Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

in progress

Browse source
This commit is contained in:
Ricky Elrod 2014-04-24 17:53:34 +00:00 committed by Ricky Elrod
parent 362710ffa8
commit 4ee5939b13
490 changed files with 14041 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

65
roles/nagios_server/files/plugins/check_datanommer_timesince.py Executable file
View file

@ -0,0 +1,65 @@
#!/usr/bin/env python
""" NRPE check for datanommer/fedmsg health.
Given a category like 'bodhi', 'buildsys', or 'git', return an error if
datanommer hasn't seen a message of that type in such and such time.
Requires: python-dateutil
Usage:
$ check_datanommer_timesince CATEGORY WARNING_THRESH CRITICAL_THRESH
:Author: Ralph Bean <rbean@redhat.com>
"""
import dateutil.relativedelta
import subprocess
import sys
import json
def query_timesince(category):
cmd = 'datanommer-latest --category %s --timesince' % category
sys.stderr.write("Running %r\n" % cmd)
process = subprocess.Popen(cmd.split(), shell=False,
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = process.communicate()
data = json.loads(stdout)
return float(data[0])
def main():
category, warning_threshold, critical_threshold = sys.argv[-3:]
timesince = query_timesince(category)
warning_threshold = int(warning_threshold)
critical_threshold = int(critical_threshold)
time_strings = []
rd = dateutil.relativedelta.relativedelta(seconds=timesince)
for denomination in ['years', 'months', 'days', 'hours', 'minutes', 'seconds']:
value = getattr(rd, denomination, 0)
if value:
time_strings.append("%d %s" % (value, denomination))
string = ", ".join(time_strings)
reason = "datanommer has not seen a %r message in %s" % (category, string)
if timesince > critical_threshold:
print "CRIT: ", reason
sys.exit(2)
if timesince > warning_threshold:
print "WARN: ", reason
sys.exit(1)
print "OK: ", reason
sys.exit(0)
if __name__ == '__main__':
try:
main()
except Exception as e:
print "UNKNOWN: ", str(e)
sys.exit(3)

44
roles/nagios_server/files/plugins/check_dig_ssl Normal file
View file

@ -0,0 +1,44 @@
#!/bin/bash
#
# 29-02-2012
# Author: Christos Triantafyllidis <christos.triantafyllidis@gmail.com>
#
# Default values
STUNNEL_EXEC=${STUNNEL_EXEC:-/usr/bin/stunnel}
CHECK_DIG_EXEC=${CHECK_DIG_EXEC:-/usr/lib/nagios/plugins/check_dig}
lport=8443
ARGS=""
while getopts "L:H:p:l:T:a:A:w:c:t:v" options
do
case $options in
L ) lport=$OPTARG ;;
H ) host=$OPTARG ;;
p ) port=$OPTARG ;;
* ) ARGS="$ARGS -$options $OPTARG";;
esac
done
# Create a ssl tunnel to the request socket
TMPFILE=`mktemp /tmp/$(basename $0)_${host}_${port}_XXXXX`
echo "
client = yes
verify = 0
syslog = no
pid=$TMPFILE.pid
[${host}_${port}]
accept=${lport}
connect=${host}:${port}
" > $TMPFILE
$STUNNEL_EXEC $TMPFILE
# Use check_dig via the stunnel
$CHECK_DIG_EXEC -H localhost -p ${lport} $ARGS
e_status=$?
# cleanup
kill -9 `cat $TMPFILE.pid`
rm -f $TMPFILE $TMPFILE.pid
exit $e_status

472
roles/nagios_server/files/plugins/check_email_delivery_epn Normal file
View file

@ -0,0 +1,472 @@
#!/usr/bin/perl
use strict;
my $VERSION = '0.6.2';
my $COPYRIGHT = 'Copyright (C) 2005-2008 Jonathan Buhacoff <jonathan@buhacoff.net>';
my $LICENSE = 'http://www.gnu.org/licenses/gpl.txt';
my %status = ( 'OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3 );
# look for required modules
exit $status{UNKNOWN} unless load_modules(qw/Getopt::Long/);
# get options from command line
Getopt::Long::Configure("bundling");
my $verbose = 0;
my $help = "";
my $help_usage = "";
my $show_version = "";
my $host = "";
my $smtp_server = "";
my $smtp_port = "";
my $imap_server = "";
my $smtp_username = "";
my $smtp_password = "";
my $smtp_tls = "";
my $imap_port = "";
my $imap_username = "";
my $imap_password = "";
my $username = "";
my $password = "";
my $ssl = "";
my $imap_ssl = "";
my $mailto = "";
my $mailfrom = "";
my @header = ();
my $body = "";
my $warnstr = "";
my $critstr = "";
my $waitstr = "";
my $delay_warn = 95;
my $delay_crit = 300;
my $smtp_warn = 15;
my $smtp_crit = 30;
my $imap_warn = 15;
my $imap_crit = 30;
my $timeout = "";
my @alert_plugins = ();
my $imap_interval = 5;
my $imap_retries = 5;
my @plugins = ();
my @token_formats = ();
my $tokenfile = "";
my $default_crit = 30;
my $default_warn = 15;
my $default_wait = 5;
my $default_timeout = 60;
#my $libexec = "/usr/local/nagios/libexec";
my $libexec = "/usr/lib/nagios/plugins";
my $ok;
$ok = Getopt::Long::GetOptions(
"V|version"=>\$show_version,
"v|verbose+"=>\$verbose,"h|help"=>\$help,"usage"=>\$help_usage,
"w|warning=s"=>\$warnstr,"c|critical=s"=>\$critstr, "t|timeout=s"=>\$timeout,
"libexec=s"=>\$libexec,
# plugin settings
"p|plugin=s"=>\@plugins, "T|token=s"=>\@token_formats,
"A|alert=i"=>\@alert_plugins,
"F|file=s"=>\$tokenfile,
# common settings
"H|hostname=s"=>\$host,
"U|username=s"=>\$username,"P|password=s"=>\$password,
# smtp settings
"smtp-server=s"=>\$smtp_server,"smtp-port=i"=>\$smtp_port,
"mailto=s"=>\$mailto, "mailfrom=s",\$mailfrom,
"header=s"=>\@header, "body=s"=>\$body,
# smtp-tls settings
"smtptls!"=>\$smtp_tls,
"smtp-username=s"=>\$smtp_username,"smtp-password=s"=>\$smtp_password,
# delay settings
"wait=s"=>\$waitstr,
# imap settings
"imap-server=s"=>\$imap_server,"imap-port=i"=>\$imap_port,
"imap-username=s"=>\$imap_username,"imap-password=s"=>\$imap_password,
"imap-check-interval=i"=>\$imap_interval,"imap-retries=i"=>\$imap_retries,
"imapssl!"=>\$imap_ssl,
);
if( $show_version ) {
print "$VERSION\n";
if( $verbose ) {
print "Warning threshold: $delay_warn seconds\n";
print "Critical threshold: $delay_crit seconds\n";
print "Default wait: $default_wait seconds\n";
print "Default timeout: $default_timeout seconds\n";
}
exit $status{UNKNOWN};
}
if( $help ) {
exec "perldoc", $0 or print "Try `perldoc $0`\n";
exit $status{UNKNOWN};
}
if( $host ) {
$smtp_server = $host if $smtp_server eq "";
$imap_server = $host if $imap_server eq "";
}
if( $username ) {
$smtp_username = $username if $smtp_username eq "";
$imap_username = $username if $imap_username eq "";
}
if( $password ) {
$smtp_password = $password if $smtp_password eq "";
$imap_password = $password if $imap_password eq "";
}
if( $ssl ) {
$imap_ssl = $ssl if $imap_ssl eq "";
$smtp_tls = $ssl if $smtp_tls eq "";
}
if( $help_usage
||
(
scalar(@plugins) == 0
&&
(
$smtp_server eq "" || $mailto eq "" || $mailfrom eq ""
|| $imap_server eq "" || $username eq "" || $password eq ""
)
)
) {
print "Usage 1: $0 -H host \n\t".
"--mailto recipient\@your.net --mailfrom sender\@your.net --body 'message' \n\t".
"--username username --password password \n\t".
"[-w <seconds>] [-c <seconds>]\n\t" .
"[--imap-check-interval <seconds> ] [--imap-retries <times> ]\n";
print "Usage 2: $0 \n\t".
"-p 'first plugin command with %TOKEN1% embedded' \n\t".
"-p 'second plugin command with %TOKEN1% embedded' \n\t".
"[-w <seconds1>,<seconds2>] [-c <seconds1>,<seconds2>] \n";
exit $status{UNKNOWN};
}
# determine thresholds
my @warning_times = split(",", $warnstr);
my @critical_times = split(",", $critstr);
my @alarm_times = split(",", $timeout);
my @wait_times = split(",", $waitstr);
my ($dw,$sw,$rw) = split(",", $warnstr);
my ($dc,$sc,$rc) = split(",", $critstr);
my ($wait) = split(",", $waitstr);
$delay_warn = $dw if defined $dw and $dw ne "";
$smtp_warn = $sw if defined $sw and $sw ne "";
$imap_warn = $rw if defined $rw and $rw ne "";
$delay_crit = $dc if defined $dc and $dc ne "";
$smtp_crit = $sc if defined $sc and $sc ne "";
$imap_crit = $rc if defined $rc and $rc ne "";
my $smtp_thresholds = "";
$smtp_thresholds .= "-w $smtp_warn " if defined $smtp_warn and $smtp_warn ne "";
$smtp_thresholds .= "-c $smtp_crit " if defined $smtp_crit and $smtp_crit ne "";
my $imap_thresholds = "";
$imap_thresholds .= "-w $imap_warn " if defined $imap_warn and $imap_warn ne "";
$imap_thresholds .= "-c $imap_crit " if defined $imap_crit and $imap_crit ne "";
$imap_thresholds .= "--imap-check-interval $imap_interval " if defined $imap_interval and $imap_interval ne "";
$imap_thresholds .= "--imap-retries $imap_retries " if defined $imap_retries and $imap_retries ne "";
if( scalar(@alarm_times) == 1 ) {
$default_timeout = shift(@alarm_times);
}
# determine which other options to include
my $smtp_options = "";
$smtp_options .= "-H $smtp_server " if defined $smtp_server and $smtp_server ne "";
$smtp_options .= "-p $smtp_port " if defined $smtp_port and $smtp_port ne "";
$smtp_options .= "--tls " if defined $smtp_tls and $smtp_tls;
$smtp_options .= "-U $username " if defined $smtp_username and $smtp_username ne "";
$smtp_options .= "-P $password " if defined $smtp_password and $smtp_password ne "";
$smtp_options .= "--mailto $mailto " if defined $mailto and $mailto ne "";
$smtp_options .= "--mailfrom $mailfrom " if defined $mailfrom and $mailfrom ne "";
my $imap_options = "";
$imap_options .= "-H $imap_server " if defined $imap_server and $imap_server ne "";
$imap_options .= "-p $imap_port " if defined $imap_port and $imap_port ne "";
$imap_options .= "-U $username " if defined $imap_username and $imap_username ne "";
$imap_options .= "-P $password " if defined $imap_password and $imap_password ne "";
$imap_options .= "--ssl " if defined $imap_ssl and $imap_ssl;
# create the report object
my $report = new PluginReport;
my @report_plugins = (); # populated later with either (smtp,imap) or (plugin1,plugin2,...)
my $time_start; # initialized later with time the work actually starts
# create token formats for use with the plugins
my @alpha = qw/a b c d e f g h i j k l m n o p q r s t u v w x y z/;
my @numeric = qw/0 1 2 3 4 5 6 7 8 9/;
my @hex = qw/0 1 2 3 4 5 6 7 8 9 a b c d e f/;
my @pgp_even = qw/aardvark absurd accrue acme adrift adult afflict ahead aimless Algol allow alone ammo ancient apple artist assume Athens atlas Aztec baboon backfield backward banjo beaming bedlamp beehive beeswax befriend Belfast berserk billiard bison blackjack blockade blowtorch bluebird bombast bookshelf brackish breadline breakup brickyard briefcase Burbank button buzzard cement chairlift chatter checkup chisel choking chopper Christmas clamshell classic classroom cleanup clockwork cobra commence concert cowbell crackdown cranky crowfoot crucial crumpled crusade cubic dashboard deadbolt deckhand dogsled dragnet drainage dreadful drifter dropper drumbeat drunken Dupont dwelling eating edict egghead eightball endorse endow enlist erase escape exceed eyeglass eyetooth facial fallout flagpole flatfoot flytrap fracture framework freedom frighten gazelle Geiger glitter glucose goggles goldfish gremlin guidance hamlet highchair hockey indoors indulge inverse involve island jawbone keyboard kickoff kiwi klaxon locale lockup merit minnow miser Mohawk mural music necklace Neptune newborn nightbird Oakland obtuse offload optic orca payday peachy pheasant physique playhouse Pluto preclude prefer preshrunk printer prowler pupil puppy python quadrant quiver quota ragtime ratchet rebirth reform regain reindeer rematch repay retouch revenge reward rhythm ribcage ringbolt robust rocker ruffled sailboat sawdust scallion scenic scorecard Scotland seabird select sentence shadow shamrock showgirl skullcap skydive slingshot slowdown snapline snapshot snowcap snowslide solo southward soybean spaniel spearhead spellbind spheroid spigot spindle spyglass stagehand stagnate stairway standard stapler steamship sterling stockman stopwatch stormy sugar surmount suspense sweatband swelter tactics talon tapeworm tempest tiger tissue tonic topmost tracker transit trauma treadmill Trojan trouble tumor tunnel tycoon uncut unearth unwind uproot upset upshot vapor village virus Vulcan waffle wallet watchword wayside willow woodlark Zulu/;
my @pgp_odd = qw/adroitness adviser aftermath aggregate alkali almighty amulet amusement antenna applicant Apollo armistice article asteroid Atlantic atmosphere autopsy Babylon backwater barbecue belowground bifocals bodyguard bookseller borderline bottomless Bradbury bravado Brazilian breakaway Burlington businessman butterfat Camelot candidate cannonball Capricorn caravan caretaker celebrate cellulose certify chambermaid Cherokee Chicago clergyman coherence combustion commando company component concurrent confidence conformist congregate consensus consulting corporate corrosion councilman crossover crucifix cumbersome customer Dakota decadence December decimal designing detector detergent determine dictator dinosaur direction disable disbelief disruptive distortion document embezzle enchanting enrollment enterprise equation equipment escapade Eskimo everyday examine existence exodus fascinate filament finicky forever fortitude frequency gadgetry Galveston getaway glossary gossamer graduate gravity guitarist hamburger Hamilton handiwork hazardous headwaters hemisphere hesitate hideaway holiness hurricane hydraulic impartial impetus inception indigo inertia infancy inferno informant insincere insurgent integrate intention inventive Istanbul Jamaica Jupiter leprosy letterhead liberty maritime matchmaker maverick Medusa megaton microscope microwave midsummer millionaire miracle misnomer molasses molecule Montana monument mosquito narrative nebula newsletter Norwegian October Ohio onlooker opulent Orlando outfielder Pacific pandemic Pandora paperweight paragon paragraph paramount passenger pedigree Pegasus penetrate perceptive performance pharmacy phonetic photograph pioneer pocketful politeness positive potato processor provincial proximate puberty publisher pyramid quantity racketeer rebellion recipe recover repellent replica reproduce resistor responsive retraction retrieval retrospect revenue revival revolver sandalwood sardonic Saturday savagery scavenger sensation sociable souvenir specialist speculate stethoscope stupendous supportive surrender suspicious sympathy tambourine telephone therapist tobacco tolerance tomorrow torpedo tradition travesty trombonist truncated typewriter ultimate undaunted underfoot unicorn unify universe unravel upcoming vacancy vagabond vertigo Virginia visitor vocalist voyager warranty Waterloo whimsical Wichita Wilmington Wyoming yesteryear Yucatan/;
my %formats = (
'a' => sub { pick_random(@alpha) },
'n' => sub { pick_random(@numeric) },
'c' => sub { pick_random(@alpha,@numeric) },
'h' => sub { pick_random(@hex) },
'U' => sub { time },
'X' => sub { pick_random(@pgp_even) },
'Y' => sub { pick_random(@pgp_odd) },
);
if( scalar(@plugins) ) {
# scan the plugin commands for use of tokens to count how many we need
my $token_count = 0;
foreach my $p (@plugins) {
my @matches = sort ($p =~ m/%TOKEN(\d+)%/g);
my $max = pop @matches;
$token_count = $max if defined($max) && $max > $token_count;
}
# create the tokens
my @tokens = ();
foreach my $t (1..$token_count) {
my $format = shift @token_formats;
$format = "U-X-Y" unless $format;
my @format_characters = split(//, $format);
my $token = "";
foreach my $c (@format_characters) {
if( defined $formats{$c} ) {
$token .= &{$formats{$c}};
}
else {
$token .= $c;
}
}
push @tokens, $token;
}
# substitute the tokens into each plugin command
foreach my $p (@plugins) {
foreach my $t (1..$token_count) {
my $token = $tokens[$t-1];
$p =~ s/%TOKEN$t%/$token/g;
}
}
# mark plugins that are allowed to generate alerts. default behavior is to alert for all plugins.
my %alert_plugins = ();
if( scalar(@alert_plugins) > 0 ) {
%alert_plugins = map { $_ => 1 } @alert_plugins;
}
else {
%alert_plugins = map { $_ => 1 } (1..scalar(@plugins));
}
# run each plugin and store its output in a report
$time_start = time;
my $i = 0;
foreach my $p( @plugins ) {
$i++;
my $plugin_timeout = shift(@alarm_times) || $default_timeout;
# run the plugin
eval {
local $SIG{ALRM} = sub { die "exceeded timeout $plugin_timeout seconds\n" }; # NB: \n required, see `perldoc -f alarm`
alarm $plugin_timeout;
my $output = `$p`;
chomp $output;
if( $output !~ m/OK|WARNING|CRITICAL/ ) {
print "EMAIL DELIVERY UNKNOWN - plugin $i error: $output\n";
print "Plugin $i: $p\n" if $verbose;
# record tokens in a file if option is enabled
record_tokens($tokenfile,\@tokens,$time_start,undef,'UNKNOWN',$i,$output) if $tokenfile;
exit $status{UNKNOWN};
}
if( $output =~ m/CRITICAL/ && $alert_plugins{$i} ) {
print "EMAIL DELIVERY CRITICAL - plugin $i failed: $output\n";
print "Plugin $i: $p" if $verbose;
# record tokens in a file if option is enabled
record_tokens($tokenfile,\@tokens,$time_start,undef,'CRITICAL',$i,$output) if $tokenfile;
exit $status{CRITICAL};
}
if( $output =~ m/WARNING/ && $alert_plugins{$i} ) {
print "EMAIL DELIVERY WARNING - plugin $i warning: $output\n";
print "Plugin $i: $p\n" if $verbose;
# record tokens in a file if option is enabled
record_tokens($tokenfile,\@tokens,$time_start,undef,'WARNING',$i,$output) if $tokenfile;
exit $status{WARNING};
}
$report->{"plugin".$i} = $output;
alarm 0;
};
if( $@ && $alert_plugins{$i} ) {
print "EMAIL DELIVERY CRITICAL - Could not run plugin $i: $@\n";
print "Plugin $i: $p\n" if $verbose;
exit $status{CRITICAL};
}
# if this wasn't the last plugin, wait before continuing
if( $i < scalar(@plugins) ) {
my $wait = shift(@wait_times) || $default_wait;
sleep $wait;
}
# compatibility with the "not using plugins" method... pretend to calculate the total round trip time (the delay) using data from the plugins ...
$report->{max} = 0;
$report->{delay} = 0;
}
# register the list of reports
foreach my $r ( 1..scalar(@plugins)) {
push @report_plugins, "plugin".$r;
}
# record tokens in a file if option is enabled
my $tmp_long_report = join(", ", map { "$_: $report->{$_}" } @report_plugins ) if $tokenfile;
record_tokens($tokenfile,\@tokens,$time_start,time,'OK',scalar(@plugins),$tmp_long_report) if $tokenfile;
}
else {
# not using plugins.
$time_start = time;
# send email via SMTP
my $id = $time_start; # XXX should include localhost name maybe or some random number in case the same mailbox is used for multiple delivery tests
my $smtp_plugin = "$libexec/check_smtp_send";
$smtp_plugin = "$libexec/check_smtp_send.pl" unless -e $smtp_plugin;
my $smtp_timeout = shift(@alarm_times) || $default_timeout;
eval {
local $SIG{ALRM} = sub { die "exceeded timeout $smtp_timeout seconds\n" }; # NB: \n required, see `perldoc -f alarm`
alarm $smtp_timeout;
my $smtp = `$smtp_plugin $smtp_options --header 'Subject: Nagios Message SMTP $smtp_server ID $id.' --body 'Nagios Email Delivery Plugin\n$body' $smtp_thresholds`;
if( $smtp !~ m/OK|WARNING|CRITICAL/ ) {
print "EMAIL DELIVERY UNKNOWN - smtp unknown: $smtp\n";
exit $status{UNKNOWN};
}
if( $smtp =~ m/CRITICAL/ ) {
print "EMAIL DELIVERY CRITICAL - smtp failed: $smtp\n";
exit $status{CRITICAL};
}
chomp $smtp;
$report->{smtp} = $smtp;
alarm 0;
};
if( $@ ) {
print "EMAIL DELIVERY CRITICAL - Could not connect to SMTP server $smtp_server: $@\n";
exit $status{CRITICAL};
}
# wait before checking the delivery
$wait = shift(@wait_times) || $default_wait;
sleep $wait;
# check email via IMAP
my $imap_plugin = "$libexec/check_imap_receive";
$imap_plugin = "$libexec/check_imap_receive.pl" unless -e $imap_plugin;
my $imap_timeout = shift(@alarm_times) || $default_timeout;
eval {
local $SIG{ALRM} = sub { die "exceeded timeout $imap_timeout seconds\n" }; # NB: \n required, see `perldoc -f alarm`
alarm $imap_timeout;
my $imap = `$imap_plugin $imap_options -s SUBJECT -s 'Nagios Message SMTP $smtp_server ID' --capture-max 'Nagios Message SMTP $smtp_server ID (\\d+)' --nodelete-captured $imap_thresholds`;
if( $imap !~ m/OK|WARNING|CRITICAL/ ) {
print "EMAIL DELIVERY UNKNOWN - imap unknown: $imap\n";
exit $status{UNKNOWN};
}
if( $imap =~ m/CRITICAL/ ) {
print "EMAIL DELIVERY CRITICAL - imap failed: $imap\n";
exit $status{CRITICAL};
}
if( $imap =~ m/ (\d+) max/ ) {
my $last_received = $1;
$report->{max} = $1;
my $delay = time - $last_received;
$report->{delay} = $delay;
}
chomp $imap;
$report->{imap} = $imap;
alarm 0;
};
if( $@ ) {
print "EMAIL DELIVERY CRITICAL - Could not connect to IMAP server $imap_server: $@\n";
exit $status{CRITICAL};
}
# register the list of reports
push @report_plugins, ("smtp","imap");
}
# calculate elapsed time and issue warnings
my $time_end = time;
my $elapsedtime = $time_end - $time_start;
$report->{seconds} = $elapsedtime;
my @warning = ();
my @critical = ();
push @warning, "most recent received $report->{delay} seconds ago" if( defined($report->{delay}) && $report->{delay} > $delay_warn );
push @critical, "most recent received $report->{delay} seconds ago" if( defined($report->{delay}) && $report->{delay} > $delay_crit );
push @warning, "no emails found" if( !defined($report->{delay}) );
# print report and exit with known status
my $short_report = $report->text(qw/seconds delay/);
my $long_report = join("", map { "$_: $report->{$_}\n" } @report_plugins );
if( scalar @critical ) {
my $alerts = join(", ", @critical);
print "EMAIL DELIVERY CRITICAL - $alerts; $short_report\n";
print $long_report if $verbose;
exit $status{CRITICAL};
}
if( scalar @warning ) {
my $alerts = join(", ", @warning);
print "EMAIL DELIVERY WARNING - $alerts; $short_report\n";
print $long_report if $verbose;
exit $status{WARNING};
}
print "EMAIL DELIVERY OK - $short_report\n";
print $long_report if $verbose;
exit $status{OK};
# utility to load required modules. exits if unable to load one or more of the modules.
sub load_modules {
my @missing_modules = ();
foreach( @_ ) {
eval "require $_";
push @missing_modules, $_ if $@;
}
if( @missing_modules ) {
print "Missing perl modules: @missing_modules\n";
return 0;
}
return 1;
}
# returns one random character from a set of characters
sub pick_random {
my @set = @_;
my $size = scalar @set;
my $string = $set[int(rand($size))];
return $string;
}
# appens tokens and times to a tab-separated value file
sub record_tokens {
my ($tokenfile,$tokens,$time_start,$time_end,$status,$plugin_num,$output) = @_;
if( $tokenfile ) {
my @tokens = @$tokens;
$time_end = "" unless defined $time_end;
$status = "" unless defined $status;
$plugin_num = "" unless defined $plugin_num;
$output = "" unless defined $output;
print "saving ".scalar(@tokens)." tokens into $tokenfile\n" if $verbose;
open(TOKENFILE,">>$tokenfile");
foreach(@tokens) {
print TOKENFILE "$_\t$time_start\t$time_end\t$status\t$plugin_num\t$output\n";
}
close(TOKENFILE);
}
}
# NAME
# PluginReport
# SYNOPSIS
# $report = new PluginReport;
# $report->{label1} = "value1";
# $report->{label2} = "value2";
# print $report->text(qw/label1 label2/);
package PluginReport;
sub new {
my ($proto,%p) = @_;
my $class = ref($proto) || $proto;
my $self = bless {}, $class;
$self->{$_} = $p{$_} foreach keys %p;
return $self;
}
sub text {
my ($self,@labels) = @_;
my @report = map { "$self->{$_} $_" } grep { defined $self->{$_} } @labels;
my $text = join(", ", @report);
return $text;
}
package main;
1;

23
roles/nagios_server/files/plugins/check_fcomm_queue Normal file
View file

@ -0,0 +1,23 @@
#!/usr/bin/env python
import sys
try:
import retask.queue
queue = retask.queue.Queue('fedora-packages')
queue.connect()
items = queue.length
if items > 500:
print "CRITICAL: %i tasks in fcomm queue" % items
sys.exit(2)
elif items > 250:
print "WARNING: %i tasks in fcomm queue" % items
sys.exit(1)
else:
print "OK: %i tasks in fcomm queue" % items
sys.exit(0)
except Exception as e:
print "UNKNOWN:", str(e)
sys.exit(3)

76
roles/nagios_server/files/plugins/check_haproxy_conns.py Executable file
View file

@ -0,0 +1,76 @@
#!/usr/bin/env python
""" Nagios check for haproxy over-subscription.
fedmsg-gateway is the primary concern as it can eat up a ton of simultaneous
connections.
:Author: Ralph Bean <rbean@redhat.com>
"""
import socket
import sys
def _numeric(value):
""" Type casting utility """
try:
return int(value)
except ValueError:
try:
return float(value)
except ValueError:
return value
def query(sockname="/var/run/haproxy-stat"):
""" Read stats from the haproxy socket and return a dict """
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
s.connect("/var/run/haproxy-stat")
s.send('show info\n')
try:
response = s.recv(1024).strip()
lines = response.split('\n')
data = dict([map(str.strip, line.split(':')) for line in lines])
data = dict([(k, _numeric(v)) for k, v in data.items()])
return data
except Exception, e:
print str(e)
finally:
s.close()
return None
def nagios_check(data):
""" Print warnings and return nagios exit codes. """
current = data['CurrConns']
maxconn = data['Maxconn']
percent = 100 * float(current) / float(maxconn)
details = "%.2f%% subscribed. %i current of %i maxconn." % (
percent, current, maxconn,
)
if percent < 50:
print "HAPROXY SUBS OK: " + details
return 0
if percent < 75:
print "HAPROXY SUBS WARN: " + details
return 1
if percent <= 100:
print "HAPROXY SUBS CRIT: " + details
return 2
print "HAPROXY SUBS UNKNOWN: " + details
return 3
if __name__ == '__main__':
try:
data = query(sockname="/var/run/haproxy-stat")
except Exception as e:
print "HAPROXY SUBS UNKNOWN: " + str(e)
sys.exit(3)
sys.exit(nagios_check(data))

387
roles/nagios_server/files/plugins/check_imap_receive_epn Normal file
View file

@ -0,0 +1,387 @@
#!/usr/bin/perl
use strict;
my $VERSION = '0.6.0';
my $COPYRIGHT = 'Copyright (C) 2005-2008 Jonathan Buhacoff <jonathan@buhacoff.net>';
my $LICENSE = 'http://www.gnu.org/licenses/gpl.txt';
my %status = ( 'OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3 );
# look for required modules
exit $status{UNKNOWN} unless load_modules(qw/Getopt::Long Mail::IMAPClient/);
# get options from command line
Getopt::Long::Configure("bundling");
my $verbose = 0;
my $help = "";
my $help_usage = "";
my $show_version = "";
my $imap_server = "";
my $default_imap_port = "143";
my $default_imap_ssl_port = "993";
my $imap_port = "";
my $username = "";
my $password = "";
my $mailbox = "INBOX";
my @search = ();
my $search_critical_min = 1;
my $capture_max = "";
my $capture_min = "";
my $delete = 1;
my $no_delete_captured = "";
my $warntime = 15;
my $criticaltime = 30;
my $timeout = 60;
my $interval = 5;
my $max_retries = 10;
my $download = "";
my $download_max = "";
my $ssl = 0;
my $tls = 0;
my $ok;
$ok = Getopt::Long::GetOptions(
"V|version"=>\$show_version,
"v|verbose+"=>\$verbose,"h|help"=>\$help,"usage"=>\$help_usage,
"w|warning=i"=>\$warntime,"c|critical=i"=>\$criticaltime,"t|timeout=i"=>\$timeout,
# imap settings
"H|hostname=s"=>\$imap_server,"p|port=i"=>\$imap_port,
"U|username=s"=>\$username,"P|password=s"=>\$password, "m|mailbox=s"=>\$mailbox,
"imap-check-interval=i"=>\$interval,"imap-retries=i"=>\$max_retries,
"ssl!"=>\$ssl, "tls!"=>\$tls,
# search settings
"s|search=s"=>\@search,
"search-critical-min=i"=>\$search_critical_min,
"capture-max=s"=>\$capture_max, "capture-min=s"=>\$capture_min,
"delete!"=>\$delete, "nodelete-captured"=>\$no_delete_captured,
"download!"=>\$download, "download_max=i"=>\$download_max,
);
if( $show_version ) {
print "$VERSION\n";
if( $verbose ) {
print "Default warning threshold: $warntime seconds\n";
print "Default critical threshold: $criticaltime seconds\n";
print "Default timeout: $timeout seconds\n";
}
exit $status{UNKNOWN};
}
if( $help ) {
exec "perldoc", $0 or print "Try `perldoc $0`\n";
exit $status{UNKNOWN};
}
my @required_module = ();
push @required_module, 'IO::Socket::SSL' if ($ssl or $tls);
push @required_module, 'Email::Simple' if ($download);
exit $status{UNKNOWN} unless load_modules(@required_module);
if( $help_usage
||
( $imap_server eq "" || $username eq "" || $password eq "" || scalar(@search)==0 )
) {
print "Usage: $0 -H host [-p port] -U username -P password -s HEADER -s X-Nagios -s 'ID: 1234.' [-w <seconds>] [-c <seconds>] [--imap-check-interval <seconds>] [--imap-retries <tries>]\n";
exit $status{UNKNOWN};
}
# initialize
my $report = new PluginReport;
my $time_start = time;
# connect to IMAP server
my $imap;
eval {
local $SIG{ALRM} = sub { die "exceeded timeout $timeout seconds\n" }; # NB: \n required, see `perldoc -f alarm`
alarm $timeout;
if( $ssl ) {
$imap_port = $default_imap_ssl_port unless $imap_port;
my $socket = IO::Socket::SSL->new("$imap_server:$imap_port");
die IO::Socket::SSL::errstr() unless $socket;
$socket->autoflush(1);
$imap = Mail::IMAPClient->new(Socket=>$socket, Debug => 0 );
$imap->State(Mail::IMAPClient->Connected);
$imap->_read_line() if "$Mail::IMAPClient::VERSION" le "2.2.9"; # necessary to remove the server's "ready" line from the input buffer for old versions of Mail::IMAPClient. Using string comparison for the version check because the numeric didn't work on Darwin and for Mail::IMAPClient the next version is 2.3.0 and then 3.00 so string comparison works
$imap->User($username);
$imap->Password($password);
$imap->login() or die "$@";
}
elsif( $tls ) {
# XXX THIS PART IS NOT DONE YET ... NEED TO OPEN A REGULAR IMAP CONNECTION, THEN ISSUE THE "STARTTLS" COMMAND MANUALLY, SWITCHING THE SOCKET TO IO::SOCKET::SSL, AND THEN GIVING IT BACK TO MAIL::IMAPCLIENT ...
$imap_port = $default_imap_port unless $imap_port;
$imap = Mail::IMAPClient->new(Debug => 0 );
$imap->Server("$imap_server:$imap_port");
$imap->User($username);
$imap->Password($password);
$imap->connect() or die "$@";
}
else {
$imap_port = $default_imap_port unless $imap_port;
$imap = Mail::IMAPClient->new(Debug => 0 );
$imap->Server("$imap_server:$imap_port");
$imap->User($username);
$imap->Password($password);
$imap->connect() or die "$@";
}
alarm 0;
};
if( $@ ) {
chomp $@;
print "IMAP RECEIVE CRITICAL - Could not connect to $imap_server port $imap_port: $@\n";
exit $status{CRITICAL};
}
unless( $imap ) {
print "IMAP RECEIVE CRITICAL - Could not connect to $imap_server port $imap_port: $@\n";
exit $status{CRITICAL};
}
my $time_connected = time;
# select a mailbox
unless( $imap->select($mailbox) ) {
print "IMAP RECEIVE CRITICAL - Could not select $mailbox: $@ $!\n";
$imap->logout();
exit $status{CRITICAL};
}
# search for messages
my $tries = 0;
my @msgs;
until( scalar(@msgs) != 0 || $tries >= $max_retries ) {
eval {
$imap->select( $mailbox );
# if download flag is on, we download recent messages and search ourselves
if( $download ) {
@msgs = download_and_search($imap,@search);
}
else {
@msgs = $imap->search(@search);
die "Invalid search parameters: $@" if $@;
}
};
if( $@ ) {
chomp $@;
print "Cannot search messages: $@\n";
$imap->close();
$imap->logout();
exit $status{UNKNOWN};
}
$report->{found} = scalar(@msgs);
$tries++;
sleep $interval unless (scalar(@msgs) != 0 || $tries >= $max_retries);
}
sub download_and_search {
my ($imap,@search) = @_;
my $ims = new ImapMessageSearch;
$ims->querytokens(@search);
my @found = ();
@msgs = $imap->messages or die "Cannot list messages: $@\n";
@msgs = @msgs[0..$download_max-1] if $download_max;
foreach my $m (@msgs) {
my $message = $imap->message_string($m);
push @found, $m if $ims->match($message);
}
return @found;
}
# capture data in messages
my $captured_max_id = "";
my $captured_min_id = "";
if( $capture_max || $capture_min ) {
my $max = undef;
my $min = undef;
my %captured = ();
for (my $i=0;$i < scalar(@msgs); $i++) {
my $message = $imap->message_string($msgs[$i]);
if( $message =~ m/$capture_max/ ) {
if( !defined($max) || $1 > $max ) {
$captured{ $i } = 1;
$max = $1;
$captured_max_id = $msgs[$i];
}
}
if( $message =~ m/$capture_min/ ) {
if( !defined($min) || $1 < $min ) {
$captured{ $i } = 1;
$min = $1;
$captured_min_id = $msgs[$i];
}
}
print $message if $verbose > 1;
}
$report->{captured} = scalar keys %captured;
$report->{max} = $max if defined $max;
$report->{min} = $min if defined $min;
}
# delete messages
if( $delete ) {
my $deleted = 0;
for (my $i=0;$i < scalar(@msgs); $i++) {
next if ($no_delete_captured && ($captured_max_id eq $msgs[$i]));
next if ($no_delete_captured && ($captured_min_id eq $msgs[$i]));
$imap->delete_message($msgs[$i]);
$deleted++;
}
$report->{deleted} = $deleted;
$imap->expunge() if $deleted;
}
# deselect the mailbox
$imap->close();
# disconnect from IMAP server
$imap->logout();
# calculate elapsed time and issue warnings
my $time_end = time;
my $elapsedtime = $time_end - $time_start;
$report->{seconds} = $elapsedtime;
my @warning = ();
my @critical = ();
push @warning, "no messages" if( scalar(@msgs) == 0 );
push @critical, "found less than $search_critical_min" if ( scalar(@msgs) < $search_critical_min );
push @warning, "connection time more than $warntime" if( $time_connected - $time_start > $warntime );
push @critical, "connection time more than $criticaltime" if( $time_connected - $time_start > $criticaltime );
# print report and exit with known status
my $short_report = $report->text(qw/seconds found captured max min deleted/);
if( scalar @critical ) {
my $crit_alerts = join(", ", @critical);
print "IMAP RECEIVE CRITICAL - $crit_alerts; $short_report\n";
exit $status{CRITICAL};
}
if( scalar @warning ) {
my $warn_alerts = join(", ", @warning);
print "IMAP RECEIVE WARNING - $warn_alerts; $short_report\n";
exit $status{WARNING};
}
print "IMAP RECEIVE OK - $short_report\n";
exit $status{OK};
# utility to load required modules. exits if unable to load one or more of the modules.
sub load_modules {
my @missing_modules = ();
foreach( @_ ) {
eval "require $_";
push @missing_modules, $_ if $@;
}
if( @missing_modules ) {
print "Missing perl modules: @missing_modules\n";
return 0;
}
return 1;
}
# NAME
# PluginReport
# SYNOPSIS
# $report = new PluginReport;
# $report->{label1} = "value1";
# $report->{label2} = "value2";
# print $report->text(qw/label1 label2/);
package PluginReport;
sub new {
my ($proto,%p) = @_;
my $class = ref($proto) || $proto;
my $self = bless {}, $class;
$self->{$_} = $p{$_} foreach keys %p;
return $self;
}
sub text {
my ($self,@labels) = @_;
my @report = map { "$self->{$_} $_" } grep { defined $self->{$_} } @labels;
my $text = join(", ", @report);
return $text;
}
package ImapMessageSearch;
require Email::Simple;
sub new {
my ($proto,%p) = @_;
my $class = ref($proto) || $proto;
my $self = bless {}, $class;
$self->{querystring} = [];
$self->{querytokens} = [];
$self->{queryfnlist} = [];
$self->{mimemessage} = undef;
$self->{$_} = $p{$_} foreach keys %p;
return $self;
}
sub querystring {
my ($self,$string) = @_;
$self->{querystring} = $string;
return $self->querytokens( parseimapsearch($string) );
}
sub querytokens {
my ($self,@tokens) = @_;
$self->{querytokens} = [@tokens];
$self->{queryfnlist} = [create_search_expressions(@search)];
return $self;
}
sub match {
my ($self,$message_string) = @_;
my $message_mime = Email::Simple->new($message_string);
return $self->matchmime($message_mime);
}
sub matchmime {
my ($self,$message_mime) = @_;
my $match = 1;
foreach my $x (@{$self->{queryfnlist}}) {
$match = $match and $x->($message_mime);
}
return $match;
}
# this should probably become its own Perl module... see also Net::IMAP::Server::Command::Search
sub create_search_expressions {
my (@search) = @_;
return () unless scalar(@search);
my $token = shift @search;
if( $token eq 'TEXT' ) {
my $value = shift @search;
return (sub {shift->as_string =~ /\Q$value\E/i},create_search_expressions(@search));
}
if( $token eq 'BODY' ) {
my $value = shift @search;
return (sub {shift->body =~ /\Q$value\E/i},create_search_expressions(@search));
}
if( $token eq 'SUBJECT' ) {
my $value = shift @search;
return (sub {shift->header('Subject') =~ /\Q$value\E/i},create_search_expressions(@search));
}
if( $token eq 'HEADER' ) {
my $name = shift @search;
my $value = shift @search;
return (sub {shift->header($name) =~ /\Q$value\E/i},create_search_expressions(@search));
}
if( $token eq 'NOT' ) {
my @exp = create_search_expressions(@search);
my $next = shift @exp;
return (sub { ! $next->(@_) }, @exp);
}
if( $token eq 'OR' ) {
my @exp = create_search_expressions(@search);
my $next1 = shift @exp;
my $next2 = shift @exp;
return (sub { $next1->(@_) or $next2->(@_) }, @exp);
}
}
package main;
1;

99
roles/nagios_server/files/plugins/check_ipmi Executable file
View file

@ -0,0 +1,99 @@
#!/usr/bin/python
# mmcgrath#redhat.com
# Aug 08 2007
# License: GPL
from optparse import OptionParser
import commands
import sys
parser = OptionParser(version='0.1')
parser.add_option('-t', '--temperature',
dest = 'temp',
default = False,
action = 'store_true',
help = 'Check Temperatures')
parser.add_option('-f', '--fans',
dest = 'fans',
default = False,
action = 'store_true',
help = 'Check Fans')
(opts, args) = parser.parse_args()
class ipmiValue:
def __init__(self, param='', value='', status=''):
self.param = param
try:
self.value = (int(value.split(' ')[0], 10) * 9) / 5 + 32
except ValueError:
self.value = value
self.status = status
class ipmi:
def __init__(self):
self.rawOutput = commands.getstatusoutput('/usr/bin/ipmitool sdr')[1].split('\n')
self.sdr = []
for i in self.rawOutput:
try:
param = i.split('|')[0].strip()
value = i.split('|')[1].strip()
status = i.split('|')[2].strip()
self.sdr.append(ipmiValue(param, value, status))
except IndexError:
print "ERROR - Invalid output from ipmi tool (is it installed? /usr/bin/ipmitool)"
sys.exit(3)
def temps(self):
''' Return Known Temperatures '''
temps = []
for i in self.sdr:
if i.param.find('Temp') != -1 and i.status.find('ns') == -1:
temps.append(i)
return temps
def fans(self):
''' Return Known Fan Speeds '''
temps = []
for i in self.sdr:
if i.param.find('FAN') != -1 and i.status.find('ns') == -1:
temps.append(i)
return temps
str = False
exitCode = 0
if opts.temp:
ok=True
str='Temps (F)'
i = ipmi()
for temp in i.temps():
str = '%s:%s' % (str, temp.value)
if temp.status != 'ok':
ok=temp.status
if ok:
str = str + ' OK!'
else:
str = str + ' %s' % ok
exitCode = 2
if opts.fans:
ok=True
str='Fans (RPM)'
i = ipmi()
for fan in i.fans():
str = '%s:%s' % (str, fan.value)
if fan.status != 'ok':
ok=fan.status
if ok:
str = str + ' OK!'
else:
str = str + ' %s' % ok
exitCode = 2
if str:
print str
sys.exit(0)
else:
print 'Please see -h for help'
sys.exit(2)

19
roles/nagios_server/files/plugins/check_koji Executable file
View file

@ -0,0 +1,19 @@
#!/bin/bash
FAILURES=$(/usr/bin/wget -q --no-check-certificate -O- http://koji03.phx2.fedoraproject.org/koji/builds | /bin/grep -c failed.png)
WARNING=20
CRITICAL=25
if [ $FAILURES -gt $CRITICAL ]
then
echo "Koji: CRITICAL failed builds: $FAILURES"
exit 2
elif [ $FAILURES -gt $WARNING ]
then
echo "Koji: WARNING failed builds: $FAILURES"
exit 1
else
echo "Koji: OK failed builds: $FAILURES"
exit 0
fi

17
roles/nagios_server/files/plugins/check_lock Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/python
import fcntl
import sys
try:
f = open('/mnt/koji/.nagios_test', 'r')
f.close()
f = open('/mnt/koji/.nagios_test', 'w')
except IOError:
print "Could not create file"
sys.exit(2)
fcntl.flock(f, fcntl.LOCK_EX)
f.close()
print "File Locked Successfully"
sys.exit(0)

123
roles/nagios_server/files/plugins/check_lock_file_age Executable file
View file

@ -0,0 +1,123 @@
#! /usr/bin/perl -w
# check_lock_file_age.pl Copyright (C) 2010 Ricky Elrod <codeblock@fedoraproject.org>
#
# Fork of check_file_age.pl
#
# Checks a lock file's size and modification time to make sure it's not empty
# and that it's sufficiently recent.
#
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty
# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# you should have received a copy of the GNU General Public License
# along with this program (or with Nagios); if not, write to the
# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA
use strict;
use English;
use Getopt::Long;
use File::stat;
use vars qw($PROGNAME);
use lib "/usr/lib/nagios/plugins";
use utils qw (%ERRORS &print_revision &support);
sub print_help ();
sub print_usage ();
my ($opt_c, $opt_f, $opt_w, $opt_h, $opt_V);
my ($result, $message, $age, $size, $st);
$PROGNAME="check_lock_file_age";
$opt_w = 1;
$opt_c = 5;
$opt_f = "";
Getopt::Long::Configure('bundling');
GetOptions(
"V" => \$opt_V, "version" => \$opt_V,
"h" => \$opt_h, "help" => \$opt_h,
"f=s" => \$opt_f, "file" => \$opt_f,
"w=f" => \$opt_w, "warning-age=f" => \$opt_w,
"c=f" => \$opt_c, "critical-age=f" => \$opt_c);
if ($opt_V) {
print_revision($PROGNAME, '1.4.14');
exit $ERRORS{'OK'};
}
if ($opt_h) {
print_help();
exit $ERRORS{'OK'};
}
if (($opt_c and $opt_w) and ($opt_c < $opt_w)) {
print "Warning time must be less than Critical time.\n";
exit $ERRORS{'UNKNOWN'};
}
$opt_f = shift unless ($opt_f);
if (! $opt_f) {
print "LOCK_FILE_AGE UNKNOWN: No file specified\n";
exit $ERRORS{'UNKNOWN'};
}
# Check that file exists (can be directory or link)
unless (-e $opt_f) {
print "LOCK_FILE_AGE OK: File not found (Lock file removed) - $opt_f\n";
exit $ERRORS{'OK'};
}
$st = File::stat::stat($opt_f);
$age = time - $st->mtime;
$result = 'OK';
# Convert minutes to seconds
if($opt_c) { $opt_c *= 60; }
if($opt_w) { $opt_w *= 60; }
if ($opt_c and $age > $opt_c) {
$result = 'CRITICAL';
}
elsif ($opt_w and $age > $opt_w) {
$result = 'WARNING';
}
# If the age is higher than 2 minutes, convert seconds -> minutes
# If it's higher than a day, use days.
# Just a nicety, to make people not have to do math ;)
if($age > 86400) { $age = int(($age/86400))." days"; }
elsif($age > 120) { $age = int(($age/60))." minutes"; }
else { $age = "$age seconds"; }
print "LOCK_FILE_AGE $result: $opt_f is $age old.\n";
exit $ERRORS{$result};
sub print_usage () {
print "Usage:\n";
print " $PROGNAME [-w <secs>] [-c <secs>] -f <file>\n";
print " $PROGNAME [-h | --help]\n";
print " $PROGNAME [-V | --version]\n";
}
sub print_help () {
print_revision($PROGNAME, '1.4.14');
print "Copyright (c) 2010 Ricky Elrod\n\n";
print_usage();
print "\n";
print " <mins> File must be no more than this many minutes old (default: warn 1m, crit 5m)\n";
print "\n";
support();
}

49
roles/nagios_server/files/plugins/check_postfix_queue Executable file
View file

@ -0,0 +1,49 @@
#!/bin/bash
#
# 19-07-2010
# Author: Cherwin Nooitmeer <cherwin@gmail.com>
#
# exit codes
e_ok=0
e_warning=1
e_critical=2
e_unknown=3
# regular expression that matches queue IDs (e.g. D71EF7AC80F8)
queue_id='^[A-F0-9][A-F0-9][A-F0-9][A-F0-9][A-F0-9][A-F0-9][A-F0-9][A-F0-9][A-F0-9][A-F0-9]'
usage="Invalid command line usage"
if [ -z $1 ]; then
echo $usage
exit $e_unknown
fi
while getopts ":w:c:" options
do
case $options in
w ) warning=$OPTARG ;;
c ) critical=$OPTARG ;;
* ) echo $usage
exit $e_unknown ;;
esac
done
# determine queue size
qsize=$(mailq | egrep -c $queue_id)
if [ -z $qsize ]
then
exit $e_unknown
fi
if [ $qsize -ge $critical ]; then
retval=$e_critical
elif [ $qsize -ge $warning ]; then
retval=$e_warning
elif [ $qsize -lt $warning ]; then
retval=$e_ok
fi
echo "$qsize mail(s) in queue | mail_queue=$qsize"
exit $retval

45
roles/nagios_server/files/plugins/check_raid.py Executable file
View file

@ -0,0 +1,45 @@
#!/usr/bin/env python
#
# very simple python script to parse out /proc/mdstat
# and give results for nagios to monitor
#
import sys
import string
devices = []
try:
mdstat = string.split(open('/proc/mdstat').read(), '\n')
except IOError:
# seems we have no software raid on this machines
sys.exit(0)
error = ""
i = 0
for line in mdstat:
if line[0:2] == 'md':
device = string.split(line)[0]
devices.append(device)
status = string.split(mdstat[i+1])[3]
if string.count(status, "_"):
# see if we can figure out what's going on
err = string.split(mdstat[i+2])
msg = "device=%s status=%s" % (device, status)
if len(err) > 0:
msg = msg + " rebuild=%s" % err[0]
if not error:
error = msg
else:
error = error + ", " + msg
i = i + 1
if not error:
print "DEVICES %s OK" % " ".join(devices)
sys.exit(0)
else:
print error
sys.exit(2)

84
roles/nagios_server/files/plugins/check_readonly_fs Executable file
View file

@ -0,0 +1,84 @@
#!/bin/bash
# check_readonlyfs: Check for readonly filesystems
# Copyright (C) 2010 Davide Madrisan <davide.madrisan@gmail.com>
PROGNAME=`/bin/basename $0`
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION=`echo '$Revision: 1 $' | sed -e 's/[^0-9.]//g'`
. $PROGPATH/utils.sh
print_usage() {
echo "Usage: $PROGNAME --no-network-fs"
echo "Usage: $PROGNAME --help"
echo "Usage: $PROGNAME --version"
}
print_help() {
print_revision $PROGNAME $REVISION
echo ""
print_usage
echo ""
echo "readonly filesystem checker plugin for Nagios"
echo ""
support
}
NETFS=1
# Grab the command line arguments
exitstatus=$STATE_WARNING #default
while test -n "$1"; do
case "$1" in
--help|-h)
print_help
exit $STATE_OK
;;
--version|-V)
print_revision $PROGNAME $REVISION
exit $STATE_OK
;;
--no-network-fs|-n)
NETFS="0"
;;
*)
echo "Unknown argument: $1"
print_usage
exit $STATE_UNKNOWN
;;
esac
shift
done
[ -r /proc/mounts ] || { echo "cannot read /proc/mounts!"; exit $STATE_UNKNOWN; }
nerr=0
IFS_SAVE="$IFS"
rofs_list=""
while read dev mp fs mopt ignore; do
[ "$dev" = none ] && continue
case $fs in binfmt_misc|devpts|iso9660|proc|selinuxfs|rpc_pipefs|sysfs|tmpfs|usbfs)
continue ;;
esac
case $fs in autofs|nfs|nfs4|smbfs)
# skip the network filesystems
[ "$NETFS" = 0 ] && continue ;;
esac
IFS=","; set -- $mopt; IFS="$IFS_SAVE"
while :; do
case "$1" in
ro) rofs_list="$rofs_list $mp"; nerr=$(( $nerr + 1 )) ;;
"") shift; break ;;
esac
shift
done
done < <(LC_ALL=C /bin/cat /proc/mounts 2>/dev/null)
[ $nerr -eq 0 ] && { echo OK; exit $STATE_OK; } || echo "$rofs_list: read only fs"
exit $exitstatus

290
roles/nagios_server/files/plugins/check_smtp_send_epn Normal file
View file

@ -0,0 +1,290 @@
#!/usr/bin/perl
use strict;
my $VERSION = '0.4.5';
my $COPYRIGHT = 'Copyright (C) 2005-2008 Jonathan Buhacoff <jonathan@buhacoff.net>';
my $LICENSE = 'http://www.gnu.org/licenses/gpl.txt';
my %status = ( 'OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3 );
# look for required modules
exit $status{UNKNOWN} unless load_modules(qw/Getopt::Long Net::SMTP/);
Getopt::Long::Configure("bundling");
my $verbose = 0;
my $help = "";
my $help_usage = "";
my $show_version = "";
my $smtp_server = "";
my $default_smtp_port = "25";
my $default_smtp_ssl_port = "465";
my $default_smtp_tls_port = "587";
my $smtp_port = "";
my @mailto = ();
my $mailfrom = "";
my @header = ();
my $body = "";
my $stdin = "";
my $expect_response = "250";
my $warntime = 15;
my $criticaltime = 30;
my $timeout = 60;
my $tls = 0;
my $ssl = 0;
my $auth_method = undef;
my $username = "";
my $password = "";
my $ok;
$ok = Getopt::Long::GetOptions(
"V|version"=>\$show_version,
"v|verbose+"=>\$verbose,"h|help"=>\$help,"usage"=>\$help_usage,
"w|warning=i"=>\$warntime,"c|critical=i"=>\$criticaltime,"t|timeout=i"=>\$timeout,
# smtp settings
"H|hostname=s"=>\$smtp_server,"p|port=i"=>\$smtp_port,
"mailto=s"=>\@mailto, "mailfrom=s",\$mailfrom,
"header=s"=>\@header, "body=s"=>\$body, "stdin"=>\$stdin,
# SSL/TLS/auth options
"tls!"=>\$tls, "ssl!"=>\$ssl, "auth=s"=>\$auth_method,
"U|username=s"=>\$username,"P|password=s"=>\$password,
# Server response
"E|expect-response=s"=>\$expect_response,
);
if( $show_version ) {
print "$VERSION\n";
if( $verbose ) {
print "Default warning threshold: $warntime seconds\n";
print "Default critical threshold: $criticaltime seconds\n";
print "Default timeout: $timeout seconds\n";
}
exit $status{UNKNOWN};
}
if( $help ) {
exec "perldoc", $0 or print "Try `perldoc $0`\n";
exit $status{UNKNOWN};
}
my @required_module = ();
push @required_module, 'Net::SMTP::SSL' if $ssl;
push @required_module, ('MIME::Base64','Authen::SASL') if $ssl && $username;
push @required_module, 'Net::SMTP::TLS' if $tls;
push @required_module, 'Net::SMTP_auth' if $auth_method;
exit $status{UNKNOWN} unless load_modules(@required_module);
# split up @mailto if commas were used instead of multiple options
@mailto = split(/,/,join(',',@mailto));
if( $help_usage ||
(
$smtp_server eq "" || scalar(@mailto)==0 || $mailfrom eq ""
)
) {
print "Usage: $0 -H host [-p port] --mailto recipient\@your.net [--mailto recipient2\@your.net ...] --mailfrom sender\@your.net --body 'some text' [-w <seconds>] [-c <seconds>]\n";
exit $status{UNKNOWN};
}
# initialize
my $report = new PluginReport;
my $time_start = time;
my $actual_response = undef;
my @warning = ();
my @critical = ();
# connect to SMTP server
# create the smtp handle using Net::SMTP, Net::SMTP::SSL, or Net::SMTP::TLS
my $smtp;
eval {
if( $tls ) {
$smtp_port = $default_smtp_tls_port unless $smtp_port;
$smtp = Net::SMTP::TLS->new($smtp_server, Timeout=>$timeout, Port=>$smtp_port, User=>$username, Password=>$password);
}
elsif( $ssl ) {
$smtp_port = $default_smtp_ssl_port unless $smtp_port;
$smtp = Net::SMTP::SSL->new($smtp_server, Port => $smtp_port, Timeout=>$timeout,Debug=>0);
if( $smtp && $username ) {
$smtp->auth($username, $password);
}
}
elsif( $auth_method ) {
$smtp_port = $default_smtp_port unless $smtp_port;
$smtp = Net::SMTP_auth->new($smtp_server, Port=>$smtp_port, Timeout=>$timeout,Debug=>0);
if( $smtp ) {
$smtp->auth($auth_method, $username, $password);
}
}
else {
$smtp_port = $default_smtp_port unless $smtp_port;
$smtp = Net::SMTP->new($smtp_server, Port=>$smtp_port, Timeout=>$timeout,Debug=>0);
if( $smtp && $username ) {
$smtp->auth($username, $password);
}
}
};
if( $@ ) {
$@ =~ s/\n/ /g; # the error message can be multiline but we want our output to be just one line
print "SMTP SEND CRITICAL - $@\n";
exit $status{CRITICAL};
}
unless( $smtp ) {
print "SMTP SEND CRITICAL - Could not connect to $smtp_server port $smtp_port\n";
exit $status{CRITICAL};
}
my $time_connected = time;
# add the monitored server's banner to the report
if( $tls ) {
$report->{banner} = "";
}
elsif( $ssl ) {
$report->{banner} = $smtp->banner || "";
chomp $report->{banner};
}
else {
$report->{banner} = $smtp->banner || "";
chomp $report->{banner};
}
# send email
if( $stdin ) {
$body = "";
while(<STDIN>) {
$body .= $_;
}
}
$smtp->mail($mailfrom);
foreach( @mailto ) {
# the two SMTP modules have different error reporting mechanisms:
if( $tls ) {
# Net::SMTP::TLS croaks when the recipient is rejected
eval {
$smtp->to($_);
};
if( $@ ) {
print "SMTP SEND CRITICAL - Could not send to $_\n";
exit $status{CRITICAL};
}
}
else {
# Net::SMTP returns false when the recipient is rejected
my $to_returned = $smtp->to($_);
if( !$to_returned ) {
print "SMTP SEND CRITICAL - Could not send to $_\n";
exit $status{CRITICAL};
}
}
}
# Net::SMTP::TLS doesn't implement code() so we need to wrap calls in eval to get our error messages
# start data transfer (expect response 354)
$smtp->data();
# send data
$smtp->datasend("To: ".join(", ",@mailto)."\n");
$smtp->datasend("From: $mailfrom\n");
foreach( @header ) {
$smtp->datasend("$_\n");
}
$smtp->datasend("\n");
$smtp->datasend($body);
$smtp->datasend("\n");
eval {
# end data transfer (expect response 250)
$smtp->dataend();
};
if( $@ ) {
$actual_response = $tls ? get_tls_error($@) : $smtp->code();
}
else {
$actual_response = $tls ? "250" : $smtp->code(); # no error means we got 250
}
eval {
# disconnect from SMTP server (expect response 221)
$smtp->quit();
};
if( $@ ) {
push @warning, "Error while disconnecting from $smtp_server";
}
# calculate elapsed time and issue warnings
my $time_end = time;
my $elapsedtime = $time_end - $time_start;
$report->{seconds} = $elapsedtime;
push @warning, "connection time more than $warntime" if( $time_connected - $time_start > $warntime );
push @critical, "connection time more than $criticaltime" if( $time_connected - $time_start > $criticaltime );
push @critical, "response was $actual_response but expected $expect_response" if ( $actual_response ne $expect_response );
# print report and exit with known status
my $short_report = $report->text(qw/seconds/);
my $long_report = join("", map { "$_: $report->{$_}\n" } qw/banner/ );
if( scalar @critical ) {
my $crit_alerts = join(", ", @critical);
print "SMTP SEND CRITICAL - $crit_alerts; $short_report\n";
print $long_report if $verbose;
exit $status{CRITICAL};
}
if( scalar @warning ) {
my $warn_alerts = join(", ", @warning);
print "SMTP SEND WARNING - $warn_alerts; $short_report\n";
print $long_report if $verbose;
exit $status{WARNING};
}
print "SMTP SEND OK - $short_report\n";
print $long_report if $verbose;
exit $status{OK};
# utility to load required modules. exits if unable to load one or more of the modules.
sub load_modules {
my @missing_modules = ();
foreach( @_ ) {
eval "require $_";
push @missing_modules, $_ if $@;
}
if( @missing_modules ) {
print "Missing perl modules: @missing_modules\n";
return 0;
}
return 1;
}
# utility to extract error codes out of Net::SMTP::TLS croak messages
sub get_tls_error {
my ($errormsg) = @_;
$errormsg =~ m/: (\d+) (.+)/;
my $code = $1;
return $code;
}
# NAME
# PluginReport
# SYNOPSIS
# $report = new PluginReport;
# $report->{label1} = "value1";
# $report->{label2} = "value2";
# print $report->text(qw/label1 label2/);
package PluginReport;
sub new {
my ($proto,%p) = @_;
my $class = ref($proto) || $proto;
my $self = bless {}, $class;
$self->{$_} = $p{$_} foreach keys %p;
return $self;
}
sub text {
my ($self,@labels) = @_;
my @report = map { "$self->{$_} $_" } grep { defined $self->{$_} } @labels;
my $text = join(", ", @report);
return $text;
}
package main;
1;

108
roles/nagios_server/files/plugins/check_supybot_plugin Executable file
View file

@ -0,0 +1,108 @@
#!/usr/bin/env python
""" check_supybot_plugin -- ensure that a plugin is loaded by supybot.
Run like:
check_supybot_plugin --target fedmsg
check_supybot_plugin --target koji --debug
"""
import argparse
import sys
import socket
import string
import uuid
def process_args():
parser = argparse.ArgumentParser()
parser.add_argument(
'-t', '--target', default=None, dest='target',
help="Required. The plugin we're looking for."
)
parser.add_argument(
'-n', '--nick', default=None, dest='nick',
help="NICK to use when connecting to freenode.",
)
parser.add_argument(
'-d', '--debug', default=False, action='store_true',
help='Print out debug information.', dest='debug',
)
parser.add_argument(
'-H', '--host', default='irc.freenode.net',
help='Host to connect to.', dest='host',
)
parser.add_argument(
'-p', '--port', default=6667, type=int,
help='Host to connect to.', dest='port',
)
return parser.parse_args()
args = process_args()
# Use a random nick so people can't mess with us
if not args.nick:
args.nick = 'nrpe-' + str(uuid.uuid4()).split('-')[0]
name = "NRPE Bot"
readbuffer = ""
if not args.target:
print "UNKNOWN: No 'target' specified."
sys.exit(3)
args.target = args.target.lower()
if args.debug:
print "connecting to %s/%i" % (args.host, args.port)
try:
s = socket.socket()
s.connect((args.host, args.port))
if args.debug:
print "as %s/%s (%s)" % (args.nick, args.nick, name)
s.send("nick %s\r\n" % args.nick)
s.send("USER %s %s bla :%s\r\n" % (args.nick, args.host, name))
while 1:
readbuffer = readbuffer+s.recv(1024)
temp = string.split(readbuffer, "\n")
readbuffer = temp.pop()
for line in temp:
line = string.rstrip(line)
if args.debug:
print " * ", line
line = string.split(line)
if line[1] == 'MODE':
msg = "privmsg zodbot :list\r\n"
if args.debug:
print "sending:"
print " ->", msg
s.send(msg)
if line[1] == 'PRIVMSG':
if args.debug:
print "Got our response.."
plugins = map(str.lower, ' '.join(line[3:][1:]).split(', '))
if args.target in plugins:
print "OK"
s.send("QUIT")
sys.exit(0)
else:
print "CRITICAL: %r not loaded by supybot" % args.target
s.send("QUIT")
sys.exit(2)
except Exception as e:
print "UNKNOWN: ", str(e)
if args.debug:
raise
sys.exit(3)

17
roles/nagios_server/files/plugins/check_tape Normal file
View file

@ -0,0 +1,17 @@
#!/bin/bash
CODE=$(snmpwalk -v 1 -c public tape01.phx2.fedoraproject.org 1.3.6.1.4.1.674.10893.2.102.2.1 | awk '{print $4}')
WARNING=4
if [ $CODE -gt $WARNING ]
then
echo "Tape: CRITICAL global status: $CODE"
exit 2
elif [ $CODE -eq $WARNING ]
then
echo "Tape: WARNING global status: $CODE"
exit 1
else
echo "Tape: OK global status: $CODE"
exit 0
fi

73
roles/nagios_server/files/plugins/restart_httpd Executable file
View file

@ -0,0 +1,73 @@
#!/bin/sh
#
# Event handler script for restarting the web server on the local machine
#
# Note: This script will only restart the web server if the service is
# retried 3 times (in a "soft" state) or if the web service somehow
# manages to fall into a "hard" error state.
#
servicestate=$1
servicestatetype=$2
serviceattempt=$3
remotehost=$4
hostalias=$5
servicedesc=$6
servicestate=$7
# What state is the HTTP service in?
case "$servicestate" in
OK)
# The service just came back up, so don't do anything...
;;
WARNING)
# We don't really care about warning states, since the service is probably still running...
;;
UNKNOWN)
# We don't know what might be causing an unknown error, so don't do anything...
;;
CRITICAL)
# Aha! The HTTP service appears to have a problem - perhaps we should restart the server...
# Is this a "soft" or a "hard" state?
case "$servicestatetype" in
# We're in a "soft" state, meaning that Nagios is in the middle of retrying the
# check before it turns into a "hard" state and contacts get notified...
SOFT)
# What check attempt are we on? We don't want to restart the web server on the first
# check, because it may just be a fluke!
case "$serviceattempt" in
# Wait until the check has been tried 2 times before reloading the web server.
# If the check fails on the 4th time (after we restart the web server), the state
# type will turn to "hard" and contacts will be notified of the problem.
# Hopefully this will restart the web server successfully, so the 4th check will
# result in a "soft" recovery. If that happens no one gets notified because we
# fixed the problem!
2)
echo -n "Restarting HTTP service (3rd soft critical state)..."
# Call the init script to restart the HTTPD server
echo "#fedora-noc $hostalias - Attempting to reload httpd. $servicedesc is $servicestate (2nd check)" | /usr/bin/nc -w 1 value03 5050
/usr/lib/nagios/plugins/check_nrpe -H $remotehost -c service_httpd_reload
;;
esac
;;
# The HTTP service somehow managed to turn into a hard error without getting fixed.
# It should have been restarted by the code above, but for some reason it didn't.
# Let's give it one last try, shall we?
# Note: Contacts have already been notified of a problem with the service at this
# point (unless you disabled notifications for this service)
HARD)
echo -n "Restarting HTTP service..."
echo "#fedora-noc $hostalias - Attempting to restart httpd. $servicedesc is $servicestate" | /usr/bin/nc -w 1 value03 5050
# Call the init script to restart the HTTPD server
/usr/lib/nagios/plugins/check_nrpe -H $remotehost -c service_httpd_restart
;;
esac
;;
esac
exit 0

73
roles/nagios_server/files/plugins/restart_rsyslog Executable file
View file

@ -0,0 +1,73 @@
#!/bin/sh
#
# Event handler script for restarting the rsyslog server on the local machine
#
# Note: This script will only restart the web server if the service is
# retried 3 times (in a "soft" state) or if the web service somehow
# manages to fall into a "hard" error state.
#
servicestate=$1
servicestatetype=$2
serviceattempt=$3
remotehost=$4
hostalias=$5
servicedesc=$6
servicestate=$7
# What state is the HTTP service in?
case "$servicestate" in
OK)
# The service just came back up, so don't do anything...
;;
WARNING)
# We don't really care about warning states, since the service is probably still running...
;;
UNKNOWN)
# We don't know what might be causing an unknown error, so don't do anything...
;;
CRITICAL)
# Aha! The rsyslog service appears to have a problem - perhaps we should restart the server...
# Is this a "soft" or a "hard" state?
case "$servicestatetype" in
# We're in a "soft" state, meaning that Nagios is in the middle of retrying the
# check before it turns into a "hard" state and contacts get notified...
SOFT)
# What check attempt are we on? We don't want to restart the web server on the first
# check, because it may just be a fluke!
case "$serviceattempt" in
# Wait until the check has been tried 2 times before reloading the web server.
# If the check fails on the 4th time (after we restart the web server), the state
# type will turn to "hard" and contacts will be notified of the problem.
# Hopefully this will restart the web server successfully, so the 4th check will
# result in a "soft" recovery. If that happens no one gets notified because we
# fixed the problem!
2)
echo -n "Restarting rsyslog service (3rd soft critical state)..."
# Call the init script to restart the rsyslog server
echo "#fedora-noc $hostalias - Attempting to reload rsyslog. $servicedesc is $servicestate (2nd check)" | /usr/bin/nc -w 1 value03 5050
/usr/lib/nagios/plugins/check_nrpe -H $remotehost -c service_rsyslog_reload
;;
esac
;;
# The HTTP service somehow managed to turn into a hard error without getting fixed.
# It should have been restarted by the code above, but for some reason it didn't.
# Let's give it one last try, shall we?
# Note: Contacts have already been notified of a problem with the service at this
# point (unless you disabled notifications for this service)
HARD)
echo -n "Restarting rsyslog service..."
echo "#fedora-noc $hostalias - Attempting to restart rsyslog. $servicedesc is $servicestate" | /usr/bin/nc -w 1 value03 5050
# Call the init script to restart the HTTPD server
/usr/lib/nagios/plugins/check_nrpe -H $remotehost -c service_rsyslog_restart
;;
esac
;;
esac
exit 0

97
roles/nagios_server/files/plugins/xmppsend.py Normal file
View file

@ -0,0 +1,97 @@
#!/usr/bin/python -tt
# skvidal@fedoraproject.org
# gplv2+
#nagios definition
## 'host-notify-by-jabber' command definition
#define command{
# command_name host-notify-by-jabber
# command_line /usr/local/bin/xmppsend -a config.ini "Host '$HOSTALIAS$' is $HOSTSTATE$ - Info : $HOSTOUTPUT$" $CONTACTPAGER$
# }
#
## 'notify-by-jabber' command definition
#define command{
# command_name notify-by-jabber
# command_line /usr/local/bin/xmppsend -a config.ini "$NOTIFICATIONTYPE$ $HOSTNAME$ $SERVICED ESC$ $SERVICESTATE$ $SERVICEOUTPUT$ $LONGDATETIME$" $CONTACTPAGER$
# }
#
# needs a config file to get username/pass/other info format is:
#[xmpp_nagios]
#server=jabber.org
#resource=nagios
#port=5222
#username=yourusername
#password=yourpasssword
defaults = {'server':'jabber.org',
'port':'5222',
'resource':'nagios'}
# until xmppony is inplace
import warnings
warnings.simplefilter("ignore")
import xmpp
from xmpp.protocol import Message
from optparse import OptionParser
import ConfigParser
import sys
import os
parser = OptionParser()
parser.add_option("-a", dest="authfile", default=None, help="file to retrieve username/password/server/port/resource information from")
opts, args = parser.parse_args()
conf = ConfigParser.ConfigParser(defaults=defaults)
if not opts.authfile or not os.path.exists(opts.authfile):
print "no config/auth file specified, can't continue"
sys.exit(1)
conf.read(opts.authfile)
if not conf.has_section('xmpp_nagios') or not conf.has_option('xmpp_nagios', 'username') or not conf.has_option('xmpp_nagios', 'password'):
print "cannot find at least one of: config section 'xmpp_nagios' or username or password"
sys.exit(1)
server = conf.get('xmpp_nagios', 'server')
username = conf.get('xmpp_nagios', 'username')
password = conf.get('xmpp_nagios', 'password')
resource = conf.get('xmpp_nagios', 'resource')
port = conf.get('xmpp_nagios', 'port')
if len(args) < 1:
print "xmppsend message [to whom, multiple args]"
sys.exit(1)
msg = args[0]
msg = msg.replace('\\n', '\n')
c = xmpp.Client(server=server, port=port, debug=[])
con = c.connect()
if not con:
print "Error: could not connect to server: %s:%s" % (c.Server, c.Port)
sys.exit(1)
auth = c.auth(user=username, password=password, resource=resource)
if not auth:
print "Error: Could not authenticate to server: %s:%s" % (c.Server, c.Port)
sys.exit(1)
if len(args) < 2:
r = c.getRoster()
for user in r.keys():
if user == username:
continue
c.send(Message(user, '%s' % msg))
else:
for user in args[1:]:
c.send(Message(user, '%s' % msg))