From f62ac072cfdba399711ec6fec0b0f41f1b90af12 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Fri, 20 Oct 2023 15:50:58 +0200
Subject: [PATCH] check_cepho_osd harden su command execution

---
 check_ceph_osd                  |  5 +++--
 docs/20_Checks/check_ceph_io.md | 28 ++++++++++++++--------------
 2 files changed, 17 insertions(+), 16 deletions(-)

diff --git a/check_ceph_osd b/check_ceph_osd
index e1224a0..4838b58 100755
--- a/check_ceph_osd
+++ b/check_ceph_osd
@@ -27,11 +27,12 @@
 # 2023-04-24  v1.4  <axel.hahn@unibe.ch>     update for newer ceph versions
 # 2023-06-19  v1.5  <axel.hahn@unibe.ch>     add help and param support; no more tmpfile
 # 2023-07-27  v1.6  <axel.hahn@unibe.ch>     shorten ceph exec; show output on error; shell fixes
+# 2023-10-20  v1.7  <axel.hahn@unibe.ch>     harden sudo command execution
 # ======================================================================
 
 . $(dirname $0)/inc_pluginfunctions
 
-export self_APPVERSION=1.6
+export self_APPVERSION=1.7
 
 # column number in output where to find the up/ down info
 iColUpDown=5
@@ -87,7 +88,7 @@ case "$1" in
     *)
 esac
 
-if ! data=$( sudo /bin/ceph osd tree 2>&1 ); then
+if ! data=$( sudo -n /bin/ceph osd tree 2>&1 ); then
     echo "$data"
     ph.abort "UNKNOWN: ceph is not available or no sudo permissions to execute ceph commands."
 fi
diff --git a/docs/20_Checks/check_ceph_io.md b/docs/20_Checks/check_ceph_io.md
index 31e4301..9153fbd 100644
--- a/docs/20_Checks/check_ceph_io.md
+++ b/docs/20_Checks/check_ceph_io.md
@@ -18,35 +18,35 @@ icingaclient ALL=(ALL) NOPASSWD: /bin/ceph
 ```txt
 ______________________________________________________________________
 
-CHECK_CEPH_IO
-v1.5
+CHECK_CEPH_OSD
+v1.7
 
 (c) Institute for Medical Education - University of Bern
 Licence: GNU GPL 3
 
-https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ceph_io.html
+https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ceph_osd.html
 ______________________________________________________________________
 
-Show cheph IO as read and written bytes per second.
+Show cheph osd status: how many OSDs exist and how many are up/ down.
 This check sends performance data.
 
+On your cluster you might want to increase the values for warning and
+critical level.
+
 SYNTAX:
-check_ceph_io
+check_ceph_osd [-w WARN_LIMIT] [-c CRITICAL_LIMIT]
 
 OPTIONS:
     -h or --help   show this help.
-    -t [STRING]    test a value; for debugging purposes
-                   Without a string internally stored values will be tested
+    -w VALUE       warning level  (default: 1)
+    -c VALUE       critical level (default: 2)
 
 EXAMPLE:
-check_ceph_io
-    no parameters; normal usage to get the ceph io data
-
-check_ceph_io -t
-    Run a few builtin tests
+check_ceph_osd
+    no parameters; normal usage to get the ceph osd status
 
-check_ceph_io -t "   client: 255 B/s rd, 0 op/s rd, 0 op/s wr"
-    Test a given string
+check_ceph_osd -c 10
+    change to critical level if 10 osds are down.
 
 ```
 
-- 
GitLab