Module: check_mk
Branch: master
Commit: 533ac11c4dec5c6638a1ad074de6d65f9ade39b6
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=533ac11c4dec5c…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Sep 4 10:04:57 2017 +0200
5175 Livestatus TCP: Can now be restricted to specific IP addresses
When enabling livestatus access via TCP (via "omd config" or the WATO site management)
it is now possible to restrict the access to a set of client IP addresses.
The new option has been added to the global setting "Access to Livestatus via TCP" which
then sets the "omd config" option LIVESTATUS_TCP_ONLY_FROM.
Change-Id: I238afd2080025659129ff67564f9d9378a0c82a3
---
.werks/5175 | 14 ++++++
.../mk-livestatus/LIVESTATUS_TCP_ONLY_FROM.hook | 25 ++++++++++
web/htdocs/watolib.py | 56 ++++++++++++++--------
web/plugins/wato/omd_configuration.py | 25 ++++++++--
4 files changed, 96 insertions(+), 24 deletions(-)
diff --git a/.werks/5175 b/.werks/5175
new file mode 100644
index 0000000..bfad5d2
--- /dev/null
+++ b/.werks/5175
@@ -0,0 +1,14 @@
+Title: Livestatus TCP: Can now be restricted to specific IP addresses
+Level: 2
+Component: omd
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1504512154
+Class: feature
+
+When enabling livestatus access via TCP (via "omd config" or the WATO site management)
+it is now possible to restrict the access to a set of client IP addresses.
+
+The new option has been added to the global setting "Access to Livestatus via TCP" which
+then sets the "omd config" option LIVESTATUS_TCP_ONLY_FROM.
diff --git a/omd/packages/mk-livestatus/LIVESTATUS_TCP_ONLY_FROM.hook b/omd/packages/mk-livestatus/LIVESTATUS_TCP_ONLY_FROM.hook
new file mode 100755
index 0000000..7efa9ba
--- /dev/null
+++ b/omd/packages/mk-livestatus/LIVESTATUS_TCP_ONLY_FROM.hook
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Alias: Restrict livestatus port to IP addresses
+# Menu: Distributed Monitoring
+# Description:
+# If Livestatus is configured to listen on a TCP port, you
+# can configure the IP addresses that are allowed to
+# connect to livestatus here. The setting 0.0.0.0 makes the
+# port available to all clients.
+
+case "$1" in
+ default)
+ echo "0.0.0.0"
+ ;;
+ choices)
+ echo "(?:(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})(/[0-9]{1,2})?\s?)+"
+ ;;
+ set)
+ sed -ri "s@#?([[:space:]]*only_from[[:space:]]*=[[:space:]]*)(.*)@\1$2@" $OMD_ROOT/etc/mk-livestatus/xinetd.conf
+ ;;
+ depends)
+ [ "$CONFIG_CORE" != none -a "$CONFIG_LIVESTATUS_TCP" = on ]
+ ;;
+esac
+
diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py
index 5098ac6..9f24526 100644
--- a/web/htdocs/watolib.py
+++ b/web/htdocs/watolib.py
@@ -655,16 +655,25 @@ class ConfigDomainOMD(ConfigDomain):
else:
settings[key] = value
- for toggle_key, port_key in [
- ("LIVESTATUS_TCP", "LIVESTATUS_TCP_PORT"),
- ("NSCA", "NSCA_TCP_PORT")
- ]:
-
- if toggle_key in settings:
- if settings[toggle_key]:
- settings[toggle_key] = int(settings[port_key])
- else:
- settings[toggle_key] = None
+ if "LIVESTATUS_TCP" in settings:
+ if settings["LIVESTATUS_TCP"]:
+ settings["LIVESTATUS_TCP"] = {
+ "port": int(settings["LIVESTATUS_TCP_PORT"])
+ }
+ del settings["LIVESTATUS_TCP_PORT"]
+
+ if settings["LIVESTATUS_TCP_ONLY_FROM"] != "0.0.0.0":
+ settings["LIVESTATUS_TCP"]["only_from"] = settings["LIVESTATUS_TCP_ONLY_FROM"].split()
+
+ del settings["LIVESTATUS_TCP_ONLY_FROM"]
+ else:
+ settings["LIVESTATUS_TCP"] = None
+
+ if "NSCA" in settings:
+ if settings["NSCA"]:
+ settings["NSCA"] = int(settings["NSCA_TCP_PORT"])
+ else:
+ settings["NSCA"] = None
if "MKEVENTD" in settings:
if settings["MKEVENTD"]:
@@ -684,16 +693,25 @@ class ConfigDomainOMD(ConfigDomain):
def _to_omd_config(self, config):
settings = {}
- for toggle_key, port_key in [
- ("LIVESTATUS_TCP", "LIVESTATUS_TCP_PORT"),
- ("NSCA", "NSCA_TCP_PORT")
- ]:
- if toggle_key in config:
- if config[toggle_key] is not None:
- config[port_key] = "%s" % config[toggle_key]
- config[toggle_key] = "on"
+ if "LIVESTATUS_TCP" in config:
+ if config["LIVESTATUS_TCP"] is not None:
+ config["LIVESTATUS_TCP_PORT"] = "%s" % config["LIVESTATUS_TCP"]["port"]
+
+ if "only_from" in config["LIVESTATUS_TCP"]:
+ config["LIVESTATUS_TCP_ONLY_FROM"] = " ".join(config["LIVESTATUS_TCP"]["only_from"])
else:
- config[toggle_key] = "off"
+ config["LIVESTATUS_TCP_ONLY_FROM"] = "0.0.0.0"
+
+ config["LIVESTATUS_TCP"] = "on"
+ else:
+ config["LIVESTATUS_TCP"] = "off"
+
+ if "NSCA" in config:
+ if config["NSCA"] is not None:
+ config["NSCA_TCP_PORT"] = "%s" % config["NSCA"]
+ config["NSCA"] = "on"
+ else:
+ config["NSCA"] = "off"
if "MKEVENTD" in config:
if config["MKEVENTD"] is not None:
diff --git a/web/plugins/wato/omd_configuration.py b/web/plugins/wato/omd_configuration.py
index a8d2fed..c7b3937 100644
--- a/web/plugins/wato/omd_configuration.py
+++ b/web/plugins/wato/omd_configuration.py
@@ -83,11 +83,26 @@ register_configvar(group,
register_configvar(group,
"LIVESTATUS_TCP",
Optional(
- Integer(
- title = _("Port number"),
- minvalue = 1,
- maxvalue = 65535,
- default_value = 6557,
+ Dictionary(
+ elements = [
+ ("port", Integer(
+ title = _("TCP port"),
+ minvalue = 1,
+ maxvalue = 65535,
+ default_value = 6557,
+ )),
+ ("only_from", ListOfStrings(
+ title = _("Restrict access to IP addresses"),
+ help = _("The access to Livestatus via TCP will only be allowed from the "
+ "configured source IP addresses. You can either configure specific "
+ "IP addresses or networks in the syntax <tt>10.3.3.0/24</tt>."),
+
+ valuespec = IPv4Network(),
+ orientation = "horizontal",
+ allow_empty = False,
+ )),
+ ],
+ optional_keys = [ "only_from" ],
),
title = _("Access to Livestatus via TCP"),
help = _("Check_MK Livestatus usually listens only on a local UNIX socket - "
Module: check_mk
Branch: master
Commit: 8184d4b4808da25203cf348aff6a3693b36a019c
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8184d4b4808da2…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Sep 1 18:05:48 2017 +0200
Removed deprecated stuff from APACHE_MODE config hook
Change-Id: I1343a6a8432488eec156dd725d3aa1804da8b7ca
---
omd/packages/omd/APACHE_MODE.hook | 9 +--------
1 file changed, 1 insertion(+), 8 deletions(-)
diff --git a/omd/packages/omd/APACHE_MODE.hook b/omd/packages/omd/APACHE_MODE.hook
index da2f368..48f3edb 100755
--- a/omd/packages/omd/APACHE_MODE.hook
+++ b/omd/packages/omd/APACHE_MODE.hook
@@ -16,14 +16,7 @@ case "$1" in
if [ ! -z "$CONFIG_WEBSERVER" ]; then
echo "$CONFIG_WEBSERVER"
else
- # SLES 10 uses the shared mode by default because the available
- # version of mod_proxy does not support the ProxyPass directives
- # which are needed by the "own" mode.
- if grep DISTRO_CODE $OMD_ROOT/share/omd/distro.info 2>/dev/null | grep sles10 >/dev/null 2>&1; then
- echo "shared"
- else
- echo "own";
- fi
+ echo "own";
fi
;;
choices)
Module: check_mk
Branch: master
Commit: f68571e72dfa79059e971d45d1e17313a3f12603
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f68571e72dfa79…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Sep 1 15:39:36 2017 +0200
5173 Major OMD config options can now be set via WATO global settings
The OMD configuration options that are used to configure basic aspects of
the Check_MK sites can now be configured via WATO. The settings are available
via "WATO > Global settings > Site Management".
These settings are activated during regular activate changes similar to the
other configuration settings.
It is also possible to set site specific option via the site specific global
settings.
Change-Id: I96170c15c7852e906e754902e75eef69b7c5dbea
---
.werks/5173 | 18 +++
omd/packages/apache-omd/skel/etc/init.d/apache | 10 +-
omd/packages/omd/omd | 57 ++++++++
web/htdocs/js/wato.js | 29 ++--
web/htdocs/log.py | 2 +
web/htdocs/watolib.py | 185 +++++++++++++++++++++++++
web/plugins/wato/omd_configuration.py | 132 +++++++++++++++++-
7 files changed, 421 insertions(+), 12 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=f68571e72d…
Module: check_mk
Branch: master
Commit: 3462e182cbc80434f63b4bc1fc134258682df3da
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3462e182cbc804…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Aug 1 10:46:10 2017 +0200
5049 omd config: New mode "change" for bulk changing config options
It is now possible to change multiple configuration settings via command
line using the command "omd config change". This can be used like this:
echo -e "CORE=cmc\nAUTOSTART=on" | omd config change
The site is restarted automatically once in case it's currently runnig.
Change-Id: I5f13d6a0505a967622501937f7738f591028d808
---
.werks/5049 | 15 +++++++++++++++
omd/packages/omd/omd | 9 ++++++++-
omd/packages/omd/omd.8 | 14 +++++++++++++-
3 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/.werks/5049 b/.werks/5049
new file mode 100644
index 0000000..c83cdca
--- /dev/null
+++ b/.werks/5049
@@ -0,0 +1,15 @@
+Title: omd config: New mode "change" for bulk changing config options
+Level: 1
+Component: omd
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1501577104
+Class: feature
+
+It is now possible to change multiple configuration settings via command
+line using the command "omd config change". This can be used like this:
+
+echo -e "CORE=cmc\nAUTOSTART=on" | omd config change
+
+The site is restarted automatically once in case it's currently runnig.
diff --git a/omd/packages/omd/omd b/omd/packages/omd/omd
index 95c1e19..cbf591f 100644
--- a/omd/packages/omd/omd
+++ b/omd/packages/omd/omd
@@ -1960,7 +1960,11 @@ def config_change():
def read_config_change_commands():
settings = []
- for line in sys.stdin.read():
+ for l in sys.stdin:
+ line = l.strip()
+ if not line:
+ continue
+
try:
key, value = line.split("=", 1)
settings.append((key, value))
@@ -2065,6 +2069,9 @@ omd config - interactive configuration menu
omd config show - show current settings of all configuration variables
omd config show VAR - show current setting of variable VAR
omd config set VAR VALUE - set VAR to VALUE
+omd config change - change multiple at once. Provide newline separated
+ KEY=value pairs via stdin. The site is restarted
+ automatically once in case it's currently runnig.
""")
def config_show(args):
diff --git a/omd/packages/omd/omd.8 b/omd/packages/omd/omd.8
index 29a0d6e..892191b 100644
--- a/omd/packages/omd/omd.8
+++ b/omd/packages/omd/omd.8
@@ -316,7 +316,7 @@ format.
If you add the option \fB--auto\fP then only the status of those sites will
be displayed, that are set to {AUTOSTART} = {on}.
.TP
-.B omd config [-f, --force] [SITE] [set|show] [VARIABLE] [VALUE]
+.B omd config [-f, --force] [SITE] [set|show|change] [VARIABLE] [VALUE]
This command is used to view and change the configuration of a site. Each
site has a list of configuration variables. Those variables configure
how the addons of the site should work together. Optional addons can be
@@ -341,6 +341,18 @@ The option \fB--force\fP will automatically stop the site in case
it is running before the config change is done and start it afterwards
again.
+In addition to \fBomd config set\fP there is this option to set multiple
+variables at once:
+
+\fBomd config [SITE] change\fP
+
+To change configuration options, you need to provide newline separated
+KEY=value pairs via stdin, for example like this:
+
+\fBecho -e "CORE=cmc\\nAUTOSTART=on" | omd config change\fP
+
+The site is restarted automatically once in case it's currently runnig.
+
.TP
.B omd [-v] diff [RELBASE] [-b, --bare]
Shows the differences of files in the current site compared to the files
Module: check_mk
Branch: master
Commit: dbb5d6103cf6b2720c3795cf2820f593b1eac85d
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=dbb5d6103cf6b2…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Sep 1 13:38:16 2017 +0200
5171 FIX Removed DEFAULT_GUI config
Removed the DEFAULT_GUI configuration option from "omd config". It was meant to switch
between different available GUIs in original OMD. In the current Check_MK packages only
a single GUI is supported, that is the Check_MK default GUI. It is now enabled for all
Check_MK sites.
This change made some small performance improvements regarding the initial HTTP redirects
possible. In case you acces http://host/[site]/ two redirects were made in the past. This
has been reduced to a single redirect.
Change-Id: Ie3d5d9babf71f1d3e4b10f296f1714a5c5c76407
---
.werks/5171 | 17 ++
omd/packages/omd/DEFAULT_GUI.hook | 26 ---
omd/packages/omd/Makefile | 2 -
omd/packages/omd/img/check_mk-small.png | Bin 54928 -> 0 bytes
omd/packages/omd/img/icinga-small.png | Bin 39936 -> 0 bytes
omd/packages/omd/img/nagios-small.png | Bin 22008 -> 0 bytes
omd/packages/omd/img/nagvis-small.png | Bin 5800 -> 0 bytes
omd/packages/omd/img/pnp4nagios-small.png | Bin 64996 -> 0 bytes
omd/packages/omd/img/shinken-small.png | Bin 15197 -> 0 bytes
omd/packages/omd/img/thruk-small.png | Bin 36316 -> 0 bytes
omd/packages/omd/img/wiki-small.png | Bin 34066 -> 0 bytes
omd/packages/omd/index.py | 212 +----------------------
omd/packages/omd/skel/etc/apache/conf.d/omd.conf | 11 +-
13 files changed, 24 insertions(+), 244 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=dbb5d6103c…
Module: check_mk
Branch: master
Commit: 61c6031197ea679dc62455c8da088e7921baf00f
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=61c6031197ea67…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Sep 1 13:18:32 2017 +0200
5170 FIX Removed TMPFS config hook
The "omd config" setting TMPFS, which could be used to disable the ramdisk that is mounted
below /omd/sites/[site]/tmp, has been removed now. The option was added for rare situations
where you could not create/mount ramdisks via tmpfs.
Because not using a tmpfs could result in loss of performance we remove this setting now. In
case you really need sites without tmpfs, please let us know.
Change-Id: Ie2f06a5a3ac55f20d8f7c2a46080b3d724695712
---
.werks/5170 | 15 +++++++++++++++
omd/packages/omd/TMPFS.hook | 25 -------------------------
omd/packages/omd/omd | 32 +++++++++-----------------------
3 files changed, 24 insertions(+), 48 deletions(-)
diff --git a/.werks/5170 b/.werks/5170
new file mode 100644
index 0000000..d3f2e04
--- /dev/null
+++ b/.werks/5170
@@ -0,0 +1,15 @@
+Title: Removed TMPFS config hook
+Level: 1
+Component: omd
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1504264521
+Class: fix
+
+The "omd config" setting TMPFS, which could be used to disable the ramdisk that is mounted
+below /omd/sites/[site]/tmp, has been removed now. The option was added for rare situations
+where you could not create/mount ramdisks via tmpfs.
+
+Because not using a tmpfs could result in loss of performance we remove this setting now. In
+case you really need sites without tmpfs, please let us know.
diff --git a/omd/packages/omd/TMPFS.hook b/omd/packages/omd/TMPFS.hook
deleted file mode 100755
index 350221d..0000000
--- a/omd/packages/omd/TMPFS.hook
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-
-# Alias: Use a ramdisk for temporary files
-# Menu: Basic
-# This settings decides, wether this site uses a ramdisk for
-# temporary files. Using a ramdisk reduces disk IO produced
-# during monitoring dramatically. It is highly recommended to
-# leave this option enabled. Only disable this if you really
-# need to.
-
-case "$1" in
- default)
- echo "on"
- ;;
- choices)
- echo "on: Use a ramdisk for temporary files"
- echo "off: Do not use a ramdisk within this site"
- ;;
- set)
- # Unmount the tmpfs when it was mounted before
- if [ "$2" == "off" ]; then
- omd umount
- fi
- ;;
-esac
diff --git a/omd/packages/omd/omd b/omd/packages/omd/omd
index 00bd200..cca5b31 100644
--- a/omd/packages/omd/omd
+++ b/omd/packages/omd/omd
@@ -1514,30 +1514,16 @@ def tmpfs_mounted(sitename):
def prepare_and_populate_tmpfs(sitename):
tmp = tmp_dir(sitename)
- # Only try to mount the tmpfs if it is enabled for this site
- # When not using the tmpfs the tmp/ hierarchy needs to be
- # to be populated like the tmpfs afterwards.
- if g_site_conf["TMPFS"] == "on":
- if tmpfs_mounted(sitename):
- return
-
- sys.stdout.write("Creating temporary filesystem %s..." % tmp)
- sys.stdout.flush()
- if not os.path.exists(tmp):
- os.mkdir(tmp)
- if 0 != os.system("mount %s '%s'" % (g_info["MOUNT_OPTIONS"], tmp) ):
- sys.stdout.write(tty_error + "\n")
- return
- else:
- # Skip initializing when either the tmp dir does not exist
- # and the site is not totally stopped
- if os.path.exists(tmp) and not site_is_stopped(sitename):
- return
+ if tmpfs_mounted(sitename):
+ return
- sys.stdout.write("Preparing tmp directory %s..." % tmp)
- sys.stdout.flush()
- if not os.path.exists(tmp):
- os.mkdir(tmp)
+ sys.stdout.write("Creating temporary filesystem %s..." % tmp)
+ sys.stdout.flush()
+ if not os.path.exists(tmp):
+ os.mkdir(tmp)
+ if 0 != os.system("mount %s '%s'" % (g_info["MOUNT_OPTIONS"], tmp) ):
+ sys.stdout.write(tty_error + "\n")
+ return
create_skeleton_files(sitename, "tmp")
chown_tree(tmp, sitename)