Invoke-IcingaCheckHyperVSnapshot - Encoding artefacts in plugin output

[aheinhold]

Icinga Plugin Output

Plugin-Ausgabe
InvalidOperation: You cannot call a method on a null-valued expression.
[OK] Check package "VM Snapshots" (Match All)
\_ [OK] Check package "WIN99908.fqdn" (Match All)
   \_ [OK] Check package "WIN99908.fqdn" (Match All)
      \_ [OK] No snapshots created:

Local execution:

• Icinga Monitoring-User
• normal Powershell Window

icinga> return Invoke-IcingaCheckHyperVSnapshot -Verbosity 2
Get-ChildItem : Cannot find path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99908\Backend-Disk_C.vhdx'
because it does not exist.
At C:\Program
Files\WindowsPowerShell\Modules\icinga-powershell-hyperv\provider\vcomputer\Get-IcingaVirtualComputerInfo.psm1:283
char:44
+ ...          = (Get-ChildItem -Path ([string]$vmPartition.HostResource) | ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\ClusterStora...end-Disk_C.vhdx:String) [Get-ChildItem], ItemNotFound
   Exception
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

You cannot call a method on a null-valued expression.
At C:\Program
Files\WindowsPowerShell\Modules\icinga-powershell-hyperv\plugins\Invoke-IcingaCheckHyperVSnapshot.psm1:294 char:9
+     if ($HypervServer.Summary.ContainsKey('SnapshotLocated')) {
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

[OK] Check package "VM Snapshots" (Match All)
\_ [OK] Check package "WIN99908.fqdn" (Match All)
   \_ [OK] Check package "WIN99908.fqdn" (Match All)
      \_ [OK] No snapshots created:
|
0

[yhabteab]

Hello @aheinhold , thanks for the report. Can you manually execute the following command and check if the same error occurs as in the plugin?

(Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99908\Backend-Disk_C.vhdx' | Select-Object Length).Length

[aheinhold]

Hey @Yonas-net, sorry for the late feedback. Here is the output of the slightly modified command:

icinga> (Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99909\BackendNew-Disk_C.vhdx' | Select-Object Length).Length
21944598528

[yhabteab]

No problem! Did you test the command with the local administrator or with the Icinga user? It might be the case that the Icinga user does not have access to the cluster because the VM snapshots are located on a Cluster Storage.

Can you grant the user read-only access to the cluster and check if it works? Thanks!

[aheinhold]

I tested with the local administrator. :-( With the Monitoring-User it doesn't work although he has full permissions to the cluster.

Output1 (Monitoring-User with full cluster permissions)

icinga> (Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99909\BackendNew-Disk_C.vhdx' | Select-Obj
ect Length).Length
Get-Item : Cannot find path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99909\BackendNew-Disk_C.vhdx'
because it does not exist.
At line:1 char:2
+ (Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WI ...
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (C:\ClusterStora...New-Disk_C.vhdx:String) [Get-Item], ItemNotFoundExcep
   tion
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemCommand

0

IdentityReference                                               AccessControlType ClusterRights
-----------------                                               ----------------- -------------
...
DOMAIN\user                                                        Allow          Full
...

Output2 (Local Admin in Admin-Powershell)

icinga> (Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99909\BackendNew-Disk_C.vhdx' | Select-Object Length).Length
21944598528

[LordHepipud]

I would consider to check the access to the shared volumes and if there are any restrictions present. From our side we should test if the path exist and handle an Unknown for this specific element.

I would assume that even when you are admin on the cluster, it doesn't mean you can access all volumes. Adding permissions to these specific volumes should resolve this.

@Yonas-net: I would suggest adding a Test-Path and check if we can access the files and if not, add an internal handler to set this specific check element to Unknown instead of of the entire plugin throwing an unknown. A custom text message would also be geat like

[UNKNOWN] No snapshots created: No access to volume

Something like this.

[K0nne]

I tested the PR in a local admin shell and got an error:

PS C:\WINDOWS\system32> measure-command {Use-Icinga; return Invoke-IcingaCheckHyperVSnapshot -Verbosity 2}
You cannot call a method on a null-valued expression.
At C:\Program
Files\WindowsPowerShell\Modules\icinga-powershell-hyperv\plugins\Invoke-IcingaCheckHyperVSnapshot.psm1:294 char:9
+     if ($HypervServer.Summary.ContainsKey('SnapshotLocated')) {
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

[OK] Check package "VM Snapshots" (Match All)
...

[yhabteab]

Yes, there was a small bug in it and I fixed it quickly, but the actual problem in this issue is still not fixed, that the user cannot access the cluster storage, although he has full access permission on the cluster. But with local admin rights it should work now.

[LordHepipud]

Hello,

lets have a short web session on Tuesday next week and I will have a look on the issue. We need to throw a proper exception in this case, to reflect missing permissions for the cluster storage. The main goal would be to throw an unknown in this matter and grant permissions to the executing user to access the file system the VHDx files are located in.

Would Tuesday morning suite you for a web session?

[K0nne]

Sounds good. We'll get in touch with you later.