Merge branch '6723-sudo' into 'master'

6723 sudo See merge request !192

Merge branch '6723-sudo' into 'master'
0f59f79c · Hahn Axel (hahn) · 486a0e1d · 98070025 · 0f59f79c · 0f59f79c
Commit 0f59f79c authored 1 year ago by Hahn Axel (hahn)
--- a/check_ceph_diskfree
+++ b/check_ceph_diskfree
@@ -21,11 +21,12 @@
 # 2023-05-09  v1.3  <axel.hahn@unibe.ch>      add help
 # 2023-06-19  v1.4  <axel.hahn@unibe.ch>      no more tmpfile
 # 2023-07-27  v1.5  <axel.hahn@unibe.ch>      update help page
+# 2023-10-20  v1.6  <axel.hahn@unibe.ch>      harden sudo command execution
 # ======================================================================
 . $(dirname $0)/inc_pluginfunctions
-export self_APPVERSION=1.5
+export self_APPVERSION=1.6
 typeset -i iWarning=0
 typeset -i iCritical=0
@@ -68,7 +69,7 @@ typeset -i iWarnLimit=$(     ph.getValueWithParam 70 w "$@")
 typeset -i iCriticalLimit=$( ph.getValueWithParam 90 c "$@")
-if ! data=$( sudo /bin/ceph df 2>&1 )
+if ! data=$( sudo -n /bin/ceph df 2>&1 )
 then
    echo "$data"
    ph.abort "UNKNOWN: ceph is not available or no sudo permissions to execute ceph commands."

--- a/check_ceph_io
+++ b/check_ceph_io
@@ -19,11 +19,12 @@
 # 2023-05-10  v1.2  <axel.hahn@unibe.ch>  add tests
 # 2023-05-11  v1.3  <axel.hahn@unibe.ch>  handle ceph status without io data in output
 # 2023-07-27  v1.4  <axel.hahn@unibe.ch>  update help page
+# 2023-10-20  v1.5  <axel.hahn@unibe.ch>  harden sudo command execution
 # ======================================================================
 . $(dirname $0)/inc_pluginfunctions
-export self_APPVERSION=1.4
+export self_APPVERSION=1.5
 function showHelp(){
    local _self; _self=$(basename $0)
@@ -87,7 +88,7 @@ else
    ph.require ceph
    # --- get output of ceph
-    if ! CEPHOUT=$( sudo ceph status 2>&1 ); then
+    if ! CEPHOUT=$( sudo -n ceph status 2>&1 ); then
        ph.setStatus "unknown"
        ph.status "no data"
        echo "There is no output from 'sudo ceph status'."

--- a/check_ceph_osd
+++ b/check_ceph_osd
@@ -27,11 +27,12 @@
 # 2023-04-24  v1.4  <axel.hahn@unibe.ch>     update for newer ceph versions
 # 2023-06-19  v1.5  <axel.hahn@unibe.ch>     add help and param support; no more tmpfile
 # 2023-07-27  v1.6  <axel.hahn@unibe.ch>     shorten ceph exec; show output on error; shell fixes
+# 2023-10-20  v1.7  <axel.hahn@unibe.ch>     harden sudo command execution
 # ======================================================================
 . $(dirname $0)/inc_pluginfunctions
-export self_APPVERSION=1.6
+export self_APPVERSION=1.7
 # column number in output where to find the up/ down info
 iColUpDown=5
@@ -87,7 +88,7 @@ case "$1" in
    *)
 esac
-if ! data=$( sudo /bin/ceph osd tree 2>&1 ); then
+if ! data=$( sudo -n /bin/ceph osd tree 2>&1 ); then
    echo "$data"
    ph.abort "UNKNOWN: ceph is not available or no sudo permissions to execute ceph commands."
 fi

--- a/check_ceph_status
+++ b/check_ceph_status
@@ -21,11 +21,12 @@
 # 2023-04-24  v1.4  <axel.hahn@unibe.ch>      update for newer ceph versions
 # 2023-06-19  v1.5  <axel.hahn@unibe.ch>      add help and param support; no more tmpfile
 # 2023-07-27  v1.6  <axel.hahn@unibe.ch>      update help page
+# 2023-10-20  v1.7  <axel.hahn@unibe.ch>      harden sudo command execution
 # ======================================================================
 . $(dirname $0)/inc_pluginfunctions
-export self_APPVERSION=1.6
+export self_APPVERSION=1.7
 initfile="/tmp/ceph-status-not-ok-start-$USER"
@@ -45,14 +46,7 @@ line="__________________________________________________________________________
 function showHelp(){
    local _self; _self=$(basename $0)
 cat <<EOF
-______________________________________________________________________
+$( ph.showImlHelpHeader )
-$self_APPNAME 
-v$self_APPVERSION
-(c) Institute for Medical Education - University of Bern
-Licence: GNU GPL 3
-______________________________________________________________________
 Show ceph health status.
 The state of the check switches to warning if HEALTH_WARN was detected
@@ -72,7 +66,7 @@ EOF
 }
 function readCephStatus(){
-        if ! data=$( sudo /bin/ceph status 2>&1 ); then
+        if ! data=$( sudo -n /bin/ceph status 2>&1 ); then
                echo "$data"
                ph.abort "UNKNOWN: ceph is not available or no sudo permissions to execute ceph commands."
        fi

--- a/docs/20_Checks/check_ceph_diskfree.md
+++ b/docs/20_Checks/check_ceph_diskfree.md
@@ -20,7 +20,7 @@ $ check_ceph_diskfree -h
 ______________________________________________________________________
 CHECK_CEPH_DISKFREE 
-v1.4
+v1.6
 (c) Institute for Medical Education - University of Bern
 Licence: GNU GPL 3

--- a/docs/20_Checks/check_ceph_io.md
+++ b/docs/20_Checks/check_ceph_io.md
@@ -18,33 +18,35 @@ icingaclient ALL=(ALL) NOPASSWD: /bin/ceph
 ```txt
 ______________________________________________________________________
-CHECK_CEPH_IO 
+CHECK_CEPH_OSD
-v1.3
+v1.7
 (c) Institute for Medical Education - University of Bern
 Licence: GNU GPL 3
+https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ceph_osd.html
 ______________________________________________________________________
-Show cheph IO as read and written bytes per second.
+Show cheph osd status: how many OSDs exist and how many are up/ down.
 This check sends performance data.
+On your cluster you might want to increase the values for warning and
+critical level.
 SYNTAX:
-check_ceph_io
+check_ceph_osd [-w WARN_LIMIT] [-c CRITICAL_LIMIT]
 OPTIONS:
    -h or --help   show this help.
-    -t [STRING]    test a value; for debugging purposes
+    -w VALUE       warning level  (default: 1)
-                   Without a string internally stored values will be tested
+    -c VALUE       critical level (default: 2)
 EXAMPLE:
-check_ceph_io
+check_ceph_osd
-    no parameters; normal usage to get the ceph io data
+    no parameters; normal usage to get the ceph osd status
-check_ceph_io -t
-    Run a few builtin tests
-check_ceph_io -t "   client: 255 B/s rd, 0 op/s rd, 0 op/s wr"
+check_ceph_osd -c 10
-    Test a given string
+    change to critical level if 10 osds are down.
 ```

--- a/docs/20_Checks/check_ceph_status.md
+++ b/docs/20_Checks/check_ceph_status.md
@@ -9,16 +9,22 @@ It switches the state in dependency of the HEALTH_* value.
 * `ceph` binary and sudo permission on it to get the information
+```txt
+icingaclient ALL=(ALL) NOPASSWD: /bin/ceph
+```
 ## Syntax
 ```txt
 ______________________________________________________________________
-CHECK_CEPH_STATUS 
+CHECK_CEPH_STATUS
-v1.5
+v1.7
 (c) Institute for Medical Education - University of Bern
 Licence: GNU GPL 3
+https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ceph_status.html
 ______________________________________________________________________
 Show ceph health status.
@@ -27,6 +33,8 @@ and is error of other HEALTH values than HEALTH_WARN or HEALTH_OK.
 In the output is the complete output of the command "ceph status".
+If degraded objects are found it shows the progress of repair process.
 SYNTAX:
 check_ceph_status