[checkmk-commits] Check_MK Git: check_mk: #2473 FIX cisco_asa_failover: Reworked check to reflect expected primary/secondary states of devices

Module: check_mk Branch: master Commit: 5c8704dd30eb84c74e1b4240c14f59577c34d56e URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5c8704dd30eb84… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Wed Jul 22 10:20:03 2015 +0200 #2473 FIX cisco_asa_failover: Reworked check to reflect expected primary/secondary states of devices The check was keeping the current cluster/node states which the devices had during service discovery as reference state and checks whether or not this state remains and raises an error when the state changed. This has been changed now. The state during discovery is not relevant anymore. The check now looks at the primary/secondary devices and checks whether or not the primary device is the active one or the secondary has been promoted to be the active one. This should be clearer for users. --- .werks/2473 | 16 +++++++++++++ ChangeLog | 1 + checks/cisco_asa_failover | 58 ++++++++++++++++++++++----------------------- 3 files changed, 46 insertions(+), 29 deletions(-) diff --git a/.werks/2473 b/.werks/2473 new file mode 100644 index 0000000..9399f4d --- /dev/null +++ b/.werks/2473 @@ -0,0 +1,16 @@ +Title: cisco_asa_failover: Reworked check to reflect expected primary/secondary states of devices +Level: 1 +Component: checks +Compatible: compat +Version: 1.2.7i3 +Date: 1437553052 +Class: fix + +The check was keeping the current cluster/node states which the devices had during service +discovery as reference state and checks whether or not this state remains and raises an +error when the state changed. + +This has been changed now. The state during discovery is not relevant anymore. The check +now looks at the primary/secondary devices and checks whether or not the primary device +is the active one or the secondary has been promoted to be the active one. This should +be clearer for users. diff --git a/ChangeLog b/ChangeLog index 98b6d9f..df22540 100644 --- a/ChangeLog +++ b/ChangeLog @@ -67,6 +67,7 @@ * 2480 FIX: Fixed exception when configuring predictive levels for network interfaces * 2376 FIX: Fix parsing of performance data from MRPE based checks * 2377 FIX: cpu.loads: Fix output of reference for predition (was scaled wrongly by number of cores) + * 2473 FIX: cisco_asa_failover: Reworked check to reflect expected primary/secondary states of devices... Multisite: * 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions... diff --git a/checks/cisco_asa_failover b/checks/cisco_asa_failover index 9a4222e..8c16433 100644 --- a/checks/cisco_asa_failover +++ b/checks/cisco_asa_failover @@ -24,10 +24,6 @@ # to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, # Boston, MA 02110-1301 USA. - - - - # .1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.4 "Failover LAN Interface" # .1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.6 "Primary unit (this device)" # .1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.7 "Secondary unit" @@ -41,15 +37,12 @@ # [['Failover LAN Interface', '2', 'LAN_FO GigabitEthernet0/0.777'], ['Primary unit', '9', 'Active unit'], ['Secondary unit (this device)', '10', 'Standby unit']] def inventory_cisco_asa_failover(info): - for deviceentry in info[-2:]: if "this device" in deviceentry[0]: - # Return the Cluster role ID of the device. - return [ (None, int(info[1][1])) ] - + return [ (None, None) ] -def check_cisco_asa_failover(item, params, info): +def check_cisco_asa_failover(_no_item, _no_params, info): asa_state_names = { 1 : "other", 2 : "up", @@ -63,28 +56,35 @@ def check_cisco_asa_failover(item, params, info): 10 : "standby", } + for unit_type, (descr, device_state, state_txt), \ + (other_descr, other_device_state, other_state_txt) in [ ("primary", info[-2], info[-1]), + ("secondary", info[-1], info[-2]) ]: - for deviceentry in info[-2:]: - if "this device" in deviceentry[0]: - - msgtxt = "" - errtxt = "" - state = 3 + if "this device" in descr: + state, details = 0, None + device_state, other_device_state = int(device_state), int(other_device_state) - def_role = params - cur_role = saveint(info[1][1]) - - if def_role == cur_role: + if (unit_type == "primary" and device_state == 9) \ + or (unit_type == "secondary" and device_state == 10): state = 0 - elif cur_role not in asa_state_names.keys(): - state = 3 - errtxt = ", Unknown cluster status received" + elif device_state in [ 9, 10 ] and other_device_state in [ 9, 10 ]: + state = 1 + details = "The cluster is in failover state" + elif device_state == 4: + state = 2 + details = "The device reports an error state" + elif device_state == 9 and other_device_state == 4: + state = 1 + details = "The other device reports an error state" else: - state = 1 - errtxt = " expecting to be %s" % asa_state_names[def_role] + state = 1 + details = "Unhandled state \"%s\" reported" % asa_state_names.get(device_state, device_state) + + output = "Device is the %s" % state_txt + if details: + output += " (%s)" % details - msgtxt = "Device is the %s" % deviceentry[2] + errtxt + state * "!" - return (state, msgtxt) + return state, output check_info["cisco_asa_failover"] = { @@ -94,8 +94,8 @@ check_info["cisco_asa_failover"] = { "has_perfdata" : False, "snmp_scan_function" : lambda oid: oid(".1.3.6.1.2.1.1.1.0").lower().startswith("cisco adaptive security"), "snmp_info" : (".1.3.6.1.4.1.9.9.147.1.2.1.1.1", [ - "2", # The failover nic status - "3", # The primary unit info - "4", # The secondary unit info + "2", # CISCO-FIREWALL-MIB::cfwHardwareInformation + "3", # CISCO-FIREWALL-MIB::cfwHardwareStatusValue + "4", # CISCO-FIREWALL-MIB::cfwHardwareStatusDetail ]), }