Home Explore Help
Sign In
velt.biz
/
MyMonPlugins
1
0
Fork 0
Files Issues 4 Pull Requests 0 Wiki
Tree: 57f3eba575
Branches Tags
MyMonPlugins
/
check_naf_exports.pl

check_naf_exports.pl 6.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262 
  1. #!/usr/bin/perl
    2. 

  2. 

  3. #####################################################################
    4. 

  4. # (c) 2012 Sebastian "tokkee" Harl <sh@teamix.net>                  #
    5. 

  5. #          and team(ix) GmbH, Nuernberg, Germany                    #
    6. 

  6. #                                                                   #
    7. 

  7. # This file is part of "team(ix) Monitoring Plugins"                #
    8. 

  8. # URL: http://oss.teamix.org/projects/monitoringplugins/            #
    9. 

  9. #                                                                   #
    10. 

  10. # This file is free software: you can redistribute it and/or modify #
    11. 

  11. # it under the terms of the GNU General Public License as published #
    12. 

  12. # by the Free Software Foundation, either version 2 of the License, #
    13. 

  13. # or (at your option) any later version.                            #
    14. 

  14. #                                                                   #
    15. 

  15. # This file is distributed in the hope that it will be useful, but  #
    16. 

  16. # WITHOUT ANY WARRANTY; without even the implied warranty of        #
    17. 

  17. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the      #
    18. 

  18. # GNU General Public License for more details.                      #
    19. 

  19. #                                                                   #
    20. 

  20. # You should have received a copy of the GNU General Public License #
    21. 

  21. # along with this file. If not, see <http://www.gnu.org/licenses/>. #
    22. 

  22. #####################################################################
    23. 

  23. 

  24. use strict;
    25. 

  25. use warnings;
    26. 

  26. 

  27. use utf8;
    28. 

  28. 

  29. use FindBin qw( $Bin );
    30. 

  30. use lib "$Bin/perl/lib";
    31. 

  31. use Nagios::Plugin::NetApp;
    32. 

  32. 

  33. binmode STDOUT, ":utf8";
    34. 

  34. 

  35. my $plugin = Nagios::Plugin::NetApp->new(
    36. 

  36. 	plugin    => 'check_naf_exports',
    37. 

  37. 	shortname => 'check_naf_exports',
    38. 

  38. 	version   => '0.1',
    39. 

  39. 	url       => 'http://oss.teamix.org/projects/monitoringplugins',
    40. 

  40. 	blurb     => 'Monitor NetApp™ NFS exports.',
    41. 

  41. 	usage     =>
    42. 

  42. "Usage: %s [-v|--verbose] [-H <host>] [-p <port>] [-t <timeout]
    43. 

  43. [-U <user>] [-P <password] check-tuple [...]",
    44. 

  44. 	license   =>
    45. 

  45. "This nagios plugin is free software, and comes with ABSOLUTELY NO WARRANTY.
    46. 

  46. It may be used, redistributed and/or modified under the terms of the GNU
    47. 

  47. General Public License, either version 2 or (at your option) any later version
    48. 

  48. (see http://opensource.org/licenses/GPL-2.0).",
    49. 

  49. 	extra     => "
    50. 

  50. This plugin connects to a NetApp™ filer and checks NFS exports related issues.
    51. 

  51. 

  52. A check-tuple consists of the name of the check and, optionally, a \"target\"
    53. 

  53. which more closely specifies which characteristics should be checked, and
    54. 

  54. warning and critical thresholds:
    55. 

  55. checkname[,target[,warning[,critical]]]
    56. 

  56. 

  57. The following checks are available:
    58. 

  58.  * exportfs_consistent: Check if /etc/exports is consistent with the currently
    59. 

  59.    exported filessytems.
    60. 

  60. 

  61. Warning and critical thresholds may be specified in the format documented at
    62. 

  62. http://nagiosplug.sourceforge.net/developer-guidelines.html#THRESHOLDFORMAT.",
    63. 

  63. );
    64. 

  64. 

  65. my %checks = (
    66. 

  66. 	exportfs_consistent => \&check_exportfs_consistent,
    67. 

  67. );
    68. 

  68. 

  69. my $srv = undef;
    70. 

  70. 

  71. $plugin->add_common_args();
    72. 

  72. 

  73. foreach my $check (keys %checks) {
    74. 

  74. 	$plugin->add_check_impl($check, $checks{$check});
    75. 

  75. }
    76. 

  76. 

  77. $plugin->set_default_check('exportfs_consistent');
    78. 

  78. 

  79. # configure removes any options from @ARGV
    80. 

  80. $plugin->configure();
    81. 

  81. $plugin->set_checks(@ARGV);
    82. 

  82. $srv = $plugin->connect();
    83. 

  83. 

  84. $plugin->run_checks();
    85. 

  85. 

  86. my ($code, $msg) = $plugin->check_messages(join => ', ');
    87. 

  87. 

  88. $plugin->nagios_exit($code, $msg);
    89. 

  89. 

  90. sub get_exports_rules
    91. 

  91. {
    92. 

  92. 	my $srv        = shift;
    93. 

  93. 	my $persistent = shift;
    94. 

  94. 

  95. 	my $res = undef;
    96. 

  96. 

  97. 	$res = $srv->invoke('nfs-exportfs-list-rules', 'persistent', $persistent);
    98. 

  98. 	$plugin->die_on_error($res, "Failed to read exports information");
    99. 

  99. 

  100. 	if (! $res->child_get('rules')) {
    101. 

  101. 		return ();
    102. 

  102. 	}
    103. 

  103. 

  104. 	my %exports = ();
    105. 

  105. 	foreach my $rule ($res->child_get('rules')->children_get()) {
    106. 

  106. 		my %rule;
    107. 

  107. 		my $tmp;
    108. 

  108. 

  109. 		foreach my $info (qw( actual-pathname anon nosuid pathname )) {
    110. 

  110. 			$tmp = $rule->child_get_string($info);
    111. 

  111. 			if (defined($tmp)) {
    112. 

  112. 				$rule{$info} = $tmp;
    113. 

  113. 			}
    114. 

  114. 		}
    115. 

  115. 

  116. 		foreach my $info (qw( read-only read-write root )) {
    117. 

  117. 			my %info = ();
    118. 

  118. 

  119. 			if (! $rule->child_get($info)) {
    120. 

  120. 				next;
    121. 

  121. 			}
    122. 

  122. 

  123. 			foreach my $host_info ($rule->child_get($info)->children_get()) {
    124. 

  124. 				my $host;
    125. 

  125. 

  126. 				my $all_hosts = $host_info->child_get_string('all-hosts');
    127. 

  127. 				my $negate = $host_info->child_get_string('negate');
    128. 

  128. 

  129. 				$all_hosts ||= "false";
    130. 

  130. 				$negate ||= "false";
    131. 

  131. 

  132. 				if ($all_hosts eq 'true') {
    133. 

  133. 					$host = '*';
    134. 

  134. 				}
    135. 

  135. 				else {
    136. 

  136. 					$host = $host_info->child_get_string('name');
    137. 

  137. 				}
    138. 

  138. 

  139. 				if ($negate eq 'true') {
    140. 

  140. 					$info{$host} = 1;
    141. 

  141. 				}
    142. 

  142. 				else {
    143. 

  143. 					$info{$host} = 0;
    144. 

  144. 				}
    145. 

  145. 			}
    146. 

  146. 

  147. 			$rule{$info} = \%info;
    148. 

  148. 		}
    149. 

  149. 

  150. 		if ($rule->child_get('sec-flavor')) {
    151. 

  151. 			my %sec_flavors = map {
    152. 

  152. 					$_->child_get_string('flavor') => 1
    153. 

  153. 				} $rule->child_get('sec-flavor')->children_get();
    154. 

  154. 			$rule{'sec-flavor'} = \%sec_flavors;
    155. 

  155. 		}
    156. 

  156. 

  157. 		$exports{$rule{'pathname'}} = \%rule;
    158. 

  158. 	}
    159. 

  159. 

  160. 	return %exports;
    161. 

  161. }
    162. 

  162. 

  163. sub check_exportfs_consistent
    164. 

  164. {
    165. 

  165. 	my $plugin  = shift;
    166. 

  166. 	my $srv     = shift;
    167. 

  167. 	my @targets = @_;
    168. 

  168. 

  169. 	my %exports = get_exports_rules($srv, 'true');
    170. 

  170. 	my %memory  = get_exports_rules($srv, 'false');
    171. 

  171. 

  172. 	# diff export rules
    173. 

  173. 	foreach my $path (keys %memory) {
    174. 

  174. 		if (! defined($exports{$path})) {
    175. 

  175. 			$plugin->add_message(CRITICAL,
    176. 

  176. 				"$path not exported in /etc/exports");
    177. 

  177. 			next;
    178. 

  178. 		}
    179. 

  179. 

  180. 		my %export = %{$exports{$path}};
    181. 

  181. 		my %mem    = %{$memory{$path}};
    182. 

  182. 

  183. 		foreach my $info (qw( actual-pathname anon nosuid pathname )) {
    184. 

  184. 			my $e = $export{$info};
    185. 

  185. 			my $m = $mem{$info};
    186. 

  186. 

  187. 			if ((! defined($e)) && (! defined($m))) {
    188. 

  188. 				next;
    189. 

  189. 			}
    190. 

  190. 

  191. 			$e ||= "<empty>";
    192. 

  192. 			$m ||= "<empty>";
    193. 

  193. 

  194. 			if ($e ne $m) {
    195. 

  195. 				$plugin->add_message(CRITICAL, "$path: $info differ "
    196. 

  196. 					. "(exports: $e, exportfs: $m)");
    197. 

  197. 			}
    198. 

  198. 		}
    199. 

  199. 

  200. 		foreach my $info (qw( read-only read-write root )) {
    201. 

  201. 			my $e = $export{$info};
    202. 

  202. 			my $m = $mem{$info};
    203. 

  203. 

  204. 			if ((! defined($e)) && (! defined($m))) {
    205. 

  205. 				next;
    206. 

  206. 			}
    207. 

  207. 

  208. 			foreach my $host (keys %$m) {
    209. 

  209. 				if (! defined($e->{$host})) {
    210. 

  210. 					$plugin->add_message(CRITICAL, "$path: "
    211. 

  211. 						. "$host does not have $info access in /etc/exports");
    212. 

  212. 					next;
    213. 

  213. 				}
    214. 

  214. 

  215. 				if ($m->{$host} != $e->{$host}) {
    216. 

  216. 					$plugin->add_message(CRITICAL, "$path: "
    217. 

  217. 						. "$host is negated in "
    218. 

  218. 						. ($m->{$host} ? "/etc/exports" : "exportfs info"));
    219. 

  219. 				}
    220. 

  220. 			}
    221. 

  221. 

  222. 			foreach my $host (keys %$e) {
    223. 

  223. 				if (! defined($m->{$host})) {
    224. 

  224. 					$plugin->add_message(CRITICAL, "$path: "
    225. 

  225. 						. "$host does not have $info access in exportfs info");
    226. 

  226. 				}
    227. 

  227. 			}
    228. 

  228. 		}
    229. 

  229. 

  230. 		my $e = $export{'sec-flavor'};
    231. 

  231. 		my $m = $mem{'sec-flavor'};
    232. 

  232. 

  233. 		if (! ((! defined($e)) && (! defined($m)))) {
    234. 

  234. 			$e ||= {};
    235. 

  235. 			$m ||= {};
    236. 

  236. 

  237. 			foreach my $flavor (keys %$m) {
    238. 

  238. 				if (! defined($e->{$flavor})) {
    239. 

  239. 					$plugin->add_message(CRITICAL, "$path: "
    240. 

  240. 						. "security flavor $flavor is not specified "
    241. 

  241. 						. "in /etc/exports");
    242. 

  242. 				}
    243. 

  243. 			}
    244. 

  244. 

  245. 			foreach my $flavor (keys %$e) {
    246. 

  246. 				if (! defined($m->{$flavor})) {
    247. 

  247. 					$plugin->add_message(CRITICAL, "$path: "
    248. 

  248. 						. "security flavor $flavor is not specified "
    249. 

  249. 						. "in exportfs info");
    250. 

  250. 				}
    251. 

  251. 			}
    252. 

  252. 		}
    253. 

  253. 	}
    254. 

  254. 

  255. 	foreach my $path (keys %exports) {
    256. 

  256. 		if (! defined($memory{$path})) {
    257. 

  257. 			$plugin->add_message(CRITICAL,
    258. 

  258. 				"$path not exported (according to 'exportfs')");
    259. 

  259. 		}
    260. 

  260. 	}
    261. 

  261. }
    262. 

  262.