Module: check_mk
Branch: master
Commit: c586a74b5797647b4e138f2fb738d4c09b595ac9
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c586a74b579764…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Jul 3 14:28:28 2015 +0200
#2395 FIX Fix conflict with legacy check_mk-agent-logwatch package in default RPM packages
When you install the default Check_MK Agent RPM package it will trigger the removal of
the previously installed check-mk-agent, check_mk-agent and check_mk-agent-logwatch
RPM packages. Please note that this agent does not ship the mk_logwatch plugin, so
you will need to install the mk_logwatch plugin in your own.
If you want to have the Check_MK Agent RPM package contain the plugins you need and
are a happy user with access to the Check_MK Enterprise Edition, you can use the
Agent Bakery to create your custom packed RPM packages.
---
.werks/2395 | 16 ++++++++++++++++
ChangeLog | 1 +
agents/check-mk-agent.spec | 2 +-
3 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/.werks/2395 b/.werks/2395
new file mode 100644
index 0000000..b1a188e
--- /dev/null
+++ b/.werks/2395
@@ -0,0 +1,16 @@
+Title: Fix conflict with legacy check_mk-agent-logwatch package in default RPM packages
+Level: 1
+Component: checks
+Compatible: compat
+Version: 1.2.7i3
+Date: 1435925490
+Class: fix
+
+When you install the default Check_MK Agent RPM package it will trigger the removal of
+the previously installed check-mk-agent, check_mk-agent and check_mk-agent-logwatch
+RPM packages. Please note that this agent does not ship the mk_logwatch plugin, so
+you will need to install the mk_logwatch plugin in your own.
+
+If you want to have the Check_MK Agent RPM package contain the plugins you need and
+are a happy user with access to the Check_MK Enterprise Edition, you can use the
+Agent Bakery to create your custom packed RPM packages.
diff --git a/ChangeLog b/ChangeLog
index a6f1929..d800a3a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,7 @@
* 2320 FIX: winperf_msx_queues: no longer crashes in service discovery if there are no msx queues available
* 2321 FIX: process discovery: fixed exception during service discovery when no explicit process matching was set...
* 2394 FIX: megaraid_ldisks: Is now supporting LSI CacheCade drives
+ * 2395 FIX: Fix conflict with legacy check_mk-agent-logwatch package in default RPM packages...
Multisite:
* 2385 SEC: Fixed possible reflected XSS on all GUI pages where users can produce unhandled exceptions...
diff --git a/agents/check-mk-agent.spec b/agents/check-mk-agent.spec
index 7b950b3..5403524 100644
--- a/agents/check-mk-agent.spec
+++ b/agents/check-mk-agent.spec
@@ -34,7 +34,7 @@ BuildRoot: %{_topdir}/buildroot
AutoReq: off
AutoProv: off
BuildArch: noarch
-Obsoletes: check_mk-agent
+Obsoletes: check_mk-agent check_mk-agent-logwatch
%description
The Check_MK Agent uses xinetd to provide information about the system
Module: check_mk
Branch: master
Commit: 829bae733f6fe3dd65fa3398c4a623c8c9845d15
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=829bae733f6fe3…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri Jul 3 12:55:34 2015 +0200
#2398 agent_vsphere: now able to opt-out of servers ssl certifcate check
Starting with python 2.7.9 the ssl certificate of the target server is always validiated.
This caused problems when the certfile was not correctly registered on the monitoring server.
You can now choose in the datasource program, to disable the certificate check.
If this check should be done, you can configure if the hostname or a better suited hostname
should be used for this validiation.
---
.werks/2398 | 15 +++++++++++++++
ChangeLog | 1 +
agents/special/agent_vsphere | 15 ++++++++++++---
checks/agent_vsphere | 11 ++++++++++-
web/plugins/wato/datasource_programs.py | 15 ++++++++++++++-
5 files changed, 52 insertions(+), 5 deletions(-)
diff --git a/.werks/2398 b/.werks/2398
new file mode 100644
index 0000000..afb14f4
--- /dev/null
+++ b/.werks/2398
@@ -0,0 +1,15 @@
+Title: agent_vsphere: now able to opt-out of servers ssl certifcate check
+Level: 2
+Component: checks
+Class: feature
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1435920578
+
+Starting with python 2.7.9 the ssl certificate of the target server is always validiated.
+This caused problems when the certfile was not correctly registered on the monitoring server.
+
+You can now choose in the datasource program, to disable the certificate check.
+If this check should be done, you can configure if the hostname or a better suited hostname
+should be used for this validiation.
diff --git a/ChangeLog b/ChangeLog
index a6f1929..714396b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@
* 1260 jolokia_metrics.perm_gen: New Check to monitor used Perm Space on a JVM
* 2317 agent_ruckus_spot: new special agent for querying access point statistics via web interface...
* 2371 appdynamics_memory, appdynamics_sessions, appdynamics_web_container: New checks for AppDynamic...
+ * 2398 agent_vsphere: now able to opt-out of servers ssl certifcate check...
* 2315 FIX: windows agent: BOM replacement, fixed incorrect byte offset...
* 2316 FIX: windows agent: fix garbled output of cached agent plugins...
* 2358 FIX: check_mk_agent.solaris: more correct computation of zfs used space...
diff --git a/agents/special/agent_vsphere b/agents/special/agent_vsphere
index 582012e..608d383 100755
--- a/agents/special/agent_vsphere
+++ b/agents/special/agent_vsphere
@@ -388,6 +388,7 @@ OPTIONS:
by the Site Recovery Manager (SRM) and are identified by not
having any assigned virtual disks.
-p, --port port Alternative port number (default is 443 for the https connection)
+ --no-cert-check Disables the checking of the servers ssl certificate
--pysphere Fallback to old pysphere based special agent. It supports
ESX 4.1 but is very slow.
-H, --hostname Specify a hostname. This is neccessary if this is
@@ -429,7 +430,7 @@ OPTIONS:
short_options = 'hi:u:s:Dat:H:Pp:S:'
long_options = [
- 'help', 'user=', 'secret=', 'direct', 'agent', 'debug', 'modules=', 'timeout=',
+ 'help', 'user=', 'secret=', 'direct', 'agent', 'debug', 'modules=', 'timeout=', 'no-cert-check',
'hostname=', 'tracefile=', "pysphere", "port=", "spaces=", "host_pwr_display=", "vm_pwr_display="
]
@@ -446,6 +447,7 @@ opt_host_pwr_display = None
opt_vm_pwr_display = None
opt_tracefile = None
opt_spaces = "underscore"
+opt_no_cert = False
error = None
error_exit = 1
@@ -475,6 +477,8 @@ for o,a in opts:
opt_skip_placeholder_vm = True
elif o in [ '-p', '--port' ]:
opt_port = a
+ elif o in [ '--no-cert-check' ]:
+ opt_no_cert = True
elif o == '--pysphere':
opt_pysphere = True
elif o in [ '-u', '--user' ]:
@@ -655,7 +659,12 @@ def encode_url(text):
# Initialize server connection
try:
netloc = host_address + ":" + str(opt_port)
- server_handle = httplib.HTTPSConnection(netloc)
+
+ if opt_no_cert:
+ import ssl
+ server_handle = httplib.HTTPSConnection(netloc, context = ssl._create_unverified_context())
+ else:
+ server_handle = httplib.HTTPSConnection(netloc)
if opt_debug:
sys.stderr.write("Connecting to %s..." % netloc)
@@ -932,7 +941,7 @@ if not error:
print "<<<esx_vsphere_sensors:sep(59)>>>"
for key in sorted(hostsystems_sensors[hostname].keys()):
data = hostsystems_sensors[hostname][key]
- if data["key"] in ["green", "unknown"]:
+ if data["key"] in ["green", "unknown", "Green"]:
continue
print '%s;%s;%s;%s;%s;%s;%s;%s;%s' % (
data["name"].replace(";", "_"),
diff --git a/checks/agent_vsphere b/checks/agent_vsphere
index e0ce618..757cc20 100644
--- a/checks/agent_vsphere
+++ b/checks/agent_vsphere
@@ -65,7 +65,16 @@ def agent_vsphere_arguments(params, hostname, ipaddress):
if params.get("host_pwr_display"):
args += ' --host_pwr_display %s' % params.get("host_pwr_display")
- args += " " + quote_shell_string(ipaddress)
+ if "ssl" in params:
+ if params["ssl"] == False:
+ args += ' --no-cert-check ' + quote_shell_string(ipaddress)
+ elif params["ssl"] == True:
+ args += " " + quote_shell_string(hostname)
+ else:
+ args += " " + quote_shell_string(params["ssl"])
+ else: # legacy mode
+ args += " " + quote_shell_string(ipaddress)
+
return args
special_agent_info['vsphere'] = agent_vsphere_arguments
diff --git a/web/plugins/wato/datasource_programs.py b/web/plugins/wato/datasource_programs.py
index 691c30c..3df0584 100644
--- a/web/plugins/wato/datasource_programs.py
+++ b/web/plugins/wato/datasource_programs.py
@@ -70,6 +70,19 @@ register_rule(group,
maxvalue = 65535,
)
),
+ ( "ssl",
+ Alternative(
+ title = _("SSL certificate checking"),
+ elements = [
+ FixedValue( False, title = _("Deactivated"), totext=""),
+ FixedValue( True, title = _("Use hostname"), totext=""),
+ TextAscii( title = _("Use other hostname"),
+ help = _("The IP of the other hostname needs to be the same IP as the host address")
+ )
+ ],
+ default_value = False
+ )
+ ),
( "timeout",
Integer(
title = _("Connect Timeout"),
@@ -171,7 +184,7 @@ register_rule(group,
help = _("This rule selects the vSphere agent instead of the normal Check_MK Agent "
"and allows monitoring of VMWare ESX via the vSphere API. You can configure "
"your connection settings here."),
- forth = lambda a: dict([("skip_placeholder_vms", True), ("use_pysphere" , False), ("spaces", "underscore")] + a.items())
+ forth = lambda a: dict([("skip_placeholder_vms", True), ("ssl", False), ("use_pysphere" , False), ("spaces", "underscore")] + a.items())
),
factory_default = FACTORY_DEFAULT_UNUSED, # No default, do not use setting if no rule matches
match = 'first')
Module: check_mk
Branch: master
Commit: 141071d3af66dbf73327ba058e574262ad3bdd00
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=141071d3af66db…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Fri Jul 3 09:55:27 2015 +0200
Fix bug in man page of nestat
---
checkman/netstat | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/checkman/netstat b/checkman/netstat
index 4f0714a..b53bb00 100644
--- a/checkman/netstat
+++ b/checkman/netstat
@@ -73,5 +73,5 @@ parameters (dict): A dictionary with the following keys, all of which are
{"min_states"} Tuple(warn, crit) The minimum allowed entries of the required state
- {"min_states"} Tuple(warn, crit) The maximum allowed entries of the required state
+ {"max_states"} Tuple(warn, crit) The maximum allowed entries of the required state