public_facing: Updates to OpenVPN check for status portal

Script was creating too many false alerts

Signed-off-by: David Galloway <dgallowa@redhat.com>

diff --git a/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2 b/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2
index 862e5aeb0a16c6a2b50a458a4c345e3bc74352c0..94727c068092b159da0e16ebaa41503f19ec317d 100644 (file)
--- a/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2
+++ b/roles/public_facing/templates/status.sepia.ceph.com/openvpn.j2
@@ -7,11 +7,17 @@
 EXEC=/root/checks/nagios-eventhandler-cachet/cachet_notify
 
 # Returns 0 if string found
-sudo nmap -sU -n -p 1194 gw.sepia.ceph.com | grep -q '1194/udp open|filtered openvpn'
+sudo nmap --max-retries 3 --host-timeout 5s -sU -n -p 1194 gw.sepia.ceph.com | grep -q '1194/udp open|filtered openvpn'
 
-if [ $? -eq 0 ]
+if [ $? -ne 0 ]
 then
-  $EXEC 'OpenVPN Server' 'OpenVPN' OK HARD 'OK' ''
+  # If nmap didn't return 0, check if we're having overall network issues
+  ping -c 1 -q 8.8.8.8
+  # If we can ping Google DNS but didn't get expected nmap output, alert
+  if [ $? -eq 0 ]
+  then
+    $EXEC 'OpenVPN Server' 'OpenVPN' CRITICAL HARD "gw.sepia.ceph.com is unreachable or port 1194 closed" ''
+  fi
 else
-  $EXEC 'OpenVPN Server' 'OpenVPN' CRITICAL HARD "gw.sepia.ceph.com is unreachable or port 1194 closed" ''
+  $EXEC 'OpenVPN Server' 'OpenVPN' OK HARD 'OK' ''
 fi