Merge branch 'master' of git-repo.iml.unibe.ch:iml-open-source/icinga-checks

check_eol-data/os.cfg

@@ -34,6 +34,8 @@ debian:7:2018-05-31:LTS
 debian:8:2020-06-06:LTS
 debian:9:2022-01-31:LTS
 debian:10:2022-01-31:EOL; no LTS version so far
+debian:11:2026-08-15:EOL; no LTS version so far
+
 
 
 # ----------------------------------------------------------------------

check_eol-versiondetect/detect-postgres

@@ -7,12 +7,16 @@
 # ----------------------------------------------------------------------------
 # 2020-02-25  v1.0  <axel.hahn@iml.unibe.ch>  initial version
 # 2021-03-26  v1.1  <axel.hahn@iml.unibe.ch>  add locations if postgres is not in PATH
+# 2021-08-23  v1.1  <martin.gasser@iml.unibe.ch>  added location for v11
+
 # ----------------------------------------------------------------------------
 
 #
 # WORKAROUND: add additional locations in $PATH
 #
-otherlocations="/usr/pgsql-10/bin/ /some/other/postgres/location/bin/"
+#otherlocations="/usr/pgsql-10/bin/ /some/other/postgres/location/bin/"
+
+otherlocations="/usr/pgsql-10/bin/ /usr/lib/postgresql/11/bin"
 
 POSTGRES=$( which postgres 2>/dev/null )
 test -z "$POSTGRES" &&

check_packages2install

@@ -16,6 +16,7 @@
 # 2020-03-05  v1.3  <axel.hahn@iml.unibe.ch> switch to ph.* helper functions
 # 2020-03-11  v1.4  <axel.hahn@iml.unibe.ch> add -c -w limits; added perfdata (yum)
 # 2021-05-11  v1.4  <axel.hahn@iml.unibe.ch> added centos8 support
+# 2021-08-20  v1.5  <martin.gasser@iml.unibe.ch> bug fixing - missing sudo in yum command
 # ======================================================================
 
 
@@ -79,7 +80,7 @@ function checkYum(){
 
   # summary=`ph.execIfReady "/usr/bin/yum --security  check-update 2>&1 | fgrep 'security'" `
   # summary=`ph.execIfReady "/usr/bin/yum --security  check-update 2>&1 | fgrep 'security'" `
-  ph.execIfReady "/usr/bin/yum --security  check-update > $_yumout 2>&1"
+  ph.execIfReady "sudo /usr/bin/yum --security  check-update > $_yumout 2>&1"
   local summary=$( cat $_yumout | grep security )
   test -z "$summary" && summary='no data .. no packages to install'
 

check_php-fpm-status

+#!/bin/bash
+# ======================================================================
+#
+# NAGIOS CLIENT CHECK :: php-fpm requests
+#
+# ----------------------------------------------------------------------
+# script checks output of fpm "/status" and counts scoreboard chars
+# ----------------------------------------------------------------------
+# 2021-09-22  v0.1  <axel.hahn@iml.unibe.ch>  initial version
+# 2021-10-01  v0.2  <axel.hahn@iml.unibe.ch>  fetch full status as json
+# ======================================================================
+
+. `dirname $0`/inc_pluginfunctions
+
+tmpfile=/tmp/check_fpm_processes_1
+defaulturl=localhost/status
+
+sDeltaunit="min"
+
+# ----------------------------------------------------------------------
+# functions
+# ----------------------------------------------------------------------
+
+# get service data from json output
+function _getServicedata(){
+    cat $tmpfile | jq | grep '^\ \ "' | grep -v "\[" | cut -f 1 -d ","
+}
+
+function _getWorkerStates(){
+    cat $tmpfile | jq | grep '"state": ' | cut -f 2 -d ":" | cut -f 1 -d "," | sort -u
+}
+
+
+function _getWorkerOfState(){
+    cat $tmpfile | jq -c ".processes[] | select(.state == \"$1\" )"
+}
+
+# get a value from fpm status
+#
+# example output:
+# pool:                 www
+# process manager:      dynamic
+# start time:           21/Sep/2021:16:01:12 +0200
+# start since:          65914
+# accepted conn:        34
+# listen queue:         0
+# max listen queue:     0
+# listen queue len:     0
+# idle processes:       6
+# active processes:     3
+# total processes:      9
+# max active processes: 6
+# max children reached: 0
+# slow requests:        0
+#
+# param  string  variable (part before ":")
+function _getvalue(){
+        # grep "^$1:" $tmpfile | cut -d ":" -f 2 | awk '{ print $1 }'
+        _getServicedata | grep "^\ \ \"$1\":" | cut -d ":" -f 2 | awk '{ print $1 }'
+}
+
+
+function showHelp(){
+cat <<EOF
+______________________________________________________________________
+
+CHECK_PHP-FPM-Status
+Get counters from PHP-FPM status output for active/ idle processes.
+
+(c) Institute for Medical Education - Univerity of Bern
+Licence: GNU GPL 3
+______________________________________________________________________
+
+The check fetches several counters from php-fm-status page.
+
+It shows a short service status in a single line and then the dump of the 
+status page.
+For performance data it echos:
+
+    php-fpm-active     count of active workers
+    php-fpm-maxactive  max active processes (sum of idle + running + reading)
+    php-fpm-idle       count of workers in state "Idle"
+    php-fpm-running    count of workers in state "Running"
+    php-fpm-reading    count of workers in state "Reading headers"
+    php-fpm-queue      count of items in the queue
+    php-fpm-maxqueue   max listen queue
+    php-fpm-slow       slow requests per $sDeltaunit (since last execution of this check)
+    php-fpm-speed      requests per $sDeltaunit (since last execution of this check)
+
+SYNTAX:
+`basename $0` [-u URL]
+
+OPTIONS:
+
+    -u  url to fpm status page  (optional; default: $defaulturl)
+    -h or --help   show this help.
+
+PARAMETERS:
+
+    None.
+
+EXAMPLE:
+`basename $0` -u http://localhost/my-custom-fpm-statuspage.php
+
+EOF
+}
+
+# ----------------------------------------------------------------------
+# check help
+# ----------------------------------------------------------------------
+
+case "$1" in
+    "--help"|"-h")
+        showHelp
+        exit 0
+        ;;
+    *)
+esac
+
+# ----------------------------------------------------------------------
+# pre checks
+# ----------------------------------------------------------------------
+ph.require jq wget
+
+
+# ----------------------------------------------------------------------
+# check params
+# ----------------------------------------------------------------------
+
+# set default / override from command line params
+typeset -i iWarnLimit=`     ph.getValueWithParam 75 w "$@"`
+typeset -i iCriticalLimit=` ph.getValueWithParam 90 c "$@"`
+url=$( ph.getValueWithParam $defaulturl u "$@" )
+
+# --- get /server-status page
+wget --no-check-certificate -O $tmpfile "$url?full&json" 2>/dev/null
+if [ $? -ne 0 ]; then
+   rm -f $tmpfile
+   ph.abort "UNKNOWN: request to url $url failed. `wget --no-check-certificate -O - -S $url`"
+fi
+
+# ----------------------------------------------------------------------
+# get values from status output
+# ----------------------------------------------------------------------
+
+# --- handled requests per sec
+typeset -i iConn=$(      _getvalue "accepted conn")
+typeset -i iSpeed=$(     ph.perfdeltaspeed "fpm-accepted" $iConn $sDeltaunit )
+
+# --- count slots
+typeset -i iActive=$(    _getvalue "active processes" )
+typeset -i iMaxActive=$( _getvalue "max active processes" )
+typeset -i iIdle=$(      _getvalue "idle processes")
+
+# --- experimental: generate warning / error 
+typeset -i iQueue=$(     _getvalue "listen queue len")
+typeset -i iMaxQueue=$(  _getvalue "max listen queue")
+typeset -i iSlowTotal=$( _getvalue "slow requests")
+typeset -i iSlow=$(      ph.perfdeltaspeed "fpm-slow" $iSlowTotal $sDeltaunit )
+typeset -i iMaxChilds=$( _getvalue "max children reached")
+
+typeset -i iSlowPercent=$iSlow*100/$iSpeed
+
+
+typeset -i iWorkerRunning=$( _getWorkerOfState "Running"         | wc -l )
+typeset -i iWorkerReading=$( _getWorkerOfState "Reading headers" | wc -l )
+typeset -i iWorkerIdle=$(    _getWorkerOfState "Idle"            | wc -l )
+
+
+# ----------------------------------------------------------------------
+# set status
+# ----------------------------------------------------------------------
+# damn, count of slots is in the config only - not in status output
+# iUsage=$iActive*100/$iSlots
+# ph.setStatusByLimit $iUsage $iWarnLimit $iCriticalLimit
+if [ $iQueue -gt 0 -o $iSlow -gt 0 ]; then
+    ph.setStatus warning
+fi
+if [ $iMaxChilds -gt 0 ]; then
+    # ph.setStatus critical
+    ph.setStatus warning
+fi
+if [ $iWorkerIdle -eq 0 ]; then
+    ph.setStatus warning
+fi
+
+# seems not to be useful
+# if [ $iWorkerReading -eq 0 ]; then
+#     ph.setStatus warning
+# fi
+
+# ----------------------------------------------------------------------
+# output
+# ----------------------------------------------------------------------
+ph.status "PHP-FPM service: active: $iActive (max: $iMaxActive) .. idle workers: $iIdle .. queue: $iQueue .. speed: $iSpeed req per $sDeltaunit ... slow: $iSlow req per $sDeltaunit ($iSlowPercent%; total: $iSlowTotal)"
+echo "Workers:               Running: $iWorkerRunning"
+echo "               Reading headers: $iWorkerReading"
+echo "                          Idle: $iWorkerIdle"
+echo
+echo "  Waiting for a worker (queue): $iQueue (max: $iMaxQueue)"
+echo
+
+# ----- output hints on warning level
+hint="!! IMPORTANT !! Any non-OK status is still experimmental."
+if [ $iWorkerIdle -eq 0 ]; then
+    echo $hint
+    echo "WARNING: No idle workers available."
+    echo "         Maybe there is a current peak only."
+    echo "         Or count of allowed workers (pm.max_children) or spare servers (pm.XXX_spare_servers) is too low."
+    echo
+fi
+# if [ $iWorkerReading -eq 0 ]; then
+#     echo $hint
+#     echo "WARNING: No reading workers available."
+#     echo "         Maybe there is a current peak only."
+#     echo "         Or count of allowed workers (pm.max_children) or spare servers (pm.XXX_spare_servers) is too low."
+#     echo
+# fi
+if [ $iMaxChilds -gt 0 ]; then
+    echo $hint
+    echo "WARNING: Max. count of children was reached: $iMaxChilds. Maximum of active workers was $iMaxActive - maybe count of allowed workers (pm.max_children) is too low."
+    echo
+fi
+if [ $iQueue -gt 0 ]; then
+    echo $hint
+    echo "WARNING: $iQueue queued requests were found. Maximum of queued items is $iMaxQueue (since last start of fpm service)."
+    echo
+fi
+if [ $iSlow -gt 0 ]; then
+    echo $hint
+    echo "WARNING: $iSlow slow requests per $sDeltaunit were found  ($iSlowPercent%)... total $iSlowTotal slow req were detected (since last start of fpm service)."
+    echo
+fi
+
+echo "--- Status of service"
+_getServicedata
+
+echo
+echo "--- workers in state Running"
+_getWorkerOfState "Running"
+echo
+
+# --- add performnce data
+ph.perfadd "php-fpm-active"    "${iActive}"    "" "" 0 0
+ph.perfadd "php-fpm-maxactive" "${iMaxActive}" "" "" 0 0
+# ph.perfadd "php-fpm-idle"      "${iIdle}"      "" "" 0 0
+
+ph.perfadd "php-fpm-queue"     "${iQueue}"     "" "" 0 0
+ph.perfadd "php-fpm-maxqueue"  "${iMaxQueue}"  "" "" 0 0
+ph.perfadd "php-fpm-slow"      "${iSlow}"      "" "" 0 0
+ph.perfadd "php-fpm-speed"     "${iSpeed}"     "" "" 0 0
+
+# use process infos to count by worker state:
+ph.perfadd "php-fpm-idle"      "${iWorkerIdle}"      "" "" 0 0
+ph.perfadd "php-fpm-running"   "${iWorkerRunning}"   "" "" 0 0
+ph.perfadd "php-fpm-reading"   "${iWorkerReading}"   "" "" 0 0
+
+
+rm -f $tmpfile
+ph.exit
+
+# ----------------------------------------------------------------------

check_ssl_certs

+#!/bin/bash
+# ======================================================================
+#
+# SSL check - warn if a ssl certificate expires.
+#
+# Check locally installed SSL client certificates and warn if the 
+# expiration date comes closer. 
+#
+# USAGE: check_ssl_certs [-w WARN_LIMIT] [-c CRITICAL_LIMIT] [-f "FILELIST"]
+# HELP: check_ssl_certs -h
+#
+# ----------------------------------------------------------------------
+# 2021-10-06  v0.1  <axel.hahn@iml.unibe.ch>  initial version
+# ======================================================================
+
+. `dirname $0`/inc_pluginfunctions
+
+typeset -i iWarn=14
+typeset -i iCrit=5
+typeset -i iNow=$( date +%s )
+
+bHasCritical=false
+bHasWarning=false
+
+shortstatus=""
+fullstatus=""
+
+filelist="/etc/ssl/certs/*.cert.cer"
+
+# ----------------------------------------------------------------------
+# functions
+# ----------------------------------------------------------------------
+
+function showHelp(){
+cat <<EOF
+______________________________________________________________________
+
+CHECK_SSL_CERTS
+
+(c) Institute for Medical Education - Univerity of Bern
+Licence: GNU GPL 3
+______________________________________________________________________
+
+Check locally installed SSL client certificates and warn if the 
+expiration date comes closer. 
+
+SYNTAX:
+`basename $0` [-w WARN_LIMIT] [-c CRITICAL_LIMIT] [-f "FILELIST"]
+
+OPTIONS:
+
+    -f FILELIST    file filter to find certificates using globbing 
+                   (default: $filelist)
+                   To use multiple sources seperate them with a space char.
+                   Quote your parameter value if you use multiple sources or * char.
+    -w VALUE       warning level in days before expiration (default: $iWarn)
+    -c VALUE       critical level in days before expiration (default: $iCrit)
+
+    -h or --help   show this help.
+
+PARAMETERS:
+
+    None.
+
+EXAMPLE:
+
+    `basename $0` -f "/etc/ssl/certs/*example.com.*.cer /somewhere/else/*.cer"
+        Set 2 folders where to find the client certificates.
+        They are seperated by space and both use * for globbing
+
+    `basename $0` -w 30 -c 3 
+        Overide the warning and critical level.
+
+EOF
+}
+
+# ----------------------------------------------------------------------
+# MAIN
+# ----------------------------------------------------------------------
+
+
+# ----- check param -h
+case "$1" in
+    "--help"|"-h")
+        showHelp
+        exit 0
+        ;;
+    *)
+esac
+
+
+# ----- check required tools
+
+ph.require openssl
+
+
+# --- override from command line params
+filelist=`ph.getValueWithParam "$filelist" f "$@"`
+iWarn=`   ph.getValueWithParam $iWarn      w "$@"`
+iCrit=`   ph.getValueWithParam $iCrit      c "$@"`
+
+
+# ----- check cert files
+
+typeset -i iCounter=0
+typeset -i iTotal=$( ls -1 $filelist 2>/dev/null | wc -l )
+if [ $iTotal -eq 0 ]; then
+        bHasWarning=true
+        shortstatus="No cert was found."
+        fullstatus="!!! Warning: no file matches the file filter. HINT: adjust your file filter in -f FILEFILTER"
+fi
+for mycert in $( ls -1 $filelist 2>/dev/null )
+do
+        iCounter=$iCounter+1
+        data=$(openssl x509 -noout -text -in $mycert 2>/dev/null )
+        mySubject=$( echo "$data" | grep "Subject:\ CN\ =\ " | grep -v "," | cut -f 2- -d "=" | cut -c 2- )
+        if [ -z "$mySubject" ]; then
+                bHasWarning=true
+                fullstatus="${fullstatus}
+                !!! WARNING: File $mycert is no client certificate. HINT: adjust your file filter in -f FILEFILTER"
+        else
+
+            dateExpire=$( echo "$data" | grep "Not\ After" | cut -f 2- -d ":" )
+
+            typeset -i iExpire=$( date +%s -d "$dateExpire" )
+            typeset -i iLeft=($iExpire-$iNow)/60/60/24
+
+            if [ $iLeft -le $iWarn ]; then
+                    if [ $iLeft -le $iCrit ]; then
+                            bHasCritical=true
+                            if [ $iLeft -lt 0 ]; then
+                                    result="EXPIRED ALREADY"
+                            else
+                                    result="Expires VERY SOON"
+                            fi
+                    else
+                            bHasWarning=true
+                            result="Expires soon"
+                    fi
+            else
+                    result="OK"
+            fi
+            shortstatus="${shortstatus}${result} ${mySubject} [${iLeft}d] ; "
+            fullstatus="${fullstatus}
+----- [$iCounter of $iTotal] ${mySubject} - expires in $iLeft days
+$( echo "$data" | grep -E "(DNS:|Issuer:|Not\ |Subject:)" | sed 's#^\ *##g')
+File: $mycert
+"
+
+            ph.perfadd "ssl-$mySubject"       "${iLeft}"       "" "" 0 ""
+        fi
+done
+
+
+# ----- set status based on worst result
+
+if [ $bHasCritical = true ]; then
+        ph.setStatus critical
+elif [ $bHasWarning = true ]; then
+        ph.setStatus warning
+fi
+
+
+# ------ outout
+
+ph.status "SSL certs :: $shortstatus"
+echo "$fullstatus"
+echo "INFO: warning starts $iWarn d before expiration, raising to critical $iCrit days before"
+echo
+
+ph.exit
+
+# ----------------------------------------------------------------------

check_systemdservices.ignore

@@ -6,4 +6,5 @@
 ^sensu-api\.service
 ^sensu-client\.service
 ^vmcontext\.service
+^dnf-makecache\.service
 # ================================================================================

check_timesync

@@ -14,6 +14,8 @@
 # 2018-10-26  v1.0  <axel.hahn@iml.unibe.ch>
 # 2020-03-05  v1.1  <axel.hahn@iml.unibe.ch> switch to ph.* helper functions
 # 2020-05-13  v1.2  <axel.hahn@iml.unibe.ch> update pre detect output of timedatectl
+# 2021-08-19  v1.3  <martin.gasser@iml.unibe.ch> update for chrony with timedatectl 
+
 # ======================================================================
 
 . `dirname $0`/inc_pluginfunctions
@@ -36,16 +38,16 @@ fi
 # ph.execIfReady "timedatectl status | grep '^NTP synchronized'" >/dev/null
 # echo ----- output of timedatectl status >$tmpfile
 # timedatectl status >>$tmpfile
-ph.execIfReady "timedatectl status >$tmpfile; grep '^NTP synchronized' $tmpfile >/dev/null"
+ph.execIfReady "timedatectl show >$tmpfile; grep '^NTPSynchronized' $tmpfile >/dev/null"
 
-cat $tmpfile | grep "^NTP synchronized" >/dev/null
+cat $tmpfile | grep "^NTPSynchronized" >/dev/null
 if [ $? -ne 0 ]; then
   ph.setStatus "unknown"
   # ph.status "timesync: timedatectl has no line NTP synchronized ... maybe your OS ${myos} is not supported"
   ph.status "timesync: timedatectl has no line NTP synchronized"
   cat $tmpfile
 else
-  cat $tmpfile | grep "^NTP synchronized: yes" >/dev/null
+  cat $tmpfile | grep "^NTPSynchronized=yes" >/dev/null
   if [ $? -eq 0 ]; then
     ph.status "timesync: a timesync service is active on this ${myos} host"
   else
@@ -66,6 +68,9 @@ fi
 if [ -f /etc/chrony.conf ]; then
   sSyncService="chronyd"
 fi
+if [ -f /etc/chrony/chrony.conf ]; then
+  sSyncService="chronyd"
+fi
 if [ -z $sSyncService ]; then
   echo "REMARK: no sync service detected ... or this sensu check does not support it" >>$tmpfile
 else
@@ -78,7 +83,7 @@ fi
 # output & exit
 # ----------------------------------------------------------------------
 
-cat $tmpfile | grep "^NTP synchronized"
+cat $tmpfile | grep "^NTPSynchronized"
 echo
 cat $tmpfile
 

inc_pluginfunctions.md

@@ -88,10 +88,14 @@ Execute a command and repeat max. MAXTRIES times if it fails.
 
 Add performance data. Their output will be written with ph.exit. So you are free to add perfomance data anywhere within your check script.
 
-**ph.perfdeltaspeed** [VARNAME] [VALUE]
+**ph.perfdeltaspeed** [VARNAME] [VALUE] [[unit] [isfloat]]
 
 For increasing system counters: get changerate per second since last check.
 
+Unit value can be
+* s or sec - for seconds
+* m or min - for minutes
+
 Example:
 
     # speed in byte per sec based on last stored value and its age

zz_template_check_xyz

+#!/bin/bash
+# ======================================================================
+#
+# Check !!!describe what it does!!!
+#
+# ----------------------------------------------------------------------
+# 202n-nn-nn  v0.0  <name@unibe.ch>  initial version
+# ======================================================================
+
+
+. `dirname $0`/inc_pluginfunctions
+
+# ----------------------------------------------------------------------
+# functions
+# ----------------------------------------------------------------------
+
+function showHelp(){
+cat <<EOF
+______________________________________________________________________
+
+CHECK_XYZ !!! add a short description
+
+(c) Institute for Medical Education - Univerity of Bern
+Licence: GNU GPL 3
+______________________________________________________________________
+
+!!! Add some information what the check does.
+
+!!! add / remove params in syntax, options and example
+
+SYNTAX:
+`basename $0` [-w WARN_LIMIT] [-c CRITICAL_LIMIT]
+
+OPTIONS:
+
+    -w VALUE       cpu usage warning level  (default: 75)
+    -c VALUE       cpu usage critical level (default: 90)
+
+    -h or --help   show this help.
+
+PARAMETERS:
+
+    None.
+
+EXAMPLE:
+`basename $0` -w 60 -c 80
+
+EOF
+}
+# ----------------------------------------------------------------------
+# MAIN
+# ----------------------------------------------------------------------
+
+# --- check param -h
+case "$1" in
+    "--help"|"-h")
+        showHelp
+        exit 0
+        ;;
+    *)
+esac
+
+
+# --- check required tools
+# !!! add needed tools here
+# ph.require bc top
+
+
+# set default / override from command line params
+typeset -i iWarnLimit=`     ph.getValueWithParam 75 w "$@"`
+typeset -i iCriticalLimit=` ph.getValueWithParam 90 c "$@"`
+
+
+# !!! add some logic for a check and fetch values from some output
+
+
+# !!! set status 
+# ph.setStatusByLimit $iMyvalue $iWarnLimit $iCriticalLimit
+# or with a condition:
+# ph.setStatus warning
+# ph.setStatus critical
+
+
+# !!! generate output
+# ph.status "my check sends value $iMyValue"
+
+
+# --- performance data usage
+# !!! add counters if Icinga must show a chart
+# ph.perfadd "checkname-countername"    "${iMyValue}" $iWarnLimit $iCriticalLimit 0 100
+
+
+# ph.exit
+
+# ----------------------------------------------------------------------