#! /bin/bash . /usr/src/m2/framework/bash_functions.sh k_config_details # ---- VARS ----- VERSION="1.1.5" SCRIPT_NAME="FreeRadius Check" public_key_folder="/root/.ssh" public_key_file="id_rsa.pub" public_key="$public_key_folder/$public_key_file" root_known_hosts="/root/.ssh/known_hosts" TEST=0 # 1 - do not execute changes # ---- FUNCTIONS ----- # ---- MAIN ----- k_start if [ "$TEST" == "1" ]; then report "***** TEST MODE ON. Changes will not be applied *****" 8 fi if [ $RADIUS_PRESENT != 1 ]; then report "Radius marked as not present" 3 fi if ((PCSD_ACTIVE != 1)); then if k_service_check radiusd; then RADIUS_UP=1 else RADIUS_UP=0 fi k_service_check_enabled radiusd elif ((PCSD_ACTIVE == 1)); then report "Failover is active" 3 if k_service_is_running radiusd; then report "Radiusd service is running" 3 RADIUS_UP=1 else report "Radiusd service is not running" 3 RADIUS_UP=0 fi if k_service_is_enabled radiusd; then report "Radiusd service is enabled" 3 report "Radiusd service is enabled. But it should be NOT enabled on failover setup" 1 report " systemctl disable radiusd" fix else report "Radiusd service is disabled" 3 fi # on failover non-active system radiusd should be down if [[ $PCSD_MAIN = 0 ]]; then report "Server is in passive (backup) state" 3 if [[ $RADIUS_UP = 1 ]]; then report "Radiusd service is running. But it should be not running on passive (backup) failover server" 1 report " systemctl stop radiusd" fix EXIT_CODE=1 fi else report "Server is in active (main) state" 3 if [[ $RADIUS_UP = 0 ]]; then report "Radiusd service is not running. But it should be running on active (main) failover server" 1 report " systemctl start radiusd" fix EXIT_CODE=1 fi fi else report "Unknown PCSD state" 1 report " contact support" fix EXIT_CODE=1 fi k_logs_check "Unknown column" /var/log/radius/*.log* k_logs_check "You have an error in your SQL syntax" /var/log/radius/*.log* file1="/usr/local/share/freeradius/dictionary.sip-router" file2="/usr/src/m2/freeradius/dictionary/dictionary.sip-router" if ! cmp -s "$file1" "$file2"; then report "$file1 is outdated" 1 report " Fix: /usr/src/m2/freeradius/dictionary/freeradius_dictionary_update.sh" 1 report " Restart Radius: /usr/src/m2/freeradius/radius_restart.sh" 1 EXIT_CODE=1 fi if [[ $RADIUS_UP = 1 ]]; then m2 show status > /tmp/m2showstatus core_ver=$(cat /tmp/m2showstatus | grep "Core version") if [[ $core_ver == "" ]]; then if [[ $VIRTUAL_IP != "" ]]; then report "Can't reach the Core. VIRTUAL_IP=$VIRTUAL_IP. Should it be like this?" 2 else report "Can't reach the core" 1 EXIT_CODE=1 fi else if grep -Fq 'R9-10cc' /tmp/m2showstatus; then report "Default R9-10cc core detected" 1 report "Install proper core version" 3 EXIT_CODE=1 fi report "$core_ver" 0 CORE_UP=1 fi else report "Will not check core version because radiusd is not running on Backup server" 3 report "Double check if this is OK" 2 fi if [[ $CORE_UP = 1 ]]; then redis_enabled=`cat /tmp/m2showstatus | grep 'Redis enabled:' | awk -F ":" '{print $2}' | xargs` if [[ $redis_enabled != 1 ]]; then report "Redis not enabled in the core" 2 report " Strongly suggesting to enable it in /etc/m2/system.conf redis_enabled = 1 and execute m2 reload" fix else report "Redis enabled in the core" 0 fi fi rm -fr /tmp/m2showstatus if [ "$centos_version" != "6" ] && [ ! -e /etc/systemd/system/radiusd.service ]; then report "Missing systemctl radiusd service" 2 report " Fix: /bin/cp -fr /usr/src/m2/freeradius/radiusd.service /etc/systemd/system/" 2 report " systemctl daemon-reload" 2 EXIT_CODE=2 fi # check ssh connection to the B2BUA server # get all active B2BUA servers from DB server_ids=$(MYSQL_PWD=$DB_PASSWORD /usr/bin/mysql -h "$DB_HOST" -u $DB_USERNAME "$DB_NAME" $P_OPT --silent -e "SELECT id FROM servers WHERE b2bua=1 AND active = 1;" | grep -v value) # clean from \n server_ids=$(echo $server_ids|tr -d '\n') if [ ${#server_ids} -gt 0 ]; then report "Found B2BUA active servers with ID(s) [$server_ids]" 0 else report "Not found B2BUA active servers in DB. Nothing to check. Error in GUI/DB configuration?" 1 k_exit 1 fi # make array out of string IFS=' ' read -r -a array <<< "$server_ids" # loop for all server IDs for index in "${!array[@]}" do server_id=${array[index]} #report "Processing server with ID [$server_id]" 3 server_ip=$(MYSQL_PWD=$DB_PASSWORD /usr/bin/mysql -h "$DB_HOST" -u $DB_USERNAME "$DB_NAME" $P_OPT --silent -e "SELECT server_ip FROM servers WHERE id = $server_id LIMIT 1;" | grep -v value) local_ip=$(MYSQL_PWD=$DB_PASSWORD /usr/bin/mysql -h "$DB_HOST" -u $DB_USERNAME "$DB_NAME" $P_OPT --silent -e "SELECT local_ip FROM servers WHERE id = $server_id LIMIT 1;" | grep -v value) server_port=$(MYSQL_PWD=$DB_PASSWORD /usr/bin/mysql -h "$DB_HOST" -u $DB_USERNAME "$DB_NAME" $P_OPT --silent -e "SELECT ssh_port FROM servers WHERE id = $server_id LIMIT 1;" | grep -v value) if [ ${#server_id} -gt 0 ]; then report "Server's ID [$server_id] IP:PORT $server_ip:$server_port Local IP [$local_ip]" 0 else report "Server's IP for ID [$server_id] not found in DB. WTF? Show MK." 1 #k_exit 1 EXIT_CODE=1 continue # skip following steps fi #chown -R apache:apache $public_key_folder #report "Checking SSH connection to the server [$server_ip]" 3 response=`ssh -o BatchMode=yes root@$server_ip -p$server_port uname -a` if echo $response | grep -q "Linux"; then report "SSH Connection to [$server_ip:$server_port] established: $response" 0 else if [ $server_id == $SERVER_ID ] && [[ $local_ip != "NULL" ]]; then # --------- local server ip check -------- start report "Local server, checking local IP [$local_ip]" 3 server_ip=$local_ip response=`ssh -o BatchMode=yes root@$server_ip -p$server_port uname -a` if echo $response | grep -q "Linux"; then report "SSH Connection to [$server_ip:$server_port] established: $response" 0 else report "SSH Connection to [$server_ip:$server_port] failed" 1 report " /usr/src/m2/maintenance/multiserver/radius_ssh_connections.sh" fix EXIT_CODE=1 fi # --------- local server ip check -------- end else report "SSH Connection to [$server_ip:$server_port] failed" 1 report " /usr/src/m2/maintenance/multiserver/radius_ssh_connections.sh" fix EXIT_CODE=1 fi fi #echo "$index ${array[index]}" done k_exit $EXIT_CODE