ius/nagios/nagios-plugin-ldap-repl: comparison check_ldap

equal deleted inserted replaced

-:5d59fd79e7f4
+:7202e55a0713
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 #    Matthias Förste <foerste@schlittermann.de>
+=encoding utf8
+=cut
 use strict;
 use warnings;
 # required? https://rt.cpan.org/Public/Bug/Display.html?id=95875
 my $ME      = basename $0;
 my $NAME    = "LDAPREPL";
 my $VERSION = "0.3.3";
 my $defaults = {
-'init|i!'       => 0,
+'attribute|a=s' => 'description',
-'delete|d!'     => 0,
+'dn|d=s'        => undef,
-'refresh|r!'    => 1,
-'dn=s'          => undef,
 'binddn|D=s'    => undef,
 'password=s'    => undef,
-'wait|w=i'      => 1,
 'config=s'      => '/etc/nagios/ius/plugins/config/check_ldap_repl.cfg',
 'provider|p=s'  => 'ldap://provider:389',
 'consumer|c=s@' => 'ldap://consumer:389',
+'wait|w=i'      => 1,
 'help|h!'       => sub { pod2usage(-verbose => 1, -exitval => $ERRORS{OK}) },
 'man|m!'        => sub { pod2usage(-verbose => 2, -exitval => $ERRORS{OK}) },
 'version|V!'    => sub { version($ME, $VERSION); exit $ERRORS{OK}; }
 };
-my $attr = 'description';
 sub critical { print STDERR "$NAME CRITICAL: ", @_; exit $ERRORS{CRITICAL}; }
 $SIG{__DIE__} = sub { print STDERR "$NAME UNKNOWN: ", @_; exit $ERRORS{UNKNOWN}; };
 sub stamp {
-my ($u, $dn) = @_;
+my ($u, $dn, $attr) = @_;
 my $l = ref $u eq 'Net::LDAP' ? $u : Net::LDAP->new($u, onerror => 'die') or die "$@";
 my $r = $l->search(base => $dn, scope => 'base', filter => '(objectClass=*)');
 die "unexpected result count: ", $r->count unless $r->count == 1;
 my @v = $r->entry(0)->get_value($attr);
 my %o = $c->varlist('.');
 my $t = time();
 my $p = Net::LDAP->new($o{provider}, onerror => 'die' ) or die $@;
 $p->bind($o{binddn}, password => $o{password});
-$p->modify($o{dn}, replace => { $attr => $t });
+$p->modify($o{dn}, replace => { $o{attribute} => $t });
-my $tp = stamp($p, $o{dn});
+my $tp = stamp($p, $o{dn}, $o{attribute});
-if ($o{refresh}) {
+die "Provider update failed for unknown reason\n" unless $tp == $t;
-die "Provider update failed for unknown reason\n" unless $tp == $t;
+sleep $o{wait};
-sleep $o{wait};
+for (@{$o{consumer}}) { critical "'$_' out of sync\n" unless $tp == stamp($_, $o{dn}, $o{attribute}); }
-}
-for (@{$o{consumer}}) { critical "'$_' out of sync\n" unless $tp == stamp($_, $o{dn}); }
 print "$NAME OK: servers are in sync\n";
 exit $ERRORS{OK};
 }
 __END__
+=pod
 =head1 NAME
-check_ldap_repl - nagios/icinga plugin to check correctly working of ldap replication.
+check_ldap_repl - nagios/icinga plugin to check ldap replication. This works by
+updating an entry on the provider and checking whether the update is replicated
+by querying the consumers for the updated entry after a short waiting period.
 =head1 SYNOPSIS
-check_ldap_repl [-c|--cn string]
+check_ldap_repl [-d|--dn string]
-[-b|--binddn string]
+[-D|--binddn string]
-[-p|--password string]
+[--password string]
-[-f|--file string]
+[--config string]
-[-M|--master string]
+[-p|--provider string]
-[-S|--slave string]
+[-c|--consumer string]
 [-w|--wait integer]
 [-h|--help]
 [-m|--man]
 [-V|--version]
 =head1 OPTIONS
 =over
-=item B<-c>|B<--cn> I<string>
+=item B<-a>|B<--attribute> I<string>
-cn for the initialized object. See also the B<--init> option. (default: replcheck)
+Attribute of the entry that will be updated and checked for replication. (default: description)
+=item B<-d>|B<--dn> I<string>
+DN of the entry whose attribute will be updated and checked for replication.
 =item B<-b>|B<--binddn> I<string>
-DN to bind to ldap master server.
+DN to use when binding to provider for update.
-=item B<-p>|B<--password> I<string>
+=item B<--password> I<string>
-Password for binddn to ldap master server. B<PASSWORD IS SHOWN IN PROCESSES, USE CONFIG FILE!>
+Password to use when binding to provider for update. B<PASSWORD IS SHOWN IN PROCESSES, USE CONFIG FILE!>
-=item B<-M>|B<--master> I<string>
+=item B<-p>|B<--provider> I<string>
-LDAP master server (provider) (default: ldap://ldap-master:389/)
+provider uri (default: ldap://provider:389/)
-=item B<-S>|B<--slave> I<string>
+=item B<-S>|B<--consumer> I<string>
-LDAP slave server (consumer), multiple slaves can be specified as a comma-separate list (default: ldap://ldap-slave:389/)
+consumer uri. Multiple consumers can be specified as a comma separated list (see below). (default: ldap://ldap-consumer:389/)
-=item B<-f>|B<--file> I<string>
+=item B<--config> I<string>
-Config file with B<binddn> and B<password>. Verify the file B<owner>/B<group> and B<permissions>, B<(0400)> is a good choice!
+Path to configuration file. Use this to store the binddn and its password.
-You can also set B<master,slave> and B<cn> options. (default: /etc/nagios/ius/plugins/config/check_ldap_repl.cfg)
+Verify the ownership and B<permissions>, B<(0400)> is a good choice! (default:
+/etc/nagios/ius/plugins/config/check_ldap_repl.cfg)
-[bind]
-dn = cn=admin,dc=local,dc=site
+Example:
+binddn = cn=admin,dc=local,dc=site
 password = secret
+provider = ldap://provider:389/
-[master]
+consumer = ldap://consumer-01:389/,ldap://consumer-02:389/,...
-server = ldap://ldap-master:389/
+dn = cn=replcheck
+wait = 2
-[slave]
-server = ldap://ldap-slave01:389/,ldap://ldap-slave02:389/,...
-[object]
-cn = replcheck
 =item B<-w>|B<--wait> I<integer>
-Wait I<n> seconds before check the slave servers. (default: 1)
+Wait I<n> seconds before checking the consumer servers. (default: 1)
 =item B<-h>|B<--help>
 Print detailed help screen.
 This plugin checks if the ldap replication works correctly.
 =head1 VERSION
-This man page is current for version 0.3.2 of B<check_ldap_repl>.
+This man page is current for version 0.3.3 of B<check_ldap_repl>.
 =head1 AUTHOR
 Written by Christian Arnold L<arnold@schlittermann.de>. Modified by Matthias Förste L<foerste@schlittermann.de>.

changeset 12	7202e55a0713
parent 11	5d59fd79e7f4
child 13	ce6d09692989