sensu-plugins-aws-boutetnico 1.0.6

data/bin/check-dynamodb-capacity.rb

@@ -0,0 +1,194 @@
+#! /usr/bin/env ruby
+#
+# check-dynamodb-capacity
+#
+# DESCRIPTION:
+#   Check DynamoDB statuses by CloudWatch and DynamoDB API.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   Warning if any table's consumed read/write capacity is over 80%, critical if over 90%
+#   check-dynamodb-capacity --warning-over 80 --critical-over 90
+#
+#   Critical if session table's consumed read capacity is over 90%, maximum of last one hour
+#   check-dynamodb-capacity --table_names session --capacity-for read --critical-over 90 --statistics maximum --period 3600
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2014 github.com/y13i
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+require 'time'
+
+class CheckDynamoDB < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short:       '-a AWS_ACCESS_KEY',
+         long:        '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY'] or provide it as an option",
+         default:     ENV['AWS_ACCESS_KEY']
+
+  option :aws_secret_access_key,
+         short:       '-k AWS_SECRET_KEY',
+         long:        '--aws-secret-access-key AWS_SECRET_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_KEY'] or provide it as an option",
+         default:     ENV['AWS_SECRET_KEY']
+
+  option :aws_region,
+         short:       '-r AWS_REGION',
+         long:        '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default:     'us-east-1'
+
+  option :table_names,
+         short:       '-t N',
+         long:        '--table-names NAMES',
+         proc:        proc { |a| a.split(/[,;]\s*/) },
+         description: 'Table names to check. Separated by , or ;. If not specified, check all tables'
+
+  option :end_time,
+         short:       '-t T',
+         long:        '--end-time TIME',
+         default:     Time.now,
+         proc:        proc { |a| Time.parse a },
+         description: 'CloudWatch metric statistics end time'
+
+  option :period,
+         short:       '-p N',
+         long:        '--period SECONDS',
+         default:     60,
+         # #YELLOW
+         proc:        proc(&:to_i),
+         description: 'CloudWatch metric statistics period'
+
+  option :statistics,
+         short:       '-S N',
+         long:        '--statistics NAME',
+         default:     :average,
+         proc:        proc { |a| a.downcase.intern },
+         description: 'CloudWatch statistics method'
+
+  option :capacity_for,
+         short:       '-c N',
+         long:        '--capacity-for NAME',
+         default:     %i[read write],
+         proc:        proc { |a| a.split(/[,;]\s*/).map { |n| n.downcase.intern } },
+         description: 'Read/Write (or both) capacity to check.'
+
+  %w[warning critical].each do |severity|
+    option :"#{severity}_over",
+           long:        "--#{severity}-over N",
+           # #YELLOW
+           proc:        proc(&:to_f),
+           description: "Trigger a #{severity} if consumed capacity is over a percentage"
+  end
+
+  def aws_config
+    { access_key_id: config[:aws_access_key],
+      secret_access_key: config[:aws_secret_access_key],
+      region: config[:aws_region] }
+  end
+
+  def dynamo_db
+    @dynamo_db ||= Aws::DynamoDB::Client.new aws_config
+  end
+
+  def cloud_watch
+    @cloud_watch ||= Aws::CloudWatch::Client.new aws_config
+  end
+
+  def tables
+    return @tables if @tables
+    table_names = dynamo_db.list_tables.table_names.to_a
+    table_names.select! { |table_name| config[:table_names].include? table_name } if config[:table_names]
+    @tables = []
+    table_names.each do |table_name|
+      @tables.push(dynamo_db.describe_table(
+        table_name: table_name
+      ).table)
+    end
+    @tables
+  end
+
+  def cloud_watch_metric(metric_name, table_name)
+    cloud_watch.get_metric_statistics(
+      namespace: 'AWS/DynamoDB',
+      metric_name: metric_name,
+      dimensions: [
+        {
+          name: 'TableName',
+          value: table_name
+        }
+      ],
+      start_time: config[:end_time] - config[:period],
+      end_time: config[:end_time],
+      statistics: [config[:statistics].to_s.capitalize],
+      period: config[:period],
+      unit: 'Count'
+    )
+  end
+
+  def latest_value(metric)
+    metric.datapoints.sort_by { |datapoint| datapoint[:timestamp] }.last[config[:statistics]]
+  end
+
+  def flag_alert(severity, message)
+    @severities[severity] = true
+    @message += message
+  end
+
+  def check_capacity(table)
+    config[:capacity_for].each do |r_or_w|
+      metric_name   = "Consumed#{r_or_w.to_s.capitalize}CapacityUnits"
+      metric        = cloud_watch_metric metric_name, table.table_name
+      metric_value  = begin
+                        latest_value(metric)
+                      rescue StandardError
+                        0
+                      end
+      percentage    = metric_value / table.provisioned_throughput.send("#{r_or_w}_capacity_units").to_f * 100
+
+      @severities.each_key do |severity|
+        threshold = config[:"#{severity}_over"]
+        next unless threshold
+        next if percentage < threshold
+        flag_alert severity, "; On table #{table.table_name} consumed #{r_or_w} capacity is #{sprintf '%.2f', percentage}% (expected_lower_than #{threshold})"
+        break
+      end
+    end
+  end
+
+  def run
+    @message    = "#{tables.size} tables total"
+    @severities = {
+      critical: false,
+      warning:  false
+    }
+
+    tables.each { |table| check_capacity table }
+
+    @message += "; (#{config[:statistics].to_s.capitalize} within #{config[:period]} seconds "
+    @message += "between #{config[:end_time] - config[:period]} to #{config[:end_time]})"
+
+    if @severities[:critical]
+      critical @message
+    elsif @severities[:warning]
+      warning @message
+    else
+      ok @message
+    end
+  end
+end

data/bin/check-dynamodb-throttle.rb

@@ -0,0 +1,188 @@
+#! /usr/bin/env ruby
+#
+# check-dynamodb-throttle
+#
+# DESCRIPTION:
+#   Check DynamoDB throttle by CloudWatch and DynamoDB API.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   Critical if session table's read throttle is over 50 for the last 5 minutes
+#   check-dynamodb-throttle --table_names session --throttle-for read --critical-over 50 --statistics sum --period 300
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2014 Sonian, Inc. and contributors. <support@sensuapp.org>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+require 'time'
+
+class CheckDynamoDB < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short:       '-a AWS_ACCESS_KEY',
+         long:        '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY'] or provide it as an option",
+         default:     ENV['AWS_ACCESS_KEY']
+
+  option :aws_secret_access_key,
+         short:       '-k AWS_SECRET_KEY',
+         long:        '--aws-secret-access-key AWS_SECRET_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_KEY'] or provide it as an option",
+         default:     ENV['AWS_SECRET_KEY']
+
+  option :aws_region,
+         short:       '-r AWS_REGION',
+         long:        '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default:     'us-east-1'
+
+  option :table_names,
+         short:       '-t N',
+         long:        '--table-names NAMES',
+         proc:        proc { |a| a.split(/[,;]\s*/) },
+         description: 'Table names to check. Separated by , or ;. If not specified, check all tables'
+
+  option :end_time,
+         short:       '-t T',
+         long:        '--end-time TIME',
+         default:     Time.now,
+         proc:        proc { |a| Time.parse a },
+         description: 'CloudWatch metric statistics end time'
+
+  option :period,
+         short:       '-p N',
+         long:        '--period SECONDS',
+         default:     60,
+         proc:        proc(&:to_i),
+         description: 'CloudWatch metric statistics period'
+
+  option :statistics,
+         short:       '-S N',
+         long:        '--statistics NAME',
+         default:     :average,
+         proc:        proc { |a| a.downcase.intern },
+         description: 'CloudWatch statistics method'
+
+  option :throttle_for,
+         short:       '-c N',
+         long:        '--throttle-for NAME',
+         default:     %i[read write],
+         proc:        proc { |a| a.split(/[,;]\s*/).map { |n| n.downcase.intern } },
+         description: 'Read/Write (or both) throttle to check.'
+
+  %w[warning critical].each do |severity|
+    option :"#{severity}_over",
+           long:        "--#{severity}-over N",
+           proc:        proc(&:to_f),
+           description: "Trigger a #{severity} if throttle is over the given number"
+  end
+
+  def aws_config
+    { access_key_id: config[:aws_access_key],
+      secret_access_key: config[:aws_secret_access_key],
+      region: config[:aws_region] }
+  end
+
+  def dynamo_db
+    @dynamo_db ||= Aws::DynamoDB::Client.new aws_config
+  end
+
+  def cloud_watch
+    @cloud_watch ||= Aws::CloudWatch::Client.new aws_config
+  end
+
+  def tables
+    return @tables if @tables
+    table_names = dynamo_db.list_tables.table_names.to_a
+    table_names.select! { |table_name| config[:table_names].include? table_name } if config[:table_names]
+    @tables = []
+    table_names.each do |table_name|
+      @tables.push(dynamo_db.describe_table(
+        table_name: table_name
+      ).table)
+    end
+    @tables
+  end
+
+  def cloud_watch_metric(metric_name, table_name)
+    cloud_watch.get_metric_statistics(
+      namespace: 'AWS/DynamoDB',
+      metric_name: metric_name,
+      dimensions: [
+        {
+          name: 'TableName',
+          value: table_name
+        }
+      ],
+      start_time: config[:end_time] - config[:period],
+      end_time: config[:end_time],
+      statistics: [config[:statistics].to_s.capitalize],
+      period: config[:period],
+      unit: 'Count'
+    )
+  end
+
+  def latest_value(metric)
+    metric.datapoints.sort_by { |datapoint| datapoint[:timestamp] }.last[config[:statistics]]
+  end
+
+  def flag_alert(severity, message)
+    @severities[severity] = true
+    @message += message
+  end
+
+  def check_throttle(table)
+    config[:throttle_for].each do |r_or_w|
+      metric_name   = "#{r_or_w.to_s.capitalize}ThrottleEvents"
+      metric        = cloud_watch_metric metric_name, table.table_name
+      metric_value  = begin
+                        latest_value(metric)
+                      rescue StandardError
+                        0
+                      end
+
+      @severities.each_key do |severity|
+        threshold = config[:"#{severity}_over"]
+        next unless threshold
+        next if metric_value < threshold
+        flag_alert severity, "; On table #{table.table_name} #{r_or_w.to_s.capitalize}ThrottleEvents is #{metric_value} (higher_than #{threshold})"
+        break
+      end
+    end
+  end
+
+  def run
+    @message    = "#{tables.size} tables total"
+    @severities = {
+      critical: false,
+      warning: false
+    }
+
+    tables.each { |table| check_throttle table }
+
+    @message += "; (#{config[:statistics].to_s.capitalize} within #{config[:period]} seconds "
+    @message += "between #{config[:end_time] - config[:period]} to #{config[:end_time]})"
+
+    if @severities[:critical]
+      critical @message
+    elsif @severities[:warning]
+      warning @message
+    else
+      ok @message
+    end
+  end
+end

data/bin/check-ebs-burst-limit.rb

@@ -0,0 +1,143 @@
+#! /usr/bin/env ruby
+#
+# check-ebs-burst-limit
+#
+# DESCRIPTION:
+#   Check EC2 Volumes for volumes with low burst balance
+#   Optionally check only volumes attached to the current instance
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-ebs-burst-limit.rb -r ${you_region}
+#   ./check-ebs-burst-limit.rb -r ${you_region} -c 50
+#   ./check-ebs-burst-limit.rb -r ${you_region} -c 50 -t Name
+#   ./check-ebs-burst-limit.rb -r ${you_region} -w 50 -c 10
+#   ./check-ebs-burst-limit.rb -r ${you_region} -w 50 -c 10 -f "{name:tag-value,values:[infrastructure]}"
+#   ./check-ebs-burst-limit.rb -r ${you_region} -w 50 -c 10 -f "{name:tag-value,values:[infrastructure]}" -t Name
+#
+# LICENSE:
+#   Barry Martin <nyxcharon@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'sensu-plugins-aws'
+require 'sensu-plugins-aws/filter'
+require 'aws-sdk'
+require 'net/http'
+
+class CheckEbsBurstLimit < Sensu::Plugin::Check::CLI
+  include CloudwatchCommon
+  include Filter
+
+  option :aws_region,
+         short:       '-r R',
+         long:        '--region REGION',
+         description: 'AWS region, will be overridden by the -s option',
+         default: 'us-east-1'
+
+  option :tag,
+         description: 'Add volume TAG value to warn/critical message.',
+         short: '-t TAG',
+         long: '--tag TAG'
+
+  option :critical,
+         description: 'Trigger a critical when ebs burst limit is under VALUE',
+         short: '-c VALUE',
+         long: '--critical VALUE',
+         proc: proc(&:to_f),
+         required: true
+
+  option :warning,
+         description: 'Trigger a warning when ebs burst limit is under VALUE',
+         short: '-w VALUE',
+         long: '--warning VALUE',
+         proc: proc(&:to_f)
+
+  option :check_self,
+         short: '-s',
+         long: '--check-self',
+         description: 'Only check the instance on which this plugin is being run - this overrides the -r option and uses the region of the current instance',
+         boolean: true,
+         default: false
+
+  option :filter,
+         short: '-f FILTER',
+         long: '--filter FILTER',
+         description: 'String representation of the filter to apply',
+         default: '{}'
+
+  def volume_tag(volume, tag_name)
+    tag = volume.tags.select { |t| t.key == tag_name }.first
+    tag.nil? ? '' : tag.value
+  end
+
+  def run
+    errors = []
+
+    volume_filters = Filter.parse(config[:filter])
+
+    # Set the describe-volumes filter depending on whether -s was specified
+    if config[:check_self] == true
+      # Get the region from the availability zone, and override the -r option
+      my_instance_az = Net::HTTP.get(URI.parse('http://169.254.169.254/latest/meta-data/placement/availability-zone'))
+      Aws.config[:region] = my_instance_az.chop
+      my_instance_id = Net::HTTP.get(URI.parse('http://169.254.169.254/latest/meta-data/instance-id'))
+      volume_filters.push(
+        name: 'attachment.instance-id',
+        values: [my_instance_id]
+      )
+    else
+      # The -s option was not specified, look at all volumes which are attached
+      volume_filters.push(
+        name: 'attachment.status',
+        values: ['attached']
+      )
+    end
+
+    ec2 = Aws::EC2::Client.new
+    volumes = ec2.describe_volumes(
+      filters: volume_filters
+    )
+    config[:metric_name] = 'BurstBalance'
+    config[:namespace] = 'AWS/EBS'
+    config[:statistics] = 'Average'
+    config[:period] = 120
+    crit = false
+    should_warn = false
+
+    volumes[:volumes].each do |volume|
+      config[:dimensions] = []
+      config[:dimensions] << { name: 'VolumeId', value: volume[:volume_id] }
+      volume_tag = config[:tag] ? " (#{volume_tag(volume, config[:tag])})" : ''
+      resp = client.get_metric_statistics(metrics_request(config))
+      unless resp.datapoints.first.nil?
+        if resp.datapoints.first[:average] < config[:critical]
+          errors << "#{volume[:volume_id]}#{volume_tag} #{resp.datapoints.first[:average]}"
+          crit = true
+        elsif config[:warning] && resp.datapoints.first[:average] < config[:warning]
+          errors << "#{volume[:volume_id]}#{volume_tag} #{resp.datapoints.first[:average]}"
+          should_warn = true
+        end
+      end
+    end
+
+    if crit
+      critical "Volume(s) have exceeded critical threshold: #{errors}"
+    elsif should_warn
+      warning "Volume(s) have exceeded warning threshold: #{errors}"
+    else
+      ok 'No volume(s) exceed thresholds'
+    end
+  end
+end