Skip to content

Commit de7b627

Browse files
devanshjainmsdevanshjainms
committed
Enhance Azure Load Balancer module to handle various IP address formats and improve validation checks; add tests for missing and nested properties.
1 parent c6c46e1 commit de7b627

File tree

6 files changed

+258
-40
lines changed

6 files changed

+258
-40
lines changed

src/module_utils/collector.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -128,6 +128,10 @@ def collect(self, check, context) -> str:
128128
if not re.match(r"^[a-zA-Z0-9_-]+$", user):
129129
self.parent.log(logging.ERROR, f"Invalid user parameter: {user}")
130130
return f"ERROR: Invalid user parameter: {user}"
131+
132+
if user == "db2sid":
133+
user = f"db2{context.get('database_sid', '')}"
134+
131135
command = f"sudo -u {shlex.quote(user)} {command}"
132136

133137
return self.parent.execute_command_subprocess(

src/modules/get_azure_lb.py

Lines changed: 43 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -233,31 +233,68 @@ def get_load_balancers_details(self) -> None:
233233
for inbound_rule in inbound_rules
234234
if "privateIpAddress" in inbound_rule
235235
)
236+
237+
self.log(logging.INFO, f"Looking for load balancers with IPs: {load_balancer_ips}")
238+
236239
found_load_balancer = None
237240

241+
def get_private_ip_from_config(config):
242+
"""
243+
Extract private IP from frontend config, handling different key variations.
244+
Azure SDK might return different structures based on authentication context.
245+
"""
246+
private_ip = (
247+
config.get("private_ip_address")
248+
or config.get("privateIpAddress")
249+
or config.get("properties", {}).get("private_ip_address")
250+
or config.get("properties", {}).get("privateIpAddress")
251+
)
252+
return private_ip
253+
238254
found_load_balancer = next(
239255
(
240256
lb
241257
for lb in load_balancers
242-
for frontend_ip_config in lb["frontend_ip_configurations"]
243-
if frontend_ip_config["private_ip_address"] in load_balancer_ips
258+
for frontend_ip_config in lb.get("frontend_ip_configurations", [])
259+
if get_private_ip_from_config(frontend_ip_config) in load_balancer_ips
244260
),
245261
None,
246262
)
263+
264+
if not found_load_balancer and load_balancers:
265+
available_ips = []
266+
self.log(
267+
logging.WARNING, f"No matching load balancer found for IPs: {load_balancer_ips}"
268+
)
269+
for lb in load_balancers:
270+
lb_name = lb.get("name", "unknown")
271+
for config in lb.get("frontend_ip_configurations", []):
272+
private_ip = get_private_ip_from_config(config)
273+
if private_ip:
274+
available_ips.append(f"{lb_name}:{private_ip}")
275+
else:
276+
self.log(
277+
logging.DEBUG,
278+
f"Frontend config structure for {lb_name}: {list(config.keys())}",
279+
)
280+
self.log(logging.WARNING, f"Available load balancers and private IPs: {available_ips}")
247281
parameters = []
248282

249283
def check_parameters(entity, parameters_dict, entity_type):
250284
for key, value_object in parameters_dict.items():
285+
entity_value = entity.get(key, "N/A")
286+
expected_value = value_object.get("value", "")
287+
251288
parameters.append(
252289
Parameters(
253290
category=entity_type,
254-
id=entity["name"],
291+
id=entity.get("name", "unknown"),
255292
name=key,
256-
value=str(entity[key]),
257-
expected_value=str(value_object.get("value", "")),
293+
value=str(entity_value),
294+
expected_value=str(expected_value),
258295
status=(
259296
TestStatus.SUCCESS.value
260-
if entity[key] == value_object.get("value", "")
297+
if entity_value == expected_value
261298
else TestStatus.ERROR.value
262299
),
263300
).to_dict()

src/playbook_00_configuration_checks.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@
141141
results_var: "db_db2_results"
142142
when: >-
143143
role == 'DB' and
144-
(platform | default('HANA') | upper == 'Db2') and
144+
(platform | default('HANA') | upper == 'DB2') and
145145
(configuration_test_type == 'all' or
146146
configuration_test_type == 'Database')
147147

src/roles/configuration_checks/tasks/files/db2.yml

Lines changed: 32 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ enums:
7373
user:
7474
- root: &root "root"
7575
- sidadm: &sidadm "sidadm"
76+
- db2adm: &db2sid "db2sid"
7677
- all_users: &user [*root, *sidadm]
7778

7879
validator_type:
@@ -107,7 +108,7 @@ checks:
107108
collector_args:
108109
command: "lscpu | grep -E 'Architecture:|Vendor ID:|Model name:' | grep 'x86_64' | awk '{print $2}'"
109110
user: *root
110-
validator_type: *string
111+
validator_type: *list
111112
validator_args:
112113
valid_list: ["x86_64", "x64"]
113114
report: *check
@@ -138,7 +139,7 @@ checks:
138139
name: "SELinux settings"
139140
description: "SAP recommended SELinux in permissive mode or disabled"
140141
category: *sap_check
141-
severity: *warning
142+
severity: *high
142143
workload: *sap
143144
applicability:
144145
os_type: [*suse, *redhat]
@@ -153,14 +154,14 @@ checks:
153154
user: *root
154155
validator_type: *string
155156
validator_args:
156-
expected_output: "en_US.UTF-8"
157+
expected_output: "enforcing"
157158
report: *check
158159

159160
- id: "DB-Db2-0004"
160161
name: "vm.max_map_count setting"
161162
description: "vm.max_map_count setting"
162163
category: *sap_check
163-
severity: *warning
164+
severity: *high
164165
workload: *sap
165166
applicability:
166167
os_type: [*suse, *redhat]
@@ -182,7 +183,7 @@ checks:
182183
name: "VM Swappiness setting"
183184
description: "vm.swappiness setting"
184185
category: *sap_check
185-
severity: *warning
186+
severity: *high
186187
workload: *sap
187188
applicability:
188189
os_type: [*suse, *redhat]
@@ -204,7 +205,7 @@ checks:
204205
name: "VM Overcommit recovery setting"
205206
description: "vm.overcommit_memory setting"
206207
category: *sap_check
207-
severity: *warning
208+
severity: *high
208209
workload: *sap
209210
applicability:
210211
os_type: [*suse, *redhat]
@@ -226,7 +227,7 @@ checks:
226227
name: "Randomize VA Space setting"
227228
description: "Randomize VA Space"
228229
category: *sap_check
229-
severity: *warning
230+
severity: *high
230231
workload: *sap
231232
applicability:
232233
os_type: [*suse, *redhat]
@@ -248,7 +249,7 @@ checks:
248249
name: "Max Async I/O"
249250
description: "Max Async I/O setting"
250251
category: *sap_check
251-
severity: *warning
252+
severity: *high
252253
workload: *sap
253254
applicability:
254255
os_type: [*suse, *redhat]
@@ -272,7 +273,7 @@ checks:
272273
name: "kernel.sem"
273274
description: "kernel.sem"
274275
category: *sap_check
275-
severity: *warning
276+
severity: *high
276277
workload: *sap
277278
applicability:
278279
os_type: [*suse, *redhat]
@@ -296,7 +297,7 @@ checks:
296297
name: "Kernel out of process"
297298
description: "Parameter that controls the system's behavior in response to a kernel out of process [OOPS]."
298299
category: *sap_check
299-
severity: *warning
300+
severity: *high
300301
workload: *sap
301302
applicability:
302303
os_type: [*suse, *redhat]
@@ -320,7 +321,7 @@ checks:
320321
name: "Max File Handles"
321322
description: "Parameter sets the maximum number of file handles (file descriptors) that the kernel will allocate."
322323
category: *sap_check
323-
severity: *warning
324+
severity: *high
324325
workload: *sap
325326
applicability:
326327
os_type: [*suse, *redhat]
@@ -344,7 +345,7 @@ checks:
344345
name: "Transparent Huge Pages"
345346
description: "Transparent Huge Pages (THP) is a Linux kernel feature related to memory management."
346347
category: *sap_check
347-
severity: *warning
348+
severity: *high
348349
workload: *sap
349350
applicability:
350351
os_type: [*suse, *redhat]
@@ -369,7 +370,7 @@ checks:
369370
name: "HADR TIMEOUT"
370371
description: "HADR TIMEOUT"
371372
category: *sap_check
372-
severity: *warning
373+
severity: *high
373374
workload: *sap
374375
applicability:
375376
os_type: [*redhat]
@@ -380,8 +381,8 @@ checks:
380381
database_type: [*db2]
381382
collector_type: *command
382383
collector_args:
383-
command: "$(getent passwd | cut -d ':' -f1 | grep db2) -c 'db2pd -alldbs -hadr' | grep -i 'HADR_TIMEOUT' | awk '{print $NF}'"
384-
user: *root
384+
command: "db2pd -alldbs -hadr | grep -i 'HADR_TIMEOUT' | awk '{print $NF}'"
385+
user: *db2sid
385386
validator_type: *string
386387
validator_args:
387388
expected_output: "45"
@@ -393,7 +394,7 @@ checks:
393394
name: "HADR TIMEOUT"
394395
description: "HADR TIMEOUT"
395396
category: *sap_check
396-
severity: *warning
397+
severity: *high
397398
workload: *sap
398399
applicability:
399400
os_type: [*suse]
@@ -404,7 +405,7 @@ checks:
404405
database_type: [*db2]
405406
collector_type: *command
406407
collector_args:
407-
command: "$(getent passwd | cut -d ':' -f1 | grep db2) -c 'db2pd -alldbs -hadr' | grep -i 'HADR_TIMEOUT' | awk '{print $NF}'"
408+
command: "db2pd -alldbs -hadr | grep -i 'HADR_TIMEOUT' | awk '{print $NF}'"
408409
user: *root
409410
validator_type: *string
410411
validator_args:
@@ -417,7 +418,7 @@ checks:
417418
name: "PEER WINDOW (seconds)"
418419
description: "PEER WINDOW (seconds) RedHat"
419420
category: *sap_check
420-
severity: *warning
421+
severity: *high
421422
workload: *sap
422423
applicability:
423424
os_type: [*redhat]
@@ -428,8 +429,8 @@ checks:
428429
database_type: [*db2]
429430
collector_type: *command
430431
collector_args:
431-
command: "$(getent passwd | cut -d ':' -f1 | grep db2) -c 'db2pd -alldbs -hadr' | grep -i 'PEER_WINDOW(seconds)' | awk '{print $NF}'"
432-
user: *root
432+
command: "db2pd -alldbs -hadr | grep -i 'PEER_WINDOW(seconds)' | awk '{print $NF}'"
433+
user: *db2sid
433434
validator_type: *string
434435
validator_args:
435436
expected_output: "240"
@@ -441,7 +442,7 @@ checks:
441442
name: "PEER WINDOW (seconds)"
442443
description: "PEER WINDOW (seconds) SUSE SBD"
443444
category: *sap_check
444-
severity: *warning
445+
severity: *high
445446
workload: *sap
446447
applicability:
447448
os_type: [*suse]
@@ -453,8 +454,8 @@ checks:
453454
high_availability_agent: *sbd
454455
collector_type: *command
455456
collector_args:
456-
command: "$(getent passwd | cut -d ':' -f1 | grep db2) -c 'db2pd -alldbs -hadr' | grep -i 'PEER_WINDOW(seconds)' | awk '{print $NF}'"
457-
user: *root
457+
command: "db2pd -alldbs -hadr | grep -i 'PEER_WINDOW(seconds)' | awk '{print $NF}'"
458+
user: *db2sid
458459
validator_type: *string
459460
validator_args:
460461
expected_output: "300"
@@ -466,7 +467,7 @@ checks:
466467
name: "PEER WINDOW (seconds)"
467468
description: "PEER WINDOW (seconds) SUSE Fencing Agent"
468469
category: *sap_check
469-
severity: *warning
470+
severity: *high
470471
workload: *sap
471472
applicability:
472473
os_type: [*suse]
@@ -478,8 +479,8 @@ checks:
478479
high_availability_agent: *fencing_agent
479480
collector_type: *command
480481
collector_args:
481-
command: "$(getent passwd | cut -d ':' -f1 | grep db2) -c 'db2pd -alldbs -hadr' | grep -i 'PEER_WINDOW(seconds)' | awk '{print $NF}'"
482-
user: *root
482+
command: "db2pd -alldbs -hadr | grep -i 'PEER_WINDOW(seconds)' | awk '{print $NF}'"
483+
user: *db2sid
483484
validator_type: *string
484485
validator_args:
485486
expected_output: "900"
@@ -491,7 +492,7 @@ checks:
491492
name: "Maximum shared memory segments"
492493
description: "Maximum shared memory segments"
493494
category: *sap_check
494-
severity: *warning
495+
severity: *high
495496
workload: *sap
496497
applicability:
497498
os_type: [*suse, *redhat]
@@ -502,7 +503,7 @@ checks:
502503
database_type: [*db2]
503504
collector_type: *command
504505
collector_args:
505-
command: "[ $((256 * $(free -g | grep Mem: | awk '{print $2}'))) -ge $(/sbin/sysctl kernel.shmmni -n) ] && echo OK || echo $(/sbin/sysctl kernel.shmmni -n)"
506+
command: "[ $((256 * $(free -g | grep Mem: | awk '{print $2}'))) -ge $(/sbin/sysctl kernel.shmmni -n) ] && echo OK || echo $(/sbin/sysctl kernel.shmmni -n)"
506507
user: *root
507508
validator_type: *string
508509
validator_args:
@@ -516,7 +517,7 @@ checks:
516517
name: "Instance Memory size"
517518
description: "Instance Memory size"
518519
category: *sap_check
519-
severity: *warning
520+
severity: *high
520521
workload: *sap
521522
applicability:
522523
os_type: [*suse, *redhat]
@@ -527,8 +528,8 @@ checks:
527528
database_type: [*db2]
528529
collector_type: *command
529530
collector_args:
530-
command: "output=$(su - $(getent passwd | grep db2 | cut -d : -f1) -c 'db2pd -dbmcfg' | grep INSTANCE_MEMORY | awk '{print $NF}'); [[ $output -le 100 ]] && echo $output || echo $(awk -v output=$output 'BEGIN {print output * 4096 / 1024 / 1024 / 1024}')"
531-
user: *root
531+
command: "output=$(db2pd -dbmcfg | grep INSTANCE_MEMORY | awk '{print $NF}'); [[ $output -le 100 ]] && echo $output || echo $(awk -v output=$output 'BEGIN {print output * 4096 / 1024 / 1024 / 1024}')"
532+
user: *db2sid
532533
validator_type: *range
533534
validator_args:
534535
min: 64

src/templates/config_checks_report.html

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1250,8 +1250,8 @@ <h3>{{ check_type }}</h3>
12501250
<tr onclick="toggleDetails('{{ check.hostname }}-{{ check.check.id }}')">
12511251
<td>{{ check.check.id }}</td>
12521252
<td>{{ check.check.name }}</td>
1253-
<td>{{ check.actual_value|truncate(40) }}</td>
1254-
<td>{{ check.expected_value }}</td>
1253+
<td>{{ (check.actual_value|default('N/A', true)|string)|truncate(40) }}</td>
1254+
<td>{{ check.expected_value|default('N/A', true) }}</td>
12551255
<td class="status-{{ check.status|lower }}">{{ check.status }}</td>
12561256
</tr>
12571257
<tr id="details-{{ check.hostname }}-{{ check.check.id }}" class="expanded-content">

0 commit comments

Comments
 (0)