From 19fcec84d8d7d21e796c7624e521b60d28ee21ed Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 20:45:59 +0200 Subject: Adding upstream version 16.2.11+ds. Signed-off-by: Daniel Baumann --- monitoring/ceph-mixin/tests_alerts/README.md | 92 + monitoring/ceph-mixin/tests_alerts/__init__.py | 0 monitoring/ceph-mixin/tests_alerts/settings.py | 11 + monitoring/ceph-mixin/tests_alerts/test_alerts.yml | 1821 ++++++++++++++++++++ monitoring/ceph-mixin/tests_alerts/test_syntax.py | 42 + .../ceph-mixin/tests_alerts/test_unittests.py | 19 + monitoring/ceph-mixin/tests_alerts/utils.py | 12 + .../ceph-mixin/tests_alerts/validate_rules.py | 571 ++++++ 8 files changed, 2568 insertions(+) create mode 100644 monitoring/ceph-mixin/tests_alerts/README.md create mode 100644 monitoring/ceph-mixin/tests_alerts/__init__.py create mode 100644 monitoring/ceph-mixin/tests_alerts/settings.py create mode 100644 monitoring/ceph-mixin/tests_alerts/test_alerts.yml create mode 100755 monitoring/ceph-mixin/tests_alerts/test_syntax.py create mode 100644 monitoring/ceph-mixin/tests_alerts/test_unittests.py create mode 100644 monitoring/ceph-mixin/tests_alerts/utils.py create mode 100755 monitoring/ceph-mixin/tests_alerts/validate_rules.py (limited to 'monitoring/ceph-mixin/tests_alerts') diff --git a/monitoring/ceph-mixin/tests_alerts/README.md b/monitoring/ceph-mixin/tests_alerts/README.md new file mode 100644 index 000000000..cf95fa636 --- /dev/null +++ b/monitoring/ceph-mixin/tests_alerts/README.md @@ -0,0 +1,92 @@ + +## Alert Rule Standards + +The alert rules should adhere to the following principles +- each alert must have a unique name +- each alert should define a common structure + - labels : must contain severity and type + - annotations : must provide description + - expr : must define the promql expression + - alert : defines the alert name +- alerts that have a corresponding section within docs.ceph.com must include a + documentation field in the annotations section +- critical alerts should declare an oid in the labels section +- critical alerts should have a corresponding entry in the Ceph MIB + +  +## Testing Prometheus Rules +Once you have updated the `ceph_default_alerts.yml` file, you should use the +`validate_rules.py` script directly, or via `tox` to ensure the format of any update +or change aligns to our rule structure guidelines. The validate_rules.py script will +process the rules and look for any configuration anomalies and output a report if +problems are detected. + +Here's an example run, to illustrate the format and the kinds of issues detected. + +``` +[paul@myhost tests]$ ./validate_rules.py + +Checking rule groups + cluster health : .. + mon : E.W.. + osd : E...W......W.E.. + mds : WW + mgr : WW + pgs : ..WWWW.. + nodes : .EEEE + pools : EEEW. + healthchecks : . + cephadm : WW. + prometheus : W + rados : W + +Summary + +Rule file : ../alerts/ceph_default_alerts.yml +Unit Test file : test_alerts.yml + +Rule groups processed : 12 +Rules processed : 51 +Rule errors : 10 +Rule warnings : 16 +Rule name duplicates : 0 +Unit tests missing : 4 + +Problem Report + + Group Severity Alert Name Problem Description + ----- -------- ---------- ------------------- + cephadm Warning Cluster upgrade has failed critical level alert is missing an SNMP oid entry + cephadm Warning A daemon managed by cephadm is down critical level alert is missing an SNMP oid entry + mds Warning Ceph Filesystem damage detected critical level alert is missing an SNMP oid entry + mds Warning Ceph Filesystem switched to READ ONLY critical level alert is missing an SNMP oid entry + mgr Warning mgr module failure critical level alert is missing an SNMP oid entry + mgr Warning mgr prometheus module is not active critical level alert is missing an SNMP oid entry + mon Error Monitor down, quorum is at risk documentation link error: #mon-downwah not found on the page + mon Warning Ceph mon disk space critically low critical level alert is missing an SNMP oid entry + nodes Error network packets dropped invalid alert structure. Missing field: for + nodes Error network packet errors invalid alert structure. Missing field: for + nodes Error storage filling up invalid alert structure. Missing field: for + nodes Error MTU Mismatch invalid alert structure. Missing field: for + osd Error 10% OSDs down invalid alert structure. Missing field: for + osd Error Flapping OSD invalid alert structure. Missing field: for + osd Warning OSD Full critical level alert is missing an SNMP oid entry + osd Warning Too many devices predicted to fail critical level alert is missing an SNMP oid entry + pgs Warning Placement Group (PG) damaged critical level alert is missing an SNMP oid entry + pgs Warning Recovery at risk, cluster too full critical level alert is missing an SNMP oid entry + pgs Warning I/O blocked to some data critical level alert is missing an SNMP oid entry + pgs Warning Cluster too full, automatic data recovery impaired critical level alert is missing an SNMP oid entry + pools Error pool full invalid alert structure. Missing field: for + pools Error pool filling up (growth forecast) invalid alert structure. Missing field: for + pools Error Ceph pool is too full for recovery/rebalance invalid alert structure. Missing field: for + pools Warning Ceph pool is full - writes blocked critical level alert is missing an SNMP oid entry + prometheus Warning Scrape job is missing critical level alert is missing an SNMP oid entry + rados Warning Data not found/missing critical level alert is missing an SNMP oid entry + +Unit tests are incomplete. Tests missing for the following alerts; + - Placement Group (PG) damaged + - OSD Full + - storage filling up + - pool filling up (growth forecast) + +``` diff --git a/monitoring/ceph-mixin/tests_alerts/__init__.py b/monitoring/ceph-mixin/tests_alerts/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/monitoring/ceph-mixin/tests_alerts/settings.py b/monitoring/ceph-mixin/tests_alerts/settings.py new file mode 100644 index 000000000..d99dfdca6 --- /dev/null +++ b/monitoring/ceph-mixin/tests_alerts/settings.py @@ -0,0 +1,11 @@ +import os + +ALERTS_FILE = '../prometheus_alerts.yml' +UNIT_TESTS_FILE = 'test_alerts.yml' +MIB_FILE = '../../snmp/CEPH-MIB.txt' + +current_dir = os.path.dirname(os.path.abspath(__file__)) + +ALERTS_FILE = os.path.join(current_dir, ALERTS_FILE) +UNIT_TESTS_FILE = os.path.join(current_dir, UNIT_TESTS_FILE) +MIB_FILE = os.path.join(current_dir, MIB_FILE) diff --git a/monitoring/ceph-mixin/tests_alerts/test_alerts.yml b/monitoring/ceph-mixin/tests_alerts/test_alerts.yml new file mode 100644 index 000000000..7b7e7db73 --- /dev/null +++ b/monitoring/ceph-mixin/tests_alerts/test_alerts.yml @@ -0,0 +1,1821 @@ +rule_files: + - ../prometheus_alerts.yml +evaluation_interval: 5m +tests: + # health error + - interval: 5m + input_series: + - series: 'ceph_health_status{instance="ceph:9283",job="ceph"}' + values: '2 2 2 2 2 2 2' + promql_expr_test: + - expr: ceph_health_status == 2 + eval_time: 5m + exp_samples: + - labels: 'ceph_health_status{instance="ceph:9283",job="ceph"}' + value: 2 + alert_rule_test: + - eval_time: 1m + alertname: CephHealthError + - eval_time: 6m + alertname: CephHealthError + exp_alerts: + - exp_labels: + instance: ceph:9283 + job: ceph + oid: 1.3.6.1.4.1.50495.1.2.1.2.1 + type: ceph_default + severity: critical + exp_annotations: + summary: Ceph is in the ERROR state + description: The cluster state has been HEALTH_ERROR for more than 5 minutes. Please check 'ceph health detail' for more information. + + # health warning + - interval: 5m + input_series: + - series: 'ceph_health_status{instance="ceph:9283",job="ceph"}' + values: '1 1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_status == 1 + eval_time: 15m + exp_samples: + - labels: 'ceph_health_status{instance="ceph:9283",job="ceph"}' + value: 1 + alert_rule_test: + - eval_time: 10m + alertname: CephHealthWarning + - eval_time: 20m + alertname: CephHealthWarning + exp_alerts: + - exp_labels: + instance: ceph:9283 + job: ceph + type: ceph_default + severity: warning + exp_annotations: + summary: Ceph is in the WARNING state + description: The cluster state has been HEALTH_WARN for more than 15 minutes. Please check 'ceph health detail' for more information. + + # 10% OSDs down + - interval: 1m + input_series: + - series: 'ceph_osd_up{ceph_daemon="osd.0",instance="ceph:9283",job="ceph"}' + values: '1 1 1 1 1' + - series: 'ceph_osd_up{ceph_daemon="osd.1",instance="ceph:9283",job="ceph"}' + values: '0 0 0 0 0' + - series: 'ceph_osd_up{ceph_daemon="osd.2",instance="ceph:9283",job="ceph"}' + values: '1 1 1 1 1' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.0", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.1", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.2", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1' + promql_expr_test: + - expr: count(ceph_osd_up == 0) / count(ceph_osd_up) * 100 >= 10 + eval_time: 1m + exp_samples: + - labels: '{}' + value: 3.333333333333333E+01 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDDownHigh + exp_alerts: + - exp_labels: + oid: 1.3.6.1.4.1.50495.1.2.1.4.1 + type: ceph_default + severity: critical + exp_annotations: + summary: More than 10% of OSDs are down + description: "33.33% or 1 of 3 OSDs are down (>= 10%). The following OSDs are down: - osd.1 on ceph" + + # flapping OSD + - interval: 1s + input_series: + - series: 'ceph_osd_up{ceph_daemon="osd.0",instance="ceph:9283",job="ceph"}' + values: '1+1x100' + - series: 'ceph_osd_up{ceph_daemon="osd.1",instance="ceph:9283",job="ceph"}' + values: '1+0x100' + - series: 'ceph_osd_up{ceph_daemon="osd.2",instance="ceph:9283",job="ceph"}' + values: '1+0x100' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.0", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1 1' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.1", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1 1' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.2", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1 1' + promql_expr_test: + - expr: | + ( + rate(ceph_osd_up[5m]) + * on(ceph_daemon) group_left(hostname) ceph_osd_metadata + ) * 60 > 1 + eval_time: 1m + exp_samples: + - labels: '{ceph_daemon="osd.0", hostname="ceph", instance="ceph:9283", + job="ceph"}' + value: 1.2200000000000001E+01 + alert_rule_test: + - eval_time: 5m + alertname: CephOSDFlapping + exp_alerts: + - exp_labels: + ceph_daemon: osd.0 + hostname: ceph + instance: ceph:9283 + job: ceph + oid: 1.3.6.1.4.1.50495.1.2.1.4.4 + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/troubleshooting/troubleshooting-osd#flapping-osds + summary: Network issues are causing OSDs to flap (mark each other down) + description: "OSD osd.0 on ceph was marked down and back up 20.1 times once a minute for 5 minutes. This may indicate a network issue (latency, packet loss, MTU mismatch) on the cluster network, or the public network if no cluster network is deployed. Check the network stats on the listed host(s)." + + # high pg count deviation + - interval: 1m + input_series: + - series: 'ceph_osd_numpg{ceph_daemon="osd.0",instance="ceph:9283", + job="ceph"}' + values: '100 100 100 100 100 160' + - series: 'ceph_osd_numpg{ceph_daemon="osd.1",instance="ceph:9283", + job="ceph"}' + values: '100 100 100 100 100 320' + - series: 'ceph_osd_numpg{ceph_daemon="osd.2",instance="ceph:9283", + job="ceph"}' + values: '100 100 100 100 100 160' + - series: 'ceph_osd_numpg{ceph_daemon="osd.3",instance="ceph:9283", + job="ceph"}' + values: '100 100 100 100 100 160' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.0", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1 1' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.1", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1 1' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.2", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1 1' + - series: 'ceph_osd_metadata{back_iface="eth0",ceph_daemon="osd.3", + ceph_version="ceph version 17.0.0-189-g3558fd72 + (3558fd7291855971aa6481a2ade468ad61fbb346) pacific (dev)", + cluster_addr="172.20.0.2",device_class="hdd",front_iface="eth0", + hostname="ceph",instance="ceph:9283",job="ceph",objectstore="bluestore", + public_addr="172.20.0.2"}' + values: '1 1 1 1 1 1' + promql_expr_test: + - expr: | + abs( + ( + (ceph_osd_numpg > 0) - on (job) group_left avg(ceph_osd_numpg > 0) + by (job) + ) / on (job) group_left avg(ceph_osd_numpg > 0) by (job) + ) * on(ceph_daemon) group_left(hostname) ceph_osd_metadata > 0.30 + + eval_time: 5m + exp_samples: + - labels: '{ceph_daemon="osd.1", hostname="ceph", instance="ceph:9283", + job="ceph"}' + value: 6E-01 + alert_rule_test: + - eval_time: 10m + alertname: CephPGImbalance + exp_alerts: + - exp_labels: + ceph_daemon: osd.1 + hostname: ceph + instance: ceph:9283 + job: ceph + oid: 1.3.6.1.4.1.50495.1.2.1.4.5 + severity: warning + type: ceph_default + exp_annotations: + summary: PGs are not balanced across OSDs + description: "OSD osd.1 on ceph deviates by more than 30% from average PG count." + + # pgs inactive + - interval: 1m + input_series: + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="device_health_metrics",pool_id="1"}' + values: '1 1 1 1 1 1 1 1' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="device_health_metrics",pool_id="2"}' + values: '1 1 1 1 1 1 1 1' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="device_health_metrics",pool_id="3"}' + values: '1 1 1 1 1 1 1 1' + - series: 'ceph_pg_total{instance="ceph:9283",job="ceph",pool_id="1"}' + values: '1 1 1 1 1 1 1 1' + - series: 'ceph_pg_total{instance="ceph:9283",job="ceph",pool_id="2"}' + values: '32 32 32 32 32 32 32 32' + - series: 'ceph_pg_total{instance="ceph:9283",job="ceph",pool_id="3"}' + values: '33 32 32 32 32 33 33 32' + - series: 'ceph_pg_active{instance="ceph:9283",job="ceph",pool_id="1"}' + values: '1 1 1 1 1 1 1 1 1' + - series: 'ceph_pg_active{instance="ceph:9283",job="ceph",pool_id="2"}' + values: '32 32 32 32 32 32 32 32' + - series: 'ceph_pg_active{instance="ceph:9283",job="ceph",pool_id="3"}' + values: '32 32 32 32 32 32 32 32' + promql_expr_test: + - expr: ceph_pool_metadata * on(pool_id,instance) group_left() + (ceph_pg_total - ceph_pg_active) > 0 + eval_time: 5m + exp_samples: + - labels: '{instance="ceph:9283", job="ceph", + name="device_health_metrics", + pool_id="3"}' + value: 1 + alert_rule_test: + - eval_time: 5m + alertname: CephPGsInactive + exp_alerts: + - exp_labels: + instance: ceph:9283 + job: ceph + name: device_health_metrics + oid: 1.3.6.1.4.1.50495.1.2.1.7.1 + pool_id: 3 + severity: critical + type: ceph_default + exp_annotations: + summary: One or more placement groups are inactive + description: "1 PGs have been inactive for more than 5 minutes in pool device_health_metrics. Inactive placement groups are not able to serve read/write requests." + + #pgs unclean + - interval: 1m + input_series: + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="device_health_metrics",pool_id="1"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="device_health_metrics",pool_id="2"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="device_health_metrics",pool_id="3"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_pg_total{instance="ceph:9283",job="ceph",pool_id="1"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_pg_total{instance="ceph:9283",job="ceph",pool_id="2"}' + values: '32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 + 32 32 32' + - series: 'ceph_pg_total{instance="ceph:9283",job="ceph",pool_id="3"}' + values: '33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 + 33 33' + - series: 'ceph_pg_clean{instance="ceph:9283",job="ceph",pool_id="1"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_pg_clean{instance="ceph:9283",job="ceph",pool_id="2"}' + values: '32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 + 32 32' + - series: 'ceph_pg_clean{instance="ceph:9283",job="ceph",pool_id="3"}' + values: '32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 + 32 32' + promql_expr_test: + - expr: ceph_pool_metadata * on(pool_id,instance) group_left() + (ceph_pg_total - ceph_pg_clean) > 0 + eval_time: 15m + exp_samples: + - labels: '{instance="ceph:9283", job="ceph", + name="device_health_metrics", pool_id="3"}' + value: 1 + alert_rule_test: + - eval_time: 16m + alertname: CephPGsUnclean + exp_alerts: + - exp_labels: + instance: ceph:9283 + job: ceph + name: device_health_metrics + oid: 1.3.6.1.4.1.50495.1.2.1.7.2 + pool_id: 3 + severity: warning + type: ceph_default + exp_annotations: + summary: One or more placement groups are marked unclean + description: "1 PGs have been unclean for more than 15 minutes in pool device_health_metrics. Unclean PGs have not recovered from a previous failure." + + # root volume full + - interval: 1m + input_series: + - series: 'node_filesystem_avail_bytes{device="/dev/mapper/fedora_localhost + --live-home",fstype="ext4",instance="node-exporter",job="node-exporter", + mountpoint="/"}' + values: '35336400896 35336400896 35336400896 35336400896 35336400896 + 3525385519.104 3533640089' + - series: 'node_filesystem_size_bytes{device="/dev/mapper/fedora_localhost + --live-home",fstype="ext4",instance="node-exporter",job="node-exporter", + mountpoint="/"}' + values: '73445531648 73445531648 73445531648 73445531648 73445531648 + 73445531648 73445531648' + promql_expr_test: + - expr: node_filesystem_avail_bytes{mountpoint="/"} / + node_filesystem_size_bytes{mountpoint="/"} * 100 < 5 + eval_time: 5m + exp_samples: + - labels: '{device="/dev/mapper/fedora_localhost --live-home", + fstype="ext4", instance="node-exporter", job="node-exporter", + mountpoint="/"}' + value: 4.8E+00 + alert_rule_test: + - eval_time: 10m + alertname: CephNodeRootFilesystemFull + exp_alerts: + - exp_labels: + device: /dev/mapper/fedora_localhost --live-home + fstype: ext4 + instance: node-exporter + job: node-exporter + mountpoint: / + oid: 1.3.6.1.4.1.50495.1.2.1.8.1 + severity: critical + type: ceph_default + exp_annotations: + summary: Root filesystem is dangerously full + description: "Root volume is dangerously full: 4.811% free." + + # network packets dropped + - interval: 1m + input_series: + - series: 'node_network_receive_drop_total{device="eth0", + instance="node-exporter",job="node-exporter"}' + values: '0+600x10' + - series: 'node_network_transmit_drop_total{device="eth0", + instance="node-exporter",job="node-exporter"}' + values: '0+600x10' + - series: 'node_network_receive_packets_total{device="eth0", + instance="node-exporter",job="node-exporter"}' + values: '0+750x10' + - series: 'node_network_transmit_packets_total{device="eth0", + instance="node-exporter",job="node-exporter"}' + values: '0+750x10' + promql_expr_test: + - expr: | + ( + rate(node_network_receive_drop_total{device!="lo"}[1m]) + + rate(node_network_transmit_drop_total{device!="lo"}[1m]) + ) / ( + rate(node_network_receive_packets_total{device!="lo"}[1m]) + + rate(node_network_transmit_packets_total{device!="lo"}[1m]) + ) >= 0.0050000000000000001 and ( + rate(node_network_receive_drop_total{device!="lo"}[1m]) + + rate(node_network_transmit_drop_total{device!="lo"}[1m]) + ) >= 10 + + eval_time: 5m + exp_samples: + - labels: '{device="eth0", instance="node-exporter", + job="node-exporter"}' + value: 8E-1 + alert_rule_test: + - eval_time: 5m + alertname: CephNodeNetworkPacketDrops + exp_alerts: + - exp_labels: + device: eth0 + instance: node-exporter + job: node-exporter + oid: 1.3.6.1.4.1.50495.1.2.1.8.2 + severity: warning + type: ceph_default + exp_annotations: + summary: One or more NICs reports packet drops + description: "Node node-exporter experiences packet drop > 0.5% or > 10 packets/s on interface eth0." + + # network packets errors + - interval: 1m + input_series: + - series: 'node_network_receive_errs_total{device="eth0", + instance="node-exporter",job="node-exporter"}' + values: '0+600x10' + - series: 'node_network_transmit_errs_total{device="eth0", + instance="node-exporter",job="node-exporter"}' + values: '0+600x10' + - series: 'node_network_transmit_packets_total{device="eth0", + instance="node-exporter",job="node-exporter"}' + values: '0+750x10' + - series: 'node_network_receive_packets_total{device="eth0", + instance="node-exporter",job="node-exporter"}' + values: '0+750x10' + promql_expr_test: + - expr: | + ( + rate(node_network_receive_errs_total{device!="lo"}[1m]) + + rate(node_network_transmit_errs_total{device!="lo"}[1m]) + ) / ( + rate(node_network_receive_packets_total{device!="lo"}[1m]) + + rate(node_network_transmit_packets_total{device!="lo"}[1m]) + ) >= 0.0001 or ( + rate(node_network_receive_errs_total{device!="lo"}[1m]) + + rate(node_network_transmit_errs_total{device!="lo"}[1m]) + ) >= 10 + + eval_time: 5m + exp_samples: + - labels: '{device="eth0", instance="node-exporter", + job="node-exporter"}' + value: 8E-01 + alert_rule_test: + - eval_time: 5m + alertname: CephNodeNetworkPacketErrors + exp_alerts: + - exp_labels: + device: eth0 + instance: node-exporter + job: node-exporter + oid: 1.3.6.1.4.1.50495.1.2.1.8.3 + severity: warning + type: ceph_default + exp_annotations: + summary: One or more NICs reports packet errors + description: "Node node-exporter experiences packet errors > 0.01% or > 10 packets/s on interface eth0." + +# Node Storage disk space filling up + - interval: 1m + # 20GB = 21474836480, 256MB = 268435456 + input_series: + - series: 'node_filesystem_free_bytes{device="/dev/mapper/vg-root", + fstype="xfs",instance="node-1",mountpoint="/rootfs"}' + values: '21474836480-268435456x48' + - series: 'node_filesystem_free_bytes{device="/dev/mapper/vg-root", + fstype="xfs",instance="node-2",mountpoint="/rootfs"}' + values: '21474836480+0x48' + - series: 'node_uname_info{instance="node-1", nodename="node-1.unittests.com"}' + values: 1+0x48 + - series: 'node_uname_info{instance="node-2", nodename="node-2.unittests.com"}' + values: 1+0x48 + promql_expr_test: + - expr: | + predict_linear(node_filesystem_free_bytes{device=~"/.*"}[2d], 3600 * 24 * 5) * + on(instance) group_left(nodename) node_uname_info < 0 + eval_time: 5m + exp_samples: + - labels: '{device="/dev/mapper/vg-root",instance="node-1",fstype="xfs", + mountpoint="/rootfs",nodename="node-1.unittests.com"}' + value: -1.912602624E+12 + alert_rule_test: + - eval_time: 5m + alertname: CephNodeDiskspaceWarning + exp_alerts: + - exp_labels: + severity: warning + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.8.4 + device: /dev/mapper/vg-root + fstype: xfs + instance: node-1 + mountpoint: /rootfs + nodename: node-1.unittests.com + exp_annotations: + summary: Host filesystem free space is getting low + description: "Mountpoint /rootfs on node-1.unittests.com will be full in less than 5 days based on the 48 hour trailing fill rate." + # MTU Mismatch + - interval: 1m + input_series: + - series: 'node_network_mtu_bytes{device="eth0",instance="node-exporter", + job="node-exporter"}' + values: '1500 1500 1500 1500 1500' + - series: 'node_network_mtu_bytes{device="eth1",instance="node-exporter", + job="node-exporter"}' + values: '1500 1500 1500 1500 1500' + - series: 'node_network_mtu_bytes{device="eth2",instance="node-exporter", + job="node-exporter"}' + values: '1500 1500 1500 1500 1500' + - series: 'node_network_mtu_bytes{device="eth3",instance="node-exporter", + job="node-exporter"}' + values: '1500 1500 1500 1500 1500' + - series: 'node_network_mtu_bytes{device="eth4",instance="node-exporter", + job="node-exporter"}' + values: '9000 9000 9000 9000 9000' + - series: 'node_network_mtu_bytes{device="eth4",instance="hostname1", + job="node-exporter"}' + values: '2200 2200 2200 2200 2200' + - series: 'node_network_mtu_bytes{device="eth4",instance="hostname2", + job="node-exporter"}' + values: '2400 2400 2400 2400 2400' + - series: 'node_network_up{device="eth0",instance="node-exporter", + job="node-exporter"}' + values: '0 0 0 0 0' + - series: 'node_network_up{device="eth1",instance="node-exporter", + job="node-exporter"}' + values: '0 0 0 0 0' + - series: 'node_network_up{device="eth2",instance="node-exporter", + job="node-exporter"}' + values: '1 1 1 1 1' + - series: 'node_network_up{device="eth3",instance="node-exporter", + job="node-exporter"}' + values: '1 1 1 1 1' + - series: 'node_network_up{device="eth4",instance="node-exporter", + job="node-exporter"}' + values: '1 1 1 1 1' + - series: 'node_network_up{device="eth4",instance="hostname1", + job="node-exporter"}' + values: '1 1 1 1 1' + - series: 'node_network_up{device="eth4",instance="hostname2", + job="node-exporter"}' + values: '0 0 0 0 0' + promql_expr_test: + - expr: | + node_network_mtu_bytes * (node_network_up{device!="lo"} > 0) == + scalar( + max by (device) (node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) != + quantile by (device) (.5, node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) + ) + or + node_network_mtu_bytes * (node_network_up{device!="lo"} > 0) == + scalar( + min by (device) (node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) != + quantile by (device) (.5, node_network_mtu_bytes * (node_network_up{device!="lo"} > 0)) + ) + eval_time: 1m + exp_samples: + - labels: '{device="eth4", instance="node-exporter", job="node-exporter"}' + value: 9000 + - labels: '{device="eth4", instance="hostname1", job="node-exporter"}' + value: 2200 + alert_rule_test: + - eval_time: 1m + alertname: CephNodeInconsistentMTU + exp_alerts: + - exp_labels: + device: eth4 + instance: hostname1 + job: node-exporter + severity: warning + type: ceph_default + exp_annotations: + summary: MTU settings across Ceph hosts are inconsistent + description: "Node hostname1 has a different MTU size (2200) than the median of devices named eth4." + - exp_labels: + device: eth4 + instance: node-exporter + job: node-exporter + severity: warning + type: ceph_default + exp_annotations: + summary: MTU settings across Ceph hosts are inconsistent + description: "Node node-exporter has a different MTU size (9000) than the median of devices named eth4." + + # pool full, data series has 6 but using topk(5) so to ensure the + # results are working as expected + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="POOL_FULL"}' + values: '0 0 0 1 1 1 1 1 1 1 1' + - series: 'ceph_pool_percent_used{pool_id="1"}' + values: '32+0x10' + - series: 'ceph_pool_percent_used{pool_id="2"}' + values: '96+0x10' + - series: 'ceph_pool_percent_used{pool_id="3"}' + values: '90+0x10' + - series: 'ceph_pool_percent_used{pool_id="4"}' + values: '72+0x10' + - series: 'ceph_pool_percent_used{pool_id="5"}' + values: '19+0x10' + - series: 'ceph_pool_percent_used{pool_id="6"}' + values: '10+0x10' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="cephfs_data",pool_id="1"}' + values: '1 1 1 1 1 1 1 1 1' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="rbd",pool_id="2"}' + values: '1 1 1 1 1 1 1 1 1' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="iscsi",pool_id="3"}' + values: '1 1 1 1 1 1 1 1 1' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="default.rgw.index",pool_id="4"}' + values: '1 1 1 1 1 1 1 1 1' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="default.rgw.log",pool_id="5"}' + values: '1 1 1 1 1 1 1 1 1' + - series: 'ceph_pool_metadata{instance="ceph:9283",job="ceph", + name="dummy",pool_id="6"}' + values: '1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="POOL_FULL"} > 0 + eval_time: 5m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="POOL_FULL"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephPoolFull + - eval_time: 10m + alertname: CephPoolFull + exp_alerts: + - exp_labels: + name: POOL_FULL + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.9.1 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pool-full + summary: Pool is full - writes are blocked + description: "A pool has reached its MAX quota, or OSDs supporting the pool have reached the FULL threshold. Until this is resolved, writes to the pool will be blocked. Pool Breakdown (top 5) - rbd at 96% - iscsi at 90% - default.rgw.index at 72% - cephfs_data at 32% - default.rgw.log at 19% Increase the pool's quota, or add capacity to the cluster first then increase the pool's quota (e.g. ceph osd pool set quota max_bytes )" + # slow OSD ops + - interval : 1m + input_series: + - series: 'ceph_healthcheck_slow_ops{instance="ceph:9283",job="ceph"}' + values: '1+0x120' + promql_expr_test: + - expr: ceph_healthcheck_slow_ops > 0 + eval_time: 1m + exp_samples: + - labels: '{__name__="ceph_healthcheck_slow_ops", instance="ceph:9283", + job="ceph"}' + value: 1 + alert_rule_test: + - eval_time: 20m + alertname: CephSlowOps + exp_alerts: + - exp_labels: + instance: ceph:9283 + job: ceph + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#slow-ops + summary: OSD operations are slow to complete + description: "1 OSD requests are taking too long to process (osd_op_complaint_time exceeded)" + +# CEPHADM orchestrator alert triggers + - interval: 30s + input_series: + - series: 'ceph_health_detail{name="UPGRADE_EXCEPTION"}' + values: '1+0x40' + promql_expr_test: + - expr: ceph_health_detail{name="UPGRADE_EXCEPTION"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="UPGRADE_EXCEPTION"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephadmUpgradeFailed + - eval_time: 5m + alertname: CephadmUpgradeFailed + exp_alerts: + - exp_labels: + name: UPGRADE_EXCEPTION + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.11.2 + exp_annotations: + summary: Ceph version upgrade has failed + description: "The cephadm cluster upgrade process has failed. The cluster remains in an undetermined state. Please review the cephadm logs, to understand the nature of the issue" + - interval: 30s + input_series: + - series: 'ceph_health_detail{name="CEPHADM_FAILED_DAEMON"}' + values: '1+0x40' + promql_expr_test: + - expr: ceph_health_detail{name="CEPHADM_FAILED_DAEMON"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="CEPHADM_FAILED_DAEMON"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephadmDaemonFailed + - eval_time: 5m + alertname: CephadmDaemonFailed + exp_alerts: + - exp_labels: + name: CEPHADM_FAILED_DAEMON + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.11.1 + exp_annotations: + summary: A ceph daemon manged by cephadm is down + description: "A daemon managed by cephadm is no longer active. Determine, which daemon is down with 'ceph health detail'. you may start daemons with the 'ceph orch daemon start '" + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="CEPHADM_PAUSED"}' + values: '1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="CEPHADM_PAUSED"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="CEPHADM_PAUSED"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephadmPaused + - eval_time: 5m + alertname: CephadmPaused + exp_alerts: + - exp_labels: + name: CEPHADM_PAUSED + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/cephadm/operations#cephadm-paused + summary: Orchestration tasks via cephadm are PAUSED + description: "Cluster management has been paused manually. This will prevent the orchestrator from service management and reconciliation. If this is not intentional, resume cephadm operations with 'ceph orch resume'" +# MDS + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="MDS_DAMAGE"}' + values: '1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="MDS_DAMAGE"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="MDS_DAMAGE"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephFilesystemDamaged + - eval_time: 5m + alertname: CephFilesystemDamaged + exp_alerts: + - exp_labels: + name: MDS_DAMAGE + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.5.1 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages#cephfs-health-messages + summary: CephFS filesystem is damaged. + description: "Filesystem metadata has been corrupted. Data may be inaccessible. Analyze metrics from the MDS daemon admin socket, or escalate to support." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="MDS_HEALTH_READ_ONLY"}' + values: '1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="MDS_HEALTH_READ_ONLY"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="MDS_HEALTH_READ_ONLY"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephFilesystemReadOnly + - eval_time: 5m + alertname: CephFilesystemReadOnly + exp_alerts: + - exp_labels: + name: MDS_HEALTH_READ_ONLY + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.5.2 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages#cephfs-health-messages + summary: CephFS filesystem in read only mode due to write error(s) + description: "The filesystem has switched to READ ONLY due to an unexpected error when writing to the metadata pool. Either analyze the output from the MDS daemon admin socket, or escalate to support." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="MDS_ALL_DOWN"}' + values: '0 0 1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="MDS_ALL_DOWN"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="MDS_ALL_DOWN"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephFilesystemOffline + - eval_time: 10m + alertname: CephFilesystemOffline + exp_alerts: + - exp_labels: + name: MDS_ALL_DOWN + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.5.3 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-all-down + summary: CephFS filesystem is offline + description: "All MDS ranks are unavailable. The MDS daemons managing metadata are down, rendering the filesystem offline." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="FS_DEGRADED"}' + values: '0 0 1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="FS_DEGRADED"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="FS_DEGRADED"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephFilesystemDegraded + - eval_time: 10m + alertname: CephFilesystemDegraded + exp_alerts: + - exp_labels: + name: FS_DEGRADED + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.5.4 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#fs-degraded + summary: CephFS filesystem is degraded + description: "One or more metadata daemons (MDS ranks) are failed or in a damaged state. At best the filesystem is partially available, at worst the filesystem is completely unusable." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="MDS_INSUFFICIENT_STANDBY"}' + values: '0 0 1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="MDS_INSUFFICIENT_STANDBY"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="MDS_INSUFFICIENT_STANDBY"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephFilesystemInsufficientStandby + - eval_time: 10m + alertname: CephFilesystemInsufficientStandby + exp_alerts: + - exp_labels: + name: MDS_INSUFFICIENT_STANDBY + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-insufficient-standby + summary: Ceph filesystem standby daemons too few + description: "The minimum number of standby daemons required by standby_count_wanted is less than the current number of standby daemons. Adjust the standby count or increase the number of MDS daemons." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="FS_WITH_FAILED_MDS"}' + values: '0 0 1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="FS_WITH_FAILED_MDS"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="FS_WITH_FAILED_MDS"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephFilesystemFailureNoStandby + - eval_time: 10m + alertname: CephFilesystemFailureNoStandby + exp_alerts: + - exp_labels: + name: FS_WITH_FAILED_MDS + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.5.5 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#fs-with-failed-mds + summary: MDS daemon failed, no further standby available + description: "An MDS daemon has failed, leaving only one active rank and no available standby. Investigate the cause of the failure or add a standby MDS." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="MDS_UP_LESS_THAN_MAX"}' + values: '0 0 1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="MDS_UP_LESS_THAN_MAX"} > 0 + eval_time: 2m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="MDS_UP_LESS_THAN_MAX"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephFilesystemMDSRanksLow + - eval_time: 10m + alertname: CephFilesystemMDSRanksLow + exp_alerts: + - exp_labels: + name: MDS_UP_LESS_THAN_MAX + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/cephfs/health-messages/#mds-up-less-than-max + summary: Ceph MDS daemon count is lower than configured + description: "The filesystem's 'max_mds' setting defines the number of MDS ranks in the filesystem. The current number of active MDS daemons is less than this value." +# MGR + - interval: 1m + input_series: + - series: 'up{job="ceph", instance="ceph-mgr:9283"}' + values: '1+0x2 0+0x10' + promql_expr_test: + - expr: up{job="ceph"} == 0 + eval_time: 3m + exp_samples: + - labels: '{__name__="up", job="ceph", instance="ceph-mgr:9283"}' + value: 0 + alert_rule_test: + - eval_time: 1m + alertname: CephMgrPrometheusModuleInactive + - eval_time: 10m + alertname: CephMgrPrometheusModuleInactive + exp_alerts: + - exp_labels: + instance: ceph-mgr:9283 + job: ceph + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.6.2 + exp_annotations: + summary: The mgr/prometheus module is not available + description: "The mgr/prometheus module at ceph-mgr:9283 is unreachable. This could mean that the module has been disabled or the mgr daemon itself is down. Without the mgr/prometheus module metrics and alerts will no longer function. Open a shell to an admin node or toolbox pod and use 'ceph -s' to to determine whether the mgr is active. If the mgr is not active, restart it, otherwise you can determine module status with 'ceph mgr module ls'. If it is not listed as enabled, enable it with 'ceph mgr module enable prometheus'." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="RECENT_MGR_MODULE_CRASH"}' + values: '0+0x2 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name="RECENT_MGR_MODULE_CRASH"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="RECENT_MGR_MODULE_CRASH"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephMgrModuleCrash + - eval_time: 15m + alertname: CephMgrModuleCrash + exp_alerts: + - exp_labels: + name: RECENT_MGR_MODULE_CRASH + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.6.1 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#recent-mgr-module-crash + summary: A manager module has recently crashed + description: "One or more mgr modules have crashed and have yet to be acknowledged by an administrator. A crashed module may impact functionality within the cluster. Use the 'ceph crash' command to determine which module has failed, and archive it to acknowledge the failure." +# MON + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="MON_DISK_CRIT"}' + values: '0+0x2 1+0x10' + - series: 'ceph_mon_metadata{ceph_daemon="mon.a", hostname="ceph-mon-a"}' + values: '1+0x13' + promql_expr_test: + - expr: ceph_health_detail{name="MON_DISK_CRIT"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="MON_DISK_CRIT"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephMonDiskspaceCritical + - eval_time: 10m + alertname: CephMonDiskspaceCritical + exp_alerts: + - exp_labels: + name: "MON_DISK_CRIT" + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.3.2 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-disk-crit + summary: Filesystem space on at least one monitor is critically low + description: "The free space available to a monitor's store is critically low. You should increase the space available to the monitor(s). The default directory is /var/lib/ceph/mon-*/data/store.db on traditional deployments, and /var/lib/rook/mon-*/data/store.db on the mon pod's worker node for Rook. Look for old, rotated versions of *.log and MANIFEST*. Do NOT touch any *.sst files. Also check any other directories under /var/lib/rook and other directories on the same filesystem, often /var/log and /var/tmp are culprits. Your monitor hosts are; - ceph-mon-a" + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="MON_DISK_LOW"}' + values: '0+0x2 1+0x10' + - series: 'ceph_mon_metadata{ceph_daemon="mon.a", hostname="ceph-mon-a"}' + values: '1+0x13' + promql_expr_test: + - expr: ceph_health_detail{name="MON_DISK_LOW"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="MON_DISK_LOW"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephMonDiskspaceLow + - eval_time: 10m + alertname: CephMonDiskspaceLow + exp_alerts: + - exp_labels: + name: "MON_DISK_LOW" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-disk-low + summary: Drive space on at least one monitor is approaching full + description: "The space available to a monitor's store is approaching full (>70% is the default). You should increase the space available to the monitor(s). The default directory is /var/lib/ceph/mon-*/data/store.db on traditional deployments, and /var/lib/rook/mon-*/data/store.db on the mon pod's worker node for Rook. Look for old, rotated versions of *.log and MANIFEST*. Do NOT touch any *.sst files. Also check any other directories under /var/lib/rook and other directories on the same filesystem, often /var/log and /var/tmp are culprits. Your monitor hosts are; - ceph-mon-a" + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="MON_CLOCK_SKEW"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="MON_CLOCK_SKEW"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="MON_CLOCK_SKEW"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephMonClockSkew + - eval_time: 10m + alertname: CephMonClockSkew + exp_alerts: + - exp_labels: + name: "MON_CLOCK_SKEW" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-clock-skew + summary: Clock skew detected among monitors + description: "Ceph monitors rely on closely synchronized time to maintain quorum and cluster consistency. This event indicates that the time on at least one mon has drifted too far from the lead mon. Review cluster status with ceph -s. This will show which monitors are affected. Check the time sync status on each monitor host with 'ceph time-sync-status' and the state and peers of your ntpd or chrony daemon." + +# Check 3 mons one down, quorum at risk + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="MON_DOWN"}' + values: '0+0x2 1+0x12' + - series: 'ceph_mon_quorum_status{ceph_daemon="mon.a"}' + values: '1+0x14' + - series: 'ceph_mon_quorum_status{ceph_daemon="mon.b"}' + values: '1+0x14' + - series: 'ceph_mon_quorum_status{ceph_daemon="mon.c"}' + values: '1+0x2 0+0x12' + - series: 'ceph_mon_metadata{ceph_daemon="mon.a", hostname="ceph-mon-1"}' + values: '1+0x14' + - series: 'ceph_mon_metadata{ceph_daemon="mon.b", hostname="ceph-mon-2"}' + values: '1+0x14' + - series: 'ceph_mon_metadata{ceph_daemon="mon.c", hostname="ceph-mon-3"}' + values: '1+0x14' + promql_expr_test: + - expr: ((ceph_health_detail{name="MON_DOWN"} == 1) * on() (count(ceph_mon_quorum_status == 1) == bool (floor(count(ceph_mon_metadata) / 2) + 1))) == 1 + eval_time: 3m + exp_samples: + - labels: '{}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephMonDownQuorumAtRisk + # shouldn't fire + - eval_time: 10m + alertname: CephMonDownQuorumAtRisk + exp_alerts: + - exp_labels: + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.3.1 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-down + summary: Monitor quorum is at risk + description: "Quorum requires a majority of monitors (x 2) to be active. Without quorum the cluster will become inoperable, affecting all services and connected clients. The following monitors are down: - mon.c on ceph-mon-3" +# check 5 mons, 1 down - warning only + - interval: 1m + input_series: + - series: 'ceph_mon_quorum_status{ceph_daemon="mon.a"}' + values: '1+0x14' + - series: 'ceph_mon_quorum_status{ceph_daemon="mon.b"}' + values: '1+0x14' + - series: 'ceph_mon_quorum_status{ceph_daemon="mon.c"}' + values: '1+0x14' + - series: 'ceph_mon_quorum_status{ceph_daemon="mon.d"}' + values: '1+0x14' + - series: 'ceph_mon_quorum_status{ceph_daemon="mon.e"}' + values: '1+0x2 0+0x12' + - series: 'ceph_mon_metadata{ceph_daemon="mon.a", hostname="ceph-mon-1"}' + values: '1+0x14' + - series: 'ceph_mon_metadata{ceph_daemon="mon.b", hostname="ceph-mon-2"}' + values: '1+0x14' + - series: 'ceph_mon_metadata{ceph_daemon="mon.c", hostname="ceph-mon-3"}' + values: '1+0x14' + - series: 'ceph_mon_metadata{ceph_daemon="mon.d", hostname="ceph-mon-4"}' + values: '1+0x14' + - series: 'ceph_mon_metadata{ceph_daemon="mon.e", hostname="ceph-mon-5"}' + values: '1+0x14' + promql_expr_test: + - expr: (count(ceph_mon_quorum_status == 0) <= (count(ceph_mon_metadata) - floor(count(ceph_mon_metadata) / 2) + 1)) + eval_time: 3m + exp_samples: + - labels: '{}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephMonDown + - eval_time: 10m + alertname: CephMonDown + exp_alerts: + - exp_labels: + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#mon-down + summary: One or more monitors down + description: "You have 1 monitor down. Quorum is still intact, but the loss of an additional monitor will make your cluster inoperable. The following monitors are down: - mon.e on ceph-mon-5\n" +# Device Health + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="DEVICE_HEALTH"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="DEVICE_HEALTH"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="DEVICE_HEALTH"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephDeviceFailurePredicted + - eval_time: 10m + alertname: CephDeviceFailurePredicted + exp_alerts: + - exp_labels: + name: "DEVICE_HEALTH" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#id2 + summary: Device(s) predicted to fail soon + description: "The device health module has determined that one or more devices will fail soon. To review device status use 'ceph device ls'. To show a specific device use 'ceph device info '. Mark the OSD out so that data may migrate to other OSDs. Once the OSD has drained, destroy the OSD, replace the device, and redeploy the OSD." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="DEVICE_HEALTH_TOOMANY"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="DEVICE_HEALTH_TOOMANY"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="DEVICE_HEALTH_TOOMANY"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephDeviceFailurePredictionTooHigh + - eval_time: 10m + alertname: CephDeviceFailurePredictionTooHigh + exp_alerts: + - exp_labels: + name: "DEVICE_HEALTH_TOOMANY" + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.4.7 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#device-health-toomany + summary: Too many devices are predicted to fail, unable to resolve + description: "The device health module has determined that devices predicted to fail can not be remediated automatically, since too many OSDs would be removed from the cluster to ensure performance and availabililty. Prevent data integrity issues by adding new OSDs so that data may be relocated." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="DEVICE_HEALTH_IN_USE"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="DEVICE_HEALTH_IN_USE"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="DEVICE_HEALTH_IN_USE"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephDeviceFailureRelocationIncomplete + - eval_time: 10m + alertname: CephDeviceFailureRelocationIncomplete + exp_alerts: + - exp_labels: + name: "DEVICE_HEALTH_IN_USE" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#device-health-in-use + summary: Device failure is predicted, but unable to relocate data + description: "The device health module has determined that one or more devices will fail soon, but the normal process of relocating the data on the device to other OSDs in the cluster is blocked. \nEnsure that the cluster has available free space. It may be necessary to add capacity to the cluster to allow data from the failing device to successfully migrate, or to enable the balancer." +# OSD + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="OSD_HOST_DOWN"}' + values: '0+0x2 1+0x10' + - series: 'ceph_osd_up{ceph_daemon="osd.0"}' + values: '1+0x2 0+0x10' + - series: 'ceph_osd_metadata{ceph_daemon="osd.0", hostname="ceph-osd-1"}' + values: '1+0x12' + promql_expr_test: + - expr: ceph_health_detail{name="OSD_HOST_DOWN"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="OSD_HOST_DOWN"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDHostDown + - eval_time: 10m + alertname: CephOSDHostDown + exp_alerts: + - exp_labels: + name: "OSD_HOST_DOWN" + severity: warning + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.4.8 + exp_annotations: + summary: An OSD host is offline + description: "The following OSDs are down: - ceph-osd-1 : osd.0" + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="OSD_SLOW_PING_TIME_FRONT"}' + values: '0+0x2 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name="OSD_SLOW_PING_TIME_FRONT"} == 0 + eval_time: 1m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="OSD_SLOW_PING_TIME_FRONT"}' + value: 0 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDTimeoutsPublicNetwork + - eval_time: 10m + alertname: CephOSDTimeoutsPublicNetwork + exp_alerts: + - exp_labels: + name: "OSD_SLOW_PING_TIME_FRONT" + severity: warning + type: ceph_default + exp_annotations: + summary: Network issues delaying OSD heartbeats (public network) + description: "OSD heartbeats on the cluster's 'public' network (frontend) are running slow. Investigate the network for latency or loss issues. Use 'ceph health detail' to show the affected OSDs." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="OSD_SLOW_PING_TIME_BACK"}' + values: '0+0x2 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name="OSD_SLOW_PING_TIME_BACK"} == 0 + eval_time: 1m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="OSD_SLOW_PING_TIME_BACK"}' + value: 0 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDTimeoutsClusterNetwork + - eval_time: 10m + alertname: CephOSDTimeoutsClusterNetwork + exp_alerts: + - exp_labels: + name: "OSD_SLOW_PING_TIME_BACK" + severity: warning + type: ceph_default + exp_annotations: + summary: Network issues delaying OSD heartbeats (cluster network) + description: "OSD heartbeats on the cluster's 'cluster' network (backend) are slow. Investigate the network for latency issues on this subnet. Use 'ceph health detail' to show the affected OSDs." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="BLUESTORE_DISK_SIZE_MISMATCH"}' + values: '0+0x2 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name="BLUESTORE_DISK_SIZE_MISMATCH"} == 0 + eval_time: 1m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="BLUESTORE_DISK_SIZE_MISMATCH"}' + value: 0 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDInternalDiskSizeMismatch + - eval_time: 10m + alertname: CephOSDInternalDiskSizeMismatch + exp_alerts: + - exp_labels: + name: "BLUESTORE_DISK_SIZE_MISMATCH" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#bluestore-disk-size-mismatch + summary: OSD size inconsistency error + description: "One or more OSDs have an internal inconsistency between metadata and the size of the device. This could lead to the OSD(s) crashing in future. You should redeploy the affected OSDs." + - interval: 30s + input_series: + - series: 'ceph_health_detail{name="BLUESTORE_SPURIOUS_READ_ERRORS"}' + values: '0+0x2 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name="BLUESTORE_SPURIOUS_READ_ERRORS"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="BLUESTORE_SPURIOUS_READ_ERRORS"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDReadErrors + - eval_time: 10m + alertname: CephOSDReadErrors + exp_alerts: + - exp_labels: + name: "BLUESTORE_SPURIOUS_READ_ERRORS" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#bluestore-spurious-read-errors + summary: Device read errors detected + description: "An OSD has encountered read errors, but the OSD has recovered by retrying the reads. This may indicate an issue with hardware or the kernel." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="OSD_DOWN"}' + values: '0+0x2 1+0x10' + - series: 'ceph_osd_up{ceph_daemon="osd.0"}' + values: '1+0x12' + - series: 'ceph_osd_up{ceph_daemon="osd.1"}' + values: '1+0x2 0+0x10' + - series: 'ceph_osd_up{ceph_daemon="osd.2"}' + values: '1+0x12' + - series: 'ceph_osd_metadata{ceph_daemon="osd.0", hostname="ceph-osd-1"}' + values: '1+0x12' + - series: 'ceph_osd_metadata{ceph_daemon="osd.1", hostname="ceph-osd-2"}' + values: '1+0x12' + - series: 'ceph_osd_metadata{ceph_daemon="osd.2", hostname="ceph-osd-3"}' + values: '1+0x12' + promql_expr_test: + - expr: ceph_health_detail{name="OSD_DOWN"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="OSD_DOWN"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDDown + - eval_time: 10m + alertname: CephOSDDown + exp_alerts: + - exp_labels: + name: "OSD_DOWN" + severity: warning + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.4.2 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-down + summary: An OSD has been marked down + description: "1 OSD down for over 5mins. The following OSD is down: - osd.1 on ceph-osd-2\n" + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="OSD_NEARFULL"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="OSD_NEARFULL"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="OSD_NEARFULL"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDNearFull + - eval_time: 10m + alertname: CephOSDNearFull + exp_alerts: + - exp_labels: + name: "OSD_NEARFULL" + severity: warning + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.4.3 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-nearfull + summary: OSD(s) running low on free space (NEARFULL) + description: One or more OSDs have reached the NEARFULL threshold. Use 'ceph health detail' and 'ceph osd df' to identify the problem. To resolve, add capacity to the affected OSD's failure domain, restore down/out OSDs, or delete unwanted data. + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="OSD_FULL"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="OSD_FULL"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="OSD_FULL"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDFull + - eval_time: 10m + alertname: CephOSDFull + exp_alerts: + - exp_labels: + name: "OSD_FULL" + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.4.6 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-full + summary: OSD full, writes blocked + description: An OSD has reached the FULL threshold. Writes to pools that share the affected OSD will be blocked. Use 'ceph health detail' and 'ceph osd df' to identify the problem. To resolve, add capacity to the affected OSD's failure domain, restore down/out OSDs, or delete unwanted data. + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="OSD_BACKFILLFULL"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="OSD_BACKFILLFULL"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="OSD_BACKFILLFULL"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDBackfillFull + - eval_time: 10m + alertname: CephOSDBackfillFull + exp_alerts: + - exp_labels: + name: "OSD_BACKFILLFULL" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-backfillfull + summary: OSD(s) too full for backfill operations + description: "An OSD has reached the BACKFILL FULL threshold. This will prevent rebalance operations from completing. Use 'ceph health detail' and 'ceph osd df' to identify the problem. To resolve, add capacity to the affected OSD's failure domain, restore down/out OSDs, or delete unwanted data." + - interval: 30s + input_series: + - series: 'ceph_health_detail{name="OSD_TOO_MANY_REPAIRS"}' + values: '0+0x2 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name="OSD_TOO_MANY_REPAIRS"} == 0 + eval_time: 1m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="OSD_TOO_MANY_REPAIRS"}' + value: 0 + alert_rule_test: + - eval_time: 1m + alertname: CephOSDTooManyRepairs + - eval_time: 10m + alertname: CephOSDTooManyRepairs + exp_alerts: + - exp_labels: + name: "OSD_TOO_MANY_REPAIRS" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#osd-too-many-repairs + summary: OSD reports a high number of read errors + description: Reads from an OSD have used a secondary PG to return data to the client, indicating a potential failing drive. +# Pools + # trigger percent full prediction on pools 1 and 2 only + - interval: 12h + input_series: + - series: 'ceph_pool_percent_used{pool_id="1"}' + values: '70 75 80 87 92' + - series: 'ceph_pool_percent_used{pool_id="2"}' + values: '22 22 23 23 24' + - series: 'ceph_pool_metadata{pool_id="1",name="rbd",type="replicated"}' + values: '1 1 1 1 1' + - series: 'ceph_pool_metadata{pool_id="2",name="default.rgw.index",type="replicated"}' + values: '1 1 1 1 1' + promql_expr_test: + - expr: | + (predict_linear(ceph_pool_percent_used[2d], 3600 * 24 * 5) * on(pool_id) + group_right ceph_pool_metadata) >= 95 + eval_time: 36h + exp_samples: + - labels: '{name="rbd",pool_id="1",type="replicated"}' + value: 1.424E+02 # 142% + alert_rule_test: + - eval_time: 48h + alertname: CephPoolGrowthWarning + exp_alerts: + - exp_labels: + name: rbd + pool_id: 1 + severity: warning + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.9.2 + exp_annotations: + summary: Pool growth rate may soon exceed capacity + description: Pool 'rbd' will be full in less than 5 days assuming the average fill-up rate of the past 48 hours. + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="POOL_BACKFILLFULL"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="POOL_BACKFILLFULL"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="POOL_BACKFILLFULL"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephPoolBackfillFull + - eval_time: 5m + alertname: CephPoolBackfillFull + exp_alerts: + - exp_labels: + name: "POOL_BACKFILLFULL" + severity: warning + type: ceph_default + exp_annotations: + summary: Free space in a pool is too low for recovery/backfill + description: A pool is approaching the near full threshold, which will prevent recovery/backfill operations from completing. Consider adding more capacity. + + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="POOL_NEAR_FULL"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="POOL_NEAR_FULL"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="POOL_NEAR_FULL"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephPoolNearFull + - eval_time: 10m + alertname: CephPoolNearFull + exp_alerts: + - exp_labels: + name: "POOL_NEAR_FULL" + severity: warning + type: ceph_default + exp_annotations: + summary: One or more Ceph pools are nearly full + description: "A pool has exceeded the warning (percent full) threshold, or OSDs supporting the pool have reached the NEARFULL threshold. Writes may continue, but you are at risk of the pool going read-only if more capacity isn't made available. Determine the affected pool with 'ceph df detail', looking at QUOTA BYTES and STORED. Increase the pool's quota, or add capacity to the cluster first then increase the pool's quota (e.g. ceph osd pool set quota max_bytes ). Also ensure that the balancer is active." + +# PGs + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="PG_NOT_SCRUBBED"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="PG_NOT_SCRUBBED"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="PG_NOT_SCRUBBED"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephPGNotScrubbed + - eval_time: 10m + alertname: CephPGNotScrubbed + exp_alerts: + - exp_labels: + name: "PG_NOT_SCRUBBED" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-not-scrubbed + summary: Placement group(s) have not been scrubbed + description: "One or more PGs have not been scrubbed recently. Scrubs check metadata integrity, protecting against bit-rot. They check that metadata is consistent across data replicas. When PGs miss their scrub interval, it may indicate that the scrub window is too small, or PGs were not in a 'clean' state during the scrub window. You can manually initiate a scrub with: ceph pg scrub " + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="PG_DAMAGED"}' + values: '0+0x4 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name=~"PG_DAMAGED|OSD_SCRUB_ERRORS"} == 1 + eval_time: 5m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="PG_DAMAGED"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephPGsDamaged + - eval_time: 10m + alertname: CephPGsDamaged + exp_alerts: + - exp_labels: + name: "PG_DAMAGED" + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.7.4 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-damaged + summary: Placement group damaged, manual intervention needed + description: During data consistency checks (scrub), at least one PG has been flagged as being damaged or inconsistent. Check to see which PG is affected, and attempt a manual repair if necessary. To list problematic placement groups, use 'rados list-inconsistent-pg '. To repair PGs use the 'ceph pg repair ' command. + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="TOO_MANY_PGS"}' + values: '0+0x4 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name="TOO_MANY_PGS"} == 1 + eval_time: 5m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="TOO_MANY_PGS"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephPGsHighPerOSD + - eval_time: 10m + alertname: CephPGsHighPerOSD + exp_alerts: + - exp_labels: + name: "TOO_MANY_PGS" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks/#too-many-pgs + summary: Placement groups per OSD is too high + description: "The number of placement groups per OSD is too high (exceeds the mon_max_pg_per_osd setting).\n Check that the pg_autoscaler has not been disabled for any pools with 'ceph osd pool autoscale-status', and that the profile selected is appropriate. You may also adjust the target_size_ratio of a pool to guide the autoscaler based on the expected relative size of the pool ('ceph osd pool set cephfs.cephfs.meta target_size_ratio .1') or set the pg_autoscaler mode to 'warn' and adjust pg_num appropriately for one or more pools." + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="PG_RECOVERY_FULL"}' + values: '0+0x2 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name="PG_RECOVERY_FULL"} == 0 + eval_time: 1m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="PG_RECOVERY_FULL"}' + value: 0 + alert_rule_test: + - eval_time: 1m + alertname: CephPGRecoveryAtRisk + - eval_time: 10m + alertname: CephPGRecoveryAtRisk + exp_alerts: + - exp_labels: + name: "PG_RECOVERY_FULL" + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.7.5 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-recovery-full + summary: OSDs are too full for recovery + description: Data redundancy is at risk since one or more OSDs are at or above the 'full' threshold. Add more capacity to the cluster, restore down/out OSDs, or delete unwanted data. + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="PG_BACKFILL_FULL"}' + values: '0+0x2 1+0x20' + promql_expr_test: + - expr: ceph_health_detail{name="PG_BACKFILL_FULL"} == 0 + eval_time: 1m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="PG_BACKFILL_FULL"}' + value: 0 + alert_rule_test: + - eval_time: 1m + alertname: CephPGBackfillAtRisk + - eval_time: 10m + alertname: CephPGBackfillAtRisk + exp_alerts: + - exp_labels: + name: "PG_BACKFILL_FULL" + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.7.6 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-backfill-full + summary: Backfill operations are blocked due to lack of free space + description: Data redundancy may be at risk due to lack of free space within the cluster. One or more OSDs have reached the 'backfillfull' threshold. Add more capacity, or delete unwanted data. + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="PG_AVAILABILITY"}' + values: '0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_health_detail{name="OSD_DOWN"}' + values: '0 0 0 1 1 1 1 1 1 0 0 0 0 0 0 0' + promql_expr_test: + - expr: ((ceph_health_detail{name="PG_AVAILABILITY"} == 1) - scalar(ceph_health_detail{name="OSD_DOWN"})) + eval_time: 1m + # empty set at 1m + exp_samples: + alert_rule_test: + # PG_AVAILABILITY and OSD_DOWN not firing .. no alert + - eval_time: 1m + alertname: CephPGUnavilableBlockingIO + exp_alerts: + # PG_AVAILABILITY firing, but osd_down is active .. no alert + - eval_time: 5m + alertname: CephPGUnavilableBlockingIO + exp_alerts: + # PG_AVAILABILITY firing, AND OSD_DOWN is not active...raise the alert + - eval_time: 15m + alertname: CephPGUnavilableBlockingIO + exp_alerts: + - exp_labels: + name: "PG_AVAILABILITY" + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.7.3 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-availability + summary: PG is unavailable, blocking I/O + description: Data availability is reduced, impacting the cluster's ability to service I/O. One or more placement groups (PGs) are in a state that blocks I/O. + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="PG_NOT_DEEP_SCRUBBED"}' + values: '0+0x2 1+0x10' + promql_expr_test: + - expr: ceph_health_detail{name="PG_NOT_DEEP_SCRUBBED"} == 1 + eval_time: 3m + exp_samples: + - labels: '{__name__="ceph_health_detail", name="PG_NOT_DEEP_SCRUBBED"}' + value: 1 + alert_rule_test: + - eval_time: 1m + alertname: CephPGNotDeepScrubbed + - eval_time: 10m + alertname: CephPGNotDeepScrubbed + exp_alerts: + - exp_labels: + name: "PG_NOT_DEEP_SCRUBBED" + severity: warning + type: ceph_default + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#pg-not-deep-scrubbed + summary: Placement group(s) have not been deep scrubbed + description: One or more PGs have not been deep scrubbed recently. Deep scrubs protect against bit-rot. They compare data replicas to ensure consistency. When PGs miss their deep scrub interval, it may indicate that the window is too small or PGs were not in a 'clean' state during the deep-scrub window. + +# Prometheus + - interval: 1m + input_series: + - series: 'up{job="myjob"}' + values: '1+0x10' + promql_expr_test: + - expr: absent(up{job="ceph"}) + eval_time: 1m + exp_samples: + - labels: '{job="ceph"}' + value: 1 + alert_rule_test: + - eval_time: 5m + alertname: PrometheusJobMissing + exp_alerts: + - exp_labels: + job: ceph + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.12.1 + exp_annotations: + summary: The scrape job for Ceph is missing from Prometheus + description: The prometheus job that scrapes from Ceph is no longer defined, this will effectively mean you'll have no metrics or alerts for the cluster. Please review the job definitions in the prometheus.yml file of the prometheus instance. +# RADOS + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="OBJECT_UNFOUND"}' + values: '0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_osd_up{ceph_daemon="osd.0"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_osd_up{ceph_daemon="osd.1"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_osd_up{ceph_daemon="osd.2"}' + values: '1 1 1 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_osd_metadata{ceph_daemon="osd.0"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_osd_metadata{ceph_daemon="osd.1"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + - series: 'ceph_osd_metadata{ceph_daemon="osd.2"}' + values: '1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: (ceph_health_detail{name="OBJECT_UNFOUND"} == 1) * on() (count(ceph_osd_up == 1) == bool count(ceph_osd_metadata)) == 1 + eval_time: 1m + exp_samples: + alert_rule_test: + # OBJECT_UNFOUND but osd.2 is down, so don't fire + - eval_time: 5m + alertname: CephObjectMissing + exp_alerts: + # OBJECT_UNFOUND and all osd's are online, so fire + - eval_time: 15m + alertname: CephObjectMissing + exp_alerts: + - exp_labels: + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.10.1 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks#object-unfound + summary: Object(s) marked UNFOUND + description: The latest version of a RADOS object can not be found, even though all OSDs are up. I/O requests for this object from clients will block (hang). Resolving this issue may require the object to be rolled back to a prior version manually, and manually verified. +# Generic Alerts + - interval: 1m + input_series: + - series: 'ceph_health_detail{name="RECENT_CRASH"}' + values: '0 0 0 1 1 1 1 1 1 1 1' + promql_expr_test: + - expr: ceph_health_detail{name="RECENT_CRASH"} == 1 + eval_time: 1m + exp_samples: + alert_rule_test: + # not firing + - eval_time: 1m + alertname: CephDaemonCrash + exp_alerts: + # firing + - eval_time: 10m + alertname: CephDaemonCrash + exp_alerts: + - exp_labels: + name: RECENT_CRASH + severity: critical + type: ceph_default + oid: 1.3.6.1.4.1.50495.1.2.1.1.2 + exp_annotations: + documentation: https://docs.ceph.com/en/latest/rados/operations/health-checks/#recent-crash + summary: One or more Ceph daemons have crashed, and are pending acknowledgement + description: One or more daemons have crashed recently, and need to be acknowledged. This notification ensures that software crashes do not go unseen. To acknowledge a crash, use the 'ceph crash archive ' command. diff --git a/monitoring/ceph-mixin/tests_alerts/test_syntax.py b/monitoring/ceph-mixin/tests_alerts/test_syntax.py new file mode 100755 index 000000000..966d768bd --- /dev/null +++ b/monitoring/ceph-mixin/tests_alerts/test_syntax.py @@ -0,0 +1,42 @@ +import pytest +import os +import yaml +from .utils import promtool_available, call +from .settings import ALERTS_FILE, UNIT_TESTS_FILE + + +def load_yaml(file_name): + yaml_data = None + with open(file_name, 'r') as alert_file: + raw = alert_file.read() + try: + yaml_data = yaml.safe_load(raw) + except yaml.YAMLError as e: + pass + + return yaml_data + + +def test_alerts_present(): + assert os.path.exists(ALERTS_FILE), f"{ALERTS_FILE} not found" + + +def test_unittests_present(): + assert os.path.exists(UNIT_TESTS_FILE), f"{UNIT_TESTS_FILE} not found" + + +@pytest.mark.skipif(not os.path.exists(ALERTS_FILE), reason=f"{ALERTS_FILE} missing") +def test_rules_format(): + assert load_yaml(ALERTS_FILE) + + +@pytest.mark.skipif(not os.path.exists(UNIT_TESTS_FILE), reason=f"{UNIT_TESTS_FILE} missing") +def test_unittests_format(): + assert load_yaml(UNIT_TESTS_FILE) + + +@pytest.mark.skipif(not promtool_available(), reason="promtool is not installed. Unable to check syntax") +def test_rule_syntax(): + completion = call(f"promtool check rules {ALERTS_FILE}") + assert completion.returncode == 0 + assert b"SUCCESS" in completion.stdout diff --git a/monitoring/ceph-mixin/tests_alerts/test_unittests.py b/monitoring/ceph-mixin/tests_alerts/test_unittests.py new file mode 100644 index 000000000..4cfb2b600 --- /dev/null +++ b/monitoring/ceph-mixin/tests_alerts/test_unittests.py @@ -0,0 +1,19 @@ +import pytest +import os +from .utils import promtool_available, call +from .settings import ALERTS_FILE, UNIT_TESTS_FILE + + +def test_alerts_present(): + assert os.path.exists(ALERTS_FILE), f"{ALERTS_FILE} not found" + + +def test_unittests_present(): + assert os.path.exists(UNIT_TESTS_FILE), f"{UNIT_TESTS_FILE} not found" + + +@pytest.mark.skipif(not promtool_available(), reason="promtool is not installed. Unable to run unit tests") +def test_run_unittests(): + completion = call(f"promtool test rules {UNIT_TESTS_FILE}") + assert completion.returncode == 0 + assert b"SUCCESS" in completion.stdout diff --git a/monitoring/ceph-mixin/tests_alerts/utils.py b/monitoring/ceph-mixin/tests_alerts/utils.py new file mode 100644 index 000000000..842924447 --- /dev/null +++ b/monitoring/ceph-mixin/tests_alerts/utils.py @@ -0,0 +1,12 @@ +import pytest +import shutil +import subprocess + + +def promtool_available() -> bool: + return shutil.which('promtool') is not None + + +def call(cmd): + completion = subprocess.run(cmd.split(), stdout=subprocess.PIPE) + return completion diff --git a/monitoring/ceph-mixin/tests_alerts/validate_rules.py b/monitoring/ceph-mixin/tests_alerts/validate_rules.py new file mode 100755 index 000000000..c24ce5c59 --- /dev/null +++ b/monitoring/ceph-mixin/tests_alerts/validate_rules.py @@ -0,0 +1,571 @@ +#!/usr/bin/env python3 +# +# Check the Prometheus rules for format, and integration +# with the unit tests. This script has the following exit +# codes: +# 0 .. Everything worked +# 4 .. rule problems or missing unit tests +# 8 .. Missing fields in YAML +# 12 .. Invalid YAML - unable to load +# 16 .. Missing input files +# +# Externals +# snmptranslate .. used to determine the oid's in the MIB to verify the rule -> MIB is correct +# + +import re +import os +import sys +import yaml +import shutil +import string +from bs4 import BeautifulSoup +from typing import List, Any, Dict, Set, Optional, Tuple +import subprocess + +import urllib.request +import urllib.error +from urllib.parse import urlparse + +from settings import ALERTS_FILE, MIB_FILE, UNIT_TESTS_FILE + +DOCLINK_NAME = 'documentation' + + +def isascii(s: str) -> bool: + try: + s.encode('ascii') + except UnicodeEncodeError: + return False + return True + + +def read_file(file_name: str) -> Tuple[str, str]: + try: + with open(file_name, 'r') as input_file: + raw_data = input_file.read() + except OSError: + return '', f"Unable to open {file_name}" + + return raw_data, '' + + +def load_yaml(file_name: str) -> Tuple[Dict[str, Any], str]: + data = {} + errs = '' + + raw_data, err = read_file(file_name) + if not err: + + try: + data = yaml.safe_load(raw_data) + except yaml.YAMLError as e: + errs = f"filename '{file_name} is not a valid YAML file" + + return data, errs + + +def run_command(command: str): + c = command.split() + completion = subprocess.run(c, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + return (completion.returncode, + completion.stdout.decode('utf-8').split('\n'), + completion.stderr.decode('utf-8').split('\n')) + + +class HTMLCache: + def __init__(self) -> None: + self.cache: Dict[str, Tuple[int, str]] = {} + + def fetch(self, url_str: str) -> None: + parsed = urlparse(url_str) + url = f"{parsed.scheme}://{parsed.netloc}{parsed.path}" + + if url in self.cache: + return self.cache[url] + + req = urllib.request.Request(url) + try: + r = urllib.request.urlopen(req) + except urllib.error.HTTPError as e: + self.cache[url] = e.code, e.reason + return self.cache[url] + except urllib.error.URLError as e: + self.cache[url] = 400, e.reason + return self.cache[url] + + if r.status == 200: + html = r.read().decode('utf-8') + self.cache[url] = 200, html + return self.cache[url] + + self.cache[url] = r.status, r.reason + return r.status, r.reason + + @property + def cached_pages(self) -> List[str]: + return self.cache.keys() + + @property + def cached_pages_total(self) -> int: + return len(self.cache.keys()) + +class PrometheusRule: + expected_attrs = [ + 'alert', + 'expr', + 'labels', + 'annotations' + ] + + def __init__(self, rule_group, rule_data: Dict[str, Any]): + + assert 'alert' in rule_data + self.group: RuleGroup = rule_group + self.name = rule_data.get('alert') + self.rule = rule_data + self.errors: List[str] = [] + self.warnings: List[str] = [] + self.validate() + + @property + def has_oid(self): + return True if self.rule.get('labels', {}).get('oid', '') else False + + @property + def labels(self) -> Dict[str, str]: + return self.rule.get('labels', {}) + + @property + def annotations(self) -> Dict[str, str]: + return self.rule.get('annotations', {}) + + def _check_alert_name(self): + # this is simplistic, but works in the context of the alert name + if self.name[0] in string.ascii_uppercase and \ + self.name != self.name.lower() and \ + self.name != self.name.upper() and \ + " " not in self.name and \ + "_" not in self.name: + return + + self.warnings.append("Alert name is not in CamelCase format") + + def _check_structure(self): + rule_attrs = self.rule.keys() + missing_attrs = [a for a in PrometheusRule.expected_attrs if a not in rule_attrs] + + if missing_attrs: + self.errors.append( + f"invalid alert structure. Missing field{'s' if len(missing_attrs) > 1 else ''}" + f": {','.join(missing_attrs)}") + + def _check_labels(self): + for rqd in ['severity', 'type']: + if rqd not in self.labels.keys(): + self.errors.append(f"rule is missing {rqd} label definition") + + def _check_annotations(self): + for rqd in ['summary', 'description']: + if rqd not in self.annotations: + self.errors.append(f"rule is missing {rqd} annotation definition") + + def _check_doclink(self): + doclink = self.annotations.get(DOCLINK_NAME, '') + + if doclink: + url = urlparse(doclink) + status, content = self.group.fetch_html_page(doclink) + if status == 200: + if url.fragment: + soup = BeautifulSoup(content, 'html.parser') + if not soup.find(id=url.fragment): + self.errors.append(f"documentation link error: {url.fragment} anchor not found on the page") + else: + # catch all + self.errors.append(f"documentation link error: {status} {content}") + + def _check_snmp(self): + oid = self.labels.get('oid', '') + + if self.labels.get('severity', '') == 'critical' and not oid: + self.warnings.append("critical level alert is missing an SNMP oid entry") + if oid and not re.search('^1.3.6.1.4.1.50495.1.2.\\d+.\\d+.\\d+$', oid): + self.errors.append("invalid OID format provided") + if self.group.get_oids(): + if oid and oid not in self.group.get_oids(): + self.errors.append(f"rule defines an OID {oid} that is missing from the MIB file({os.path.basename(MIB_FILE)})") + + def _check_ascii(self): + if 'oid' not in self.labels: + return + + desc = self.annotations.get('description', '') + summary = self.annotations.get('summary', '') + if not isascii(desc): + self.errors.append(f"non-ascii characters found in 'description' field will cause issues in associated snmp trap.") + if not isascii(summary): + self.errors.append(f"non-ascii characters found in 'summary' field will cause issues in associated snmp trap.") + + def validate(self): + + self._check_alert_name() + self._check_structure() + self._check_labels() + self._check_annotations() + self._check_doclink() + self._check_snmp() + self._check_ascii() + char = '.' + + if self.errors: + char = 'E' + self.group.update('error', self.name) + elif self.warnings: + char = 'W' + self.group.update('warning', self.name) + + sys.stdout.write(char) + + +class RuleGroup: + + def __init__(self, rule_file, group_name: str, group_name_width: int): + self.rule_file: RuleFile = rule_file + self.group_name = group_name + self.rules: Dict[str, PrometheusRule] = {} + self.problems = { + "error": [], + "warning": [], + } + + sys.stdout.write(f"\n\t{group_name:<{group_name_width}} : ") + + def add_rule(self, rule_data:Dict[str, Any]): + alert_name = rule_data.get('alert') + self.rules[alert_name] = PrometheusRule(self, rule_data) + + def update(self, problem_type:str, alert_name:str): + assert problem_type in ['error', 'warning'] + + self.problems[problem_type].append(alert_name) + self.rule_file.update(self.group_name) + + def fetch_html_page(self, url): + return self.rule_file.fetch_html_page(url) + + def get_oids(self): + return self.rule_file.oid_list + + @property + def error_count(self): + return len(self.problems['error']) + + def warning_count(self): + return len(self.problems['warning']) + + @property + def count(self): + return len(self.rules) + + +class RuleFile: + + def __init__(self, parent, file_name, rules, oid_list): + self.parent = parent + self.file_name = file_name + self.rules: Dict[str, Any] = rules + self.oid_list = oid_list + self.problems: Set[str] = set() + self.group: Dict[str, RuleGroup] = {} + self.alert_names_seen: Set[str] = set() + self.duplicate_alert_names:List[str] = [] + self.html_cache = HTMLCache() + + assert 'groups' in self.rules + self.max_group_name_width = self.get_max_group_name() + self.load_groups() + + def update(self, group_name): + self.problems.add(group_name) + self.parent.mark_invalid() + + def fetch_html_page(self, url): + return self.html_cache.fetch(url) + + @property + def group_count(self): + return len(self.rules['groups']) + + @property + def rule_count(self): + rule_count = 0 + for _group_name, rule_group in self.group.items(): + rule_count += rule_group.count + return rule_count + + @property + def oid_count(self): + oid_count = 0 + for _group_name, rule_group in self.group.items(): + for _rule_name, rule in rule_group.rules.items(): + if rule.has_oid: + oid_count += 1 + return oid_count + + @property + def group_names(self): + return self.group.keys() + + @property + def problem_count(self): + return len(self.problems) + + def get_max_group_name(self): + group_name_list = [] + for group in self.rules.get('groups'): + group_name_list.append(group['name']) + return max([len(g) for g in group_name_list]) + + def load_groups(self): + sys.stdout.write("\nChecking rule groups") + for group in self.rules.get('groups'): + group_name = group['name'] + rules = group['rules'] + self.group[group_name] = RuleGroup(self, group_name, self.max_group_name_width) + for rule_data in rules: + if 'alert' in rule_data: + alert_name = rule_data.get('alert') + if alert_name in self.alert_names_seen: + self.duplicate_alert_names.append(alert_name) + else: + self.alert_names_seen.add(alert_name) + self.group[group_name].add_rule(rule_data) + else: + # skipped recording rule + pass + + def report(self): + def max_width(item_list: Set[str], min_width: int = 0) -> int: + return max([len(i) for i in item_list] + [min_width]) + + if not self.problems and not self.duplicate_alert_names: + print("\nNo problems detected in the rule file") + return + + print("\nProblem Report\n") + + group_width = max_width(self.problems, 5) + alert_names = set() + for g in self.problems: + group = self.group[g] + alert_names.update(group.problems.get('error', [])) + alert_names.update(group.problems.get('warning', [])) + alert_width = max_width(alert_names, 10) + + template = " {group:<{group_width}} {severity:<8} {alert_name:<{alert_width}} {description}" + + print(template.format( + group="Group", + group_width=group_width, + severity="Severity", + alert_name="Alert Name", + alert_width=alert_width, + description="Problem Description")) + + print(template.format( + group="-----", + group_width=group_width, + severity="--------", + alert_name="----------", + alert_width=alert_width, + description="-------------------")) + + for group_name in sorted(self.problems): + group = self.group[group_name] + rules = group.rules + for alert_name in group.problems.get('error', []): + for desc in rules[alert_name].errors: + print(template.format( + group=group_name, + group_width=group_width, + severity="Error", + alert_name=alert_name, + alert_width=alert_width, + description=desc)) + for alert_name in group.problems.get('warning', []): + for desc in rules[alert_name].warnings: + print(template.format( + group=group_name, + group_width=group_width, + severity="Warning", + alert_name=alert_name, + alert_width=alert_width, + description=desc)) + if self.duplicate_alert_names: + print("Duplicate alert names detected:") + for a in self.duplicate_alert_names: + print(f" - {a}") + + +class UnitTests: + expected_attrs = [ + 'rule_files', + 'tests', + 'evaluation_interval' + ] + def __init__(self, filename): + self.filename = filename + self.unit_test_data: Dict[str, Any] = {} + self.alert_names_seen: Set[str] = set() + self.problems: List[str] = [] + self.load() + + def load(self): + self.unit_test_data, errs = load_yaml(self.filename) + if errs: + print(f"\n\nError in unit tests file: {errs}") + sys.exit(12) + + missing_attr = [a for a in UnitTests.expected_attrs if a not in self.unit_test_data.keys()] + if missing_attr: + print(f"\nMissing attributes in unit tests: {','.join(missing_attr)}") + sys.exit(8) + + def _check_alert_names(self, alert_names: List[str]): + alerts_tested: Set[str] = set() + for t in self.unit_test_data.get('tests'): + test_cases = t.get('alert_rule_test', []) + if not test_cases: + continue + for case in test_cases: + alertname = case.get('alertname', '') + if alertname: + alerts_tested.add(alertname) + + alerts_defined = set(alert_names) + self.problems = list(alerts_defined.difference(alerts_tested)) + + def process(self, defined_alert_names: List[str]): + self._check_alert_names(defined_alert_names) + + def report(self) -> None: + + if not self.problems: + print("\nNo problems detected in unit tests file") + return + + print("\nUnit tests are incomplete. Tests missing for the following alerts;") + for p in self.problems: + print(f" - {p}") + +class RuleChecker: + + def __init__(self, rules_filename: str = None, test_filename: str = None): + self.rules_filename = rules_filename or ALERTS_FILE + self.test_filename = test_filename or UNIT_TESTS_FILE + self.rule_file: Optional[RuleFile] = None + self.unit_tests: Optional[UnitTests] = None + self.rule_file_problems: bool = False + self.errors = {} + self.warnings = {} + self.error_count = 0 + self.warning_count = 0 + self.oid_count = 0 + + self.oid_list = self.build_oid_list() + + def build_oid_list(self) -> List[str]: + + cmd = shutil.which('snmptranslate') + if not cmd: + return [] + + rc, stdout, stderr = run_command(f"{cmd} -Pu -Tz -M ../../snmp:/usr/share/snmp/mibs -m CEPH-MIB") + if rc != 0: + return [] + + oid_list: List[str] = [] + for line in stdout[:-1]: + _label, oid = line.replace('"', '').replace('\t', ' ').split() + oid_list.append(oid) + + return oid_list + + @property + def status(self): + if self.rule_file_problems or self.unit_tests.problems: + return 4 + + return 0 + + def mark_invalid(self): + self.rule_file_problems = True + + def summarise_rule_file(self): + for group_name in self.rule_file.problems: + group = self.rule_file.group[group_name] + self.error_count += len(group.problems['error']) + self.warning_count += len(group.problems['warning']) + + def ready(self): + errs: List[str] = [] + ready_state = True + if not os.path.exists(self.rules_filename): + errs.append(f"rule file '{self.rules_filename}' not found") + ready_state = False + + if not os.path.exists(self.test_filename): + errs.append(f"test file '{self.test_filename}' not found") + ready_state = False + + return ready_state, errs + + def run(self): + + ready, errs = self.ready() + if not ready: + print("Unable to start:") + for e in errs: + print(f"- {e}") + sys.exit(16) + + rules, errs = load_yaml(self.rules_filename) + if errs: + print(errs) + sys.exit(12) + + self.rule_file = RuleFile(self, self.rules_filename, rules, self.oid_list) + self.summarise_rule_file() + + self.unit_tests = UnitTests(self.test_filename) + self.unit_tests.process(self.rule_file.alert_names_seen) + + def report(self): + print("\n\nSummary\n") + print(f"Rule file : {self.rules_filename}") + print(f"Unit Test file : {self.test_filename}") + print(f"\nRule groups processed : {self.rule_file.group_count:>3}") + print(f"Rules processed : {self.rule_file.rule_count:>3}") + print(f"SNMP OIDs declared : {self.rule_file.oid_count:>3} {'(snmptranslate missing, unable to cross check)' if not self.oid_list else ''}") + print(f"Rule errors : {self.error_count:>3}") + print(f"Rule warnings : {self.warning_count:>3}") + print(f"Rule name duplicates : {len(self.rule_file.duplicate_alert_names):>3}") + print(f"Unit tests missing : {len(self.unit_tests.problems):>3}") + + self.rule_file.report() + self.unit_tests.report() + + +def main(): + checker = RuleChecker() + + checker.run() + checker.report() + print() + + sys.exit(checker.status) + + +if __name__ == '__main__': + main() -- cgit v1.2.3