dsa-check-timedatectl: buster adaptions

[mirror/dsa-nagios.git] / dsa-nagios-checks / checks / dsa-check-timedatectl

diff --git a/dsa-nagios-checks/checks/dsa-check-timedatectl b/dsa-nagios-checks/checks/dsa-check-timedatectl
index 13956d2..bc97862 100755 (executable)
--- a/dsa-nagios-checks/checks/dsa-check-timedatectl
+++ b/dsa-nagios-checks/checks/dsa-check-timedatectl
@@ -26,36 +26,100 @@ set -e
 set -u
 
 MAX=2
+SYNSTATUSONLY="0"
 
-temp="$(mktemp)"
-trap "rm -f '$temp'" EXIT
+usage(){
+       ret=$1
 
-timedatectl > "$temp"
-ut=$(sed '/Universal time:/ { s/^[^:]*: *//; p}; d' "$temp")
-rtc=$(sed '/RTC time:/ { s/^[^:]*: *//; p}; d' "$temp")
+       cat <<EOF
+$0: usage:
+       $0 <options>
 
-uts=$(TZ=UTC date -d "$ut" +%s)
-rtcs=$(TZ=UTC date -d "$rtc" +%s)
+       Check NTP sync status (per timedatectl's output) and offset to RTC clock.
+       The latter is particularly interesting for VMs.
+
+       -o <secs>   Maximum offset to tolerate (Default: $MAX)
+       -s          Check sync status only, do not diff against RTC.
+EOF
 
-d=$((uts - rtcs))
+       exit $ret
+}
 
-if [ "$d" -lt "-$MAX" ] ||
-   [ "$d" -gt "$MAX" ]; then
-       echo "Warning: time desync $d: RTC vs. system time: $rtc vs. $ut"
-       exit 1
+while getopts o:sh opt ; do
+       case "$opt" in
+               o) MAX="$OPTARG" ;;
+               s) SYNSTATUSONLY="1";;
+               h) usage 0
+       esac
+done
+shift $(($OPTIND - 1))
+if [ "$#" -gt 0 ]; then
+       usage 1 >&2
 fi
 
 
-bool=$(sed '/\(NTP enabled\|Network time on\):/ { s/^[^:]*: *//; p}; d' "$temp")
-if [ "$bool" != "yes" ]; then
-       echo "Warning: NTP not enabled!"
-       exit 1
+temp="$(mktemp)"
+trap "rm -f '$temp'" EXIT
+
+systemdversion="$(timedatectl --version | head -n1 | awk '{print $2}')"
+if [ -z "$systemdversion" ]; then
+       echo "Unknown: Cannot get systemd version"
+       exit 3
+fi
+if [ "$systemdversion" -lt 241 ] ; then # before buster (Debian 10)
+       LC_ALL=C timedatectl > "$temp"
+       ut=$(sed '/Universal time:/ { s/^[^:]*: *//; p}; d' "$temp")
+       rtc=$(sed '/RTC time:/ { s/^[^:]*: *//; p}; d' "$temp")
+       ntpenabled=$(sed '/\(NTP enabled\|Network time on\|NTP service\):/ { s/^[^:]*: *//; p}; d' "$temp")
+       ntpsynced=$(sed '/\(NTP synchronized\|System clock synchronized\):/ { s/^[^:]*: *//; p}; d' "$temp")
+else
+       LC_ALL=C timedatectl show > "$temp"
+       ut=$(sed '/^TimeUSec=/ { s/^[^=]*=//; p}; d' "$temp")
+       rtc=$(sed '/^RTCTimeUSec=/ { s/^[^=]*=//; p}; d' "$temp")
+       ntpenabled=$(sed '/^NTP=/ { s/^[^=]*=//; p}; d' "$temp")
+       ntpsynced=$(sed '/^NTPSynchronized=/ { s/^[^=]*=//; p}; d' "$temp")
+       if [ "$ntpenabled" = "no" ]; then # in buster (Debian 10) ntpenabled no longer also considers the ntp service
+               ntp_status=$(systemctl is-enabled 'ntp.service' 2>/dev/null) && rc=$? || rc=$?
+               if [ "$rc" = 0 ] && [ "$ntp_status" = "enabled" ] ; then
+                       if systemctl --quiet is-active ntp.service; then
+                               ntpenabled=yes
+                       fi
+               fi
+       fi
+fi
+
+uts=$(TZ=UTC date -d "$ut" +%s)
+rtcs=$(TZ=UTC date -d "$rtc" +%s 2>/dev/null || echo "N/A")
+if [ "$rtcs" != "N/A" ]; then
+       delta=$((uts - rtcs))
 fi
 
-bool=$(sed '/NTP synchronized:/ { s/^[^:]*: *//; p}; d' "$temp")
-if [ "$bool" != "yes" ]; then
-       echo "Warning: not synced with NTP (but clock is OK for now)."
-       exit 1
+if [ "$SYNSTATUSONLY" -ge 1 ]; then
+       if [ "$ntpsynced" != "yes" ]; then
+               echo "Warning: not synced with NTP."
+               exit 1
+       fi
+else
+       if [ "$rtcs" = "N/A" ]; then
+               echo "Warning: Cannot parse RTC $rtc."
+               exit 1
+       fi
+
+       if [ "$delta" -lt "-$MAX" ] ||
+          [ "$delta" -gt "$MAX" ]; then
+               echo "Warning: time desync $delta: RTC vs. system time: $rtc vs. $ut"
+               exit 1
+       fi
+
+       if [ "$ntpenabled" != "yes" -a "$ntpenabled" != "active"  ]; then
+               echo "Warning: NTP not enabled!"
+               exit 1
+       fi
+
+       if [ "$ntpsynced" != "yes" ]; then
+               echo "Warning: not synced with NTP (but clock is OK for now)."
+               exit 1
+       fi
 fi
 
 echo "OK: synced at $ut."