Make nrpe role suitable for OpenBSD
This commit is contained in:
parent
90c7074a8f
commit
6cb57f1f5a
65
nagios-nrpe/files/plugins_bsd/check_carp_if
Executable file
65
nagios-nrpe/files/plugins_bsd/check_carp_if
Executable file
|
@ -0,0 +1,65 @@
|
|||
#!/bin/sh
|
||||
|
||||
# Copyright (c) 2012, Claudiu Vasadi
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions are met:
|
||||
#
|
||||
# 1. Redistributions of source code must retain the above copyright notice, this
|
||||
# list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
# this list of conditions and the following disclaimer in the documentation
|
||||
# and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
||||
# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
#
|
||||
# The views and conclusions contained in the software and documentation are those
|
||||
# of the authors and should not be interpreted as representing official policies,
|
||||
# either expressed or implied, of the FreeBSD Project.
|
||||
|
||||
|
||||
#
|
||||
# Script to check the state (master/backup) of a carp internface
|
||||
# $1 - carp if
|
||||
# $2 - state
|
||||
#
|
||||
|
||||
. /usr/local/libexec/nagios/utils.sh
|
||||
|
||||
# check if $1 and $2 is set
|
||||
if [ -z "$1" ];then
|
||||
echo "carp interface not set. Exiting ..."
|
||||
exit "$STATE_CRITICAL"
|
||||
fi
|
||||
|
||||
if [ -z "$2" ];then
|
||||
echo "Interface status not set. Exiting ..."
|
||||
exit "$STATE_CRITICAL"
|
||||
fi
|
||||
|
||||
# check if the carp interface exists or not
|
||||
ifconfig $1 > /dev/null
|
||||
if [ $? != "0" ];then
|
||||
echo "carp interface $1 does not exist. Exiting ...."
|
||||
exit "$STATE_CRITICAL"
|
||||
fi
|
||||
|
||||
# check state
|
||||
ifconfig $1 | grep -i $2 > /dev/null
|
||||
if [ $? != "0" ];then
|
||||
echo "NOT_OK - $1 should be $2"
|
||||
exit "$STATE_CRITICAL"
|
||||
else
|
||||
echo "OK - $1 is $2"
|
||||
exit "$STATE_OK"
|
||||
fi
|
162
nagios-nrpe/files/plugins_bsd/check_free_mem.sh
Executable file
162
nagios-nrpe/files/plugins_bsd/check_free_mem.sh
Executable file
|
@ -0,0 +1,162 @@
|
|||
#!/bin/ksh
|
||||
|
||||
################################################################################
|
||||
# Sample Nagios plugin to monitor free memory on the local machine #
|
||||
# Author: Daniele Mazzocchio (http://www.kernel-panic.it/) #
|
||||
################################################################################
|
||||
|
||||
VERSION="Version 1.0"
|
||||
AUTHOR="(c) 2007-2009 Daniele Mazzocchio (danix@kernel-panic.it)"
|
||||
|
||||
PROGNAME=`/usr/bin/basename $0`
|
||||
|
||||
# Constants
|
||||
BYTES_IN_MB=$(( 1024 * 1024 ))
|
||||
KB_IN_MB=1024
|
||||
|
||||
# Exit codes
|
||||
STATE_OK=0
|
||||
STATE_WARNING=1
|
||||
STATE_CRITICAL=2
|
||||
STATE_UNKNOWN=3
|
||||
|
||||
# Helper functions #############################################################
|
||||
|
||||
function print_revision {
|
||||
# Print the revision number
|
||||
echo "$PROGNAME - $VERSION"
|
||||
}
|
||||
|
||||
function print_usage {
|
||||
# Print a short usage statement
|
||||
echo "Usage: $PROGNAME [-v] -w <limit> -c <limit>"
|
||||
}
|
||||
|
||||
function print_help {
|
||||
# Print detailed help information
|
||||
print_revision
|
||||
echo "$AUTHOR\n\nCheck free memory on local machine\n"
|
||||
print_usage
|
||||
|
||||
/bin/cat <<__EOT
|
||||
|
||||
Options:
|
||||
-h
|
||||
Print detailed help screen
|
||||
-V
|
||||
Print version information
|
||||
|
||||
-w INTEGER
|
||||
Exit with WARNING status if less than INTEGER MB of memory are free
|
||||
-w PERCENT%
|
||||
Exit with WARNING status if less than PERCENT of memory is free
|
||||
-c INTEGER
|
||||
Exit with CRITICAL status if less than INTEGER MB of memory are free
|
||||
-c PERCENT%
|
||||
Exit with CRITICAL status if less than PERCENT of memory is free
|
||||
-v
|
||||
Verbose output
|
||||
__EOT
|
||||
}
|
||||
|
||||
# Main #########################################################################
|
||||
|
||||
# Total memory size (in MB)
|
||||
tot_mem=$(( `/sbin/sysctl -n hw.physmem` / BYTES_IN_MB))
|
||||
# Free memory size (in MB)
|
||||
free_mem=$(( `/usr/bin/vmstat | /usr/bin/tail -1 | /usr/bin/awk '{ print $5 }'` / KB_IN_MB ))
|
||||
# Free memory size (in percentage)
|
||||
free_mem_perc=$(( free_mem * 100 / tot_mem ))
|
||||
|
||||
# Verbosity level
|
||||
verbosity=0
|
||||
# Warning threshold
|
||||
thresh_warn=
|
||||
# Critical threshold
|
||||
thresh_crit=
|
||||
|
||||
# Parse command line options
|
||||
while [ "$1" ]; do
|
||||
case "$1" in
|
||||
-h | --help)
|
||||
print_help
|
||||
exit $STATE_OK
|
||||
;;
|
||||
-V | --version)
|
||||
print_revision
|
||||
exit $STATE_OK
|
||||
;;
|
||||
-v | --verbose)
|
||||
: $(( verbosity++ ))
|
||||
shift
|
||||
;;
|
||||
-w | --warning | -c | --critical)
|
||||
if [[ -z "$2" || "$2" = -* ]]; then
|
||||
# Threshold not provided
|
||||
echo "$PROGNAME: Option '$1' requires an argument"
|
||||
print_usage
|
||||
exit $STATE_UNKNOWN
|
||||
elif [[ "$2" = +([0-9]) ]]; then
|
||||
# Threshold is a number (MB)
|
||||
thresh=$2
|
||||
elif [[ "$2" = +([0-9])% ]]; then
|
||||
# Threshold is a percentage
|
||||
thresh=$(( tot_mem * ${2%\%} / 100 ))
|
||||
else
|
||||
# Threshold is neither a number nor a percentage
|
||||
echo "$PROGNAME: Threshold must be integer or percentage"
|
||||
print_usage
|
||||
exit $STATE_UNKNOWN
|
||||
fi
|
||||
[[ "$1" = *-w* ]] && thresh_warn=$thresh || thresh_crit=$thresh
|
||||
shift 2
|
||||
;;
|
||||
-?)
|
||||
print_usage
|
||||
exit $STATE_OK
|
||||
;;
|
||||
*)
|
||||
echo "$PROGNAME: Invalid option '$1'"
|
||||
print_usage
|
||||
exit $STATE_UNKNOWN
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -z "$thresh_warn" || -z "$thresh_crit" ]]; then
|
||||
# One or both thresholds were not specified
|
||||
echo "$PROGNAME: Threshold not set"
|
||||
print_usage
|
||||
exit $STATE_UNKNOWN
|
||||
elif [[ "$thresh_crit" -gt "$thresh_warn" ]]; then
|
||||
# The warning threshold must be greater than the critical threshold
|
||||
echo "$PROGNAME: Warning free space should be more than critical free space"
|
||||
print_usage
|
||||
exit $STATE_UNKNOWN
|
||||
fi
|
||||
|
||||
if [[ "$verbosity" -ge 2 ]]; then
|
||||
# Print debugging information
|
||||
/bin/cat <<__EOT
|
||||
Debugging information:
|
||||
Warning threshold: $thresh_warn MB
|
||||
Critical threshold: $thresh_crit MB
|
||||
Verbosity level: $verbosity
|
||||
Total memory: $tot_mem MB
|
||||
Free memory: $free_mem MB ($free_mem_perc%)
|
||||
__EOT
|
||||
fi
|
||||
|
||||
if [[ "$free_mem" -lt "$thresh_crit" ]]; then
|
||||
# Free memory is less than the critical threshold
|
||||
echo "MEMORY CRITICAL - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)"
|
||||
exit $STATE_CRITICAL
|
||||
elif [[ "$free_mem" -lt "$thresh_warn" ]]; then
|
||||
# Free memory is less than the warning threshold
|
||||
echo "MEMORY WARNING - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)"
|
||||
exit $STATE_WARNING
|
||||
else
|
||||
# There's enough free memory!
|
||||
echo "MEMORY OK - $free_mem_perc% free ($free_mem MB out of $tot_mem MB)"
|
||||
exit $STATE_OK
|
||||
fi
|
23
nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh
Executable file
23
nagios-nrpe/files/plugins_bsd/check_ipsecctl.sh
Executable file
|
@ -0,0 +1,23 @@
|
|||
#!/bin/sh
|
||||
IPSECCTL="/sbin/ipsecctl -s sa"
|
||||
STATUS=0
|
||||
|
||||
LINE1=`$IPSECCTL | grep "from $1 to $2" `
|
||||
if [ $? -eq 1 ]; then
|
||||
STATUS=2;
|
||||
OUTPUT1="No VPN from $1 to $2 "
|
||||
fi
|
||||
|
||||
LINE2=`$IPSECCTL | grep "from $2 to $1" `
|
||||
if [ $? -eq 1 ]; then
|
||||
STATUS=2;
|
||||
OUTPUT2="No VPN from $2 to $1"
|
||||
fi
|
||||
|
||||
if [ $STATUS -eq 0 ]; then
|
||||
echo "VPN OK - $3 is up"
|
||||
exit $STATUS
|
||||
else
|
||||
echo "VPN DOWN - $3 is down ($OUTPUT1 $OUTPUT2)"
|
||||
exit $STATUS
|
||||
fi
|
9
nagios-nrpe/files/plugins_bsd/check_openvpn
Executable file
9
nagios-nrpe/files/plugins_bsd/check_openvpn
Executable file
|
@ -0,0 +1,9 @@
|
|||
#!/bin/sh
|
||||
|
||||
if netstat -an|grep '.1194' >/dev/null; then
|
||||
echo "VPN OK"
|
||||
return 0
|
||||
else
|
||||
echo "PROCESS NOT LISTENING"
|
||||
return 2
|
||||
fi
|
18
nagios-nrpe/files/plugins_bsd/check_pf_states
Executable file
18
nagios-nrpe/files/plugins_bsd/check_pf_states
Executable file
|
@ -0,0 +1,18 @@
|
|||
#!/bin/sh
|
||||
WARNING_STATES_LIMIT=100000
|
||||
CRTICAL_STATES_LIMIT=150000
|
||||
|
||||
. /usr/local/libexec/nagios/utils.sh
|
||||
|
||||
CHECK_STATES=$(/usr/bin/nc 127.0.0.1 9999 2>/dev/null| /usr/bin/grep '0 - 0' | /usr/bin/sed 's/0 - 0 //g')
|
||||
|
||||
if [ $CHECK_STATES -lt $WARNING_STATES_LIMIT ];then
|
||||
echo "OK: States number ($CHECK_STATES) is below threshold ($WARNING_STATES_LIMIT / $CRTICAL_STATES_LIMIT)"
|
||||
exit "$STATE_OK"
|
||||
elif [ $CHECK_STATES -ge $WARNING_STATES_LIMIT ] && [ $CHECK_STATES -lt $CRTICAL_STATES_LIMIT ];then
|
||||
echo "WARNING: States number is $CHECK_STATES (threshold WARNING = $WARNING_STATES_LIMIT)"
|
||||
exit "$STATE_WARNING"
|
||||
else
|
||||
echo "CRITICAL: States number is $CHECK_STATES (threshold CRITICAL = $CRTICAL_STATES_LIMIT)"
|
||||
exit "$STATE_CRITICAL"
|
||||
fi
|
|
@ -4,3 +4,8 @@
|
|||
service:
|
||||
name: nagios-nrpe-server
|
||||
state: restarted
|
||||
|
||||
- name: restart nrpe
|
||||
service:
|
||||
name: nrpe
|
||||
state: restarted
|
||||
|
|
42
nagios-nrpe/tasks/debian.yml
Normal file
42
nagios-nrpe/tasks/debian.yml
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
- name: packages are installed
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nagios-nrpe-server
|
||||
- nagios-plugins
|
||||
- nagios-plugins-basic
|
||||
- nagios-plugins-common
|
||||
- nagios-plugins-contrib
|
||||
- nagios-plugins-standard
|
||||
|
||||
- name: custom configuration is present
|
||||
template:
|
||||
src: evolix.cfg.j2
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: Nagios config is secured
|
||||
file:
|
||||
dest: /etc/nagios/
|
||||
mode: 0750
|
||||
group: nagios
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: Nagios plugins are installed
|
||||
copy:
|
||||
src: plugins/
|
||||
dest: /usr/local/lib/nagios/plugins/
|
||||
mode: 0755
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: Nagios lib is secured
|
||||
file:
|
||||
dest: /usr/local/lib/nagios/
|
||||
mode: 0755
|
||||
group: nagios
|
||||
recurse: yes
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
|
@ -1,45 +1,6 @@
|
|||
---
|
||||
- name: packages are installed
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nagios-nrpe-server
|
||||
- nagios-plugins
|
||||
- nagios-plugins-basic
|
||||
- nagios-plugins-common
|
||||
- nagios-plugins-contrib
|
||||
- nagios-plugins-standard
|
||||
- include: debian.yml
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: custom configuration is present
|
||||
template:
|
||||
src: evolix.cfg.j2
|
||||
dest: /etc/nagios/nrpe.d/evolix.cfg
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: Nagios config is secure
|
||||
file:
|
||||
dest: /etc/nagios/
|
||||
mode: "750"
|
||||
group: nagios
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
# TODO deal with /usr mounted as read-only
|
||||
|
||||
- name: Nagios plugins directory is secure
|
||||
file:
|
||||
dest: "{{ nagios_plugins_directory }}/"
|
||||
mode: "755"
|
||||
group: nagios
|
||||
recurse: yes
|
||||
state: directory
|
||||
notify: restart nagios-nrpe-server
|
||||
|
||||
- name: Nagios plugins are installed
|
||||
copy:
|
||||
src: plugins/
|
||||
dest: "{{ nagios_plugins_directory }}/"
|
||||
group: nagios
|
||||
mode: "755"
|
||||
notify: restart nagios-nrpe-server
|
||||
- include: openbsd.yml
|
||||
when: ansible_os_family == "OpenBSD"
|
||||
|
|
42
nagios-nrpe/tasks/openbsd.yml
Normal file
42
nagios-nrpe/tasks/openbsd.yml
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
- name: packages are installed
|
||||
openbsd_pkg:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items:
|
||||
- nrpe--
|
||||
- monitoring-plugins
|
||||
|
||||
- name: Create nrpe.d dir
|
||||
file:
|
||||
path: /etc/nrpe.d
|
||||
state: directory
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: 0755
|
||||
|
||||
- name: Include nrpe.d dir in nrpe.cfg
|
||||
lineinfile:
|
||||
dest: /etc/nrpe.cfg
|
||||
line: 'include_dir=/etc/nrpe.d'
|
||||
|
||||
- name: custom configuration is present
|
||||
template:
|
||||
src: evolix_bsd.cfg.j2
|
||||
dest: /etc/nrpe.d/evolix.cfg
|
||||
notify: restart nrpe
|
||||
|
||||
- name: Nagios plugins are installed
|
||||
copy:
|
||||
src: plugins_bsd/
|
||||
dest: /usr/local/libexec/nagios/plugins/
|
||||
owner: root
|
||||
group: wheel
|
||||
mode: 0755
|
||||
notify: restart nrpe
|
||||
|
||||
- name: Starting and enabling nrpe
|
||||
service:
|
||||
name: nrpe
|
||||
enabled: yes
|
||||
state: started
|
34
nagios-nrpe/templates/evolix_bsd.cfg.j2
Normal file
34
nagios-nrpe/templates/evolix_bsd.cfg.j2
Normal file
|
@ -0,0 +1,34 @@
|
|||
#
|
||||
# Custom NRPE configuration file.
|
||||
# Part of the EvoBSD distribution.
|
||||
#
|
||||
|
||||
# Allowed IPs
|
||||
allowed_hosts={{ nagios_nrpe_allowed_hosts | join(',') }}
|
||||
|
||||
command[check_users]=/usr/local/libexec/nagios/check_users -w 5 -c 10
|
||||
command[check_load]=/usr/local/libexec/nagios/check_load -w 15,10,5 -c 30,25,20
|
||||
command[check_disk1]=/usr/local/libexec/nagios/check_disk -x /lib/init/rw -x /dev -x /dev/shm -w 10% -c 3% -W 10% -K 3% -C -w 5% -c 2% -W 5% -K 2% -p /home
|
||||
command[check_zombie_procs]=/usr/local/libexec/nagios/check_procs -w 5 -c 10 -s Z
|
||||
command[check_total_procs]=/usr/local/libexec/nagios/check_procs -w 150 -c 200
|
||||
command[check_imap]=/usr/local/libexec/nagios/check_imap -H localhost
|
||||
command[check_smtp]=/usr/local/libexec/nagios/check_smtp -H localhost -f alert5@evolix.fr
|
||||
command[check_dns]=/usr/local/libexec/nagios/check_dns -H evolix.net
|
||||
command[check_swap]=/usr/local/libexec/nagios/check_swap -a -w 30% -c 20%
|
||||
command[check_ntp]=/usr/local/libexec/nagios/check_ntp -H ntp.evolix.net
|
||||
command[check_http]=/usr/local/libexec/nagios/check_http -H localhost -p 80
|
||||
command[check_onduleur]=/usr/local/libexec/nagios/check_ups -H localhost -u onduleur
|
||||
# Pour check_mailq, ajouter dans sudo :
|
||||
# _nrpe ALL=NOPASSWD: /usr/local/libexec/nagios/check_mailq
|
||||
command[check_mailq]=sudo /usr/local/libexec/nagios/check_mailq -w 10 -c 20
|
||||
command[check_bind]=/usr/local/libexec/nagios/check_dig -l evolix.net -H localhost
|
||||
command[check_ssh]=/usr/local/libexec/nagios/check_ssh -p 22 localhost
|
||||
command[check_proxy]=/usr/local/libexec/nagios/check_tcp -p PORT
|
||||
#command[check_vpn]=/usr/local/libexec/nagios/check_ping -H IPDISTANTE -p 1 -w 5000,100% -c 5000,100%
|
||||
command[check_vpn]=sudo /usr/local/libexec/nagios/check_ipsecctl.sh IPDISTANTE IPLOCALE "VPN MARSEILLE-ROME"
|
||||
command[check_openvpn]=/usr/local/libexec/nagios/check_openvpn
|
||||
command[check_pf_states]=bash -x /usr/local/libexec/nagios/check_pf_states
|
||||
command[check_carp1]=/usr/local/libexec/nagios/check_carp_if carp0 master
|
||||
command[check_mem]=/usr/local/libexec/nagios/check_free_mem.sh -w 20 -c 10
|
||||
command[check_dhcpclient]=/usr/local/libexec/nagios/check_dhcp -i INTERFACE
|
||||
command[check_smb]=/usr/local/libexec/nagios/check_tcp -H IPLOCALE -p 445
|
Loading…
Reference in a new issue