sensu-plugins-aws 0.0.1.alpha.2

data/bin/check-ec2-network.rb

@@ -0,0 +1,131 @@
+#! /usr/bin/env ruby
+#
+# check-ec2-network
+#
+# DESCRIPTION:
+#   Check EC2 Network Metrics by CloudWatch API.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} --warning-over 1000000 --critical-over 1500000
+#   ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkIn --warning-over 1000000 --critical-over 1500000
+#   ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkOut --warning-over 1000000 --critical-over 1500000
+#
+# NOTES:
+#
+# LICENSE:
+#   Yohei Kawahara <inokara@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckEc2Network < Sensu::Plugin::Check::CLI
+  option :access_key_id,
+         short:       '-k N',
+         long:        '--access-key-id ID',
+         description: 'AWS access key ID'
+
+  option :secret_access_key,
+         short:       '-s N',
+         long:        '--secret-access-key KEY',
+         description: 'AWS secret access key'
+
+  option :region,
+         short:       '-r R',
+         long:        '--region REGION',
+         description: 'AWS region'
+
+  option :instance_id,
+         short:       '-i instance-id',
+         long:        '--instance-id instance-ids',
+         description: 'EC2 Instance ID to check.'
+
+  option :end_time,
+         short:       '-t T',
+         long:        '--end-time TIME',
+         default:     Time.now,
+         description: 'CloudWatch metric statistics end time'
+
+  option :period,
+         short:       '-p N',
+         long:        '--period SECONDS',
+         default:     60,
+         description: 'CloudWatch metric statistics period'
+
+  option :direction,
+         short:       '-d NetworkIn or NetworkOut',
+         long:        '--direction NetworkIn or NetworkOut',
+         default:     'NetworkIn',
+         description: 'Select NetworkIn or NetworkOut'
+
+  %w(warning critical).each do |severity|
+    option :"#{severity}_over",
+           long:        "--#{severity}-over COUNT",
+           description: "Trigger a #{severity} if network traffice is over specified Bytes"
+  end
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:access_key_id], secret_access_key: config[:secret_access_key] if config[:access_key_id] && config[:secret_access_key]
+    hash.update region: config[:region] if config[:region]
+    hash
+  end
+
+  def ec2
+    @ec2 ||= AWS::EC2.new aws_config
+  end
+
+  def cloud_watch
+    @cloud_watch ||= AWS::CloudWatch.new aws_config
+  end
+
+  def network_metric(instance)
+    cloud_watch.metrics.with_namespace('AWS/EC2').with_metric_name("#{config[:direction]}").with_dimensions(name: 'InstanceId', value: instance).first
+  end
+
+  def statistics_options
+    {
+      start_time: config[:end_time] - 300,
+      end_time:   config[:end_time],
+      statistics: ['Average'],
+      period:     config[:period]
+    }
+  end
+
+  def latest_value(metric)
+    value = metric.statistics(statistics_options.merge unit: 'Bytes')
+    # #YELLOW
+    unless value.datapoints[0].nil? # rubocop:disable IfUnlessModifier, GuardClause
+      value.datapoints[0][:average].to_f
+    end
+  end
+
+  def check_metric(instance)
+    metric = network_metric instance
+    latest_value metric
+  end
+
+  def run
+    metric_value = check_metric config[:instance_id]
+    if !metric_value.nil? && metric_value > config[:critical_over].to_f
+      critical "#{config[:direction]} at #{metric_value} Bytes"
+    elsif !metric_value.nil? && metric_value > config[:warning_over].to_f
+      warning "#{config[:direction]} at #{metric_value} Bytes"
+    else
+      ok "#{config[:direction]} at #{metric_value} Bytes"
+    end
+  end
+end

data/bin/check-elb-certs.rb

@@ -0,0 +1,149 @@
+#! /usr/bin/env ruby
+#
+# check-elb-certs
+#
+# DESCRIPTION:
+#   This plugin looks up all ELBs in the organization and checks https
+#   endpoints for expiring certificates
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#   gem: openssl
+#   gem: net/http
+#
+# USAGE:
+#  ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} --warning-over 1000000 --critical-over 1500000
+#  ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkIn --warning-over 1000000 --critical-over 1500000
+#  ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkOut --warning-over 1000000 --critical-over 1500000
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2013, Peter Burkholder, pburkholder@pobox.com
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+require 'net/http'
+require 'openssl'
+
+class CheckELBCerts < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option",
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option",
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (such as eu-west-1).',
+         default: 'us-east-1'
+
+  option :warn_under,
+         short: '-w WARN_NUM',
+         long: '--warn WARN_NUM',
+         description: 'Warn on minimum number of days to SSL/TLS certificate expiration',
+         default: 30,
+         proc: proc(&:to_i)
+
+  option :crit_under,
+         short: '-c CRIT_NUM',
+         long: '--crit CRIT_NUM',
+         description: 'Minimum number of days to SSL/TLS certificate expiration',
+         default: 5,
+         proc: proc(&:to_i)
+
+  option :verbose,
+         short: '-v',
+         long: '--verbose',
+         description: 'Provide SSL/TLS certificate expiration details even when OK',
+         default: false
+
+  def cert_message(count, descriptor, limit)
+    message = (count == 1 ? '1 ELB cert is ' : "#{count} ELB certs are ")
+    message += "#{descriptor} #{limit} day"
+    message += (limit == 1 ? '' : 's') # rubocop:disable UselessAssignment
+  end
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:aws_access_key], secret_access_key: config[:aws_secret_access_key]\
+      if config[:aws_access_key] && config[:aws_secret_access_key]
+    hash.update region: config[:aws_region]
+    hash
+  end
+
+  def run
+    ok_message = []
+    warning_message = []
+    critical_message = []
+
+    AWS.start_memoizing
+
+    elb = AWS::ELB.new aws_config
+
+    begin
+      elb.load_balancers.each do |lb|
+        lb.listeners.each do |listener| # rubocop:disable Style/Next
+          if listener.protocol.to_s == 'https'
+            url = URI.parse("https://#{lb.dns_name}:#{listener.port}")
+            http = Net::HTTP.new(url.host, url.port)
+            http.use_ssl = true
+            http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+            cert = ''
+
+            begin
+              http.start { cert = http.peer_cert }
+            rescue => e
+              critical "An issue occurred attempting to get cert: #{e.message}"
+            end
+
+            cert_days_remaining = ((cert.not_after - Time.now) / 86_400).to_i
+            message = sprintf '%s(%d)', lb.name, cert_days_remaining
+
+            if config[:crit_under] > 0 && config[:crit_under] >= cert_days_remaining
+              critical_message << message
+            elsif config[:warn_under] > 0 && config[:warn_under] >= cert_days_remaining
+              warning_message << message
+            else
+              ok_message << message
+            end
+          end
+        end
+      end
+    rescue => e
+      unknown "An error occurred processing AWS ELB API: #{e.message}"
+    end
+
+    if critical_message.length > 0
+      message = cert_message(critical_message.length, 'expiring within', config[:crit_under])
+      message += ': ' + critical_message.sort.join(' ')
+      critical message
+    elsif warning_message.length > 0
+      message = cert_message(warning_message.length, 'expiring within', config[:warn_under])
+      message += ': ' + warning_message.sort.join(' ')
+      warning message
+    else
+      message = cert_message(ok_message.length, 'valid for at least', config[:warn_under])
+      message += ': ' + ok_message.sort.join(' ') if config[:verbose]
+      ok message
+    end
+  end
+end

data/bin/check-elb-health-fog.rb

@@ -0,0 +1,121 @@
+#! /usr/bin/env ruby
+#
+# check-elb-health-fog
+#
+#
+# DESCRIPTION:
+#   This plugin checks the health of an Amazon Elastic Load Balancer.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: fog
+#   gem: sensu-plugin
+#   gem: uri
+#
+# USAGE:
+#  ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} --warning-over 1000000 --critical-over 1500000
+#  ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkIn --warning-over 1000000 --critical-over 1500000
+#  ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkOut --warning-over 1000000 --critical-over 1500000
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2014, Panagiotis Papadomitsos <pj@ezgr.net>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'net/http'
+require 'uri'
+require 'fog/aws'
+
+class ELBHealth < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option",
+         required: true,
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option",
+         required: true,
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (such as eu-west-1). If you do not specify a region, it will be detected by the server the script is run on'
+
+  option :elb_name,
+         short: '-n ELB_NAME',
+         long: '--elb-name ELB_NAME',
+         description: 'The Elastic Load Balancer name of which you want to check the health',
+         required: true
+
+  option :instances,
+         short: '-i INSTANCES',
+         long: '--instances INSTANCES',
+         description: 'Comma separated list of specific instances IDs inside the ELB of which you want to check the health'
+
+  option :verbose,
+         short: '-v',
+         long: '--verbose',
+         description: 'Enable a little bit more verbose reports about instance health',
+         boolean: true,
+         default: false
+
+  def query_instance_region
+    instance_az = nil
+    Timeout.timeout(3) do
+      instance_az = Net::HTTP.get(URI('http://169.254.169.254/latest/meta-data/placement/availability-zone/'))
+    end
+    instance_az[0...-1]
+  rescue
+    raise "Cannot obtain this instance's Availability Zone. Maybe not running on AWS?"
+  end
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:access_key_id], secret_access_key: config[:secret_access_key] if config[:access_key_id] && config[:secret_access_key]
+    hash.update region: config[:region]
+    hash
+  end
+
+  def run
+    aws_region = (config[:aws_region].nil? || config[:aws_region].empty?) ? query_instance_region : config[:aws_region]
+    begin
+      elb = Fog::AWS::ELB.new aws_config
+      if config[:instances]
+        instances = config[:instances].split(',')
+        health = elb.describe_instance_health(config[:elb_name], instances)
+      else
+        health = elb.describe_instance_health(config[:elb_name])
+      end
+      unhealthy_instances = {}
+      health.body['DescribeInstanceHealthResult']['InstanceStates'].each do |instance|
+        unhealthy_instances[instance['InstanceId']] = instance['State'] unless instance['State'].eql?('InService')
+      end
+      if unhealthy_instances.empty?
+        ok "All instances on ELB #{aws_region}::#{config[:elb_name]} healthy!"
+      else
+        if config[:verbose]
+          critical "Unhealthy instances detected: #{unhealthy_instances.map { |id, state| '[' + id + '::' + state + ']' }.join(' ') }"
+        else
+          critical "Detected [#{unhealthy_instances.size}] unhealthy instances"
+        end
+      end
+    rescue => e
+      warning "An issue occured while communicating with the AWS EC2 API: #{e.message}"
+    end
+  end
+end

data/bin/check-elb-health-sdk.rb

@@ -0,0 +1,124 @@
+#!/usr/bin/env ruby
+#
+# check-elb-health-sdk
+# Last Update: 1/22/2015 by bkett
+# ===
+#
+# DESCRIPTION:
+#   This plugin checks the health of an Amazon Elastic Load Balancer or all ELBs in a given region.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: uri
+#   gem: net/http
+#   gem: sensu-plugin
+#
+# Copyright (c) 2015, Benjamin Kett <bkett@umn.edu>
+#
+# Released under the same terms as Sensu (the MIT license); see LICENSE
+# for details.
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'net/http'
+require 'uri'
+require 'aws-sdk'
+
+class ELBHealth < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option",
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option",
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (such as eu-west-1).',
+         default: 'us-east-1'
+
+  option :elb_name,
+         short: '-n ELB_NAME',
+         long: '--elb-name ELB_NAME',
+         description: 'The Elastic Load Balancer name of which you want to check the health'
+
+  option :instances,
+         short: '-i INSTANCES',
+         long: '--instances INSTANCES',
+         description: 'Comma separated list of specific instances IDs inside the ELB of which you want to check the health'
+
+  option :verbose,
+         short: '-v',
+         long: '--verbose',
+         description: 'Enable a little bit more verbose reports about instance health',
+         boolean: true,
+         default: false
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:access_key_id], secret_access_key: config[:secret_access_key] if config[:access_key_id] && config[:secret_access_key]
+    hash.update region: config[:aws_region]
+    hash
+  end
+
+  def elb
+    @elb ||= AWS::ELB.new aws_config
+  end
+
+  def elbs
+    return @elbs if @elbs
+    @elbs = elb.load_balancers.to_a
+    @elbs.select! { |elb| config[:elb_name].include? elb.name } if config[:elb_name]
+    @elbs
+  end
+
+  def check_health(elb)
+    unhealthy_instances = {}
+    if config[:instances]
+      instance_health_hash = elb.instances.health(config[:instances])
+    else
+      instance_health_hash = elb.instances.health
+    end
+    instance_health_hash.each do |instance_health|
+      if instance_health[:state] != 'InService'
+        unhealthy_instances[instance_health[:instance].id] = instance_health[:state]
+      end
+    end
+    if unhealthy_instances.empty?
+      'OK'
+    else
+      unhealthy_instances
+    end
+  end
+
+  def run
+    @message = (elbs.size > 1 ? config[:aws_region] + ': ' : '')
+    critical = false
+    elbs.each do |elb|
+      result = check_health elb
+      if result != 'OK'
+        @message += "#{elb.name} unhealthy => #{result.map { |id, state| '[' + id + '::' + state + ']' }.join(' ')}. "
+        critical = true
+      else
+        @message += "#{elb.name} => healthy. "
+      end
+    end
+    if critical
+      critical @message
+    else
+      ok @message
+    end
+  end
+end

data/bin/check-elb-health.rb

@@ -0,0 +1,122 @@
+#! /usr/bin/env ruby
+#
+# check-elb-health
+#
+# DESCRIPTION:
+#   This plugin checks the health of an Amazon Elastic Load Balancer.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: right-aws
+#   gem: uri
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} --warning-over 1000000 --critical-over 1500000
+#   ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkIn --warning-over 1000000 --critical-over 1500000
+#   ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkOut --warning-over 1000000 --critical-over 1500000
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2012, Panagiotis Papadomitsos <pj@ezgr.net>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'net/http'
+require 'uri'
+require 'right_aws'
+
+class ELBHealth < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option",
+         required: true,
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option",
+         required: true,
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (such as eu-west-1). If you do not specify a region, it will be detected by the server the script is run on'
+
+  option :elb_name,
+         short: '-n ELB_NAME',
+         long: '--elb-name ELB_NAME',
+         description: 'The Elastic Load Balancer name of which you want to check the health',
+         required: true
+
+  option :instances,
+         short: '-i INSTANCES',
+         long: '--instances INSTANCES',
+         description: 'Comma separated list of specific instances IDs inside the ELB of which you want to check the health'
+
+  option :verbose,
+         short: '-v',
+         long: '--verbose',
+         description: 'Enable a little bit more verbose reports about instance health',
+         boolean: true,
+         default: false
+
+  def query_instance_region
+    instance_az = nil
+    Timeout.timeout(3) do
+      instance_az = Net::HTTP.get(URI('http://169.254.169.254/latest/meta-data/placement/availability-zone/'))
+    end
+    instance_az[0...-1]
+  rescue
+    raise "Cannot obtain this instance's Availability Zone. Maybe not running on AWS?"
+  end
+
+  def run
+    begin
+      aws_region = (config[:aws_region].nil? || config[:aws_region].empty?) ? query_instance_region : config[:aws_region]
+      elb = RightAws::ElbInterface.new(config[:aws_access_key], config[:aws_secret_access_key],
+                                       logger: Logger.new('/dev/null'),
+                                       cache: false,
+                                       server: "elasticloadbalancing.#{aws_region}.amazonaws.com")
+      if config[:instances]
+        instances = config[:instances].split(',')
+        health = elb.describe_instance_health(config[:elb_name], instances)
+      else
+        health = elb.describe_instance_health(config[:elb_name])
+      end
+    rescue => e
+      critical "An issue occured while communicating with the AWS EC2 API: #{e.message}"
+    end
+    # #YELLOW
+    unless health.empty? # rubocop:disable UnlessElse
+      unhealthy_instances = {}
+      health.each do |instance|
+        unhealthy_instances[instance[:instance_id]] = instance[:state] unless instance[:state].eql?('InService')
+      end
+      # #YELLOW
+      unless unhealthy_instances.empty? # rubocop:disable UnlessElse
+        if config[:verbose]
+          critical "Unhealthy instances detected: #{unhealthy_instances.map { |id, state| '[' + id + '::' + state + ']' }.join(' ')}"
+        else
+          critical "Detected [#{unhealthy_instances.size}] unhealthy instances"
+        end
+      else
+        ok "All instances on ELB #{aws_region}::#{config[:elb_name]} healthy!"
+      end
+    else
+      critical 'Failed to retrieve ELB instance health data'
+    end
+  end
+end