evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Make nrpe role suitable for OpenBSD

Browse source
This commit is contained in:
Tristan PILAT 2017-02-25 16:28:49 +01:00
parent 90c7074a8f
commit 6cb57f1f5a
10 changed files with 404 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
nagios-nrpe/files/plugins_bsd/check_carp_if Executable file
View file

@ -0,0 +1,65 @@
#!/bin/sh
# Copyright (c) 2012, Claudiu Vasadi
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and documentation are those
# of the authors and should not be interpreted as representing official policies,
# either expressed or implied, of the FreeBSD Project.
#
# Script to check the state (master/backup) of a carp internface
# $1 - carp if
# $2 - state
#
. /usr/local/libexec/nagios/utils.sh
# check if $1 and $2 is set
if [ -z "$1" ];then
echo "carp interface not set. Exiting ..."
exit "$STATE_CRITICAL"
fi
if [ -z "$2" ];then
echo "Interface status not set. Exiting ..."
exit "$STATE_CRITICAL"
fi
# check if the carp interface exists or not
ifconfig $1 > /dev/null
if [ $? != "0" ];then
echo "carp interface $1 does not exist. Exiting ...."
exit "$STATE_CRITICAL"
fi
# check state
ifconfig $1 | grep -i $2 > /dev/null
if [ $? != "0" ];then
echo "NOT_OK - $1 should be $2"
exit "$STATE_CRITICAL"
else
echo "OK - $1 is $2"
exit "$STATE_OK"
fi

162
nagios-nrpe/files/plugins_bsd/check_free_mem.sh Executable file
View file

@ -0,0 +1,162 @@
#!/bin/ksh
################################################################################
# Sample Nagios plugin to monitor free memory on the local machine #
# Author: Daniele Mazzocchio (http://www.kernel-panic.it/) #
################################################################################
VERSION="Version 1.0"
AUTHOR="(c) 2007-2009 Daniele Mazzocchio (danix@kernel-panic.it)"
PROGNAME=`/usr/bin/basename $0`
# Constants
BYTES_IN_MB=$(( 1024 * 1024 ))
KB_IN_MB=1024
# Exit codes
STATE_OK=0
STATE_WARNING=1
STATE_CRITICAL=2
STATE_UNKNOWN=3
# Helper functions #############################################################
function print_revision {
# Print the revision number
echo "$PROGNAME - $VERSION"
}
function print_usage {
# Print a short usage statement
echo "Usage: $PROGNAME [-v] -w <limit> -c <limit>"
}
function print_help {
# Print detailed help information
print_revision
echo "$AUTHOR\n\nCheck free memory on local machine\n"
print_usage
/bin/cat <<__EOT
Options:
-h
Print detailed help screen
-V
Print version information
-w INTEGER
Exit with WARNING status if less than INTEGER MB of memory are free
-w PERCENT%
Exit with WARNING status if less than PERCENT of memory is free
-c INTEGER
Exit with CRITICAL status if less than INTEGER MB of memory are free
-c PERCENT%
Exit with CRITICAL status if less than PERCENT of memory is free
-v
Verbose output
__EOT
}
# Main #########################################################################
# Total memory size (in MB)
tot_mem=$(( `/sbin/sysctl -n hw.physmem` / BYTES_IN_MB))
# Free memory size (in MB)
free_mem=$(( `/usr/bin/vmstat | /usr/bin/tail -1 | /usr/bin/awk '{ print $5 }'` / KB_IN_MB ))
# Free memory size (in percentage)
free_mem_perc=$(( free_mem * 100 / tot_mem ))
# Verbosity level
verbosity=0
# Warning threshold
thresh_warn=
# Critical threshold
thresh_crit=
# Parse command line options
while [ "$1" ]; do
case "$1" in
-h | --help)
print_help
exit $STATE_OK
;;
-V | --version)
print_revision
exit $STATE_OK
;;
-v | --verbose)
: $(( verbosity++ ))
shift
;;
-w | --warning | -c | --critical)
if [[ -z "$2" || "$2" = -* ]]; then
# Threshold not provided
echo "$PROGNAME: Option '$1' requires an argument"
print_usage
exit $STATE_UNKNOWN
elif [[ "$2" = +([0-9]) ]]; then
# Threshold is a number (MB)
thresh=$2
elif [[ "$2" = +([0-9])% ]]; then
# Threshold is a percentage
thresh=$(( tot_mem * ${2%\%} / 100 ))
else
# Threshold is neither a number nor a percentage
echo "$PROGNAME: Threshold must be integer or percentage"
print_usage
exit $STATE_UNKNOWN
fi
[[ "$1" = *-w* ]] && thresh_warn=$thresh || thresh_crit=$thresh
shift 2
;;
-?)
print_usage
exit $STATE_OK
;;
*)
echo "$PROGNAME: Invalid option '$1'"
print_usage
exit $STATE_UNKNOWN
;;
esac
done
if [[ -z "$thresh_warn" || -z "$thresh_crit" ]]; then
# One or both thresholds were not specified
echo "$PROGNAME: Threshold not set"
print_usage
exit $STATE_UNKNOWN
elif [[ "$thresh_crit" -gt "$thresh_warn" ]]; then
# The warning threshold must be greater than the critical threshold
echo "$PROGNAME: Warning free space should be more than critical free space"
print_usage
exit $STATE_UNKNOWN
fi
if [[ "$verbosity" -ge 2 ]]; then
# Print debugging information
/bin/cat <<__EOT
Debugging information:
Warning threshold: $thresh_warn MB
Critical threshold: $thresh_crit MB
Verbosity level: $verbosity
Total memory: $tot_mem MB
Free memory: $free_mem MB ($free_mem_perc%)
__EOT
fi
if [[ "$free_mem" -lt "$thresh_crit" ]]; then
# Free memory is less than the critical threshold
echo "MEMORY CRITICAL - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)"
exit $STATE_CRITICAL
elif [[ "$free_mem" -lt "$thresh_warn" ]]; then
# Free memory is less than the warning threshold
echo "MEMORY WARNING - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)"
exit $STATE_WARNING
else
# There's enough free memory!
echo "MEMORY OK - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)"
exit $STATE_OK
fi

23
nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh Executable file
View file

@ -0,0 +1,23 @@
#!/bin/sh
IPSECCTL="/sbin/ipsecctl -s sa"
STATUS=0
LINE1=`$IPSECCTL | grep "from $1 to $2" `
if [ $? -eq 1 ]; then
STATUS=2;
OUTPUT1="No VPN from $1 to $2 "
fi
LINE2=`$IPSECCTL | grep "from $2 to $1" `
if [ $? -eq 1 ]; then
STATUS=2;
OUTPUT2="No VPN from $2 to $1"
fi
if [ $STATUS -eq 0 ]; then
echo "VPN OK - $3 is up"
exit $STATUS
else
echo "VPN DOWN - $3 is down ($OUTPUT1 $OUTPUT2)"
exit $STATUS
fi

9
nagios-nrpe/files/plugins_bsd/check_openvpn Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
if netstat -an|grep '.1194' >/dev/null; then
echo "VPN OK"
return 0
else
echo "PROCESS NOT LISTENING"
return 2
fi

18
nagios-nrpe/files/plugins_bsd/check_pf_states Executable file
View file

@ -0,0 +1,18 @@
#!/bin/sh
WARNING_STATES_LIMIT=100000
CRTICAL_STATES_LIMIT=150000
. /usr/local/libexec/nagios/utils.sh
CHECK_STATES=$(/usr/bin/nc 127.0.0.1 9999 2>/dev/null| /usr/bin/grep '0 - 0' | /usr/bin/sed 's/0 - 0 //g')
if [ $CHECK_STATES -lt $WARNING_STATES_LIMIT ];then
echo "OK: States number ($CHECK_STATES) is below threshold ($WARNING_STATES_LIMIT / $CRTICAL_STATES_LIMIT)"
exit "$STATE_OK"
elif [ $CHECK_STATES -ge $WARNING_STATES_LIMIT ] && [ $CHECK_STATES -lt $CRTICAL_STATES_LIMIT ];then
echo "WARNING: States number is $CHECK_STATES (threshold WARNING = $WARNING_STATES_LIMIT)"
exit "$STATE_WARNING"
else
echo "CRITICAL: States number is $CHECK_STATES (threshold CRITICAL = $CRTICAL_STATES_LIMIT)"
exit "$STATE_CRITICAL"
fi

5
nagios-nrpe/handlers/main.yml
View file

@ -4,3 +4,8 @@
service:
name: nagios-nrpe-server
state: restarted
- name: restart nrpe
service:
name: nrpe
state: restarted

42
nagios-nrpe/tasks/debian.yml Normal file
View file

@ -0,0 +1,42 @@
---
- name: packages are installed
apt:
name: "{{ item }}"
state: present
with_items:
- nagios-nrpe-server
- nagios-plugins
- nagios-plugins-basic
- nagios-plugins-common
- nagios-plugins-contrib
- nagios-plugins-standard
- name: custom configuration is present
template:
src: evolix.cfg.j2
dest: /etc/nagios/nrpe.d/evolix.cfg
notify: restart nagios-nrpe-server
- name: Nagios config is secured
file:
dest: /etc/nagios/
mode: 0750
group: nagios
state: directory
notify: restart nagios-nrpe-server
- name: Nagios plugins are installed
copy:
src: plugins/
dest: /usr/local/lib/nagios/plugins/
mode: 0755
notify: restart nagios-nrpe-server
- name: Nagios lib is secured
file:
dest: /usr/local/lib/nagios/
mode: 0755
group: nagios
recurse: yes
state: directory
notify: restart nagios-nrpe-server

47
nagios-nrpe/tasks/main.yml
View file

@ -1,45 +1,6 @@
---
- name: packages are installed
apt:
name: "{{ item }}"
state: present
with_items:
- nagios-nrpe-server
- nagios-plugins
- nagios-plugins-basic
- nagios-plugins-common
- nagios-plugins-contrib
- nagios-plugins-standard
- include: debian.yml
when: ansible_os_family == "Debian"
- name: custom configuration is present
template:
src: evolix.cfg.j2
dest: /etc/nagios/nrpe.d/evolix.cfg
notify: restart nagios-nrpe-server
- name: Nagios config is secure
file:
dest: /etc/nagios/
mode: "750"
group: nagios
state: directory
notify: restart nagios-nrpe-server
# TODO deal with /usr mounted as read-only
- name: Nagios plugins directory is secure
file:
dest: "{{ nagios_plugins_directory }}/"
mode: "755"
group: nagios
recurse: yes
state: directory
notify: restart nagios-nrpe-server
- name: Nagios plugins are installed
copy:
src: plugins/
dest: "{{ nagios_plugins_directory }}/"
group: nagios
mode: "755"
notify: restart nagios-nrpe-server
- include: openbsd.yml
when: ansible_os_family == "OpenBSD"

42
nagios-nrpe/tasks/openbsd.yml Normal file
View file

@ -0,0 +1,42 @@
---
- name: packages are installed
openbsd_pkg:
name: "{{ item }}"
state: present
with_items:
- nrpe--
- monitoring-plugins
- name: Create nrpe.d dir
file:
path: /etc/nrpe.d
state: directory
owner: root
group: wheel
mode: 0755
- name: Include nrpe.d dir in nrpe.cfg
lineinfile:
dest: /etc/nrpe.cfg
line: 'include_dir=/etc/nrpe.d'
- name: custom configuration is present
template:
src: evolix_bsd.cfg.j2
dest: /etc/nrpe.d/evolix.cfg
notify: restart nrpe
- name: Nagios plugins are installed
copy:
src: plugins_bsd/
dest: /usr/local/libexec/nagios/plugins/
owner: root
group: wheel
mode: 0755
notify: restart nrpe
- name: Starting and enabling nrpe
service:
name: nrpe
enabled: yes
state: started

34
nagios-nrpe/templates/evolix_bsd.cfg.j2 Normal file
View file

@ -0,0 +1,34 @@
#
# Custom NRPE configuration file.
# Part of the EvoBSD distribution.
#
# Allowed IPs
allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10
command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20
command[check_disk1]=/usr/local/libexec/nagios/check_disk -x /lib/init/rw -x /dev -x /dev/shm -w 10% -c 3% -W 10% -K 3% -C -w 5% -c 2% -W 5% -K 2% -p /home
command[check_zombie_procs]=/usr/local/libexec/nagios/check_procs -w 5 -c 10 -s Z
command[check_total_procs]=/usr/local/libexec/nagios/check_procs -w 150 -c 200
command[check_imap]=/usr/local/libexec/nagios/check_imap -H localhost
command[check_smtp]=/usr/local/libexec/nagios/check_smtp -H localhost -f alert5@evolix.fr
command[check_dns]=/usr/local/libexec/nagios/check_dns -H evolix.net
command[check_swap]=/usr/local/libexec/nagios/check_swap -a -w 30% -c 20%
command[check_ntp]=/usr/local/libexec/nagios/check_ntp -H ntp.evolix.net
command[check_http]=/usr/local/libexec/nagios/check_http -H localhost -p 80
command[check_onduleur]=/usr/local/libexec/nagios/check_ups -H localhost -u onduleur
# Pour check_mailq, ajouter dans sudo :
# _nrpe ALL=NOPASSWD: /usr/local/libexec/nagios/check_mailq
command[check_mailq]=sudo /usr/local/libexec/nagios/check_mailq -w 10 -c 20
command[check_bind]=/usr/local/libexec/nagios/check_dig -l evolix.net -H localhost
command[check_ssh]=/usr/local/libexec/nagios/check_ssh -p 22 localhost
command[check_proxy]=/usr/local/libexec/nagios/check_tcp -p PORT
#command[check_vpn]=/usr/local/libexec/nagios/check_ping -H IPDISTANTE -p 1 -w 5000,100% -c 5000,100%
command[check_vpn]=sudo /usr/local/libexec/nagios/check_ipsecctl.sh IPDISTANTE IPLOCALE "VPN MARSEILLE-ROME"
command[check_openvpn]=/usr/local/libexec/nagios/check_openvpn
command[check_pf_states]=bash -x /usr/local/libexec/nagios/check_pf_states
command[check_carp1]=/usr/local/libexec/nagios/check_carp_if carp0 master
command[check_mem]=/usr/local/libexec/nagios/check_free_mem.sh -w 20 -c 10
command[check_dhcpclient]=/usr/local/libexec/nagios/check_dhcp -i INTERFACE
command[check_smb]=/usr/local/libexec/nagios/check_tcp -H IPLOCALE -p 445