├── .gitignore
├── README.md
├── LICENSE
└── sat6_healthCheck.sh
/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # sat6_healthCheck
2 | Health Check for a Satellite 6 install
3 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 2, June 1991
3 |
4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
6 | Everyone is permitted to copy and distribute verbatim copies
7 | of this license document, but changing it is not allowed.
8 |
9 | Preamble
10 |
11 | The licenses for most software are designed to take away your
12 | freedom to share and change it. By contrast, the GNU General Public
13 | License is intended to guarantee your freedom to share and change free
14 | software--to make sure the software is free for all its users. This
15 | General Public License applies to most of the Free Software
16 | Foundation's software and to any other program whose authors commit to
17 | using it. (Some other Free Software Foundation software is covered by
18 | the GNU Lesser General Public License instead.) You can apply it to
19 | your programs, too.
20 |
21 | When we speak of free software, we are referring to freedom, not
22 | price. Our General Public Licenses are designed to make sure that you
23 | have the freedom to distribute copies of free software (and charge for
24 | this service if you wish), that you receive source code or can get it
25 | if you want it, that you can change the software or use pieces of it
26 | in new free programs; and that you know you can do these things.
27 |
28 | To protect your rights, we need to make restrictions that forbid
29 | anyone to deny you these rights or to ask you to surrender the rights.
30 | These restrictions translate to certain responsibilities for you if you
31 | distribute copies of the software, or if you modify it.
32 |
33 | For example, if you distribute copies of such a program, whether
34 | gratis or for a fee, you must give the recipients all the rights that
35 | you have. You must make sure that they, too, receive or can get the
36 | source code. And you must show them these terms so they know their
37 | rights.
38 |
39 | We protect your rights with two steps: (1) copyright the software, and
40 | (2) offer you this license which gives you legal permission to copy,
41 | distribute and/or modify the software.
42 |
43 | Also, for each author's protection and ours, we want to make certain
44 | that everyone understands that there is no warranty for this free
45 | software. If the software is modified by someone else and passed on, we
46 | want its recipients to know that what they have is not the original, so
47 | that any problems introduced by others will not reflect on the original
48 | authors' reputations.
49 |
50 | Finally, any free program is threatened constantly by software
51 | patents. We wish to avoid the danger that redistributors of a free
52 | program will individually obtain patent licenses, in effect making the
53 | program proprietary. To prevent this, we have made it clear that any
54 | patent must be licensed for everyone's free use or not licensed at all.
55 |
56 | The precise terms and conditions for copying, distribution and
57 | modification follow.
58 |
59 | GNU GENERAL PUBLIC LICENSE
60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
61 |
62 | 0. This License applies to any program or other work which contains
63 | a notice placed by the copyright holder saying it may be distributed
64 | under the terms of this General Public License. The "Program", below,
65 | refers to any such program or work, and a "work based on the Program"
66 | means either the Program or any derivative work under copyright law:
67 | that is to say, a work containing the Program or a portion of it,
68 | either verbatim or with modifications and/or translated into another
69 | language. (Hereinafter, translation is included without limitation in
70 | the term "modification".) Each licensee is addressed as "you".
71 |
72 | Activities other than copying, distribution and modification are not
73 | covered by this License; they are outside its scope. The act of
74 | running the Program is not restricted, and the output from the Program
75 | is covered only if its contents constitute a work based on the
76 | Program (independent of having been made by running the Program).
77 | Whether that is true depends on what the Program does.
78 |
79 | 1. You may copy and distribute verbatim copies of the Program's
80 | source code as you receive it, in any medium, provided that you
81 | conspicuously and appropriately publish on each copy an appropriate
82 | copyright notice and disclaimer of warranty; keep intact all the
83 | notices that refer to this License and to the absence of any warranty;
84 | and give any other recipients of the Program a copy of this License
85 | along with the Program.
86 |
87 | You may charge a fee for the physical act of transferring a copy, and
88 | you may at your option offer warranty protection in exchange for a fee.
89 |
90 | 2. You may modify your copy or copies of the Program or any portion
91 | of it, thus forming a work based on the Program, and copy and
92 | distribute such modifications or work under the terms of Section 1
93 | above, provided that you also meet all of these conditions:
94 |
95 | a) You must cause the modified files to carry prominent notices
96 | stating that you changed the files and the date of any change.
97 |
98 | b) You must cause any work that you distribute or publish, that in
99 | whole or in part contains or is derived from the Program or any
100 | part thereof, to be licensed as a whole at no charge to all third
101 | parties under the terms of this License.
102 |
103 | c) If the modified program normally reads commands interactively
104 | when run, you must cause it, when started running for such
105 | interactive use in the most ordinary way, to print or display an
106 | announcement including an appropriate copyright notice and a
107 | notice that there is no warranty (or else, saying that you provide
108 | a warranty) and that users may redistribute the program under
109 | these conditions, and telling the user how to view a copy of this
110 | License. (Exception: if the Program itself is interactive but
111 | does not normally print such an announcement, your work based on
112 | the Program is not required to print an announcement.)
113 |
114 | These requirements apply to the modified work as a whole. If
115 | identifiable sections of that work are not derived from the Program,
116 | and can be reasonably considered independent and separate works in
117 | themselves, then this License, and its terms, do not apply to those
118 | sections when you distribute them as separate works. But when you
119 | distribute the same sections as part of a whole which is a work based
120 | on the Program, the distribution of the whole must be on the terms of
121 | this License, whose permissions for other licensees extend to the
122 | entire whole, and thus to each and every part regardless of who wrote it.
123 |
124 | Thus, it is not the intent of this section to claim rights or contest
125 | your rights to work written entirely by you; rather, the intent is to
126 | exercise the right to control the distribution of derivative or
127 | collective works based on the Program.
128 |
129 | In addition, mere aggregation of another work not based on the Program
130 | with the Program (or with a work based on the Program) on a volume of
131 | a storage or distribution medium does not bring the other work under
132 | the scope of this License.
133 |
134 | 3. You may copy and distribute the Program (or a work based on it,
135 | under Section 2) in object code or executable form under the terms of
136 | Sections 1 and 2 above provided that you also do one of the following:
137 |
138 | a) Accompany it with the complete corresponding machine-readable
139 | source code, which must be distributed under the terms of Sections
140 | 1 and 2 above on a medium customarily used for software interchange; or,
141 |
142 | b) Accompany it with a written offer, valid for at least three
143 | years, to give any third party, for a charge no more than your
144 | cost of physically performing source distribution, a complete
145 | machine-readable copy of the corresponding source code, to be
146 | distributed under the terms of Sections 1 and 2 above on a medium
147 | customarily used for software interchange; or,
148 |
149 | c) Accompany it with the information you received as to the offer
150 | to distribute corresponding source code. (This alternative is
151 | allowed only for noncommercial distribution and only if you
152 | received the program in object code or executable form with such
153 | an offer, in accord with Subsection b above.)
154 |
155 | The source code for a work means the preferred form of the work for
156 | making modifications to it. For an executable work, complete source
157 | code means all the source code for all modules it contains, plus any
158 | associated interface definition files, plus the scripts used to
159 | control compilation and installation of the executable. However, as a
160 | special exception, the source code distributed need not include
161 | anything that is normally distributed (in either source or binary
162 | form) with the major components (compiler, kernel, and so on) of the
163 | operating system on which the executable runs, unless that component
164 | itself accompanies the executable.
165 |
166 | If distribution of executable or object code is made by offering
167 | access to copy from a designated place, then offering equivalent
168 | access to copy the source code from the same place counts as
169 | distribution of the source code, even though third parties are not
170 | compelled to copy the source along with the object code.
171 |
172 | 4. You may not copy, modify, sublicense, or distribute the Program
173 | except as expressly provided under this License. Any attempt
174 | otherwise to copy, modify, sublicense or distribute the Program is
175 | void, and will automatically terminate your rights under this License.
176 | However, parties who have received copies, or rights, from you under
177 | this License will not have their licenses terminated so long as such
178 | parties remain in full compliance.
179 |
180 | 5. You are not required to accept this License, since you have not
181 | signed it. However, nothing else grants you permission to modify or
182 | distribute the Program or its derivative works. These actions are
183 | prohibited by law if you do not accept this License. Therefore, by
184 | modifying or distributing the Program (or any work based on the
185 | Program), you indicate your acceptance of this License to do so, and
186 | all its terms and conditions for copying, distributing or modifying
187 | the Program or works based on it.
188 |
189 | 6. Each time you redistribute the Program (or any work based on the
190 | Program), the recipient automatically receives a license from the
191 | original licensor to copy, distribute or modify the Program subject to
192 | these terms and conditions. You may not impose any further
193 | restrictions on the recipients' exercise of the rights granted herein.
194 | You are not responsible for enforcing compliance by third parties to
195 | this License.
196 |
197 | 7. If, as a consequence of a court judgment or allegation of patent
198 | infringement or for any other reason (not limited to patent issues),
199 | conditions are imposed on you (whether by court order, agreement or
200 | otherwise) that contradict the conditions of this License, they do not
201 | excuse you from the conditions of this License. If you cannot
202 | distribute so as to satisfy simultaneously your obligations under this
203 | License and any other pertinent obligations, then as a consequence you
204 | may not distribute the Program at all. For example, if a patent
205 | license would not permit royalty-free redistribution of the Program by
206 | all those who receive copies directly or indirectly through you, then
207 | the only way you could satisfy both it and this License would be to
208 | refrain entirely from distribution of the Program.
209 |
210 | If any portion of this section is held invalid or unenforceable under
211 | any particular circumstance, the balance of the section is intended to
212 | apply and the section as a whole is intended to apply in other
213 | circumstances.
214 |
215 | It is not the purpose of this section to induce you to infringe any
216 | patents or other property right claims or to contest validity of any
217 | such claims; this section has the sole purpose of protecting the
218 | integrity of the free software distribution system, which is
219 | implemented by public license practices. Many people have made
220 | generous contributions to the wide range of software distributed
221 | through that system in reliance on consistent application of that
222 | system; it is up to the author/donor to decide if he or she is willing
223 | to distribute software through any other system and a licensee cannot
224 | impose that choice.
225 |
226 | This section is intended to make thoroughly clear what is believed to
227 | be a consequence of the rest of this License.
228 |
229 | 8. If the distribution and/or use of the Program is restricted in
230 | certain countries either by patents or by copyrighted interfaces, the
231 | original copyright holder who places the Program under this License
232 | may add an explicit geographical distribution limitation excluding
233 | those countries, so that distribution is permitted only in or among
234 | countries not thus excluded. In such case, this License incorporates
235 | the limitation as if written in the body of this License.
236 |
237 | 9. The Free Software Foundation may publish revised and/or new versions
238 | of the General Public License from time to time. Such new versions will
239 | be similar in spirit to the present version, but may differ in detail to
240 | address new problems or concerns.
241 |
242 | Each version is given a distinguishing version number. If the Program
243 | specifies a version number of this License which applies to it and "any
244 | later version", you have the option of following the terms and conditions
245 | either of that version or of any later version published by the Free
246 | Software Foundation. If the Program does not specify a version number of
247 | this License, you may choose any version ever published by the Free Software
248 | Foundation.
249 |
250 | 10. If you wish to incorporate parts of the Program into other free
251 | programs whose distribution conditions are different, write to the author
252 | to ask for permission. For software which is copyrighted by the Free
253 | Software Foundation, write to the Free Software Foundation; we sometimes
254 | make exceptions for this. Our decision will be guided by the two goals
255 | of preserving the free status of all derivatives of our free software and
256 | of promoting the sharing and reuse of software generally.
257 |
258 | NO WARRANTY
259 |
260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
268 | REPAIR OR CORRECTION.
269 |
270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
278 | POSSIBILITY OF SUCH DAMAGES.
279 |
280 | END OF TERMS AND CONDITIONS
281 |
282 | How to Apply These Terms to Your New Programs
283 |
284 | If you develop a new program, and you want it to be of the greatest
285 | possible use to the public, the best way to achieve this is to make it
286 | free software which everyone can redistribute and change under these terms.
287 |
288 | To do so, attach the following notices to the program. It is safest
289 | to attach them to the start of each source file to most effectively
290 | convey the exclusion of warranty; and each file should have at least
291 | the "copyright" line and a pointer to where the full notice is found.
292 |
293 | {description}
294 | Copyright (C) {year} {fullname}
295 |
296 | This program is free software; you can redistribute it and/or modify
297 | it under the terms of the GNU General Public License as published by
298 | the Free Software Foundation; either version 2 of the License, or
299 | (at your option) any later version.
300 |
301 | This program is distributed in the hope that it will be useful,
302 | but WITHOUT ANY WARRANTY; without even the implied warranty of
303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
304 | GNU General Public License for more details.
305 |
306 | You should have received a copy of the GNU General Public License along
307 | with this program; if not, write to the Free Software Foundation, Inc.,
308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
309 |
310 | Also add information on how to contact you by electronic and paper mail.
311 |
312 | If the program is interactive, make it output a short notice like this
313 | when it starts in an interactive mode:
314 |
315 | Gnomovision version 69, Copyright (C) year name of author
316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 | This is free software, and you are welcome to redistribute it
318 | under certain conditions; type `show c' for details.
319 |
320 | The hypothetical commands `show w' and `show c' should show the appropriate
321 | parts of the General Public License. Of course, the commands you use may
322 | be called something other than `show w' and `show c'; they could even be
323 | mouse-clicks or menu items--whatever suits your program.
324 |
325 | You should also get your employer (if you work as a programmer) or your
326 | school, if any, to sign a "copyright disclaimer" for the program, if
327 | necessary. Here is a sample; alter the names:
328 |
329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 | `Gnomovision' (which makes passes at compilers) written by James Hacker.
331 |
332 | {signature of Ty Coon}, 1 April 1989
333 | Ty Coon, President of Vice
334 |
335 | This General Public License does not permit incorporating your program into
336 | proprietary programs. If your program is a subroutine library, you may
337 | consider it more useful to permit linking proprietary applications with the
338 | library. If this is what you want to do, use the GNU Lesser General
339 | Public License instead of this License.
340 |
341 |
--------------------------------------------------------------------------------
/sat6_healthCheck.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | ##############################
4 | ## Satellite 6 Health Check ##
5 | ##############################
6 |
7 | ######################
8 | ## Work In Progress
9 | ##
10 | ## ToDo:
11 | ##
12 | ## - Add in remedial action for errors/warnings
13 | ## - Check all firewall reqs
14 | ## - Alter call depending on type (Sat6 or Capsule)
15 | ## - Add check for disconnected Sat6
16 | ##
17 | ######################
18 |
19 | ###############################
20 | ## Script settings & Constants
21 | ###############################
22 |
23 | # Set script counters
24 | WARNINGS=0
25 | ERRORS=0
26 |
27 | # Text colours
28 | RED=`tput setaf 1`
29 | GREEN=`tput setaf 2`
30 | ORANGE=`tput setaf 3`
31 | RESET=`tput sgr0`
32 |
33 | # Environment information
34 | HOSTNAME=$(hostname -f)
35 | FACTER=$(which facter 2> /dev/null)
36 | TOINSTALL=""
37 | TMPDIR="/tmp/sat6_check"
38 | release=$(awk '{print $7}' /etc/redhat-release | cut -c1)
39 |
40 | # Check specific constants
41 | FIREWALLD_XML="/usr/lib/firewalld/services/RH-Satellite-6.xml"
42 | FIREWALL_REGEX="\"80|443|564[67]|5671|8140|8080|9090|67|68|53|69|53|5647\""
43 | EXPECTED_PORTCOUNT=13
44 |
45 | ###############
46 | ## Functions ##
47 | ###############
48 |
49 | ## Output utility functions
50 |
51 | function printOK {
52 | echo -e "${GREEN}[OK]\t\t $1 ${RESET}" | tee -a $TMPDIR/success
53 | }
54 |
55 | function printWarning {
56 | ((WARNINGS=WARNINGS+1))
57 | echo -e "${ORANGE}[WARNING] $WARNINGS\t $1 ${RESET}" | tee -a $TMPDIR/warnings
58 | }
59 |
60 | function printError {
61 | ((ERRORS=ERRORS+1))
62 | echo -e "${RED}[ERROR] $ERRORS\t $1 ${RESET}" | tee -a $TMPDIR/errors
63 | }
64 |
65 | function remedialAction {
66 | echo -e "$1" | tee -a $TMPDIR/remedialAction
67 | }
68 |
69 | ## Test run setup / teardown functions
70 |
71 | function clean_temp_directory {
72 | if [[ -d $TMPDIR ]]
73 | then
74 | rm -rf $TMPDIR
75 | fi
76 | mkdir -p $TMPDIR
77 | }
78 |
79 | function reset_remedial_action {
80 | touch $TMPDIR/remedialAction
81 | }
82 |
83 | function am_I_root {
84 | if [ "$EUID" -ne 0 ]
85 | then echo "Please run this script as root"
86 | exit 1
87 | fi
88 | }
89 |
90 | function check_hiera_symlink {
91 | if [ $(rpm -q hiera | wc -l) -gt 0 ]
92 | then
93 | echo -e "hiera has been installed"
94 | if [ ! -L /etc/puppet/hiera.yaml ]
95 | then
96 | printWarning "Missing hiera symlink from /etc/hiera.yaml -> /etc/puppet/hiera.yaml"
97 | echo -n "Would you like me to create it ? [y|N]:"
98 | read yesno
99 | if [ ${yesno} == 'y' ]
100 | then
101 | ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml
102 | fi
103 | else
104 | printOK "Hiera symlink exists"
105 | fi
106 | fi
107 | }
108 |
109 |
110 | function check_hammer_config_file {
111 | if [[ ! -f /root/.hammer/cli_config.yml ]]
112 | then
113 | echo -e "A hammer config file has not been created. This is used to interogate foreman."
114 | echo -n "Would you like me to create this file ? [y|n] :"
115 | read yesno
116 | if [ ${yesno} == 'y' ]
117 | then
118 | echo -n "Please enter your admin username : "
119 | read username
120 | echo -n "Please enter your admin password : "
121 | read -s password
122 |
123 | mkdir /root/.hammer
124 | chmod 600 /root/.hammer
125 | cat << EOF > /root/.hammer/cli_config.yml
126 | :foreman:
127 | :host: 'https://$(hostname -f)'
128 | :username: '${username}'
129 | :password: '${password}'
130 |
131 | EOF
132 | echo "/root/.hammer/cli_config.yml has been created"
133 | else
134 | echo -e "Please do the following:
135 | mkdir /root/.hammer
136 | chmod 600 /root/.hammer
137 | echo << EOF >> /root/.hammer/cli_config.yml
138 | :foreman:
139 | :host: 'https://$(hostname -f)'
140 | :username: 'admin'
141 | :password: 'password'
142 |
143 | EOF"
144 | exit 2
145 | fi
146 | fi
147 |
148 | }
149 |
150 | ## Check functions
151 |
152 | function check_admin_tools {
153 | MPSTAT=$(which mpstat >/dev/null 2>&1)
154 | a=$?
155 | if [[ $a != 0 ]]
156 | then
157 | toInstall="$toInstall sysstat"
158 | fi
159 |
160 | nmap=$(which nmap >/dev/null 2>&1)
161 | a=$?
162 | if [[ $a != 0 ]]
163 | then
164 | toInstall="$toInstall nmap"
165 | fi
166 |
167 | nslookup=$(which nslookup >/dev/null 2>&1)
168 | a=$?
169 | if [[ $a != 0 ]]
170 | then
171 | toInstall="$toInstall bind-utils"
172 | fi
173 |
174 | if [[ $toInstall != "" ]]
175 | then
176 | while true; do
177 | echo "Certain utilities are required for running this script: $toInstall"
178 | echo "After this script has run you may uninstall them if they are no longer needed."
179 | read -p "OK to install? (y/n) : " yn
180 | case $yn in
181 | [Yy]* ) yum -y install $toInstall; break;;
182 | [Nn]* ) echo " OK - health check stopped"; exit;;
183 | * ) echo "Please answer y or n.";;
184 | esac
185 | done
186 | fi
187 | }
188 |
189 | function checkDNS {
190 | host=$1
191 | echo -e "
192 | + Checking DNS entries for $host"
193 |
194 | ## Check the forward DNS record.
195 | forwardDNS=$(nslookup $host | grep ^Name -A1 | awk '/^Address:/ {print $2}')
196 | if [[ ! -z $forwardDNS ]]
197 | then
198 | printOK "Forward DNS resolves to $forwardDNS"
199 | else
200 | printError "Forward DNS does not resolve"
201 |
202 | fi
203 |
204 | ## Check the reverse DNS record.
205 | reverseDNS=$(nslookup $forwardDNS | awk '/name/ {print $NF}' | rev | cut -c2- | rev)
206 | if [[ ! -z $reverseDNS ]]
207 | then
208 | printOK "Reverse DNS resolves to $reverseDNS"
209 | else
210 | printError "Reverse DNS not resolvable for $forwardDNS"
211 | fi
212 |
213 | ## Check the forward and reverse records match.
214 | if [[ $host == $reverseDNS ]]
215 | then
216 | printOK "Forward and reverse DNS match"
217 | else
218 | printError "Forward and reverse DNS do not match for $host / $reverseDNS"
219 | fi
220 | echo
221 | }
222 |
223 |
224 | function checkSubscriptions {
225 | # Check current subscriptions
226 | echo -e "
227 | #######################
228 | Subcription Details
229 | #######################
230 | + Checking enabled repositories (this could take some time)"
231 | subscription-manager repos --list-enabled > ${TMPDIR}/repos
232 | grep "^Repo Name" /tmp/sat6_check/repos
233 | SAT6VERSION=$(awk '/Satellite/ {print $6}' /tmp/sat6_check/repos)
234 | if [[ -z $SAT6VERSION ]]
235 | then
236 | printWarning "Unable to ascertain a valid Satellite repository?"
237 | else
238 | printOK " - Repository installed for Satellite version $SAT6VERSION"
239 | fi
240 | }
241 |
242 | function getType {
243 | UPSTREAM=$(awk '/^hostname/ {print $3}' /etc/rhsm/rhsm.conf )
244 | if [[ $UPSTREAM == "subscription.rhn.redhat.com" ]]
245 | then
246 | # Connected Satellite Server
247 | printOK "This system is registered to $UPSTREAM which indicates it is a Satellite server"
248 | TYPE="Satellite"
249 | else
250 | # Satellite Capsule?
251 | if [[ $UPSTREAM == $HOSTNAME ]]
252 | then
253 | echo -e "This system is registered to itself ($HOSTNAME)"
254 | TYPE="Satellite"
255 | else
256 | TYPE="Capsule"
257 | echo "** This script only currently runs on Satellite servers not capsules. A capsule version is currently being writted **"
258 | echo 3
259 | fi
260 | fi
261 | }
262 |
263 | function checkGeneralSetup {
264 | echo -e "
265 | ######################################
266 | Satellite 6 Health Check Report
267 | ######################################
268 |
269 | + System Details:
270 | - Hostname : $(hostname)
271 | - IP Address : $(ip -4 -o a | grep -v "127.0.0" | awk '{print $4}')
272 | - Kernel Version : $(uname -r)
273 | - Uptime : $(uptime | sed 's/.*up \([^,]*\), .*/\1/')
274 | - Last Reboot Time : $(who -b | awk '{print $3,$4}')
275 | - Red Hat Release : $(cat /etc/redhat-release)"
276 |
277 | cpus=$(lscpu | grep -e "^CPU(s):" | cut -f2 -d: | awk '{print $1}')
278 | i=0
279 | echo " + CPU: %usr"
280 | echo " ---------"
281 | while [ $i -lt $cpus ]
282 | do
283 | echo " - CPU${i} : $(mpstat -P ALL | awk -v var=$i '{ if ($2 == var ) print $3 }' )"
284 | let i=${i}+1
285 | done
286 | echo
287 |
288 | echo -e "
289 | ####################
290 | ## Checking umask ##
291 | ####################"
292 |
293 | umask=$(umask)
294 | if [[ $umask -ne "0022" ]]
295 | then
296 | printWarning "Umask is set to $umask which could cause problems with puppet module permissions.\n Recommend setting umask to 0022"
297 | else
298 | printOK "Umask is set to 0022"
299 | fi
300 |
301 | }
302 |
303 |
304 | function checkNetworkConnection {
305 | echo -e "
306 | #######################
307 | ## Connection Status ##
308 | #######################
309 | "
310 | # Connection to cdn.redhat.com
311 | echo " + Checking connection to cdn.redhat.com"
312 | ms=$(ping -c5 cdn.redhat.com | awk -F"/" '/^rtt/ {print $5}')
313 | echo " - Complete. Average was $ms ms"
314 | }
315 |
316 | function checkSELinux {
317 | echo " + Checking SELinux"
318 | selinux=$(getenforce)
319 | if [[ $selinux != "Enforcing" ]]
320 | then
321 | printWarning "SELinux is currently in $selinux mode. Enforcing is recommended by Red Hat"
322 | else
323 | printOK "SELinux is running in Enforcing mode."
324 | fi
325 | }
326 |
327 |
328 | function checkChronySynchronised {
329 |
330 | if [ $(chronyc sources | grep \* | wc -l) -eq 0 ]
331 | then
332 | printError "chronyd has no synchronised time source"
333 | remedialAction "wait for chrony to synchronise and check with 'chronyc sources list'"
334 | else
335 | printOK "chronyd is synchronised with a time server"
336 | fi
337 | }
338 |
339 | function checkFirewalldXML {
340 | ## Check the firewalld xml profile, suggest and offer to fix it.
341 |
342 | if [ $(egrep ${FIREWALL_REGEX} ${FIREWALLD_XML} | wc -l) -lt ${EXPECTED_PORTCOUNT} ]
343 | then
344 | printError "Incorrect firewalld manifest detected"
345 | echo -n "Would you like me to correct it ? [y|N] : "
346 | read yesno
347 | if [ $yesno == 'y' ]
348 | then
349 | echo "Correcting firewalld profile and reloading"
350 | fixFirewalldProfile
351 | firewall-cmd --add-service=RH-Satellite-6 --permanent
352 | firewall-cmd --reload
353 | else
354 | printWarning "Leaving the firewalld profile as is as is"
355 | fi
356 | else
357 | printOK "firewalld xml profile looks ok"
358 | fi
359 |
360 | }
361 |
362 | function checkService {
363 | service=$1
364 | echo " - Checking status of ${service}"
365 | if (( $release >= 7 ))
366 | then
367 | if [[ ${service} == "ntpd" ]]
368 | then
369 | return
370 | fi
371 | ## Is it running?
372 | running=$(systemctl is-active ${service} 2> /dev/null)
373 | if [[ $running == "active" ]]
374 | then
375 | printOK "${service} is running"
376 |
377 | if [[ ${service} == "chronyd" ]]
378 | then
379 | echo " + NTP Servers:"
380 | awk '/^server/ {print $2}' /etc/chrony.conf
381 | checkChronySynchronised
382 | fi
383 | else
384 | printError "${service} is not running"
385 | remedialAction "systemctl start ${service}"
386 | fi
387 |
388 | if [[ ${service} == "firewalld" ]]
389 | then
390 | checkFirewalldXML
391 | fi
392 |
393 |
394 | ## Is it enabled?
395 | enabled=$(systemctl is-enabled ${service} 2> /dev/null)
396 | if [[ $enabled == "enabled" ]]
397 | then
398 | printOK "${service} is enabled"
399 | else
400 | printWarning "${service} is not enabled to start on boot"
401 | remedialAction "systemctl enable ${service}"
402 | fi
403 | else
404 | if pgrep ${service} > /dev/null
405 | then
406 | printOK "${service} is running"
407 | if [[ ${service} == "ntpd" ]]
408 | then
409 | echo " + NTP Servers:"
410 | awk '/^server/ {print $2}' /etc/ntp.conf
411 | fi
412 | else
413 | printError "${service} is not running"
414 | fi
415 | if $( chkconfig ${service} )
416 | then
417 | printOK "${service} is enabled"
418 | else
419 | printWarning "${service} is not enabled to start on boot"
420 | remedialAction "service ${service} start "
421 | fi
422 | fi
423 | }
424 |
425 | function checkOSupdates {
426 | echo " + Checking for OS updates"
427 | yum check-update > $TMPDIR/updates
428 | if (( $(wc -l $TMPDIR/updates | awk '{print $1}') > 2 ))
429 | then
430 | printWarning "$(egrep -v "^Loaded|^$" $TMPDIR/updates | wc -l) updates available. These can be found in $TMPDIR/updates. It is recommended to run yum -y update"
431 | else
432 | printOK "All Packages up to date"
433 |
434 | fi
435 | }
436 |
437 | function fixFirewalldProfile {
438 | ## Fix the broken firewalld profile shipped
439 | cat << EOF > /usr/lib/firewalld/services/RH-Satellite-6.xml
440 |
441 |
442 | Red Hat Satellite 6
443 | Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.
444 |
445 |
446 |
447 |
448 |
449 |
450 |
451 |
452 |
453 |
454 |
455 |
456 |
457 |
458 | EOF
459 | }
460 |
461 | function checkDisks {
462 | echo -e "
463 | ############################
464 | Checking Disk Partitions
465 | ############################"
466 | echo
467 | df -Pkh | grep -v 'Filesystem' > $TMPDIR/df.status
468 | while read DISK
469 | do
470 | LINE=$(echo $DISK | awk '{print $1,"\tMounted at ",$6,"\tis ",$5," used","\twith",$4," free space"}')
471 | mount=$(echo $DISK | awk '{print $1}')
472 | used=$(echo $DISK | awk '{print $5}' | rev | cut -c 2- | rev)
473 | echo -e $LINE
474 | if (( $used > 85 ))
475 | then
476 | printWarning "$mount has used more than 85% (${used}%). Could be worth adding more storage?"
477 | fi
478 |
479 | done < $TMPDIR/df.status
480 | echo
481 | # Check pulp partition
482 | if (( $(df | grep -c pulp) < 1 ))
483 | then
484 | printWarning "/var/lib/pulp should be mounted on a separate partition"
485 | fi
486 |
487 | # Check mongo partition
488 | if (( $(df | grep -c mongo) < 1 ))
489 | then
490 | printWarning "/var/lib/mongodb should be mounted on a separate partition"
491 | fi
492 |
493 | }
494 |
495 | function checkFirewallRules {
496 | echo -e "
497 | ###########################
498 | Checking Firewall Rules
499 | ###########################"
500 | a=$(systemctl is-active firewalld 2> /dev/null)
501 | if [[ $a == "unknown" ]]
502 | then
503 | echo "Not checking firewall as it isn't currently running"
504 | return 1
505 | else
506 | iptables -n -L IN_public_allow > $TMPDIR/iptables
507 | cat << EOF >> $TMPDIR/iptables_required
508 | tcp dpt:22
509 | tcp dpt:443
510 | tcp dpt:80
511 | tcp dpt:8140
512 | tcp dpt:9090
513 | tcp dpt:8080
514 | udp dpt:67
515 | udp dpt:68
516 | tcp dpt:53
517 | udp dpt:69
518 | udp dpt:53
519 | tcp dpt:5671
520 | tcp dpt:5647
521 | EOF
522 |
523 | while read line
524 | do
525 | port=$(echo $line | awk -F":" '{print $2}')
526 | proto=$(echo $line | awk '{print $1}')
527 | if (( $(grep -c "$line" $TMPDIR/iptables) > 0 ))
528 | then
529 | printOK "$port ($proto) has been opened"
530 | else
531 | printError "$port ($proto) has NOT been opened"
532 | fi
533 | done < $TMPDIR/iptables_required
534 | fi
535 | }
536 |
537 | function checkSatelliteConfig {
538 | echo -e "
539 | #######################################
540 | ## Checking Satellite Configuration ##
541 | #######################################"
542 |
543 | ## Organisations
544 | hammer --csv --csv-separator=" " organization list| sort -n | grep -v "Id " > $TMPDIR/orgs
545 | if (( $(grep -c "Default_Organization" $TMPDIR/orgs) > 0 ))
546 | then
547 | printWarning "The Default_Organization is still set. Best to remove this in a production environment"
548 | fi
549 |
550 |
551 | ## Location List
552 | echo
553 | hammer --csv --csv-separator=" " location list | sort -n | grep -v "Id " > $TMPDIR/locations
554 | totalLocations=$(wc -l $TMPDIR/locations | awk '{print $1}')
555 | echo " + $totalLocations Locations found"
556 | while read line
557 | do
558 | id=$(echo $line | awk '{print $1}')
559 | location=$(echo $line | awk '{print $2}')
560 | hammer --output csv location info --id=${id} > $TMPDIR/location_${location}
561 | totalSubnets=$(tr ',' '\n' < $TMPDIR/location_${location} | grep -c Subnets)
562 | echo " + Details for location \"${location}\" are in $TMPDIR/location_${location}"
563 | ## Add subnets
564 | echo " - $totalSubnets Subnet(s) found for ${location}"
565 | for subnet in $(tr ',' '\n' < $TMPDIR/location_${location} | grep -n Subnets | awk -F":" '{print $1}')
566 | do
567 | locationSubnet=$(tail -1 $TMPDIR/location_${location} | awk -F"," -v net=${subnet} '{print $net}')
568 | echo " - $locationSubnet"
569 | done
570 |
571 | done < $TMPDIR/locations
572 |
573 | ## Capsules
574 | echo
575 | hammer --csv --csv-separator=" " capsule list| sort -n | grep -v "Id " > $TMPDIR/capsules
576 | totalCapsules=$(wc -l $TMPDIR/capsules | awk '{print $1}')
577 | echo " + $totalCapsules Capsule(s) found"
578 | while read line
579 | do
580 | id=$(echo $line | awk '{print $1}')
581 | name=$(echo $line | awk '{print $2}')
582 | fqdn=$(echo $line | awk '{print $3}' | sed -e "s/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/")
583 | hammer capsule info --id=${id} > $TMPDIR/capsule_${name}
584 | echo " + Details for capsule \"${name}\" are in $TMPDIR/capsule_${name}"
585 | echo -ne " - Features: "
586 | awk '/Features: / {for (i=2; i /dev/null
590 | if [[ $? -eq 0 ]]
591 | then
592 | nmap -p T:443,5647,5646,8443,9090 ${fqdn} | grep "^[0-9]" > $TMPDIR/capsule_firewall_${name}
593 | while read nmap_line
594 | do
595 | port=$(echo $nmap_line | awk '{print $1}')
596 | status=$(echo $nmap_line | awk '{print $2}')
597 | if [[ $status == "closed" ]]
598 | then
599 | printWarning "Port $port is closed on $fqdn"
600 | else
601 | printOK "Port $port is open to $fqdn"
602 | fi
603 | done < $TMPDIR/capsule_firewall_${name}
604 | else
605 | printError "$fqdn is not responding to ping?"
606 | fi
607 | done < $TMPDIR/capsules
608 |
609 | ## Subnets
610 | echo
611 | echo " + Subnets"
612 | hammer --csv --csv-separator=" " subnet list| sort -n | grep -v "Id " > $TMPDIR/subnets
613 | while read line
614 | do
615 | id=$(echo $line | awk '{print $1}')
616 | name=$(echo $line | awk '{print $2}')
617 | hammer subnet info --id=${id} > $TMPDIR/subnet_${name}
618 | echo " - Details for subnet \"${name}\" are in $TMPDIR/subnet_${name}"
619 | done < $TMPDIR/subnets
620 | }
621 |
622 |
623 | function main {
624 |
625 | #################
626 | ## MAIN SCRIPT ##
627 | #################
628 |
629 | ## Pre checks
630 | # Validate the script is being run by the correct user.
631 | am_I_root
632 |
633 | # Make sure the various admin tools are available
634 | check_admin_tools
635 |
636 | # Check the hammer configuration file exists and is valid
637 | check_hammer_config_file
638 |
639 | # Clean out the temporary directory
640 | clean_temp_directory
641 |
642 | # Reset the remedial action flag
643 | reset_remedial_action
644 |
645 | ## Start checking the system
646 | checkGeneralSetup
647 | checkDisks
648 | checkNetworkConnection
649 | getType
650 | checkSubscriptions
651 | check_hiera_symlink
652 |
653 | echo -e "
654 | #######################
655 | Checking OS Services
656 | #######################"
657 | checkDNS $(hostname)
658 | checkSELinux
659 | checkOSupdates
660 | for service in firewalld ntpd chronyd
661 | do
662 | checkService ${service}
663 | done
664 | checkFirewallRules
665 | echo -e "
666 | #######################################
667 | Checking Katello/Satellite Services
668 | #######################################"
669 | for service in mongod qpidd qdrouterd tomcat foreman-proxy foreman-tasks pulp_celerybeat pulp_resource_manager pulp_workers httpd
670 | do
671 | checkService ${service}
672 | done
673 |
674 | checkSatelliteConfig
675 | display_results
676 |
677 |
678 | }
679 |
680 | function display_results {
681 |
682 | ####################
683 | ## Output Results ##
684 | ####################
685 |
686 | if (( $WARNINGS > 0 ))
687 | then
688 | echo
689 | echo " + Total Warnings: $WARNINGS"
690 | cat $TMPDIR/warnings
691 | else
692 | echo
693 | echo " + No warnings"
694 | fi
695 |
696 | if (( $ERRORS > 0 ))
697 | then
698 | echo
699 | echo " + Total Errors: $ERRORS"
700 | cat $TMPDIR/errors
701 | echo
702 | else
703 | echo
704 | echo " + No errors"
705 | echo
706 | fi
707 |
708 | if [[ -s $TMPDIR/remedialAction ]]
709 | then
710 | echo " + Remedial Action:"
711 | cat $TMPDIR/remedialAction
712 | fi
713 | }
714 |
715 | main
716 | exit
717 |
718 |
719 |
720 | # *** vim: set ts=2 et ai: ***
721 |
--------------------------------------------------------------------------------