Module: check_mk
Branch: master
Commit: 781490f52f356c6504569c2892587fcaddbc1fd8
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=781490f52f356c…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Tue Feb 5 12:20:18 2019 +0100
Increase internal certificate age used for encrypted Livestatus
We decided to set the age of the internally used certificates to
a very long period of 999 years for convenience.
The benefit of a certificate expiration is not really worth the trouble
in our scenario.
In case you have specific security requirements that don't allow such
a long period, you will likely use your own certificates, signed by your
company or some other trusted CA which has a more strict validity period.
CMK-1535
Change-Id: I2838ba706cf98fb4d9fd836d3bb0b5465a74b064
---
omd/packages/omd/omdlib/certs.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/omd/packages/omd/omdlib/certs.py b/omd/packages/omd/omdlib/certs.py
index 98ebfd8..e321f2b 100644
--- a/omd/packages/omd/omdlib/certs.py
+++ b/omd/packages/omd/omdlib/certs.py
@@ -31,7 +31,8 @@ from pathlib2 import Path # pylint: disable=unused-import
from OpenSSL import crypto
from OpenSSL.SSL import FILETYPE_PEM # type: ignore
-CERT_NOT_AFTER = 3 * 365 * 24 * 60 * 60 # 3 years by default
+CERT_NOT_AFTER = 999 * 365 * 24 * 60 * 60 # 999 years by default
+CA_CERT_NOT_AFTER = CERT_NOT_AFTER
class CertificateAuthority(object):
@@ -66,7 +67,7 @@ class CertificateAuthority(object):
# type: () -> Tuple[str, str]
key = self._make_private_key()
- cert = self._make_cert(self._ca_name, 10 * 365 * 24 * 60 * 60) # 10 years
+ cert = self._make_cert(self._ca_name, CA_CERT_NOT_AFTER)
cert.set_issuer(cert.get_subject())
cert.set_pubkey(key)
cert.add_extensions([
Module: check_mk
Branch: master
Commit: 8f156f4666acdfcd156924dcd87425b8d8cdfb70
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8f156f4666acdf…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Sun Feb 3 12:06:59 2019 +0100
7081 Reworked "Distributed Monitoring" page
The "Distributed Monitoring" pages have been reworked to make it easier
to manage multiple Check_MK site connections.
The list page is now showing less site configuration details. Instead of
these columns status columns have been added to visualize whether or not
your site connections can currently be used.
One column shows the current status of the Livestatus connection, which
is needed by the GUI to gather the monitoring status from the site. In
case your livestatus connection is not configured properly, you may
have a look at the status and hover the icon for more information about
the reason.
One possible reason for a non functional Livestatus connection may be
a TLS connection issue (if you use encrypted Livestatus). You can use
this site to inspect the remote site certificate and establish a trust
with this certificate to allow the GUI to connect with that site.
The replication status column tells you whether or not the configuration
replication connection is working.
CMK-1535
Change-Id: I6939183412f0af033c95f889e1a111bc6be8b546
---
.werks/7081 | 29 +++
cmk/gui/plugins/wato/utils/__init__.py | 14 +-
cmk/gui/wato/__init__.py | 1 -
cmk/gui/wato/pages/sites.py | 297 ++++++++++++++++++++++-------
cmk/gui/watolib/automation_commands.py | 18 +-
tests/unit/cmk/gui/watolib/test_watolib.py | 1 +
web/htdocs/js/index.js | 2 +
web/htdocs/js/modules/sites.js | 66 +++++++
8 files changed, 350 insertions(+), 78 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=8f156f4666…
Module: check_mk
Branch: master
Commit: 70eb920fe5dae6e2121d73feea728e9c150caadd
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=70eb920fe5dae6…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Feb 4 19:51:47 2019 +0100
Disentangled Livestatus Proxy and socket connection settings
The Livestatus socket connection settings (address and port) were
part of the Livestatus Proxy settings in previous versions. This
resulted in several problems.
>From the user view: It was not possible to toggle Livestatus Proxy
on and of without having to remember the connection settings to
re-enter it after enabling or disabling the proxy.
>From the internal view: There were several places in the code
that had to deal with both kind of socket setting structures in
order to get the destination address.
CMK-1535
Change-Id: If1ec2306b14aff6d5c54822d688c2997ca4cfa30
---
cmk/gui/config.py | 40 +++++++++++------
cmk/gui/plugins/wato/ac_tests.py | 3 +-
cmk/gui/sites.py | 23 +++++++---
cmk/gui/wato/pages/sites.py | 1 +
cmk/gui/watolib/sites.py | 84 +++++++++++++++++------------------
tests/unit/cmk/gui/test_gui_config.py | 41 ++++++++++++-----
tests/unit/cmk/gui/test_sites.py | 49 +++++++++++++-------
7 files changed, 150 insertions(+), 91 deletions(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=70eb920fe5…
Module: check_mk
Branch: master
Commit: 45e572590b0d11e2359fe41a9e73ae16d73952d8
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=45e572590b0d11…
Author: Moritz Kiemer <mo(a)mathias-kettner.de>
Date: Fri Feb 8 19:57:22 2019 +0100
azure_agent_info: new default levels for API reads
If we are using API calls at a larger rate than 200 per
minute, we are going to run out of them sooner or later
anyway.
Warn a little earlier, to give the user more time to react.
Change-Id: I2fdfbb9b7472aa8d6dbd40410e3313fab8e5f2ef
---
checks/azure_agent_info | 2 +-
cmk/gui/plugins/wato/check_parameters/azure.py | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/checks/azure_agent_info b/checks/azure_agent_info
index 9007ffe..69c852c 100644
--- a/checks/azure_agent_info
+++ b/checks/azure_agent_info
@@ -28,7 +28,7 @@ import json
factory_settings['azure_agent_info_levels'] = {
'warning_levels': (1, 10),
'exception_levels': (1, 1),
- 'remaining_reads_levels_lower': (1000, 100),
+ 'remaining_reads_levels_lower': (6000, 3000),
'remaining_reads_unknown_state': 1,
}
diff --git a/cmk/gui/plugins/wato/check_parameters/azure.py b/cmk/gui/plugins/wato/check_parameters/azure.py
index c3b294b..760566f 100644
--- a/cmk/gui/plugins/wato/check_parameters/azure.py
+++ b/cmk/gui/plugins/wato/check_parameters/azure.py
@@ -63,8 +63,8 @@ register_check_parameters(
Tuple(
title=_("Lower levels for remaining API reads"),
elements=[
- Integer(title=_("Warning below"), default_value=1000),
- Integer(title=_("Critical below"), default_value=100),
+ Integer(title=_("Warning below"), default_value=6000),
+ Integer(title=_("Critical below"), default_value=3000),
],
)),
("remaining_reads_unknown_state",
Module: check_mk
Branch: master
Commit: 438993e3bc9d4881edc57257c5a5294517306d1e
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=438993e3bc9d48…
Author: Moritz Kiemer <mo(a)mathias-kettner.de>
Date: Fri Feb 8 10:45:21 2019 +0100
docker: mark deprecated parse results
Change-Id: Ie3c2c7adb3d8fdb5c807a4f821ff14a8a40972a3
---
checks/legacy_docker.include | 87 +++++++++++++++++++++++++++++++++++---------
1 file changed, 69 insertions(+), 18 deletions(-)
diff --git a/checks/legacy_docker.include b/checks/legacy_docker.include
index 7c0c681..87b30fd 100644
--- a/checks/legacy_docker.include
+++ b/checks/legacy_docker.include
@@ -27,6 +27,49 @@ import json
import re
+class DeprecatedDict(dict):
+ pass
+
+
+class DeprecatedList(list):
+ pass
+
+
+def append_deprecation_warning(check_function):
+ '''A wrapper to WARN if legacy code is used
+
+ If the parse result is of one of the legacy Types the decorated
+ check function will yield an additional WARNING state.
+
+ These legacy parse results correspond to agents/plugins from version
+ 1.5.0b1 to 1.5.0p12
+ '''
+
+ @functools.wraps(check_function)
+ def wrapper(item, params, parsed):
+
+ is_deprecated = isinstance(parsed, (DeprecatedDict, DeprecatedList))
+ catch_these = Exception if is_deprecated else ()
+
+ try:
+ results = check_function(item, params, parsed)
+ if isinstance(results, tuple):
+ yield results
+ else:
+ for result in results:
+ yield result
+ except catch_these:
+ yield 3, "Could not handle data"
+ finally:
+ if is_deprecated:
+ yield 1, ("Deprecated plugin/agent (see long output)(!)\n"
+ "You are using legacy code, which may lead to crashes and/or"
+ " incomplete information. Please upgrade the monitored host to"
+ " use the plugin 'mk_docker.py'.")
+
+ return wrapper
+
+
def _legacy_docker_get_bytes(string):
'''get number of bytes from string
@@ -77,20 +120,20 @@ def _get_repo_tag(string):
def parse_legacy_docker_node_info(info):
'''parse output of "docker info"'''
+ parsed = DeprecatedDict()
if not info:
- return {}
+ return parsed
# parse legacy json output (verisons 1.5.0 - 1.5.0p6)
joined = " ".join(info[0])
if joined.endswith("permission denied"):
- return {}
+ return parsed
try:
# this may contain a certificate containing newlines.
return json.loads(joined.replace("\n", "\\n"))
except ValueError:
pass
- parsed = {}
prefix = ""
for row in info:
if not row:
@@ -193,12 +236,12 @@ def parse_legacy_docker_system_df(info):
except ValueError:
table = _legacy_docker_parse_table(info, field_map[0], field_map[1])
- parsed = {}
+ parsed = DeprecatedDict()
for line in table:
for key, type_ in zip(field_map[1], field_map[2]):
- v = line.get(key)
- if v is not None:
- line[key] = type_(v)
+ val = line.get(key)
+ if val is not None:
+ line[key] = type_(val)
parsed[line.get("Type").lower()] = line
return parsed
@@ -221,11 +264,11 @@ def parse_legacy_docker_subsection_images(info):
table = _get_json_list(info)
- parsed = {}
+ parsed = DeprecatedDict()
for item in table:
- v = item.get("VirtualSize")
- if v is not None:
- item["VirtualSize"] = _legacy_docker_get_bytes(v)
+ val = item.get("VirtualSize")
+ if val is not None:
+ item["VirtualSize"] = _legacy_docker_get_bytes(val)
parsed[item.get("ID")] = item
return parsed
@@ -235,22 +278,29 @@ def parse_legacy_docker_subsection_image_labels(info):
table = _get_json_list(info)
- return {_legacy_docker_trunk_id(long_id): data for long_id, data in table if data is not None}
+ parsed = DeprecatedDict()
+ for long_id, data in table:
+ if data is not None:
+ parsed[_legacy_docker_trunk_id(long_id)] = data
+ return parsed
def parse_legacy_docker_subsection_image_inspect(info):
+ parsed = DeprecatedDict()
try:
table = json.loads(' '.join(' '.join(row) for row in info if row))
except ValueError:
- return {}
- return {_legacy_docker_trunk_id(image["Id"]): image for image in table}
+ return parsed
+ for image in table:
+ parsed[_legacy_docker_trunk_id(image["Id"])] = image
+ return parsed
def parse_legacy_docker_subsection_containers(info):
table = _get_json_list(info)
- parsed = {}
+ parsed = DeprecatedDict()
for item in table:
image_name = item.get("Image", "")
item["Repository"], item["Tag"] = _get_repo_tag(image_name)
@@ -332,11 +382,12 @@ def parse_legacy_docker_node_images(info):
if isinstance(labels, (str, unicode)):
cont["Labels"] = parse_legacy_docker_messed_up_labels(labels)
- return {"images": images, "containers": containers}
+ return DeprecatedDict((("images", images), ("containers", containers)))
def parse_legacy_docker_network_inspect(info):
try:
- return json.loads(''.join(row[0] for row in info if row))
+ raw = json.loads(''.join(row[0] for row in info if row))
except ValueError:
- return []
+ raw = []
+ return DeprecatedList(raw)