check_cloud_gcp

Icinga plugin to check resource status inside the Google Cloud Platform (GCP) and Engine (GCE)

check_cloud_gcp

Icinga check plugin to check Google Cloud Platform (GCP) resources. At the moment the check only supports the Compute Engine (GCE) context.

Usage

Computing - Instances

When one of the states is non-ok, or a instance is STOPPED, the check will alert.

compute instances

Checks all GCP Instances over all zones or multiple GCP Instances in a defined GCP zone.

Usage:
  check_cloud_google compute instances [flags]

Flags:
  -f, --filter string        Filter expression that filters resources e.g. '(cpuPlatform = "Intel Broadwell") AND (name != "instance1")'
  -h, --help                 help for instances
      --ignore-api-warning   Disables warning when querying without a zone filter (please do not do that)
  -z, --zone string          GCP Zone name, can include wildcards (e.g. "europe-*")

Global Flags:
  -j, --json-file string   GCP service account key file
## Zone: europe-west3-c

$ check_cloud_gcp compute instances -z europe-west3-c -j $GOOGLE_APPLICATION_CREDENTIALS
CRITICAL - 2 Instances found - 1 RUNNING - 1 TERMINATED

[OK] "instance1" powerstate=RUNNING size=e2-micro
[CRITICAL] "instance2" powerstate=TERMINATED size=e2-medium

## Zone: all Zones

$ check_cloud_gcp compute instances --filter 'name != "instance-1"' -j $GOOGLE_APPLICATION_CREDENTIALS
CRITICAL - 3 Instances found - 2 RUNNING - 1 TERMINATED

## us-central1-a

[OK] "instance-3" powerstate=RUNNING size=e2-micro

## europe-west3-c

[CRITICAL] "instance-2" powerstate=TERMINATED size=e2-medium

More information on filters

compute instance

Checks a single GCP Instance

check_cloud_gcp compute instance -z europe-west3-c -j $GOOGLE_APPLICATION_CREDENTIALS -n instance1
OK - "instance1" powerstate=RUNNING size=e2-micro

Setting up Access

In order to work correctly you need the correct permissions and configuration within GCP, to grant the plugin proper read-only access to the resources.

The following step-by-step instructions will help you to setup this configuration.

Creating a service account

You should create a new service account within the cloud project, and add the proper permissions to it, name it e.g. "check_cloud_gcp".

  • In the Cloud Console, go to the Service accounts page.
  • Go to the Service accounts page
  • Select a project.
  • Click Create service account.
  • Enter a service account name to display in the Cloud Console e.g. check_cloud_gcp
  • Optional: Enter a description of the service account e.g. monitoring purposes
  • Choose a IAM role to grant the service account the correct permissions on the project Basic -> Viewer
  • When you are done adding roles, click Continue.
  • Optional: In the Service account users role field, add members that can impersonate the service account.
  • Optional: In the Service account admins role field, add members that can manage the service account.
  • Click Done to finish creating the service account.

Creating a Service account key

The check itself needs a service account key file which will parse the credentials of the service account:

  • In the Cloud Console, go to the Service Accounts page.
  • Select a project.
  • Click the email address of the service account that you want to create a key for.
  • Click the Keys tab.
  • Click the Add key drop-down menu, then select Create new key.
  • Select JSON as the Key type and click Create.

Important: The key can be downloaded only after creation. Also restrict the permissions of the credential file on disk, so only Icinga can read it.

Then either set environment GOOGLE_APPLICATION_CREDENTIALS or pass --json-file with the file path.

For more information about authentication see: Getting started with authentication

The full documentation can be found at Google Cloud Documentation

License

Copyright (C) 2021 info@netways.de" rel="nofollow">NETWAYS GmbH

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see .