Skip to content

Linux agent: Fixes for ntpq handling, for non-Ubuntu and non-systemd #116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
rawiriblundell wants to merge 6 commits into from
Closed

Linux agent: Fixes for ntpq handling, for non-Ubuntu and non-systemd #116

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
3db50f5
Rebase for upstream changes
rawiriblundell Oct 29, 2019
a4f6f53
Merge in upstream changes to linux agent script
rawiriblundell Oct 29, 2019
206c30e
Merge remote-tracking branch 'upstream/master'
rawiriblundell Jan 13, 2020
abc4bd2
Add fixes for ntp handling across differing Linux distributions
rawiriblundell Jan 14, 2020
57d67e0
Backport section_ntp() from merged agent script, adjusted for use here
rawiriblundell Jan 21, 2020
8af56c4
Split ntp/chrony/timesyncd functions out after feedback on same chang…
rawiriblundell Jan 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
109 changes: 76 additions & 33 deletions agents/check_mk_agent.linux
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -415,6 +415,73 @@ run_real_time_checks() {
done
}

# Helper function for 'section_ntp()'
get_ntpq() {
# If 'ntpq' isn't in PATH, there's no point going further
inpath ntpq || return 1
[ "${1}" = "--header" ] && echo '<<<ntp>>>'
ntpq -np | sed -e 1,2d -e 's/^\\(.\\)/\\1 /' -e 's/^ /%/' || true
}

# Function to pull timesync information from chrony
section_chrony() {
# The "| cat" has been added for some kind of regression in RedHat 7.5. The
# SELinux rules shipped with that release were denying the chronyc call without cat.
if inpath chronyc; then
# Identify if the daemon is active...
if [ "$(systemctl | awk '/chronyd.service/{print $3; exit}')" = "active" ]; then
run_cached chrony 30 "waitmax 5 chronyc -n tracking | cat || true"
fi
fi
}

# Requires 'get_ntpq()'
section_ntp() {
# If '${timesync_rc}' is 0, then 'section_timesyncd()' has returned successfully in
# which case we do not want to proceed with 'ntpq', so return and skip further processing
[ "${timesync_rc}" -eq 0 ] && return 0

# If 'ntpq' isn't in PATH, there's no point going further
inpath ntpq || return 1

# First we try to identify if we're beholden to systemd
if inpath systemctl; then
# shellcheck disable=SC2016
if [ "$(systemctl | awk '/ntp.service|ntpd.service/{print $3; exit}')" = "active" ]; then
# remove heading, make first column space separated
run_cached -s ntp 30 "waitmax 5 get_ntpq"
fi
# Return to leave the function with no further processing
return
fi

# If we get to this point, we attempt to test classic ntp daemons
# Try to determine status via /etc/init.d
# This might also be appropriate for AIX, Solaris and others
for _ntp_daemon in ntp ntpd openntpd; do
# Check for a service script
if [ -x /etc/init.d/"${_ntp_daemon}" ]; then
# If the status returns 0, we assume we have a running service
if /etc/init.d/"${_ntp_daemon}" status >/dev/null 2>&1; then
run_cached -s ntp 30 "waitmax 5 get_ntpq"
fi
fi
done
unset -v _ntp_daemon
}

# Function to pull timesync information via timedatectl (if possible)
section_timesyncd() {
# If 'timedatectl' is not in path, or if it doesn't support 'timesync-status'
# then return and skip further processing
inpath timedatectl || return 1
timedatectl timesync-status >/dev/null 2>&1 || return 1
echo "<<<timesyncd>>>"
timedatectl timesync-status
get_file_mtime /var/lib/systemd/timesync/clock | awk '{print "[[["$1"]]]"}'
return 0
}

echo "<<<check_mk>>>"
echo "Version: 1.7.0i1"
echo "AgentOS: linux"
Expand Down Expand Up @@ -732,38 +799,14 @@ if [ -e /etc/openvpn/openvpn-status.log ]; then
sed -e 1,3d -e '$d'
fi

is_timesync_succesful=false
if inpath systemctl; then
timesync_status=$(systemctl status ntp | awk '{if(NR==3) print $2}')
if [ $timesync_status == "active" ]; then
if inpath ntpq; then
# remove heading, make first column space separated
run_cached -s ntp 30 "waitmax 5 ntpq -np | sed -e 1,2d -e 's/^\(.\)/\1 /' -e 's/^ /%/' || true"
is_timesync_succesful=true
fi
fi
fi

if ! $is_timesync_succesful && inpath systemd; then
systemd_version=$(systemd --version | awk '{if(NR==1) print $2}')
if [ $systemd_version -ge 239 ]; then
if inpath timedatectl; then
echo "<<<timesyncd>>>"
timedatectl timesync-status
stat -c %Y /var/lib/systemd/timesync/clock | awk '{print "[[["$1"]]]"}'
fi
fi
fi

# Time synchronization with Chrony
if inpath chronyc; then
# Force successful exit code. Otherwise section will be missing if daemon not running
#
# The "| cat" has been added for some kind of regression in RedHat 7.5. The
# SELinux rules shipped with that release were denying the chronyc call
# without cat.
run_cached -s chrony 30 "waitmax 5 chronyc -n tracking | cat || true"
fi
# Call the NTP audit functions
section_timesyncd
# Grab the exit code from 'section_timesyncd()' as this determines 'section_ntp()'s behaviour
# Our goal here is to avoid multiple outputs e.g. timedatectl + ntpq
timesync_rc="${?}"
section_ntp
unset -v timesync_rc
section_chrony

if inpath nvidia-settings && [ -S /tmp/.X11-unix/X0 ]; then
echo '<<<nvidia>>>'
Expand Down Expand Up @@ -1282,4 +1325,4 @@ if [ -d "$SPOOLDIR" ] && [ -r "$SPOOLDIR" ]; then
cat "$file"
done
popd >/dev/null
fi
fi