Closed aheinhold closed 3 years ago
Hello @aheinhold , thanks for the report. Can you manually execute the following command and check if the same error occurs as in the plugin?
(Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99908\Backend-Disk_C.vhdx' | Select-Object Length).Length
Hey @Yonas-net, sorry for the late feedback. Here is the output of the slightly modified command:
icinga> (Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99909\BackendNew-Disk_C.vhdx' | Select-Object Length).Length
21944598528
No problem! Did you test the command with the local administrator or with the Icinga user? It might be the case that the Icinga user does not have access to the cluster because the VM snapshots are located on a Cluster Storage
.
Can you grant the user read-only access to the cluster and check if it works? Thanks!
I tested with the local administrator. :-( With the Monitoring-User it doesn't work although he has full permissions to the cluster.
Output1 (Monitoring-User with full cluster permissions)
icinga> (Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99909\BackendNew-Disk_C.vhdx' | Select-Obj
ect Length).Length
Get-Item : Cannot find path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99909\BackendNew-Disk_C.vhdx'
because it does not exist.
At line:1 char:2
+ (Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WI ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\ClusterStora...New-Disk_C.vhdx:String) [Get-Item], ItemNotFoundExcep
tion
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetItemCommand
0
IdentityReference AccessControlType ClusterRights
----------------- ----------------- -------------
...
DOMAIN\user Allow Full
...
Output2 (Local Admin in Admin-Powershell)
icinga> (Get-Item -Path 'C:\ClusterStorage\ASP7_RZ1RZ4_WHCLHQSK0001_LUN002\WIN99909\BackendNew-Disk_C.vhdx' | Select-Object Length).Length
21944598528
I would consider to check the access to the shared volumes and if there are any restrictions present. From our side we should test if the path exist and handle an Unknown for this specific element.
I would assume that even when you are admin on the cluster, it doesn't mean you can access all volumes. Adding permissions to these specific volumes should resolve this.
@Yonas-net: I would suggest adding a Test-Path
and check if we can access the files and if not, add an internal handler to set this specific check element to Unknown instead of of the entire plugin throwing an unknown. A custom text message would also be geat like
[UNKNOWN] No snapshots created: No access to volume
Something like this.
I tested the PR in a local admin shell and got an error:
PS C:\WINDOWS\system32> measure-command {Use-Icinga; return Invoke-IcingaCheckHyperVSnapshot -Verbosity 2}
You cannot call a method on a null-valued expression.
At C:\Program
Files\WindowsPowerShell\Modules\icinga-powershell-hyperv\plugins\Invoke-IcingaCheckHyperVSnapshot.psm1:294 char:9
+ if ($HypervServer.Summary.ContainsKey('SnapshotLocated')) {
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
[OK] Check package "VM Snapshots" (Match All)
...
Yes, there was a small bug in it and I fixed it quickly, but the actual problem in this issue is still not fixed, that the user cannot access the cluster storage, although he has full access permission on the cluster. But with local admin rights it should work now.
Hello,
lets have a short web session on Tuesday next week and I will have a look on the issue. We need to throw a proper exception in this case, to reflect missing permissions for the cluster storage. The main goal would be to throw an unknown in this matter and grant permissions to the executing user to access the file system the VHDx files are located in.
Would Tuesday morning suite you for a web session?
Sounds good. We'll get in touch with you later.
Icinga Plugin Output
Local execution: