Add script to test gateway status when finished

[rubo77]

There should be added a script, that shows a status of the gateway when you are logged in via SSH, with:

• all services that should run
• an analysis of all configurations
• if everything is set up correctly.
• ...

This could look like this:

#!/bin/bash
set -x

maintenance status
batctl-ffki gw
service openvpn status
ping -I tun-anonvpn 8.8.8.8
batctl-ffki gw
service --status-all 2>&1 | egrep '(bird6|openvpn|fastd|alfred|bat)'

[ohrensessel]

generally a very good idea. might be helpful to check everything while connected via ssh.
however, we have to avoid duplicated code with the monitoring solutions here I would say.

would be nice if you provide a pull requests we then can review and merge.

[rubo77]

Where would this kind of script be in the correct place? In usr local bin?
https://github.com/ffnord/ffnord-puppet-gateway/tree/master/files/usr/local/bin

I need some more tips what tests should be included and where I should look for the same code so I don't create duplicate content.

Could you provide a link where to find a complete list of all services that should run on a Gateway?

[sargon]

My opinion on this is that we should carefully check if the puppet script is raising all the services on first apply. For everything else we have monitoring systems, that is what they do.

When we have anything which is not nicely monitor-able, create a new check for that.

[rubo77]

@sargon: But even you do a lot of stuff on the console like

pgrep -lf fastd

It would be nice to have such a collection of commands how to check the healt status of a gateway from within.

[sargon]

Yes, of course I do. We have nagios or zabbix for that task, so create checks for everything you find no check for. For prevention of code duplication call these checks.

So a wrapper script around nagios/zabbix checks would be the way to go.

[rubo77]

Where can I find the existing checks? (I have no access to the nagios VM)

[sargon]

With nagios all checks targeting local status are on the machine, located in /etc/nagios/

[rubo77]

OK what I found out so far:

there is nrpe installed on all VPNs that allows the nagios instance on our main server to call the scripts located in /etc/nagios/

This would call them locally:

/usr/lib/nagios/plugins/check_nrpe -H localhost

But that local check is not installed my the puppet scripts, so finally, that would be all that has to be done here:

Add the local nagios check to the puppet scripts.

[rubo77]

without nagios you can check already some tasks if they are running with these lines:

service --status-all 2>&1 | egrep '(bird6|openvpn|fastd|alfred|bat)'
pgrep -lf '(bird6|openvpn|fastd|alfred|bat)'

[rubo77]

This would be a script to call on the machine:

#127