check_cloud_gcp

                                        
Icinga plugin to check resource status inside the Google Cloud Platform (GCP) and Engine (GCE)

                    

        
        

            
            

                

    

    
check_cloud_gcp


Icinga check plugin to check Google Cloud Platform (GCP) resources. At the moment the check only supports the
Compute Engine (GCE) context.


Usage


Computing - Instances


When one of the states is non-ok, or a instance is STOPPED, the check will alert.


compute instances


Checks all GCP Instances over all zones or multiple GCP Instances in a defined GCP zone.


Usage:
  check_cloud_google compute instances [flags]

Flags:
  -f, --filter string        Filter expression that filters resources e.g. '(cpuPlatform = "Intel Broadwell") AND (name != "instance1")'
  -h, --help                 help for instances
      --ignore-api-warning   Disables warning when querying without a zone filter (please do not do that)
  -z, --zone string          GCP Zone name, can include wildcards (e.g. "europe-*")

Global Flags:
  -j, --json-file string   GCP service account key file


## Zone: europe-west3-c

$ check_cloud_gcp compute instances -z europe-west3-c -j $GOOGLE_APPLICATION_CREDENTIALS
CRITICAL - 2 Instances found - 1 RUNNING - 1 TERMINATED

[OK] "instance1" powerstate=RUNNING size=e2-micro
[CRITICAL] "instance2" powerstate=TERMINATED size=e2-medium

## Zone: all Zones

$ check_cloud_gcp compute instances --filter 'name != "instance-1"' -j $GOOGLE_APPLICATION_CREDENTIALS
CRITICAL - 3 Instances found - 2 RUNNING - 1 TERMINATED

## us-central1-a

[OK] "instance-3" powerstate=RUNNING size=e2-micro

## europe-west3-c

[CRITICAL] "instance-2" powerstate=TERMINATED size=e2-medium


More information on filters


compute instance


Checks a single GCP Instance


check_cloud_gcp compute instance -z europe-west3-c -j $GOOGLE_APPLICATION_CREDENTIALS -n instance1
OK - "instance1" powerstate=RUNNING size=e2-micro


Setting up Access


In order to work correctly you need the correct permissions and configuration within GCP, to grant the plugin proper
read-only access to the resources.


The following step-by-step instructions will help you to setup this configuration.


Creating a service account


You should create a new service account within the cloud project, and add the proper permissions to it,
name it e.g. "check_cloud_gcp".


    

  • In the Cloud Console, go to the Service accounts page.
    • 

  • Go to the Service accounts page
    • 

  • Select a project.
    • 

  • Click Create service account.
    • 

  • Enter a service account name to display in the Cloud Console e.g. check_cloud_gcp
    • 

  • Optional: Enter a description of the service account e.g. monitoring purposes
    • 

  • Choose a IAM role to grant the service account the correct permissions on the project Basic -> Viewer
    • 

  • When you are done adding roles, click Continue.
    • 

  • Optional: In the Service account users role field, add members that can impersonate the service account.
    • 

  • Optional: In the Service account admins role field, add members that can manage the service account.
    • 

  • Click Done to finish creating the service account.
    • 



Creating a Service account key


The check itself needs a service account key file which will parse the credentials of the service account:


    

  • In the Cloud Console, go to the Service Accounts page.
    • 

  • Select a project.
    • 

  • Click the email address of the service account that you want to create a key for.
    • 

  • Click the Keys tab.
    • 

  • Click the Add key drop-down menu, then select Create new key.
    • 

  • Select JSON as the Key type and click Create.
    • 



Important: The key can be downloaded only after creation. Also restrict the permissions of the credential file
on disk, so only Icinga can read it.


Then either set environment GOOGLE_APPLICATION_CREDENTIALS or pass --json-file with the file path.


For more information about authentication see: Getting started with authentication


The full documentation can be found at Google Cloud Documentation


License


Copyright (C) 2021 info@netways.de" rel="nofollow">NETWAYS GmbH


This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.


You should have received a copy of the GNU General Public License
along with this program.  If not, see .