Bond Operating Without Sufficient Slave Interfaces-checkpoint-gaia,secureplatform

Bond Operating Without Sufficient Slave Interfaces-checkpoint-gaia,secureplatform

Vendor: checkpoint

OS: gaia,secureplatform

Description:
indeni will trigger an issue if a bond interface is operating without sufficient slave interfaces.

Remediation Steps:
Determine why the slave interfaces are down and resolve the issue.

How does this work?
Use the built-in “cphaconf show_bond” command to retreive the detailed bond state.

Why is this important?
Tracking the bond slaves in use versus the total required is a good indicator of potential issues.

Without Indeni how would you find this?
An administrator could login and manually run the command.

chkp-os-cphaconf_show_bond

name: chkp-os-cphaconf_show_bond
description: Run "cphaconf show_bond" to determine bond health versions before R80.20
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    high-availability: true
    or:
    -   os.name: gaia
    -   os.name: secureplatform
    asg:
        neq: 'true'
    os.version.num:
        compare-type: version-compare
        op: "<"
        value: "80.20"
comments:

    bond-state:
        why: |
            An interface in a bond could be down, and the device would still deem the link as up.
            This is because the default setting is often to consider one link failure as non-critical if there is
            another link in the bond. This does however mean a loss of redundancy and capacity which might not be noticed.
        how: |
            Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
        can-with-snmp: false
        can-with-syslog: false

    bond-slaves-in-use:
        why: |
            Tracking the bond slaves in use versus the total required is a good indicator of potential issues.
        how: |
            Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
        can-with-snmp: false
        can-with-syslog: false

    bond-slaves-required:
        why: |
            Tracking the bond slaves in use versus the total required is a good indicator of potential issues.
        how: |
            Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
        can-with-snmp: false
        can-with-syslog: false

    bond-slave-state:
        why: |
            To check the state of slave interfaces on the bond interface. The slave interfaces status is very important
            to bond features like bandwidth or redundancy over the bond interface
        how: |
            By using the Check point command "cphaprob show_bond" command to retreive the number of bond slaves
            interfaces in each bond.
        can-with-snmp: false
        can-with-syslog: false

    configured-slaves:
        why: |
            Tracking the number of bond slaves interfaces
        how: |
            Use the built-in "cphaprob show_bond" command to retreive the number of bond slaves interfaces in each bond.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: cphaconf-show_bond.remote.1.bash
    parse:
        type: AWK
        file: cphaconf-show_bond.parser.1.awk

chkp-os-cphaconf_show_bond

name: chkp-os-cphaconf_show_bond
description: Run "cphaconf show_bond" to determine bond health versions before R80.20
type: monitoring
monitoring_interval: 5 minutes
requires:
    vendor: checkpoint
    high-availability: true
    or:
    -   os.name: gaia
    -   os.name: secureplatform
    asg:
        neq: 'true'
    os.version.num:
        compare-type: version-compare
        op: "<"
        value: "80.20"
comments:

    bond-state:
        why: |
            An interface in a bond could be down, and the device would still deem the link as up.
            This is because the default setting is often to consider one link failure as non-critical if there is
            another link in the bond. This does however mean a loss of redundancy and capacity which might not be noticed.
        how: |
            Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
        can-with-snmp: false
        can-with-syslog: false

    bond-slaves-in-use:
        why: |
            Tracking the bond slaves in use versus the total required is a good indicator of potential issues.
        how: |
            Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
        can-with-snmp: false
        can-with-syslog: false

    bond-slaves-required:
        why: |
            Tracking the bond slaves in use versus the total required is a good indicator of potential issues.
        how: |
            Use the built-in "cphaconf show_bond" command to retreive the detailed bond state.
        can-with-snmp: false
        can-with-syslog: false

    bond-slave-state:
        why: |
            To check the state of slave interfaces on the bond interface. The slave interfaces status is very important
            to bond features like bandwidth or redundancy over the bond interface
        how: |
            By using the Check point command "cphaprob show_bond" command to retreive the number of bond slaves
            interfaces in each bond.
        can-with-snmp: false
        can-with-syslog: false

    configured-slaves:
        why: |
            Tracking the number of bond slaves interfaces
        how: |
            Use the built-in "cphaprob show_bond" command to retreive the number of bond slaves interfaces in each bond.
        can-with-snmp: false
        can-with-syslog: false
steps:
-   run:
        type: SSH
        file: cphaconf-show_bond.remote.1.bash
    parse:
        type: AWK
        file: cphaconf-show_bond.parser.1.awk

cross_vendor_bond_slave_in_use_insufficient

package com.indeni.server.rules.library.core
import com.indeni.ruleengine.expressions.conditions.GreaterThan
import com.indeni.ruleengine.expressions.core.{ConstantExpression, StatusTreeExpression}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, SelectTimeSeriesExpression, TimeSeriesExpression}
import com.indeni.server.common.data.conditions.True
import com.indeni.server.rules._
import com.indeni.server.rules.library.core.BondSlavesInUseInsufficientRule.NAME
import com.indeni.server.rules.library.{ConditionalRemediationSteps, PerDeviceRule, RuleHelper}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity


case class BondSlavesInUseInsufficientRule() extends PerDeviceRule with RuleHelper {

  override val metadata: RuleMetadata = RuleMetadata.builder(NAME, "Bond Operating Without Sufficient Slave Interfaces",
    "indeni will trigger an issue if a bond interface is operating without sufficient slave interfaces.", AlertSeverity.ERROR,
    categories = Set(RuleCategory.HighAvailability), deviceCategory = DeviceCategory.AllDevices).build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val inUseValue = TimeSeriesExpression[Double]("bond-slaves-in-use").last
    val requiredValue = TimeSeriesExpression[Double]("bond-slaves-required").last

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),

      // What constitutes an issue
      StatusTreeExpression(

        // The additional tags we care about (we'll be including this in alert data)
        SelectTagsExpression(context.tsDao, Set("name"), withTagsCondition("bond-slaves-in-use", "bond-slaves-required")),

        StatusTreeExpression(
          // The time-series we check the test condition against:
          SelectTimeSeriesExpression[Double](context.tsDao, Set("bond-slaves-in-use", "bond-slaves-required"), denseOnly = false),

          // The condition which, if true, we have an issue. Checked against the time-series we've collected
          GreaterThan(
            requiredValue,
            inUseValue)

          // The Alert Item to add for this specific item
        ).withSecondaryInfo(
          scopableStringFormatExpression("${scope(\"name\")}"),
          scopableStringFormatExpression("%.0f slave interfaces are required, while only %.0f are up", requiredValue, inUseValue),
          title = "Bond Interfaces Affected"
        ).asCondition()
      ).withoutInfo().asCondition()
    ).withRootInfo(
      ConstantExpression("Insufficient slave interfaces up for bond interface"),
      ConstantExpression("Bond interfaces may require a certain number of slave interfaces to be up and running. If a bond interface has insufficient slave interfaces an issue may ensue."),
      ConditionalRemediationSteps("Determine why the slave interfaces are down and resolve the issue.",
        RemediationStepCondition.VENDOR_CP -> "Consider reading sk69180.")
    )
  }
}

object BondSlavesInUseInsufficientRule {

  /* --- Constants --- */

  private[library] val NAME = "cross_vendor_bond_slave_in_use_insufficient"
}