Created
November 25, 2025 10:39
-
-
Save justynroberts/87dcd57aaac8e8320d30eda94a63c397 to your computer and use it in GitHub Desktop.
CheckMK Rundeck Notification
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # CheckMK Notification Script for Rundeck Webhook | |
| # Securely posts CheckMK alerts to Rundeck webhooks with authentication | |
| set -euo pipefail | |
| # Configuration - Set these via CheckMK notification rule parameters | |
| WEBHOOK_URL="${NOTIFY_PARAMETER_WEBHOOK_URL:-}" | |
| AUTH_TOKEN="${NOTIFY_PARAMETER_AUTH_TOKEN:-}" | |
| VERIFY_SSL="${NOTIFY_PARAMETER_VERIFY_SSL:-true}" | |
| TIMEOUT="${NOTIFY_PARAMETER_TIMEOUT:-30}" | |
| DEBUG="${NOTIFY_PARAMETER_DEBUG:-false}" | |
| # CheckMK notification context variables | |
| HOSTNAME="${NOTIFY_HOSTNAME:-unknown}" | |
| SERVICE_DESC="${NOTIFY_SERVICEDESC:-}" | |
| STATE="${NOTIFY_HOSTSTATE:-${NOTIFY_SERVICESTATE:-UNKNOWN}}" | |
| OUTPUT="${NOTIFY_HOSTOUTPUT:-${NOTIFY_SERVICEOUTPUT:-}}" | |
| NOTIFICATION_TYPE="${NOTIFY_NOTIFICATIONTYPE:-PROBLEM}" | |
| HOST_ADDRESS="${NOTIFY_HOSTADDRESS:-}" | |
| SITE="${OMD_SITE:-unknown}" | |
| TIMESTAMP=$(date -Iseconds) | |
| log_info() { | |
| echo "INFO: $*" >&2 | |
| } | |
| log_debug() { | |
| [[ "$DEBUG" == "true" ]] && echo "DEBUG: $*" >&2 | |
| } | |
| log_error() { | |
| echo "ERROR: $*" >&2 | |
| } | |
| validate_config() { | |
| if [[ -z "$WEBHOOK_URL" ]]; then | |
| log_error "WEBHOOK_URL not configured" | |
| return 1 | |
| fi | |
| if [[ -z "$AUTH_TOKEN" ]]; then | |
| log_error "AUTH_TOKEN not configured" | |
| return 1 | |
| fi | |
| if ! command -v curl &> /dev/null; then | |
| log_error "curl not found" | |
| return 1 | |
| fi | |
| if ! command -v jq &> /dev/null; then | |
| log_error "jq not found" | |
| return 1 | |
| fi | |
| return 0 | |
| } | |
| escape_json() { | |
| local str="$1" | |
| echo "$str" | jq -Rs . | |
| } | |
| build_payload() { | |
| local is_service="false" | |
| [[ -n "$SERVICE_DESC" ]] && is_service="true" | |
| # Build base payload | |
| local payload=$(cat <<EOF | |
| { | |
| "source": "checkmk", | |
| "site": $(escape_json "$SITE"), | |
| "event_type": $(escape_json "$NOTIFICATION_TYPE"), | |
| "hostname": $(escape_json "$HOSTNAME"), | |
| "host_address": $(escape_json "$HOST_ADDRESS"), | |
| "state": $(escape_json "$STATE"), | |
| "output": $(escape_json "$OUTPUT"), | |
| "timestamp": $(escape_json "$TIMESTAMP"), | |
| "is_service": $is_service | |
| } | |
| EOF | |
| ) | |
| # Add service description if this is a service alert | |
| if [[ "$is_service" == "true" ]]; then | |
| payload=$(echo "$payload" | jq --arg service "$SERVICE_DESC" '. + {service: $service}') | |
| fi | |
| # Add any additional NOTIFY_ environment variables | |
| while IFS='=' read -r key value; do | |
| if [[ "$key" =~ ^NOTIFY_ ]] && \ | |
| [[ "$key" != "NOTIFY_PARAMETER_WEBHOOK_URL" ]] && \ | |
| [[ "$key" != "NOTIFY_PARAMETER_AUTH_TOKEN" ]]; then | |
| local json_key="checkmk_${key,,}" | |
| payload=$(echo "$payload" | jq --arg k "$json_key" --arg v "$value" '. + {($k): $v}') | |
| fi | |
| done < <(env) | |
| echo "$payload" | |
| } | |
| send_webhook() { | |
| local payload="$1" | |
| local curl_opts=() | |
| # SSL verification | |
| if [[ "$VERIFY_SSL" != "true" ]]; then | |
| curl_opts+=(-k) | |
| log_info "SSL verification disabled" | |
| fi | |
| # Build curl command | |
| curl_opts+=( | |
| -X POST | |
| -H "Content-Type: application/json" | |
| -H "Authorization: Bearer ${AUTH_TOKEN}" | |
| -H "User-Agent: CheckMK-Rundeck-Webhook/1.0" | |
| --max-time "$TIMEOUT" | |
| --silent | |
| --show-error | |
| --write-out "\n%{http_code}" | |
| --data "$payload" | |
| "$WEBHOOK_URL" | |
| ) | |
| log_info "Sending webhook to $WEBHOOK_URL" | |
| log_debug "Payload: $payload" | |
| # Execute curl and capture output and status code | |
| local response | |
| if ! response=$(curl "${curl_opts[@]}" 2>&1); then | |
| log_error "curl failed: $response" | |
| return 1 | |
| fi | |
| # Split response body and status code | |
| local body=$(echo "$response" | head -n -1) | |
| local status=$(echo "$response" | tail -n 1) | |
| log_debug "Response status: $status" | |
| log_debug "Response body: $body" | |
| # Check HTTP status code | |
| if [[ "$status" -ge 200 && "$status" -lt 300 ]]; then | |
| log_info "Webhook sent successfully: $status" | |
| return 0 | |
| else | |
| log_error "HTTP error $status: $body" | |
| return 1 | |
| fi | |
| } | |
| main() { | |
| log_info "CheckMK Rundeck webhook notification starting" | |
| # Validate configuration | |
| if ! validate_config; then | |
| log_error "Configuration validation failed" | |
| exit 2 | |
| fi | |
| # Build payload | |
| local payload | |
| if ! payload=$(build_payload); then | |
| log_error "Failed to build payload" | |
| exit 2 | |
| fi | |
| # Send to Rundeck | |
| if send_webhook "$payload"; then | |
| log_info "Notification sent successfully" | |
| exit 0 | |
| else | |
| log_error "Notification failed" | |
| exit 2 | |
| fi | |
| } | |
| main "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment