ius/nagios/nagios-plugin-amanda-client: comparison check

equal deleted inserted replaced

-:7b9bad9c85e6
+:da08b2a30e06
 #----
 sub main {
-	GetOptions(
+GetOptions(
-		'h|help' => sub { pod2usage(-verbose => 1, -exit => 0) },
+'h|help' => sub { pod2usage(-verbose => 1, -exit => 0) },
-		'm|man'  => sub { pod2usage(-verbose => 2, -exit => 0) },
+'m|man'  => sub { pod2usage(-verbose => 2, -exit => 0) },
-	) or pod2usage;
+) or pod2usage;
+# test needs to be run as root:* or as backup:backup
-	# test needs to be run as root:* or as backup:backup
+my $USER  = 'backup';
-	my $USER = 'backup';
+my $CFDIR = '/etc/amanda';
-	my $CFDIR = '/etc/amanda';
+# change to backup if still root
-	# change to backup if still root
+su $USER if $> == 0;
-	su $USER if $> == 0;
+# amservice needs to be suid root, but executable
-	# amservice needs to be suid root, but executable
+# by the backup user/group
-	# by the backup user/group
+eval { check_perms find_tool('amservice'), 04750, 'root', $) }
-	eval { check_perms find_tool('amservice'), 04750, 'root', $) }
+or unknown $@;
-		or unknown $@;
+# find the backup sets we know about
-	# find the backup sets we know about
+# here we suppose that it's possible to find strings like
-	# here we suppose that it's possible to find strings like
+# 'conf "foo"' in files named 'amanda-client.conf' below /etc/amanda
-	# 'conf "foo"' in files named 'amanda-client.conf' below /etc/amanda
+my @confs = eval { config_names $CFDIR }
-	my @confs = eval { config_names $CFDIR }
+or unknown $@;
-		or unknown $@;
+eval { amchecks @confs } or critical $@;
-	eval { amchecks @confs } or critical $@;
+my @dles = eval { amlists @confs } or critical $@;
-	my @dles = eval { amlists @confs } or critical $@;
+ok @dles;
-	ok @dles;
+# never reached
-	# never reached
+return 0;
-	return 0;
 }
 # compare the file systems
 # get a list of file system
 sub get_devices {
-	open(my $fh, '/proc/filesystems');
+open(my $fh, '/proc/filesystems');
-	my @types = map { /^\s+(\S+)/ ? $1 : () } <$fh>;
+my @types = map { /^\s+(\S+)/ ? $1 : () } <$fh>;
-	my @df = (df => '-P', map { -t => $_ } @types);
+my @df = (df => '-P', map { -t => $_ } @types);
-	map { [$_, (stat)[0]] } map { (split ' ', $_)[5] } grep { /^\// } `@df`;
+map { [$_, (stat)[0]] } map { (split ' ', $_)[5] } grep { /^\// } `@df`;
 }
 sub su {
-	my $user = shift;
+my $user  = shift;
-	my $group = (getgrnam $user)[0];
+my $group = (getgrnam $user)[0];
-	my $uid = getpwnam $user;
+my $uid   = getpwnam $user;
-	my $gid = getgrnam $group;
+my $gid   = getgrnam $group;
-	my @groups;
+my @groups;
-	setgrent;
+setgrent;
-	my @rc;
+my @rc;
-	while (my @g = getgrent) {
+while (my @g = getgrent) {
-		 push @groups, $g[2] if $user ~~ [split ' ', $g[3]];
+push @groups, $g[2] if $user ~~ [split ' ', $g[3]];
-	}
+}
-	endgrent;
+endgrent;
-	$) = "@groups";
+$) = "@groups";
-	setgid $gid;
+setgid $gid;
-	setuid $uid;
+setuid $uid;
 }
 sub find_tool {
-	my $name = shift;
+my $name = shift;
-	my @rc = grep { -f -x } map { catfile $_, $name } split /:/, $ENV{PATH}
+my @rc = grep { -f -x } map { catfile $_, $name } split /:/, $ENV{PATH}
-		or die "Can't find `$name' in $ENV{PATH}\n";
+or die "Can't find `$name' in $ENV{PATH}\n";
-	$rc[0];
+$rc[0];
-};
+}
 sub check_perms {
-	my ($file, $mode, $owner, $group) = @_;
+my ($file, $mode, $owner, $group) = @_;
-	$owner = getpwuid $owner if $owner ~~ /^\d+$/;
+$owner = getpwuid $owner if $owner ~~ /^\d+$/;
-	$group = getgrgid +(split ' ', $group)[0]
+$group = getgrgid +(split ' ', $group)[0]
-		if $group ~~ /^[\d\s]+$/;
+if $group ~~ /^[\d\s]+$/;
-	stat $file or croak "Can't stat `$file': $!\n";
+stat $file or croak "Can't stat `$file': $!\n";
-	eval {
+eval {
-		my $f_owner = getpwuid +(stat _)[4] or die $!;
+my $f_owner = getpwuid +(stat _)[4] or die $!;
-		my $f_group = getgrgid +(stat _)[5] or die $!;
+my $f_group = getgrgid +(stat _)[5] or die $!;
-		my $f_mode = (stat _)[2] & 07777 or die $!;
+my $f_mode  = (stat _)[2] & 07777   or die $!;
-		my $msg = sprintf "need: 0%04o root:$group, got: 0%04o $f_owner:$f_group\n",
+my $msg =
-			$mode, $f_mode;
+sprintf "need: 0%04o root:$group, got: 0%04o $f_owner:$f_group\n",
+$mode, $f_mode;
-		die $msg unless $f_owner eq $owner;
-		die $msg unless $f_group eq $group;
+die $msg unless $f_owner eq $owner;
-		die $msg unless $f_mode == $mode;
+die $msg unless $f_group eq $group;
-	};
+die $msg unless $f_mode == $mode;
-	die "wrong permissions for `$file', $@" if $@;
+};
-	1;
+die "wrong permissions for `$file', $@" if $@;
-}
+1;
+}
 sub config_names {
-	my $dir = shift;
+my $dir     = shift;
-	my @configs = ();
+my @configs = ();
-	find(sub {
+find(
-		-f and /^amanda-client\.conf$/ or return;
+sub {
-		open(my $fh, '<', $_) or die "Can't open  $File::Find::name: $!\n";
+-f and /^amanda-client\.conf$/ or return;
-		push @configs, map { /^conf\s+"(.+?)"/ ? $1 : () } <$fh>;
+open(my $fh, '<', $_) or die "Can't open  $File::Find::name: $!\n";
-	}, $dir);
+push @configs, map { /^conf\s+"(.+?)"/ ? $1 : () } <$fh>;
+},
-	die "no configs found below $dir (amanda-client.conf needs need `conf \"foo\"' line)\n"
+$dir
-		if not @configs;
+);
-	return @configs;
-};
+die
+"no configs found below $dir (amanda-client.conf needs need `conf \"foo\"' line)\n"
+if not @configs;
+return @configs;
+}
 sub _amcheck {
-	#config: daily
-	#CHECKING
+#config: daily
-	#
+#CHECKING
-	#Amanda Backup Client Hosts Check
+#
-	#--------------------------------
+#Amanda Backup Client Hosts Check
-	#Client check: 1 host checked in 2.242 seconds.  0 problems found.
+#--------------------------------
-	#
+#Client check: 1 host checked in 2.242 seconds.  0 problems found.
-	#(brought to you by Amanda 3.3.1)
+#
-	#The check is finished
+#(brought to you by Amanda 3.3.1)
+#The check is finished
-	my $conf = shift;
-	my $_ = qx(amdump_client --config '$conf' check 2>&1);
+my $conf = shift;
-	/^config:\s+$conf\n
+my $_    = qx(amdump_client --config '$conf' check 2>&1);
+/^config:\s+$conf\n
 		 CHECKING\n
 		 .*\n
 		 Client.check:.1.host.checked.in.\d+\.\d+.seconds\.\s+0.problems.found\.\n
 		 .*\n
 		 The.check.is.finished$
 	/smx or die "unexpected output from check:\n$_";
 }
 sub amchecks {
-	my @errors = ();
+my @errors = ();
-	foreach my $conf (@_) {
+foreach my $conf (@_) {
-		eval { _amcheck $conf } or push @errors, $@;
+eval { _amcheck $conf } or push @errors, $@;
-	}
+}
-	die @errors if @errors;
+die @errors if @errors;
-	return 1;
+return 1;
 }
 sub _amlist {
-	# return a list of [ name, dev ] tupels.
-	# name: the name of the disk/device
+# return a list of [ name, dev ] tupels.
-	# dev:  the local device id (stat)[0]
+# name: the name of the disk/device
-	# iff the inum of $name != 2, it's not the top directory
+# dev:  the local device id (stat)[0]
-	# and we set the device id to -1, since $name does not stand for a whole
+# iff the inum of $name != 2, it's not the top directory
-	# device
+# and we set the device id to -1, since $name does not stand for a whole
-	my $conf = shift;
+# device
-	chomp((undef, my @dles) = qx(amdump_client --config '$conf' list));
+my $conf = shift;
-	return map { [$_, (stat $_)[1] == 2 ? (stat $_)[0] : -1 ] } @dles;
+chomp((undef, my @dles) = qx(amdump_client --config '$conf' list));
+return map { [$_, (stat $_)[1] == 2 ? (stat $_)[0] : -1] } @dles;
 }
 sub amlists {
-	my @confs = @_;
+my @confs      = @_;
-	my @candidates = get_devices;
+my @candidates = get_devices;
-	my %missing;
+my %missing;
-	foreach my $conf (@confs) {
+foreach my $conf (@confs) {
-		my @dles = _amlist $conf;
+my @dles = _amlist $conf;
-		foreach my $candidate (@candidates) {
+foreach my $candidate (@candidates) {
-			# we're satisfied if either the name of the device is in
-			# the disklist, or the device id is found
+# we're satisfied if either the name of the device is in
-			$candidate->[0] ~~ [ map { $_->[0] } @dles ] and next;
+# the disklist, or the device id is found
-			$candidate->[1] ~~ [ map { $_->[1] } @dles ] and next;
+$candidate->[0] ~~ [map { $_->[0] } @dles] and next;
-			push @{$missing{$conf}}, $candidate->[0];
+$candidate->[1] ~~ [map { $_->[1] } @dles] and next;
-		}
+push @{ $missing{$conf} }, $candidate->[0];
-	}
+}
-	die map { "$_ missing: " . join(', ' => @{$missing{$_}}) . "\n" } keys %missing
+}
-		if %missing;
+die map { "$_ missing: " . join(', ' => @{ $missing{$_} }) . "\n" }
-	return map { $_->[0] } @candidates;
+keys %missing
+if %missing;
+return map { $_->[0] } @candidates;
 }
 sub ok { say "$NAME OK\n", join "\n" => @_; exit 0 }
-sub warning { print "$NAME WARNING\n", join "\n" => @_; exit 1 }
+sub warning  { print "$NAME WARNING\n",  join "\n" => @_; exit 1 }
 sub critical { print "$NAME CRITICAL\n", join "\n" => @_; exit 2 }
-sub unknown { print "$NAME UNKNOWN\n", join "\n" => @_; exit 3 }
+sub unknown  { print "$NAME UNKNOWN\n",  join "\n" => @_; exit 3 }
 __END__
 =head1 NAME
 Show the man page of this tool.
 =back
+=head1 PREPARATIONS
+In order to make the check working, some preparations needs to be done.
+=head1 Client
+For each backup set you want to check: Create an
+F</etc/amanda/$set/amanda-client.conf>.
+config "foo"
+index-server    "amanda.example.com"    # used by restore
+tape-server	    "amanda.example.com"    # used by restore
+amdump-server   "amanda.example.com"    # used by amdump_client
+In addition, the F<amservice> binary has to be suid root and executable
+by the backup user. This requirement is checked automatically by the
+plugin.
+=head1 Server
+The server need to know about the amdumpd service. In the F<inetd.conf>
+you need to add "amdumpd" to the list of allowed services. And
+additionally in F<.amandahosts> the "backup" user of the client needs
+the permissions to run the "amdumpd" service.
+# inetd.conf
+amanda stream tcp nowait backup /usr/lib/amanda/amandad amandad -auth=bsdtcp amindexd amidxtaped amdumpd
+# .amandahosts
+client.example.com backup amdumpd
+client.example.com root amindexd amidxtaped
 =head1 AUTHOR
 Heiko Schlittermann L<hs@schlittermann.de>
 =head1 SOURCE

changeset 4	da08b2a30e06
parent 2	7b9bad9c85e6
child 5	52faa36ba7f8