X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=dsa-nagios-checks%2Fchecks%2Fdsa-check-zone-rrsig-expiration-many;h=05612861ebb15b928548a319315ed16b57175f70;hb=95d831f4e33bb416632f85de4e3eaa41cfa232fb;hp=8f7ac4771c8405612b1c602d03faa0e58b792d86;hpb=87983c60272f1a65e0fe42f9933e8984191cabb8;p=mirror%2Fdsa-nagios.git

diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
index 8f7ac47..0561286 100755
--- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
+++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 
-# Copyright (c) 2010 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2010,2012 Peter Palfrader <peter@palfrader.org>
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files (the
@@ -23,9 +23,13 @@
 
 use strict;
 use warnings;
+use threads;
+
 use English;
 use Getopt::Long;
 use FindBin qw($Bin);
+use YAML;
+use File::Basename;
 
 my $CHECK = $Bin.'/dsa-check-zone-rrsig-expiration';
 
@@ -57,35 +61,41 @@ sub convert_time {
 	return $ticks;
 }
 
-my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--warn=<nn>] [--critical=<nn>] <indir>\n";
-my $params = { 'warn' => '14d', 'critical' => '7d' };
+sub check_one {
+	$SIG{'KILL'} = sub { threads->exit(); };
+
+	my $zone = shift;
+	my $check = shift;
+	my $params = shift;
+
+	open(P, '-|', ($check, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n");
+	my @p = <P>;
+	close P;
+	$p[0] = $zone.': '. $p[0] if (scalar @p > 0);
+
+	my $res = $CHILD_ERROR >> 8;
+
+	return ($res, \@p);
+}
+
+my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--timeout=<nn>] [--warn=<nn>] [--critical=<nn>] [--geozonedir=<geodir>] <indir>\n";
+my $params = { 'timeout' => 30, 'warn' => '14d', 'critical' => '7d' };
 Getopt::Long::config('bundling');
 GetOptions (
 	'--help' => \$params->{'help'},
+	'--timeout=i' => \$params->{'timeout'},
 	'--warn=s' => \$params->{'warn'},
 	'--critical=s' => \$params->{'critical'},
+	'--geozonedir=s' => \$params->{'geozonedir'},
 ) or die ($USAGE);
 if ($params->{'help'}) {
-        print $USAGE;
-        exit(0);
+	print $USAGE;
+	exit(0);
 };
 die ($USAGE) unless (scalar @ARGV == 1);
 my $INDIR = shift;
 
 
-my @zones;
-chdir $INDIR or die "chdir $INDIR failed? $!\n";
-opendir INDIR, $INDIR or die ("Cannot opendir $INDIR\n");
-for my $file (readdir INDIR) {
-	next if ( -l "$file" );
-	next unless ( -f "$file" );
-	next if $file =~ /^(dsset|keyset)-/;
-
-	push @zones, $file;
-}
-closedir(INDIR);
-
-
 my $count =
 	{ 'ok' => [],
 	  'warn' => [],
@@ -94,32 +104,89 @@ my $count =
 	  'unsigned' => [],
 	};
 
-my @details;
 
-for my $zone (sort {$a cmp $b} @zones) {
+my @dnsseczones;
+# load list of classic zones that will do DNSSEC
+chdir $INDIR or die "chdir $INDIR failed? $!\n";
+opendir INDIR, '.' or die ("Cannot opendir $INDIR\n");
+for my $file (sort {$a cmp $b} (readdir INDIR)) {
+	next if ( -l "$file" );
+	next unless ( -f "$file" );
+	next if $file =~ /^(dsset|keyset)-/;
+
 	my $do_dnssec = 0;
-	open(F, '<', $zone) or die ("Cannot open $zone: $!\n");
+	open(F, '<', $file) or die ("Cannot open $file: $!\n");
 	for (<F>) {
-		if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; }
+		if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; last; }
 	};
 	close F;
 
-	unless ($do_dnssec) {
-		push @{$count->{'unsigned'}}, $zone;
-		next;
+	if ($do_dnssec) {
+		push @dnsseczones, $file;
+	} else {
+		push @{$count->{'unsigned'}}, $file;
 	};
+}
+closedir(INDIR);
 
+# load list of geodns zones that will do DNSSEC
+if (defined $params->{'geozonedir'}) {
+	chdir $params->{'geozonedir'} or die "chdir $params->{'geozonedir'} failed? $!\n";
+	opendir INDIR, '.' or die ("Cannot opendir $params->{'geozonedir'}\n");
+	for my $file (sort {$a cmp $b} (readdir INDIR)) {
+		next unless $file =~ /\.zone$/;
 
-	open(P, '-|', ($CHECK, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n");
-	push @details, <P>;
-	close P;
+		open (F, '<', $file) or die "Cannot open $file: $!\n";
+		my ($zc, undef, undef) = Load(join "", (<F>));
+		close F;
 
-	my $res = $CHILD_ERROR >> 8;
-	if ($res == 0) { push @{$count->{'ok'}}, $zone; }
-	elsif ($res == 1) { push @{$count->{'warn'}}, $zone; }
-	elsif ($res == 2) { push @{$count->{'critical'}}, $zone; }
-	else { push @{$count->{'unknown'}}, $zone; };
-};
+		my $zone = basename($file, '.zone');
+
+		if ($zc->{'dnssec'}) {
+			push @dnsseczones, $zone;
+		} else {
+			push @{$count->{'unsigned'}}, $zone;
+		};
+	}
+	closedir(INDIR);
+}
+
+my @details;
+
+my %threads;
+for my $zone (sort {$a cmp $b} @dnsseczones) {
+	die "Duplicate zone $zone?\n"  if defined $threads{$zone};
+	my $thr = threads->create({'context' => 'list'},
+	                          \&check_one, $zone, $CHECK, $params);
+	$threads{$zone} = $thr;
+}
+
+my $begin = time;
+while (time - $begin <= $params->{timeout}) {
+	for my $zone (sort {$a cmp $b} keys %threads) {
+		next unless $threads{$zone}->is_joinable();
+
+		my ($res, $det) = $threads{$zone}->join();
+
+		push @details, @$det;
+
+		if ($res == 0) { push @{$count->{'ok'}}, $zone; }
+		elsif ($res == 1) { push @{$count->{'warn'}}, $zone; }
+		elsif ($res == 2) { push @{$count->{'critical'}}, $zone; }
+		else { push @{$count->{'unknown'}}, $zone; };
+		delete $threads{$zone};
+	}
+	sleep(1);
+}
+for my $zone (sort {$a cmp $b} keys %threads) {
+	push @{$count->{'warn'}}, $zone;
+	push @details, "$zone: timeout during check\n";
+	$threads{$zone}->kill('KILL')->detach();
+}
+
+for my $k (keys %$count) {
+	@{$count->{$k}} = sort {$a cmp $b} @{$count->{$k}};
+}
 
 my $exit;
 my %state_mapping = (