Module: check_mk
Branch: master
Commit: 07555860a9a787f46fdbf54984b14fec6d9c0d58
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=07555860a9a787…
Author: Moritz Kiemer <mo(a)mathias-kettner.de>
Date: Mon Feb 18 09:30:51 2019 +0100
7146 mk_docker.py: Optionally use container names as identifier
You can now configure the plugin mk_docker.py to use the containers
name or long ID as host name. You can do this either using the
agent bakery rule "Docker node and containers", or via configuration
file.
CMK-1707
Change-Id: If1285df52db33d4003dbf9c48052dc43bf915d63
---
.werks/7146 | 13 +++++++++++++
agents/cfg_examples/docker.cfg | 10 ++++++++++
agents/plugins/mk_docker.py | 36 ++++++++++++++++--------------------
tests/unit/plugins/test_mk_docker.py | 2 +-
4 files changed, 40 insertions(+), 21 deletions(-)
diff --git a/.werks/7146 b/.werks/7146
new file mode 100644
index 0000000..843569d
--- /dev/null
+++ b/.werks/7146
@@ -0,0 +1,13 @@
+Title: mk_docker.py: Optionally use container names as identifier
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1550501351
+Class: feature
+
+You can now configure the plugin mk_docker.py to use the containers
+name or long ID as host name. You can do this either using the
+agent bakery rule "Docker node and containers", or via configuration
+file.
diff --git a/agents/cfg_examples/docker.cfg b/agents/cfg_examples/docker.cfg
index a874c94..bf12ab0 100644
--- a/agents/cfg_examples/docker.cfg
+++ b/agents/cfg_examples/docker.cfg
@@ -27,6 +27,16 @@ skip_sections: docker_node_disk_usage,docker_node_images
# * docker_container_agent: retrieve information by running the
# check_mk_agent inside the container
+# CONTAINER ID
+# You can choose what to use as the container identifier. This will
+# affect the name used for the piggyback host corresponding to the
+# container, as well as items for services created on the node for each
+# container.
+# By default, the identifier is assumed to be the first 12 characters
+# of the container UUID. You can choose to use the full ID or the containers
+# name instead. Allowed values are "short" (the default), "long" and "name".
+container_id: name
+
# BASE URL
# By default we are trying to connect to the docker API engine
# via the unix socket:
diff --git a/agents/plugins/mk_docker.py b/agents/plugins/mk_docker.py
index 04a3fc2..c8661ec 100755
--- a/agents/plugins/mk_docker.py
+++ b/agents/plugins/mk_docker.py
@@ -73,6 +73,7 @@ DEFAULT_CFG_SECTION = {
"base_url": "unix://var/run/docker.sock",
"api_version": "auto",
"skip_sections": "",
+ "container_id": "short",
}
LOGGER = logging.getLogger(__name__)
@@ -159,9 +160,15 @@ def report_exception_to_server(exc):
class MKDockerClient(docker.DockerClient):
'''a docker.DockerClient that caches containers and node info'''
- def __init__(self, *args, **kwargs):
- super(MKDockerClient, self).__init__(*args, **kwargs)
- self.all_containers = self.containers.list(all=True)
+ def __init__(self, config):
+ super(MKDockerClient, self).__init__(config['base_url'], version=config['api_version'])
+ all_containers = self.containers.list(all=True)
+ if config['container_id'] == "name":
+ self.all_containers = [(c.attrs["Name"].lstrip('/'), c) for c in all_containers]
+ elif config['container_id'] == "long":
+ self.all_containers = [(c.attrs["Id"], c) for c in all_containers]
+ else:
+ self.all_containers = [(c.attrs["Id"][:12], c) for c in all_containers]
self.node_info = self.info()
@@ -242,7 +249,7 @@ class AgentDispatcher(object):
return None
result = container.exec_run(['sh', '-c', 'bash -c echo'], socket=True)
if not self.get_stdout(result):
- LOGGER.info("failed to run bash in container: %s", container.short_id)
+ LOGGER.info("failed to run bash in container")
return None
result = container.exec_run(
@@ -279,15 +286,6 @@ def set_version_info(client):
Section.version_info['ApiVersion'] = data.get('ApiVersion')
-def short_id(container):
- '''return a shortened id
-
- We do not use container.short_id for compatibility reasons.
- Also we are dealing with trust issues.
- '''
- return container.attrs["Id"][:12]
-
-
#.
# .--Sections------------------------------------------------------------.
# | ____ _ _ |
@@ -381,7 +379,7 @@ def section_node_images(client, _config):
LOGGER.debug(client.all_containers)
section.append('[[[containers]]]')
- for container in client.all_containers:
+ for __, container in client.all_containers:
section.append(json.dumps(container.attrs))
section.write()
@@ -403,8 +401,7 @@ def section_container_client(client, _config):
node_name = client.node_info.get("Name")
# For the container status, we want information about *all* containers
- for container in client.all_containers:
- container_id = short_id(container)
+ for container_id, container in client.all_containers:
LOGGER.info("container (via client): %s", container_id)
section = Section('container_node_name', piggytarget=container_id)
@@ -422,13 +419,12 @@ def section_container_client(client, _config):
@skippable
def section_container_agent(client, _config):
- running_containers = [c for c in client.all_containers if c.status == "running"]
+ running_containers = [c for c in client.all_containers if c[1].status == "running"]
if not running_containers:
return
dispatcher = AgentDispatcher()
- for container in running_containers:
- container_id = short_id(container)
+ for container_id, container in running_containers:
LOGGER.info("container(via agent): %s", container_id)
result = dispatcher.check_container(container)
@@ -466,7 +462,7 @@ def main():
config = get_config(args.config_file)
try: # first calls by docker-daemon: report failure
- client = MKDockerClient(config['base_url'], version=config['api_version'])
+ client = MKDockerClient(config)
except () if DEBUG else Exception as exc:
report_exception_to_server(exc)
sys.exit(1)
diff --git a/tests/unit/plugins/test_mk_docker.py b/tests/unit/plugins/test_mk_docker.py
index af740ad..fdb9cd6 100644
--- a/tests/unit/plugins/test_mk_docker.py
+++ b/tests/unit/plugins/test_mk_docker.py
@@ -11,7 +11,7 @@ sys.path.insert(0, os.path.join(cmk_path(), 'agents', 'plugins'))
import mk_docker # pylint: disable=import-error,wrong-import-position
PLUGIN_CHECKSUMS = {
- '0.1': '609daeed48fda1198701458e9bd4f205',
+ '0.1': 'aec6ebec8565d1326d1b0df52191d594',
}
Module: check_mk
Branch: master
Commit: dd5f0aee596214e7d5f74bf77b23f1b7c21c035d
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=dd5f0aee596214…
Author: Marcel Arentz <ma(a)mathias-kettner.de>
Date: Mon Mar 25 17:26:32 2019 +0100
Fixed werk description
Change-Id: I0ffa4761c526f68e5e666dfd8d2c0851e2d5c3cc
---
.werks/7107 | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
diff --git a/.werks/7107 b/.werks/7107
index 99a488c..649190a 100644
--- a/.werks/7107
+++ b/.werks/7107
@@ -10,17 +10,13 @@ Class: feature
Dedicated credentials for each section in custom_sqls
could be configured. The following parameters are valid:
+F+:
my_custom_sql () {
SQLS_DBUSER=customuser
SQLS_DBPASSWORD=secretpwd
-SQLS_DBSYSCONNECT="None"
+SQLS_DBSYSCONNECT=SYSDBA
SQLS_TNSALIAS=testdb123
+F-:
-These are the new parameters.
-An important note against SQLS_DBSYSCONNECT:
-If sysdba or sysoper has been set in DBUSER inside mk_oracle.cfg, the
-SQLS_DBSYSCONNECT="None" is needed to overwrite the default from DBUSER.
-This is often needed in environments with connections to mounted
-databases.
-SQLS_DBSYSCONNECT could be ignored, when sysdba or sysoper is not set in
-DBUSER.
+These are the new parameters. SQLS_DBSYSCONNECT needs be set only if the
+user is sysdba or sysoper. Otherwise just skip this line.
Module: check_mk
Branch: master
Commit: 72180fc378ac1ab430493a452f62382f89b10547
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=72180fc378ac1a…
Author: Moritz Kiemer <mo(a)mathias-kettner.de>
Date: Fri Mar 22 12:53:22 2019 +0100
7222 FIX check_http: port config for certificate check via proxy
If users had the active check "Check HTTP" configured to check a certificate
via a proxy, the option "TCP Port" had wrongly been used as the proxys port
instead of the certificate servers port.
The port defined in the option "TCP Port" is now applied to the certificate
server, regardless of whether a proxy is used.
If you relied on the wrong behaviour, remove the option "TCP Port" and include
the port for the proxy in the proxy settings.
NOTE:
To make this work, we have to pass proxy address and server name not
using the "-I proxy.com" and "-H server.com" option, but as the first
and second argument, respectively. This weird hack bypasses a bug in
the check_http commandline parsing:
When we pass the arguments this way, we can include the *servers* port
in the second argument (e.g. "server.com:8443"). When we try the same
with "-H server.vom:8443" the port will be stripped, and ignored if
the "-p" option is set, and used as the proxys port otherwise.
Change-Id: I2f7babed02b652186f996a91e53048a3689c9ebb
---
.werks/7222 | 18 ++++++++++
checks/check_http | 68 ++++++++++++++++++++++++------------
tests/unit/checks/test_check_http.py | 35 +++++++++++++++++--
3 files changed, 97 insertions(+), 24 deletions(-)
diff --git a/.werks/7222 b/.werks/7222
new file mode 100644
index 0000000..f55922c
--- /dev/null
+++ b/.werks/7222
@@ -0,0 +1,18 @@
+Title: check_http: Mixup of ports when configuring certificate check via proxy
+Level: 1
+Component: wato
+Compatible: incomp
+Edition: cre
+Version: 1.6.0i1
+Date: 1553255189
+Class: fix
+
+If users had the active check "Check HTTP" configured to check a certificate
+via a proxy, the option "TCP Port" had wrongly been used as the proxys port
+instead of the certificate servers port.
+
+The port defined in the option "TCP Port" is now applied to the certificate
+server, regardless of whether a proxy is used.
+
+If you relied on the wrong behaviour, remove the option "TCP Port" and include
+the port for the proxy in the proxy settings.
diff --git a/checks/check_http b/checks/check_http
index e1c265d..365d927 100644
--- a/checks/check_http
+++ b/checks/check_http
@@ -43,31 +43,34 @@ def _get_family_and_address(settings):
return family, address
+def _get_proxy_setting(settings):
+ """return proxys (address, port, auth) or None"""
+ proxy = settings.get("proxy")
+ if not proxy:
+ return None
+
+ # ':' outside a IPv6 address indicates port
+ if ':' in proxy.split(']')[-1]:
+ address, port = proxy.rsplit(':', 1)
+ else:
+ address, port = proxy, None
+
+ auth = settings.get("proxy_auth")
+ if auth:
+ auth = passwordstore_get_cmdline("%s:%%s" % auth[0], auth[1])
+
+ proset = collections.namedtuple("ProxySettings", ("address", "port", "auth"))
+ return proset(address, port, auth)
+
+
def _certificate_args(address_family, address, settings):
args = []
server = settings.get('cert_host', address)
- proxy = settings.get('proxy')
-
- args += ['-I', proxy or server]
-
- if proxy:
- args += ['-H', server]
- args.append('--ssl')
- args += ['-j', 'CONNECT']
- elif settings.get("sni"):
- args += ['-H', server]
if address_family == 'ipv6':
args += ['-6']
- if "port" in settings:
- args += ['-p', settings["port"]]
-
- if "proxy_auth" in settings:
- username, password = settings["proxy_auth"]
- args += ["-b", passwordstore_get_cmdline("%s:%%s" % username, password)]
-
if "cert_days" in settings:
# legacy behavior
if isinstance(settings["cert_days"], int):
@@ -79,6 +82,25 @@ def _certificate_args(address_family, address, settings):
if "sni" in settings:
args += ['--sni']
+ proxy = _get_proxy_setting(settings)
+ server_port = settings.get("port")
+
+ specify_port = proxy.port if proxy else server_port
+ if specify_port:
+ args += ['-p', specify_port]
+
+ if proxy:
+ args += ['--ssl', '-j', 'CONNECT']
+ if proxy.auth:
+ args += ["-b", proxy.auth]
+ args.append(proxy.address)
+ if server_port:
+ server += ':%s' % server_port
+
+ elif settings.get("sni"):
+ args += ['-H', server]
+
+ args += [server]
return args
@@ -87,11 +109,12 @@ def _url_args(address_family, address, settings):
# get virthost settings:
# TODO: when did 'vhost' dissapear from WATO?
vhost, omit_ip = settings.get("virthost", (settings.get("vhost"), False))
+ proxy = _get_proxy_setting(settings)
args = []
- if "proxy" in settings:
- args += ["-I", settings["proxy"]]
+ if proxy:
+ args += ["-I", proxy.address]
elif not omit_ip:
args += ["-I", address]
@@ -101,6 +124,8 @@ def _url_args(address_family, address, settings):
if address_family == 'ipv6':
args += ['-6']
+ # TODO: I think this should be overridden by the proxy port
+ # in the same way as in the cert check. (mo)
if "port" in settings:
args += ['-p', settings["port"]]
@@ -136,9 +161,8 @@ def _url_args(address_family, address, settings):
username, password = settings["auth"]
args += ["-a", passwordstore_get_cmdline("%s:%%s" % username, password)]
- if "proxy_auth" in settings:
- username, password = settings["proxy_auth"]
- args += ["-b", passwordstore_get_cmdline("%s:%%s" % username, password)]
+ if proxy and proxy.auth:
+ args += ["-b", proxy.auth]
if "onredirect" in settings:
args += ['--onredirect=%s' % settings["onredirect"]]
diff --git a/tests/unit/checks/test_check_http.py b/tests/unit/checks/test_check_http.py
index eae8884..3bcffc7 100644
--- a/tests/unit/checks/test_check_http.py
+++ b/tests/unit/checks/test_check_http.py
@@ -32,9 +32,40 @@ pytestmark = pytest.mark.checks
(
(None, {
'cert_days': (10, 20),
- 'cert_host': 'www.test123.com'
+ 'cert_host': 'www.test123.com',
+ 'port': '42',
}),
- ['-I', 'www.test123.com', '-C', '10,20'],
+ ['-C', '10,20', '-p', '42', 'www.test123.com'],
+ ),
+ (
+ (None, {
+ 'cert_days': (10, 20),
+ 'cert_host': 'www.test123.com',
+ 'port': '42',
+ 'proxy': 'p.roxy',
+ }),
+ ['-C', '10,20', '--ssl', '-j', 'CONNECT', 'p.roxy', 'www.test123.com:42'],
+ ),
+ (
+ (None, {
+ 'cert_days': (10, 20),
+ 'cert_host': 'www.test123.com',
+ 'port': '42',
+ 'proxy': 'p.roxy:23',
+ }),
+ ['-C', '10,20', '-p', '23', '--ssl', '-j', 'CONNECT', 'p.roxy', 'www.test123.com:42'],
+ ),
+ (
+ (None, {
+ 'cert_days': (10, 20),
+ 'cert_host': 'www.test123.com',
+ 'port': '42',
+ 'proxy': '[dead:beef::face]:23',
+ }),
+ [
+ '-C', '10,20', '-p', '23', '--ssl', '-j', 'CONNECT', '[dead:beef::face]',
+ 'www.test123.com:42'
+ ],
),
(
(None, {