From 54edcde9172ea35dbdcd07863be22781f489e593 Mon Sep 17 00:00:00 2001 From: Adam Ward Date: Wed, 28 Jan 2015 18:23:30 +1100 Subject: [PATCH 1/2] Rewrote for bash, fixing trivial bugs --- check_glusterfs | 89 ++++++++++++++++++++++++------------------------- 1 file changed, 44 insertions(+), 45 deletions(-) mode change 100644 => 100755 check_glusterfs diff --git a/check_glusterfs b/check_glusterfs old mode 100644 new mode 100755 index 44420a5..8abad97 --- a/check_glusterfs +++ b/check_glusterfs @@ -3,14 +3,7 @@ ## Fork of MarkR’s GlusterFS-checks at: ## http://exchange.nagios.org/directory/Plugins/System-Metrics/File-System/GlusterFS-checks/details -### CHANGELOG -## 1.0.2 -# * 07/01/2014 -# * Modified by Doug Wilson -# * includes carrillm’s fix to support TB sized volumes -# * outputs all errors on a critical alarm, not just free space - -# This Nagios script was written against version 3.3 & 3.4 of Gluster. Older +# This Nagios script was written against version 3.5 of Gluster. Older # versions will most likely not work at all with this monitoring script. # # Gluster currently requires elevated permissions to do anything. In order to @@ -31,23 +24,30 @@ PATH=/sbin:/bin:/usr/sbin:/usr/bin PROGNAME=$(basename -- $0) -PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` -REVISION="1.0.1" +PROGPATH=$(sed -e 's,[\\/][^\\/][^\\/]*$,,' <<<$0) +REVISION="1.0.3" -. $PROGPATH/utils.sh +#. $PROGPATH/utils.sh +STATE_OK=0 +STATE_WARNING=1 +STATE_CRITICAL=2 +STATE_UNKNOWN=3 +STATE_DEPENDENT=4 # parse command line usage () { - echo "" - echo "USAGE: " - echo " $PROGNAME -v VOLUME -n BRICKS [-w GB -c GB]" - echo " -n BRICKS: number of bricks" - echo " -w and -c values in GB" + cat <<-USAGE + USAGE: + $PROGNAME -v VOLUME -n BRICKS [-w GB -c GB] + -n BRICKS: number of bricks + -w and -c values in GB + USAGE exit $STATE_UNKNOWN } -while getopts "v:n:w:c:" opt; do +while getopts "hv:n:w:c:" opt; do case $opt in + h) usage ;; v) VOLUME=${OPTARG} ;; n) BRICKS=${OPTARG} ;; w) WARN=${OPTARG} ;; @@ -56,7 +56,7 @@ while getopts "v:n:w:c:" opt; do esac done -if [ -z "${VOLUME}" -o -z "${BRICKS}" ]; then +if [[ -z $VOLUME ]] || [[ -z $BRICKS ]]; then usage fi @@ -86,12 +86,12 @@ fi # get volume heal status heal=0 for entries in $(sudo gluster volume heal ${VOLUME} info | awk '/^Number of entries: /{print $4}'); do - if [ "$entries" -gt 0 ]; then - let $((heal+=entries)) + if [[ $entries -gt 0 ]]; then + let heal+=entries fi done -if [ "$heal" -gt 0 ]; then - errors=("${errors[@]}" "$heal unsynched entries") +if [[ $heal -gt 0 ]]; then + errors+=($heal unsynched entries) fi # get volume status @@ -99,67 +99,66 @@ bricksfound=0 freegb=9999999 shopt -s nullglob while read -r line; do - field=($(echo $line)) + field=($line) case ${field[0]} in Brick) brick=${field[@]:2} ;; Disk) key=${field[@]:0:3} - if [ "${key}" = "Disk Space Free" ]; then + if [[ $key == "Disk Space Free" ]]; then freeunit=${field[@]:4} - free=${freeunit:0:-2} - freeconvgb=`echo "($free*1024)" | bc` + free=${freeunit:0:$((${#freeunit}-2))} unit=${freeunit#$free} - if [ "$unit" = "TB" ]; then - free=$freeconvgb + if [[ $unit == "TB" ]]; then + free=$(( $freeconvgb * 1024 )) unit="GB" fi - if [ "$unit" != "GB" ]; then + if [[ $unit != "GB" ]]; then Exit UNKNOWN "unknown disk space size $freeunit" fi - free=$(echo "${free} / 1" | bc -q) - if [ $free -lt $freegb ]; then + free=$(bc -q <<<"$free / 1") + if [[ $free -lt $freegb ]]; then freegb=$free fi fi ;; Online) online=${field[@]:2} - if [ "${online}" = "Y" ]; then - let $((bricksfound++)) + if [[ ${online} = "Y" ]]; then + let bricksfound++ else - errors=("${errors[@]}" "$brick offline") + errors+=($brick offline) fi ;; esac done < <(sudo gluster volume status ${VOLUME} detail) -if [ $bricksfound -eq 0 ]; then +if [[ $bricksfound -eq 0 ]]; then Exit CRITICAL "no bricks found" -elif [ $bricksfound -lt $BRICKS ]; then - errors=("${errors[@]}" "found $bricksfound bricks, expected $BRICKS ") +elif [[ $bricksfound -lt $BRICKS ]]; then + errors+=(found $bricksfound bricks, expected $BRICKS) ex_stat="WARNING_stat" fi -if [ -n "$CRIT" -a -n "$WARN" ]; then - if [ $CRIT -ge $WARN ]; then +if [[ -n $CRIT ]] && [[ -n $WARN ]]; then + if [[ $CRIT -ge $WARN ]]; then Exit UNKNOWN "critical threshold below warning" - elif [ $freegb -lt $CRIT ]; then - errors=("${errors[@]}" "free space ${freegb}GB") + elif [[ $freegb -lt $CRIT ]]; then + errors+=(free space ${freegb}GB) ex_stat="CRITICAL_stat" - elif [ $freegb -lt $WARN ]; then - errors=("${errors[@]}" "free space ${freegb}GB") + elif [[ $freegb -lt $WARN ]]; then + errors+=(free space ${freegb}GB) ex_stat="WARNING_stat" fi fi # exit with warning if errors -if [ -n "$errors" ]; then +if [[ -n $errors ]]; then sep='; ' msg=$(printf "${sep}%s" "${errors[@]}") msg=${msg:${#sep}} - if [ ${ex_stat} == "CRITICAL_stat" ]; then + if [[ ${ex_stat} == "CRITICAL_stat" ]]; then Exit CRITICAL "${msg}" else Exit WARNING "${msg}" From 24a84648c62f434adc9e996b8670ac1a59f4d205 Mon Sep 17 00:00:00 2001 From: Adam Ward Date: Thu, 29 Jan 2015 16:13:50 +1100 Subject: [PATCH 2/2] Added ssh wrapper for nagios --- check_glusterfs | 2 +- ssh_wrapper | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100755 ssh_wrapper diff --git a/check_glusterfs b/check_glusterfs index 8abad97..147016d 100755 --- a/check_glusterfs +++ b/check_glusterfs @@ -12,7 +12,7 @@ # following in /etc/sudoers (or something equivalent): # # Defaults:nagios !requiretty -# nagios ALL=(root) NOPASSWD:/usr/sbin/gluster volume status [[\:graph\:]]* detail,/usr/sbin/gluster volume heal [[\:graph\:]]* info +# nagios ALL=(root) NOPASSWD:/usr/sbin/gluster volume status [-_[\:alnum\:]]+ detail,/usr/sbin/gluster volume heal [-_[\:alnum\:]]+ info # # That should give us all the access we need to check the status of any # currently defined peers and volumes. diff --git a/ssh_wrapper b/ssh_wrapper new file mode 100755 index 0000000..03ba789 --- /dev/null +++ b/ssh_wrapper @@ -0,0 +1,19 @@ +#!/bin/bash +# Lock down ssh authorized_keys command +# command="/usr/bin/ssh_wrapper",no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding ssh-rsa ... + +CHECK_GLUSTER=/usr/bin/check_glusterfs +GLUSTER_REGEX='^check_glusterfs -v [-_[:alnum:]]+ -n [0-9]+( -w [0-9.]+ -c [0-9.]+)?$' + +case "$SSH_ORIGINAL_COMMAND" in + check_glusterfs*) + # assert command looks good, assumes GNU grep + if grep -E "$GLUSTER_REGEX" <<<$SSH_ORIGINAL_COMMAND; then + exec $CHECK_GLUSTER ${SSH_ORIGINAL_COMMAND#* } + fi + ;; +esac + +echo "Sorry. Only these commands are available to you:" +echo "check_glusterfs -v VOLUME -n BRICKS [-w GB -c GB]" +exit 1