
push @basecmd, @freeipmi_options;
|
||||
}
|
||||
|
||||
#keep original basecmd for later usage
|
||||
my @getstatus = @basecmd;
|
||||
|
||||
#if -b is not defined, caching options are used
|
||||
if( !(defined $freeipmi_compat) ){
|
||||
push @getstatus, '--quiet-cache', '--sdr-cache-recreate';
|
||||
}
|
||||
#since version 0.8 it is possible to interpret OEM data
|
||||
if( ($ipmi_version[0] == 0 && $ipmi_version[1] > 7) ||
|
||||
$ipmi_version[0] > 0){
|
||||
push @getstatus, '--interpret-oem-data';
|
||||
}
|
||||
#since version 0.8 it is necessary to add the legacy option
|
||||
if( ($ipmi_version[0] == 0 && $ipmi_version[1] > 7) && (grep(/legacy\-output/,@freeipmi_options) == 0)){
|
||||
push @getstatus, '--legacy-output';
|
||||
}
|
||||
#if ipmi-sensors is used show the state of sensors and ignore N/A
|
||||
if($ipmi_sensors){
|
||||
push @getstatus, '--output-sensor-state', '--ignore-not-available-sensors';
|
||||
}
|
||||
#if not stated otherwise we use protocol lan version 2 per default
|
||||
if(!defined($lanVersion)){
|
||||
$lanVersion = 'LAN_2_0';
|
||||
}
|
||||
if($lanVersion ne 'default' && defined $ipmi_host && $ipmi_host ne 'localhost'){
|
||||
push @getstatus, "--driver-type=$lanVersion";
|
||||
if(!$no_sel){
|
||||
push @selcmd, "--driver-type=$lanVersion";
|
||||
}
|
||||
if($use_fru){
|
||||
push @frucmd, "--driver-type=$lanVersion";
|
||||
}
|
||||
}
|
||||
if($use_thresholds && !$no_thresholds){
|
||||
push @getstatus, '--output-sensor-thresholds';
|
||||
}
|
||||
if(defined($sel_tail)){
|
||||
push @selcmd, "--tail=$sel_tail";
|
||||
}
|
||||
|
||||
################################################################################
|
||||
#execute status command and redirect stdout and stderr to ipmioutput
|
||||
my $ipmioutput;
|
||||
my $returncode;
|
||||
if ($sel_only){
|
||||
$returncode = 0;
|
||||
}
|
||||
elsif(!$simulate){
|
||||
run \@getstatus, '>&', \$ipmioutput;
|
||||
#the upper eight bits contain the error condition (exit code)
|
||||
#see http://perldoc.perl.org/perlvar.html#Error-Variables
|
||||
$returncode = $? >> 8;
|
||||
}
|
||||
else{
|
||||
$ipmioutput = simulate($simulate);
|
||||
print "DEBUG: Using simulation mode\n";
|
||||
$returncode = 0;
|
||||
}
|
||||
my @fruoutput;
|
||||
if($use_fru){
|
||||
@fruoutput = get_fru(\@frucmd, $verbosity);
|
||||
}
|
||||
my $seloutput;
|
||||
if(!$no_sel){
|
||||
$seloutput = parse_sel(\@selcmd, $verbosity, $sel_xfile, \@sel_sensor_types, \@exclude_sel_sensor_types);
|
||||
}
|
||||
my $dcmioutput;
|
||||
$dcmioutput = parse_dcmi(\@dcmicmd, $verbosity);
|
||||
################################################################################
|
||||
# print debug output when verbosity is set to 3 (-vvv)
|
||||
if ( $verbosity == 3 && !$sel_only ){
|
||||
my $ipmicommandversion;
|
||||
run [$IPMICOMMAND, '-V'], '2>&1', '|', ['head', '-n', 1], '&>', \$ipmicommandversion;
|
||||
#remove trailing newline with chomp
|
||||
chomp $ipmicommandversion;
|
||||
print "------------- debug output for sensors (-vvv is set): ------------\n";
|
||||
print " script was executed with the following parameters:\n";
|
||||
print " $0 ", join(' ', @ARGV_SAVE), "\n";
|
||||
print " check_ipmi_sensor version:\n";
|
||||
print " $check_ipmi_sensor_version\n";
|
||||
print " FreeIPMI version:\n";
|
||||
print " $ipmicommandversion\n";
|
||||
print " FreeIPMI was executed with the following parameters:\n";
|
||||
print " ", join(' ', @getstatus), "\n";
|
||||
print " FreeIPMI return code: $returncode\n";
|
||||
print " output of FreeIPMI:\n";
|
||||
print "$ipmioutput\n";
|
||||
print "--------------------- end of debug output ---------------------\n";
|
||||
}
|
||||
|
||||
################################################################################
|
||||
# generate main output
|
||||
if ( $returncode != 0 ){
|
||||
print "$ipmioutput\n";
|
||||
print "-> Execution of $IPMICOMMAND failed with return code $returncode.\n";
|
||||
print "-> $IPMICOMMAND was executed with the following parameters:\n";
|
||||
print " ", join(' ', @getstatus), "\n";
|
||||
exit(3);
|
||||
}
|
||||
else{
|
||||
my @outputRows;
|
||||
if(defined($ipmioutput)){
|
||||
@outputRows = split('\n', $ipmioutput);
|
||||
}
|
||||
if(!$sel_only && (!defined($ipmioutput) || scalar(@outputRows) == 1)){
|
||||
print "-> Your server seems to be powered off.";
|
||||
print " (Execution of FreeIPMI returned an empty output or only 1 header row!)\n";
|
||||
print "-> $IPMICOMMAND was executed with the following parameters:\n";
|
||||
print " ", join(' ', @getstatus), "\n";
|
||||
exit(3);
|
||||
}
|
||||
#print desired filter types
|
||||
if ( @ipmi_sensor_types ){
|
||||
print "Sensor Type(s) ", join(', ', @ipmi_sensor_types), " Status: ";
|
||||
}
|
||||
elsif ($sel_only){
|
||||
print "SEL Status: ";
|
||||
}
|
||||
else{
|
||||
print "IPMI Status: ";
|
||||
}
|
||||
#start with main output
|
||||
my $exit = 0;
|
||||
my $w_sensors = '';#sensors with warnings
|
||||
my $sel_w_sensors = '';#verbose output for sel entries with warnings
|
||||
my $perf = '';#performance sensor
|
||||
my $curr_fans = 0;
|
||||
my @ipmioutput2;#filtered original ipmi output
|
||||
|
||||
#skip ipmi output, if only SEL queried
|
||||
if (!$sel_only){
|
||||
#split at newlines, fetch array with lines of output
|
||||
my @ipmioutput = split('\n', $ipmioutput);
|
||||
|
||||
#remove sudo errors and warnings like they appear on dns resolving issues
|
||||
@ipmioutput = map { /^sudo:/ ? () : $_ } @ipmioutput;
|
||||
|
||||
#remove leading and trailing whitespace characters, split at the pipe delimiter
|
||||
@ipmioutput = map { [ map { s/^\s*//; s/\s*$//; $_; } split(m/\|/, $_) ] } @ipmioutput;
|
||||
|
||||
#shift out the header as it is the first line
|
||||
my $header = shift @ipmioutput;
|
||||
if(!defined($header)){
|
||||
print "$ipmioutput\n";
|
||||
print " FreeIPMI returned an empty header map (first line)";
|
||||
if(@ipmi_sensor_types){
|
||||
print " FreeIPMI could not find any sensors for the given sensor type (option '-T').\n";
|
||||
}
|
||||
exit(3);
|
||||
}
|
||||
my %header;
|
||||
for(my $i = 0; $i < @$header; $i++)
|
||||
{
|
||||
#assigning %header with (key from hdrmap) => $i
|
||||
#checking at which position in the header is which key
|
||||
$header{$hdrmap{$header->[$i]}} = $i;
|
||||
}
|
||||
foreach my $row ( @ipmioutput ){
|
||||
my %row;
|
||||
#fetch keys from header and assign existent values to row
|
||||
#this maps the values from row(ipmioutput) to the header values
|
||||
while ( my ($key, $index) = each %header ){
|
||||
#check if the option to unify sensor names is active
|
||||
if($key eq 'name' && $s_ufile && $s_ufile ne ''){
|
||||
$row{$key} = unify_with_file($s_ufile, $row->[$index]);
|
||||
}
|
||||
else{
|
||||
$row{$key} = $row->[$index];
|
||||
}
|
||||
}
|
||||
if(!(exclude_with_file($s_xfile, $row{'name'}, $row{'type'}))){
|
||||
push @ipmioutput2, \%row;
|
||||
}
|
||||
}
|
||||
#create hash with sensor name an 1
|
||||
my %ipmi_xlist = map { ($_, 1) } @ipmi_xlist;
|
||||
#filter out the desired sensor values
|
||||
@ipmioutput2 = grep(!exists $ipmi_xlist{$_->{'id'}}, @ipmioutput2);
|
||||
#check for an include list
|
||||
if(@ipmi_ilist){
|
||||
my %ipmi_ilist = map { ($_, 1) } @ipmi_ilist;
|
||||
#only include sensors from include list
|
||||
@ipmioutput2 = grep(exists $ipmi_ilist{$_->{'id'}}, @ipmioutput2);
|
||||
}
|
||||
foreach my $row ( @ipmioutput2 ){
|
||||
if( $zenoss ){
|
||||
$row->{'name'} =~ s/ /_/g;
|
||||
}
|
||||
my $check_sensor_state = 1;
|
||||
if($no_entity_absent){
|
||||
if(exists $row->{'event'} && ($row->{'event'} =~ /\'.*((Device|Entity) (Absent|Removed)).*\'/)){
|
||||
$check_sensor_state = 0;
|
||||
}
|
||||
if(exists $row->{'reading'} && ($row->{'reading'} =~ /\'.*((Device|Entity) (Absent|Removed)).*\'/)){
|
||||
$check_sensor_state = 0;
|
||||
}
|
||||
}
|
||||
#check for warning sensors
|
||||
if($check_sensor_state && ($row->{'state'} ne 'Nominal' && $row->{'state'} ne 'N/A')){
|
||||
$exit = 1 if $exit < 1;
|
||||
$exit = 2 if $exit < 2 && $row->{'state'} ne 'Warning';
|
||||
#don't insert a , the first time
|
||||
$w_sensors .= ", " unless $w_sensors eq '';
|
||||
$w_sensors .= "$row->{'name'} = $row->{'state'}";
|
||||
if( $verbosity ){
|
||||
if( $row->{'reading'} ne 'N/A'){
|
||||
$w_sensors .= " ($row->{'reading'})" ;
|
||||
}
|
||||
else{
|
||||
$w_sensors .= " ($row->{'event'})";
|
||||
}
|
||||
}
|
||||
}
|
||||
if($check_sensor_state && ($row->{'units'} ne 'N/A')){
|
||||
my $val = $row->{'reading'};
|
||||
my $perf_data;
|
||||
my $perf_thresholds;
|
||||
if($zenoss){
|
||||
$perf_data = $row->{'name'}."=".$val;
|
||||
}
|
||||
else{
|
||||
$perf_data = "'".$row->{'name'}."'=".$val;
|
||||
}
|
||||
if($use_thresholds && !$no_thresholds){
|
||||
if(($row->{'lowerNC'} ne 'N/A') && ($row->{'upperNC'} ne 'N/A')){
|
||||
$perf_thresholds = $row->{'lowerNC'}.":".$row->{'upperNC'}.";";
|
||||
}
|
||||
elsif(($row->{'lowerNC'} ne 'N/A') && ($row->{'upperNC'} eq 'N/A')){
|
||||
$perf_thresholds = $row->{'lowerNC'}.":;";
|
||||
}
|
||||
elsif(($row->{'lowerNC'} eq 'N/A') && ($row->{'upperNC'} ne 'N/A')){
|
||||
$perf_thresholds = "~:".$row->{'upperNC'}.";";
|
||||
}
|
||||
elsif(($row->{'lowerNC'} eq 'N/A') && ($row->{'upperNC'} eq 'N/A')){
|
||||
$perf_thresholds = ";";
|
||||
}
|
||||
if(($row->{'lowerC'} ne 'N/A') && ($row->{'upperC'} ne 'N/A')){
|
||||
$perf_thresholds .= $row->{'lowerC'}.":".$row->{'upperC'};
|
||||
}
|
||||
elsif(($row->{'lowerC'} ne 'N/A') && ($row->{'upperC'} eq 'N/A')){
|
||||
$perf_thresholds .= $row->{'lowerC'}.":";
|
||||
}
|
||||
elsif(($row->{'lowerC'} eq 'N/A') && ($row->{'upperC'} ne 'N/A')){
|
||||
$perf_thresholds .= "~:".$row->{'upperC'};
|
||||
}
|
||||
# Add thresholds to performance data
|
||||
if(($row->{'lowerNC'} ne 'N/A') || ($row->{'upperNC'} ne 'N/A') ||
|
||||
($row->{'lowerC'} ne 'N/A') || ($row->{'upperC'} ne 'N/A')){
|
||||
$perf_data .= ";".$perf_thresholds;
|
||||
}
|
||||
}
|
||||
$perf .= $perf_data." ";
|
||||
}
|
||||
if( $row->{'type'} eq 'Fan' && $row->{'reading'} ne 'N/A' ){
|
||||
$curr_fans++;
|
||||
}
|
||||
}
|
||||
}
|
||||
foreach my $row (@{$seloutput}){
|
||||
if( $zenoss ){
|
||||
$row->{'name'} =~ s/ /_/g;
|
||||
}
|
||||
if ($row->{'state'} ne 'Nominal'){
|
||||
$sel_issues_present += 1;
|
||||
$exit = 1 if $exit < 1;
|
||||
$exit = 2 if $exit < 2 && $row->{'state'} ne 'Warning';
|
||||
if( $verbosity ){
|
||||
$sel_w_sensors .= ", " unless $sel_w_sensors eq '';
|
||||
$sel_w_sensors .= "($row->{'name'} = $row->{'state'},";
|
||||
$sel_w_sensors .= " $row->{'type'}," ;
|
||||
$sel_w_sensors .= " $row->{'event'})" ;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ( $sel_issues_present ){
|
||||
$w_sensors .= ", " unless $w_sensors eq '';
|
||||
if ( $sel_issues_present == 1 ){
|
||||
$w_sensors .= "1 system event log (SEL) entry present";
|
||||
}else{
|
||||
$w_sensors .= $sel_issues_present." system event log (SEL) entries present";
|
||||
}
|
||||
if( $verbosity ){
|
||||
$w_sensors .= " - details: ";
|
||||
$w_sensors .= $sel_w_sensors;
|
||||
$w_sensors .= " - fix the reported issues and clear your SEL";
|
||||
$w_sensors .= " or exclude specific SEL entries using the -sx or -xST option";
|
||||
}
|
||||
}
|
||||
#now check if num fans equals desired unit fans
|
||||
if( $fan_count ){
|
||||
if( $curr_fans < $fan_count ){
|
||||
$exit = 1 if $exit < 1;
|
||||
$w_sensors .= ", " unless $w_sensors eq '';
|
||||
$w_sensors .= "Fan = Warning";
|
||||
if( $verbosity ){
|
||||
$w_sensors .= " ($curr_fans)" ;
|
||||
}
|
||||
}
|
||||
}
|
||||
#check for the FRU serial number
|
||||
my @server_serial;
|
||||
my $serial_number;
|
||||
if( $use_fru ){
|
||||
@server_serial = grep(/Product Serial Number/,@fruoutput);
|
||||
if(@server_serial){
|
||||
$server_serial[0] =~ m/(\d+)/;
|
||||
$serial_number = $1;
|
||||
}
|
||||
}
|
||||
if(defined($dcmioutput) && $dcmioutput ne ''){
|
||||
my $power_perf = '';
|
||||
if(exists $dcmioutput->{'Current Power'}){
|
||||
my $power_key = 'Current Power';
|
||||
if($s_ufile && $s_ufile ne ''){
|
||||
$power_key = unify_with_file($s_ufile, $power_key);
|
||||
}
|
||||
if( $zenoss ){
|
||||
$power_key =~ s/ /_/g;
|
||||
}
|
||||
$power_perf = "\'$power_key\'=" . $dcmioutput->{'Current Power'};
|
||||
}
|
||||
$perf = $power_perf . ' ' . $perf;
|
||||
}
|
||||
$perf = substr($perf, 0, -1);#cut off the last chars
|
||||
if ( $exit == 0 ){
|
||||
print "OK";
|
||||
}
|
||||
elsif ( $exit == 1 ){
|
||||
print "Warning [$w_sensors]";
|
||||
}
|
||||
else{
|
||||
print "Critical [$w_sensors]";
|
||||
}
|
||||
if( $use_fru && defined($serial_number)){
|
||||
print " ($serial_number)";
|
||||
}
|
||||
print " | ", $perf if $perf ne '';
|
||||
print "\n";
|
||||
|
||||
if ( $verbosity > 1 ){
|
||||
foreach my $row (@ipmioutput2){
|
||||
if( $row->{'state'} eq 'N/A'){
|
||||
next;
|
||||
}
|
||||
elsif( $row->{'reading'} ne 'N/A'){
|
||||
print "$row->{'name'} = $row->{'reading'} ";
|
||||
}
|
||||
elsif( $row->{'event'} ne 'N/A'){
|
||||
print "$row->{'name'} = $row->{'event'} ";
|
||||
}
|
||||
else{
|
||||
next;
|
||||
}
|
||||
print "(Status: $row->{'state'})\n";
|
||||
}
|
||||
}
|
||||
exit $exit;
|
||||
}
|
||||
};
|
|
@ -1,5 +1,6 @@
|
|||
---
|
||||
- name: restart nrpe
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nrpe
|
||||
state: restarted
|
||||
when: nrpe_exists.stat.exists
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# yamllint disable rule:line-length
|
||||
---
|
||||
- name: "Install nrpe"
|
||||
openbsd_pkg:
|
||||
community.general.openbsd_pkg:
|
||||
name:
|
||||
- nrpe--
|
||||
state: present
|
||||
|
@ -9,7 +9,7 @@
|
|||
- nagios-nrpe
|
||||
|
||||
- name: "Install monitoring packages"
|
||||
openbsd_pkg:
|
||||
community.general.openbsd_pkg:
|
||||
name:
|
||||
- monitoring-plugins
|
||||
- check_bioctl
|
||||
|
@ -18,7 +18,7 @@
|
|||
- nagios-nrpe
|
||||
|
||||
- name: "Create nrpe.d dir"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /etc/nrpe.d
|
||||
state: directory
|
||||
owner: root
|
||||
|
@ -28,14 +28,20 @@
|
|||
- nagios-nrpe
|
||||
|
||||
- name: "Include nrpe.d dir in nrpe.cfg"
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
dest: /etc/nrpe.cfg
|
||||
line: 'include_dir=/etc/nrpe.d'
|
||||
create: true
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Check if nrpe service exists, for usage in check_mode"
|
||||
stat:
|
||||
path: /etc/rc.d/nrpe
|
||||
register: nrpe_exists
|
||||
|
||||
- name: "Custom configuration is present"
|
||||
blockinfile:
|
||||
ansible.builtin.blockinfile:
|
||||
block: "{{ lookup('template', 'evolix_bsd.cfg.j2') }}"
|
||||
path: /etc/nrpe.d/evolix.cfg
|
||||
marker: "## {mark} ANSIBLE MANAGED BLOCK : Custom NRPE configuration file from EvoBSD"
|
||||
|
@ -46,46 +52,8 @@
|
|||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Fetch nrpe config content"
|
||||
command: 'grep "allowed_hosts=" /etc/nrpe.d/evolix.cfg'
|
||||
check_mode: false
|
||||
register: nrpe_config_content
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Allow NRPE hosts - if no allowed_hosts configured"
|
||||
lineinfile:
|
||||
dest: /etc/nrpe.d/evolix.cfg
|
||||
insertbefore: BOF
|
||||
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}"
|
||||
line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}'
|
||||
when: nrpe_config_content.rc != 0
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Allow NRPE hosts - if allowed_hosts already configured : keep added IP"
|
||||
lineinfile:
|
||||
dest: /etc/nrpe.d/evolix.cfg
|
||||
backrefs: true
|
||||
insertbefore: BOF
|
||||
regex: "allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}(.*)*"
|
||||
line: 'allowed_hosts={{ nagios_nrpe_allowed_hosts | join(",") }}\1'
|
||||
when: nrpe_config_content.rc == 0
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Allow NRPE hosts - add comment"
|
||||
lineinfile:
|
||||
dest: /etc/nrpe.d/evolix.cfg
|
||||
insertbefore: BOF
|
||||
line: "# Allowed IPs"
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- name: "Create nrpe plugins dir"
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /usr/local/libexec/nagios/plugins/
|
||||
state: directory
|
||||
owner: root
|
||||
|
@ -95,7 +63,7 @@
|
|||
- nagios-nrpe
|
||||
|
||||
- name: "Nagios plugins are installed"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: plugins_bsd/{{ item.name }}
|
||||
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
||||
owner: root
|
||||
|
@ -116,13 +84,14 @@
|
|||
- {name: 'check_mailq.pl', force: true}
|
||||
- {name: 'check_dhcp_pool', force: false}
|
||||
- {name: 'check_dhcpd.sh', force: false}
|
||||
- {name: 'check_ipmi_sensor', force: true}
|
||||
notify: restart nrpe
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
- nagios-nrpe-utils
|
||||
|
||||
- name: "Nagios plugins are installed - template"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: plugins_bsd/{{ item.name }}.j2
|
||||
dest: /usr/local/libexec/nagios/plugins/{{ item.name }}
|
||||
owner: root
|
||||
|
@ -137,9 +106,10 @@
|
|||
- nagios-nrpe-utils
|
||||
|
||||
- name: "Starting and enabling nrpe"
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: nrpe
|
||||
enabled: true
|
||||
state: started
|
||||
when: nrpe_exists.stat.exists
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
|
|
@ -1,3 +1,6 @@
|
|||
# Allowed IPs
|
||||
allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
|
||||
|
||||
{% if ansible_distribution_version is version_compare("7.2",'>=') %}
|
||||
# Allow older cipher suites for older Icinga version
|
||||
ssl_cipher_list=ALL:!MD5:@STRENGTH:@SECLEVEL=0
|
||||
|
@ -45,3 +48,4 @@ command[check_connections_state]=doas /usr/local/libexec/nagios/plugins/check_co
|
|||
command[check_packetfilter]=doas /usr/local/libexec/nagios/plugins/check_packetfilter.sh
|
||||
command[check_dhcpd]=/usr/local/libexec/nagios/plugins/check_dhcpd.sh
|
||||
command[check_dhcp_pool]=/usr/local/libexec/nagios/plugins/check_dhcp_pool
|
||||
command[check_ipmi_sensors]=doas /usr/local/libexec/nagios/plugins/check_ipmi_sensor
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Deploy ospf check scripts"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: /usr/share/scripts/{{ item }}
|
||||
with_items:
|
||||
|
@ -11,7 +11,7 @@
|
|||
- ospf
|
||||
|
||||
- name: "Cron job for ospf check scripts is installed"
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: "{{ item }} check"
|
||||
job: "/bin/sh /usr/share/scripts/{{ item }}-check-peers.sh"
|
||||
with_items:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Setup pf.conf"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: pf.conf.j2
|
||||
dest: /etc/pf.conf
|
||||
mode: "0600"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Copy generateldif.sh"
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: generateldif.sh.j2
|
||||
dest: '{{ general_scripts_dir }}/generateldif.sh'
|
||||
owner: root
|
||||
|
@ -11,7 +11,7 @@
|
|||
- generateldif
|
||||
|
||||
- name: "Run generateldif"
|
||||
command: '{{ general_scripts_dir }}/generateldif.sh'
|
||||
ansible.builtin.command: '{{ general_scripts_dir }}/generateldif.sh'
|
||||
register: generateldif_run
|
||||
changed_when: false
|
||||
failed_when: false
|
||||
|
@ -21,7 +21,7 @@
|
|||
- generateldif
|
||||
- generateldif-exec
|
||||
|
||||
- debug:
|
||||
- ansible.builtin.debug:
|
||||
var: generateldif_run.stdout_lines
|
||||
verbosity: 1
|
||||
tags:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Deploy dynamic motd script for CARP master or backup"
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: motd-carp-state.sh
|
||||
dest: /usr/share/scripts/motd-carp-state.sh
|
||||
force: true
|
||||
|
@ -13,7 +13,7 @@
|
|||
- motd-utils
|
||||
|
||||
- name: "Fetch root crontab content"
|
||||
command: >
|
||||
ansible.builtin.command: >
|
||||
grep "/bin/sh /usr/share/scripts/motd-carp-state.sh" /var/cron/tabs/root
|
||||
check_mode: false
|
||||
register: root_crontab_content
|
||||
|
@ -24,10 +24,10 @@
|
|||
- motd
|
||||
|
||||
- name: "Cron job for dynamic motd script is installed"
|
||||
cron:
|
||||
ansible.builtin.cron:
|
||||
name: dynamic motd for CARP
|
||||
job: "/bin/sh /usr/share/scripts/motd-carp-state.sh"
|
||||
minute: "0"
|
||||
minute: "*/10"
|
||||
disabled: true
|
||||
when:
|
||||
- not (root_crontab_content.stdout
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: "Check and install updates (erratas) if available"
|
||||
command: /usr/sbin/syspatch
|
||||
ansible.builtin.command: /usr/sbin/syspatch
|
||||
ignore_errors: true
|
||||
when: ansible_distribution_version is version_compare("6.1",'>=')
|
||||
tags:
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
- vars/evolix-main.yml
|
||||
|
||||
pre_tasks:
|
||||
- include_role:
|
||||
- ansible.builtin.include_role:
|
||||
name: etc-git
|
||||
tasks_from: commit.yml
|
||||
vars:
|
||||
|
@ -31,7 +31,7 @@
|
|||
- post-install
|
||||
|
||||
post_tasks:
|
||||
- include_role:
|
||||
- ansible.builtin.include_role:
|
||||
name: etc-git
|
||||
tasks_from: commit.yml
|
||||
vars:
|
||||
|
@ -39,6 +39,6 @@
|
|||
when: not ansible_check_mode
|
||||
tags: always
|
||||
|
||||
- include_role:
|
||||
- ansible.builtin.include_role:
|
||||
name: evocheck
|
||||
tasks_from: exec.yml
|
||||
|
|
Loading…
Reference in a new issue