diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d1ca0d5..2c22a6fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ The **patch** part changes is incremented if multiple releases happen the same m * minifirewall: configure proxy/backup/sysctl values * etc-git: Commit /etc in lxc containers when they are git repositories +* nagios-nrpe: Add a check dhcp_pool ### Changed diff --git a/nagios-nrpe/files/plugins/check_dhcp_pool b/nagios-nrpe/files/plugins/check_dhcp_pool new file mode 100755 index 00000000..29157c2e --- /dev/null +++ b/nagios-nrpe/files/plugins/check_dhcp_pool @@ -0,0 +1,223 @@ +#!/usr/bin/perl -w +# +# Copyright (C) 2008 Rien Broekstra +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; version 2 dated June, +# 1991. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# +# Configuration variables: +# +# conffile - path to dhcpd's configuration file (default "/etc/dhcpd.conf") +# leasefile - path to dhcpd's leases file (default "/var/lib/dhcp/dhcpd.leases") +# + +use POSIX; +use Time::Local; +use strict; + +my $CONFFILE = exists $ENV{'conffile'} ? $ENV{'conffile'} : "/etc/dhcp/dhcpd.conf"; +my $LEASEFILE = exists $ENV{'leasefile'} ? $ENV{'leasefile'} : "/var/lib/dhcp/dhcpd.leases"; +my $WARNING_LEVEL = 70; +my $CRITICAL_LEVEL = 90; + +my (@activeleases, %dhcp_pools, $pool_start, $pool_end, $pool_size, $pool_free, $pool_usage, $pool_status, $label, $lease, $nagios_return_code, $nagios_ok, $nagios_warning, $nagios_critical, @nagios_text, @nagios_perfdata); + +# Determine all leased IP addresses +@activeleases = determine_active_leases(); + +# Determine the available IP pools +%dhcp_pools = determine_pools(); + +# Nagios return code +$nagios_return_code = 0; +$nagios_ok = 0; +$nagios_warning = 0; +$nagios_critical = 0; + +# For each pool, count how many leases from that pool are currently active +foreach $pool_start (keys %dhcp_pools) { + $pool_size = $dhcp_pools{$pool_start}; + $pool_end = $pool_start+$pool_size-1; + $pool_free = $pool_size; + + foreach $lease (@activeleases) { + if ($lease >= $pool_start && $lease <= $pool_end) { + $pool_free--; + } + } + + $label = ip2string($pool_start)."-".ip2string($pool_end); + $pool_usage = sprintf("%.1f", 100*($pool_size-$pool_free)/$pool_size); + + if ($pool_usage >= $CRITICAL_LEVEL) { + $nagios_return_code = 2; + $nagios_critical++; + $pool_status = "CRITICAL"; + } elsif ($pool_usage >= $WARNING_LEVEL) { + if ($nagios_return_code == 0 ) { + $nagios_return_code = 1; + } + $nagios_warning++; + $pool_status = "WARNING"; + } + else { + $nagios_ok++; + $pool_status = "OK"; + } + + push(@nagios_text, "$pool_status : $label - $pool_usage \n"); + push(@nagios_perfdata, "$label=$pool_usage%;$WARNING_LEVEL%;$CRITICAL_LEVEL%;;" ); + # 'label'=value[UOM];[warn];[crit];; + +} + + +print nagios_code_2_txt($nagios_return_code)." - ".$nagios_critical." CRIT / ".$nagios_warning." WARN / ".$nagios_ok." OK \n\n"; + +print grep(/CRITICAL/, @nagios_text); +print grep(/WARNING/, @nagios_text); +print grep(/OK/, @nagios_text); + +print "|@nagios_perfdata"; + +exit $nagios_return_code; + + +################ +###### FUNCTIONS + +# Parse dhcpd.conf for range statements. +# +# Returns a hash with start IP -> size +sub determine_pools { + my (%pools, @conffile, $line, $start, $end, $size); + + open(CONFFILE, "<${CONFFILE}") || exit -1; + @conffile = ; + close (CONFFILE); + + foreach $line (@conffile) { + next if $line =~ /^\s*#/; + + if ($line =~ /range[\s]+([\d]+\.[\d]+\.[\d]+\.[\d]+)[\s]+([\d]+\.[\d]+\.[\d]+\.[\d]+)/) { + $start = string2ip($1); + $end = string2ip($2); + + defined($start) || next; + defined($end) || next; + + # The range statement gives the lowest and highest IP addresses in a range. + $size = $end - $start + 1; + + $pools{$start} = $size; + } + } + return %pools; +} + +# Very simple parser for dhcpd.leases. This will break very easily if dhcpd decides to +# format the file differently. Ideally a simple recursive-descent parser should be used. +# +# Returns an array with currently leased IP's +sub determine_active_leases { + my (@leasefile, $startdate, $enddate, $lease, @activeleases, $mytz, $line, %saw); + + open(LEASEFILE, "<${LEASEFILE}") || exit -1; + @leasefile = ; + close (LEASEFILE); + + @activeleases = (); + + # Portable way of converting a GMT date/time string to timestamp is setting TZ to UTC, and then calling mktime() + $mytz = $ENV{'TZ'}; + $ENV{'TZ'} = 'UTC 0'; + tzset(); + + foreach $line (@leasefile) { + if ($line =~ /lease ([\d]+\.[\d]+\.[\d]+\.[\d]+)/) { + $lease = string2ip($1); + defined($lease) || next; + + undef $startdate; + undef $enddate; + } + elsif ($line =~ /starts \d ([\d]{4})\/([\d]{2})\/([\d]{2}) ([\d]{2}):([\d]{2}):([\d]{2})/) { + $startdate = mktime($6, $5, $4, $3, $2-1, $1-1900, 0, 0); + } + elsif ($line =~ /ends \d ([\d]{4})\/([\d]{2})\/([\d]{2}) ([\d]{2}):([\d]{2}):([\d]{2})/) { + $enddate = mktime($6, $5, $4, $3, $2-1, $1-1900, 0, 0); + } + elsif ($line =~ /binding state active/) { + if (defined($enddate) && defined($startdate) && defined($lease)) { + if ($startdate < time() && $enddate > time()) { + push (@activeleases, $lease); + } + } + } + + } + + # Set TZ back to its original setting + if (defined($mytz)) { + $ENV{'TZ'} = $mytz; + } + else { + delete $ENV{'TZ'}; + } + tzset(); + + # Sort the array, strip doubles, and return + return grep(!$saw{$_}++, @activeleases); +} + +# +# Helper routine to convert an IP address a.b.c.d into an integer +# +# Returns an integer representation of an IP address +sub string2ip { + my $string = shift; + defined($string) || return undef; + if ($string =~ /([\d]+)\.([\d]+)\.([\d]+)\.([\d]+)/) { + if ($1 < 0 || $1 > 255 || $2 < 0 || $2 > 255 || $3 < 0 || $3 > 255 || $4 < 0 || $4 > 255) { + return undef; + } + else { + return $1 << 24 | $2 << 16 | $3 << 8 | $4; + } + } + return undef; +} + +# +# Returns a dotted quad notation of an +# +sub ip2string { + my $ip = shift; + defined ($ip) || return undef; + return sprintf ("%d.%d.%d.%d", ($ip >> 24) & 0xff, ($ip >> 16) & 0xff, ($ip >> 8) & 0xff, $ip & 0xff); +} + + +# +# Return textual status of return code +# +sub nagios_code_2_txt{ + my $code = shift; + defined ($code) || return undef; + + if($code == 0 ) { return "OK" } + elsif( $code == 1 ) { return "WARNING" } + elsif( $code == 2 ) { return "CRITICAL" } +} diff --git a/nagios-nrpe/templates/evolix.cfg.j2 b/nagios-nrpe/templates/evolix.cfg.j2 index 80eaaaf2..be42c97a 100644 --- a/nagios-nrpe/templates/evolix.cfg.j2 +++ b/nagios-nrpe/templates/evolix.cfg.j2 @@ -57,6 +57,7 @@ command[check_bkctld_jails]=sudo /usr/sbin/bkctld check-jails command[check_bkctld]=sudo /usr/sbin/bkctld check command[check_postgrey]=/usr/lib/nagios/plugins/check_tcp -p10023 command[check_influxdb]=/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -u /health -p 8086 -r '"status":"pass"' +command[check_dhcpd]=/usr/lib/nagios/plugins/check_procs -c1:1 -C dhcpd -t 60 # Local checks (not packaged) command[check_mem]={{ nagios_plugins_directory }}/check_mem -f -C -w 20 -c 10 @@ -82,7 +83,7 @@ command[check_php-fpm74]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi command[check_php-fpm80]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php80/rootfs/etc/php/8.0/fpm/pool.d/ command[check_php-fpm81]=sudo {{ nagios_plugins_directory }}/check_phpfpm_multi /var/lib/lxc/php81/rootfs/etc/php/8.1/fpm/pool.d/ command[check_ipmi_sensors]=sudo /usr/lib/nagios/plugins/check_ipmi_sensor -command[check_raid_status]=/usr/lib/nagios/plugins/check_raid +command[check_raid_status]={{ nagios_plugins_directory }}/check_dhcp_pool # Check HTTP "many". Use this to check many websites (http, https, ports, sockets and SSL certificates). # Beware! All checks must not take more than 10s!