add a sftp playbook that uses variables

we need to install perl modules to make this check work
install two perl modules Net::SFTP::Foreign and Net::SSH2

add the lib-aspacesftp credentials to the vault

group_vars/checkmk/local_check_templates/sftp_with_pass_check.j2

@@ -1,26 +1,57 @@
+#!/usr/bin/env perl
+
 {{ ansible_managed | comment }}
-#!/bin/bash
+
+use strict;
+use warnings;
+use Net::SFTP::Foreign;
+use Net::SSH2;
+
+# Replace with your credentials and server details
+my $sftp_host = "{{ host_ad_name }}";
+my $sftp_user = "{{ almasftp_user }}";
+my $sftp_password = "{{ sftp_password }}";
 
 # Exit codes
-EXIT_OK=0
-EXIT_WARN=1
-EXIT_CRIT=2
-EXIT_UNKNOWN=3
-
-# Check if all credentials are defined
-if [[ -z "{{ sftp_host }}" || -z "{{ sftp_user }}" || -z "{{ sftp_password }}" ]]; then
-  echo "Critical: SFTP credentials (host, username, password) are not defined!"
-  exit $EXIT_CRIT
-fi
-
-# Attempt SFTP connection
-sftp -oBatchMode=yes -oStrictHostKeyChecking=no "{{ sftp_user }}"@"{{ sftp_host }}" <<< "{{ sftp_password }}" 2>&1
-
-# Check exit code of sftp command
-if [[ $? -eq 0 ]]; then
-  echo "OK: Successful connection to SFTP server {{ sftp_host }}"
-  exit $EXIT_OK
-else
-  echo "$EXIT_CRIT \"SFTP\" - Connection to SFTP server {{ sftp_host }} failed!"
-  exit $EXIT_CRIT
-fi
+my $exit_ok = 0;
+my $exit_warn = 1;
+my $exit_crit = 2;
+my $exit_unknown = 3;
+
+# Create a new SSH2 object
+my $ssh2 = Net::SSH2->new();
+
+# Connect to the SFTP server
+eval { $ssh2->connect($sftp_host) or die "Connection failed: $@"; };
+
+# Handle potential exception during connection
+if ($@) {
+  print "Critical: Connection to SFTP server $sftp_host failed: $@\n";
+  exit $exit_crit;
+}
+
+# Try password authentication
+eval { $ssh2->auth_password($sftp_user, $sftp_password) or die "Authentication failed: $@"; };
+
+# Handle potential exception during authentication
+if ($@) {
+  print "Critical: Authentication to SFTP server $sftp_host failed: $@\n";
+  exit $exit_crit;
+}
+
+# Create a new SFTP object using the existing SSH2 connection
+my $sftp = Net::SFTP::Foreign->new(ssh2 => $ssh2, backend => 'Net_SSH2');
+
+# Check for SFTP object creation errors
+if ($sftp->error) {
+  print "Critical: Error creating SFTP object: $sftp->error\n";
+  exit $exit_crit;
+}
+
+# Connection successful! (Optional: Perform some basic SFTP operation)
+print "OK: Successful connection to SFTP server $sftp_host\n";
+
+# Close the connection
+$ssh2->disconnect();
+
+exit $exit_ok;

group_vars/checkmk/rule_sftp.yml

@@ -0,0 +1,8 @@
+---
+checkmk_local_scripts:
+  - template: "examplelocalcheck.j2"
+    dest: "examplelocalcheck.sh"
+  - template: "logrotatecheck.j2"
+    dest: "logrotatecheck.sh"
+  - template: "sftp_with_pass_check.j2"
+    dest: sftp_with_pass_check.pl

group_vars/sftp/common.yml

@@ -1,6 +1,8 @@
 ---
 almasftp_user: almasftp
 aspaceftp_user: lib-aspacesftp
+almasftp_user_password: "{{ vault_almasftp_user_password }}"
+aspaceftp_user_password: "{{ vault_aspaceftp_user_password }}"
 allowed_ssh_users:
   - almasftp
   - lib-aspacesftp

group_vars/sftp/vault.yml

@@ -1,11 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-37333866633765646566316337636565316234383633366238356339653239626432306132623430
-6166376332323766306639316139346364336363663930660a313133336465626531653965386230
-35643761313963656438356564323538333738646133393165376339623135373631376365373937
-3430343966353066320a646533633332376334376436393861323831343030376361376638626462
-36663265366431373864313936353038613232323032306266306138636132383237663539653530
-62306166313633303434366663396162323434626339303462653061366233333335616239323730
-35306566346432643633326632396132643333383064616131353665366562623839666137303666
-64623932326463303563396533633961646463386361626330363461363936393736336666663761
-66643934386165346462353964316535386563336139373962366364356263343531336465333435
-3833623833393838626465643230613761363935376237386637
+37633237373938653739303763613766346366343364363136643139616462373832666530656566
+6232383836386237653739313662623236386433333866350a613831376265613434623162376238
+37376665383436383031653764623635323238376236316238383662333363323933336236366639
+3131653865343739660a346462333937646538343461386162313934316130616431393763333762
+61623666613633653665646330383765633834326263373865376361323236353865613163376566
+62313930393363653938613366373838356665323866313930633034343966396266383965383933
+63643436343531643635653035656338633365643061613337626336336363323237653161643265
+34386535616134383863636466373565333334663439623437623163646564353134316362333566
+38663939333534646365353563313863613539366634313362663661393739313636643065613230
+62303962323530363833373539313732346535353835386162623932326133353930633638626230
+32643161336166353836336333366365643432643539383262363338316134613036633132313131
+62643862666332356231323332653866333730343031393061313034313931336530366634326639
+3563

playbooks/utils/checkmk_add_sftp_check.yml

@@ -0,0 +1,26 @@
+---
+- name: Install CheckMk sftp check scripts on host
+  hosts: "{{ runtime_env | default ('staging') }}"
+  remote_user: pulsys
+  become: true
+  vars_files:
+    - ../group_vars/sftp/vault.yml
+    - ../group_vars/sftp/common.yml
+    - ../group_vars/sftp/{{ runtime_env | default('staging') }}.yml
+
+  tasks:
+    - name: Install required Perl modules
+      ansible.builtin.apt:
+        name: "{{ item }}"
+        state: present
+        update_cache: true
+      loop:
+        - libnet-sftp-foreign-perl
+        - libssh2-1-dev
+        - libnet-ssh-perl
+
+    - name: Deploy SFTP Checkmk Local Check (Perl)
+      ansible.builtin.template:
+        src: "../../group_vars/checkmk/local_check_templates/sftp_with_pass_check.j2"
+        dest: /usr/lib/check_mk_agent/local/sftp_with_pass_check.pl
+        mode: "0755"