nagios-nrpe: add tasks/files for a wrapper
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
This commit is contained in:
parent
e0c143d9cf
commit
8244bd4615
6 changed files with 340 additions and 2 deletions
|
@ -13,6 +13,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
|||
### Added
|
||||
|
||||
* nagios-nrpe: Print pool config path in check_phpfpm_multi output
|
||||
* nagios-nrpe: add tasks/files for a wrapper
|
||||
* fail2ban: add "Internal login failure" to Dovecot filter
|
||||
|
||||
### Changed
|
||||
|
|
83
nagios-nrpe/files/alerts_switch
Normal file
83
nagios-nrpe/files/alerts_switch
Normal file
|
@ -0,0 +1,83 @@
|
|||
#!/bin/bash
|
||||
|
||||
# https://forge.evolix.org/projects/evolix-private/repository
|
||||
#
|
||||
# You should not alter this file.
|
||||
# If you need to, create and customize a copy.
|
||||
|
||||
set -e
|
||||
|
||||
readonly PROGNAME=$(basename $0)
|
||||
readonly PROGDIR=$(readlink -m $(dirname $0))
|
||||
readonly ARGS="$@"
|
||||
|
||||
usage() {
|
||||
echo "$PROGNAME action prefix"
|
||||
}
|
||||
|
||||
disable_alerts () {
|
||||
disabled_file="$1_disabled"
|
||||
enabled_file="$1_enabled"
|
||||
|
||||
if [ -e "${enabled_file}" ]; then
|
||||
mv "${enabled_file}" "${disabled_file}"
|
||||
else
|
||||
touch "${disabled_file}"
|
||||
chmod 0644 "${disabled_file}"
|
||||
fi
|
||||
}
|
||||
|
||||
enable_alerts () {
|
||||
disabled_file="$1_disabled"
|
||||
enabled_file="$1_enabled"
|
||||
|
||||
if [ -e "${disabled_file}" ]; then
|
||||
mv "${disabled_file}" "${enabled_file}"
|
||||
else
|
||||
touch "${enabled_file}"
|
||||
chmod 0644 "${enabled_file}"
|
||||
fi
|
||||
}
|
||||
|
||||
now () {
|
||||
date --iso-8601=seconds
|
||||
}
|
||||
|
||||
log_disable () {
|
||||
echo "$(now) - alerts disabled by $(logname || echo unknown)" >> $1
|
||||
}
|
||||
|
||||
log_enable () {
|
||||
echo "$(now) - alerts enabled by $(logname || echo unknown)" >> $1
|
||||
}
|
||||
|
||||
main () {
|
||||
local action=$1
|
||||
local prefix=$2
|
||||
|
||||
local base_dir="/var/lib/misc"
|
||||
mkdir -p "${base_dir}"
|
||||
|
||||
local file_path="${base_dir}/${prefix}_alerts"
|
||||
local log_file="/var/log/${prefix}_alerts.log"
|
||||
|
||||
case "$action" in
|
||||
enable)
|
||||
enable_alerts ${file_path}
|
||||
log_enable ${log_file}
|
||||
;;
|
||||
disable)
|
||||
disable_alerts ${file_path}
|
||||
log_disable ${log_file}
|
||||
;;
|
||||
help)
|
||||
usage
|
||||
;;
|
||||
*)
|
||||
>&2 echo "Unknown action '$action'"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
main $ARGS
|
217
nagios-nrpe/files/alerts_wrapper
Normal file
217
nagios-nrpe/files/alerts_wrapper
Normal file
|
@ -0,0 +1,217 @@
|
|||
#!/bin/bash
|
||||
|
||||
# https://forge.evolix.org/projects/evolix-private/repository
|
||||
#
|
||||
# You should not alter this file.
|
||||
# If you need to, create and customize a copy.
|
||||
|
||||
VERSION="21.04"
|
||||
readonly VERSION
|
||||
|
||||
# base functions
|
||||
|
||||
show_version() {
|
||||
cat <<END
|
||||
alerts_wrapper version ${VERSION}
|
||||
|
||||
Copyright 2018-2021 Evolix <info@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>
|
||||
and others.
|
||||
|
||||
alerts_wrapper comes with ABSOLUTELY NO WARRANTY.This is free software,
|
||||
and you are welcome to redistribute it under certain conditions.
|
||||
See the GNU General Public License v3.0 for details.
|
||||
END
|
||||
}
|
||||
show_help() {
|
||||
cat <<END
|
||||
alerts_wrapper is supposed to wrap an NRPE command and overrides the return code.
|
||||
|
||||
Usage: alerts_wrapper --limit=1d --name=check_name command with optional arguments
|
||||
or alerts_wrapper --name=check_name command with optional arguments
|
||||
or alerts_wrapper check_name command with optional arguments
|
||||
|
||||
Options
|
||||
--limit max age of the "check file" ;
|
||||
can be "1d" for 1 day, "5m" for 5 minutes…
|
||||
or more complex expressions like "1w2d10m42s"
|
||||
--name check name
|
||||
-h, --help print this message and exit
|
||||
-V, --version print version and exit
|
||||
END
|
||||
}
|
||||
|
||||
time_in_seconds() {
|
||||
if echo "${1}" | grep -E -q '^([0-9]+[wdhms])+$'; then
|
||||
echo "${1}" | sed 's/w/ * 604800 + /g; s/d/ * 86400 + /g; s/h/ * 3600 + /g; s/m/ * 60 + /g; s/s/ + /g; s/+ $//' | xargs expr
|
||||
elif echo "${1}" | grep -E -q '^([0-9]+$)'; then
|
||||
echo "${1} * 3600" | xargs expr
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
delay_from_alerts_disabled_file() {
|
||||
last_change=$(stat -c %Z "${alerts_disabled_file}")
|
||||
limit_seconds=$(time_in_seconds "${wrapper_limit}" || time_in_seconds "${wrapper_limit_default}")
|
||||
limit_date=$(date --date "${limit_seconds} seconds ago" +"%s")
|
||||
|
||||
echo $(( last_change - limit_date ))
|
||||
}
|
||||
|
||||
enable_check() {
|
||||
if [ "$(id -u)" -eq "0" ] ; then
|
||||
/usr/local/bin/alerts_switch enable "${check_name}"
|
||||
else
|
||||
sudo /usr/local/bin/alerts_switch enable "${check_name}"
|
||||
fi
|
||||
}
|
||||
|
||||
main() {
|
||||
${check_command} > "${check_stdout}"
|
||||
check_rc=$?
|
||||
readonly check_rc
|
||||
|
||||
delay=0
|
||||
|
||||
if [ -e "${alerts_disabled_file}" ]; then
|
||||
delay=$(delay_from_alerts_disabled_file)
|
||||
|
||||
if [ "${delay}" -le "0" ]; then
|
||||
enable_check
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -e "${alerts_disabled_file}" ]; then
|
||||
formatted_last_change=$(date --date "@$(stat -c %Z "${alerts_disabled_file}")" +'%c')
|
||||
readonly formatted_last_change
|
||||
|
||||
echo "ALERTS DISABLED for ${check_name} (since ${formatted_last_change}, delay: ${delay} sec) - $(cat "${check_stdout}")"
|
||||
if [ ${check_rc} = 0 ]; then
|
||||
# Nagios OK
|
||||
exit 0
|
||||
else
|
||||
# Nagios WARNING
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
cat "${check_stdout}"
|
||||
exit ${check_rc}
|
||||
fi
|
||||
}
|
||||
|
||||
# Default: 1 day before re-enabling the check
|
||||
wrapper_limit_default="1d"
|
||||
readonly wrapper_limit_default
|
||||
|
||||
if [[ "${1}" =~ -.* ]]; then
|
||||
# parse options
|
||||
# based on https://gist.github.com/deshion/10d3cb5f88a21671e17a
|
||||
while :; do
|
||||
case $1 in
|
||||
-h|-\?|--help)
|
||||
show_help
|
||||
exit 0
|
||||
;;
|
||||
-V|--version)
|
||||
show_version
|
||||
exit 0
|
||||
;;
|
||||
|
||||
--limit)
|
||||
# with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
wrapper_limit=$2
|
||||
shift
|
||||
else
|
||||
printf 'ERROR: "--limit" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--limit=?*)
|
||||
# with value speparated by =
|
||||
wrapper_limit=${1#*=}
|
||||
;;
|
||||
--limit=)
|
||||
# without value
|
||||
printf 'ERROR: "--limit" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
;;
|
||||
|
||||
--name)
|
||||
# with value separated by space
|
||||
if [ -n "$2" ]; then
|
||||
check_name=$2
|
||||
shift
|
||||
else
|
||||
printf 'ERROR: "--name" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
--name=?*)
|
||||
# with value speparated by =
|
||||
check_name=${1#*=}
|
||||
;;
|
||||
--name=)
|
||||
# without value
|
||||
printf 'ERROR: "--name" requires a non-empty option argument.\n' >&2
|
||||
exit 1
|
||||
;;
|
||||
|
||||
--)
|
||||
# End of all options.
|
||||
shift
|
||||
break
|
||||
;;
|
||||
-?*)
|
||||
# ignore unknown options
|
||||
printf 'WARN: Unknown option : %s\n' "$1" >&2
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
# Default case: If no more options then break out of the loop.
|
||||
break
|
||||
;;
|
||||
esac
|
||||
|
||||
shift
|
||||
done
|
||||
# The rest is the command
|
||||
check_command="$*"
|
||||
else
|
||||
# no option is passed (backward compatibility with previous version)
|
||||
# treat the first argument as check_name and the rest as the command
|
||||
check_name="${1}"
|
||||
shift
|
||||
check_command="$*"
|
||||
fi
|
||||
|
||||
# Default values or errors
|
||||
if [ -z "${wrapper_limit}" ]; then
|
||||
wrapper_limit="${wrapper_limit_default}"
|
||||
fi
|
||||
if [ -z "${check_name}" ]; then
|
||||
printf 'ERROR: You must specify a check name, with --name.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "${check_command}" ]; then
|
||||
printf 'ERROR: You must specify a command to execute.\n' >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
readonly check_name
|
||||
readonly check_command
|
||||
readonly wrapper_limit
|
||||
alerts_disabled_file="/var/lib/misc/${check_name}_alerts_disabled"
|
||||
readonly alerts_disabled_file
|
||||
|
||||
check_file="/var/lib/misc/${check_name}_alerts_disabled"
|
||||
readonly check_file
|
||||
|
||||
check_stdout=$(mktemp --tmpdir=/tmp "${check_name}_stdout.XXXX")
|
||||
readonly check_stdout
|
||||
|
||||
# shellcheck disable=SC2064
|
||||
trap "rm ${check_stdout}" EXIT
|
||||
|
||||
main
|
|
@ -59,9 +59,9 @@ delay_from_check_file() {
|
|||
|
||||
enable_check() {
|
||||
if [ "$(id -u)" -eq "0" ] ; then
|
||||
/usr/share/scripts/alerts_switch enable "${check_name}"
|
||||
/usr/local/bin/alerts_switch enable "${check_name}"
|
||||
else
|
||||
sudo /usr/share/scripts/alerts_switch enable "${check_name}"
|
||||
sudo /usr/local/bin/alerts_switch enable "${check_name}"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
@ -83,3 +83,5 @@
|
|||
notify: restart nagios-nrpe-server
|
||||
tags:
|
||||
- nagios-nrpe
|
||||
|
||||
- include_tasks: wrapper.yml
|
35
nagios-nrpe/tasks/wrapper.yml
Normal file
35
nagios-nrpe/tasks/wrapper.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
|
||||
|
||||
- name: "Remount /usr if needed"
|
||||
include_role:
|
||||
name: remount-usr
|
||||
|
||||
- name: alerts_switch is at the right place
|
||||
command: "mv /usr/share/scripts/alerts_switch /usr/local/bin/alerts_switch"
|
||||
args:
|
||||
creates: /usr/local/bin/alerts_switch
|
||||
|
||||
- name: "copy alerts_switch"
|
||||
copy:
|
||||
src: alerts_switch
|
||||
dest: /usr/local/bin/alerts_switch
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0750"
|
||||
force: yes
|
||||
|
||||
- name: "symlink for backward compatibility"
|
||||
file:
|
||||
src: /usr/local/bin/alerts_switch
|
||||
dest: /usr/share/scripts/alerts_switch
|
||||
state: link
|
||||
|
||||
- name: "copy alerts_wrapper"
|
||||
copy:
|
||||
src: alerts_wrapper
|
||||
dest: "{{ nagios_plugins_directory }}/alerts_wrapper"
|
||||
owner: root
|
||||
group: staff
|
||||
mode: "0755"
|
||||
force: yes
|
Loading…
Reference in a new issue