#!/usr/bin/perl

# Copyright 2023, Mark Schouten <mark@tuxis.nl>, Tuxis B.V.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.


use strict;
use warnings;
use Monitoring::Plugin;

my $proxmox_type;

BEGIN {
    if (-e '/etc/proxmox-backup/datastore.cfg') {
        $proxmox_type = 'PBS';
    } else {
        $proxmox_type = 'PVE';
    }

    if ($proxmox_type eq 'PVE') {
        require PVE::APIClient::LWP;
        require PVE::AccessControl;
        require PVE::INotify;
    } elsif ($proxmox_type eq 'PBS') {
        require IPC::Open3;
        require JSON;
    }
}

# Create the Monitoring::Plugin object
my $np = Monitoring::Plugin->new(
    version => '1.0',
    usage => "Usage: %s [ -v|--verbose ]"
);

$np->getopts;

sub pve_get_local_cert_fingerprint {
    my ($node) = @_;

    my $cert_path = "/etc/pve/nodes/$node/pve-ssl.pem";
    my $custom_cert_path = "/etc/pve/nodes/$node/pveproxy-ssl.pem";

    $cert_path = $custom_cert_path if -f $custom_cert_path;

    my $bio = Net::SSLeay::BIO_new_file($cert_path, 'r');
    my $cert = Net::SSLeay::PEM_read_bio_X509($bio);
    Net::SSLeay::BIO_free($bio);

    my $fp = Net::SSLeay::X509_get_fingerprint($cert, 'sha256');
    die "got empty fingerprint" if !defined($fp) || ($fp eq '');

    return $fp;
}

sub check_disk($) {
    my $disk = shift;
    my $dev = $disk->{'devpath'};
    my $serial = $disk->{'serial'};
    
    my $health;
    if ($proxmox_type eq 'PVE') {
        $health = uc($disk->{'health'});
    } elsif ($proxmox_type eq 'PBS') {
        $health = uc($disk->{'status'});
    }

    my $wearout = 100;

    if ($health eq 'UNKNOWN')  {
        $np->add_message(OK, "$dev ($serial) has no SMART support.");
        return;
    }

    if ($health ne 'PASSED') {
        $np->add_message(CRITICAL, "$dev ($serial) is not healthy ($health),");
    } else {
        $np->add_message(OK, "$dev ($serial) is healthy ($health),");
    }

    if (defined($disk->{'wearout'}) and uc($disk->{'wearout'}) ne 'N/A') {
        $wearout = $wearout - $disk->{'wearout'};
        if ($wearout > 90) {
            $np->add_message(CRITICAL, "$dev ($serial) is reaching wearout error level ($wearout%),");
        } elsif ($wearout > 80) {
            $np->add_message(WARNING, "$dev ($serial) is reaching wearout error level ($wearout%),");
        } else {
            $np->add_message(OK, "$dev ($serial) has healthy wearout level ($wearout%),");
        }
    }
}

if ($proxmox_type eq 'PVE') {
    my $hostname = PVE::INotify::read_file("hostname");
    my $ticket = PVE::AccessControl::assemble_ticket('root@pam');
    my $csrftoken = PVE::AccessControl::assemble_csrf_prevention_token('root@pam');
    my $local_fingerprint = pve_get_local_cert_fingerprint($hostname);

    my $conn = PVE::APIClient::LWP->new(
        ticket => $ticket,
        host => $hostname,
        csrftoken => $csrftoken,
        cached_fingerprints => {
            $local_fingerprint => 1,
        }
    );

    foreach my $disk (@{$conn->get("/nodes/$hostname/disks/list", {})}) {
        check_disk($disk);
    }
} elsif ($proxmox_type eq 'PBS') {
    my $pbs_pid = IPC::Open3::open3(my $child_in, my $child_out, my $child_err,
        "proxmox-backup-manager", "disk", "list", "--output-format", "json");

    waitpid($pbs_pid, 0);

    if ($? > 0) {
        $np->add_message(UNKNOWN, "Unknown error while checking disks: $child_err");
    } else {
        foreach my $disk (@{JSON->new->utf8->decode(<$child_out>)}) {
            check_disk($disk);
        }
    }
}

my ($code, $message) = $np->check_messages();
$np->plugin_exit($code, $message);