Module: check_mk
Branch: master
Commit: a008a379ebcb1cd07808cae3d908ae45814793c3
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a008a379ebcb1c…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Mar 20 12:06:23 2017 +0100
4506 FIX User without permission to host could see host information when permitted for "all events"
When a user has the permission "see all events", he can see events for hosts that the user is not
permitted to in the status GUI. This is the default for regular users.
These users could access the event detail page and see information about the host, like the state
of the services, even when they were not permitted to see data about this host in the status page.
Whe the user is allowed to customize his views, he could easily add more host related columns to
see even more information about that host.
Change-Id: I8b8a546967424956609235379ba5c4044c7c16c4
---
.bugs/2462 | 7 ++++--
.werks/4506 | 17 +++++++++++++++
web/htdocs/config.py | 4 ++++
web/plugins/views/mkeventd.py | 50 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 76 insertions(+), 2 deletions(-)
diff --git a/.bugs/2462 b/.bugs/2462
index 1372250..28624b4 100644
--- a/.bugs/2462
+++ b/.bugs/2462
@@ -1,9 +1,9 @@
Title: EC: User without permission to host can view host information
Component: multisite
-State: open
+Class: bug
+State: done
Date: 2016-07-22 18:02:26
Targetversion: 1.2.8
-Class: bug
When viewing an event of a host which the user is not permitted to see
while the user has "see all events permission", the user sees the
@@ -21,3 +21,6 @@ the monitoring data of that host.
This needs to be filtered either in the core (then we need the AuthUser header and
the info that the user has "see all" permission) or in web/plugins/views/mkeventd.py query_ec_table().
+
+2017-03-20 12:03:26: changed state open -> done
+Has been fixed now
diff --git a/.werks/4506 b/.werks/4506
new file mode 100644
index 0000000..3b4b119
--- /dev/null
+++ b/.werks/4506
@@ -0,0 +1,17 @@
+Title: User without permission to host could see host information when permitted for "all events"
+Level: 1
+Component: ec
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1490007809
+Class: fix
+
+When a user has the permission "see all events", he can see events for hosts that the user is not
+permitted to in the status GUI. This is the default for regular users.
+
+These users could access the event detail page and see information about the host, like the state
+of the services, even when they were not permitted to see data about this host in the status page.
+
+Whe the user is allowed to customize his views, he could easily add more host related columns to
+see even more information about that host.
diff --git a/web/htdocs/config.py b/web/htdocs/config.py
index 3b625cd..e9f87b5 100644
--- a/web/htdocs/config.py
+++ b/web/htdocs/config.py
@@ -411,6 +411,10 @@ class LoggedInUser(object):
return self.get_attribute("language", get_language(default))
+ def contact_groups(self):
+ return self.get_attribute("contactgroups", [])
+
+
def load_stars(self):
return set(self.load_file("favorites", []))
diff --git a/web/plugins/views/mkeventd.py b/web/plugins/views/mkeventd.py
index 2921683..4340c21 100644
--- a/web/plugins/views/mkeventd.py
+++ b/web/plugins/views/mkeventd.py
@@ -53,12 +53,62 @@ def query_ec_table(datasource, columns, add_columns, query, only_sites, limit, t
rows = query_data(datasource, columns, add_columns, query, only_sites, limit,
tablename=tablename)
+ if not rows:
+ return rows
+
+ _ec_filter_host_information_of_not_permitted_hosts(rows)
+
if config.user.may("mkeventd.seeunrelated"):
return rows # user is allowed to see all events returned by the core
return [ r for r in rows if r["event_contact_groups"] != [] or r["host_name"] != "" ]
+# Handle the case where a user is allowed to see all events (-> events for hosts he
+# is not permitted for). In this case the user should be allowed to see the event
+# information, but not the host related information.
+#
+# To realize this, whe filter all data from the host_* columns from the response.
+# See Gitbug #2462 for some more information.
+#
+# This should be handled in the core, but the core does not know anything about
+# the "mkeventd.seeall" permissions. So it is simply not possible to do this on
+# core level at the moment.
+def _ec_filter_host_information_of_not_permitted_hosts(rows):
+ if not config.user.may("mkeventd.seeall"):
+ return
+
+ user_groups = set(config.user.contact_groups())
+
+ def is_contact(row):
+ return bool(user_groups.intersection(row["host_contact_groups"]))
+
+ if rows:
+ remove_keys = [ c for c in rows[0].keys() if c.startswith("host_") ]
+ else:
+ remove_keys = []
+
+ for row in rows:
+ if row["host_name"] == "":
+ continue # This is an "unrelated host", don't treat it here
+
+ if is_contact(row):
+ continue # The user may see these host information
+
+ # Now remove the host information. This can sadly not apply the cores
+ # default values for the different columns. We try our best to clean up
+ for key in remove_keys:
+ if type(row[key]) == list:
+ row[key] = []
+ elif type(row[key]) == int:
+ row[key] = 0
+ elif type(row[key]) == float:
+ row[key] = 0.0
+ elif type(row[key]) == str:
+ row[key] = ""
+ elif type(row[key]) == unicode:
+ row[key] = u""
+
# Declare datasource only if the event console is activated. We do
# not want to irritate users that do not know anything about the EC.
Module: check_mk
Branch: master
Commit: 7472e890e8c6baa5c38e7db6e75539c7ac6817a5
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7472e890e8c6ba…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Mar 21 07:55:09 2017 +0100
4507 FIX Non resolvable hosts may lead to config compilation error
When having hosts without host address configured and compiling
the config of the core while the host can not be resolved, this
may lead to an excception:
AttributeError: 'NoneType' object has no attribute 'strip'
This has been fixed now.
Change-Id: If1fab5d65ea22cfa45f292c41ea4edecdf381eec
---
.werks/4507 | 17 +++++++++++++++++
modules/check_mk.py | 4 ++++
2 files changed, 21 insertions(+)
diff --git a/.werks/4507 b/.werks/4507
new file mode 100644
index 0000000..c73777b
--- /dev/null
+++ b/.werks/4507
@@ -0,0 +1,17 @@
+Title: Non resolvable hosts may lead to config compilation error
+Level: 1
+Component: core
+Class: fix
+Compatible: compat
+Edition: cee
+State: unknown
+Version: 1.5.0i1
+Date: 1490079245
+
+When having hosts without host address configured and compiling
+the config of the core while the host can not be resolved, this
+may lead to an excception:
+
+AttributeError: 'NoneType' object has no attribute 'strip'
+
+This has been fixed now.
diff --git a/modules/check_mk.py b/modules/check_mk.py
index fc57835..bfa5907 100755
--- a/modules/check_mk.py
+++ b/modules/check_mk.py
@@ -2910,11 +2910,15 @@ def get_host_attributes(hostname, tags):
# Now lookup configured IP addresses
if is_ipv4_host(hostname):
attrs["_ADDRESS_4"] = ip_address_of(hostname, 4)
+ if attrs["_ADDRESS_4"] == None:
+ attrs["_ADDRESS_4"] = ""
else:
attrs["_ADDRESS_4"] = ""
if is_ipv6_host(hostname):
attrs["_ADDRESS_6"] = ip_address_of(hostname, 6)
+ if attrs["_ADDRESS_6"] == None:
+ attrs["_ADDRESS_6"] = ""
else:
attrs["_ADDRESS_6"] = ""
Module: check_mk
Branch: master
Commit: 442d65ceec0e142e6c6785a95491fb80c469d54b
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=442d65ceec0e14…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Mar 20 16:24:32 2017 +0100
Updated bug entries #2553, #2844, #2822
Change-Id: I6b2158b086b7b6e5744d28bf1b64e730bf4ad2cf
---
.bugs/2553 | 7 ++++++-
.bugs/2822 | 2 +-
.bugs/2844 | 2 +-
3 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/.bugs/2553 b/.bugs/2553
index d83461e..2b1abcc 100644
--- a/.bugs/2553
+++ b/.bugs/2553
@@ -2,7 +2,7 @@ Title: Matching of Texts in EC inconsistent if no regexes are used
Component: ec
State: open
Date: 2017-01-25 14:13:01
-Targetversion: 1.2.8
+Targetversion: 1.4.0
Class: bug
The matching if "app" and "ap[p]" differ - but shouldn't. The EC uses
@@ -13,3 +13,8 @@ like foo.
Investigate this. Maybe we need to migrate existing match strings
in order to stay compabible and fix the problem anyway.
+
+---
+
+This also affects 1.2.8 and possibly older version, but we won't change
+it in this old versions.
diff --git a/.bugs/2822 b/.bugs/2822
index 9f3286b..4208970 100644
--- a/.bugs/2822
+++ b/.bugs/2822
@@ -2,7 +2,7 @@ Title: core can end in endless loop if helper can't be started
Component: core
State: open
Date: 2016-04-07 13:39:57
-Targetversion: 1.2.8
+Targetversion: 1.4.0
Class: bug
In EventHelper::flush the function EventHelper::sendNextEvent is called in a loop until a list of events has been processed. EventHelper::sendNextEvent can return before processing an event for several reasons, i.e. if the helper is not connected. In this case the core will try to re-start the helper but if that doesn't work, the core will never return from the loop in EventHelper::flush. There may be multiple other errors in the same area.
diff --git a/.bugs/2844 b/.bugs/2844
index e11a637..4860695 100644
--- a/.bugs/2844
+++ b/.bugs/2844
@@ -2,7 +2,7 @@ Title: Translation of "Line" is problematic
Component: web
State: open
Date: 2017-02-21 10:33:50
-Targetversion: 1.2.8
+Targetversion: 1.4.0
Class: bug
"Line" needs to be translated into "Zeile" and into "Linie" (Graphing)
Module: check_mk
Branch: master
Commit: 19f483ee4efb4319fe9e16d5bdfd8599e12454e8
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=19f483ee4efb43…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Mar 20 16:22:33 2017 +0100
Updated bug entries #2822
Change-Id: I782e3533b205dce9afd2356811d235c39f2fa598
---
.bugs/2822 | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/.bugs/2822 b/.bugs/2822
index eb2d162..9f3286b 100644
--- a/.bugs/2822
+++ b/.bugs/2822
@@ -6,4 +6,10 @@ Targetversion: 1.2.8
Class: bug
In EventHelper::flush the function EventHelper::sendNextEvent is called in a loop until a list of events has been processed. EventHelper::sendNextEvent can return before processing an event for several reasons, i.e. if the helper is not connected. In this case the core will try to re-start the helper but if that doesn't work, the core will never return from the loop in EventHelper::flush. There may be multiple other errors in the same area.
-A minor related problem is that if the helper has closed the socket, sendNextEvent will report an error message that has nothing to do with what actually happened.
\ No newline at end of file
+A minor related problem is that if the helper has closed the socket, sendNextEvent will report an error message that has nothing to do with what actually happened.
+
+--
+
+This also affects 1.2.8, but we will not fix this in 1.2.8 anymore.
+
+TODO: Do we need to fix this in 1.4.0?
Module: check_mk
Branch: master
Commit: b4449e4a176588e173d5d154730b00a83c7aa922
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b4449e4a176588…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Mar 21 08:33:30 2017 +0100
4509 FIX Removed now useless "parents" attribute from "New/Edit cluster dialog"
Since the parents of cluster hosts are automatically determined in all situations now,
we have removed this attribute from the GUI.
Change-Id: Ie8d1edb007767aee109dcdfcc6c7c8f4725df00e
---
.bugs/2330 | 6 +++++-
.werks/4509 | 12 ++++++++++++
web/htdocs/wato.py | 24 +++++++++++++-----------
web/plugins/wato/builtin_attributes.py | 3 +++
4 files changed, 33 insertions(+), 12 deletions(-)
diff --git a/.bugs/2330 b/.bugs/2330
index e80a420..965484b 100644
--- a/.bugs/2330
+++ b/.bugs/2330
@@ -1,6 +1,7 @@
Title: Cluster should always have only it's nodes as parents
Component: core
-State: open
+Class: bug
+State: done
Date: 2016-02-16 13:42:50
Targetversion: 1.4.0
Class: bug
@@ -25,3 +26,6 @@ Das erwartete Ergebnis kann aktuell erreicht werden, in dem für das Cluster Par
----------------------------
Is this really correct for all kind of clusters (with, without IP, ...)?
+
+2017-03-21 08:23:02: changed state open -> done
+Has been fixed for 1.4.0 and master.
diff --git a/.werks/4509 b/.werks/4509
new file mode 100644
index 0000000..d552d59
--- /dev/null
+++ b/.werks/4509
@@ -0,0 +1,12 @@
+Title: Removed now useless "parents" attribute from "New/Edit cluster dialog"
+Level: 1
+Component: wato
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1490081502
+
+Since the parents of cluster hosts are automatically determined in all situations now,
+we have removed this attribute from the GUI.
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 29073ad..9d916d7 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -1381,7 +1381,8 @@ def mode_edit_host(phase, new, is_cluster):
html.help(_('Enter the host names of the cluster nodes. These '
'hosts must be present in WATO. '))
- configure_attributes(new, {hostname: host}, "host", parent = Folder.current())
+ configure_attributes(new, {hostname: host}, "host" if not is_cluster else "cluster",
+ parent = Folder.current())
forms.end()
if not Folder.current().locked_hosts():
@@ -16756,10 +16757,11 @@ class UserIconOrAction(DropdownChoice):
#
# new: Boolean flag if this is a creation step or editing
# for_what can be:
-# "host" -> normal host edit dialog
-# "folder" -> properties of folder or file
+# "host" -> normal host edit dialog
+# "cluster" -> normal host edit dialog
+# "folder" -> properties of folder or file
# "host_search" -> host search dialog
-# "bulk" -> bulk change
+# "bulk" -> bulk change
# parent: The parent folder of the objects to configure
# myself: For mode "folder" the folder itself or None, if we edit a new folder
# This is needed for handling mandatory attributes.
@@ -16816,7 +16818,7 @@ def configure_attributes(new, hosts, for_what, parent, myself=None, without_attr
depends_on_roles = attr.depends_on_roles()
# Add host tag dependencies, but only in host mode. In other
# modes we always need to show all attributes.
- if for_what == "host" and depends_on_tags:
+ if for_what in [ "host", "cluster" ] and depends_on_tags:
dependency_mapping_tags[attrname] = depends_on_tags
if depends_on_roles:
@@ -16842,7 +16844,7 @@ def configure_attributes(new, hosts, for_what, parent, myself=None, without_attr
# one and have the same value
unique = num_haveit == 0 or (len(values) == 1 and num_haveit == len(hosts))
- if for_what in [ "host", "folder" ]:
+ if for_what in [ "host", "cluster", "folder" ]:
host = hosts.values()[0]
# Collect information about attribute values inherited from folder.
@@ -16854,7 +16856,7 @@ def configure_attributes(new, hosts, for_what, parent, myself=None, without_attr
container = None
if attr.show_inherited_value():
- if for_what == "host":
+ if for_what in [ "host", "cluster" ]:
url = Folder.current().edit_url()
container = parent # container is of type Folder
@@ -16906,7 +16908,7 @@ def configure_attributes(new, hosts, for_what, parent, myself=None, without_attr
and not has_inherited:
force_entry = True
active = True
- elif for_what == "host" and attr.is_mandatory() and not has_inherited:
+ elif for_what in [ "host", "cluster" ] and attr.is_mandatory() and not has_inherited:
force_entry = True
active = True
elif cb != None:
@@ -16915,7 +16917,7 @@ def configure_attributes(new, hosts, for_what, parent, myself=None, without_attr
active = unique and len(values) > 0
elif for_what == "folder" and myself:
active = myself.has_explicit_attribute(attrname)
- elif for_what == "host" and host: # "host"
+ elif for_what in [ "host", "cluster" ] and host: # "host"
active = host.has_explicit_attribute(attrname)
else:
active = False
@@ -16926,7 +16928,7 @@ def configure_attributes(new, hosts, for_what, parent, myself=None, without_attr
else:
disabled = True
- if (for_what == "host" and parent.locked_hosts()) or (for_what == "folder" and myself and myself.locked()):
+ if (for_what in [ "host", "cluster" ] and parent.locked_hosts()) or (for_what == "folder" and myself and myself.locked()):
checkbox_code = None
elif force_entry:
checkbox_code = html.render_checkbox("ignored_" + checkbox_name, add_attr=["disabled"])
@@ -16980,7 +16982,7 @@ def configure_attributes(new, hosts, for_what, parent, myself=None, without_attr
else:
value = values[0]
- elif for_what in [ "host", "folder" ]:
+ elif for_what in [ "host", "cluster", "folder" ]:
if not new and (not attr.editable() or not attr.may_edit()) and active:
value = values[0]
else:
diff --git a/web/plugins/wato/builtin_attributes.py b/web/plugins/wato/builtin_attributes.py
index 360c981..f18638a 100644
--- a/web/plugins/wato/builtin_attributes.py
+++ b/web/plugins/wato/builtin_attributes.py
@@ -209,6 +209,9 @@ class ParentsAttribute(ValueSpecAttribute):
"of its parents are monitored by the same site."),
orientation = "horizontal"))
+ def is_visible(self, for_what):
+ return for_what != "cluster"
+
def to_nagios(self, value):
if value:
return ",".join(value)
Fixes Nagios inconsistency)
Message-ID: <58d0d8f1.rBCuTQgL1SJNielF%lm(a)mathias-kettner.de>
User-Agent: Heirloom mailx 12.5 6/20/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Module: check_mk
Branch: master
Commit: 62e64f32faa328ce9ca9b485841a96a47115fd8c
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=62e64f32faa328…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Mar 21 08:22:14 2017 +0100
4508 FIX Clusters: Now always have their nodes as parents (Fixes Nagios inconsistency)
When configuring clusters via Check_MK it was possible to configure custom parent nodes
for the cluster nodes when using the Nagios core. The Microcore already used it's nodes
before as it was designed. We have now changed the Nagios handling to also enforce the
nodes to be parent hosts of their cluster hosts.
The assumption is: The cluster host is reachable while at least one node is up.
Change-Id: Icb7c245a169129f1b55a2757bbe778d4ac882313
---
.werks/4508 | 16 ++++++++++++++++
modules/check_mk.py | 18 ++++++++++++++----
modules/nagios.py | 27 ++++++++++++++-------------
3 files changed, 44 insertions(+), 17 deletions(-)
diff --git a/.werks/4508 b/.werks/4508
new file mode 100644
index 0000000..ec24b50
--- /dev/null
+++ b/.werks/4508
@@ -0,0 +1,16 @@
+Title: Clusters: Now always have their nodes as parents (Fixes Nagios inconsistency)
+Level: 1
+Component: core
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.5.0i1
+Date: 1490080766
+
+When configuring clusters via Check_MK it was possible to configure custom parent nodes
+for the cluster nodes when using the Nagios core. The Microcore already used it's nodes
+before as it was designed. We have now changed the Nagios handling to also enforce the
+nodes to be parent hosts of their cluster hosts.
+
+The assumption is: The cluster host is reachable while at least one node is up.
diff --git a/modules/check_mk.py b/modules/check_mk.py
index bfa5907..3823a0b 100755
--- a/modules/check_mk.py
+++ b/modules/check_mk.py
@@ -1115,8 +1115,10 @@ def in_extraconf_hostlist(hostlist, hostname):
return False
-def extra_host_conf_of(hostname):
- return extra_conf_of(extra_host_conf, hostname, None)
+def extra_host_conf_of(hostname, exclude=None):
+ if exclude == None:
+ exclude = []
+ return extra_conf_of(extra_host_conf, hostname, None, exclude)
def extra_summary_host_conf_of(hostname):
return extra_conf_of(extra_summary_host_conf, hostname, None)
@@ -1144,16 +1146,24 @@ def extra_service_conf_of(hostname, description):
def extra_summary_service_conf_of(hostname, description):
return extra_conf_of(extra_summary_service_conf, hostname, description)
-def extra_conf_of(confdict, hostname, service):
+def extra_conf_of(confdict, hostname, service, exclude=None):
+ if exclude == None:
+ exclude = []
+
result = ""
for key, conflist in confdict.items():
if service != None:
values = service_extra_conf(hostname, service, conflist)
else:
values = host_extra_conf(hostname, conflist)
- if len(values) > 0:
+
+ if exclude and key in exclude:
+ continue
+
+ if values:
format = " %-29s %s\n"
result += format % (key, values[0])
+
return result
def autodetect_plugin(command_line):
diff --git a/modules/nagios.py b/modules/nagios.py
index f6d891f..f3cc109 100644
--- a/modules/nagios.py
+++ b/modules/nagios.py
@@ -172,21 +172,22 @@ def create_nagios_hostdefs(outfile, hostname, attrs):
outfile.write(" contact_groups\t\t%s\n" % make_utf8(",".join(cgrs)))
contactgroups_to_define.update(cgrs)
- # Get parents manually defined via extra_host_conf["parents"]. Only honor
- # variable "parents" and implicit parents if this setting is empty
- extra_conf_parents = host_extra_conf(hostname, extra_host_conf.get("parents", []))
+ if not is_clust:
+ # Parents for non-clusters
- # Parents for non-clusters
- if not extra_conf_parents and not is_clust:
- parents_list = parents_of(hostname)
- if len(parents_list) > 0:
- outfile.write(" parents\t\t\t%s\n" % (",".join(parents_list)))
+ # Get parents manually defined via extra_host_conf["parents"]. Only honor
+ # variable "parents" and implicit parents if this setting is empty
+ extra_conf_parents = host_extra_conf(hostname, extra_host_conf.get("parents", []))
- # Special handling of clusters
- if is_clust:
- alias = "cluster of %s" % ", ".join(nodes)
if not extra_conf_parents:
- outfile.write(" parents\t\t\t%s\n" % ",".join(nodes))
+ parents_list = parents_of(hostname)
+ if parents_list:
+ outfile.write(" parents\t\t\t%s\n" % (",".join(parents_list)))
+
+ elif is_cluster:
+ # Special handling of clusters
+ alias = "cluster of %s" % ", ".join(nodes)
+ outfile.write(" parents\t\t\t%s\n" % ",".join(nodes))
# Output alias, but only if it's not defined in extra_host_conf
alias = alias_of(hostname, None)
@@ -196,7 +197,7 @@ def create_nagios_hostdefs(outfile, hostname, attrs):
alias = make_utf8(alias)
# Custom configuration last -> user may override all other values
- outfile.write(make_utf8(extra_host_conf_of(hostname)))
+ outfile.write(make_utf8(extra_host_conf_of(hostname, exclude=["parents"] if is_clust else [])))
outfile.write("}\n")