Checkmk git commits June 2017

checkmk-commits@lists.checkmk.com

13 participants
266 discussions

by Lars Michelsen

Module: check_mk Branch: master Commit: 4ab9c7632e29dbae785d2279c7d73803c3dac2f5 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=4ab9c7632e29db… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jun 20 13:43:51 2017 +0200 Reserved 20 Werk IDS Change-Id: I82259d6c33e3983b40cff68430175da3bdc14325 --- .werks/first_free | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.werks/first_free b/.werks/first_free index a155f5a..af9a862 100644 --- a/.werks/first_free +++ b/.werks/first_free @@ -1 +1 @@ -4888 +4908

7 years

4362 fileinfo.groups, logwatch.groups: now group pattern matching is allowed in service description

by Simon Betz

Module: check_mk Branch: master Commit: bae23df68bce226fa3a659e65da8aa3c8cc45249 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=bae23df68bce22… Author: Simon Betz <si(a)mathias-kettner.de> Date: Tue Feb 21 09:57:27 2017 +0100 4362 fileinfo.groups, logwatch.groups: now group pattern matching is allowed in service description The service description may contain one or more occurances of %s. If you do this, then the pattern must be a regular expression and be prefixed with ~. For each %s in the description, the expression has to contain one "group". A group is a subexpression enclosed in brackets, for example (.*) or ([a-zA-Z]+) or (...). Change-Id: I69ec4a51ebd18e766aa116cefcfaae03e4805f9f --- .werks/4362 | 12 ++++ checks/fileinfo | 209 ++++++++++++++++++++++++++++++++++---------------------- checks/logwatch | 201 ++++++++++++++++++++++++++++++++++------------------- 3 files changed, 267 insertions(+), 155 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=bae23df68b…

7 years

4768 cisco_asa_connections: New check which monitors number of connections currently in use by Cisco ASA devices

by Simon Betz

Module: check_mk Branch: master Commit: 233cf90d25fb07300774ce6da562fc6da91a51b3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=233cf90d25fb07… Author: Simon Betz <si(a)mathias-kettner.de> Date: Tue Jun 6 11:59:52 2017 +0200 4768 cisco_asa_connections: New check which monitors number of connections currently in use by Cisco ASA devices Change-Id: I9639f5888f51e9161a76a1d6254004b2fab282cd --- .werks/4768 | 10 ++++++ checkman/cisco_asa_connections | 15 ++++++++ checks/cisco_asa_connections | 70 ++++++++++++++++++++++++++++++++++++ web/plugins/wato/check_parameters.py | 20 +++++++++++ 4 files changed, 115 insertions(+) diff --git a/.werks/4768 b/.werks/4768 new file mode 100644 index 0000000..a1ecd54 --- /dev/null +++ b/.werks/4768 @@ -0,0 +1,10 @@ +Title: cisco_asa_connections: New check which monitors number of connections currently in use by Cisco ASA devices +Level: 1 +Component: checks +Compatible: compat +Edition: cre +Version: 1.5.0i1 +Date: 1496743160 +Class: feature + + diff --git a/checkman/cisco_asa_connections b/checkman/cisco_asa_connections new file mode 100644 index 0000000..aefffcd4 --- /dev/null +++ b/checkman/cisco_asa_connections @@ -0,0 +1,15 @@ +title: Cisco ASA Connections +agents: snmp +catalog: hw/network/cisco +distribution: check_mk +license: GPLv3 +description: + This check monitors the number of connections currently in use by the entire firewall and + the highest number of connections in use at any one time since system startup of Cisco ASA + devices. + + Upper levels for currently connections can be set. There are no default levels. + +inventory: + One service will be created. + diff --git a/checks/cisco_asa_connections b/checks/cisco_asa_connections new file mode 100644 index 0000000..e65b21d --- /dev/null +++ b/checks/cisco_asa_connections @@ -0,0 +1,70 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2017 mk(a)mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# tails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + + +# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.3.40.6 "number of connections currently in use by the entire firewall" +# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.3.40.7 "highest number of connections in use at any one time since system startup" +# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.6 1045 +# .1.3.6.1.4.1.9.9.147.1.2.2.2.1.5.40.7 2816 + + +def inventory_cisco_asa_connections(info): + return [(None, {})] + + +def check_cisco_asa_connections(_no_item, params, info): + used_conns = int(info[0][0]) + overall_used_conns = info[1][0] + infotext = "Currently used: %s" % used_conns + state = 0 + + if params.get("connections"): + warn, crit = params["connections"] + perfdata = [("fw_connections_active", used_conns, warn, crit)] + if used_conns >= crit: + state = 2 + elif used_conns >= warn: + state = 1 + if state > 0: + infotext += " (warn/crit at %s/%s)" % (warn, crit) + else: + perfdata = [("fw_connections_active", used_conns)] + + return state, "%s, Max. since system startup: %s" % (infotext, overall_used_conns), perfdata + + +check_info['cisco_asa_connections'] = { + 'inventory_function' : inventory_cisco_asa_connections, + 'check_function' : check_cisco_asa_connections, + 'service_description' : 'Connections', + 'snmp_info' : ('.1.3.6.1.4.1.9.9.147.1.2.2.2.1', [ + '5', # CISCO-FIREWALL-MIB::cfwConnectionStatValue + ]), + "snmp_scan_function" : lambda oid: oid(".1.3.6.1.2.1.1.1.0").lower().startswith("cisco adaptive security") \ + or "cisco pix security" in oid(".1.3.6.1.2.1.1.1.0").lower(), + "group" : "cisco_fw_connections", + "has_perfdata" : True, +} diff --git a/web/plugins/wato/check_parameters.py b/web/plugins/wato/check_parameters.py index 6889265..0966319 100644 --- a/web/plugins/wato/check_parameters.py +++ b/web/plugins/wato/check_parameters.py @@ -9741,6 +9741,26 @@ register_check_parameters( register_check_parameters( subgroup_applications, + "cisco_fw_connections", + _("Cisco ASA Firewall Connections"), + Dictionary( + elements = [ + ("connections", Tuple( + help = _("This rule sets limits to the current number of connections through " + "a Cisco ASA firewall."), + title = _("Maximum number of firewall connections"), + elements = [ + Integer(title=_("Warning at")), + Integer(title=_("Critical at")), + ], + )), + ]), + None, + "dict", +) + +register_check_parameters( + subgroup_applications, "checkpoint_connections", _("Checkpoint Firewall Connections"), Tuple(

7 years

Fixed percent levels if max_messages equals zero

by Simon Betz

Module: check_mk Branch: master Commit: ef1fa56343dc0821be4fdffdf57e737a25003cca URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ef1fa56343dc08… Author: Simon Betz <si(a)mathias-kettner.de> Date: Tue Jun 20 13:16:56 2017 +0200 Fixed percent levels if max_messages equals zero Change-Id: Id3385fc5dfdbdd8e7c4eb439c77d9d253a493db5 --- checks/websphere_mq_channels | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checks/websphere_mq_channels b/checks/websphere_mq_channels index edb4d58..2118906 100644 --- a/checks/websphere_mq_channels +++ b/checks/websphere_mq_channels @@ -104,7 +104,7 @@ def check_websphere_mq_channels(item, params, parsed): yield state, infotext, [('messages', messages, warn, crit, 0, max_messages)] - if params.get("message_count_perc"): + if params.get("message_count_perc") and max_messages > 0: warn, crit = params["message_count_perc"] messages_perc = 1.0 * messages / max_messages infotext = get_percent_human_readable(messages_perc)

7 years

4765 FIX Liveproxyd: Fixed possible exception in case of temporary load issues

by Lars Michelsen

Module: check_mk Branch: master Commit: d4b598d58d902949f6c61e9f14589ed3333d9eec URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=d4b598d58d9029… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jun 20 12:46:33 2017 +0200 4765 FIX Liveproxyd: Fixed possible exception in case of temporary load issues When the connection to livestatus is not possible with "Resource temporarily unavailable" error, which can happen in high load situations, then the error was not handled correctly. Change-Id: Ia37d1f9d33f9d732c5ad75918911df9b1a89e9f2 --- .werks/4765 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.werks/4765 b/.werks/4765 new file mode 100644 index 0000000..05b6813 --- /dev/null +++ b/.werks/4765 @@ -0,0 +1,13 @@ +Title: Liveproxyd: Fixed possible exception in case of temporary load issues +Level: 1 +Component: liveproxy +Class: fix +Compatible: compat +Edition: cee +State: unknown +Version: 1.5.0i1 +Date: 1497955452 + +When the connection to livestatus is not possible with "Resource temporarily unavailable" error, +which can happen in high load situations, then the error was not handled correctly. +

7 years

4656 Added folder selection to Host & Service Parameters search

by Simon Betz

Module: check_mk Branch: master Commit: 8631bc2753345272c873781c74af0f5955fc4dad URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8631bc27533452… Author: Simon Betz <si(a)mathias-kettner.de> Date: Sun May 14 13:25:21 2017 +0200 4656 Added folder selection to Host & Service Parameters search Change-Id: Ib3fa62949cb29cff6e10571dcfb50456c3971d08 --- .werks/4656 | 10 ++++++++++ web/htdocs/wato.py | 18 ++++++++++++++++++ web/htdocs/watolib.py | 13 ++++++++++++- 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/.werks/4656 b/.werks/4656 new file mode 100644 index 0000000..575f170 --- /dev/null +++ b/.werks/4656 @@ -0,0 +1,10 @@ +Title: Added folder selection to Host & Service Parameters search +Level: 1 +Component: wato +Compatible: compat +Edition: cre +Version: 1.5.0i1 +Date: 1494761036 +Class: feature + + diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 4c8e4d1..1a28d0b 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -13095,6 +13095,7 @@ class ModeRuleSearch(WatoMode): "rule_hosttags", "rule_disabled", "rule_ineffective", + "rule_folder", ]), ], elements = [ @@ -13183,6 +13184,23 @@ class ModeRuleSearch(WatoMode): (False, _("Search for effective rules")), ], )), + ("rule_folder", Tuple( + title = _("Folder"), + elements = [ + DropdownChoice( + title = _("Selection"), + choices = Folder.folder_choices(), + ), + DropdownChoice( + title = _("Recursion"), + choices = [ + (True, _("Also search in subfolders")), + (False, _("Search in this folder")), + ], + default_value = False, + ), + ], + )), ], ) diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py index ef8aed4..d138830 100644 --- a/web/htdocs/watolib.py +++ b/web/htdocs/watolib.py @@ -7410,7 +7410,6 @@ class Ruleset(object): # The ruleset matched or did not decide to skip the whole ruleset. # The ruleset should be matched in case a rule matches. - if not self.has_rule_search_options(search_options): return self.matches_fulltext_search(search_options) @@ -7923,6 +7922,9 @@ class Rule(object): def matches_search(self, search_options): + if "rule_folder" in search_options and self.folder.name() not in self._get_search_folders(search_options): + return False + if "rule_disabled" in search_options and search_options["rule_disabled"] != self.is_disabled(): return False @@ -7978,6 +7980,15 @@ class Rule(object): return True + def _get_search_folders(self, search_options): + current_folder, do_recursion = search_options["rule_folder"] + current_folder = Folder.folder(current_folder) + search_in_folders = [current_folder.name()] + if do_recursion: + search_in_folders = [x.split("/")[-1] for x,y in current_folder.recursive_subfolder_choices()] + return search_in_folders + + def index(self): return self.ruleset.get_folder_rules(self.folder).index(self)

7 years

4766 snmp_extended_info: Inventorizes all available physical components except ports in more robust way

by Simon Betz

Module: check_mk Branch: master Commit: 95741b2fecd3043eadb4c09a2efe818be3986f32 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=95741b2fecd304… Author: Simon Betz <si(a)mathias-kettner.de> Date: Tue May 30 12:28:28 2017 +0200 4766 snmp_extended_info: Inventorizes all available physical components except ports in more robust way Note: Some bogus devices such as Cisco 2500 Series WLC or Cisco Wide Area Application Services do not have exactly one entry == "0" which means device itself or do not provide any information about physical class. In the first case {{Hardware > System}} will be omitted. In the second case we inventorize these components below physical components table {{Unknown entities}}. In all cases ports are ignored because we have an extra view for them. Change-Id: I5bbb7337b95036a66cda0095aa4413f7e3243bd9 --- .werks/4766 | 18 +++++++++++ inventory/snmp_extended_info | 27 +++++++++++++--- web/plugins/views/inventory.py | 73 ++++++++++++++++++++++++++++++++++-------- 3 files changed, 100 insertions(+), 18 deletions(-) Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=95741b2fec…

7 years

Improved error handling during building Check_MK trusted CA bundle

by Lars Michelsen

Module: check_mk Branch: master Commit: caa59f8f4bb249c7abb51a7d2c7a45c73e5f5916 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=caa59f8f4bb249… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jun 19 15:59:14 2017 +0200 Improved error handling during building Check_MK trusted CA bundle Change-Id: I271da35de907f51c77551118b4e0f50a8f40d231 --- web/htdocs/watolib.py | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py index ccc3b31..436a44e 100644 --- a/web/htdocs/watolib.py +++ b/web/htdocs/watolib.py @@ -422,7 +422,7 @@ class ConfigDomainCACertificates(ConfigDomain): def activate(self): try: - self._update_trusted_cas() + return self._update_trusted_cas() except Exception, e: log_exception() return ["Failed to create trusted CA file '%s': %s" % @@ -430,32 +430,39 @@ class ConfigDomainCACertificates(ConfigDomain): def _update_trusted_cas(self): - trusted_cas = [] + trusted_cas, errors = [], [] if config.trusted_certificate_authorities["use_system_wide_cas"]: - trusted_cas += self._get_system_wide_trusted_ca_certificates() + trusted, errors = self._get_system_wide_trusted_ca_certificates() + trusted_cas += trusted trusted_cas += config.trusted_certificate_authorities["trusted_cas"] store.save_file(self.trusted_cas_file, "\n".join(trusted_cas)) + return errors def _get_system_wide_trusted_ca_certificates(self): - trusted_cas = [] + trusted_cas, errors = [], [] for cert_path in self.system_wide_trusted_ca_search_paths: if not os.path.isdir(cert_path): continue for entry in os.listdir(cert_path): - ext = os.path.splitext(entry)[-1] - if ext != ".pem": - continue + try: + ext = os.path.splitext(entry)[-1] + if ext != ".pem": + continue - trusted_cas.append(file(os.path.join(cert_path, entry)).read()) + trusted_cas.append(file(os.path.join(cert_path, entry)).read()) + except IOError: + log_exception() + errors.append("Failed to add certificate '%s' to trusted CA certificates. " + "See web.log for details." % os.path.join(cert_path, entry)) break - return trusted_cas + return trusted_cas, errors #. # .--Hosts & Folders-----------------------------------------------------.

7 years

4764 FIX Fixed internal automation error handling when syncing with 1.2.8 or older

by Lars Michelsen

Module: check_mk Branch: master Commit: b8346d971e58f2c6cb8a949f57ae651dca3897b9 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b8346d971e58f2… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jun 19 17:21:14 2017 +0200 4764 FIX Fixed internal automation error handling when syncing with 1.2.8 or older Some "internal automation error" messages were not displayed correctly in the activation dialog when an error occured. Change-Id: I6ed1ffb7525a6349c882120fa759b4df14c5db66 --- .werks/4764 | 12 ++++++++++++ web/htdocs/watolib.py | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/.werks/4764 b/.werks/4764 new file mode 100644 index 0000000..23fc765 --- /dev/null +++ b/.werks/4764 @@ -0,0 +1,12 @@ +Title: Fixed internal automation error handling when syncing with 1.2.8 or older +Level: 1 +Component: wato +Class: fix +Compatible: compat +Edition: cre +State: unknown +Version: 1.5.0i1 +Date: 1497885615 + +Some "internal automation error" messages were not displayed correctly in the +activation dialog when an error occured. diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py index bddd9f7..ef8aed4 100644 --- a/web/htdocs/watolib.py +++ b/web/htdocs/watolib.py @@ -5213,6 +5213,12 @@ class ActivateChangesSite(multiprocessing.Process, ActivateChanges): try: cmk_configuration_warnings = ast.literal_eval(response_text) + + # In case of an exception it returns a str/unicode message. Wrap the + # message in a list to be compatible to regular response + if type(cmk_configuration_warnings) in [ str, unicode ]: + cmk_configuration_warnings = [ cmk_configuration_warnings ] + return { "check_mk": cmk_configuration_warnings }

7 years

Trusted CA certificates: Also read .crt files from cert dirs;

by Lars Michelsen

Prevent duplicate CA entries Message-ID: <5947ee4e.h2dohNJCosc4bbcJ%lm(a)mathias-kettner.de> User-Agent: Heirloom mailx 12.5 6/20/10 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Module: check_mk Branch: master Commit: 69d64f4d95a6c7c9e0db4b4bbcd9a5fa40dc17c3 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=69d64f4d95a6c7… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Jun 19 16:51:25 2017 +0200 Trusted CA certificates: Also read .crt files from cert dirs; Prevent duplicate CA entries Change-Id: I7d5f05cc40cad4ca5918dabfa5891db199ad8c69 --- web/htdocs/watolib.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py index 436a44e..bddd9f7 100644 --- a/web/htdocs/watolib.py +++ b/web/htdocs/watolib.py @@ -412,6 +412,9 @@ class ConfigDomainCACertificates(ConfigDomain): "/etc/pki/tls/certs", # CentOS/RedHat ] + _PEM_RE = re.compile( + b"-----BEGIN CERTIFICATE-----\r?.+?\r?-----END CERTIFICATE-----\r?\n?""", re.DOTALL) + def config_dir(self): return multisite_dir @@ -443,7 +446,7 @@ class ConfigDomainCACertificates(ConfigDomain): def _get_system_wide_trusted_ca_certificates(self): - trusted_cas, errors = [], [] + trusted_cas, errors = set([]), [] for cert_path in self.system_wide_trusted_ca_search_paths: if not os.path.isdir(cert_path): continue @@ -451,10 +454,10 @@ class ConfigDomainCACertificates(ConfigDomain): for entry in os.listdir(cert_path): try: ext = os.path.splitext(entry)[-1] - if ext != ".pem": + if ext not in [ ".pem", ".crt" ]: continue - trusted_cas.append(file(os.path.join(cert_path, entry)).read()) + trusted_cas.update(self._get_certificates_from_file(os.path.join(cert_path, entry))) except IOError: log_exception() errors.append("Failed to add certificate '%s' to trusted CA certificates. " @@ -462,7 +465,12 @@ class ConfigDomainCACertificates(ConfigDomain): break - return trusted_cas, errors + return list(trusted_cas), errors + + def _get_certificates_from_file(self, path): + return [ match.group(0) for match in self._PEM_RE.finditer(open(path).read()) ] + + #. # .--Hosts & Folders-----------------------------------------------------.

7 years

← Newer
1
...
10
11
12
13
14
15
16
...
27
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits June 2017