Module: check_mk
Branch: master
Commit: f4c6bcca424c52d889e2c0dc9e4f276ee7843325
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f4c6bcca424c52…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Thu Jul 10 16:56:39 2014 +0200
Added AIX support for HW/SW-Inventory
Check_MK now ships the new agent plugin <tt>mk_inventory.aix</tt>, which retrieves
inventory data on AIX hosts. This includes the list of software packages and
service packs, information about the system and cpu.
---
.werks/1046 | 10 ++++
ChangeLog | 3 +-
agents/plugins/mk_inventory.aix | 46 +++++++++++++++++
inventory/aix_baselevel | 38 ++++++++++++++
inventory/aix_packages | 72 ++++++++++++++++++++++++++
inventory/aix_service_packs | 34 +++++++++++++
inventory/prtconf | 106 +++++++++++++++++++++++++++++++++++++++
web/plugins/views/inventory.py | 6 +++
8 files changed, 314 insertions(+), 1 deletion(-)
Diff: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=f4c6bcca42…
Module: check_mk
Branch: master
Commit: 76b29d95d0f4899f29796bbb7a468ffdec822302
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=76b29d95d0f489…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Thu Jul 10 14:11:48 2014 +0200
FIX table servicegroups: fixed service visibility when using group_authorization AUTH_STRICT
This only applies with the setting group_authorization = AUTH_STRICT
When an auth user was given the livestatus table servicegroups did not check if the auth
user had permissions to all objects of the servicegroup.
As a result the user was able to view servicegroups, even if he was not a contact for every object in it.
However, the "forbidden" object itself was not returned, just a subset of the group.
This was incorrect. The user needs to be contact of every element in this group.
Otherwise he should not see the group at all..
---
.werks/951 | 16 ++++++++++++++++
ChangeLog | 1 +
livestatus/src/TableServices.cc | 30 +++++++++++++++++++++++++-----
3 files changed, 42 insertions(+), 5 deletions(-)
diff --git a/.werks/951 b/.werks/951
new file mode 100644
index 0000000..413602e
--- /dev/null
+++ b/.werks/951
@@ -0,0 +1,16 @@
+Title: table servicegroups: fixed service visibility when using group_authorization AUTH_STRICT
+Level: 1
+Component: livestatus
+Version: 1.2.5i5
+Date: 1404994147
+Class: fix
+
+This only applies with the setting group_authorization = AUTH_STRICT
+
+When an auth user was given the livestatus table servicegroups did not check if the auth
+user had permissions to all objects of the servicegroup.
+As a result the user was able to view servicegroups, even if he was not a contact for every object in it.
+However, the "forbidden" object itself was not returned, just a subset of the group.
+This was incorrect. The user needs to be contact of every element in this group.
+Otherwise he should not see the group at all..
+
diff --git a/ChangeLog b/ChangeLog
index e7312ec..bd991b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -71,6 +71,7 @@
Livestatus:
* 0988 FIX: livedump: Fix exception in case no contact groups are defined for a service
+ * 0951 FIX: table servicegroups: fixed service visibility when using AUTH_STRICT...
HW/SW-Inventory:
* 0625 hw/sw inventory now reads the kernel version and architecture for linux and windows
diff --git a/livestatus/src/TableServices.cc b/livestatus/src/TableServices.cc
index a21a8ac..781e30b 100644
--- a/livestatus/src/TableServices.cc
+++ b/livestatus/src/TableServices.cc
@@ -68,14 +68,34 @@ void TableServices::answerQuery(Query *query)
if (_by_group) {
servicegroup *sgroup = servicegroup_list;
servicebygroup sg;
+ bool show_sgroup;
+
+ // When g_group_authorization is set to AUTH_STRICT we need to pre-check
+ // if every service of this group is visible to the _auth_user
+ bool requires_precheck = query->authUser() && g_group_authorization == AUTH_STRICT;
+
while (sgroup) {
+ show_sgroup = true;
sg._servicegroup = sgroup;
servicesmember *mem = sgroup->members;
- while (mem) {
- memcpy(&sg._service, mem->service_ptr, sizeof(service));
- if (!query->processDataset(&sg))
- break;
- mem = mem->next;
+ if (requires_precheck) {
+ while (mem) {
+ if (!is_authorized_for(query->authUser(), mem->service_ptr->host_ptr, mem->service_ptr)) {
+ show_sgroup = false;
+ break;
+ }
+ mem = mem->next;
+ }
+ }
+
+ if (show_sgroup) {
+ mem = sgroup->members;
+ while (mem) {
+ memcpy(&sg._service, mem->service_ptr, sizeof(service));
+ if (!query->processDataset(&sg))
+ break;
+ mem = mem->next;
+ }
}
sgroup = sgroup->next;
}
Module: check_mk
Branch: master
Commit: a1c629ea05362efcccf68100be299fc5dd4f47c8
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a1c629ea05362e…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Thu Jul 10 13:52:37 2014 +0200
FIX mysql_slave: Only monitor the age of the slave when it is running
---
.werks/1054 | 8 ++++++++
ChangeLog | 1 +
checks/mysql_slave | 23 ++++++++++++-----------
3 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/.werks/1054 b/.werks/1054
new file mode 100644
index 0000000..0390c42
--- /dev/null
+++ b/.werks/1054
@@ -0,0 +1,8 @@
+Title: mysql_slave: Only monitor the age of the slave when it is running
+Level: 1
+Component: checks
+Version: 1.2.5i5
+Date: 1404993134
+Class: fix
+
+
diff --git a/ChangeLog b/ChangeLog
index 6231ef2..e2b59e4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,7 @@
* 1072 FIX: printer_supply: fix colors of Perf-O-Meter on HP OfficeJet...
* 0950 FIX: check_mkevents: now able to resolve the hostname of the remote hosts...
* 0177 FIX: esx_vsphere_hostsystem.multipath: Fixed return state in case of paths in standby...
+ * 1054 FIX: mysql_slave: Only monitor the age of the slave when it is running
Multisite:
* 1013 Sort host names naturally, e.g. foobar11 comes after foobar2...
diff --git a/checks/mysql_slave b/checks/mysql_slave
index cf413d6..657cfa2 100644
--- a/checks/mysql_slave
+++ b/checks/mysql_slave
@@ -62,20 +62,21 @@ def check_mysql_slave(_unused, params, info):
if data['Slave_SQL_Running']:
output.append('Slave-SQL: running')
+
+ # Makes only sense to monitor the age when the SQL slave is running
+ out = 'Time behind Master: %s' % get_age_human_readable(data['Seconds_Behind_Master'])
+ warn, crit = params.get('seconds_behind_master', (None, None))
+ if crit != None and data['Seconds_Behind_Master'] > crit:
+ state = 2
+ out += '(!!)'
+ elif warn != None and data['Seconds_Behind_Master'] > warn:
+ state = 1
+ out += '(!)'
+ output.append(out)
+ perfdata.append(('seconds_behind_master', data['Seconds_Behind_Master'], warn, crit))
else:
output.append('Slave-SQL: not running(!!)')
- out = 'Time behind Master: %s' % get_age_human_readable(data['Seconds_Behind_Master'])
- warn, crit = params.get('seconds_behind_master', (None, None))
- if crit != None and data['Seconds_Behind_Master'] > crit:
- state = 2
- out += '(!!)'
- elif warn != None and data['Seconds_Behind_Master'] > warn:
- state = 1
- out += '(!)'
- output.append(out)
- perfdata.append(('seconds_behind_master', data['Seconds_Behind_Master'], warn, crit))
-
return state, ', '.join(output), perfdata
check_info['mysql_slave'] = {
Module: check_mk
Branch: master
Commit: f6481f42db0382ce6e7180a56a6bddb5e1508cd5
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=f6481f42db0382…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Thu Jul 10 11:43:39 2014 +0200
FIX Gracefully restart check_mk helpers in case of memory leak
When using the Check_MK Micro Core in combination with inline SNMP then
in certain rare situations the check_mk helper processes leak memory. We
suspect the leak to be in the SNMP libs but this is just an assumption.
This fix now watches the size of each check_mk helper. If the memory usage
(VM size) of the process grows by more then 50% compared to the size after
the first 20 hosts being checked, then the helper silently restarts itself
and leaves a message in <tt>var/log/check_mk/cmc-helper.log</tt>.
---
.werks/1045 | 16 ++++++++++++++++
ChangeLog | 1 +
modules/check_mk.py | 48 +++++++++++++++++++++++++++++++++++++++++++-----
3 files changed, 60 insertions(+), 5 deletions(-)
diff --git a/.werks/1045 b/.werks/1045
new file mode 100644
index 0000000..3cd3696
--- /dev/null
+++ b/.werks/1045
@@ -0,0 +1,16 @@
+Title: Gracefully restart check_mk helpers in case of memory leak
+Level: 2
+Component: core
+Version: 1.2.5i5
+Date: 1404985261
+Class: fix
+
+When using the Check_MK Micro Core in combination with inline SNMP then
+in certain rare situations the check_mk helper processes leak memory. We
+suspect the leak to be in the SNMP libs but this is just an assumption.
+
+This fix now watches the size of each check_mk helper. If the memory usage
+(VM size) of the process grows by more then 50% compared to the size after
+the first 20 hosts being checked, then the helper silently restarts itself
+and leaves a message in <tt>var/log/check_mk/cmc-helper.log</tt>.
+
diff --git a/ChangeLog b/ChangeLog
index 7268491..86393e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@
* 1035 FIX: Do not fail on errors in *.mk files anymore - except in interactive mode...
* 0174 FIX: Fixed appending of --keepalive-fd parameters to checkhelpers...
* 1053 FIX: Fixed events check always being reporting OK state...
+ * 1045 FIX: Gracefully restart check_mk helpers in case of memory leak...
Checks & Agents:
* 0168 f5_bigip_pool: Added Wato configuration...
diff --git a/modules/check_mk.py b/modules/check_mk.py
index 8b35f86..acca7d3 100755
--- a/modules/check_mk.py
+++ b/modules/check_mk.py
@@ -5416,12 +5416,46 @@ def copy_globals():
if varname not in [ "g_service_description", "g_multihost_checks",
"g_check_table_cache", "g_singlehost_checks",
"total_check_outout", "g_nodesof_cache",
- "g_initial_times" ] \
+ "g_initial_times", "g_keepalive_initial_memusage",
+ "g_dns_cache", "g_ip_lookup_cache" ] \
and type(value).__name__ not in [ "function", "module", "SRE_Pattern" ]:
global_saved[varname] = copy.copy(value)
return global_saved
+# Determine currently (VmSize, VmRSS) in Bytes
+def current_memory_usage():
+ parts = file('/proc/self/stat').read().split()
+ vsize = int(parts[22]) # in Bytes
+ rss = int(parts[23]) * 4096 # in Pages
+ return (vsize, rss)
+
+keepalive_memcheck_cycle = 20
+g_keepalive_initial_memusage = None
+def keepalive_check_memory(num_checks, keepalive_fd):
+ if num_checks % keepalive_memcheck_cycle != 0: # Only do this after every 10 checks
+ return
+
+ global g_keepalive_initial_memusage
+ if not g_keepalive_initial_memusage:
+ g_keepalive_initial_memusage = current_memory_usage()
+ else:
+ usage = current_memory_usage()
+ # Allow VM size to grow by at most 50%
+ if usage[0] > 1.5 * g_keepalive_initial_memusage[0]:
+ file(log_dir + "/cmc-helper.log", "a") \
+ .write("%s [4] check helper[%d]: memory usage increased from %s to %s after %d check cycles. Restarting.\n" %
+ (time.strftime("%F %T", time.localtime()), os.getpid(),
+ get_bytes_human_readable(g_keepalive_initial_memusage[0]),
+ get_bytes_human_readable(usage[0]), num_checks))
+ restart_myself(keepalive_fd)
+
+
+def restart_myself(keepalive_fd):
+ sys.argv = [ x for x in sys.argv if not x.startswith('--keepalive-fd=') ]
+ os.execvp("cmk", sys.argv + [ "--keepalive-fd=%d" % keepalive_fd ])
+
+
def do_check_keepalive():
global g_initial_times
@@ -5445,6 +5479,8 @@ def do_check_keepalive():
os.dup2(devnull, 1)
os.close(devnull)
+ num_checks = 0 # count total number of check cycles
+
global total_check_output
total_check_output = ""
if opt_debug:
@@ -5456,15 +5492,15 @@ def do_check_keepalive():
cleanup_globals()
hostname = keepalive_read_line()
g_initial_times = os.times()
- if not hostname:
- break
+
hostname = hostname.strip()
if hostname == "*":
- sys.argv = [ x for x in sys.argv if not x.startswith('--keepalive-fd=') ]
- os.execvp("cmk", sys.argv + [ "--keepalive-fd=%d" % keepalive_fd ])
+ restart_myself(keepalive_fd)
elif not hostname:
break
+ num_checks += 1
+
timeout = int(keepalive_read_line())
try: # catch non-timeout exceptions
try: # catch timeouts
@@ -5517,6 +5553,8 @@ def do_check_keepalive():
os.write(keepalive_fd, "%03d\n%08d\n%s" %
(3, len(total_check_output), total_check_output))
+ keepalive_check_memory(num_checks, keepalive_fd)
+
# Just one lines from stdin. But: make sure that
# nothing more is read - not even into some internal
Module: check_mk
Branch: master
Commit: 801b2b46978d6a79bb1190d42af8feee97fc32ad
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=801b2b46978d6a…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Wed Jul 9 15:07:38 2014 +0200
FIX Fix Virtual Host Tree snapin
The Virtual Host Tree snapin would not filter correctly for host tags
that are empty (i.e. <tt>None</tt>). This has been fixed.
---
.werks/1074 | 10 ++++++++++
ChangeLog | 1 +
web/plugins/sidebar/shipped.py | 2 +-
web/plugins/views/filters.py | 38 +++++++++++++++++++++++++++++++-------
4 files changed, 43 insertions(+), 8 deletions(-)
diff --git a/.werks/1074 b/.werks/1074
new file mode 100644
index 0000000..d553477
--- /dev/null
+++ b/.werks/1074
@@ -0,0 +1,10 @@
+Title: Fix Virtual Host Tree snapin
+Level: 2
+Component: multisite
+Class: fix
+State: unknown
+Version: 1.2.5i5
+Date: 1404911209
+
+The Virtual Host Tree snapin would not filter correctly for host tags
+that are empty (i.e. <tt>None</tt>). This has been fixed.
diff --git a/ChangeLog b/ChangeLog
index 10c6a99..15a7861 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -46,6 +46,7 @@
* 1052 SEC: index start URL can not be used to redirect to absolute URLs anymore...
* 0945 FIX: Sidebar snapin "Problem hosts": Now excludes hosts and services in downtime
* 1036 FIX: doc/treasures/downtime: fix --url option, better error output
+ * 1074 FIX: Fix Virtual Host Tree snapin...
WATO:
* 0825 WATO: Hover menu of user online state shows the last seen date/time now
diff --git a/web/plugins/sidebar/shipped.py b/web/plugins/sidebar/shipped.py
index 09d96a9..d98a9fc 100644
--- a/web/plugins/sidebar/shipped.py
+++ b/web/plugins/sidebar/shipped.py
@@ -1353,7 +1353,7 @@ def render_tag_tree_level(taggroups, path, cwd, title, tree):
items.sort()
for nr, ((title, tag), subtree) in enumerate(items):
- subpath = path + [tag]
+ subpath = path + [tag or ""]
url = tag_tree_url(taggroups, subpath, "allhosts")
if "_num_hosts" in subtree:
title += " (%d)" % subtree["_num_hosts"]
diff --git a/web/plugins/views/filters.py b/web/plugins/views/filters.py
index c7938c3..3d46a99 100644
--- a/web/plugins/views/filters.py
+++ b/web/plugins/views/filters.py
@@ -786,7 +786,7 @@ class FilterHostTags(Filter):
)
def display(self):
- groups = [ (e[0], e[1]) for e in config.wato_host_tags ]
+ groups = [ (e[0], e[1].lstrip("/") ) for e in config.wato_host_tags ]
operators = [
("is", _("=")),
("isnot", _("≠")),
@@ -827,17 +827,41 @@ class FilterHostTags(Filter):
html.write('</td></tr>')
html.write('</table>')
+ def hosttag_filter(self, negate, tag):
+ return 'Filter: host_custom_variables %s TAGS (^|[ ])%s($|[ ])' % (negate and '!~' or '~', tag)
+
def filter(self, infoname):
headers = []
- for num in range(self.count):
+ # Do not restrict to a certain number, because we'd like to link to this
+ # via an URL, e.g. from the virtual host tree snapin
+ num = 0
+ while html.has_var('host_tag_%d_op' % num):
prefix = 'host_tag_%d' % num
op = html.var(prefix + '_op')
- val = html.var(prefix + '_val')
-
- if op and val:
- operator = op != 'is' and '!~' or '~'
- headers.append('Filter: host_custom_variables %s TAGS (^|[ ])%s($|[ ])' % (operator, val))
+ tag = html.var(prefix + '_val')
+
+ if op:
+ if tag: # positive host tag
+ headers.append(self.hosttag_filter(op != "is", tag))
+ else:
+ # empty host tag. Darn. We need to create a filter that excludes all other host tags
+ # of the group
+ group = html.var(prefix + '_grp')
+ grouptags = None
+ for entry in config.wato_host_tags:
+ if entry[0] == group: # found our group
+ grouptags = [ x[0] for x in entry[2] if x[0] ]
+ break
+ if grouptags: # should never be empty, but maybe faked URL
+ for tag in grouptags:
+ headers.append(self.hosttag_filter(False, tag))
+ if len(grouptags) > 1:
+ headers.append("Or: %d" % len(grouptags))
+ if op == "is":
+ headers.append("Negate:")
+
+ num += 1
if headers:
return '\n'.join(headers) + '\n'