check_netio
check_netio is a Nagios / Icinga plugin for checking power states of Koukaam NETIO devices.
Requirements
I successfully tested the plugin with NETIO-230A and NETIO-230B devices. Most recent firmware version on newer product releases might not work (see table below).
Usage
By default the plugin checks whether your defined power states matches the currently set states. It is also possible to check whether NTP is synchronized. Checking the NETIO is done using the CGI or KShell interface.
You need to specify the following parameters:
| Parameter | Description |
|---|---|
-d / --debug |
enable debugging outputs (default: no) |
-s / --hostname |
defines the device hostname |
-u / --use-kshell |
use KShell instead of CGI (default: no) |
-a / --authfile |
defines an auth file to use instead of shell variables |
-k / --kshell-port |
defines the KShell port (default: 1234) |
-u / --username |
defines the username |
-w / --password |
defines the password |
-y / --use-hash |
uses password hash instead of plain password (default: no) - currently not supported yet, see issue |
-g / --generate-hash |
generates a password hash and quits (default: no) - currently not supported yet, see issue |
-n / --check-ntp |
checks NTP synchronization state - requires KShell (default: no) |
-x / --port-state |
defines expected port states [0=off, 1=on, ?=whatever] |
Examples
Check whether the NTP time is synchronized:
$ ./check_netio.py -s mynetio -u admin -w pass -n
OK - NTP state is synchronizedCheck whether the NTP time is synchronized, specifying a different KShell port, login information is prompted:
$ ./check_netio.py -s mynetio -n -p 1337
Username: admin
Password:
CRITICAL - NTP NOT synchronizedCheck whether the last port is turned on, login information is assigned using shell variables:
$ NETIO_LOGIN=admin NETIO_PASSWORD=pass ./check_netio.py -s mynetio -x ???1
WARNING - port difference detected: 4Check all port states and also NTP synchronization state:
$ ./check_netio.py -s mynetio -x 0001 -n
Username: admin
Password:
OK - ports (0001) matching expectations (0001) - NTP synchronizedFirmware support
See the table below for tested firmware versions:
| Device | Firmware | Status |
|---|---|---|
| 230A | 2.31 | working |
| 230A | 2.32 | working |
| 230A | 2.33 | working |
| 230A | 2.34RC1 | working |
| 230B | 3.12 | working |
| 230B | 4.03 | working |
| 230B | 4.05 | working |
| 230C | 4.03 | not tested |
| 230C | 4.05 | not tested |
| 230CS | 4.03 | not tested |
| 230CS | 4.05 | not tested |
| NETIO4 | 4.x | not tested |
| NETIO4-All | 4.x | not tested |
Please let me know if you have tested the plugin on previously untested devices to complete the list!
Authentification options
By default login information are prompted interactively - e.g.:
$ ./check_netio.py -s mynetio -n
Username:
Password:If you want to make the script work unattended you might choose between one of the following options:
Option 1: script parameters
A simple but insecure possibility to assign the login information is to use the following parameters:
-u/--username-w/--password
Note that users having access to your Nagios / Icinga configuration are able to see the login information.
Option 2: shell variables
Set those shell variables:
- NETIO_LOGIN - a username
- NETIO_PASSWORD - the appropriate password
You might also want to set the HISTFILE variable (depending on your shell) to hide the command including the password in the history:
$ HISTFILE="" NETIO_LOGIN=admin NETIO_PASSWORD=pass ./check_netio.py -s mynetio -nOption 3: auth file
A better possibility is to create a authfile with permisions 0600. Just enter the username in the first line and the password in the second line:
$ cat authfile
admin
password
$ chmod 0600 authfileHand the path to the script:
$ ./check_netio.py -a myauthfile -s mynetio -nThe scripts will abort if the authfile has insecure permissions (e.g. 0777).
