From 93f62b999ed8eb4abce8563dc58b83624dbb0ecd Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Thu, 24 Jun 2021 17:15:26 -0700 Subject: [PATCH] nagios: Replace check_website_response with standard check_http plugin. Signed-off-by: Anders Kaseorg --- docs/THIRDPARTY | 4 - docs/production/troubleshooting.md | 1 - .../check_website_response.sh | 199 ------------------ puppet/zulip/manifests/profile/base.pp | 4 - puppet/zulip_ops/files/nagios3/commands.cfg | 10 +- puppet/zulip_ops/manifests/profile/nagios.pp | 5 +- .../nagios3/localhost.cfg.template.erb | 2 +- tools/linter_lib/exclude.py | 1 - 8 files changed, 10 insertions(+), 216 deletions(-) delete mode 100755 puppet/zulip/files/nagios_plugins/zulip_nagios_server/check_website_response.sh diff --git a/docs/THIRDPARTY b/docs/THIRDPARTY index 78724bf0be..32e0ccaed2 100644 --- a/docs/THIRDPARTY +++ b/docs/THIRDPARTY @@ -33,10 +33,6 @@ Copyright: 2005 Francesc Guasch License: GPL-2.0 Comment: Not linked. -Files: puppet/zulip/files/nagios_plugins/zulip_nagios_server/check_website_response.sh -Copyright: 2011 Chris Freeman -License: GPL-2.0 - Files: puppet/zulip_ops/files/zulip-ec2-configure-interfaces Copyright: 2013-2017, Dropbox, Inc., Kandra Labs, Inc., and contributors License: Expat diff --git a/docs/production/troubleshooting.md b/docs/production/troubleshooting.md index acae9090f5..f865efabdb 100644 --- a/docs/production/troubleshooting.md +++ b/docs/production/troubleshooting.md @@ -260,7 +260,6 @@ Database monitoring: Standard server monitoring: -* `check_website_response.sh`: Basic HTTP check. * `check_debian_packages`: Checks whether the system is behind on `apt upgrade`. diff --git a/puppet/zulip/files/nagios_plugins/zulip_nagios_server/check_website_response.sh b/puppet/zulip/files/nagios_plugins/zulip_nagios_server/check_website_response.sh deleted file mode 100755 index 46753e7e50..0000000000 --- a/puppet/zulip/files/nagios_plugins/zulip_nagios_server/check_website_response.sh +++ /dev/null @@ -1,199 +0,0 @@ -#!/bin/sh -# -# Nagios script to check website is up and responding in a timely manner -# Written by Chris Freeman (cfree6223@gmail.com) -# Version 1.1 -# (c) GPLv2 2011 -# -# Special thanks to dkwiebe and Konstantine Vinogradov for suggestions and feedback -# - - -### Environment paths -NETCAT=/bin/nc -DATE=/bin/date -WGET=/usr/bin/wget -ECHO=/bin/echo -AWK=/usr/bin/awk -CKSUM=/usr/bin/cksum -TR=/usr/bin/tr - -# Temp file -WGETOUT=/tmp/wgetoutput - -### Functions -# Check dependencies and paths -checkpaths(){ - for PATH in $NETCAT $DATE $WGET $ECHO $AWK $CKSUM $TR; do - if [ ! -f "$PATH" ]; then - STATUS=UNKNOWN - OUTMSG="ERROR: $PATH does does not exist" - output - fi - done -} - - -# Check inputs and formats -checkinputs(){ - if [ ! -n "$WARN" ]; then - ERROR="Warning not set" - usage - fi - case $WARN in - *[!0-9]*) - ERROR="Warning must be an integer in milliseconds" - usage - esac - if [ ! -n "$CRIT" ]; then - ERROR="Critical not set" - usage - fi - case $CRIT in - *[!0-9]*) - ERROR="Critical must be an integer in milliseconds" - usage - esac - if [ "$CRIT" -lt "$WARN" ]; then - ERROR="Critical must be greater than Warning" - usage - fi - if [ ! -n "$URL" ]; then - ERROR="URL not set" - usage - fi -} - -# Make temp file unique for URL -mktmpfile(){ - WGETOUTCKSUM=$WGETOUT`$ECHO $URL |$CKSUM |$AWK '{print $1}'` -} - -# Print usage statement -usage(){ - $ECHO "RESPONSE: UNKNOWN - Error: $ERROR" - $ECHO "Usage: check_website_response.sh -w -c -u [ -nocert ]" - exit 3 -} - -# Check if URL resolves, port is open and webpage contains data -checkopen(){ - # Determine PORT from scheme - SCHEME=`$ECHO $URL |$AWK -F: '{print $1}'| $TR [:upper:] [:lower:]` - - # Strip scheme out of URL - case $URL in - *://*) - SHORTURL=`$ECHO $URL |$AWK -F"://" '{print $2}'`;; - *) - SHORTURL=$URL;; - esac - - # Strip path out of URL - case $SHORTURL in - */*) - SHORTURL=`$ECHO $SHORTURL |$AWK -F/ '{print $1}'`;; - esac - - # if no scheme check for ports in SHORTURL or else default to 80 - case $SHORTURL in - *:*@*:*) - if [ ! -n "$PORT" ]; then - PORT=`$ECHO $SHORTURL |$AWK -F: '{print $3}'` - fi - SHORTURL=`$ECHO $SHORTURL |$AWK -F@ '{print $2}'` - SHORTURL=`$ECHO $SHORTURL |$AWK -F: '{print $1}'`;; - *:*@*) - if [ ! -n "$PORT" ]; then - PORT=80 - fi - SHORTURL=`$ECHO $SHORTURL |$AWK -F@ '{print $2}'`;; - *:*) - if [ ! -n "$PORT" ]; then - PORT=`$ECHO $SHORTURL |$AWK -F: '{print $2}'` - fi - SHORTURL=`$ECHO $SHORTURL |$AWK -F: '{print $1}'`;; - *) - if [ "$SCHEME" = "https" ]; then - PORT=443 - fi - if [ ! -n "$PORT" ]; then - PORT=80 - fi;; - esac - - # Check if URL resolves and port is open - if ! $NETCAT -z $SHORTURL $PORT > /dev/null 2>&1; then - OUTMSG="URL $SHORTURL can't resolve or port $PORT not open" - STATUS=CRITICAL - output - fi - - # Check if page can be loaded and contains data - if [ -n "$NOCERT" ]; then - $WGET --no-check-certificate -q -O $WGETOUTCKSUM $URL - else - $WGET -q -O $WGETOUTCKSUM $URL - fi - - if [ ! -s "$WGETOUTCKSUM" ]; then - OUTMSG="$URL does not contain any data" - STATUS=CRITICAL - output - fi -} - -# Check page response time -pageload(){ - if [ -n "$NOCERT" ]; then - STARTTIME=$($DATE +%s%N) - $WGET --no-check-certificate -q $URL - ENDTIME=$($DATE +%s%N) - else - STARTTIME=$($DATE +%s%N) - $WGET -q $URL - ENDTIME=$($DATE +%s%N) - fi - TIMEDIFF=$((($ENDTIME-$STARTTIME)/1000000)) - if [ "$TIMEDIFF" -lt "$WARN" ]; then - STATUS=OK - elif [ "$TIMEDIFF" -ge "$WARN" ] && [ "$TIMEDIFF" -lt "$CRIT" ]; then - STATUS=WARNING - elif [ "$TIMEDIFF" -ge "$CRIT" ]; then - STATUS=CRITICAL - fi - OUTMSG="$TIMEDIFF ms" -} - -# Output statement and exit -output(){ - $ECHO "RESPONSE: $STATUS - $OUTMSG""|Response="$TIMEDIFF"ms;"$WARN";"$CRIT";0" - if [ "$STATUS" = "OK" ]; then - exit 0 - elif [ "$STATUS" = "WARNING" ]; then - exit 1 - elif [ "$STATUS" = "CRITICAL" ]; then - exit 2 - fi - exit 3 -} - -### Main -# Input variables -while getopts w:c:u:n: option - do case "$option" in - w) WARN=$OPTARG;; - c) CRIT=$OPTARG;; - u) URL=$OPTARG;; - n) NOCERT=$OPTARG;; - *) ERROR="Illegal option used" - usage;; - esac -done - -checkpaths -checkinputs -mktmpfile -checkopen -pageload -output diff --git a/puppet/zulip/manifests/profile/base.pp b/puppet/zulip/manifests/profile/base.pp index 4eb23b4cec..37a2cb0f22 100644 --- a/puppet/zulip/manifests/profile/base.pp +++ b/puppet/zulip/manifests/profile/base.pp @@ -39,10 +39,7 @@ class zulip::profile::base { 'python3-yaml', 'puppet', 'git', - # Used for most downloads 'curl', - # Used in check_website_response.sh - 'wget', 'jq', 'procps', # Used to read /etc/zulip/zulip.conf for `zulipconf` Puppet function @@ -67,7 +64,6 @@ class zulip::profile::base { 'puppet', 'git', 'curl', - 'wget', 'jq', 'crudini', 'ntp', diff --git a/puppet/zulip_ops/files/nagios3/commands.cfg b/puppet/zulip_ops/files/nagios3/commands.cfg index 12430e5f7a..f50d49a21f 100644 --- a/puppet/zulip_ops/files/nagios3/commands.cfg +++ b/puppet/zulip_ops/files/nagios3/commands.cfg @@ -176,11 +176,6 @@ define command { command_line /usr/lib/nagios/plugins/check_by_ssh -l nagios -t 30 -i /var/lib/nagios/.ssh/id_ed25519 -H $HOSTADDRESS$ -C '/usr/lib/nagios/plugins/zulip_app_frontend/check_email_deliverer_backlog' } -define command{ - command_name check_website_response - command_line /usr/lib/nagios/plugins/zulip_nagios_server/check_website_response.sh -u $ARG1$ -w $ARG2$ -c $ARG3$ -} - define command{ command_name check_worker_memory command_line /usr/lib/nagios/plugins/check_by_ssh -l nagios -t 30 -i /var/lib/nagios/.ssh/id_ed25519 -H $HOSTADDRESS$ -C '/usr/lib/nagios/plugins/zulip_app_frontend/check_worker_memory' @@ -205,3 +200,8 @@ define command{ command_name check_apt_repo_status command_line /usr/lib/nagios/plugins/check_http --sni --ssl -H '$ARG1$' -u 'https://$ARG1$$ARG2$/dists/stable/Release' --expect=200 -s Contents-amd64 } + +define command{ + command_name check_camo + command_line /usr/lib/nagios/plugins/check_http --sni --ssl -H '$ARG1$' -u '$ARG2$' -k 'Accept-Encoding: identity' -w '$ARG3$' -c '$ARG4$' +} diff --git a/puppet/zulip_ops/manifests/profile/nagios.pp b/puppet/zulip_ops/manifests/profile/nagios.pp index 14867587c5..3875b56085 100644 --- a/puppet/zulip_ops/manifests/profile/nagios.pp +++ b/puppet/zulip_ops/manifests/profile/nagios.pp @@ -16,7 +16,10 @@ class zulip_ops::profile::nagios { $nagios_mail_domain = zulipconf('nagios', 'mail_domain', undef) $nagios_mail_host = zulipconf('nagios', 'mail_host', undef) $nagios_mail_password = zulipsecret('secrets', 'nagios_mail_password', '') - $nagios_camo_check_url = zulipconf('nagios', 'camo_check_url', undef) + if zulipconf('nagios', 'camo_check_url', undef) =~ /^https:\/\/([^\/]*)(\/.*)$/ { + $nagios_camo_check_host = $1 + $nagios_camo_check_path = $2 + } $default_host_domain = zulipconf('nagios', 'default_host_domain', undef) $hosts_zmirror = split(zulipconf('nagios', 'hosts_zmirror', undef), ',') diff --git a/puppet/zulip_ops/templates/nagios3/localhost.cfg.template.erb b/puppet/zulip_ops/templates/nagios3/localhost.cfg.template.erb index 4a063e81f5..461babc371 100644 --- a/puppet/zulip_ops/templates/nagios3/localhost.cfg.template.erb +++ b/puppet/zulip_ops/templates/nagios3/localhost.cfg.template.erb @@ -38,5 +38,5 @@ define service{ use generic-service host_name nagios service_description Check Camo is operational - check_command check_website_response!<%= @nagios_camo_check_url %>!6000!12000! + check_command check_camo!<%= @nagios_camo_check_host %>!<%= @nagios_camo_check_path %>!6!12 } diff --git a/tools/linter_lib/exclude.py b/tools/linter_lib/exclude.py index d1a0b8dd65..4466de202d 100644 --- a/tools/linter_lib/exclude.py +++ b/tools/linter_lib/exclude.py @@ -1,7 +1,6 @@ # Exclude some directories and files from lint checking EXCLUDED_FILES = [ # Third-party code that doesn't match our style - "puppet/zulip/files/nagios_plugins/zulip_nagios_server/check_website_response.sh", "static/third", # Transifex syncs translation.json files without trailing # newlines; there's nothing other than trailing newlines we'd be