summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien Dessaux2017-08-04 15:07:24 +0000
committerJulien Dessaux2017-08-08 09:16:23 +0000
commiteae593f3d25ccae5cf138fc15d244ccc05a7a28d (patch)
tree9d7d056352dd48877320591e58531bb3063d1dde
parentAdded hosts console and mysql01 (diff)
downloadmasterfiles-eae593f3d25ccae5cf138fc15d244ccc05a7a28d.tar.gz
masterfiles-eae593f3d25ccae5cf138fc15d244ccc05a7a28d.tar.bz2
masterfiles-eae593f3d25ccae5cf138fc15d244ccc05a7a28d.zip
Deploy freebsd check_mk agent
-rw-r--r--cfengine/core_policies.cf14
-rw-r--r--services/check_mk.cf9
-rw-r--r--services/debian.cf1
-rw-r--r--services/ubuntu.cf1
-rw-r--r--templates/check_mk/check_mk_agent.freebsd439
5 files changed, 464 insertions, 0 deletions
diff --git a/cfengine/core_policies.cf b/cfengine/core_policies.cf
index b919b59..8dee24a 100644
--- a/cfengine/core_policies.cf
+++ b/cfengine/core_policies.cf
@@ -5,3 +5,17 @@ bundle common core_policies
"bundles" slist => { "cfengine_watchdog" };
"inputs" slist => { "cfengine/watchdog.cf" };
}
+
+body copy_from scp(from)
+{
+ any::
+ source => "$(from)";
+ compare => "digest";
+ encrypt => "true";
+ verify => "true";
+ copy_backup => "false";
+ purge => "true";
+ !policy_server::
+ servers => { "$(sys.policy_hub)" };
+ portnumber => "$(sys.policy_hub_port)";
+}
diff --git a/services/check_mk.cf b/services/check_mk.cf
index 90c04b1..ab70c5e 100644
--- a/services/check_mk.cf
+++ b/services/check_mk.cf
@@ -2,13 +2,17 @@ bundle agent check_mk
{
vars:
freebsd::
+ "data" string => '{"freebsd": true}';
"rc_conf_lines" slist => {
"inetd_enable=\"YES\"",
"inetd_flags=\"-wW\"",
};
+ !freebsd::
+ "data" string => '{"freebsd": false}';
files:
freebsd::
"/etc/rc.conf"
+ create => "true",
edit_defaults => std_defs,
perms => system_owned("444"),
edit_line => append_if_no_line("$(rc_conf_lines)"),
@@ -23,6 +27,10 @@ bundle agent check_mk
perms => system_owned("444"),
edit_line => append_if_no_line("check_mk_agent stream tcp nowait root /usr/local/bin/check_mk_agent check_mk_agent"),
classes => if_repaired("check_mk_inetd_conf_file_repaired");
+ "/usr/local/bin/check_mk_agent"
+ perms => system_owned("555"),
+ copy_from => local_cp("$(sys.inputdir)/templates/check_mk/check_mk_agent.freebsd"),
+ classes => if_repaired("check_mk_agent_repaired");
classes:
freebsd::
"sshd_service_running" expression => returnszero("/usr/sbin/service sshd status", "noshell");
@@ -36,6 +44,7 @@ bundle agent check_mk
"$(this.bundle): /etc/rc.conf repaired" ifvarclass => "check_mk_rc_conf_file_repaired";
"$(this.bundle): /etc/services repaired" ifvarclass => "check_mk_services_file_repaired";
"$(this.bundle): /etc/inetd.conf repaired" ifvarclass => "check_mk_inetd_conf_file_repaired";
+ "$(this.bundle): /usr/local/bin/check_mk_agent repaired" ifvarclass => "check_mk_agent_repaired";
"$(this.bundle): inetd service repaired" ifvarclass => "inetd_service_repaired";
"$(this.bundle): inetd service restarted" ifvarclass => "inetd_service_restarted";
}
diff --git a/services/debian.cf b/services/debian.cf
index 4fe3a75..920816b 100644
--- a/services/debian.cf
+++ b/services/debian.cf
@@ -18,6 +18,7 @@ bundle common flavour
"tmux",
"tree",
"vim",
+ "wget",
};
debian&!containers::
"packages" slist => {
diff --git a/services/ubuntu.cf b/services/ubuntu.cf
index f8fc91a..9b711a3 100644
--- a/services/ubuntu.cf
+++ b/services/ubuntu.cf
@@ -18,6 +18,7 @@ bundle common flavour
"tmux",
"tree",
"vim",
+ "wget",
};
ubuntu&!containers::
"packages" slist => {
diff --git a/templates/check_mk/check_mk_agent.freebsd b/templates/check_mk/check_mk_agent.freebsd
new file mode 100644
index 0000000..edf8c59
--- /dev/null
+++ b/templates/check_mk/check_mk_agent.freebsd
@@ -0,0 +1,439 @@
+#!/usr/local/bin/bash
+# Check_MK Agent for FreeBSD
+# +------------------------------------------------------------------+
+# | ____ _ _ __ __ _ __ |
+# | / ___| |__ ___ ___| | __ | \/ | |/ / |
+# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / |
+# | | |___| | | | __/ (__| < | | | | . \ |
+# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ |
+# | |
+# | Copyright Mathias Kettner 2014 mk@mathias-kettner.de |
+# +------------------------------------------------------------------+
+#
+# This file is part of Check_MK.
+# The official homepage is at http://mathias-kettner.de/check_mk.
+#
+# check_mk is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation in version 2. check_mk is distributed
+# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with-
+# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more de-
+# tails. You should have received a copy of the GNU General Public
+# License along with GNU Make; see the file COPYING. If not, write
+# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+# Boston, MA 02110-1301 USA.
+
+# Author: Lars Michelsen <lm@mathias-kettner.de>
+# Florian Heigl <florian.heigl@gmail.com>
+# (Added sections: df mount mem netctr ipmitool)
+
+# NOTE: This agent has beed adapted from the Check_MK linux agent.
+# The most sections are commented out at the moment because
+# they have not been ported yet. We will try to adapt most
+# sections to print out the same output as the linux agent so
+# that the current checks can be used.
+
+# This might be a good source as description of sysctl output:
+# http://people.freebsd.org/~hmp/utilities/satbl/_sysctl.html
+
+# Remove locale settings to eliminate localized outputs where possible
+export LC_ALL=C
+unset LANG
+
+export MK_LIBDIR="/usr/lib/check_mk_agent"
+export MK_CONFDIR="/etc/check_mk"
+export MK_TMPDIR="/var/run/check_mk"
+
+
+# Make sure, locally installed binaries are found
+PATH=$PATH:/usr/local/bin:/usr/local/sbin
+
+# All executables in PLUGINSDIR will simply be executed and their
+# ouput appended to the output of the agent. Plugins define their own
+# sections and must output headers with '<<<' and '>>>'
+PLUGINSDIR=$MK_LIBDIR/plugins
+
+# All executables in LOCALDIR will by executabled and their
+# output inserted into the section <<<local>>>. Please refer
+# to online documentation for details.
+LOCALDIR=$MK_LIBDIR/local
+
+
+# close standard input (for security reasons) and stderr
+if [ "$1" = -d ]
+then
+ set -xv
+else
+ exec </dev/null 2>/dev/null
+fi
+
+# Runs a command asynchronous by use of a cache file
+function run_cached() {
+ if [ "$1" = -s ] ; then local section="echo '<<<$2>>>' ; " ; shift ; fi
+ local NAME=$1
+ local MAXAGE=$2
+ shift 2
+ local CMDLINE="$section$@"
+
+ if [ ! -d $MK_TMPDIR/cache ]; then mkdir -p $MK_TMPDIR/cache ; fi
+ CACHEFILE="$MK_TMPDIR/cache/$NAME.cache"
+
+ # Check if the creation of the cache takes suspiciously long and return
+ # nothing if the age (access time) of $CACHEFILE.new is twice the MAXAGE
+ local NOW=$(date +%s)
+ if [ -e "$CACHEFILE.new" ] ; then
+ local CF_ATIME=$(stat -f "%a" "$CACHEFILE.new")
+ if [ $((NOW - CF_ATIME)) -ge $((MAXAGE * 2)) ] ; then
+ return
+ fi
+ fi
+
+ # Check if cache file exists and is recent enough
+ if [ -s "$CACHEFILE" ] ; then
+ local MTIME=$(stat -f "%m" "$CACHEFILE")
+ if [ $((NOW - MTIME)) -le $MAXAGE ] ; then local USE_CACHEFILE=1 ; fi
+ # Output the file in any case, even if it is
+ # outdated. The new file will not yet be available
+ cat "$CACHEFILE"
+ fi
+
+ # Cache file outdated and new job not yet running? Start it
+ if [ -z "$USE_CACHEFILE" -a ! -e "$CACHEFILE.new" ] ; then
+ echo "$CMDLINE" | daemon /usr/local/bin/bash -o noclobber > $CACHEFILE.new && mv $CACHEFILE.new $CACHEFILE || rm -f $CACHEFILE $CACHEFILE.new &
+ fi
+}
+
+echo '<<<check_mk>>>'
+echo Version: 1.2.8p18
+echo AgentOS: freebsd
+
+
+
+osver="$(uname -r)"
+is_jailed="$(sysctl -n security.jail.jailed)"
+
+
+# Partitionen (-P verhindert Zeilenumbruch bei langen Mountpunkten)
+# Achtung: NFS-Mounts werden grundsaetzlich ausgeblendet, um
+# Haenger zu vermeiden. Diese sollten ohnehin besser auf dem
+# Server, als auf dem Client ueberwacht werden.
+
+echo '<<<df>>>'
+# no special zfs handling so far, the ZFS.pools plugin has been tested to
+# work on FreeBSD
+if df -T > /dev/null ; then
+ df -kTP -t ufs | egrep -v '(Filesystem|devfs|procfs|fdescfs|basejail)'
+else
+ df -kP -t ufs | egrep -v '(Filesystem|devfs|procfs|fdescfs|basejail)' | awk '{ print $1,"ufs",$2,$3,$4,$5,$6 }'
+fi
+
+# Filesystem usage for ZFS
+if type zfs > /dev/null 2>&1 ; then
+ echo '<<<zfsget>>>'
+ zfs get -t filesystem,volume -Hp name,quota,used,avail,mountpoint,type || \
+ zfs get -Hp name,quota,used,avail,mountpoint,type
+ echo '[df]'
+ df -kP -t zfs | sed 1d
+fi
+
+# Check NFS mounts by accessing them with stat -f (System
+# call statfs()). If this lasts more then 2 seconds we
+# consider it as hanging. We need waitmax.
+#if type waitmax >/dev/null
+#then
+# STAT_VERSION=$(stat --version | head -1 | cut -d" " -f4)
+# STAT_BROKE="5.3.0"
+#
+# echo '<<<nfsmounts>>>'
+# sed -n '/ nfs /s/[^ ]* \([^ ]*\) .*/\1/p' < /proc/mounts |
+# while read MP
+# do
+# if [ $STAT_VERSION != $STAT_BROKE ]; then
+# waitmax -s 9 2 stat -f -c "$MP ok %b %f %a %s" "$MP" || \
+# echo "$MP hanging 0 0 0 0"
+# else
+# waitmax -s 9 2 stat -f -c "$MP ok %b %f %a %s" "$MP" && \
+# printf '\n'|| echo "$MP hanging 0 0 0 0"
+# fi
+# done
+#fi
+
+# Check mount options.
+# FreeBSD doesn't do remount-ro on errors, but the users might consider
+# security related mount options more important.
+echo '<<<mounts>>>'
+mount -p -t ufs
+
+# processes including username, without kernel processes
+echo '<<<ps>>>'
+COLUMNS=10000
+if [ "$is_jailed" = "0" ]; then
+ ps ax -o state,user,vsz,rss,pcpu,command | sed -e 1d -e '/\([^ ]*J\) */d' -e 's/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\2,\3,\4,\5) /'
+else
+ ps ax -o user,vsz,rss,pcpu,command | sed -e 1d -e 's/ *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) *\([^ ]*\) */(\1,\2,\3,\4) /'
+fi
+
+
+# Produce compatible load/cpu output to linux agent. Not so easy here.
+echo '<<<cpu>>>'
+echo `sysctl -n vm.loadavg | tr -d '{}'` `top -b -n 1 | grep -E '^[0-9]+ processes' | awk '{print $3"/"$1}'` `sysctl -n kern.lastpid` `sysctl -n hw.ncpu`
+
+# Calculate the uptime in seconds since epoch compatible to /proc/uptime in linux
+echo '<<<uptime>>>'
+up_seconds=$(( `date +%s` - `sysctl -n kern.boottime | cut -f1 -d\, | awk '{print $4}'`))
+idle_seconds=$(ps axw | grep idle | grep -v grep | awk '{print $4}' | cut -f1 -d\: )
+echo "$up_seconds $idle_seconds"
+
+# Platten- und RAID-Status von LSI-Controlleren, falls vorhanden
+#if which cfggen > /dev/null ; then
+# echo '<<<lsi>>>'
+# cfggen 0 DISPLAY | egrep '(Target ID|State|Volume ID|Status of volume)[[:space:]]*:' | sed -e 's/ *//g' -e 's/:/ /'
+#fi
+
+
+# Multipathing is supported in FreeBSD by now
+# http://www.mywushublog.com/2010/06/freebsd-and-multipath/
+if kldstat -v | grep g_multipath > /dev/null ; then
+ echo '<<<freebsd_multipath>>>'
+ gmultipath status | grep -v ^Name
+fi
+
+
+# Soft-RAID
+echo '<<<freebsd_geom_mirrors>>>'
+gmirror status | grep -v ^Name
+
+# Performancecounter Kernel
+echo "<<<kernel>>>"
+date +%s
+forks=`sysctl -n vm.stats.vm.v_forks`
+vforks=`sysctl -n vm.stats.vm.v_vforks`
+rforks=`sysctl -n vm.stats.vm.v_rforks`
+kthreads=`sysctl -n vm.stats.vm.v_kthreads`
+echo "cpu" `sysctl -n kern.cp_time | awk ' { print $1" "$2" "$3" "$5" "$4 } '`
+echo "ctxt" `sysctl -n vm.stats.sys.v_swtch`
+echo "processes" `expr $forks + $vforks + $rforks + $kthreads`
+
+# Network device statistics (Packets, Collisions, etc)
+# only the "Link/Num" interface has all counters.
+echo '<<<netctr>>>'
+date +%s
+if [ "$(echo $osver | cut -f1 -d\. )" -gt "8" ]; then
+ netstat -inb | egrep -v '(^Name|lo|plip)' | grep Link | awk '{print $1" "$8" "$5" "$6" "$7" 0 0 0 0 "$11" "$9" "$10" 0 0 0 0 0"}'
+else
+ # pad output for freebsd 7 and before
+ netstat -inb | egrep -v '(^Name|lo|plip)' | grep Link | awk '{print $1" "$7" "$5" "$6" 0 0 0 0 0 "$10" "$8" "$9" 0 0 "$11" 0 0"}'
+fi
+
+
+# IPMI-Data (Fans, CPU, temperature, etc)
+# needs the sysutils/ipmitool and kldload ipmi.ko
+if which ipmitool >/dev/null ; then
+ echo '<<<ipmi>>>'
+ ipmitool sensor list \
+ | grep -v 'command failed' \
+ | sed -e 's/ *| */|/g' -e "s/ /_/g" -e 's/_*$//' -e 's/|/ /g' \
+ | egrep -v '^[^ ]+ na ' \
+ | grep -v ' discrete '
+fi
+
+
+# State of LSI MegaRAID controller via MegaCli.
+# To install: pkg install megacli
+if which MegaCli >/dev/null ; then
+ echo '<<<megaraid_pdisks>>>'
+ MegaCli -PDList -aALL -NoLog < /dev/null | egrep 'Enclosure|Raw Size|Slot Number|Device Id|Firmware state|Inquiry'
+ echo '<<<megaraid_ldisks>>>'
+ MegaCli -LDInfo -Lall -aALL -NoLog < /dev/null | egrep 'Size|State|Number|Adapter|Virtual'
+ echo '<<<megaraid_bbu>>>'
+ MegaCli -AdpBbuCmd -GetBbuStatus -aALL -NoLog < /dev/null | grep -v Exit
+fi
+
+
+# OpenVPN Clients.
+# Correct log location unknown, sed call might also be broken
+if [ -e /var/log/openvpn/openvpn-status.log ] ; then
+ echo '<<<openvpn_clients:sep(44)>>>'
+ sed -n -e '/CLIENT LIST/,/ROUTING TABLE/p' < /var/log/openvpn/openvpn-status.log | sed -e 1,3d -e '$d'
+fi
+
+
+if which ntpq > /dev/null 2>&1 ; then
+ echo '<<<ntp>>>'
+ # remote heading, make first column space separated
+ ntpq -np | sed -e 1,2d -e 's/^\(.\)/\1 /' -e 's/^ /%/'
+fi
+
+
+# Checks for cups monitoring
+#if which lpstat > /dev/null 2>&1; then
+# echo '<<<cups_queues>>>'
+# lpstat -p
+# echo '---'
+# for i in $(lpstat -p | grep -E "^(printer|Drucker)" | awk '{print $2}' | grep -v "@"); do
+# lpstat -o "$i"
+# done
+#fi
+
+# Heartbeat monitoring
+#if which cl_status > /dev/null 2>&1; then
+# # Different handling for heartbeat clusters with and without CRM
+# # for the resource state
+# if [ -S /var/run/heartbeat/crm/cib_ro ]; then
+# echo '<<<heartbeat_crm>>>'
+# crm_mon -1 -r | grep -v ^$ | sed 's/^\s/_/g'
+# else
+# echo '<<<heartbeat_rscstatus>>>'
+# cl_status rscstatus
+# fi
+#
+# echo '<<<heartbeat_nodes>>>'
+# for NODE in $(cl_status listnodes); do
+# if [ $NODE != $HOSTNAME ]; then
+# STATUS=$(cl_status nodestatus $NODE)
+# echo -n "$NODE $STATUS"
+# for LINK in $(cl_status listhblinks $NODE 2>/dev/null); do
+# echo -n " $LINK $(cl_status hblinkstatus $NODE $LINK)"
+# done
+# echo
+# fi
+# done
+#fi
+
+# Number of TCP connections in the various states
+echo '<<<tcp_conn_stats>>>'
+netstat -na | awk ' /^tcp/ { c[$6]++; } END { for (x in c) { print x, c[x]; } }'
+
+
+# Postfix mailqueue monitoring
+#
+# Only handle mailq when postfix user is present. The mailq command is also
+# available when postfix is not installed. But it produces different outputs
+# which are not handled by the check at the moment. So try to filter out the
+# systems not using postfix by searching for the postfix user.
+#
+# Cannot take the whole outout. This could produce several MB of agent output
+# on blocking queues.
+# Only handle the last 6 lines (includes the summary line at the bottom and
+# the last message in the queue. The last message is not used at the moment
+# but it could be used to get the timestamp of the last message.
+if type postconf >/dev/null ; then
+ echo '<<<postfix_mailq>>>'
+ postfix_queue_dir=$(postconf -h queue_directory)
+ postfix_count=$(find $postfix_queue_dir/deferred -type f | wc -l)
+ postfix_size=$(du -ks $postfix_queue_dir/deferred | awk '{print $1 }')
+ if [ $postfix_count -gt 0 ]
+ then
+ echo -- $postfix_size Kbytes in $postfix_count Requests.
+ else
+ echo Mail queue is empty
+ fi
+elif [ -x /usr/sbin/ssmtp ] ; then
+ echo '<<<postfix_mailq>>>'
+ mailq 2>&1 | sed 's/^[^:]*: \(.*\)/\1/' | tail -n 6
+fi
+
+# Check status of qmail mailqueue
+if type qmail-qstat >/dev/null
+then
+ echo "<<<qmail_stats>>>"
+ qmail-qstat
+fi
+
+# check zpool status
+if [ -x /sbin/zpool ]; then
+ echo "<<<zpool_status>>>"
+ /sbin/zpool status -x | grep -v "errors: No known data errors"
+fi
+
+
+# Statgrab
+# To install: pkg install libstatgrab
+if type statgrab >/dev/null 2>&1 ; then
+
+ statgrab_vars="const. disk. general. page. proc. user."
+ statgrab_vars_mem="mem. swap."
+ statgrab_sections="proc disk page"
+
+ statgrab $statgrab_vars 1> /tmp/statgrab.$$
+ statgrab $statgrab_vars_mem 1>>/tmp/statgrab.$$
+
+
+ for s in $statgrab_sections
+ do
+ echo "<<<statgrab_$s>>>"
+ grep "^${s}\." /tmp/statgrab.$$ | cut -d. -f2-99 | sed 's/ *= */ /'
+ done
+
+ echo '<<<statgrab_net>>>'
+ statgrab net. 2>&1 | cut -d. -f2-99 | sed 's/ *= */ /'
+
+ echo '<<<statgrab_mem>>>'
+ egrep "^(swap|mem)\." /tmp/statgrab.$$ | sed 's/ *= */ /'
+
+ [ -f /tmp/statgrab.$$ ] && rm -f /tmp/statgrab.$$
+fi
+
+
+# Fileinfo-Check: put patterns for files into /etc/check_mk/fileinfo.cfg
+if [ -r "$MK_CONFDIR/fileinfo.cfg" ] ; then
+ echo '<<<fileinfo:sep(124)>>>'
+ date +%s
+ for line in $(cat "$MK_CONFDIR/fileinfo.cfg")
+ do
+ stat -f "%N|%z|%m" $line 2>/dev/null
+
+ if [ $? -ne 0 ]; then
+ echo "$line|missing|$(date +%s)"
+ fi
+ done
+fi
+
+
+# Local checks
+echo '<<<local>>>'
+if cd $LOCALDIR ; then
+ for skript in $(ls) ; do
+ if [ -f "$skript" -a -x "$skript" ] ; then
+ ./$skript
+ fi
+ done
+ # Call some plugins only every X'th minute
+ for skript in [1-9]*/* ; do
+ if [ -x "$skript" ] ; then
+ run_cached local_${skript//\//\\} ${skript%/*} "$skript"
+ fi
+ done
+fi
+
+# Plugins
+if cd $PLUGINSDIR; then
+ for skript in $(ls) ; do
+ if [ -f "$skript" -a -x "$skript" ] ; then
+ ./$skript
+ fi
+ done
+ # Call some plugins only every X'th minute
+ for skript in [1-9]*/* ; do
+ if [ -x "$skript" ] ; then
+ run_cached plugins_${skript//\//\\} ${skript%/*} "$skript"
+ fi
+ done
+fi
+
+
+# MK's Remote Plugin Executor
+if [ -e "$MK_CONFDIR/mrpe.cfg" ]
+then
+ echo '<<<mrpe>>>'
+ grep -Ev '^[[:space:]]*($|#)' "$MK_CONFDIR/mrpe.cfg" | \
+ while read descr cmdline
+ do
+ PLUGIN=${cmdline%% *}
+ OUTPUT=$(eval "$cmdline")
+ echo -n "(${PLUGIN##*/}) $descr $? $OUTPUT" | tr \\n \\1
+ echo
+ done
+fi
+