sensu-plugins-consul-magec 2.2.1

data/bin/check-consul-leader.rb

@@ -0,0 +1,129 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+#   check-consul-leader
+#
+# DESCRIPTION:
+#   This plugin checks if consul is up and reachable. It then checks
+#   the status/leader and ensures there is a current leader.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: rest-client
+#
+# USAGE:
+#   #YELLOW
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2015 Sonian, Inc. and contributors. <support@sensuapp.org>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'rest-client'
+require 'resolv'
+
+#
+# Consul Status
+#
+class ConsulStatus < Sensu::Plugin::Check::CLI
+  option :server,
+         description: 'consul server',
+         short: '-s SERVER',
+         long: '--server SERVER',
+         default: '127.0.0.1'
+
+  option :port,
+         description: 'consul http port',
+         short: '-p PORT',
+         long: '--port PORT',
+         default: '8500'
+
+  option :scheme,
+         description: 'consul listener scheme',
+         short: '-S SCHEME',
+         long: '--scheme SCHEME',
+         default: 'http'
+
+  option :insecure,
+         description: 'set this flag to disable SSL verification',
+         short: '-k',
+         long: '--insecure',
+         boolean: true,
+         default: false
+
+  option :capath,
+         description: 'absolute path to an alternative CA file',
+         short: '-c CAPATH',
+         long: '--capath CAPATH'
+
+  option :timeout,
+         description: 'connection will time out after this many seconds',
+         short: '-t TIMEOUT_IN_SECONDS',
+         long: '--timeout TIMEOUT_IN_SECONDS',
+         proc: proc { |t| t.to_i },
+         default: 5
+
+  option :token,
+         description: 'ACL token',
+         long: '--token ACL_TOKEN'
+
+  def valid_ip(ip)
+    case ip.to_s
+    when Resolv::IPv4::Regex
+      true
+    when Resolv::IPv6::Regex
+      true
+    else
+      false
+    end
+  end
+
+  def strip_ip(str)
+    ipv4_regex = '(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])'
+    ipv6_regex = '\[.*\]'
+    if str =~ /^.*#{ipv4_regex}.*$/ # rubocop:disable Style/GuardClause
+      return str.match(/#{ipv4_regex}/)
+    elsif str =~ /^.*#{ipv6_regex}.*$/
+      return str[/#{ipv6_regex}/][1..-2]
+    else
+      return str
+    end
+  end
+
+  def run
+    options = { timeout: config[:timeout],
+                verify_ssl: (OpenSSL::SSL::VERIFY_NONE if defined? config[:insecure]),
+                ssl_ca_file: (config[:capath] if defined? config[:capath]),
+                headers: { 'X-Consul-Token' => config[:token] } }
+    url = "#{config[:scheme]}://#{config[:server]}:#{config[:port]}/v1/status/leader"
+
+    r = RestClient::Resource.new(url, options).get
+
+    if r.code == 200
+      if valid_ip(strip_ip(r.body))
+        ok 'Consul is UP and has a leader'
+      else
+        critical 'Consul is UP, but it has NO leader'
+      end
+    else
+      critical 'Consul is not responding'
+    end
+  rescue Errno::ECONNREFUSED
+    critical 'Consul is not responding'
+  rescue RestClient::RequestTimeout
+    critical 'Consul Connection timed out'
+  rescue RestClient::Exception => e
+    unknown "Consul returned: #{e}"
+  end
+end

data/bin/check-consul-maintenance.rb

@@ -0,0 +1,98 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+#   check-consul-maintenance
+#
+# DESCRIPTION:
+#   This plugin checks if maintenance mode is enabled
+#   for the node in Consul
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: diplomat
+#
+# USAGE:
+#   ./check-consul-maintenance -n localhost
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2016 Oleksandr Kushchenko <gearok@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'diplomat'
+
+#
+# Maintenance Status
+#
+class MaintenanceStatus < Sensu::Plugin::Check::CLI
+  option :consul,
+         description: 'consul server',
+         long: '--consul SERVER',
+         default: 'http://localhost:8500'
+
+  option :node,
+         description: 'consul node name',
+         short: '-n NODE',
+         long: '--node NODE',
+         default: 'localhost'
+
+  option :token,
+         description: 'ACL token',
+         long: '--token ACL_TOKEN'
+
+  # Get the maintenance data for the node from consul
+  #
+  def acquire_maintenance_data
+    result = Diplomat::Health.node(config[:node]).select do |check|
+      check['CheckID'] == '_node_maintenance'
+    end
+    if !result.empty?
+      { enabled: true, reason: result.first['Notes'] }
+    else
+      { enabled: false, reason: nil }
+    end
+  rescue Faraday::ConnectionFailed => e
+    warning "Connection error occurred: #{e}"
+  rescue Faraday::ClientError => e
+    if e.response[:status] == 403
+      critical %(ACL token is not authorized to access resource: #{e.response[:body]})
+    else
+      unknown "Exception occurred when checking consul service: #{e}"
+    end
+  rescue StandardError => e
+    unknown "Exception occurred when checking consul node maintenance: #{e}"
+  end
+
+  # Main function
+  #
+  def run
+    Diplomat.configure do |dc|
+      dc.url = config[:consul]
+      dc.acl_token = config[:token]
+      dc.options = {
+        headers: {
+          'X-Consul-Token' => config[:token]
+        }
+      }
+    end
+
+    data = acquire_maintenance_data
+
+    if data[:enabled]
+      critical "Maintenance enabled for node #{config[:node]}: #{data[:reason]}"
+    else
+      ok "Maintenance disabled for node #{config[:node]}"
+    end
+  end
+end

data/bin/check-consul-members.rb

@@ -0,0 +1,136 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+#   check-consul-members
+#
+# DESCRIPTION:
+#   This plugin checks if consul is up and reachable. It then checks
+#   the status of the members of the cluster to determine if the correct
+#   number of peers are reporting as 'alive'
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: rest-client
+#   gem: json
+#
+# USAGE:
+#   Check to make sure the min number of peers needed is present in the cluster
+#   ./check-consul-members -s 127.0.0.1 -p 8500 -g 5 -e 8
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2015 Sonian, Inc. and contributors. <support@sensuapp.org>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'rest-client'
+require 'json'
+
+#
+# Consul Status
+#
+class ConsulStatus < Sensu::Plugin::Check::CLI
+  option :server,
+         description: 'consul server',
+         short: '-s SERVER',
+         long: '--server SERVER',
+         default: '127.0.0.1'
+
+  option :port,
+         description: 'consul http port',
+         short: '-p PORT',
+         long: '--port PORT',
+         default: '8500'
+
+  option :min,
+         description: 'minimum number of peers',
+         short: '-g GREATER THAN',
+         long: '--greater GREATER THAN',
+         default: 3
+
+  option :expected,
+         description: 'expected number of peers',
+         short: '-e EXPECT',
+         long: '--expect EXPECT',
+         default: 5
+
+  option :wan,
+         description: 'whether to check the wan members',
+         short: '-w',
+         long: '--wan',
+         boolean: false
+
+  option :scheme,
+         description: 'consul listener scheme',
+         short: '-S SCHEME',
+         long: '--scheme SCHEME',
+         default: 'http'
+
+  option :insecure,
+         description: 'if set, disables SSL verification',
+         short: '-k',
+         long: '--insecure',
+         boolean: true,
+         default: false
+
+  option :capath,
+         description: 'absolute path to an alternate CA file',
+         short: '-c CAPATH',
+         long: '--capath CAPATH'
+
+  option :timeout,
+         description: 'connection will time out after this many seconds',
+         short: '-t TIMEOUT_IN_SECONDS',
+         long: '--timeout TIMEOUT_IN_SECONDS',
+         default: 5
+
+  option :token,
+         description: 'ACL token',
+         long: '--token ACL_TOKEN'
+
+  def run
+    url = "#{config[:scheme]}://#{config[:server]}:#{config[:port]}/v1/agent/members"
+    options = { timeout: config[:timeout],
+                verify_ssl: (OpenSSL::SSL::VERIFY_NONE if defined? config[:insecure]),
+                ssl_ca_file: (config[:capath] if defined? config[:capath]),
+                headers: { 'X-Consul-Token' => config[:token] } }
+
+    if config[:wan]
+      url += '?wan=1'
+    end
+
+    json = RestClient::Resource.new(url, options).get
+    peers = 0
+    members = JSON.parse(json)
+    members.each do |member|
+      # only count the member if its status is alive
+      if member.key?('Tags') && member['Tags']['role'] == 'consul' && member['Status'] == 1
+        peers += 1
+      end
+    end
+
+    if peers < config[:min].to_i
+      critical "[#{peers}] peers is below critical threshold of [#{config[:min]}]"
+    elsif peers != config[:expected].to_i
+      warning "[#{peers}] peers is outside of expected count of [#{config[:expected]}]"
+    else
+      ok 'Peers within threshold'
+    end
+  rescue Errno::ECONNREFUSED
+    critical 'Consul is not responding'
+  rescue RestClient::RequestTimeout
+    critical 'Consul Connection timed out'
+  rescue RestClient::Exception => e
+    unknown "Consul returned: #{e}"
+  end
+end

data/bin/check-consul-quorum.rb

@@ -0,0 +1,91 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: false
+
+#
+#   check-consul-quorum
+#
+# DESCRIPTION:
+#   This plugin checks how many nodes the cluster will be able to lose while
+#   still maintaining quorum.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: rest-client
+#
+# USAGE:
+#   Connect to localhost, go critical when the cluster is at its minimum for
+#   quorum:
+#     ./check-consul-quorum
+#
+#   Connect to a remote Consul server over HTTPS:
+#     ./check-consul-quorum -s 192.168.42.42 -p 4443 -P https
+#
+#   Go critical when the cluster can lose one more server and keep quorum:
+#     ./check-consul-quorum -W 2 -C 1
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2018, Jonathan Hartman <j@hartman.io>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugins-consul/check/base'
+
+#
+# Consul quorum status
+#
+class ConsulQuorumStatus < SensuPluginsConsul::Check::Base
+  option :warning,
+         description: 'Warn when the cluster has this many spare servers ' \
+                      'beyond the minimum for quorum',
+         short: '-W NUMBER_OF_SPARE_SERVERS',
+         long: '--warning NUMBER_OF_SPARE_SERVERS',
+         proc: proc(&:to_i),
+         default: 1
+
+  option :critical,
+         description: 'Go critical when the cluster has this many spare ' \
+                      'servers beyond the minimum for quorum',
+         short: '-C NUMBER_OF_SPARE_SERVERS',
+         long: '--critical NUMBER_OF_SPARE_SERVERS',
+         proc: proc(&:to_i),
+         default: 0
+
+  def run
+    raft = consul_get('operator/raft/configuration')
+    members = consul_get('agent/members')
+
+    total = raft['Servers'].select { |s| s['Voter'] == true }.length
+    required = total / 2 + 1
+    alive = members.select do |m|
+      m.key?('Tags') && m['Tags']['role'] == 'consul' && m['Status'] == 1
+    end.length
+
+    spares = alive - required
+
+    msg = "Cluster has #{alive}/#{total} servers alive and"
+    msg = if spares < 0
+            "#{msg} has lost quorum"
+          elsif spares.zero?
+            "#{msg} has the minimum required for quorum"
+          else
+            "#{msg} can lose #{spares} more without losing quorum"
+          end
+
+    if spares < 0 || spares <= config[:critical]
+      critical msg
+    elsif spares <= config[:warning]
+      warning msg
+    else
+      ok msg
+    end
+  end
+end