sensu-plugins-aws-boutetnico 1.0.6

data/bin/check-ecs-service-health.rb

@@ -0,0 +1,155 @@
+#! /usr/bin/env ruby
+#
+# check-ecs-service-health
+#
+# DESCRIPTION:
+#   This plugin uses the AWS ECS API to check the running
+#   and desired task counts for services on a cluster.
+#   Any services with fewer running than desired tasks will
+#   are considered unhealthy.
+#
+#   CRIT: 0 = running < desired
+#   WARN: 0 < running < desired
+#   OK:   running >= desired
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux, Windows, Mac
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#  ./check-ecs-service-health.rb -r {us-east-1|eu-west-1} -c default [-s my-service]
+#
+# NOTES:
+#
+# MULTIPLE CLUSTERS/SERVICES AUTOMATION
+#   Create multiple clusters/services with these scripts: https://github.com/ay-b/ecs-service-check-autocreate
+#   Don't forget to edit template file
+#
+# LICENSE:
+#   Norm MacLennan <nmaclennan@cimpress.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+
+require 'sensu-plugin/check/cli'
+require 'sensu-plugins-aws'
+require 'aws-sdk'
+
+class CheckEcsServiceHealth < Sensu::Plugin::Check::CLI
+  include Common
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region AWS_REGION',
+         description: 'The AWS region in which to check rules. Currently only available in us-east-1.',
+         default: 'us-east-1'
+
+  option :cluster_name,
+         short: '-c NAME',
+         long: '--cluster-name NAME',
+         description: 'The cluster to check services on.',
+         default: 'default'
+
+  option :services,
+         short: '-s SERVICE',
+         long: '--service NAME',
+         description: 'The service to check run status on.'
+
+  option :warn_as_crit,
+         short: '-w',
+         long: '--warn_as_crit',
+         description: 'Consider it critical when any desired tasks are not running. Otherwise, only 0 is critical.'
+
+  option :primary_status,
+         short: '-p',
+         long: '--primary_status',
+         description: 'Checking for deployments which only have a Primary Status.',
+         default: false
+
+  def ecs_client
+    @ecs_client ||= Aws::ECS::Client.new
+  end
+
+  # List of requested services or all services registered to the cluster
+  def service_list(cluster = 'default', services = nil)
+    return services.split ',' if services
+    collect_services(cluster)
+  end
+
+  def collect_services(cluster = 'default', token: nil)
+    response = ecs_client.list_services(cluster: cluster, next_token: token)
+    services = response.service_arns
+    services.push(*collect_services(cluster, token: response.next_token)) if response.next_token
+    services
+  end
+
+  def service_details(cluster = 'default', services = nil)
+    service_list(cluster, services).each_slice(10).to_a.map do |s|
+      ecs_client.describe_services(cluster: cluster, services: s)['services']
+    end.flatten
+  end
+
+  def bucket_service(running_count, desired_count)
+    if running_count.zero? && desired_count > 0
+      :critical
+    elsif running_count < desired_count
+      :warn
+    else
+      :ok
+    end
+  end
+
+  # Unhealthy if service has fewer running tasks than desired
+  def services_by_health(cluster = 'default', services = nil, primary_status = false)
+    bucket = nil
+    service_details(cluster, services).group_by do |service|
+      if primary_status
+        service.deployments.each do |x|
+          if x[:status].include? 'PRIMARY'
+            bucket = bucket_service(x[:running_count], x[:desired_count])
+          end
+        end
+      else
+        bucket = bucket_service(service[:running_count], service[:desired_count])
+      end
+      bucket
+    end
+  end
+
+  def run
+    service_healths = services_by_health(config[:cluster_name], config[:services], config[:primary_status])
+
+    unhealthy = []
+    unhealthy.concat(service_healths[:critical]) if service_healths.key? :critical
+    unhealthy.concat(service_healths[:warn]) if service_healths.key? :warn
+
+    if config[:primary_status]
+      unhealthy_p = nil
+      unhealthy = unhealthy.collect do |s|
+        s.deployments.each do |x|
+          if x[:status].include? 'PRIMARY'
+            unhealthy_p = "#{s.service_name} (#{x.running_count}/#{x.desired_count})"
+          end
+        end
+        unhealthy_p
+      end
+    else
+      unhealthy = unhealthy.collect { |s| "#{s.service_name} (#{s.running_count}/#{s.desired_count})" }
+    end
+
+    if service_healths.key?(:critical) || (config[:warn_as_crit] && service_healths.key?(:warn))
+      critical("Unhealthy ECS Services(Primary only = #{config[:primary_status]}):  #{unhealthy.join ', '}")
+    elsif service_healths.key?(:warn)
+      warning("Unhealthy ECS Services(Primary only = #{config[:primary_status]}): #{unhealthy.join ', '}")
+    else
+      ok
+    end
+  rescue StandardError => e
+    unknown "An error occurred processing AWS ECS API: #{e.message}"
+  end
+end

data/bin/check-efs-metric.rb

@@ -0,0 +1,145 @@
+#!/usr/bin/env ruby
+#
+# check-efs-metric
+#
+# DESCRIPTION:
+#   This plugin checks a CloudWatch metric from the AWS/EFS namespace
+#   For more details, see https://docs.aws.amazon.com/efs/latest/ug/monitoring-cloudwatch.html#efs-metrics
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-efs-metric -w 25.0 -c 75.0 \
+#   -m PercentIOLimit -o greater -n my-efs-filesystem-name
+#
+# NOTES:
+#
+# LICENSE:
+#   Ivan Fetch
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugins-aws'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+# A Sensu plugin which uses cloudwatch-common to  check EFS CloudWatch metrics
+class EFSMetric < Sensu::Plugin::Check::CLI
+  include Common
+  include CloudwatchCommon
+
+  option :efs_name,
+         description: 'Name of the EFS file system, matching the Name tag',
+         short: '-n VALUE',
+         long: '--name VALUE',
+         proc: proc(&:to_s),
+         required: true
+
+  option :metric_name,
+         description: 'CloudWatch metric in the AWS/EFS namespace: E.G. PercentIOLimit',
+         short: '-m VALUE',
+         long: '--metric VALUE',
+         proc: proc(&:to_s),
+         required: true
+
+  option :statistics,
+         description: 'Statistic to retrieve from CloudWatch: E.G. Minimum or Maximum',
+         short: '-s statistic',
+         long: '--statistic statistic',
+         default: 'Average',
+         proc: proc(&:to_s)
+
+  option :critical,
+         description: 'Return critical when the metric is at this VALUE, also see the --operator option',
+         short: '-c VALUE',
+         long: '--critical VALUE',
+         proc: proc(&:to_f),
+         required: true
+
+  option :warning,
+         description: 'Return warning when the metric is at this VALUE, also see the --operator option',
+         short: '-w VALUE',
+         long: '--warning VALUE',
+         proc: proc(&:to_f)
+
+  option :period,
+         description: 'CloudWatch metric statistics period, in seconds. Must be a multiple   of 60',
+         short: '-p VALUE',
+         long: '--period VALUE',
+         default: 60,
+         proc: proc(&:to_i)
+
+  option :compare,
+         description: 'Comparison operator for critical and warning thresholds: equal, not, greater, less',
+         short: '-o OPERATOR',
+         long: '--operator OPERATOR',
+         default: 'less'
+
+  option :unit,
+         description: 'CloudWatch metric unit, to be passed to the metrics request',
+         short: '-u UNIT',
+         long: '--unit UNIT'
+
+  option :no_data_ok,
+         description: 'Returns ok if no data is returned from the metric',
+         short: '-O',
+         long: '--allow-no-data',
+         boolean: true,
+         default: false
+
+  option :no_efs_ok,
+         description: 'Returns ok if the EFS file system specified by the -n option can not be found: This is useful if using a check in multiple environments where a file system may not always exist',
+         short: '-N',
+         long: '--allow-no-efs',
+         boolean: true,
+         default: false
+
+  option :aws_region,
+         description: 'AWS region',
+         short: '-r Region',
+         long: '--region REGION',
+         default: 'us-east-1'
+
+  # This is used by CloudwatchCommon to display the description for what is being checked.
+  def metric_desc
+    "#{config[:metric_name]} for #{config[:efs_name]}"
+  end
+
+  def run
+    config[:namespace] = 'AWS/EFS'
+    found_efs = false
+
+    efs = Aws::EFS::Client.new
+    filesystems = efs.describe_file_systems
+    filesystems.file_systems.each do |filesystem|
+      # Once Ruby < ver 2.4 is not supported, change this to:
+      # if filesystem.name.casecmp?(config[:efs_name])
+      # See : https://ruby-doc.org/core-2.4.0/String.html#method-i-casecmp
+      if filesystem.name.casecmp(config[:efs_name]).zero?
+        found_efs = true
+        config[:dimensions] = []
+        config[:dimensions] << { name: 'FileSystemId', value: filesystem.file_system_id }
+        check config
+      end
+    end
+
+    # rubocop:disable Style/GuardClause
+    unless found_efs
+      if config[:no_efs_ok]
+        ok "EFS file system #{config[:efs_name]} was not found in region #{config[:aws_region]} but that's ok"
+      else
+        critical "EFS file system #{config[:efs_name]} was not found in region #{config[:aws_region]}"
+      end
+    end
+    # rubocop:enable Style/GuardClause
+  end
+end

data/bin/check-eip-allocation.rb

@@ -0,0 +1,64 @@
+#! /usr/bin/env ruby
+#
+# check-ebs-snapshots
+#
+# DESCRIPTION:
+#   Alert on new eip allocations
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-eip-allocation.rb -r ${you_region} -e ${eips_allowed}
+#
+# NOTES:
+#
+# LICENSE:
+#   Shane Starcher <shane.starcher@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'sensu-plugins-aws'
+require 'aws-sdk'
+
+class CheckEipAllocation < Sensu::Plugin::Check::CLI
+  include Common
+  option :eips_allowed,
+         short:       '-e EIPS_ALLOWED',
+         long:        '--eips_allowed eip1,eip2',
+         required: 	  true,
+         description: 'List of EIPs that are allowed to exist.  Comma seperated.'
+
+  option :aws_region,
+         short:       '-r R',
+         long:        '--region REGION',
+         description: 'AWS region',
+         default: 'us-east-1'
+
+  def run
+    errors = []
+    ec2 = Aws::EC2::Client.new
+
+    eips = ec2.describe_addresses
+    eips[:addresses].each do |eip|
+      unless config[:eips_allowed].include? eip.public_ip
+        errors << eip.public_ip
+      end
+    end
+
+    if errors.empty?
+      ok
+    else
+      warning errors.join("\n")
+    end
+  end
+end

data/bin/check-elasticache-failover.rb

@@ -0,0 +1,113 @@
+#! /usr/bin/env ruby
+#
+#   check-elasticache-failover.rb
+#
+# DESCRIPTION:
+#   Checks if specified ElastiCache node is `primary` state.
+#
+# OUTPUT:
+#   CheckElastiCacheFailover OK: Node `mynode-001` (in replication group `my-group-1`, node group `0001`) is `primary`.
+#   or
+#   CheckElastiCacheFailover CRITICAL: Node `mynode-001` (in replication group `my-group-1`, node group `0001`) is **not** `primary`.
+#
+# PLATFORMS:
+#   Linux, Windows, BSD, Solaris, etc
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: aws-sdk >= 2
+#
+# USAGE:
+#   check-elasticache-failover.rb --region <your region> --replication-group <yours> --node-group <yours> --primary-node <yours>
+#
+# NOTES:
+#
+# LICENSE:
+#   y13i <email@y13i.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+require 'sensu-plugins-aws/common'
+
+class CheckElastiCacheFailover < Sensu::Plugin::Check::CLI
+  VERSION = '0.0.1'.freeze
+
+  option :profile,
+         description: 'Profile name of AWS shared credential file entry.',
+         long:        '--profile PROFILE',
+         short:       '-p PROFILE'
+
+  option :aws_region,
+         description: 'AWS region.',
+         short:       '-r REGION',
+         long:        '--region REGION'
+
+  option :severity,
+         description: 'Critical or Warning.',
+         short:       '-s SEVERITY',
+         long:        '--severity SEVERITY',
+         proc:        :intern.to_proc,
+         default:     :critical
+
+  option :replication_group,
+         description: 'Replication group to check.',
+         long:        '--replication-group ID',
+         short:       '-g ID'
+
+  option :node_group,
+         description: 'Node group to check.',
+         long:        '--node-group ID',
+         short:       '-n ID'
+
+  option :primary_node,
+         description: 'Cluster name that should be primary.',
+         long:        '--primary-node NAME',
+         short:       '-c NAME'
+
+  include Common
+
+  def run
+    replication_group = elasticache.client.describe_replication_groups.replication_groups.find do |g|
+      g.replication_group_id == config[:replication_group]
+    end
+
+    unknown 'Replication group not found.' if replication_group.nil?
+
+    node_group = replication_group.node_groups.find do |g|
+      g.node_group_id == config[:node_group]
+    end
+
+    unknown 'Node group not found.' if node_group.nil?
+
+    node = node_group.node_group_members.find do |n|
+      n.cache_cluster_id == config[:primary_node]
+    end
+
+    unknown 'Node not found.' if node.nil?
+
+    message = "Node `#{config[:primary_node]}` (in replication group `#{config[:replication_group]}`, node group `#{config[:node_group]}`) is "
+
+    if node.current_role == 'primary'
+      message += '`primary`.'
+      ok message
+    else
+      message += '**not** `primary`.'
+      send config[:severity], message
+    end
+  end
+
+  private
+
+  def elasticache
+    return @elasticache if @elasticache
+
+    c = {}
+    c.update aws_config
+    c.update(profile: config[:profile]) if config[:profile]
+
+    @elasticache = Aws::ElastiCache::Resource.new(c)
+  end
+end