#!/usr/bin/env python3
try:
    from inmon_utils import *
except:
    import sys
    sys.exit(3)
import argparse
import paramiko
import logging

parser = argparse.ArgumentParser(description="Obtains demotion information from an OPNsense firewall")

parser.add_argument(
    "-v",
    "--verbose",
    dest="verbose",
    action="store_true",
    help="sets logging level to info"
)

parser.add_argument(
    "-i",
    "--keyfile",
    dest="keyfile",
    help="ssh keyfile",
    required=True
)

parser.add_argument(
    "-H",
    "--hostname",
    dest="hostname",
    help="hostname of the device to check",
    required=True
)

parser.add_argument(
    "-U",
    "--username",
    dest="username",
    help="username to log into the device under",
    required=True
)

args = parser.parse_args()

client = paramiko.client.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(str(args.hostname), username=str(args.username), key_filename=str(args.keyfile))
stdin, stdout, stderr = client.exec_command('sysctl -n net.inet.carp.demotion')
stdin.close()
outlines = stdout.readline().strip()
if int(outlines) != 0:
    print(f"CRITICAL - {args.hostname} has a demotion value of {str(int(outlines))}")
    sys.exit(2)
else:
    print(f"OK - demotion value 0")
    sys.exit(0)