sensu-plugins-consul-magec 2.2.1

data/bin/check-consul-servers.rb

@@ -0,0 +1,118 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+#   check-consul-servers
+#
+# DESCRIPTION:
+#   This plugin checks if consul is up and reachable. It then checks
+#   the number of peers matches the excepted value
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: diplomat
+#
+# USAGE:
+#   #YELLOW
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2015 Sonian, Inc. and contributors. <support@sensuapp.org>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'rest-client'
+require 'json'
+
+#
+# Consul Status
+#
+class ConsulStatus < Sensu::Plugin::Check::CLI
+  option :server,
+         description: 'consul server',
+         short: '-s SERVER',
+         long: '--server SERVER',
+         default: '127.0.0.1'
+
+  option :port,
+         description: 'consul http port',
+         short: '-p PORT',
+         long: '--port PORT',
+         default: '8500'
+
+  option :min,
+         description: 'minimum number of peers',
+         short: '-g GREATER THAN',
+         long: '--greater GREATER THAN',
+         proc: proc(&:to_i),
+         default: 3
+
+  option :expected,
+         description: 'expected number of peers',
+         short: '-e EXPECT',
+         long: '--expect EXPECT',
+         proc: proc(&:to_i),
+         default: 5
+
+  option :scheme,
+         description: 'consul listener scheme',
+         short: '-S SCHEME',
+         long: '--scheme SCHEME',
+         default: 'http'
+
+  option :insecure,
+         description: 'if set, disables SSL verification',
+         short: '-k',
+         long: '--insecure',
+         boolean: true,
+         default: false
+
+  option :capath,
+         description: 'absolute path to an alternate CA file',
+         short: '-c CAPATH',
+         long: '--capath CAPATH'
+
+  option :timeout,
+         description: 'connection will time out after this many seconds',
+         short: '-t TIMEOUT_IN_SECONDS',
+         long: '--timeout TIMEOUT_IN_SECONDS',
+         proc: proc(&:to_i),
+         default: 5
+
+  option :token,
+         description: 'ACL token',
+         long: '--token ACL_TOKEN'
+
+  def run
+    url = "#{config[:scheme]}://#{config[:server]}:#{config[:port]}/v1/status/peers"
+    options = { timeout: config[:timeout],
+                verify_ssl: (OpenSSL::SSL::VERIFY_NONE if defined? config[:insecure]),
+                ssl_ca_file: (config[:capath] if defined? config[:capath]),
+                headers: { 'X-Consul-Token' => config[:token] } }
+
+    json = RestClient::Resource.new(url, options).get
+    peers = JSON.parse(json).length.to_i
+    if peers < config[:min]
+      critical "[#{peers}] peers is below critical threshold of [#{config[:min]}]"
+    elsif peers != config[:expected]
+      warning "[#{peers}] peers is outside of expected count of [#{config[:expected]}]"
+    else
+      ok 'Peers within threshold'
+    end
+  rescue Errno::ECONNREFUSED
+    critical 'Consul is not responding'
+  rescue RestClient::RequestTimeout
+    critical 'Consul Connection timed out'
+  rescue RestClient::Exception => e
+    unknown "Consul returned: #{e}"
+  end
+end

data/bin/check-consul-service-health.rb

@@ -0,0 +1,161 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+#   check-consul-service-health
+#
+# DESCRIPTION:
+#   This plugin assists in checking the check status of a Consul Service
+#   In addition, it provides additional Yieldbot logic for Output containing
+#   JSON.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: diplomat
+#
+# USAGE:
+#   ./check-consul-service-health -s influxdb
+#   ./check-consul-service-health -a
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2015 Yieldbot, Inc. <devops@yieldbot.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'diplomat'
+require 'json'
+
+#
+# Service Status
+#
+class CheckConsulServiceHealth < Sensu::Plugin::Check::CLI
+  option :consul,
+         description: 'consul server',
+         long: '--consul SERVER',
+         default: 'http://localhost:8500'
+
+  option :nodename,
+         description: 'check all consul services running on the specified node',
+         short: '-n NODENAME',
+         long: '--node NODENAME'
+
+  option :service,
+         description: 'a service managed by consul',
+         short: '-s SERVICE',
+         long: '--service SERVICE',
+         default: 'consul'
+
+  option :tags,
+         description: 'filter services by a comma-separated list of tags (requires --service)',
+         short: '-t TAGS',
+         long: '--tags TAGS'
+
+  option :all,
+         description: 'get all services (not compatible with --tags)',
+         short: '-a',
+         long: '--all'
+
+  option :fail_if_not_found,
+         description: 'fail if no service is found',
+         short: '-f',
+         long: '--fail-if-not-found'
+
+  option :token,
+         description: 'ACL token',
+         long: '--token ACL_TOKEN'
+
+  # Get the service checks for the given service
+  def acquire_service_data
+    if config[:tags] && config[:service]
+      tags = config[:tags].split(',').to_set
+      services = []
+      Diplomat::Health.service(config[:service]).each do |s|
+        if s['Service']['Tags'].to_set.superset? tags
+          services.push(*s['Checks'])
+        end
+      end
+      services
+    elsif config[:nodename]
+      data = []
+      begin
+        services = Diplomat::Node.get(config[:nodename]).Services
+      rescue StandardError
+        services = {}
+      end
+      services.each_value do |service|
+        Diplomat::Health.checks(service['Service']).each do |check|
+          data.push(check) if check.Node == config[:nodename]
+        end
+      end
+      data
+    elsif config[:all]
+      Diplomat::Health.state('any')
+    else
+      Diplomat::Health.checks(config[:service])
+    end
+  end
+
+  # Do work
+  def run
+    if config[:tags] && config[:all]
+      critical 'Cannot specify --tags and --all simultaneously (Consul health/service/ versus health/state/).'
+    end
+
+    Diplomat.configure do |dc|
+      dc.url = config[:consul]
+      dc.acl_token = config[:token]
+      headers = {}
+      headers['X-Consul-Token'] = config[:token] if config[:token]
+      dc.options = {
+        headers: headers
+      }
+    end
+
+    found      = false
+    warnings   = false
+    criticals  = false
+    checks     = []
+
+    # Process all of the nonpassing service checks
+    acquire_service_data.each do |d|
+      found       = true
+      checkId     = d['CheckID'] # rubocop:disable Style/VariableName
+      checkStatus = d['Status'] # rubocop:disable Style/VariableName
+
+      # If we are passing do nothing
+      next if checkStatus == 'passing'
+
+      checks.push(
+        checkId => d['Output'],
+        'Status' => checkStatus
+      )
+
+      warnings  = true  if %w[warning].include? checkStatus
+      criticals = true  if %w[critical unknown].include? checkStatus
+    end
+
+    if config[:fail_if_not_found] && !found
+      msg = 'Could not find checks for any services'
+      if config[:service]
+        msg = "Could not find checks for service #{config[:service]}"
+        if config[:tags]
+          msg += " with tags #{config[:tags]}"
+        end
+      end
+      critical msg
+    end
+    critical checks if criticals
+    warning checks  if warnings
+    ok
+  end
+end

data/bin/check-consul-stale-peers.rb

@@ -0,0 +1,73 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: false
+
+#
+#   check-consul-stale-peers
+#
+# DESCRIPTION:
+#   This plugin checks the raft configuration for stale ("unknown") peers.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: rest-client
+#
+# USAGE:
+#   Connect to localhost, go critical when there are any stale peers:
+#     ./check-consul-stale-peers
+#
+#   Connect to a remote Consul server over HTTPS:
+#     ./check-consul-stale-peers -s 192.168.42.42 -p 4443 -P https
+#
+#   Go critical when the cluster has two or more stale peers:
+#     ./check-consul-stale-peers -W 1 -C 2
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2018, Jonathan Hartman <j@hartman.io>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugins-consul/check/base'
+
+#
+# Consul stale peers
+#
+class ConsulStalePeers < SensuPluginsConsul::Check::Base
+  option :warning,
+         description: 'Warn when there are this many stale peers',
+         short: '-W NUMBER_OF_PEERS',
+         long: '--warning NUMBER_OF_PEERS',
+         proc: proc(&:to_i),
+         default: 1
+
+  option :critical,
+         description: 'Go critical when there are this many stale peers',
+         short: '-C NUMBER_OF_PEERS',
+         long: '--critical NUMBER_OF_PEERS',
+         proc: proc(&:to_i),
+         default: 1
+
+  def run
+    raft = consul_get('operator/raft/configuration')
+
+    res = raft['Servers'].select { |s| s['Node'] == '(unknown)' }.length
+
+    msg = "Cluster contains #{res} stale peer#{'s' unless res == 1}"
+
+    if res >= config[:critical]
+      critical msg
+    elsif res >= config[:warning]
+      warning msg
+    else
+      ok msg
+    end
+  end
+end

data/bin/check-service-consul.rb

@@ -0,0 +1,160 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+#   check-service-consul
+#
+# DESCRIPTION:
+#   This plugin checks if consul says a service is 'passing' or
+#   'critical'
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: diplomat
+#
+# USAGE:
+#   ./check-service-consul -s influxdb
+#   ./check-service-consul -a
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2015 Yieldbot, Inc. <Sensu-Plugins>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'diplomat'
+
+#
+# Service Status
+#
+class ServiceStatus < Sensu::Plugin::Check::CLI
+  option :consul,
+         description: 'consul server',
+         long: '--consul SERVER',
+         default: 'http://localhost:8500'
+
+  option :service,
+         description: 'a service managed by consul',
+         short: '-s SERVICE',
+         long: '--service SERVICE',
+         default: 'consul'
+
+  option :tags,
+         description: 'filter services by a comma-separated list of tags (requires --service)',
+         short: '-t TAGS',
+         long: '--tags TAGS'
+
+  option :all,
+         description: 'get all services in a non-passing status (not compatible with --tags)',
+         short: '-a',
+         long: '--all'
+
+  option :fail_if_not_found,
+         description: 'fail if no service is found',
+         short: '-f',
+         long: '--fail-if-not-found'
+
+  option :token,
+         description: 'ACL token',
+         long: '--token ACL_TOKEN'
+
+  # Get the check data for the service from consul
+  #
+  def acquire_service_data
+    if config[:tags] && config[:service]
+      tags = config[:tags].split(',').to_set
+      services = []
+      Diplomat::Health.service(config[:service]).each do |s|
+        if s['Service']['Tags'].to_set.superset? tags
+          services.push(*s['Checks'])
+        end
+      end
+      return services
+    elsif config[:all]
+      Diplomat::Health.state('any')
+    else
+      Diplomat::Health.checks(config[:service])
+    end
+  rescue Faraday::ConnectionFailed => e
+    warning "Connection error occurred: #{e}"
+  rescue Diplomat::UnknownStatus => e
+    if e.message.include?('403')
+      critical %(ACL token is not authorized to access service "#{config[:service]}")
+    else
+      critical "Unhandled exception(#{e.class}) -- #{e.message}"
+    end
+  rescue Faraday::ClientError => e
+    if e.response[:status] == 403
+      critical %(ACL token is not authorized to access service "#{config[:service]}": #{e.response[:body]})
+    else
+      unknown "Exception occurred when checking consul service: #{e}"
+    end
+  rescue StandardError => e
+    unknown "Exception occurred when checking consul service: #{e}"
+  end
+
+  # Main function
+  #
+  def run
+    if config[:tags] && config[:all]
+      critical 'Cannot specify --tags and --all simultaneously (Consul health/service/ versus health/state/).'
+    end
+
+    Diplomat.configure do |dc|
+      dc.url = config[:consul]
+      dc.acl_token = config[:token]
+      dc.options = {
+        headers: {
+          'X-Consul-Token' => config[:token]
+        }
+      }
+    end
+
+    data = acquire_service_data
+    passing = []
+    failing = []
+    data.each do |d|
+      if d['Status'] == 'passing'
+        passing << {
+          'node' => d['Node'],
+          'service' => d['ServiceName'],
+          'service_id' => d['ServiceID'],
+          'notes' => d['Notes']
+        }
+      elsif d['Status'] == 'critical'
+        failing << {
+          'node' => d['Node'],
+          'service' => d['ServiceName'],
+          'service_id' => d['ServiceID'],
+          'notes' => d['Notes']
+        }
+      end
+    end
+
+    if failing.empty? && passing.empty?
+      msg = 'Could not find checks for any services'
+      if config[:service]
+        msg = "Could not find checks for service #{config[:service]}"
+        if config[:tags]
+          msg += " with tags #{config[:tags]}"
+        end
+      end
+      if config[:fail_if_not_found]
+        critical msg
+      else
+        unknown msg
+      end
+    end
+    critical failing unless failing.empty?
+    ok passing unless passing.empty?
+  end
+end