check_phpfpm_status: Update to 1.1

This commit is contained in:
Jan Wagner 2016-12-23 23:56:11 +01:00
parent aee28d7a4f
commit f5da8826e2
2 changed files with 349 additions and 116 deletions

View file

@ -1,37 +1,35 @@
#!/usr/bin/perl -w #!/usr/bin/env perl
# check_phpfpm_status.pl # check_phpfpm_status.pl
# Version : 0.11 # Version : 1.1
# Author : regis.leroy at makina-corpus.com # Author : regis.leroy at makina-corpus.com
# based on previous apache status work by Dennis D. Spreen (dennis at spreendigital.de) # based on previous apache status work by Dennis D. Spreen (dennis at spreendigital.de)
# Based on check_apachestatus.pl v1.4 by # Based on check_apachestatus.pl v1.4 by
# De Bodt Lieven (Lieven.DeBodt at gmail.com) # De Bodt Lieven (Lieven.DeBodt at gmail.com)
# Karsten Behrens (karsten at behrens dot in) # Karsten Behrens (karsten at behrens dot in)
# Geoff McQueen (geoff.mcqueen at hiivesystems dot com ) # Geoff McQueen (geoff.mcqueen at hiivesystems dot com )
# Dave Steinberg (dave at redterror dot net) # Dave Steinberg (dave at redterror dot net)
# Licence : GPL - http://www.fsf.org/licenses/gpl.txt # Licence : GNU GPL v3 - http://www.fsf.org/licenses/gpl.txt
# #
# help : ./check_phpfpm_status.pl -h # help : ./check_phpfpm_status.pl -h
# #
# issues & updates: http://github.com/regilero/check_phpfpm_status # issues & updates: http://github.com/regilero/check_phpfpm_status
use strict; use strict;
use warnings;
use Getopt::Long; use Getopt::Long;
use LWP::UserAgent;
use Time::HiRes qw(gettimeofday tv_interval); use Time::HiRes qw(gettimeofday tv_interval);
use Digest::MD5 qw(md5 md5_hex); use Digest::MD5 qw(md5 md5_hex);
# ---------------------------------------------------------------------------
package main;
# Nagios specific # ensure all outputs are in UTF-8
# Update Nagios Plugin path according to your platform/installation binmode(STDOUT, ":utf8");
use lib "/usr/local/nagios/libexec";
use lib "/usr/local/icinga/libexec";
use lib "/usr/lib/nagios/plugins";
use utils qw($TIMEOUT);
# Globals # Globals
my $Version='0.10'; my $Version='1.1';
my $Name=$0; my $Name=$0;
my $o_host = undef; # hostname my $o_host = undef; # hostname
my $o_help= undef; # want some help ? my $o_help= undef; # want some help ?
my $o_port= undef; # port my $o_port= undef; # port
my $o_url = undef; # url to use, if not the default my $o_url = undef; # url to use, if not the default
@ -49,9 +47,11 @@ my $o_timeout= 15; # Default 15s Timeout
my $o_warn_thresold=undef; # warning thresolds entry my $o_warn_thresold=undef; # warning thresolds entry
my $o_crit_thresold=undef; # critical thresolds entry my $o_crit_thresold=undef; # critical thresolds entry
my $o_debug= undef; # debug mode my $o_debug= undef; # debug mode
my $o_fastcgi= undef; # direct fastcgi mode (without an http->fastcgi proxy)
my $o_servername= undef; # ServerName (host header in http request) my $o_servername= undef; # ServerName (host header in http request)
my $o_https= undef; # SSL (HTTPS) mode my $o_https= undef; # SSL (HTTPS) mode
my $o_verify_hostname= 0; # SSL Hostname verification, False by default my $o_verify_ssl= 0; # SSL verification, False by default
my $o_cacert_file= undef; # Path to cacert.pem file
my $TempPath = '/tmp/'; # temp path my $TempPath = '/tmp/'; # temp path
my $MaxUptimeDif = 60*30; # Maximum uptime difference (seconds), default 30 minutes my $MaxUptimeDif = 60*30; # Maximum uptime difference (seconds), default 30 minutes
@ -62,7 +62,7 @@ my $phpfpm = 'PHP-FPM'; # Could be used to store version also
sub show_versioninfo { print "$Name version : $Version\n"; } sub show_versioninfo { print "$Name version : $Version\n"; }
sub print_usage { sub print_usage {
print "Usage: $Name -H <host ip> [-p <port>] [-s servername] [-t <timeout>] [-w <WARN_THRESOLD> -c <CRIT_THRESOLD>] [-V] [-d] [-u <url>] [-U user -P pass -r realm]\n"; print "Usage: $Name -H <host ip> [-p <port>] [-s servername] [-t <timeout>] [-w <WARN_THRESOLD> -c <CRIT_THRESOLD>] [-V] [-d] [-f] [-u <url>] [-U user -P pass -r realm]\n";
} }
sub nagios_exit { sub nagios_exit {
my ( $nickname, $status, $message, $perfdata , $silent) = @_; my ( $nickname, $status, $message, $perfdata , $silent) = @_;
@ -100,13 +100,13 @@ sub help {
-H, --hostname=HOST -H, --hostname=HOST
name or IP address of host to check name or IP address of host to check
-p, --port=PORT -p, --port=PORT
Http port Http port, or Fastcgi port when using --fastcgi
-u, --url=URL -u, --url=URL
Specific URL (only the path part of it in fact) to use, instead of the default "/fpm-status" Specific URL (only the path part of it in fact) to use, instead of the default "/fpm-status"
-s, --servername=SERVERNAME -s, --servername=SERVERNAME
ServerName, (host header of HTTP request) use it if you specified an IP in -H to match the good Virtualhost in your target ServerName, (host header of HTTP request) use it if you specified an IP in -H to match the good Virtualhost in your target
-S, --ssl -f, --fastcgi
Wether we should use HTTPS instead of HTTP Connect directly to php-fpm via network or local socket, using fastcgi protocol instead of HTTP.
-U, --user=user -U, --user=user
Username for basic auth Username for basic auth
-P, --pass=PASS -P, --pass=PASS
@ -117,6 +117,15 @@ sub help {
Debug mode (show http request response) Debug mode (show http request response)
-t, --timeout=INTEGER -t, --timeout=INTEGER
timeout in seconds (Default: $o_timeout) timeout in seconds (Default: $o_timeout)
-S, --ssl
Wether we should use HTTPS instead of HTTP. Note that you can give some extra parameters to this settings. Default value is 'TLSv1'
but you could use things like 'TLSv1_1' or 'TLSV1_2' (or even 'SSLv23:!SSLv2:!SSLv3' for old stuff).
-x, --verifyssl, --verifyhostname
verify certificate and hostname from ssl cert, default is 0 (no security), set it to 1 to really make SSL peer name and certificater checks.
'verifyhostname' is the old deprecated name of this option.
-X, --cacert
Full path to the cacert.pem certificate authority used to verify ssl certificates (use with --verifyssl).
if not given the cacert from Mozilla::CA cpan plugin will be used.
-w, --warn=MIN_AVAILABLE_PROCESSES,PROC_MAX_REACHED,QUEUE_MAX_REACHED -w, --warn=MIN_AVAILABLE_PROCESSES,PROC_MAX_REACHED,QUEUE_MAX_REACHED
number of available workers, or max states reached that will cause a warning number of available workers, or max states reached that will cause a warning
-1 for no warning -1 for no warning
@ -125,90 +134,122 @@ sub help {
-1 for no CRITICAL -1 for no CRITICAL
-V, --version -V, --version
prints version number prints version number
-x, --verifyhostname
verify hostname from ssl cert, set it to 0 to ignore bad hostname from cert
Note : Note :
3 items can be managed on this check, this is why -w and -c parameters are using 3 values thresolds 3 items can be managed on this check, this is why -w and -c parameters are using 3 values thresolds
- MIN_AVAILABLE_PROCESSES: Working with the number of available (Idle) and working process (Busy). - MIN_AVAILABLE_PROCESSES: Working with the number of available (Idle) and working process (Busy).
Generating WARNING and CRITICAL if you do not have enough Idle processes. Generating WARNING and CRITICAL if you do not have enough Idle processes.
- PROC_MAX_REACHED: the fpm-status report will show us how many times the max processes were reached sinc start, - PROC_MAX_REACHED: the fpm-status report will show us how many times the max processes were reached sinc start,
this script will record how many time this happended since last check, letting you fix thresolds for alerts this script will record how many time this happended since last check, letting you fix thresolds for alerts
- QUEUE_MAX_REACHED: the php-fpm report will show us how many times the max queue was reached since start, - QUEUE_MAX_REACHED: the php-fpm report will show us how many times the max queue was reached since start,
this script will record how many time this happended since last check, letting you fix thresolds for alerts this script will record how many time this happended since last check, letting you fix thresolds for alerts
Examples: Examples:
This will lead to CRITICAL if you have 0 Idle process, or you have reached the max processes 2 times between last check, This will lead to CRITICAL if you have 0 Idle process, or you have reached the max processes 2 times between last check,
or you have reached the max queue len 5 times. A Warning will be reached for 1 Idle process only. or you have reached the max queue len 5 times. A Warning will be reached for 1 Idle process only:
check_phpfpm_status.pl -H 10.0.0.10 -u /foo/my-fpm-status -s mydomain.example.com -t 8 -w 1,-1,-1 -c 0,2,5 check_phpfpm_status.pl -H 10.0.0.10 -u /foo/my-fpm-status -s mydomain.example.com -t 8 -w 1,-1,-1 -c 0,2,5
this will generate WARNING and CRITICAL alerts only on the number of times you have reached the max process this will generate WARNING and CRITICAL alerts only on the number of times you have reached the max process:
check_phpfpm_status.pl -H 10.0.0.10 -u /foo/my-fpm-status -s mydomain.example.com -t 8 -w -1,10,-1 -c -1,20,-1 check_phpfpm_status.pl -H 10.0.0.10 -u /foo/my-fpm-status -s mydomain.example.com -t 8 -w -1,10,-1 -c -1,20,-1
theses two equivalents will not generate any alert (if the php-fpm page is reachable) but could be used for graphics theses two equivalents will not generate any alert (if the php-fpm page is reachable) but could be used for graphics:
check_phpfpm_status.pl -H 10.0.0.10 -s mydomain.example.com -w -1,-1,-1 -c -1,-1,-1 check_phpfpm_status.pl -H 10.0.0.10 -s mydomain.example.com -w -1,-1,-1 -c -1,-1,-1
check_phpfpm_status.pl -H 10.0.0.10 -s mydomain.example.com check_phpfpm_status.pl -H 10.0.0.10 -s mydomain.example.com
And this one is a basic starting example And this one is a basic starting example :
check_phpfpm_status.pl -H 127.0.0.1 -s nagios.example.com -w 1,1,1 -c 0,2,2 check_phpfpm_status.pl -H 127.0.0.1 -s nagios.example.com -w 1,1,1 -c 0,2,2
All these examples used an HTTP proxy (like Nginx or Apache) in front of php-fpm. If php-fpm is listening on a tcp/ip socket
you can also make a direct request on this port (9000 by default) using the fastcgi protocol. You'll need the FastCGI client
tools enabled in Perl (check the README) and the command would use the -f or --fastcgi option (note that SSL or servername
options are useless in this mode).
This can be especially usefull if you use php-fpm in an isolated env, without the HTTP proxy support (like in a docker container):
check_phpfpm_status.pl -H 127.0.0.1 --fastcgi -p 9002 -w 1,1,1 -c 0,2,2
HTTPS/SSL:
Adding --ssl you can reach an https host:
check_phpfpm_status.pl -H 10.0.0.10 -s mydomain.example.com --ssl
Check --verify-ssl (false by defaut) --cacert and --sl for more options, like below
(note that certificate checks never wortked on my side, add -d for full debug and
tell me if it worked for you, you may need up to date CPAN adn openSSL libs)
check_phpfpm_status.pl -H 10.0.0.10 -s mydomain.example.com --ssl TLSv1_2 --verify-ssl 1 --cacert /etc/ssl/cacert.pem
EOT EOT
} }
sub check_options { sub check_options {
Getopt::Long::Configure ("bundling"); Getopt::Long::Configure ("bundling");
GetOptions( GetOptions(
'h' => \$o_help, 'help' => \$o_help, 'h' => \$o_help, 'help' => \$o_help,
'd' => \$o_debug, 'debug' => \$o_debug, 'd' => \$o_debug, 'debug' => \$o_debug,
'H:s' => \$o_host, 'hostname:s' => \$o_host, 'f' => \$o_fastcgi, 'fastcgi' => \$o_fastcgi,
's:s' => \$o_servername, 'servername:s' => \$o_servername, 'H:s' => \$o_host, 'hostname:s' => \$o_host,
'S:s' => \$o_https, 'ssl:s' => \$o_https, 's:s' => \$o_servername, 'servername:s' => \$o_servername,
'u:s' => \$o_url, 'url:s' => \$o_url, 'S:s' => \$o_https, 'ssl:s' => \$o_https,
'U:s' => \$o_user, 'user:s' => \$o_user, 'u:s' => \$o_url, 'url:s' => \$o_url,
'P:s' => \$o_pass, 'pass:s' => \$o_pass, 'U:s' => \$o_user, 'user:s' => \$o_user,
'r:s' => \$o_realm, 'realm:s' => \$o_realm, 'P:s' => \$o_pass, 'pass:s' => \$o_pass,
'p:i' => \$o_port, 'port:i' => \$o_port, 'r:s' => \$o_realm, 'realm:s' => \$o_realm,
'V' => \$o_version, 'version' => \$o_version, 'p:i' => \$o_port, 'port:i' => \$o_port,
'w=s' => \$o_warn_thresold, 'warn=s' => \$o_warn_thresold, 'V' => \$o_version, 'version' => \$o_version,
'c=s' => \$o_crit_thresold, 'critical=s' => \$o_crit_thresold, 'w=s' => \$o_warn_thresold, 'warn=s' => \$o_warn_thresold,
't:i' => \$o_timeout, 'timeout:i' => \$o_timeout, 'c=s' => \$o_crit_thresold, 'critical=s' => \$o_crit_thresold,
'x:i' => \$o_verify_hostname, 'verifyhostname:i' => \$o_verify_hostname, 't:i' => \$o_timeout, 'timeout:i' => \$o_timeout,
'x:i' => \$o_verify_ssl, 'verifyhostname:i' => \$o_verify_ssl,
'verifyssl:i' => \$o_verify_ssl,
'X:s' => \$o_cacert_file, 'cacert:s' => \$o_cacert_file,
); );
if (defined ($o_help)) { if (defined ($o_help)) {
help(); help();
nagios_exit($phpfpm,"UNKNOWN","leaving","",1); nagios_exit($phpfpm,"UNKNOWN","leaving","",1);
} }
if (defined($o_version)) { if (defined($o_version)) {
show_versioninfo(); show_versioninfo();
nagios_exit($phpfpm,"UNKNOWN","leaving","",1); nagios_exit($phpfpm,"UNKNOWN","leaving","",1);
}; };
if (defined($o_warn_thresold)) { if (defined($o_warn_thresold)) {
($o_warn_p_level,$o_warn_m_level,$o_warn_q_level) = split(',', $o_warn_thresold); ($o_warn_p_level,$o_warn_m_level,$o_warn_q_level) = split(',', $o_warn_thresold);
} else {
$o_warn_thresold = 'undefined'
} }
if (defined($o_crit_thresold)) { if (defined($o_crit_thresold)) {
($o_crit_p_level,$o_crit_m_level,$o_crit_q_level) = split(',', $o_crit_thresold); ($o_crit_p_level,$o_crit_m_level,$o_crit_q_level) = split(',', $o_crit_thresold);
} else {
$o_crit_thresold = 'undefined'
}
if (defined($o_fastcgi) && defined($o_https)) {
nagios_exit($phpfpm,"UNKNOWN","You cannot use both --fastcgi and --ssl options, we do not use http (nor https) when we use direct fastcgi access!");
} }
if (defined($o_debug)) { if (defined($o_debug)) {
print("\nDebug thresolds: \nWarning: ($o_warn_thresold) => Min Idle: $o_warn_p_level Max Reached :$o_warn_m_level MaxQueue: $o_warn_q_level"); print("\nDebug thresolds: \nWarning: ($o_warn_thresold) => Min Idle: $o_warn_p_level Max Reached :$o_warn_m_level MaxQueue: $o_warn_q_level");
print("\nCritical ($o_crit_thresold) => : Min Idle: $o_crit_p_level Max Reached: $o_crit_m_level MaxQueue : $o_crit_q_level\n"); print("\nCritical ($o_crit_thresold) => : Min Idle: $o_crit_p_level Max Reached: $o_crit_m_level MaxQueue : $o_crit_q_level\n");
} }
if ((defined($o_warn_p_level) && defined($o_crit_p_level)) && if ((defined($o_warn_p_level) && defined($o_crit_p_level)) &&
(($o_warn_p_level != -1) && ($o_crit_p_level != -1) && ($o_warn_p_level <= $o_crit_p_level)) ) { (($o_warn_p_level != -1) && ($o_crit_p_level != -1) && ($o_warn_p_level <= $o_crit_p_level)) ) {
nagios_exit($phpfpm,"UNKNOWN","Check warning and critical values for IdleProcesses (1st part of thresold), warning level must be > crit level!"); nagios_exit($phpfpm,"UNKNOWN","Check warning and critical values for IdleProcesses (1st part of thresold), warning level must be > crit level!");
} }
if ((defined($o_warn_m_level) && defined($o_crit_m_level)) && if ((defined($o_warn_m_level) && defined($o_crit_m_level)) &&
(($o_warn_m_level != -1) && ($o_crit_m_level != -1) && ($o_warn_m_level >= $o_crit_m_level)) ) { (($o_warn_m_level != -1) && ($o_crit_m_level != -1) && ($o_warn_m_level >= $o_crit_m_level)) ) {
nagios_exit($phpfpm,"UNKNOWN","Check warning and critical values for MaxProcesses (2nd part of thresold), warning level must be < crit level!"); nagios_exit($phpfpm,"UNKNOWN","Check warning and critical values for MaxProcesses (2nd part of thresold), warning level must be < crit level!");
} }
if ((defined($o_warn_q_level) && defined($o_crit_q_level)) && if ((defined($o_warn_q_level) && defined($o_crit_q_level)) &&
(($o_warn_q_level != -1) && ($o_crit_q_level != -1) && ($o_warn_q_level >= $o_crit_q_level)) ) { (($o_warn_q_level != -1) && ($o_crit_q_level != -1) && ($o_warn_q_level >= $o_crit_q_level)) ) {
nagios_exit($phpfpm,"UNKNOWN","Check warning and critical values for MaxQueue (3rd part of thresold), warning level must be < crit level!"); nagios_exit($phpfpm,"UNKNOWN","Check warning and critical values for MaxQueue (3rd part of thresold), warning level must be < crit level!");
} }
# Check compulsory attributes # Check compulsory attributes
if (!defined($o_host)) { if (!defined($o_host)) {
print_usage(); print_usage();
nagios_exit($phpfpm,"UNKNOWN","-H host argument required"); nagios_exit($phpfpm,"UNKNOWN","-H host argument required");
} }
@ -216,20 +257,17 @@ sub check_options {
########## MAIN ########## ########## MAIN ##########
# warning capture: avoid extra line added on output by warnings (like deprecation warning in FastCGI code)
local $SIG{__WARN__} = sub {
if (defined ($o_debug)) {
my $warn = shift;
print "\nDEBUG: Perl warning message captured: $warn";
}
};
check_options(); check_options();
my $override_ip = $o_host; my $override_ip = $o_host;
my $ua = LWP::UserAgent->new(
protocols_allowed => ['http', 'https'],
timeout => $o_timeout,
ssl_opts => { verify_hostname => $o_verify_hostname }
);
# we need to enforce the HTTP request is made on the Nagios Host IP and
# not on the DNS related IP for that domain
@LWP::Protocol::http::EXTRA_SOCK_OPTS = ( PeerAddr => $override_ip );
# this prevent used only once warning in -w mode
my $ua_settings = @LWP::Protocol::http::EXTRA_SOCK_OPTS;
my $timing0 = [gettimeofday]; my $timing0 = [gettimeofday];
my $response = undef; my $response = undef;
my $url = undef; my $url = undef;
@ -240,60 +278,192 @@ if (!defined($o_url)) {
# ensure we have a '/' as first char # ensure we have a '/' as first char
$o_url = '/'.$o_url unless $o_url =~ m(^/) $o_url = '/'.$o_url unless $o_url =~ m(^/)
} }
my $proto='http://';
if(defined($o_https)) { if (defined($o_fastcgi)) {
$proto='https://'; # -- FASTCGI
if (defined($o_port) && $o_port!=443) { eval "use FCGI::Client::Connection;";
if (defined ($o_debug)) { nagios_exit($phpfpm,"UNKNOWN","You need to activate FCGI::Client::Connection CPAN module for this feature: " . $@) if $@;
print "\nDEBUG: Notice: port is defined at $o_port and not 443, check you really want that in SSL mode! \n"; eval "use IO::Socket::INET";
nagios_exit($phpfpm,"UNKNOWN","You need to activate IO::Socket::INET CPAN module for this feature: " . $@) if $@;
if (!defined($o_port)) {
$o_port = 9000;
}
my $sock = IO::Socket::INET->new(
PeerAddr => $override_ip,
PeerPort => $o_port,
);
if (!$sock) {
nagios_exit($phpfpm,"CRITICAL", "Cannot connect to $override_ip : $o_port !");
}
my $fastcgiClient = FCGI::Client::Connection->new(sock => $sock);
$url = $o_url;
my $sname = undef;
if (defined($o_servername)) {
$sname= $o_servername;
} else {
$sname = $o_host;
}
my ( $stdout, $stderr ) = $fastcgiClient->request(
+{
GATEWAY_INTERFACE => 'FastCGI/1.0',
REQUEST_METHOD => 'GET',
QUERY_STRING => '',
SCRIPT_FILENAME => $url,
SCRIPT_NAME => $url,
},
''
);
if (defined ($o_debug)) {
print "\nDEBUG: FASCGI requested url\n";
print $url;
print "\nDEBUG: FASCGI response: STDERR\n";
print $stderr;
}
$response = fcgi_response->new($stdout, $o_debug);
} else {
# -- HTTP
eval "use LWP::UserAgent;";
nagios_exit($phpfpm,"UNKNOWN","You need to activate LWP::UserAgent CPAN module for this feature: " . $@) if $@;
#use LWP::UserAgent;
my $proto='http://';
if(defined($o_https)) {
if ($o_https eq "") {
$o_https = 'TLSv1';
}
$proto='https://';
if (defined($o_port) && $o_port!=443) {
if (defined ($o_debug)) {
print "\nDEBUG: Notice: port is defined at $o_port and not 443, check you really want that in SSL mode! \n";
}
} }
} }
}
if (defined($o_servername)) { if (defined($o_servername)) {
if (!defined($o_port)) { if (!defined($o_port)) {
$url = $proto . $o_servername . $o_url; $url = $proto . $o_servername . $o_url;
} else {
$url = $proto . $o_servername . ':' . $o_port . $o_url;
}
} else { } else {
$url = $proto . $o_servername . ':' . $o_port . $o_url; if (!defined($o_port)) {
$url = $proto . $o_host . $o_url;
} else {
$url = $proto . $o_host . ':' . $o_port . $o_url;
}
} }
} else {
if (!defined($o_port)) { if (defined ($o_debug)) {
$url = $proto . $o_host . $o_url; print "\nDEBUG: HTTP url: \n";
print $url;
}
my %lwp_opts = (
timeout => $o_timeout
);
if(defined($o_https)) {
use IO::Socket::SSL qw( SSL_VERIFY_NONE SSL_VERIFY_PEER );
if (defined ($o_debug)) {
$ENV{HTTPS_DEBUG} = 1;
use Data::Dumper;
eval "use IO::Socket::SSL qw( debug3 SSL_VERIFY_NONE SSL_VERIFY_PEER )"; die $@ if $@;
} else {
$ENV{HTTPS_DEBUG} = 0;
}
$lwp_opts{'protocols_allowed'} = ['https'];
my %ssl_opts = (
PeerAddr => $override_ip,
);
$ENV{'PERL_LWP_SSL_VERIFY_HOSTNAME'} = $o_verify_ssl;
$ssl_opts{"verify_hostname"} = $o_verify_ssl;
$ssl_opts{"SSL_verifycn_name"} = $o_verify_ssl;
# 'TLSv1' by default, but could be things like 'SSLv3' or 'TLSv1_2', etc.
$ssl_opts{"SSL_version"} = $o_https;
#$ssl_opts{"SSL_verifycn_scheme"} = 'www';
if (defined($o_servername)) {
$ssl_opts{"SSL_hostname"} = $o_servername;
}
if (not $o_verify_ssl) {
# seems the verify_hostname parameters is not enough
$ssl_opts{"SSL_verify_mode"} = SSL_VERIFY_NONE;
} else {
if (!defined($o_cacert_file)) {
eval "use Mozilla::CA;";
nagios_exit($phpfpm,"UNKNOWN","You need to activate Mozilla::CA CPAN module for this feature, or use --cacert option: " . $@) if $@;
$o_cacert_file = Mozilla::CA::SSL_ca_file();
}
#$ssl_opts{"SSL_ca_path"} = '/usr/share/ca-certificates/mozilla/';
#$ENV{'HTTPS_CA_DIR'} = '/usr/share/ca-certificates/mozilla/';
#$ENV{'PERL_LWP_SSL_CA_PATH'} = '/usr/share/ca-certificates/mozilla/';
$ENV{'HTTPS_CA_FILE'} = $o_cacert_file;
$ENV{'PERL_LWP_SSL_CA_FILE'} = $o_cacert_file;
$ssl_opts{"SSL_ca_file"} = $o_cacert_file;
$ssl_opts{"SSL_verify_mode"} = SSL_VERIFY_PEER;
}
IO::Socket::SSL::set_ctx_defaults(%ssl_opts);
if (LWP::UserAgent->VERSION >= 6.10) {
$lwp_opts{"ssl_opts"} = \%ssl_opts;
}
} else { } else {
$url = $proto . $o_host . ':' . $o_port . $o_url; $lwp_opts{'protocols_allowed'} = ['http'];
}
if (defined ($o_debug)) {
print Dumper \%lwp_opts;
}
my $ua = LWP::UserAgent->new(%lwp_opts);
# we need to enforce the HTTP request is made to the Nagios Host IP and
# not on the DNS related IP for that domain
@LWP::Protocol::http::EXTRA_SOCK_OPTS = ( PeerAddr => $override_ip );
# this prevent 'used only once' warning in -w mode
my $ua_settings = @LWP::Protocol::http::EXTRA_SOCK_OPTS;
my $req = HTTP::Request->new( GET => $url );
if (defined($o_servername)) {
$req->header('Host' => $o_servername);
}
if (defined($o_user)) {
$req->authorization_basic($o_user, $o_pass);
}
if (defined ($o_debug)) {
print "\nDEBUG: HTTP request: \n";
print "IP used (better if it's an IP):" . $override_ip . "\n";
print $req->as_string;
}
$response = $ua->request($req);
if (defined ($o_debug)) {
print "\nDEBUG: HTTP response: \n";
print $response->as_string;
} }
} }
if (defined ($o_debug)) {
print "\nDEBUG: HTTP url: \n";
print $url;
}
my $req = HTTP::Request->new( GET => $url ); my $timeelapsed = tv_interval($timing0, [gettimeofday]);
if (defined($o_servername)) {
$req->header('Host' => $o_servername);
}
if (defined($o_user)) {
$req->authorization_basic($o_user, $o_pass);
}
if (defined ($o_debug)) {
print "\nDEBUG: HTTP request: \n";
print "IP used (better if it's an IP):" . $override_ip . "\n";
print $req->as_string;
}
$response = $ua->request($req);
my $timeelapsed = tv_interval ($timing0, [gettimeofday]);
my $InfoData = ''; my $InfoData = '';
my $PerfData = ''; my $PerfData = '';
my $webcontent = undef; my $webcontent = undef;
if ($response->is_success) { if ($response->is_success) {
$webcontent=$response->decoded_content( charset_strict=>1, raise_error => 1, alt_charset => 'none' ); $webcontent=$response->decoded_content( charset_strict=>1, raise_error => 1, alt_charset => 'none' );
if (defined ($o_debug)) { if (defined ($o_debug)) {
print "\nDEBUG: HTTP response:"; print "\nDEBUG: HTTP response:";
print $response->status_line; print $response->status_line;
print "\n".$response->header('Content-Type'); print "\nContent-Type => ".$response->header('Content-Type');
print "\n"; print "\n";
print $webcontent; print $webcontent;
} }
@ -321,61 +491,61 @@ if ($response->is_success) {
$Pool =~ s/^\s+|\s+$//g; $Pool =~ s/^\s+|\s+$//g;
#$phpfpm .= "-".$Pool; #$phpfpm .= "-".$Pool;
} }
my $Uptime = 0; my $Uptime = 0;
if($webcontent =~ m/start since: (.*?)\n/) { if($webcontent =~ m/start since: (.*?)\n/) {
$Uptime = $1; $Uptime = $1;
$Uptime =~ s/^\s+|\s+$//g; $Uptime =~ s/^\s+|\s+$//g;
} }
my $AcceptedConn = 0; my $AcceptedConn = 0;
if($webcontent =~ m/accepted conn: (.*?)\n/) { if($webcontent =~ m/accepted conn: (.*?)\n/) {
$AcceptedConn = $1; $AcceptedConn = $1;
$AcceptedConn =~ s/^\s+|\s+$//g; $AcceptedConn =~ s/^\s+|\s+$//g;
} }
my $ActiveProcesses= 0; my $ActiveProcesses= 0;
if($webcontent =~ m/(.*)?\nactive processes: (.*?)\n/) { if($webcontent =~ m/(.*)?\nactive processes: (.*?)\n/) {
$ActiveProcesses = $2; $ActiveProcesses = $2;
$ActiveProcesses =~ s/^\s+|\s+$//g; $ActiveProcesses =~ s/^\s+|\s+$//g;
} }
my $TotalProcesses= 0; my $TotalProcesses= 0;
if($webcontent =~ m/total processes: (.*?)\n/) { if($webcontent =~ m/total processes: (.*?)\n/) {
$TotalProcesses = $1; $TotalProcesses = $1;
$TotalProcesses =~ s/^\s+|\s+$//g; $TotalProcesses =~ s/^\s+|\s+$//g;
} }
my $IdleProcesses= 0; my $IdleProcesses= 0;
if($webcontent =~ m/idle processes: (.*?)\n/) { if($webcontent =~ m/idle processes: (.*?)\n/) {
$IdleProcesses = $1; $IdleProcesses = $1;
$IdleProcesses =~ s/^\s+|\s+$//g; $IdleProcesses =~ s/^\s+|\s+$//g;
} }
my $MaxActiveProcesses= 0; my $MaxActiveProcesses= 0;
if($webcontent =~ m/max active processes: (.*?)\n/) { if($webcontent =~ m/max active processes: (.*?)\n/) {
$MaxActiveProcesses = $1; $MaxActiveProcesses = $1;
$MaxActiveProcesses =~ s/^\s+|\s+$//g; $MaxActiveProcesses =~ s/^\s+|\s+$//g;
} }
my $MaxChildrenReached= 0; my $MaxChildrenReached= 0;
if($webcontent =~ m/max children reached: (.*?)\n/) { if($webcontent =~ m/max children reached: (.*?)\n/) {
$MaxChildrenReached = $1; $MaxChildrenReached = $1;
$MaxChildrenReached =~ s/^\s+|\s+$//g; $MaxChildrenReached =~ s/^\s+|\s+$//g;
} }
my $ListenQueue= 0; my $ListenQueue= 0;
if($webcontent =~ m/\nlisten queue: (.*?)\n/) { if($webcontent =~ m/\nlisten queue: (.*?)\n/) {
$ListenQueue = $1; $ListenQueue = $1;
$ListenQueue =~ s/^\s+|\s+$//g; $ListenQueue =~ s/^\s+|\s+$//g;
} }
my $ListenQueueLen= 0; my $ListenQueueLen= 0;
if($webcontent =~ m/listen queue len: (.*?)\n/) { if($webcontent =~ m/listen queue len: (.*?)\n/) {
$ListenQueueLen = $1; $ListenQueueLen = $1;
$ListenQueueLen =~ s/^\s+|\s+$//g; $ListenQueueLen =~ s/^\s+|\s+$//g;
} }
my $MaxListenQueue= 0; my $MaxListenQueue= 0;
if($webcontent =~ m/max listen queue: (.*?)\n/) { if($webcontent =~ m/max listen queue: (.*?)\n/) {
$MaxListenQueue = $1; $MaxListenQueue = $1;
@ -388,7 +558,7 @@ if ($response->is_success) {
my $TempFile = $TempPath.$o_host.'_check_phpfpm_status'.md5_hex($url); my $TempFile = $TempPath.$o_host.'_check_phpfpm_status'.md5_hex($url);
my $FH; my $FH;
my $LastUptime = 0; my $LastUptime = 0;
my $LastAcceptedConn = 0; my $LastAcceptedConn = 0;
my $LastMaxChildrenReached = 0; my $LastMaxChildrenReached = 0;
@ -406,14 +576,14 @@ if ($response->is_success) {
print ("LastUptime: $LastUptime LastAcceptedConn: $LastAcceptedConn LastMaxChildrenReached: $LastMaxChildrenReached LastMaxListenQueue: $LastMaxListenQueue \n"); print ("LastUptime: $LastUptime LastAcceptedConn: $LastAcceptedConn LastMaxChildrenReached: $LastMaxChildrenReached LastMaxListenQueue: $LastMaxListenQueue \n");
} }
} }
open ($FH, '>'.$TempFile) or nagios_exit($phpfpm,"UNKNOWN","unable to write temporary data in :".$TempFile); open ($FH, '>'.$TempFile) or nagios_exit($phpfpm,"UNKNOWN","unable to write temporary data in :".$TempFile);
print $FH "$Uptime\n"; print $FH "$Uptime\n";
print $FH "$AcceptedConn\n"; print $FH "$AcceptedConn\n";
print $FH "$MaxChildrenReached\n"; print $FH "$MaxChildrenReached\n";
print $FH "$MaxListenQueue\n"; print $FH "$MaxListenQueue\n";
close ($FH); close ($FH);
my $ReqPerSec = 0; my $ReqPerSec = 0;
my $Accesses = 0; my $Accesses = 0;
my $MaxChildrenReachedNew = 0; my $MaxChildrenReachedNew = 0;
@ -421,7 +591,7 @@ if ($response->is_success) {
# check only if this counter may have been incremented # check only if this counter may have been incremented
# but not if it may have been too much incremented # but not if it may have been too much incremented
# and something should have happened in the server # and something should have happened in the server
if ( ($Uptime>$LastUptime) if ( ($Uptime>$LastUptime)
&& ($Uptime-$LastUptime<$MaxUptimeDif) && ($Uptime-$LastUptime<$MaxUptimeDif)
&& ($AcceptedConn>=$LastAcceptedConn) && ($AcceptedConn>=$LastAcceptedConn)
&& ($MaxListenQueue>=$LastMaxListenQueue) && ($MaxListenQueue>=$LastMaxListenQueue)
@ -464,9 +634,72 @@ if ($response->is_success) {
if (defined($o_warn_p_level) && (-1!=$o_warn_p_level) && ($IdleProcesses <= $o_warn_p_level)) { if (defined($o_warn_p_level) && (-1!=$o_warn_p_level) && ($IdleProcesses <= $o_warn_p_level)) {
nagios_exit($phpfpm,"WARNING", "Idle workers are low " . $InfoData,$PerfData); nagios_exit($phpfpm,"WARNING", "Idle workers are low " . $InfoData,$PerfData);
} }
nagios_exit($phpfpm,"OK",$InfoData,$PerfData); nagios_exit($phpfpm,"OK",$InfoData,$PerfData);
} else { } else {
nagios_exit($phpfpm,"CRITICAL", $response->status_line); nagios_exit($phpfpm,"CRITICAL", $response->status_line);
} }
# ---------------------------------------------------------------------------
# Adding a small parser for response coming in fastcgi mode
# to have some methods with same signature as the response from LWP::UserAgent
package fcgi_response;
sub new() {
my ($class) = shift;
my ($raw) = shift;
my ($debug) = shift;
my @parts = split /\r\n\r\n/, $raw;
my @headers = split /\r\n/, $parts[0];
my $body = $parts[1];
#if (defined ($debug)) {
# print "\nDEBUG FCGI Resp HEADERS:\n";
# print join("\r\n",@headers);
# print "\nDEBUG FCGI Resp BODY:\n";
# print $body;
#}
my $self = {
"raw" => $raw,
"headrs" => [@headers],
"body" => $body,
"debug" => $debug,
};
bless($self, $class);
return $self;
}
sub is_success() {
my ($self) = shift;
return not $self->status_line()
}
sub status_line() {
my ($self) = shift;
return $self->header('Status');
}
sub decoded_content() {
my ($self) = shift;
# we do not, in fact, apply any decoding
return $self->{body}
}
sub header() {
my ($self) = shift;
my ($seek) = shift;
for my $i (0 .. $#{$self->{headrs}}) {
my $line = $self->{headrs}[$i];
my @parts = split /:/, $line;
if (lc $parts[0] eq lc $seek) {
if (defined($self->{debug})) {
print "\nDEBUG: header $seek found => " . $parts[1];
}
return $parts[1];
}
}
return 0;
}

View file

@ -1,6 +1,6 @@
Homepage: https://raw.github.com/regilero/check_phpfpm_status/master/check_phpfpm_status.pl Homepage: https://raw.github.com/regilero/check_phpfpm_status/master/check_phpfpm_status.pl
Watch: https://raw.github.com/regilero/check_phpfpm_status/master/check_phpfpm_status.pl Version\ :\ ([0-9.]+) Watch: https://raw.github.com/regilero/check_phpfpm_status/master/check_phpfpm_status.pl Version\ :\ ([0-9.]+)
Recommends: libwww-perl, monitoring-plugins-common | nagios-plugins-common Recommends: libio-socket-ssl-perl, libwww-perl, monitoring-plugins-common | nagios-plugins-common
Version: 0.11 Version: 1.1
Uploaders: Jan Wagner <waja@cyconet.org> Uploaders: Jan Wagner <waja@cyconet.org>
Description: plugin to check the fpm-status page report from php-fpm Description: plugin to check the fpm-status page report from php-fpm