fix check_pve_guest_metrics and use python PVE API

2023-09-09 12:03:47 -06:00 · 2023-09-09 12:03:47 -06:00 · bae0d7acb6
parent 3a5b765634
commit bae0d7acb6
2 changed files with 28 additions and 15 deletions
--- a/check_pve_guest_metrics.py
+++ b/check_pve_guest_metrics.py
@ -9,6 +9,7 @@ from pathlib import Path
 import certifi
 import numpy as np
 import requests
+from proxmoxer import ProxmoxAPI, ResourceException

 import checker.nagios as nagios
 from checker.markdown import list_to_markdown_table
@ -16,14 +17,16 @@ from checker.units import filesize

 parser = argparse.ArgumentParser(description='Check the Proxmox API for network traffic for a host.')
 parser.add_argument('--node', required=True, help='The name and address of Proxmox node in valid JSON in this format: ["bigserver", "192.168.1.222"]. This allows you to use datalists in Director.')
-parser.add_argument('--user', required=True, help='The Proxmox user. Something like "monitoring@pve!icinga2"')
-parser.add_argument('--password', required=True, help='Password.')
+parser.add_argument('--user', required=True, help='The Proxmox user. Something like "monitoring@pve"')
+parser.add_argument('--token', required=True, help='API token.')
+parser.add_argument('--token-name', required=True, help='API token name.')
 parser.add_argument('--host', required=True, help='The ID of the host to check.')
 parser.add_argument('--type', required=True, choices=['qemu', 'lxc'], help='Type of host. "qemu" or "lxc"')
 parser.add_argument('--metrics', required=True, help='What stats to check. Can list multiple seperated by commas. For example, "netin,netout"')
 parser.add_argument('--levels', required=True, help='Warning levels. In JSON format: {"netin":{"warn":50, "crit":100, "type": "filesize"}, "netout":{"warn":50, "crit":100, "type": "filesize"}}')
 parser.add_argument('--timeframe', default=5, help='Timeframe to average the data to in minutes. Default: 5 minutes')
-parser.add_argument('--verify', default=True, help="What to verify the SSL connection with. Can be a file path, or false to disable verification. If you're having issues with CA certs, try setting it to your system's CA bundle (/etc/ssl/certs/ca-certificates.crt).")
+parser.add_argument('--verify', default=False,
+                    help="What to verify the SSL connection with. Can be a file path, or false to disable verification. If you're having issues with CA certs, try setting it to your system's CA bundle (/etc/ssl/certs/ca-certificates.crt). Default: false (verification disabled)")
 parser.add_argument('--verify-force', action='store_true', help="Delete the certifi cert and replace it with whatever you specify in --verify")
 parser.add_argument('--table', action='store_true', help='Print the results in a table.')
 args = parser.parse_args()
@ -61,27 +64,36 @@ def main():
        print('UNKNOWN: Failed to parse --node JSON:', e)
        sys.exit(nagios.UNKNOWN)

-    # requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
+    prox = ProxmoxAPI(pve_node_address, user=args.user, token_name=args.token_name, token_value=args.token, verify_ssl=args.verify)
+
    try:
-        pve_auth_ticket = requests.post(f'https://{pve_node_address}:8006/api2/json/access/ticket', data={"username": args.user, "password": args.password}).json()['data']['ticket']
-        response = requests.get(
-            f'https://{pve_node_address}:8006/api2/json/nodes/{pve_node}/{args.type}/{args.host}/rrddata?timeframe=hour',
-            # headers={"Authorization": f'PVEAPIToken={args.user}={args.token}'},
-            cookies={'PVEAuthCookie': pve_auth_ticket},
-            verify=args.verify
-        )
+        user_perms = prox('access/permissions').get()
+    except Exception as e:
+        user_perms = f'{e.__class__.__name__}: {e}'
+
+    try:
+        t = prox.nodes(pve_node).status.get()  # test connection and permissions
+        if not len(t):
+            print('UNKNOWN: PVE API returned no nodes.')
+            sys.exit(nagios.UNKNOWN)
    except requests.exceptions.SSLError as e:
-        print('UNSKNOWN: SSL error  ', e)
+        print('UNKNOWN: SSL error  ', e)
        print('Using cert:', args.verify)
        print('certifi using cert:', certifi.where())
        print('requests using cert:', requests.certs.where())
        sys.exit(nagios.UNKNOWN)
+    except ResourceException as e:
+        print('UNKNOWN:', e)
+        print(f'Proxmox reported "{args.user}!{args.token_name}" permissions as:', user_perms)
+        print("Did you remember to give both your user and the user's API token the same privileges?")
+        sys.exit(nagios.UNKNOWN)
+    except Exception as e:
+        print('UNKNOWN: failed to connect to Proxmox API:', e)

    try:
-        api_data = json.loads(response.text)['data']
+        api_data = prox(f'nodes/{pve_node}/{args.type}/{args.host}/rrddata?timeframe=hour').get()
    except Exception as e:
-        print(f'UNKNOWN: Failed to parse JSON {e}')
-        print(response.text)
+        print(f'UNKNOWN: Failed to fetch API data - ', f'{e.__class__.__name__}: {e}')
        sys.exit(nagios.UNKNOWN)

    # Load the data
--- a/requirements.txt
+++ b/requirements.txt
@ -18,3 +18,4 @@ zfslib~=0.11.0
 dnspython
 cf-speedtest
 pytz
+proxmoxer==2.0.1