def main():
nova = get_openstack_client('compute')
iptables_exist = False
bridge_sysctl = False
bridge_params = ["bridge-nf-call-arptables",
"bridge-nf-call-ip6tables",
"bridge-nf-call-iptables"]
bridge_param_metrics = {}
# Check for active instances on the host. If none are found, simply
# force the check to pass.
#
# A power_state of 1 means the instance is 'running'
try:
instances = [i for i in nova.servers(host=args.host)
if i.power_state == 1 and
i.vm_state == 'active']
except Exception as e:
status("error", str(e), force_print=False)
else:
if len(instances) > 0:
instances_running = True
else:
instances_running = False
# No instances are active so force the metrics to pass
if instances_running is False:
iptables_exist = True
bridge_sysctl = True
for param in bridge_params:
bridge_param_metrics[param] = "1"
else:
try:
bridge_sysctl = True
for param in bridge_params:
bridge_param_metrics[param] = str(
subprocess.check_output(
['cat', '/proc/sys/net/bridge/' + param])
).rstrip('\n')
if bridge_param_metrics[param] != "1":
bridge_sysctl = False
except Exception as e:
status('error', str(e), force_print=False)
# Check if iptables rules are in place
iptables_rules = ''
try:
iptables_rules = str(subprocess.check_output(
['iptables-save'])).split('\n')
except Exception as e:
status('error', str(e), force_print=False)
for rule in iptables_rules:
if "DROP" in rule:
iptables_exist = True
if bridge_sysctl is True and iptables_exist is True:
metric_bool('iptables_status', True, m_name='iptables_active')
status_ok(m_name='iptables_active')
else:
metric_bool('iptables_status', False, m_name='iptables_active')
metric('bridge-nf-call-arptables', 'int64',
bridge_param_metrics.get('bridge-nf-call-arptables', 0))
metric('bridge-nf-call-iptables', 'int64',
bridge_param_metrics.get('bridge-nf-call-iptables', 0))
metric('bridge-nf-call-ip6tables', 'int64',
bridge_param_metrics.get('bridge-nf-call-ip6tables', 0))
def main():
nova = get_openstack_client('compute')
iptables_exist = False
bridge_sysctl = False
bridge_params = [
"bridge-nf-call-arptables", "bridge-nf-call-ip6tables",
"bridge-nf-call-iptables"
]
bridge_param_metrics = {}
# Check for active instances on the host. If none are found, simply
# force the check to pass.
#
# A power_state of 1 means the instance is 'running'
try:
instances = [
i for i in nova.servers(host=args.host)
if i.power_state == 1 and i.vm_state == 'active'
]
except Exception as e:
status("error", str(e), force_print=False)
else:
if len(instances) > 0:
instances_running = True
else:
instances_running = False
# No instances are active so force the metrics to pass
if instances_running is False:
iptables_exist = True
bridge_sysctl = True
for param in bridge_params:
bridge_param_metrics[param] = "1"
else:
try:
bridge_sysctl = True
for param in bridge_params:
bridge_param_metrics[param] = str(
subprocess.check_output(
['cat',
'/proc/sys/net/bridge/' + param])).rstrip('\n')
if bridge_param_metrics[param] != "1":
bridge_sysctl = False
except Exception as e:
status('error', str(e), force_print=False)
# Check if iptables rules are in place
iptables_rules = ''
try:
iptables_rules = str(subprocess.check_output(['iptables-save'
])).split('\n')
except Exception as e:
status('error', str(e), force_print=False)
for rule in iptables_rules:
if "DROP" in rule:
iptables_exist = True
if bridge_sysctl is True and iptables_exist is True:
metric_bool('iptables_status', True, m_name='iptables_active')
status_ok(m_name='iptables_active')
else:
metric_bool('iptables_status', False, m_name='iptables_active')
metric('bridge-nf-call-arptables', 'int64',
bridge_param_metrics.get('bridge-nf-call-arptables', 0))
metric('bridge-nf-call-iptables', 'int64',
bridge_param_metrics.get('bridge-nf-call-iptables', 0))
metric('bridge-nf-call-ip6tables', 'int64',
bridge_param_metrics.get('bridge-nf-call-ip6tables', 0))
def main():
iptables_exist = False
bridge_params = [
"bridge-nf-call-arptables", "bridge-nf-call-ip6tables",
"bridge-nf-call-iptables"
]
bridge_sysctl = False
bridge_param_metrics = {}
# Check if there are instances on this host. If not, we don't care and
# just pass the check
try:
instances = subprocess.check_output(["virsh", "list"]).split('\n')
except Exception as e:
status("error", str(e), force_print=False)
instancesRunning = False
for instance in instances:
if "running" in instance:
instancesRunning = True
# No instances running, force a successful check run
if instancesRunning is False:
iptables_exist = True
bridge_sysctl = True
for param in bridge_params:
bridge_param_metrics[param] = "1"
# There are instances on this host. Verify appropriate sysctl settings and
# iptables rules
else:
try:
bridge_sysctl = True
for param in bridge_params:
bridge_param_metrics[param] = str(
subprocess.check_output(
['cat', '/proc/sys/net/bridge/' + param])).rstrip('\n')
if bridge_param_metrics[param] != "1":
bridge_sysctl = False
except Exception as e:
status('error', str(e), force_print=False)
# Check that iptables rules are in place
iptables_rules = ''
try:
iptables_rules = str(subprocess.check_output(['iptables-save'
])).split('\n')
except Exception as e:
status('error', str(e), force_print=False)
iptables_exist = False
for rule in iptables_rules:
if "DROP" in rule:
iptables_exist = True
if bridge_sysctl is True and iptables_exist is True:
metric_bool('iptables_status', True, m_name='iptables_active')
status_ok(m_name='iptables_active')
else:
metric_bool('iptables_status', False, m_name='iptables_active')
metric('bridge-nf-call-arptables', 'int64',
bridge_param_metrics.get('bridge-nf-call-arptables', 0))
metric('bridge-nf-call-iptables', 'int64',
bridge_param_metrics.get('bridge-nf-call-iptables', 0))
metric('bridge-nf-call-ip6tables', 'int64',
bridge_param_metrics.get('bridge-nf-call-ip6tables', 0))