sensu-plugins-aws 0.0.1.alpha.2

data/bin/check-elb-latency.rb

@@ -0,0 +1,175 @@
+#! /usr/bin/env ruby
+#
+# check-elb-latency
+#
+#
+# DESCRIPTION:
+#   This plugin checks the health of an Amazon Elastic Load Balancer.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   Warning if any load balancer's latency is over 1 second, critical if over 3 seconds.
+#   check-elb-latency --warning-over 1 --critical-over 3
+#
+#   Critical if "app" load balancer's latency is over 5 seconds, maximum of last one hour
+#   check-elb-latency --elb-names app --critical-over 5 --statistics maximum --period 3600
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2014 github.com/y13i
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckELBLatency < Sensu::Plugin::Check::CLI
+  option :access_key_id,
+         short:       '-k N',
+         long:        '--access-key-id ID',
+         description: 'AWS access key ID'
+
+  option :secret_access_key,
+         short:       '-s N',
+         long:        '--secret-access-key KEY',
+         description: 'AWS secret access key'
+
+  option :region,
+         short:       '-r R',
+         long:        '--region REGION',
+         description: 'AWS region'
+
+  option :elb_names,
+         short:       '-l N',
+         long:        '--elb-names NAMES',
+         proc:        proc { |a| a.split(/[,;]\s*/) },
+         description: 'Load balancer names to check. Separated by , or ;. If not specified, check all load balancers'
+
+  option :end_time,
+         short:       '-t T',
+         long:        '--end-time TIME',
+         default:     Time.now,
+         proc:        proc { |a| Time.parse a },
+         description: 'CloudWatch metric statistics end time'
+
+  option :period,
+         short:       '-p N',
+         long:        '--period SECONDS',
+         default:     60,
+         proc:        proc(&:to_i),
+         description: 'CloudWatch metric statistics period'
+
+  option :statistics,
+         short:       '-S N',
+         long:        '--statistics NAME',
+         default:     :average,
+         proc:        proc { |a| a.downcase.intern },
+         description: 'CloudWatch statistics method'
+
+  %w(warning critical).each do |severity|
+    option :"#{severity}_over",
+           long:        "--#{severity}-over SECONDS",
+           proc:        proc(&:to_f),
+           description: "Trigger a #{severity} if latancy is over specified seconds"
+  end
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:access_key_id], secret_access_key: config[:secret_access_key] if config[:access_key_id] && config[:secret_access_key]
+    hash.update region: config[:region] if config[:region]
+    hash
+  end
+
+  def elb
+    @elb ||= AWS::ELB.new aws_config
+  end
+
+  def cloud_watch
+    @cloud_watch ||= AWS::CloudWatch.new aws_config
+  end
+
+  def elbs
+    return @elbs if @elbs
+    @elbs = elb.load_balancers.to_a
+    @elbs.select! { |elb| config[:elb_names].include? elb.name } if config[:elb_names]
+    @elbs
+  end
+
+  def latency_metric(elb_name)
+    cloud_watch.metrics.with_namespace('AWS/ELB').with_metric_name('Latency').with_dimensions(name: 'LoadBalancerName', value: elb_name).first
+  end
+
+  def statistics_options
+    {
+      start_time: config[:end_time] - config[:period],
+      end_time:   config[:end_time],
+      statistics: [config[:statistics].to_s.capitalize],
+      period:     config[:period]
+    }
+  end
+
+  def latest_value(metric)
+    metric.statistics(statistics_options.merge unit: 'Seconds').datapoints.sort_by { |datapoint| datapoint[:timestamp] }.last[config[:statistics]]
+  end
+
+  def flag_alert(severity, message)
+    @severities[severity] = true
+    @message += message
+  end
+
+  def check_latency(elb)
+    metric        = latency_metric elb.name
+    metric_value  = begin
+                      latest_value metric
+                    rescue
+                      0
+                    end
+
+    @severities.keys.each do |severity|
+      threshold = config[:"#{severity}_over"]
+      next unless threshold
+      next if metric_value < threshold
+      flag_alert severity,
+                 "; #{elbs.size == 1 ? nil : "#{elb.inspect}'s"} Latency is #{sprintf '%.3f', metric_value} seconds. (expected lower than #{sprintf '%.3f', threshold})" # rubocop:disable LineLength
+      break
+    end
+  end
+
+  def run
+    @message  = if elbs.size == 1
+                  elbs.first.inspect
+                else
+                  "#{elbs.size} load balancers total"
+                end
+
+    @severities = {
+      critical: false,
+      warning:  false
+    }
+
+    elbs.each { |elb| check_latency elb }
+
+    @message += "; (#{config[:statistics].to_s.capitalize} within #{config[:period]} seconds "
+    @message += "between #{config[:end_time] - config[:period]} to #{config[:end_time]})"
+
+    if @severities[:critical]
+      critical @message
+    elsif @severities[:warning]
+      warning @message
+    else
+      ok @message
+    end
+  end
+end

data/bin/check-elb-nodes.rb

@@ -0,0 +1,145 @@
+#! /usr/bin/env ruby
+#
+# check-elb-nodes
+#
+# DESCRIPTION:
+#   This plugin checks an AWS Elastic Load Balancer to ensure a minimum number
+#   or percentage of nodes are InService on the ELB
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   Warning if any load balancer's latency is over 1 second, critical if over 3 seconds.
+#   check-elb-latency --warning-over 1 --critical-over 3
+#
+#   Critical if "app" load balancer's latency is over 5 seconds, maximum of last one hour
+#   check-elb-latency --elb-names app --critical-over 5 --statistics maximum --period 3600
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2013, Justin Lambert <jlambert@letsevenup.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckELBNodes < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option"
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option"
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (such as eu-west-1).',
+         default: 'us-east-1'
+
+  option :load_balancer,
+         short: '-n ELB_NAME',
+         long: '--name ELB_NAME',
+         description: 'The name of the ELB',
+         required: true
+
+  option :warn_under,
+         short: '-w WARN_NUM',
+         long: '--warn WARN_NUM',
+         description: 'Minimum number of nodes InService on the ELB to be considered a warning',
+         default: -1,
+         proc: proc(&:to_i)
+
+  option :crit_under,
+         short: '-c CRIT_NUM',
+         long: '--crit CRIT_NUM',
+         description: 'Minimum number of nodes InService on the ELB to be considered critical',
+         default: -1,
+         proc: proc(&:to_i)
+
+  option :warn_percent,
+         short: '-W WARN_PERCENT',
+         long: '--warn_perc WARN_PERCENT',
+         description: 'Warn when the percentage of InService nodes is at or below this number',
+         default: -1,
+         proc: proc(&:to_i)
+
+  option :crit_percent,
+         short: '-C CRIT_PERCENT',
+         long: '--crit_perc CRIT_PERCENT',
+         description: 'Minimum percentage of nodes needed to be InService',
+         default: -1,
+         proc: proc(&:to_i)
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:aws_access_key], secret_access_key: config[:aws_secret_access_key]\
+      if config[:aws_access_key] && config[:aws_secret_access_key]
+    hash.update region: config[:aws_region]
+    hash
+  end
+
+  def run
+    AWS.start_memoizing
+    elb = AWS::ELB.new aws_config
+
+    begin
+      instances = elb.load_balancers[config[:load_balancer]].instances.health
+    rescue AWS::ELB::Errors::LoadBalancerNotFound
+      unknown "A load balancer with the name '#{config[:load_balancer]}' was not found"
+    end
+
+    num_instances = instances.count.to_f
+    state = { 'OutOfService' => [], 'InService' => [], 'Unknown' => [] }
+    instances.each do |instance|
+      # Force a requery of state
+      AWS.stop_memoizing if instance[:state] == 'Unknown'
+      state[instance[:state]] << instance[:instance].id
+    end
+    AWS.stop_memoizing
+
+    message = "InService: #{state['InService'].count}"
+    if state['InService'].count > 0
+      message << " (#{state['InService'].join(', ')})"
+    end
+    message << "; OutOfService: #{state['OutOfService'].count}"
+    if state['OutOfService'].count > 0
+      message << " (#{state['OutOfService'].join(', ')})"
+    end
+    message << "; Unknown: #{state['Unknown'].count}"
+    if state['Unknown'].count > 0
+      message << " (#{state['Unknown'].join(', ')})"
+    end
+
+    if state['Unknown'].count == num_instances
+      unknown 'All nodes in unknown state'
+    elsif state['InService'].count == 0
+      critical message
+    elsif config[:crit_under] > 0 && config[:crit_under] >= state['InService'].count
+      critical message
+    elsif config[:crit_percent] > 0 && config[:crit_percent] >= (state['InService'].count / num_instances) * 100
+      critical message
+    elsif config[:warn_under] > 0 && config[:warn_under] >= state['InService'].count
+      warning message
+    elsif config[:warn_percent] > 0 && config[:warn_percent] >= (state['InService'].count / num_instances) * 100
+      warning message
+    else
+      ok message
+    end
+  end
+end

data/bin/check-elb-sum-requests.rb

@@ -0,0 +1,168 @@
+#! /usr/bin/env ruby
+#
+# chwck-elb-sum-requests
+#
+# DESCRIPTION:
+#   Check ELB Sum Requests by CloudWatch API.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   Warning if any load balancer's sum request count is over 1000, critical if over 2000.
+#   check-elb-sum-requests --warning-over 1000 --critical-over 2000
+#
+#   Critical if "app" load balancer's sum request count is over 10000, within last one hour
+#   check-elb-sum-requests --elb-names app --critical-over 10000 --period 3600
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2014 github.com/y13i
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckELBSumRequests < Sensu::Plugin::Check::CLI
+  option :access_key_id,
+         short:       '-k N',
+         long:        '--access-key-id ID',
+         description: 'AWS access key ID'
+
+  option :secret_access_key,
+         short:       '-s N',
+         long:        '--secret-access-key KEY',
+         description: 'AWS secret access key'
+
+  option :region,
+         short:       '-r R',
+         long:        '--region REGION',
+         description: 'AWS region'
+
+  option :elb_names,
+         short:       '-l N',
+         long:        '--elb-names NAMES',
+         proc:        proc { |a| a.split(/[,;]\s*/) },
+         description: 'Load balancer names to check. Separated by , or ;. If not specified, check all load balancers'
+
+  option :end_time,
+         short:       '-t T',
+         long:        '--end-time TIME',
+         default:     Time.now,
+         proc:        proc { |a| Time.parse a },
+         description: 'CloudWatch metric statistics end time'
+
+  option :period,
+         short:       '-p N',
+         long:        '--period SECONDS',
+         default:     60,
+         proc:        proc(&:to_i),
+         description: 'CloudWatch metric statistics period'
+
+  %w(warning critical).each do |severity|
+    option :"#{severity}_over",
+           long:        "--#{severity}-over COUNT",
+           proc:        proc(&:to_f),
+           description: "Trigger a #{severity} if sum requests is over specified count"
+  end
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:access_key_id], secret_access_key: config[:secret_access_key] if config[:access_key_id] && config[:secret_access_key]
+    hash.update region: config[:region] if config[:region]
+    hash
+  end
+
+  def elb
+    @elb ||= AWS::ELB.new aws_config
+  end
+
+  def cloud_watch
+    @cloud_watch ||= AWS::CloudWatch.new aws_config
+  end
+
+  def elbs
+    return @elbs if @elbs
+    @elbs = elb.load_balancers.to_a
+    @elbs.select! { |elb| config[:elb_names].include? elb.name } if config[:elb_names]
+    @elbs
+  end
+
+  def latency_metric(elb_name)
+    cloud_watch.metrics.with_namespace('AWS/ELB').with_metric_name('RequestCount').with_dimensions(name: 'LoadBalancerName', value: elb_name).first
+  end
+
+  def statistics_options
+    {
+      start_time: config[:end_time] - config[:period],
+      end_time:   config[:end_time],
+      statistics: ['Sum'],
+      period:     config[:period]
+    }
+  end
+
+  def latest_value(metric)
+    metric.statistics(statistics_options.merge unit: 'Count').datapoints.sort_by { |datapoint| datapoint[:timestamp] }.last[:sum]
+  end
+
+  def flag_alert(severity, message)
+    @severities[severity] = true
+    @message += message
+  end
+
+  def check_sum_requests(elb)
+    metric        = latency_metric elb.name
+    metric_value  = begin
+                      value = latest_value metric
+                      puts value
+                    rescue
+                      0
+                    end
+
+    @severities.keys.each do |severity|
+      threshold = config[:"#{severity}_over"]
+      next unless threshold
+      next if metric_value < threshold
+      flag_alert severity,
+                 "; #{elbs.size == 1 ? nil : "#{elb.inspect}'s"} Sum Requests is #{metric_value}. (expected lower than #{threshold})"
+      break
+    end
+  end
+
+  def run
+    @message  = if elbs.size == 1
+                  elbs.first.inspect
+                else
+                  "#{elbs.size} load balancers total"
+                end
+
+    @severities = {
+      critical: false,
+      warning:  false
+    }
+
+    elbs.each { |elb| check_sum_requests elb }
+
+    @message += "; (#{config[:statistics].to_s.capitalize} within #{config[:period]} seconds "
+    @message += "between #{config[:end_time] - config[:period]} to #{config[:end_time]})"
+
+    if @severities[:critical]
+      critical @message
+    elsif @severities[:warning]
+      warning @message
+    else
+      ok @message
+    end
+  end
+end

data/bin/check-instance-events.rb

@@ -0,0 +1,130 @@
+#! /usr/bin/env ruby
+#
+# check-instance-events
+#
+# DESCRIPTION:
+#   This plugin looks up all instances in an account and alerts if one or more have a scheduled
+#   event (reboot, retirement, etc)
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   #YELLOW
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2014, Tim Smith, tim@cozy.co
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckInstanceEvents < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option",
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :use_iam_role,
+         short: '-u',
+         long: '--use-iam',
+         description: 'Use IAM role authenticiation. Instance must have IAM role assigned for this to work'
+
+  option :include_name,
+         short: '-n',
+         long: '--include-name',
+         description: "Includes any offending instance's 'Name' tag in the check output",
+         default: false
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option",
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (such as eu-west-1).',
+         default: 'us-east-1'
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:aws_access_key], secret_access_key: config[:aws_secret_access_key]\
+      if config[:aws_access_key] && config[:aws_secret_access_key]
+    hash.update region: config[:aws_region]
+    hash
+  end
+
+  def run
+    event_instances = []
+    aws_config =   {}
+
+    if config[:use_iam_role].nil?
+      aws_config.merge!(
+      access_key_id: config[:aws_access_key],
+      secret_access_key: config[:aws_secret_access_key]
+      )
+    end
+
+    ec2 = AWS::EC2::Client.new(aws_config.merge!(region: config[:aws_region]))
+    begin
+      ec2.describe_instance_status[:instance_status_set].each do |i| # rubocop:disable Next
+
+        unless i[:events_set].empty?
+          # Exclude completed reboots since the events API appearently returns these even after they have been completed:
+          # Example:
+          #  "events_set": [
+          #     {
+          #         "code": "system-reboot",
+          #         "description": "[Completed] Scheduled reboot",
+          #         "not_before": "2015-01-05 12:00:00 UTC",
+          #         "not_after": "2015-01-05 18:00:00 UTC"
+          #     }
+          # ]
+          unless i[:events_set].select { |x| x[:code] == 'system-reboot' && x[:description] =~ /\[Completed\]/ }
+            event_instances << i[:instance_id]
+          end
+        end
+      end
+    rescue => e
+      unknown "An error occurred processing AWS EC2 API: #{e.message}"
+    end
+
+    if config[:include_name]
+      event_instances_with_names = []
+      event_instances.each do |id|
+        name = ''
+        begin
+          instance = ec2.describe_instances(instance_ids: [id])
+          # Harvests the 'Name' tag for the instance
+          name = instance[:reservation_index][id][:instances_set][0][:tag_set].select { |tag| tag[:key] == 'Name' }[0][:value]
+        rescue => e
+          puts "Issue getting instance details for #{id}.  Exception = #{e}"
+        end
+        # Pushes 'name(i-xxx)' if the Name tag was found, else it just pushes the id
+        event_instances_with_names << (name == '' ? id : "#{name}(#{id})")
+      end
+      event_instances = event_instances_with_names
+    end
+
+    if event_instances.count > 0
+      critical("#{event_instances.count} instances #{event_instances.count > 1 ? 'have' : 'has'} upcoming scheduled events: #{event_instances.join(',')}")
+    else
+      ok
+    end
+  end
+end

data/bin/check-rds-events.rb

@@ -0,0 +1,84 @@
+#! /usr/bin/env ruby
+#
+# check-rds-events
+#
+#
+# DESCRIPTION:
+#   This plugin checks rds clusters for critical events.
+#   Due to the number of events types on RDS clusters the check searches for
+#   events containing the text string 'has started' or 'is being'.  These events all have
+#   accompanying completiion events and are impacting events
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#  ./check-rds-events.rb -r ${you_region} -s ${your_aws_secret_access_key} -a ${your_aws_access_key}
+#
+# NOTES:
+#
+# LICENSE:
+#   Tim Smith <tim@cozy.co>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckRDSEvents < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option",
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option",
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (such as eu-west-1).',
+         default: 'us-east-1'
+
+  def run # rubocop:disable AbcSize
+    rds = AWS::RDS::Client.new(
+      access_key_id: config[:aws_access_key],
+      secret_access_key: config[:aws_secret_access_key],
+      region: config[:aws_region])
+
+    begin
+      # fetch all clusters identifiers
+      clusters = rds.describe_db_instances[:db_instances].map { |db| db[:db_instance_identifier] }
+      maint_clusters = []
+
+      # fetch the last 2 hours of events for each cluster
+      clusters.each do |cluster_name|
+        events_record = rds.describe_events(start_time: (Time.now - 7200).iso8601, source_type: 'db-instance', source_identifier: cluster_name)
+        next if events_record[:events].empty?
+
+        # if the last event is a start maint event then the cluster is still in maint
+        maint_clusters.push(cluster_name) if events_record[:events][-1][:message] =~ /has started|is being|off-line|shutdown/
+      end
+    rescue => e
+      unknown "An error occurred processing AWS RDS API: #{e.message}"
+    end
+
+    if maint_clusters.empty?
+      ok
+    else
+      critical("Clusters w/ critical events: #{maint_clusters.join(',')}")
+    end
+  end
+end