Browse Source

Icinga2: Add check_conntrack_size to check conntrack table usage.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Maximilian Wilhelm 6 years ago
parent
commit
6d13e050eb

+ 13 - 0
icinga2/commands.d/network.conf

@@ -2,6 +2,8 @@
 # FFHO Check Commands for network related stuff (Salt Managed)
 #
 
+#
+# ifupdown2
 object CheckCommand "ifupdown2" {
         import "plugin-check-command"
 
@@ -13,6 +15,17 @@ object CheckCommand "ifupdown2" {
 }
 
 
+#
+# Conntrack table size
+object CheckCommand "conntrack_size" {
+	import "plugin-check-command"
+
+	command = [ "/usr/bin/sudo", FFHOPluginDir + "/check_conntrack_size" ]
+}
+
+
+#
+# bird OSPF + BGP
 object CheckCommand "bird_ospf" {
 	import "plugin-check-command"
 

+ 1 - 1
icinga2/icinga2.sudoers

@@ -1,4 +1,4 @@
 #
 # sudoers file for Icinga2 monitoring commands (Salt managed)
 #
-nagios  ALL=NOPASSWD:/usr/local/sbin/dhcpd-pool, /usr/local/share/monitoring-plugins/check_bird_ospf, /usr/local/share/monitoring-plugins/check_bird_bgp, /usr/local/share/monitoring-plugins/check_ifupdown2
+nagios  ALL=NOPASSWD:/usr/local/sbin/dhcpd-pool, /usr/local/share/monitoring-plugins/check_bird_ospf, /usr/local/share/monitoring-plugins/check_bird_bgp, /usr/local/share/monitoring-plugins/check_ifupdown2, /usr/local/share/monitoring-plugins/check_conntrack_size

+ 64 - 0
icinga2/plugins/check_conntrack_size

@@ -0,0 +1,64 @@
+#!/usr/bin/python
+#
+# Nagios plugin to check netfilter conntrack size
+#
+# Maximilian Wilhelm <max@rfc2324.org>
+#  --  Fri 11 Mar 2016 08:56:08 PM CET
+#
+
+import argparse
+import os.path
+import sys
+
+code = 0
+msg = ""
+
+parser = argparse.ArgumentParser (description = 'check netfilter conntrack table size')
+
+parser.add_argument ('--warn', '-w', help = "Warning conntrack table usage (percent)", default = "70")
+parser.add_argument ('--crit', '-c', help = "Critical conntrack table usage (percent)", default = "85")
+parser.add_argument ('--no-conntrack', help = "Return code when no conntrack is loaded.", default = "ok", choices = [ "ok", "warn", "crit", "unkn" ])
+
+args = parser.parse_args ()
+
+ret_map = {
+	'ok' : 0,
+	'warn' : 1,
+	'crit' : 2,
+	'unkn' : 3,
+}
+
+def read_int (path):
+	try:
+		with open (path, 'r') as fh:
+			return int (fh.read ())
+	except ValueError as v:
+		return -1
+	except IOError as i:
+		print "conntrack seems not to be loaded."
+		sys.exit (ret_map[args.no_conntrack])
+
+num_entries = read_int ("/proc/sys/net/netfilter/nf_conntrack_count")
+max_entries = read_int ("/proc/sys/net/netfilter/nf_conntrack_max")
+
+
+usage = num_entries / max_entries * 100
+
+if usage >= args.crit:
+	code = 2
+	msg = "Conntrack pool usage over %s%%: %d (%d / %d)" % (args.crit, usage, num_entries, max_entries)
+
+elif usage >= args.warn:
+	code = 1
+	msg = "Conntrack pool usage over %s%%: %d (%d/ %d)" % (args.warn, usage, num_entries, max_entries)
+
+elif usage < args.warn:
+	code = 0
+	msg = "Conntrack pool usage as at %d%% (%d / %d)" % (usage, num_entries, max_entries)
+
+else:
+	code = 3
+	msg = "WTF? Please examinte the situation manually and kinly do the needful!"
+
+print msg
+sys.exit (code)

+ 15 - 0
icinga2/services/network.conf

@@ -20,6 +20,21 @@ apply Service "ifupdown2" {
 }
 
 
+#
+# Metfilter connection tracking table size
+apply Service "conntrack_size" {
+	import "generic-service"
+
+	check_command = "conntrack_size"
+
+	if (host.name != NodeName) {
+		command_endpoint = host.name
+	}
+
+	assign where host.address && host.vars.os == "Linux"
+}
+
+
 #
 # bird process
 apply Service "bird" {