New check for checking HTTP responses for each instances on a ELB #239
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,197 @@ | ||
| #! /usr/bin/env ruby | ||
| # | ||
| # check-elb-instances-endpoints | ||
| # | ||
| # DESCRIPTION: | ||
| # This plugin checks for a HTTP 200 against each instance attached to a ELB. | ||
| # | ||
| # OUTPUT: | ||
| # plain-text | ||
| # | ||
| # PLATFORMS: | ||
| # Linux | ||
| # | ||
| # DEPENDENCIES: | ||
| # gem: aws-sdk | ||
| # gem: sensu-plugin | ||
| # | ||
| # USAGE: | ||
| # | ||
| # Check each instance on the elb returns a HTTP200 on the path / | ||
| # check-elb-instances-endpoints.rb -n ELBNAME -p / | ||
| # | ||
| # Check each instance on the elb returns a HTTP200 on the path / and use https | ||
| # check-elb-instances-endpoints.rb -n ELBNAME -p / -s | ||
| # | ||
| # Check each instance on the elb returns a HTTP200 on the path / using port 8080 | ||
| # check-elb-instances-endpoints.rb -n ELBNAME -p / -P 8080 | ||
| # | ||
| # Check each instance on the elb returns a HTTP200 on the path / in a given AWS region | ||
| # check-elb-instances-endpoints.rb -n ELBNAME -p / -r eu-west-1 | ||
| # | ||
| # LICENSE: | ||
| # MIT License | ||
| # | ||
| # Copyright (c) 2017 Claranet | ||
| # | ||
| # Permission is hereby granted, free of charge, to any person obtaining a copy | ||
| # of this software and associated documentation files (the "Software"), to deal | ||
| # in the Software without restriction, including without limitation the rights | ||
| # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
| # copies of the Software, and to permit persons to whom the Software is | ||
| # furnished to do so, subject to the following conditions: | ||
| # | ||
| # The above copyright notice and this permission notice shall be included in all | ||
| # copies or substantial portions of the Software. | ||
| # | ||
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
| # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
| # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
| # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
| # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
| # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
| # SOFTWARE. | ||
| # | ||
|
|
||
| require 'sensu-plugin/check/cli' | ||
| require 'aws-sdk-v1' | ||
|
|
||
| # check each node by calling a http endpoint | ||
| class HTTPCheckELBNodes < Sensu::Plugin::Check::CLI | ||
| option :aws_access_key, | ||
|
There was a problem hiding this comment. We are trending towards not passing the key on the CLI at all due to the number of people not properly using token substitution and lack of redaction. If you use the v2 and: https://github.com/sensu-plugins/sensu-plugins-aws/blob/8.3.0/lib/sensu-plugins-aws/common.rb you will get env and IAM which are the two methods we are going to use going forward. |
||
| short: '-a AWS_ACCESS_KEY', | ||
| long: '--aws-access-key AWS_ACCESS_KEY', | ||
| description: "AWS Access Key. or use ENV['AWS_ACCESS_KEY']", | ||
| default: ENV['AWS_ACCESS_KEY'] | ||
|
|
||
| option :aws_secret_access_key, | ||
|
|
||
| short: '-k AWS_SECRET_KEY', | ||
| long: '--aws-secret-access-key AWS_SECRET_KEY', | ||
| description: "AWS Secret Access Key or use ENV['AWS_SECRET_KEY']", | ||
| default: ENV['AWS_SECRET_KEY'] | ||
|
|
||
| option :aws_region, | ||
| short: '-r AWS_REGION', | ||
| long: '--aws-region REGION', | ||
| description: 'AWS Region (defaults to eu-west-1)', | ||
| default: 'eu-west-1' | ||
|
|
||
| option :instance_name, | ||
| short: '-n ELB_NAME', | ||
| long: '--name ELB_NAME', | ||
| description: 'Regular expression to describe the elb name', | ||
| required: true | ||
|
|
||
| option :path, | ||
| short: '-p PATH', | ||
| long: '--path PATH', | ||
| description: 'path to check', | ||
| required: true | ||
|
|
||
| option :use_http, | ||
| long: '--http', | ||
| description: 'use http (default: false)', | ||
| boolean: true, | ||
| default: false | ||
|
|
||
| option :port, | ||
| short: '-P PORT', | ||
| long: '--port PORT', | ||
| description: 'HTTP port', | ||
| default: 0, | ||
| proc: proc(&:to_i) | ||
|
|
||
| option :timeout, | ||
| long: '--timeout TIMEOUT', | ||
| description: 'HTTP timeout', | ||
| default: 2, | ||
| proc: proc(&:to_i) | ||
|
|
||
| option :private_dns, | ||
| long: '--private-dns', | ||
| description: 'Use the private DNS name (default is the public dns)', | ||
| default: false, | ||
| boolean: true | ||
|
|
||
| option :response_code, | ||
| long: '--response-code', | ||
| description: 'Expected response code (default HTTP200)', | ||
| default: '200' | ||
|
|
||
| def aws_config | ||
| { access_key_id: config[:aws_access_key], | ||
| secret_access_key: config[:aws_secret_access_key], | ||
| region: config[:aws_region] } | ||
| end | ||
|
|
||
| def run | ||
| instances = get_instances((AWS::ELB.new aws_config)) | ||
| errors = {} | ||
|
|
||
| instances.each do |inst| | ||
| resp = call_endpoint(inst) | ||
| errors[inst.id] = resp unless resp.nil? | ||
| end.empty? && begin | ||
| errors['amount'] = 'zero instances found' | ||
| end | ||
|
|
||
| errors.keys.count.zero? ? (ok 'all is good') : (critical errors.to_s) | ||
| end | ||
|
|
||
| def get_instances(elbs) | ||
| instances = [] | ||
| elbs.load_balancers.each do |elb| | ||
| elb.instances.each { |instance| instances << instance if /#{config[:instance_name]}/ =~ instance.tags['Name'] } | ||
| end | ||
| instances | ||
| rescue => e | ||
| unknown "retrieving load balancer describtors: #{e}" | ||
| end | ||
|
|
||
| def name | ||
| config[:load_balancer_name] | ||
| end | ||
|
|
||
| def call_endpoint(inst) | ||
| url = URI("#{schema}://#{host(inst)}#{port}#{path}") | ||
| http = Net::HTTP.new(url.host, url.port) | ||
| http.read_timeout = timeout | ||
| http.open_timeout = timeout | ||
| resp = http.start { |session| session.get(url.path) } | ||
| invalid_code = resp.code != response_code | ||
| return 'Page not found' if invalid_code && resp.code == '404' | ||
| return 'Invalid status' if invalid_code && resp.body.empty? | ||
| return resp.body if invalid_code | ||
| nil | ||
| rescue | ||
| 'Timeout' | ||
| end | ||
|
|
||
| def host(inst) | ||
| private_dns ? inst.private_dns_name : inst.public_dns_name | ||
| end | ||
|
|
||
| def private_dns | ||
| config[:private_dns] | ||
| end | ||
|
|
||
| def timeout | ||
| config[:timeout] | ||
| end | ||
|
|
||
| def schema | ||
| config[:use_http] ? 'http' : 'https' | ||
| end | ||
|
|
||
| def port | ||
| config[:port].zero? ? '' : ":#{config[:port]}" | ||
| end | ||
|
|
||
| def path | ||
| config[:path] | ||
| end | ||
|
|
||
| def response_code | ||
| config[:response_code] | ||
| end | ||
| end | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
with this being a new check we should write this against the v2 api. Eventually we will be going through and updating the checks for v2 and dropping v1 support due to version conflicts with newer versions of some gems (json if I recall correctly) with newer sensu setups.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes this is a really big issue which prevents us from upgrading to 1.x
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we re-write this to be against v2?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍