-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcheck_sssd.rb
executable file
·116 lines (103 loc) · 3.43 KB
/
check_sssd.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#! /opt/puppetlabs/puppet/bin/ruby
require 'English'
STATES = {
0 => 'OK',
1 => 'WARNING',
2 => 'CRITICAL',
3 => 'UNKOWN'
}.freeze
SUDO = case Process.uid
when 0
''
else
'/bin/sudo '
end.freeze
def config_check
result = %x(#{SUDO} /sbin/sssctl config-check 2>&1)
raise result unless $CHILD_STATUS.success?
nil
rescue StandardError => e
puts "#{STATES[2]} - config-check of sssd failed\n#{e.message}"
exit 2
end
def domain_list
result = %x(#{SUDO} /sbin/sssctl domain-list 2>&1)
raise result unless $CHILD_STATUS.success?
result.lines.map(&:chomp)
rescue StandardError => e
puts "#{STATES[2]} - errors on collecting domain list from sssd\n#{e.message}"
exit 2
end
def domain_status(domain)
# Online status: Online
#
# Active servers:
# LDAP: prd-ds.pixelpark.com
#
# Discovered LDAP servers:
# - prd-ds.pixelpark.com
#
domain_status = %x(#{SUDO} /sbin/sssctl domain-status #{domain} 2>&1)
if $CHILD_STATUS.exitstatus == 1 && domain_status == "Unable to get online status\n"
return {
'Online status' => domain_status.chomp,
'Active servers' => [],
'Discovered LDAP servers' => []
}
end
raise domain_status unless $CHILD_STATUS.success?
domain_status.split(/\n\n/m).to_h do |block|
key, value = block.match(/^(?<key>[^:]+):\s*(?<value>.+)$/m).captures
[
key,
case key
when 'Active servers'
value.lines.map do |line|
line.chomp.match(/\A(?<type>[^:]+):\s+(?<server>.*)\z/).named_captures
end
when 'Discovered LDAP servers'
value.lines.map do |line|
line.chomp.gsub(/\A-\s+/, '')
end
else
value.strip
end
]
end
rescue StandardError => e
puts "#{STATES[2]} - errors on collecting domain status of '#{domain}'\nMessage: #{e.message}\nBacktrace: #{e.backtrace}"
exit 2
end
config_check
domain_status = domain_list.to_h do |domain|
[domain, domain_status(domain)]
end
offline_domains = domain_status.reject { |_domain, values| values['Online status'].casecmp?('Online') }
no_active_servers = domain_status.select { |_domain, values| values['Active servers'].empty? }
no_discovered_servers = domain_status.select { |_domain, values| values['Discovered LDAP servers'].empty? }
status, message = if offline_domains.length.positive?
[2, "domains offline: '#{offline_domains.keys.join('\', \'')}'"]
elsif no_active_servers.length.positive?
[1, "no active servers for domains: '#{no_active_servers.keys.join('\', \'')}'"]
elsif no_discovered_servers.length.positive?
[1, "no discovered servers for domains: '#{no_discovered_servers.keys.join('\', \'')}'"]
elsif domain_status.length.positive?
[0, "domains online: '#{domain_status.keys.join('\', \'')}'"]
else
[2, 'no domains configured']
end
output = [
STATES[status],
message
].join(' - ')
perfdata = [
"no_discovered_servers=#{no_active_servers.length};1;;0;",
"no_active_servers=#{no_active_servers.length};1;;0;",
"domains_offline=#{offline_domains.length};;1;0;",
"domains_online=#{domain_status.length};;;0;"
].join(' ')
puts "#{output} | #{perfdata}"
puts (domain_status.map do |domain, values|
"domain '#{domain}':\n\t#{values.map { |key, value| "#{key}: #{value}" }.join("\n\t")}"
end).join("\n\n")
exit status