Update check_es_system.sh

[tectumopticum]

summing up all basic curl-commands in two command-variables makes it easier to apply global command-changes in one place, added the --noproxy switch to avoid additional authentication for proxy-access

[Napsty]

Hi @tectumopticum

Sorry for the late response.

Could you please rebase the PR? thanks!

[TheNetworkIsDown]

While you're at it you should maybe use the same method of stating options to curl i.e. curl --insecure --silent --user (instead of curl -k -s -u). The latter is practical on the command line, the former is better suited for scripts because you immediately see what it does/means.

Also the part starting at #275 is more or less identical to the stuff at #245 except for the line that adds authentication and checks related thereto. You could just collapse that and add a condition to run authlogic() and the checks (or not).

i.e. something along the lines of the below

BUT I am not even sure how $esstatus is obtained in the first place in order to evaluate condition if [[ -n $user ]] || [[ -n $(echo $esstatus | grep -i authentication) ]] ; then since $esstatus only set within that same function later. But that's already in the original code.

################################################################################
# Retrieve information from Elasticsearch
getstatus() {

esurl="${httpscheme}://${host}:${port}/_cluster/stats"
eshealthurl="${httpscheme}://${host}:${port}/_cluster/health"

curlcmd="curl --insecure --silent --max-time ${max_time} --noproxy ${host}"
if [[ -z "$user" ]]; then
  # Without authentication
  curl="$curlcmd"
elif [[ -n "$user" ]] || [[ -n "$(echo $esstatus | grep -i "authentication")" ]] ; then
  # Authentication required
  authlogic
  curl="$curlcmd --basic --user ${user}:${pass}"
fi

esstatus="$($curl $esurl)"
esstatusrc=$?
if [[ $esstatusrc -eq 7 ]]; then
  echo "ES SYSTEM CRITICAL - Failed to connect to ${host} port ${port}: Connection refused"
  exit $STATE_CRITICAL
elif [[ $esstatusrc -eq 28 ]]; then
  echo "ES SYSTEM CRITICAL - server did not respond within ${max_time} seconds"
  exit $STATE_CRITICAL
elif [[ $esstatus =~ "503 Service Unavailable" ]]; then
  echo "ES SYSTEM CRITICAL - Elasticsearch not available: ${host}:${port} return error 503"
  exit $STATE_CRITICAL
elif [[ $esstatus =~ "Unknown resource" ]]; then
  echo "ES SYSTEM CRITICAL - Elasticsearch not available: ${esstatus}"
  exit $STATE_CRITICAL
elif [[ -n $(echo $esstatus | grep -i "unable to authenticate") ]]; then
  echo "ES SYSTEM CRITICAL - Unable to authenticate user $user for REST request"
  exit $STATE_CRITICAL
elif [[ -n $(echo $esstatus | grep -i "unauthorized") ]]; then
  echo "ES SYSTEM CRITICAL - User $user is unauthorized"
  exit $STATE_CRITICAL
elif ! [[ $esstatus =~ "cluster_name" ]]; then
  echo "ES SYSTEM CRITICAL - Elasticsearch not available at this address ${host}:${port}"
  exit $STATE_CRITICAL
fi
# Additionally get cluster health infos
if [ "$checktype" = status ]; then
  eshealth=$($curl $eshealthurl)
  if [[ -z "$eshealth" ]]; then
    echo "ES SYSTEM CRITICAL - unable to get cluster health information"
    exit $STATE_CRITICAL
  fi
fi

# Catch empty reply from server (typically happens when ssl port used with http connection)
if [[ -z "$esstatus" ]] || [[ "$esstatus" = '' ]]; then
  echo "ES SYSTEM UNKNOWN - Empty reply from server (verify ssl settings)"
  exit $STATE_UNKNOWN
fi
}

Also, everything should be correctly quoted.
And the commit should have a meaningful title.

Lastly, I'm not sure if --noproxy will not break existing setups. Maybe introduce an option for this?