NRPE Charm

Merge ~xavpaice/charm-nrpe:bug/1824882 into ~nrpe-charmers/charm-nrpe:master

  1. Git
  2. lp:~xavpaice/charm-nrpe
  3. bug/1824882
  4. Merge into master
Proposed by Xav Paice
Status: Merged
Approved by: Jeremy Lounder
Approved revision: 16929cb933ed9eb35282f0238a251478610ebeb8
Merge reported by: Xav Paice
Merged at revision: 16929cb933ed9eb35282f0238a251478610ebeb8
Proposed branch: ~xavpaice/charm-nrpe:bug/1824882
Merge into: ~nrpe-charmers/charm-nrpe:master
Diff against target: 140 lines (+103/-1)
4 files modified
config.yaml (+9/-0)
files/plugins/check_ro_filesystem.py (+75/-0)
hooks/nrpe_helpers.py (+17/-0)
hooks/nrpe_utils.py (+2/-1)
Reviewer Review Type Date Requested Status
Jeremy Lounder (community) Approve
Alvaro Uria (community) Needs Fixing
Wouter van Bommel (community) Approve
Review via email: mp+380338@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Wouter van Bommel (woutervb) wrote :

Please see the inline comment(s)

review: Needs Fixing
Revision history for this message
Xav Paice (xavpaice) wrote :

updated; added python3 to the package list (although it's there on the current Trusty cloud image), added some validation on the inputs, and fixed up the syntax errors (forgot to push that change).

Revision history for this message
Wouter van Bommel (woutervb) wrote :

lgtm

review: Approve
Revision history for this message
Alvaro Uria (aluria) wrote :

I've suggested a few changes for readability, completeness (verify all read-only fs that are not excluded instead of returning the first one found), and a doubt about the input validation (match substrings could induce to errors, should we look for "start of string"?).

review: Needs Fixing
Revision history for this message
Xav Paice (xavpaice) wrote :

Many thanks for the detailed review! Have updated the commit with responses to the feedback.

Revision history for this message
Jeremy Lounder (jldev) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/config.yaml b/config.yaml
index 44a6680..2c9eefd 100644
--- a/config.yaml
+++ b/config.yaml
@@ -179,3 +179,12 @@ options:
179 dmesg history length to check for xfs errors, in minutes179 dmesg history length to check for xfs errors, in minutes
180 .180 .
181 Defaults to disabled, set the time to enable.181 Defaults to disabled, set the time to enable.
182 ro_filesystem_excludes:
183 default: "/snap/,/sys/fs/cgroup"
184 type: string
185 description: |
186 Comma separated list of mount points to exclude from checks for readonly filesystem.
187 Can be a substring rather than the entire mount point, e.g. /sys will match all filesystems
188 beginning with the string /sys.
189 The check is disabled on all LXD units, and also for non-container units if this parameter is
190 set to ''.
diff --git a/files/plugins/check_ro_filesystem.py b/files/plugins/check_ro_filesystem.py
182new file mode 100755191new file mode 100755
index 0000000..c19ae31
--- /dev/null
+++ b/files/plugins/check_ro_filesystem.py
@@ -0,0 +1,75 @@
1#!/usr/bin/env python3
2# -*- coding: us-ascii -*-
3
4# Copyright (C) 2020 Canonical
5# All rights reserved
6#
7
8import argparse
9
10from nagios_plugin3 import (
11 CriticalError,
12 UnknownError,
13 try_check,
14)
15
16EXCLUDE = {"/snap/", "/sys/fs/cgroup"}
17
18
19def check_ro_filesystem(excludes=""):
20 """Loops /proc/mounts looking for readonly mounts.
21
22 :param excludes: list of mount points to exclude from checks
23 """
24 # read /proc/mounts, add each line to a list
25 try:
26 with open("/proc/mounts") as fd:
27 mounts = [mount.strip() for mount in fd.readlines()]
28 except Exception as e:
29 raise UnknownError("UNKNOWN: unable to read mounts with {}".format(e))
30
31 exclude_mounts = EXCLUDE
32 ro_filesystems = []
33 # if excludes != "" and excludes is not None:
34 if excludes:
35 try:
36 exclude_mounts = EXCLUDE.union(set(excludes.split(",")))
37 except Exception as e:
38 msg = "UNKNOWN: unable to read list of mounts to exclude {}".format(e)
39 raise UnknownError(msg)
40 for mount in mounts:
41 # for each line in the list, split by space to a new list
42 split_mount = mount.split()
43 # if mount[1] matches EXCLUDE_FS then next, else check it's not readonly
44 if not any(split_mount[1].startswith(exclusion.strip()) for exclusion in exclude_mounts):
45 mount_options = split_mount[3].split(",")
46 if "ro" in mount_options:
47 ro_filesystems.append(split_mount[1])
48 if len(ro_filesystems) > 0:
49 msg = "CRITICAL: filesystem(s) {} readonly".format(','.join(ro_filesystems))
50 raise CriticalError(msg)
51
52 print("OK: no readonly filesystems found")
53
54
55def parse_args():
56 parser = argparse.ArgumentParser(description="Check for readonly filesystems")
57 parser.add_argument(
58 "--exclude",
59 "-e",
60 type=str,
61 help="""Comma separated list of mount points to exclude from checks for readonly filesystem.
62 Can be just a substring of the whole mount point.""",
63 default='',
64 )
65 args = parser.parse_args()
66 return args
67
68
69def main():
70 args = parse_args()
71 try_check(check_ro_filesystem, args.exclude)
72
73
74if __name__ == "__main__":
75 main()
diff --git a/hooks/nrpe_helpers.py b/hooks/nrpe_helpers.py
index 63c7ba4..fac74ed 100644
--- a/hooks/nrpe_helpers.py
+++ b/hooks/nrpe_helpers.py
@@ -437,6 +437,23 @@ class SubordinateCheckDefinitions(dict):
437 'cmd_params': '-w 60 -c 80', # Specify params here to enable the check, not required otherwise.437 'cmd_params': '-w 60 -c 80', # Specify params here to enable the check, not required otherwise.
438 }438 }
439 checks.append(arp_check)439 checks.append(arp_check)
440 ro_filesystem_excludes = hookenv.config('ro_filesystem_excludes')
441 if ro_filesystem_excludes == '':
442 # specify cmd_params = '' to disable/remove the check from nrpe
443 check_ro_filesystem = {
444 'description': 'Readonly filesystems',
445 'cmd_name': 'check_ro_filesystem',
446 'cmd_exec': os.path.join(local_plugin_dir, 'check_ro_filesystem.py'),
447 'cmd_params': '',
448 }
449 else:
450 check_ro_filesystem = {
451 'description': 'Readonly filesystems',
452 'cmd_name': 'check_ro_filesystem',
453 'cmd_exec': os.path.join(local_plugin_dir, 'check_ro_filesystem.py'),
454 'cmd_params': '-e {}'.format(hookenv.config('ro_filesystem_excludes')),
455 }
456 checks.append(check_ro_filesystem)
440457
441 if hookenv.config('lacp_bonds').strip():458 if hookenv.config('lacp_bonds').strip():
442 for bond_iface in hookenv.config('lacp_bonds').strip().split():459 for bond_iface in hookenv.config('lacp_bonds').strip().split():
diff --git a/hooks/nrpe_utils.py b/hooks/nrpe_utils.py
index 6e2e9ab..7d294d7 100644
--- a/hooks/nrpe_utils.py
+++ b/hooks/nrpe_utils.py
@@ -31,7 +31,8 @@ def determine_packages():
31 pkgs = [31 pkgs = [
32 'nagios-nrpe-server',32 'nagios-nrpe-server',
33 'nagios-plugins-basic',33 'nagios-plugins-basic',
34 'nagios-plugins-standard'34 'nagios-plugins-standard',
35 'python3',
35 ]36 ]
36 if hookenv.config('export_nagios_definitions'):37 if hookenv.config('export_nagios_definitions'):
37 pkgs.append('rsync')38 pkgs.append('rsync')

Subscribers

People subscribed via source and target branches