Checkmk git commits September 2018

checkmk-commits@lists.checkmk.com

12 participants
371 discussions

4682 SEC Add permission "Can add or modify executables" to be able to fine tune access rights

by Lars Michelsen

Module: check_mk Branch: master Commit: ab88f7a4712416e2569eb60819164b69269423d4 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=ab88f7a4712416… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon May 15 15:20:20 2017 +0200 4682 SEC Add permission "Can add or modify executables" to be able to fine tune access rights It is now possible to explicitly allow/deny users of WATO to add or modify executables. This done with the new permission Can add or modify executables. By default only users with the role Administrator have this permission. There are different places in Check_MK where an admin, the user of the configuration GUI, can use the GUI to add executable code to Check_MK. For example when configuring datasource programs, the user inserts a command line for gathering monitoring data. This command line is then executed during monitoring by Check_MK. Another example is the upload of extension packages (MKPs). These functions have in common that the user provides data that is executed by Check_MK later in the context of Check_MK. If you want to ensure that your WATO users can not "inject" arbitrary executables into your Check_MK installation, you only need to revoke this permission. This permission is needed in addition to the other component related permissions. For example you need the <tt>wato.rulesets</tt> permission together with the new permission to be able to configure rulesets where bare command lines are configured. These things are protected by the new permission at the moment: <ul> <li>Ruleset: Classical active and passive monitoring checks</li> <li>Ruleset: Datasource programs</li> <li>Ruleset: Configuring custom host check command</li> <li>Host diagnostic page: Setting arbritary command line as datasource program</li> <li>Configure event console actions</li> <li> Incompatible: User with the role Users are allowed to edit rulesets for the WATO folders they are permitted on. In previous versions they were also able to insert arbitrary commands into the rulesets mentioned above. This has now been removed (by default) for security reasons. If you still need this functionality, you need to set the new permission to yes for this role. CMK-963 Change-Id: Ic52c52e53b8cbd10c8f2af064559ff0bed9b41c7 --- cmk/gui/wato/__init__.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cmk/gui/wato/__init__.py b/cmk/gui/wato/__init__.py index 86b72d0..4413e06 100644 --- a/cmk/gui/wato/__init__.py +++ b/cmk/gui/wato/__init__.py @@ -15178,13 +15178,13 @@ def load_plugins(force): config.declare_permission("wato.add_or_modify_executables", _("Can add or modify executables"), - _("There are different places in Check_MK where an admin, the user of the configuration " - "GUI, can use the GUI to add executable code to Check_MK. For example when configuring " + _("There are different places in Check_MK where an admin can use the GUI to add " + "executable code to Check_MK. For example when configuring " "datasource programs, the user inserts a command line for gathering monitoring data. " "This command line is then executed during monitoring by Check_MK. Another example is " "the upload of extension packages (MKPs). All these functions have in " - "common that the user provides data that is executed by Check_MK later. " - "If you want to ensure that your WATO users can not \"inject\" arbitrary executables " + "common that the user provides data that is executed by Check_MK. " + "If you want to ensure that your WATO users cannot \"inject\" arbitrary executables " "into your Check_MK installation, you only need to remove this permission for them. " "This permission is needed in addition to the other component related permissions. " "For example you need the <tt>wato.rulesets</tt> permission together with this "

6 years

6614 SEC Fixed reflected XSS affecting agent updater AJAX calls

by Lars Michelsen

Module: check_mk Branch: master Commit: 0179cfcbf53f595b9703f632958dd0f7e28d5b52 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=0179cfcbf53f59… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Sep 14 08:42:47 2018 +0200 6614 SEC Fixed reflected XSS affecting agent updater AJAX calls When the hostname of a monitored agent is known, this could be used to exploit a reflected XSS vulnerability. Every unauthenticated or authenticated user can issue a request like this. The victim does not have to be authorized on the Check_MK application Change-Id: If81ea745bfd042b647f24f34bf7e90c1dff93a5d --- .werks/6614 | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.werks/6614 b/.werks/6614 new file mode 100644 index 0000000..8a8dd43 --- /dev/null +++ b/.werks/6614 @@ -0,0 +1,13 @@ +Title: Fixed reflected XSS affecting agent updater AJAX calls +Level: 1 +Component: agents +Compatible: compat +Edition: cee +Version: 1.6.0i1 +Date: 1536907287 +Class: security + +When the hostname of a monitored agent is known, this could be used to exploit +a reflected XSS vulnerability. Every unauthenticated or authenticated user can +issue a request like this. The victim does not have to be authorized on the +Check_MK application

6 years

6613 SEC Fixed multiple reflected XSS in affecting sidebar snapin AJAX calls

by Lars Michelsen

Module: check_mk Branch: master Commit: 8d8df2c99afdc9731a0ffc98e2f5c909da366748 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8d8df2c99afdc9… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Sep 14 08:38:30 2018 +0200 6613 SEC Fixed multiple reflected XSS in affecting sidebar snapin AJAX calls Multiple parameters of several snapin AJAX calls were vulnerable to reflected XSS. The speedometer is accessible to all users with at least monitoring privileges. Change-Id: I6ea1d82537d7bf460f8e10104bf1b43ff8af3797 --- .werks/6613 | 12 ++++++++++++ cmk/gui/plugins/sidebar/site_status.py | 1 + cmk/gui/plugins/sidebar/speedometer.py | 1 + cmk/gui/plugins/sidebar/virtual_host_tree.py | 2 ++ cmk/gui/sidebar.py | 6 ++++++ 5 files changed, 22 insertions(+) diff --git a/.werks/6613 b/.werks/6613 new file mode 100644 index 0000000..f9361e6 --- /dev/null +++ b/.werks/6613 @@ -0,0 +1,12 @@ +Title: Fixed multiple reflected XSS in affecting sidebar snapin AJAX calls +Level: 1 +Component: multisite +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536907071 +Class: security + +Multiple parameters of several snapin AJAX calls were vulnerable to reflected +XSS. The speedometer is accessible to all users with at least monitoring +privileges. diff --git a/cmk/gui/plugins/sidebar/site_status.py b/cmk/gui/plugins/sidebar/site_status.py index 1edfe0a..5b69239 100644 --- a/cmk/gui/plugins/sidebar/site_status.py +++ b/cmk/gui/plugins/sidebar/site_status.py @@ -143,6 +143,7 @@ table.sitestate td.state { def _ajax_switch_site(self): + html.set_output_format("json") # _site_switch=sitename1:on,sitename2:off,... if not config.user.may("sidesnap.sitestatus"): return diff --git a/cmk/gui/plugins/sidebar/speedometer.py b/cmk/gui/plugins/sidebar/speedometer.py index 084f8ff..317cc97 100644 --- a/cmk/gui/plugins/sidebar/speedometer.py +++ b/cmk/gui/plugins/sidebar/speedometer.py @@ -199,6 +199,7 @@ canvas#speedometer { def _ajax_speedometer(self): + html.set_output_format("json") try: # Try to get values from last call in order to compute # driftig speedometer-needle and to reuse the scheduled diff --git a/cmk/gui/plugins/sidebar/virtual_host_tree.py b/cmk/gui/plugins/sidebar/virtual_host_tree.py index c06ef05..329e0ce 100644 --- a/cmk/gui/plugins/sidebar/virtual_host_tree.py +++ b/cmk/gui/plugins/sidebar/virtual_host_tree.py @@ -484,6 +484,7 @@ function virtual_host_tree_enter(path) def _ajax_tag_tree(self): + html.set_output_format("json") self._load() new_tree = html.var("tree_id") @@ -497,6 +498,7 @@ function virtual_host_tree_enter(path) # TODO: Validate path in current tree def _ajax_tag_tree_enter(self): + html.set_output_format("json") self._load() path = html.var("path").split("|") if html.var("path") else [] self._cwds[self._current_tree_id] = path diff --git a/cmk/gui/sidebar.py b/cmk/gui/sidebar.py index dd23e93..4eec8f1 100644 --- a/cmk/gui/sidebar.py +++ b/cmk/gui/sidebar.py @@ -590,6 +590,7 @@ def page_side(): @cmk.gui.pages.register("sidebar_snapin") def ajax_snapin(): """Renders and returns the contents of the requested sidebar snapin(s) in JSON format""" + html.set_output_format("json") # Update online state of the user (if enabled) userdb.update_user_access_time(config.user.id) @@ -634,6 +635,7 @@ def ajax_snapin(): @cmk.gui.pages.register("sidebar_fold") def ajax_fold(): + html.set_output_format("json") user_config = UserSidebarConfig(config.user, config.sidebar) user_config.folded = html.var("fold") == "yes" user_config.save() @@ -641,6 +643,7 @@ def ajax_fold(): @cmk.gui.pages.register("sidebar_openclose") def ajax_openclose(): + html.set_output_format("json") if not config.user.may("general.configure_sidebar"): return @@ -666,6 +669,7 @@ def ajax_openclose(): @cmk.gui.pages.register("sidebar_move_snapin") def move_snapin(): + html.set_output_format("json") if not config.user.may("general.configure_sidebar"): return @@ -695,6 +699,7 @@ def ajax_get_messages(): @cmk.gui.pages.register("sidebar_message_read") def ajax_message_read(): + html.set_output_format("json") try: notify.delete_gui_message(html.var('id')) html.write("OK") @@ -845,6 +850,7 @@ class PageAddSnapin(object): # TODO: This is snapin specific. Move this handler to the snapin file @cmk.gui.pages.register("sidebar_ajax_set_snapin_site") def ajax_set_snapin_site(): + html.set_output_format("json") ident = html.var("ident") if ident not in snapin_registry: raise MKUserError(None, _("Invalid ident"))

6 years

6615 SEC Fixed unauthorized access to master control actions

by Lars Michelsen

Module: check_mk Branch: master Commit: 3e586750d45011fca465255518aa90a97935aa0a URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=3e586750d45011… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Fri Sep 14 09:05:09 2018 +0200 6615 SEC Fixed unauthorized access to master control actions As an authenticated guest user it was possible to gain unauthorized access to the master control snapin actions event if it is not possible to open the master control snapin. The vulnerability could be used to disable the complete monitoring or trigger other actions like disabling notifications. Change-Id: Ibc5c9f8b2183cee7444548a3f2e0c7392351dcaa --- .werks/6615 | 13 +++++++++++++ cmk/gui/plugins/sidebar/master_control.py | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/.werks/6615 b/.werks/6615 new file mode 100644 index 0000000..44c6098 --- /dev/null +++ b/.werks/6615 @@ -0,0 +1,13 @@ +Title: Fixed unauthorized access to master control actions +Level: 2 +Component: multisite +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1536908316 +Class: security + +As an authenticated guest user it was possible to gain unauthorized access to +the master control snapin actions event if it is not possible to open the +master control snapin. The vulnerability could be used to disable the complete +monitoring or trigger other actions like disabling notifications. diff --git a/cmk/gui/plugins/sidebar/master_control.py b/cmk/gui/plugins/sidebar/master_control.py index c360f47..319c573 100644 --- a/cmk/gui/plugins/sidebar/master_control.py +++ b/cmk/gui/plugins/sidebar/master_control.py @@ -175,6 +175,11 @@ div.snapin table.master_control td img.iconbutton { def _ajax_switch_masterstate(self): + html.set_output_format("json") + + if not config.user.may("sidesnap.master_control"): + return + site = html.var("site") column = html.var("switch") state = int(html.var("state"))

6 years

msexch_database: minor refactoring of the check_function

by Tom Baerwinkel

Module: check_mk Branch: master Commit: 8e5a38c7734aef88b9016b630c594d82471bf5b4 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8e5a38c7734aef… Author: Tom Baerwinkel <tb(a)mathias-kettner.de> Date: Mon Sep 17 16:49:33 2018 +0200 msexch_database: minor refactoring of the check_function Change-Id: I61e5656d0d693fca1ba34e04680d134287cab600 --- checks/msexch_database | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/checks/msexch_database b/checks/msexch_database index 85571e3..944bddc 100644 --- a/checks/msexch_database +++ b/checks/msexch_database @@ -51,23 +51,24 @@ def inventory_msexch_database(parsed): def check_msexch_database(item, params, parsed): - var_table = [ - ("I/O Database Reads (Attached) Average Latency", "read_attached_latency", "DB read (attached) latency", "db_read_latency"), - ("I/O Database Reads (Recovery) Average Latency", "read_recovery_latency", "DB read (recovery) latency", "db_read_recovery_latency"), - ("I/O Database Writes (Attached) Average Latency", "write_latency", "DB write (attached) latency", "db_write_latency"), - ("I/O Log Writes Average Latency", "log_latency", "Log latency", "db_log_latency") - ] + data = parsed.get(item) + if data is None: + return - if item in parsed: - for counter, setting, name, perfvar in var_table: - value = parsed[item][counter.lower()] - warn, crit = params[setting] - status = 0 - if value >= crit: - status = 2 - elif value >= warn: - status = 1 - yield status, "%.1fms %s" % (value, name), [(perfvar, value, warn, crit)] + for counter, setting, name, perfvar in [ + ("i/o database reads (attached) average latency", "read_attached_latency", "db read (attached) latency", "db_read_latency"), + ("i/o database reads (recovery) average latency", "read_recovery_latency", "db read (recovery) latency", "db_read_recovery_latency"), + ("i/o database writes (attached) average latency", "write_latency", "db write (attached) latency", "db_write_latency"), + ("i/o log writes average latency", "log_latency", "Log latency", "db_log_latency") + ]: + value = data[counter] + warn, crit = params[setting] + status = 0 + if value >= crit: + status = 2 + elif value >= warn: + status = 1 + yield status, "%.1fms %s" % (value, name), [(perfvar, value, warn, crit)] check_info['msexch_database'] = {

6 years

6598 FIX HW/SW Inventory: Do not list plugins on commandline for which the related section is empty

by Simon Betz

Module: check_mk Branch: master Commit: 17fd31635b3ecb418ca25a4153c5abfaaa93495a URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=17fd31635b3ecb… Author: Simon Betz <si(a)mathias-kettner.de> Date: Tue Sep 18 14:25:26 2018 +0200 6598 FIX HW/SW Inventory: Do not list plugins on commandline for which the related section is empty Change-Id: I0333452af31c77eefb8c58d4bf51636ead4d4197 --- .werks/6598 | 10 ++++++++++ cmk_base/inventory.py | 6 ++++++ 2 files changed, 16 insertions(+) diff --git a/.werks/6598 b/.werks/6598 new file mode 100644 index 0000000..023fce1 --- /dev/null +++ b/.werks/6598 @@ -0,0 +1,10 @@ +Title: HW/SW Inventory: Do not list plugins on commandline for which the related section is empty +Level: 1 +Component: inv +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1537273423 +Class: fix + + diff --git a/cmk_base/inventory.py b/cmk_base/inventory.py index 6363a17..2c37116 100644 --- a/cmk_base/inventory.py +++ b/cmk_base/inventory.py @@ -249,6 +249,12 @@ def _do_inv_for_realhost(sources, multi_host_sections, hostname, ipaddress, # Note: this also excludes existing sections without info.. continue + if all([x in [[], {}, None] for x in section_content]): + # Inventory plugins which get parsed info from related + # check plugin may have more than one return value, eg + # parse function of oracle_tablespaces returns ({}, {}) + continue + console.verbose(" %s%s%s%s" % (tty.green, tty.bold, section_name, tty.normal)) # Inventory functions can optionally have a second argument: parameters.

6 years

6599 FIX HW/SW Inventory: Only count the real entries

by Simon Betz

Module: check_mk Branch: master Commit: 12e233d0dbfe4d1f0efc5f1a12c80fe33993d1de URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=12e233d0dbfe4d… Author: Simon Betz <si(a)mathias-kettner.de> Date: Tue Sep 18 15:50:19 2018 +0200 6599 FIX HW/SW Inventory: Only count the real entries The active check {{Check_MK HW/SW Inventory}}, the inventory history and the shell commands <tt>cmk -vi</tt> and <tt>cmk -vii</tt> show the number of found entries. This number also includes the amount of nodes. Example: <tt>Hardware > System > Family: Thinkpad</tt> gives 3 entries. This may be confusing. Now only the real entries are counted. Example: <tt>Hardware > System > Family: Thinkpad</tt> gives 1 entry. Change-Id: I3c9e2c218ee6a4f12f4a2d82f67711cea5517881 --- .werks/6599 | 20 ++++++++++++++++++++ cmk/structured_data.py | 6 +++--- cmk_base/inventory.py | 2 +- .../unit/cmk/structured_data/test_structured_data.py | 6 +++--- 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/.werks/6599 b/.werks/6599 new file mode 100644 index 0000000..a10c047 --- /dev/null +++ b/.werks/6599 @@ -0,0 +1,20 @@ +Title: HW/SW Inventory: Only count the real entries +Level: 1 +Component: inv +Class: fix +Compatible: compat +Edition: cre +State: unknown +Version: 1.6.0i1 +Date: 1537278111 + +The active check {{Check_MK HW/SW Inventory}}, the +inventory history and the shell commands <tt>cmk -vi</tt> +and <tt>cmk -vii</tt> show the number of found entries. +This number also includes the amount of nodes. Example: +<tt>Hardware > System > Family: Thinkpad</tt> +gives 3 entries. This may be confusing. + +Now only the real entries are counted. Example: +<tt>Hardware > System > Family: Thinkpad</tt> +gives 1 entry. diff --git a/cmk/structured_data.py b/cmk/structured_data.py index 1155342..dea409d 100644 --- a/cmk/structured_data.py +++ b/cmk/structured_data.py @@ -412,7 +412,7 @@ class Container(NodeAttribute): def count_entries(self): - return 1 + sum([child.count_entries() for _, __, child in self.get_children()]) + return sum([child.count_entries() for _, __, child in self.get_children()]) def compare_with(self, old, keep_identical=False): @@ -769,7 +769,7 @@ class Numeration(Leaf): def count_entries(self): - return 1 + sum(map(len, self._numeration)) + return sum(map(len, self._numeration)) def compare_with(self, old, keep_identical=False): @@ -991,7 +991,7 @@ class Attributes(Leaf): def count_entries(self): - return 1 + len(self._attributes) + return len(self._attributes) def compare_with(self, old, keep_identical=False): diff --git a/cmk_base/inventory.py b/cmk_base/inventory.py index f58fe0d..6363a17 100644 --- a/cmk_base/inventory.py +++ b/cmk_base/inventory.py @@ -193,8 +193,8 @@ def _do_inv_for(sources, multi_host_sections, hostname, ipaddress, do_status_dat console.section_success("Found %s%s%d%s inventory entries" % (tty.bold, tty.yellow, inventory_tree.count_entries(), tty.normal)) + status_data_tree.normalize_nodes() if do_status_data_inv: - status_data_tree.normalize_nodes() _save_status_data_tree(hostname, status_data_tree) console.section_success("Found %s%s%d%s status entries" % diff --git a/tests/unit/cmk/structured_data/test_structured_data.py b/tests/unit/cmk/structured_data/test_structured_data.py index 4a9fbca..14fc040 100644 --- a/tests/unit/cmk/structured_data/test_structured_data.py +++ b/tests/unit/cmk/structured_data/test_structured_data.py @@ -142,7 +142,7 @@ def test_structured_data_NodeAttribute_is_equal(na_x, na_y): @pytest.mark.parametrize("node_attribute,result", zip( node_attributes, - [12, 24] + [0, 12] )) def test_structured_data_NodeAttribute_count_entries(node_attribute, result): assert node_attribute.count_entries() == result @@ -353,8 +353,8 @@ def test_structured_data_StructuredDataTree_is_equal_save_and_load(tree, tmpdir) @pytest.mark.parametrize("tree,result", zip( trees, - [33, 12, 19, 6304, 5, 16676, - 35, 11, 19, 6205, 5, 16675,] + [21, 9, 10, 6284, 2, 16654, + 23, 8, 10, 6185, 2, 16653,] )) def test_structured_data_StructuredDataTree_count_entries(tree, result): assert tree.count_entries() == result

6 years

6596 FIX Do status data inventory: Check "HW/SW Inventory" and shell commands behave the same way

by Simon Betz

Module: check_mk Branch: master Commit: e2ff95cf65ce2088ced8b6b47f481276cb25b743 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=e2ff95cf65ce20… Author: Simon Betz <si(a)mathias-kettner.de> Date: Tue Sep 18 13:38:06 2018 +0200 6596 FIX Do status data inventory: Check "HW/SW Inventory" and shell commands behave the same way If <tt>Status data inventory</tt> is enabled in the ruleset <tt>Do hardware/software Inventory</tt> the active check <tt>Check_MK HW/SW Inventory</tt> and the shell commands <tt>cmk -vii</tt> and <tt>cmk -v</tt> behave the same way. Change-Id: I41016a6491549d166b77991c7fc3ae01f4608994 --- .werks/6596 | 16 ++++++++++++++++ cmk_base/inventory.py | 25 ++++++++++++++----------- 2 files changed, 30 insertions(+), 11 deletions(-) diff --git a/.werks/6596 b/.werks/6596 new file mode 100644 index 0000000..08846d5 --- /dev/null +++ b/.werks/6596 @@ -0,0 +1,16 @@ +Title: Do status data inventory: Check "HW/SW Inventory" and shell commands behave the same way +Level: 1 +Component: checks +Compatible: compat +Edition: cre +Version: 1.6.0i1 +Date: 1537270279 +Class: fix + +If <tt>Status data inventory</tt> is enabled in the ruleset +<tt>Do hardware/software Inventory</tt> the active check +<tt>Check_MK HW/SW Inventory</tt> and the shell commands +<tt>cmk -vii</tt> and <tt>cmk -vi</tt> behave the same way. + +The same result should also be displayed if <tt>cmk -v</tt> +is executed if <tt>Status data inventory</tt> is enabled. diff --git a/cmk_base/inventory.py b/cmk_base/inventory.py index a368510..f58fe0d 100644 --- a/cmk_base/inventory.py +++ b/cmk_base/inventory.py @@ -83,7 +83,8 @@ def do_inv(hostnames): ipaddress = ip_lookup.lookup_ip_address(hostname) sources = data_sources.DataSources(hostname, ipaddress) - do_inv_for(sources, multi_host_sections=None, hostname=hostname, ipaddress=ipaddress) + _do_inv_for(sources, multi_host_sections=None, hostname=hostname, ipaddress=ipaddress, + do_status_data_inv=config.do_status_data_inventory_for(hostname)) except Exception, e: if cmk.debug.enabled(): raise @@ -108,8 +109,10 @@ def do_inv_check(hostname, options): status, infotexts, long_infotexts, perfdata = 0, [], [], [] sources = data_sources.DataSources(hostname, ipaddress) - old_timestamp, inventory_tree, status_data_tree = do_inv_for(sources, multi_host_sections=None, - hostname=hostname, ipaddress=ipaddress) + old_timestamp, inventory_tree, status_data_tree =\ + _do_inv_for(sources, multi_host_sections=None, + hostname=hostname, ipaddress=ipaddress, + do_status_data_inv=config.do_status_data_inventory_for(hostname)) if inventory_tree.is_empty() and status_data_tree.is_empty(): infotexts.append("Found no data") @@ -157,17 +160,18 @@ def do_status_data_inventory(sources, multi_host_sections, hostname, ipaddress): import cmk_base.inventory_plugins as inventory_plugins # cmk_base/modes/check_mk.py loads check plugins but not inventory plugins do_inv = False + section_names = multi_host_sections.get_host_sections().get((hostname, ipaddress)).sections.keys() inventory_plugins.load_plugins(check_api.get_check_api_context, get_inventory_context) - for plugin in inventory_plugins.inv_info.values(): - if plugin.get("has_status_data"): + for plugin_name, plugin in inventory_plugins.inv_info.iteritems(): + if plugin_name in section_names and plugin.get("has_status_data"): do_inv = True break if do_inv: - do_inv_for(sources, multi_host_sections=multi_host_sections, hostname=hostname, - ipaddress=ipaddress, do_status_data_inventory=True) + _do_inv_for(sources, multi_host_sections=multi_host_sections, hostname=hostname, + ipaddress=ipaddress, do_status_data_inv=True) -def do_inv_for(sources, multi_host_sections, hostname, ipaddress, do_status_data_inventory=False): +def _do_inv_for(sources, multi_host_sections, hostname, ipaddress, do_status_data_inv): _initialize_inventory_tree() inventory_tree = g_inv_tree status_data_tree = StructuredDataTree() @@ -189,7 +193,7 @@ def do_inv_for(sources, multi_host_sections, hostname, ipaddress, do_status_data console.section_success("Found %s%s%d%s inventory entries" % (tty.bold, tty.yellow, inventory_tree.count_entries(), tty.normal)) - if do_status_data_inventory: + if do_status_data_inv: status_data_tree.normalize_nodes() _save_status_data_tree(hostname, status_data_tree) @@ -219,7 +223,7 @@ def _do_inv_for_realhost(sources, multi_host_sections, hostname, ipaddress, source.set_check_plugin_name_filter(_gather_snmp_check_plugin_names_inventory) if multi_host_sections is not None: # Status data inventory already provides filled multi_host_sections object. - # SNMP data source: If do_status_data_inventory is enabled there may be + # SNMP data source: If 'do_status_data_inv' is enabled there may be # sections for inventory plugins which were not fetched yet. source.enforce_check_plugin_names(None) host_sections = multi_host_sections.add_or_get_host_sections(hostname, ipaddress) @@ -236,7 +240,6 @@ def _do_inv_for_realhost(sources, multi_host_sections, hostname, ipaddress, for section_name, plugin in inventory_plugins.inv_info.items(): section_content = multi_host_sections.get_section_content(hostname, ipaddress, section_name, for_discovery=False) - if section_content is None: # No data for this check type continue

6 years

6624 FIX Sign all agents: Prevent focussing search field when opening the dialog

by Lars Michelsen

Module: check_mk Branch: master Commit: aa309f53279792e478da24048a03802987fb198c URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=aa309f53279792… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Sep 18 13:20:08 2018 +0200 6624 FIX Sign all agents: Prevent focussing search field when opening the dialog When opening the dialog "Sign all agents" there was previously a search field shown which had the initial focus. A user would expect to have the initial focus on the key pass phrase field to sign the agent. When the user starts typing the pass phrase without previously changing the focus, the pass phrase becomes visible on the screen. To fix this we have now removed the search field from the "Sign all agents" dialog. The pass phrase field in now initially focused as intended. Change-Id: Id7ab0cb4706b39f42f76a0d33888eaf084000a4b --- .werks/6624 | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.werks/6624 b/.werks/6624 new file mode 100644 index 0000000..4b74f66 --- /dev/null +++ b/.werks/6624 @@ -0,0 +1,17 @@ +Title: Sign all agents: Prevent focussing search field when opening the dialog +Level: 1 +Component: agents +Class: fix +Compatible: compat +Edition: cee +State: unknown +Version: 1.6.0i1 +Date: 1537269441 + +When opening the dialog "Sign all agents" there was previously a search field shown which had +the initial focus. A user would expect to have the initial focus on the key pass phrase field +to sign the agent. When the user starts typing the pass phrase without previously changing the +focus, the pass phrase becomes visible on the screen. + +To fix this we have now removed the search field from the "Sign all agents" dialog. The pass +phrase field in now initially focused as intended.

6 years

6496 FIX check_mk_agent.linux: Moved piggybacked docker container sections to plugin ' mk_docker_container_piggybacked'

by Simon Betz

Module: check_mk Branch: master Commit: 1c444cb6e67e03fbd2a578fcf722f308eb31c9dc URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=1c444cb6e67e03… Author: Simon Betz <si(a)mathias-kettner.de> Date: Wed Sep 12 10:42:25 2018 +0200 6496 FIX check_mk_agent.linux: Moved piggybacked docker container sections to plugin 'mk_docker_container_piggybacked' Change-Id: Ic6803b9057394f0fe87019168056815bf1210a00 --- .werks/6496 | 28 +++++++++++++ agents/check_mk_agent.linux | 30 -------------- agents/plugins/mk_docker_container_piggybacked | 55 ++++++++++++++++++++++++++ 3 files changed, 83 insertions(+), 30 deletions(-) diff --git a/.werks/6496 b/.werks/6496 new file mode 100644 index 0000000..a04d5be --- /dev/null +++ b/.werks/6496 @@ -0,0 +1,28 @@ +Title: check_mk_agent.linux: Moved piggybacked docker container sections to plugin 'mk_docker_container_piggybacked' +Level: 1 +Component: checks +Class: fix +Compatible: incomp +Edition: cre +State: unknown +Version: 1.6.0i1 +Date: 1536741679 + +In order to monitor docker containers the {{check_mk_agent}} +collects the following information of each docker container +as piggyback data: +<ul> +<li>The state, node name, labels and network information</li> +<li>Execution of the {{check_mk_agent}} within running containers</li> +</ul> + +Moreover you have to create piggybacked hosts in Check_MK for each docker +container. The piggybacked host name is the docker container ID. + +Due to a long running time of these sections they are transferred to the +plugin {{mk_docker_container_piggybacked}} which also can be executed +asynchronously. + +That means that these sections were removed from the {{check_mk_agent}} +and you have to install the plugin to the plugins folder on the client. + diff --git a/agents/check_mk_agent.linux b/agents/check_mk_agent.linux index 99177ac..d25780e 100755 --- a/agents/check_mk_agent.linux +++ b/agents/check_mk_agent.linux @@ -1027,8 +1027,6 @@ fi # Iterate all running containers and report piggyback data for them if type docker > /dev/null 2>&1 && [ -z "$MK_IS_PIGGYBACKED" ]; then - NODE_NAME=$(docker info --format "{{json .Name}}") - echo "<<<docker_node_info>>>" docker info --format "{{json .}}" 2>&1 @@ -1049,34 +1047,6 @@ if type docker > /dev/null 2>&1 && [ -z "$MK_IS_PIGGYBACKED" ]; then echo "<<<docker_node_network:sep(0)>>>" NETWORK_IDS=$(docker network ls -f 'driver=bridge' --format='{{.ID}}') docker network inspect "$NETWORK_IDS" - - # For the container status, we want information about *all* containers - for CONTAINER_ID in $(docker container ls -q --all); do - echo "<<<<${CONTAINER_ID}>>>>" - docker inspect "$CONTAINER_ID" \ - --format='{{println "<<<docker_container_status>>>"}}{{json .State}}{{println}}{{println "<<<docker_container_node_name>>>"}}{{println '"$NODE_NAME"'}}{{println "<<<docker_container_labels>>>"}}{{json .Config.Labels}}{{println}}{{println "<<<docker_container_network>>>"}}{{json .NetworkSettings}}{{println}}' - echo "<<<<>>>>" - done - - for CONTAINER_ID in $(docker container ls -q); do - echo "<<<<$CONTAINER_ID>>>>" - - # Is there a regular agent available in the container? Use it! - # - # Otherwise execute the agent of the node in the context of the container. - # Using this approach we should always get at least basic information from - # the container. - # Once it comes to plugins and custom configuration the user needs to use - # a little more complex setup. Have a look at the documentation. - AGENT_PATH=$(docker container exec "$CONTAINER_ID" bash -c "type check_mk_agent" 2>/dev/null) - if [ -n "$AGENT_PATH" ]; then - docker container exec --env MK_IS_PIGGYBACKED=1 --env "REMOTE=$REMOTE" "$CONTAINER_ID" check_mk_agent - elif docker container exec "$CONTAINER_ID" which bash >/dev/null 2>&1; then - docker container exec --env MK_IS_PIGGYBACKED=1 --env MK_FROM_NODE=1 --env "REMOTE=$REMOTE" -i "$CONTAINER_ID" bash < "$0" - fi - - echo "<<<<>>>>" - done fi # Start new liveupdate process in background on each agent execution. Starting diff --git a/agents/plugins/mk_docker_container_piggybacked b/agents/plugins/mk_docker_container_piggybacked new file mode 100755 index 0000000..5d8ca3e --- /dev/null +++ b/agents/plugins/mk_docker_container_piggybacked @@ -0,0 +1,55 @@ +#!/bin/bash +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2018 mk(a)mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# tails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + +# $REMOTE is exported from check_mk_agent.linux + +if type docker > /dev/null 2>&1; then + NODE_NAME=$(docker info --format "{{json .Name}}") + + # For the container status, we want information about *all* containers + for CONTAINER_ID in $(docker container ls -q --all); do + echo "<<<<${CONTAINER_ID}>>>>" + docker inspect "$CONTAINER_ID" \ + --format='{{println "<<<docker_container_status>>>"}}{{json .State}}{{println}}{{println "<<<docker_container_node_name>>>"}}{{println '"$NODE_NAME"'}}{{println "<<<docker_container_labels>>>"}}{{json .Config.Labels}}{{println}}{{println "<<<docker_container_network>>>"}}{{json .NetworkSettings}}{{println}}' + + if [ "$(docker inspect -f '{{.State.Running}}' "$CONTAINER_ID")" = "true" ]; then + # Is there a regular agent available in the container? Use it! + # + # Otherwise execute the agent of the node in the context of the container. + # Using this approach we should always get at least basic information from + # the container. + # Once it comes to plugins and custom configuration the user needs to use + # a little more complex setup. Have a look at the documentation. + AGENT_PATH=$(docker container exec "$CONTAINER_ID" bash -c "type check_mk_agent" 2>/dev/null) + if [ -n "$AGENT_PATH" ]; then + docker container exec --env "REMOTE=$REMOTE" "$CONTAINER_ID" check_mk_agent + elif docker container exec "$CONTAINER_ID" which bash >/dev/null 2>&1; then + docker container exec --env MK_FROM_NODE=1 --env "REMOTE=$REMOTE" -i "$CONTAINER_ID" bash < "$0" + fi + fi + + echo "<<<<>>>>" + done +fi

6 years

← Newer
1
...
17
18
19
20
21
22
23
...
38
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Checkmk git commits September 2018