Module: check_mk
Branch: master
Commit: 5c8704dd30eb84c74e1b4240c14f59577c34d56e
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=5c8704dd30eb84…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Jul 22 10:20:03 2015 +0200
#2473 FIX cisco_asa_failover: Reworked check to reflect expected primary/secondary states
of devices
The check was keeping the current cluster/node states which the devices had during
service
discovery as reference state and checks whether or not this state remains and raises an
error when the state changed.
This has been changed now. The state during discovery is not relevant anymore. The check
now looks at the primary/secondary devices and checks whether or not the primary device
is the active one or the secondary has been promoted to be the active one. This should
be clearer for users.
---
.werks/2473 | 16 +++++++++++++
ChangeLog | 1 +
checks/cisco_asa_failover | 58 ++++++++++++++++++++++-----------------------
3 files changed, 46 insertions(+), 29 deletions(-)
diff --git a/.werks/2473 b/.werks/2473
new file mode 100644
index 0000000..9399f4d
--- /dev/null
+++ b/.werks/2473
@@ -0,0 +1,16 @@
+Title: cisco_asa_failover: Reworked check to reflect expected primary/secondary states of
devices
+Level: 1
+Component: checks
+Compatible: compat
+Version: 1.2.7i3
+Date: 1437553052
+Class: fix
+
+The check was keeping the current cluster/node states which the devices had during
service
+discovery as reference state and checks whether or not this state remains and raises an
+error when the state changed.
+
+This has been changed now. The state during discovery is not relevant anymore. The check
+now looks at the primary/secondary devices and checks whether or not the primary device
+is the active one or the secondary has been promoted to be the active one. This should
+be clearer for users.
diff --git a/ChangeLog b/ChangeLog
index 98b6d9f..df22540 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -67,6 +67,7 @@
* 2480 FIX: Fixed exception when configuring predictive levels for network
interfaces
* 2376 FIX: Fix parsing of performance data from MRPE based checks
* 2377 FIX: cpu.loads: Fix output of reference for predition (was scaled wrongly by
number of cores)
+ * 2473 FIX: cisco_asa_failover: Reworked check to reflect expected primary/secondary
states of devices...
Multisite:
* 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce
unhandled exceptions...
diff --git a/checks/cisco_asa_failover b/checks/cisco_asa_failover
index 9a4222e..8c16433 100644
--- a/checks/cisco_asa_failover
+++ b/checks/cisco_asa_failover
@@ -24,10 +24,6 @@
# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor,
# Boston, MA 02110-1301 USA.
-
-
-
-
# .1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.4 "Failover LAN Interface"
# .1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.6 "Primary unit (this device)"
# .1.3.6.1.4.1.9.9.147.1.2.1.1.1.2.7 "Secondary unit"
@@ -41,15 +37,12 @@
# [['Failover LAN Interface', '2', 'LAN_FO
GigabitEthernet0/0.777'], ['Primary unit', '9', 'Active
unit'], ['Secondary unit (this device)', '10', 'Standby
unit']]
def inventory_cisco_asa_failover(info):
-
for deviceentry in info[-2:]:
if "this device" in deviceentry[0]:
- # Return the Cluster role ID of the device.
- return [ (None, int(info[1][1])) ]
-
+ return [ (None, None) ]
-def check_cisco_asa_failover(item, params, info):
+def check_cisco_asa_failover(_no_item, _no_params, info):
asa_state_names = {
1 : "other",
2 : "up",
@@ -63,28 +56,35 @@ def check_cisco_asa_failover(item, params, info):
10 : "standby",
}
+ for unit_type, (descr, device_state, state_txt), \
+ (other_descr, other_device_state, other_state_txt) in [ ("primary",
info[-2], info[-1]),
+ ("secondary",
info[-1], info[-2]) ]:
- for deviceentry in info[-2:]:
- if "this device" in deviceentry[0]:
-
- msgtxt = ""
- errtxt = ""
- state = 3
+ if "this device" in descr:
+ state, details = 0, None
+ device_state, other_device_state = int(device_state),
int(other_device_state)
- def_role = params
- cur_role = saveint(info[1][1])
-
- if def_role == cur_role:
+ if (unit_type == "primary" and device_state == 9) \
+ or (unit_type == "secondary" and device_state == 10):
state = 0
- elif cur_role not in asa_state_names.keys():
- state = 3
- errtxt = ", Unknown cluster status received"
+ elif device_state in [ 9, 10 ] and other_device_state in [ 9, 10 ]:
+ state = 1
+ details = "The cluster is in failover state"
+ elif device_state == 4:
+ state = 2
+ details = "The device reports an error state"
+ elif device_state == 9 and other_device_state == 4:
+ state = 1
+ details = "The other device reports an error state"
else:
- state = 1
- errtxt = " expecting to be %s" % asa_state_names[def_role]
+ state = 1
+ details = "Unhandled state \"%s\" reported" %
asa_state_names.get(device_state, device_state)
+
+ output = "Device is the %s" % state_txt
+ if details:
+ output += " (%s)" % details
- msgtxt = "Device is the %s" % deviceentry[2] + errtxt + state *
"!"
- return (state, msgtxt)
+ return state, output
check_info["cisco_asa_failover"] = {
@@ -94,8 +94,8 @@ check_info["cisco_asa_failover"] = {
"has_perfdata" : False,
"snmp_scan_function" : lambda oid:
oid(".1.3.6.1.2.1.1.1.0").lower().startswith("cisco adaptive
security"),
"snmp_info" : (".1.3.6.1.4.1.9.9.147.1.2.1.1.1", [
- "2", # The failover nic status
- "3", # The primary unit info
- "4", # The secondary unit info
+ "2", # CISCO-FIREWALL-MIB::cfwHardwareInformation
+ "3", # CISCO-FIREWALL-MIB::cfwHardwareStatusValue
+ "4", # CISCO-FIREWALL-MIB::cfwHardwareStatusDetail
]),
}