check_es_system
check_es_system copied to clipboard
Napsty
Update check_es_system.sh
summing up all basic curl-commands in two command-variables makes it easier to apply global command-changes in one place, added the --noproxy switch to avoid additional authentication for proxy-access
Hi @tectumopticum
Sorry for the late response.
Could you please rebase the PR? thanks!
While you're at it you should maybe use the same method of stating options to curl i.e. curl --insecure --silent --user (instead of curl -k -s -u). The latter is practical on the command line, the former is better suited for scripts because you immediately see what it does/means.
Also the part starting at #275 is more or less identical to the stuff at #245 except for the line that adds authentication and checks related thereto. You could just collapse that and add a condition to run authlogic() and the checks (or not).
i.e. something along the lines of the below
BUT I am not even sure how $esstatus is obtained in the first place in order to evaluate condition if [[ -n $user ]] || [[ -n $(echo $esstatus | grep -i authentication) ]] ; then since $esstatus only set within that same function later. But that's already in the original code.
################################################################################
# Retrieve information from Elasticsearch
getstatus() {
esurl="${httpscheme}://${host}:${port}/_cluster/stats"
eshealthurl="${httpscheme}://${host}:${port}/_cluster/health"
curlcmd="curl --insecure --silent --max-time ${max_time} --noproxy ${host}"
if [[ -z "$user" ]]; then
# Without authentication
curl="$curlcmd"
elif [[ -n "$user" ]] || [[ -n "$(echo $esstatus | grep -i "authentication")" ]] ; then
# Authentication required
authlogic
curl="$curlcmd --basic --user ${user}:${pass}"
fi
esstatus="$($curl $esurl)"
esstatusrc=$?
if [[ $esstatusrc -eq 7 ]]; then
echo "ES SYSTEM CRITICAL - Failed to connect to ${host} port ${port}: Connection refused"
exit $STATE_CRITICAL
elif [[ $esstatusrc -eq 28 ]]; then
echo "ES SYSTEM CRITICAL - server did not respond within ${max_time} seconds"
exit $STATE_CRITICAL
elif [[ $esstatus =~ "503 Service Unavailable" ]]; then
echo "ES SYSTEM CRITICAL - Elasticsearch not available: ${host}:${port} return error 503"
exit $STATE_CRITICAL
elif [[ $esstatus =~ "Unknown resource" ]]; then
echo "ES SYSTEM CRITICAL - Elasticsearch not available: ${esstatus}"
exit $STATE_CRITICAL
elif [[ -n $(echo $esstatus | grep -i "unable to authenticate") ]]; then
echo "ES SYSTEM CRITICAL - Unable to authenticate user $user for REST request"
exit $STATE_CRITICAL
elif [[ -n $(echo $esstatus | grep -i "unauthorized") ]]; then
echo "ES SYSTEM CRITICAL - User $user is unauthorized"
exit $STATE_CRITICAL
elif ! [[ $esstatus =~ "cluster_name" ]]; then
echo "ES SYSTEM CRITICAL - Elasticsearch not available at this address ${host}:${port}"
exit $STATE_CRITICAL
fi
# Additionally get cluster health infos
if [ "$checktype" = status ]; then
eshealth=$($curl $eshealthurl)
if [[ -z "$eshealth" ]]; then
echo "ES SYSTEM CRITICAL - unable to get cluster health information"
exit $STATE_CRITICAL
fi
fi
# Catch empty reply from server (typically happens when ssl port used with http connection)
if [[ -z "$esstatus" ]] || [[ "$esstatus" = '' ]]; then
echo "ES SYSTEM UNKNOWN - Empty reply from server (verify ssl settings)"
exit $STATE_UNKNOWN
fi
}
Also, everything should be correctly quoted. And the commit should have a meaningful title.
Lastly, I'm not sure if --noproxy will not break existing setups. Maybe introduce an option for this?
