From de31b2698feda4082f85509235ad15ce79e1011d Mon Sep 17 00:00:00 2001 From: garnier-quentin Date: Thu, 24 Oct 2019 13:47:48 +0200 Subject: [PATCH] enhance paloalto ssh cli --- network/paloalto/ssh/custom/cli.pm | 6 + network/paloalto/ssh/mode/ha.pm | 263 ++++++++++++++++++++++++ network/paloalto/ssh/mode/interfaces.pm | 152 ++++++++++++++ network/paloalto/ssh/mode/vpn.pm | 152 ++++++++++++++ network/paloalto/ssh/plugin.pm | 3 + 5 files changed, 576 insertions(+) create mode 100644 network/paloalto/ssh/mode/ha.pm create mode 100644 network/paloalto/ssh/mode/interfaces.pm create mode 100644 network/paloalto/ssh/mode/vpn.pm diff --git a/network/paloalto/ssh/custom/cli.pm b/network/paloalto/ssh/custom/cli.pm index a27175363..76a6f52b8 100644 --- a/network/paloalto/ssh/custom/cli.pm +++ b/network/paloalto/ssh/custom/cli.pm @@ -95,6 +95,12 @@ sub check_options { return 0; } +sub get_hostname { + my ($self, %options) = @_; + + return $self->{option_results}->{hostname}; +} + ############## # Specific methods ############## diff --git a/network/paloalto/ssh/mode/ha.pm b/network/paloalto/ssh/mode/ha.pm new file mode 100644 index 000000000..cf84a4457 --- /dev/null +++ b/network/paloalto/ssh/mode/ha.pm @@ -0,0 +1,263 @@ +# +# Copyright 2019 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package network::paloalto::ssh::mode::ha; + +use base qw(centreon::plugins::templates::counter); + +use strict; +use warnings; +use Digest::MD5 qw(md5_hex); +use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold catalog_status_calc); + +sub custom_sync_status_output { + my ($self, %options) = @_; + + my $msg = sprintf( + 'sync status: %s [enabled: %s]', + $self->{result_values}->{status}, + $self->{result_values}->{enabled} + ); + return $msg; +} + +sub custom_member_status_output { + my ($self, %options) = @_; + + my $msg = sprintf( + 'state: %s', + $self->{result_values}->{state} + ); + return $msg; +} + +sub custom_member_status_calc { + my ($self, %options) = @_; + + $self->{result_values}->{stateLast} = $options{old_datas}->{$self->{instance} . '_state'}; + $self->{result_values}->{state} = $options{new_datas}->{$self->{instance} . '_state'}; + if (!defined($options{old_datas}->{$self->{instance} . '_state'})) { + $self->{error_msg} = "buffer creation"; + return -2; + } + + return 0; +} + +sub custom_link_status_output { + my ($self, %options) = @_; + + my $msg = sprintf( + 'status: %s', + $self->{result_values}->{status}, + ); + return $msg; +} + +sub set_counters { + my ($self, %options) = @_; + + $self->{maps_counters_type} = [ + { name => 'sync', type => 0 }, + { name => 'member', type => 3, cb_prefix_output => 'prefix_member_output', cb_long_output => 'member_long_output', indent_long_output => ' ', message_multiple => 'All members are ok', + group => [ + { name => 'global', type => 0, skipped_code => { -10 => 1 } }, + { name => 'link', display_long => 1, cb_prefix_output => 'prefix_link_output', message_multiple => 'All links are ok', type => 1, skipped_code => { -10 => 1 } }, + ] + } + ]; + + $self->{maps_counters}->{sync} = [ + { label => 'sync-status', threshold => 0, set => { + key_values => [ { name => 'enabled' }, { name => 'status'} ], + closure_custom_calc => \&catalog_status_calc, + closure_custom_output => $self->can('custom_sync_status_output'), + closure_custom_perfdata => sub { return 0; }, + closure_custom_threshold_check => \&catalog_status_threshold, + } + }, + ]; + + $self->{maps_counters}->{global} = [ + { label => 'member-status', threshold => 0, set => { + key_values => [ { name => 'state' }, { name => 'display' } ], + closure_custom_calc => $self->can('custom_member_status_calc'), + closure_custom_output => $self->can('custom_member_status_output'), + closure_custom_perfdata => sub { return 0; }, + closure_custom_threshold_check => \&catalog_status_threshold, + } + }, + ]; + + $self->{maps_counters}->{link} = [ + { label => 'link-status', threshold => 0, set => { + key_values => [ { name => 'status' }, { name => 'display' } ], + closure_custom_calc => \&catalog_status_calc, + closure_custom_output => $self->can('custom_link_status_output'), + closure_custom_perfdata => sub { return 0; }, + closure_custom_threshold_check => \&catalog_status_threshold, + } + }, + ]; +} + +sub member_long_output { + my ($self, %options) = @_; + + return "checking member '" . $options{instance_value}->{display} . "'"; +} + +sub prefix_member_output { + my ($self, %options) = @_; + + return "Member '" . $options{instance_value}->{display} . "' "; +} + +sub prefix_link_output { + my ($self, %options) = @_; + + return "link '" . $options{instance_value}->{display} . "' "; +} + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options, statefile => 1, force_new_perfdata => 1); + bless $self, $class; + + $options{options}->add_options(arguments => { + 'unknown-member-status:s' => { name => 'unknown_member_status', default => '' }, + 'warning-member-status:s' => { name => 'warning_member_status', default => '' }, + 'critical-member-status:s' => { name => 'critical_member_status', default => '%{state} ne %{stateLast}' }, + 'unknown-link-status:s' => { name => 'unknown_link_status', default => '' }, + 'warning-link-status:s' => { name => 'warning_link_status', default => '' }, + 'critical-link-status:s' => { name => 'critical_link_status', default => '%{status} ne "up"' }, + 'unknown-sync-status:s' => { name => 'unknown_sync_status', default => '' }, + 'warning-sync-status:s' => { name => 'warning_sync_status', default => '' }, + 'critical-sync-status:s' => { name => 'critical_sync_status', default => '%{enabled} eq "yes" and %{status} ne "synchronized"' }, + }); + + return $self; +} + +sub check_options { + my ($self, %options) = @_; + $self->SUPER::check_options(%options); + + $self->change_macros( + macros => [ + 'unknown_sync_status', 'warning_sync_status', 'critical_sync_status', + 'unknown_member_status', 'warning_member_status', 'critical_member_status', + 'unknown_link_status', 'warning_link_status', 'critical_link_status' + ] + ); +} + +sub manage_selection { + my ($self, %options) = @_; + + my $result = $options{custom}->execute_command(command => 'show high-availability state'); + if ($result->{enabled} ne 'yes') { + $self->{output}->add_option_msg(short_msg => 'high-availibility is disbaled'); + $self->{output}->option_exit(); + } + + $self->{member} = { + local => { display => 'local', global => { display => 'local' } }, + peer => { display => 'peer', global => { display => 'peer' }, link => {} } + }; + $self->{member}->{local}->{global}->{state} = $result->{group}->{'local-info'}->{state}; + $self->{member}->{peer}->{global}->{state} = $result->{group}->{'peer-info'}->{state}; + + foreach (keys %{$result->{group}->{'peer-info'}}) { + next if (!/^conn-(.*)$/ || ref($result->{group}->{'peer-info'}->{$_}) ne 'HASH'); + my $name = $1 . '-' . $result->{group}->{'peer-info'}->{$_}->{'conn-desc'}; + $self->{member}->{peer}->{link}->{$name} = { + display => $name, + status => $result->{group}->{'peer-info'}->{$_}->{'conn-status'} + }; + } + + $self->{sync} = { + enabled => $result->{group}->{'running-sync-enabled'}, + status => $result->{group}->{'running-sync'} + }; + + $self->{cache_name} = "paloalto_" . $self->{mode} . '_' . $options{custom}->get_hostname() . '_' . + (defined($self->{option_results}->{filter_counters}) ? md5_hex($self->{option_results}->{filter_counters}) : md5_hex('all')); +} + +1; + +__END__ + +=head1 MODE + +Check high availability. + +=over 8 + +=item B<--unknown-sync-status> + +Set unknown threshold for status (Default: ''). +Can used special variables like: %{enabled}, %{status} + +=item B<--warning-sync-status> + +Set warning threshold for status (Default: ''). +Can used special variables like: %{enabled}, %{status} + +=item B<--critical-sync-status> + +Set critical threshold for status (Default: '%{enabled} eq "yes" and %{status} ne "synchronized"'). +Can used special variables like: %{enabled}, %{status} + +=item B<--unknown-member-status> + +Set unknown threshold for status (Default: ''). +Can used special variables like: %{state}, %{stateLast} + +=item B<--warning-member-status> + +Set warning threshold for status (Default: ''). +Can used special variables like: %{state}, %{stateLast} + +=item B<--critical-member-status> + +Set critical threshold for status (Default: '%{state} ne %{stateLast}'). +Can used special variables like: %{state}, %{stateLast} + +=item B<--unknown-link-status> + +Set unknown threshold for status (Default: ''). +Can used special variables like: %{status}, %{display} + +=item B<--warning-link-status> + +Set warning threshold for status (Default: ''). +Can used special variables like: %{status}, %{display} + +=item B<--critical-link-status> + +Set critical threshold for status (Default: '%{status} ne "up"'). +Can used special variables like: %{status}, %{display} + +=back + +=cut diff --git a/network/paloalto/ssh/mode/interfaces.pm b/network/paloalto/ssh/mode/interfaces.pm new file mode 100644 index 000000000..df1b15163 --- /dev/null +++ b/network/paloalto/ssh/mode/interfaces.pm @@ -0,0 +1,152 @@ +# +# Copyright 2019 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package network::paloalto::ssh::mode::interfaces; + +use base qw(centreon::plugins::templates::counter); + +use strict; +use warnings; +use Digest::MD5 qw(md5_hex); +use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold catalog_status_calc); + +sub custom_status_output { + my ($self, %options) = @_; + + my $msg = sprintf( + 'state: %s [type: %s]', + $self->{result_values}->{state}, + $self->{result_values}->{type} + ); + return $msg; +} + +sub set_counters { + my ($self, %options) = @_; + + $self->{maps_counters_type} = [ + { name => 'global', type => 0 }, + { name => 'interface', type => 1, cb_prefix_output => 'prefix_interface_output', message_multiple => 'All interface are ok', skipped_code => { -10 => 1 } }, + ]; + + $self->{maps_counters}->{global} = [ + { label => 'total', nlabel => 'interfaces.total.count', display_ok => 0, set => { + key_values => [ { name => 'total' } ], + output_template => 'total interaces: %s', + perfdatas => [ + { value => 'total_absolute', template => '%s', min => 0 }, + ], + } + }, + ]; + + $self->{maps_counters}->{interface} = [ + { label => 'status', threshold => 0, set => { + key_values => [ { name => 'state' }, { name => 'type' }, { name => 'display' } ], + closure_custom_calc => \&catalog_status_calc, + closure_custom_output => $self->can('custom_status_output'), + closure_custom_perfdata => sub { return 0; }, + closure_custom_threshold_check => \&catalog_status_threshold, + } + }, + ]; +} + +sub prefix_interface_output { + my ($self, %options) = @_; + + return "interface '" . $options{instance_value}->{display} . "' "; +} + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options, force_new_perfdata => 1); + bless $self, $class; + + $options{options}->add_options(arguments => { + 'unknown-status:s' => { name => 'unknown_status', default => '' }, + 'warning-status:s' => { name => 'warning_status', default => '' }, + 'critical-status:s' => { name => 'critical_status', default => '%{state} ne "up"' }, + }); + + return $self; +} + +sub check_options { + my ($self, %options) = @_; + $self->SUPER::check_options(%options); + + $self->change_macros( + macros => [ + 'unknown_status', 'warning_status', 'critical_status' + ] + ); +} + +sub manage_selection { + my ($self, %options) = @_; + + my $result = $options{custom}->execute_command(command => 'show interface all', ForceArray => ['entry']); + + $self->{global} = { total => 0 }; + $self->{interface} = {}; + foreach (@{$result->{hw}->{entry}}) { + $self->{interface}->{$_->{name}} = { + display => $_->{name}, + type => $_->{type}, + state => $_->{state} + }; + $self->{global}->{total}++; + } +} + +1; + +__END__ + +=head1 MODE + +Check vpn. + +=over 8 + +=item B<--unknown-status> + +Set unknown threshold for status (Default: ''). +Can used special variables like: %{state}, %{type}, %{display} + +=item B<--warning-status> + +Set warning threshold for status (Default: ''). +Can used special variables like: %{state}, %{type}, %{display} + +=item B<--critical-status> + +Set critical threshold for status (Default: '%{state} ne "active"'). +Can used special variables like: %{state}, %{type}, %{display} + +=item B<--warning-*> B<--critical-*> + +Thresholds. +Can be: 'total'. + +=back + +=cut diff --git a/network/paloalto/ssh/mode/vpn.pm b/network/paloalto/ssh/mode/vpn.pm new file mode 100644 index 000000000..3f1baf7ce --- /dev/null +++ b/network/paloalto/ssh/mode/vpn.pm @@ -0,0 +1,152 @@ +# +# Copyright 2019 Centreon (http://www.centreon.com/) +# +# Centreon is a full-fledged industry-strength solution that meets +# the needs in IT infrastructure and application monitoring for +# service performance. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +package network::paloalto::ssh::mode::vpn; + +use base qw(centreon::plugins::templates::counter); + +use strict; +use warnings; +use Digest::MD5 qw(md5_hex); +use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold catalog_status_calc); + +sub custom_status_output { + my ($self, %options) = @_; + + my $msg = sprintf( + 'state: %s [type: %s]', + $self->{result_values}->{state}, + $self->{result_values}->{type} + ); + return $msg; +} + +sub set_counters { + my ($self, %options) = @_; + + $self->{maps_counters_type} = [ + { name => 'global', type => 0 }, + { name => 'vpn', type => 1, cb_prefix_output => 'prefix_vpn_output', message_multiple => 'All vpn are ok', skipped_code => { -10 => 1 } }, + ]; + + $self->{maps_counters}->{global} = [ + { label => 'total-ipsec', nlabel => 'vpn.total.ipsec.count', display_ok => 0, set => { + key_values => [ { name => 'total_ipsec' } ], + output_template => 'total ipsec vpn: %s', + perfdatas => [ + { value => 'total_ipsec_absolute', template => '%s', min => 0 }, + ], + } + }, + ]; + + $self->{maps_counters}->{vpn} = [ + { label => 'status', threshold => 0, set => { + key_values => [ { name => 'state' }, { name => 'type' }, { name => 'display' } ], + closure_custom_calc => \&catalog_status_calc, + closure_custom_output => $self->can('custom_status_output'), + closure_custom_perfdata => sub { return 0; }, + closure_custom_threshold_check => \&catalog_status_threshold, + } + }, + ]; +} + +sub prefix_vpn_output { + my ($self, %options) = @_; + + return "vpn '" . $options{instance_value}->{display} . "' "; +} + +sub new { + my ($class, %options) = @_; + my $self = $class->SUPER::new(package => __PACKAGE__, %options, force_new_perfdata => 1); + bless $self, $class; + + $options{options}->add_options(arguments => { + 'unknown-status:s' => { name => 'unknown_status', default => '' }, + 'warning-status:s' => { name => 'warning_status', default => '' }, + 'critical-status:s' => { name => 'critical_status', default => '%{state} ne "active"' }, + }); + + return $self; +} + +sub check_options { + my ($self, %options) = @_; + $self->SUPER::check_options(%options); + + $self->change_macros( + macros => [ + 'unknown_status', 'warning_status', 'critical_status' + ] + ); +} + +sub manage_selection { + my ($self, %options) = @_; + + my $result = $options{custom}->execute_command(command => 'show vpn flow', ForceArray => ['entry']); + + $self->{global} = { total_ipsec => 0 }; + $self->{vpn} = {}; + foreach (@{$result->{IPSec}->{entry}}) { + $self->{vpn}->{$_->{name}} = { + display => $_->{name}, + type => 'ipsec', + state => $_->{state} + }; + $self->{global}->{total_ipsec}++; + } +} + +1; + +__END__ + +=head1 MODE + +Check vpn. + +=over 8 + +=item B<--unknown-status> + +Set unknown threshold for status (Default: ''). +Can used special variables like: %{state}, %{type}, %{display} + +=item B<--warning-status> + +Set warning threshold for status (Default: ''). +Can used special variables like: %{state}, %{type}, %{display} + +=item B<--critical-status> + +Set critical threshold for status (Default: '%{state} ne "active"'). +Can used special variables like: %{state}, %{type}, %{display} + +=item B<--warning-*> B<--critical-*> + +Thresholds. +Can be: 'total-ipsec'. + +=back + +=cut diff --git a/network/paloalto/ssh/plugin.pm b/network/paloalto/ssh/plugin.pm index b11dbe558..64a244a6a 100644 --- a/network/paloalto/ssh/plugin.pm +++ b/network/paloalto/ssh/plugin.pm @@ -32,7 +32,10 @@ sub new { $self->{version} = '1.0'; %{$self->{modes}} = ( 'environment' => 'network::paloalto::ssh::mode::environment', + 'ha' => 'network::paloalto::ssh::mode::ha', + 'interfaces' => 'network::paloalto::ssh::mode::interfaces', 'system' => 'network::paloalto::ssh::mode::system', + 'vpn' => 'network::paloalto::ssh::mode::vpn', ); $self->{custom_modes}{ssh} = 'network::paloalto::ssh::custom::cli';