dsa-check-zone-rrsig-expiration-many: run checks in parallel and properly timeout...

[mirror/dsa-nagios.git] / dsa-nagios-checks / checks / dsa-check-zone-rrsig-expiration-many

diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
index 8f7ac47..0561286 100755 (executable)
--- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
+++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 
-# Copyright (c) 2010 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2010,2012 Peter Palfrader <peter@palfrader.org>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -23,9 +23,13 @@
 
 use strict;
 use warnings;
+use threads;
+
 use English;
 use Getopt::Long;
 use FindBin qw($Bin);
+use YAML;
+use File::Basename;
 
 my $CHECK = $Bin.'/dsa-check-zone-rrsig-expiration';
 
@@ -57,35 +61,41 @@ sub convert_time {
        return $ticks;
 }
 
-my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--warn=<nn>] [--critical=<nn>] <indir>\n";
-my $params = { 'warn' => '14d', 'critical' => '7d' };
+sub check_one {
+       $SIG{'KILL'} = sub { threads->exit(); };
+
+       my $zone = shift;
+       my $check = shift;
+       my $params = shift;
+
+       open(P, '-|', ($check, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n");
+       my @p = <P>;
+       close P;
+       $p[0] = $zone.': '. $p[0] if (scalar @p > 0);
+
+       my $res = $CHILD_ERROR >> 8;
+
+       return ($res, \@p);
+}
+
+my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--timeout=<nn>] [--warn=<nn>] [--critical=<nn>] [--geozonedir=<geodir>] <indir>\n";
+my $params = { 'timeout' => 30, 'warn' => '14d', 'critical' => '7d' };
 Getopt::Long::config('bundling');
 GetOptions (
        '--help' => \$params->{'help'},
+       '--timeout=i' => \$params->{'timeout'},
        '--warn=s' => \$params->{'warn'},
        '--critical=s' => \$params->{'critical'},
+       '--geozonedir=s' => \$params->{'geozonedir'},
 ) or die ($USAGE);
 if ($params->{'help'}) {
-        print $USAGE;
-        exit(0);
+       print $USAGE;
+       exit(0);
 };
 die ($USAGE) unless (scalar @ARGV == 1);
 my $INDIR = shift;
 
 
-my @zones;
-chdir $INDIR or die "chdir $INDIR failed? $!\n";
-opendir INDIR, $INDIR or die ("Cannot opendir $INDIR\n");
-for my $file (readdir INDIR) {
-       next if ( -l "$file" );
-       next unless ( -f "$file" );
-       next if $file =~ /^(dsset|keyset)-/;
-
-       push @zones, $file;
-}
-closedir(INDIR);
-
-
 my $count =
        { 'ok' => [],
          'warn' => [],
@@ -94,32 +104,89 @@ my $count =
          'unsigned' => [],
        };
 
-my @details;
 
-for my $zone (sort {$a cmp $b} @zones) {
+my @dnsseczones;
+# load list of classic zones that will do DNSSEC
+chdir $INDIR or die "chdir $INDIR failed? $!\n";
+opendir INDIR, '.' or die ("Cannot opendir $INDIR\n");
+for my $file (sort {$a cmp $b} (readdir INDIR)) {
+       next if ( -l "$file" );
+       next unless ( -f "$file" );
+       next if $file =~ /^(dsset|keyset)-/;
+
        my $do_dnssec = 0;
-       open(F, '<', $zone) or die ("Cannot open $zone: $!\n");
+       open(F, '<', $file) or die ("Cannot open $file: $!\n");
        for (<F>) {
-               if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; }
+               if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; last; }
        };
        close F;
 
-       unless ($do_dnssec) {
-               push @{$count->{'unsigned'}}, $zone;
-               next;
+       if ($do_dnssec) {
+               push @dnsseczones, $file;
+       } else {
+               push @{$count->{'unsigned'}}, $file;
        };
+}
+closedir(INDIR);
 
+# load list of geodns zones that will do DNSSEC
+if (defined $params->{'geozonedir'}) {
+       chdir $params->{'geozonedir'} or die "chdir $params->{'geozonedir'} failed? $!\n";
+       opendir INDIR, '.' or die ("Cannot opendir $params->{'geozonedir'}\n");
+       for my $file (sort {$a cmp $b} (readdir INDIR)) {
+               next unless $file =~ /\.zone$/;
 
-       open(P, '-|', ($CHECK, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n");
-       push @details, <P>;
-       close P;
+               open (F, '<', $file) or die "Cannot open $file: $!\n";
+               my ($zc, undef, undef) = Load(join "", (<F>));
+               close F;
 
-       my $res = $CHILD_ERROR >> 8;
-       if ($res == 0) { push @{$count->{'ok'}}, $zone; }
-       elsif ($res == 1) { push @{$count->{'warn'}}, $zone; }
-       elsif ($res == 2) { push @{$count->{'critical'}}, $zone; }
-       else { push @{$count->{'unknown'}}, $zone; };
-};
+               my $zone = basename($file, '.zone');
+
+               if ($zc->{'dnssec'}) {
+                       push @dnsseczones, $zone;
+               } else {
+                       push @{$count->{'unsigned'}}, $zone;
+               };
+       }
+       closedir(INDIR);
+}
+
+my @details;
+
+my %threads;
+for my $zone (sort {$a cmp $b} @dnsseczones) {
+       die "Duplicate zone $zone?\n"  if defined $threads{$zone};
+       my $thr = threads->create({'context' => 'list'},
+                                 \&check_one, $zone, $CHECK, $params);
+       $threads{$zone} = $thr;
+}
+
+my $begin = time;
+while (time - $begin <= $params->{timeout}) {
+       for my $zone (sort {$a cmp $b} keys %threads) {
+               next unless $threads{$zone}->is_joinable();
+
+               my ($res, $det) = $threads{$zone}->join();
+
+               push @details, @$det;
+
+               if ($res == 0) { push @{$count->{'ok'}}, $zone; }
+               elsif ($res == 1) { push @{$count->{'warn'}}, $zone; }
+               elsif ($res == 2) { push @{$count->{'critical'}}, $zone; }
+               else { push @{$count->{'unknown'}}, $zone; };
+               delete $threads{$zone};
+       }
+       sleep(1);
+}
+for my $zone (sort {$a cmp $b} keys %threads) {
+       push @{$count->{'warn'}}, $zone;
+       push @details, "$zone: timeout during check\n";
+       $threads{$zone}->kill('KILL')->detach();
+}
+
+for my $k (keys %$count) {
+       @{$count->{$k}} = sort {$a cmp $b} @{$count->{$k}};
+}
 
 my $exit;
 my %state_mapping = (