#!/bin/ksh
#
# check_fw_vrrp
#
# checks the firewall's vrrp status for a all in equal state, one node all master, other all backup
# by G.Stangl, 18. 10. 2007

# usage: check_fw_vrrp -a FW_IP1 -b FW_IP2 -c community -p port


PROGNAME=`/bin/basename $0`
PROGPATH=`echo $0 | /bin/sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION="1.0"
VRRP_CHECK="/usr/local/nagios/libexec/check_snmp_vrrp.pl"

. $PROGPATH/utils.sh

print_usage() {
    echo "Usage:   $PROGNAME -a <ip_of_nodeA> -b <ip_of_nodeB> -c community [-p port] [-t timeout]"
    echo "Help:    $PROGNAME -h                                                         ^ per node"
    echo "Version: $PROGNAME -V"
}

print_help() {
    print_revision $PROGNAME $REVISION
    echo ""
    print_usage
    echo ""
    echo "VRRP status comparison of Firewalls plugin for Nagios"
    echo ""
}

FW_port=161
FW_community=public
FW_ipA=127.0.0.1
FW_ipB=127.0.0.1
FW_TO=5

while test -n "$1"; do
    case "$1" in
        -h)
            print_help
            exit $STATE_OK
            ;;
        -V)
            print_revision $PROGNAME $VERSION
            exit $STATE_OK
            ;;
        -a)
            FW_ipA=$2
            shift
            ;;
        -b)
            FW_ipB=$2
            shift
            ;;
        -c)
            FW_community=$2
            shift
            ;;
        -p)
            FW_port=$2
            shift
            ;;
        -t)
            FW_TO=$2
            shift
            ;;
        *)
            echo "Unknown argument: $1"
            print_usage
            exit $STATE_UNKNOWN
            ;;
    esac
    shift
done

# read output of type "Vrid OK: 7(master/up/100), 7(master/up/100), 7(master/up/100), : 3 in equal (master) state"
# or "in equal (master) state"   or  "not all in equal state"
#
NodeA_out=`$VRRP_CHECK -H $FW_ipA -C $FW_community -P $FW_port -T nokia -s equal -g -t $FW_TO`
NodeA_exc=`echo $?`
if [ $NodeA_exc -ne 0 ]; then NodeCrit="NodeA ($FW_ipA) "; fi
NodeB_out=`$VRRP_CHECK -H $FW_ipB -C $FW_community -P $FW_port -T nokia -s equal -g -t $FW_TO`
NodeB_exc=`echo $?`
if [ $NodeB_exc -ne 0 ]; then NodeCrit="${NodeCrit}NodeB ($FW_ipB)"; fi

sumExit=`expr $NodeA_exc + $NodeB_exc`
if [ $sumExit -ne 0 ]; then echo "Overall VRRP state of FW cluster is CRITICAL: Check $NodeCrit!"; exit 2; fi 

# at this stage both checks returend green and either master or backup or both same
master=0; backup=0;
NodeA=`echo $NodeA_out | cut -d ':' -f 3 | awk '{print \$4'} | tr -d '\)\(' `
NodeB=`echo $NodeB_out | cut -d ':' -f 3 | awk '{print \$4'} | tr -d '\)\(' `

if [ $NodeA = "master" ]; then master=`expr $master + 1`; else backup=`expr $backup + 1`; fi
if [ $NodeB = "master" ]; then master=`expr $master + 1`; else backup=`expr $backup + 1`; fi

total="OK"; ES=0
if [ $master -ne 1 ]; then total="CRITICAL"; ES=2; fi
if [ $backup -ne 1 ]; then total="CRITICAL"; ES=2; fi

# compile output:
Nodes="NodeA ($FW_ipA) = $NodeA, NodeB ($FW_ipB) = $NodeB"
echo "Overall cluster VRRP state is ${total}. $Nodes"
exit $ES