Module: check_mk
Branch: master
Commit: c54bdc75784eda81ff0465abcc56f00de863b33b
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=c54bdc75784eda…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Nov 21 16:42:08 2012 +0100
Linux Agent, mk_postgres: Supporting pgsql and postgres as user
---
ChangeLog | 3 +++
agents/plugins/mk_postgres | 21 ++++++++++++++-------
2 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 07a633f..c977b00 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
1.2.1i4:
+ Checks & Agents:
+ * Linux Agent, mk_postgres: Supporting pgsql and postgres as user
+
Multisite:
* Implemented LDAP integration of Multisite. You can now authenticate your
users using the form based authentication with LDAP. It is also possible
diff --git a/agents/plugins/mk_postgres b/agents/plugins/mk_postgres
index 6667aab..adeb761 100755
--- a/agents/plugins/mk_postgres
+++ b/agents/plugins/mk_postgres
@@ -1,10 +1,17 @@
#!/bin/sh
-if id pgsql >/dev/null ; then
- echo '<<<postgres_sessions>>>'
- echo "select current_query = '<IDLE>', count(*) from pg_stat_activity group by (current_query = '<IDLE>');" | su - pgsql -c "psql -d postgres -A -t -F' '"
-
- echo '<<<postgres_stat_database:sep(59)>>>'
- echo 'select datid,datname,numbackends,xact_commit,xact_rollback,blks_read,blks_hit,tup_returned,tup_fetched,tup_inserted,tup_updated,tup_deleted,conflicts, pg_database_size(datname) as "datsize" from pg_stat_database;' \
- | su - pgsql -c "psql -d postgres -A -F';'" | sed '$d'
+# Try to detect the postgres user
+if id pgsql >/dev/null 2>&1; then
+ USER=pgsql
+elif id postgres >/dev/null 2>&1; then
+ USER=postgres
+else
+ exit 0
fi
+
+echo '<<<postgres_sessions>>>'
+echo "select current_query = '<IDLE>', count(*) from pg_stat_activity group by (current_query = '<IDLE>');" | su - $USER -c "psql -d postgres -A -t -F' '"
+
+echo '<<<postgres_stat_database:sep(59)>>>'
+echo 'select datid,datname,numbackends,xact_commit,xact_rollback,blks_read,blks_hit,tup_returned,tup_fetched,tup_inserted,tup_updated,tup_deleted,conflicts, pg_database_size(datname) as "datsize" from pg_stat_database;' \
+ | su - $USER -c "psql -d postgres -A -F';'" | sed '$d'
Module: check_mk
Branch: master
Commit: dee64aaa6326b24584eac391fd857f53b91b255a
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=dee64aaa6326b2…
Author: Mathias Kettner <mk(a)mathias-kettner.de>
Date: Wed Nov 21 16:34:04 2012 +0100
New configuration check_periods
---
ChangeLog | 2 +
modules/check_mk.py | 22 +++++++++++++++++++-
modules/check_mk_base.py | 31 ++++++++++++++++++++++++++++
modules/notify.py | 18 ----------------
web/plugins/wato/check_mk_configuration.py | 10 ++++++++-
5 files changed, 63 insertions(+), 20 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b21b0a1..a506f70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
1.2.1i3:
Core:
* added HOST/SERVICEPROBLEMID to notification macros
+ * New configuration check_periods for limiting execution of
+ Check_MK checks to a certain time period.
Checks & Agents:
* Windows agent: persist offsets for logfile monitoring
diff --git a/modules/check_mk.py b/modules/check_mk.py
index ea3131a..122389d 100755
--- a/modules/check_mk.py
+++ b/modules/check_mk.py
@@ -316,6 +316,7 @@ donation_command = 'mail -r checkmk(a)yoursite.de -s "Host do
scanparent_hosts = [ ( ALL_HOSTS ) ]
host_attributes = {} # needed by WATO, ignored by Check_MK
ping_levels = [] # special parameters for host/PING check_command
+check_periods = []
# global variables used to cache temporary values (not needed in check_mk_base)
ip_to_hostname_cache = None
@@ -676,6 +677,17 @@ def is_snmpv2c_host(hostname):
def is_usewalk_host(hostname):
return in_binary_hostlist(hostname, usewalk_hosts)
+def check_period_of(hostname, service):
+ periods = service_extra_conf(hostname, service, check_periods)
+ if periods:
+ period = periods[0]
+ if period == "24X7":
+ return None
+ else:
+ return period
+ else:
+ return None
+
def get_single_oid(hostname, ipaddress, oid):
# New in Check_MK 1.1.11: oid can end with ".*". In that case
# we do a snmpgetnext and try to find an OID with the prefix
@@ -2627,7 +2639,7 @@ no_inventory_possible = None
'snmpwalks_dir', 'check_mk_basedir', 'nagios_user',
'www_group', 'cluster_max_cachefile_age', 'check_max_cachefile_age',
'simulation_mode', 'agent_simulator', 'aggregate_check_mk', 'debug_log',
- 'check_mk_perfdata_with_times'
+ 'check_mk_perfdata_with_times', 'livestatus_unix_socket',
]:
output.write("%s = %r\n" % (var, globals()[var]))
@@ -2640,15 +2652,23 @@ no_inventory_possible = None
need_snmp_module = False
needed_check_types = set([])
needed_sections = set([])
+ service_timeperiods = {}
for check_type, item, param, descr, aggr in check_table:
if check_type not in check_info:
sys.stderr.write('Warning: Ignoring missing check %s.\n' % check_type)
continue
+ period = check_period_of(hostname, descr)
+ if period:
+ service_timeperiods[descr] = period
+
needed_sections.add(check_type.split(".")[0])
needed_check_types.add(check_type)
if check_uses_snmp(check_type):
need_snmp_module = True
+ output.write("precompiled_service_timeperiods = %r\n" % service_timeperiods)
+ output.write("def check_period_of(hostname, service):\n return precompiled_service_timeperiods.get(service)\n\n")
+
if need_snmp_module:
output.write(stripped_python_file(modules_dir + "/snmp.py"))
diff --git a/modules/check_mk_base.py b/modules/check_mk_base.py
index e46b2e5..43520ca 100755
--- a/modules/check_mk_base.py
+++ b/modules/check_mk_base.py
@@ -831,6 +831,17 @@ def do_all_checks_on_host(hostname, ipaddress, only_check_types = None):
if only_check_types != None and checkname not in only_check_types:
continue
+ # Skip checks that are not in their check period
+ period = check_period_of(hostname, description)
+ if period and not check_timeperiod(period):
+ if opt_debug:
+ sys.stderr.write("Skipping service %s: currently not in timeperiod %s.\n" %
+ (description, period))
+ continue
+ elif period and opt_debug:
+ sys.stderr.write("Service %s: timeperiod %s is currently active.\n" %
+ (description, period))
+
# In case of a precompiled check table info is the aggrated
# service name. In the non-precompiled version there are the dependencies
if type(info) == str:
@@ -1210,3 +1221,23 @@ def get_age_human_readable(secs):
# in command definitions as $ARG1$)
def quote_shell_string(s):
return "'" + s.replace("'", "'\"'\"'") + "'"
+
+
+# Check if a timeperiod is currently active. We have no other way than
+# doing a Livestatus query. This is not really nice, but if you have a better
+# idea, please tell me...
+g_inactive_timerperiods = None
+def check_timeperiod(timeperiod):
+ global g_inactive_timerperiods
+ # Let exceptions happen, they will be handled upstream.
+ if g_inactive_timerperiods == None:
+ import socket
+ s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ s.connect(livestatus_unix_socket)
+ # We just get the currently inactive timeperiods. All others
+ # (also non-existing) are considered to be active
+ s.send("GET timeperiods\nColumns:name\nFilter: in = 0\n")
+ s.shutdown(socket.SHUT_WR)
+ g_inactive_timerperiods = s.recv(10000000).splitlines()
+ return timeperiod not in g_inactive_timerperiods
+
diff --git a/modules/notify.py b/modules/notify.py
index e1ce824..a258034 100644
--- a/modules/notify.py
+++ b/modules/notify.py
@@ -275,24 +275,6 @@ def call_notification_script(plugin, parameters):
-# Check if a timeperiod is currently active. We have no other way than
-# doing a Livestatus query. This is not really nice, but if you have a better
-# idea, please tell me...
-g_inactive_timerperiods = None
-def check_timeperiod(timeperiod):
- global g_inactive_timerperiods
- # Let exceptions happen, they will be handled upstream.
- if g_inactive_timerperiods == None:
- import socket
- s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
- s.connect(livestatus_unix_socket)
- # We just get the currently inactive timeperiods. All others
- # (also non-existing) are considered to be active
- s.send("GET timeperiods\nColumns:name\nFilter: in = 0\n")
- s.shutdown(socket.SHUT_WR)
- g_inactive_timerperiods = s.recv(10000000).splitlines()
- return timeperiod not in g_inactive_timerperiods
-
def check_notification_type(context, host_events, service_events):
notification_type = context["NOTIFICATIONTYPE"]
diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py
index 98a0326..a7ca00c 100644
--- a/web/plugins/wato/check_mk_configuration.py
+++ b/web/plugins/wato/check_mk_configuration.py
@@ -716,7 +716,7 @@ register_rule(group,
register_rule(group,
"extra_service_conf:check_period",
TimeperiodSelection(
- title = _("Check period for services"),
+ title = _("Check period for active services"),
help = _("If you specify a notification period for a service then active checks "
"of that service will only be done in that period. Please note, that the "
"checks driven by Check_MK are passive checks and are not affected by this "
@@ -724,6 +724,14 @@ register_rule(group,
itemtype = "service")
register_rule(group,
+ "check_periods",
+ TimeperiodSelection(
+ title = _("Check period for passive Check_MK services"),
+ help = _("If you specify a notification period for a Check_MK service then "
+ "results will be processed only within this period.")),
+ itemtype = "service")
+
+register_rule(group,
"extra_service_conf:process_perf_data",
DropdownChoice(
title = _("Enable/disable processing of perfdata for services"),
Module: check_mk
Branch: master
Commit: b9bc1194cb72d3f652c0c682162e2f20c3791d08
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=b9bc1194cb72d3…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Nov 19 16:17:09 2012 +0100
Updated changelog
---
ChangeLog | 17 +++++++++--------
1 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b14ed34..2e5a7a0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,15 @@
Checks:
* logwatch: Fixed confusion with ignore/ok states of log messages
+ Multisite:
+ * Implemented LDAP integration of Multisite. You can now authenticate your
+ users using the form based authentication with LDAP. It is also possible
+ to synchronize some attributes like mail addresses, names and roles from
+ LDAP into multisite.
+ * Modularized the authentication and user management code in WATO
+ * Restructured cookie auth cookies (all auth cookies will be invalid
+ after update -> all users have to login again)
+ * Modularized login and cookie validation
1.2.1i2:
Core:
@@ -39,14 +48,6 @@
* Allow event expiration also on acknowledged events (configurable)
Multisite:
- * Implemented LDAP integration of Multisite. You can now authenticate your
- users using the form based authentication with LDAP. It is also possible
- to synchronize some attributes like mail addresses, names and roles from
- LDAP into multisite.
- * Modularized the authentication and user management code in WATO
- * Restructured cookie auth cookies (all auth cookies will be invalid
- after update -> all users have to login again)
- * Modularized login and cookie validation
* Enable automation login with _username= and _secret=, while
_secret is the content of var/check_mk/web/$USER/automation.secret
* FIX: Fixed releasing of locks and livestatus connections when logging out
Module: check_mk
Branch: master
Commit: a02cc36390e12f83d2778a51ad090741ea96f1e3
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a02cc36390e12f…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Fri Nov 16 15:39:12 2012 +0100
Restructured LDAP connection settings
---
web/plugins/userdb/ldap.py | 4 +-
web/plugins/wato/check_mk_configuration.py | 42 +++++++++++++--------------
2 files changed, 22 insertions(+), 24 deletions(-)
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index a771ccb..00cb989 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -86,7 +86,7 @@ class MKLDAPException(MKGeneralException):
ldap_connection = None
def ldap_uri():
- if config.ldap_connection.get('use_ssl', False):
+ if 'use_ssl' in config.ldap_connection:
uri = 'ldaps://'
else:
uri = 'ldap://'
@@ -139,7 +139,7 @@ def ldap_connect():
# Bind with the default credentials
def ldap_default_bind():
try:
- if config.ldap_connection['bind']:
+ if 'bind' in config.ldap_connection:
ldap_bind(ldap_replace_macros(config.ldap_connection['bind'][0]),
config.ldap_connection['bind'][1], catch = False)
else:
diff --git a/web/plugins/wato/check_mk_configuration.py b/web/plugins/wato/check_mk_configuration.py
index 5bd68c7..7d68aa9 100644
--- a/web/plugins/wato/check_mk_configuration.py
+++ b/web/plugins/wato/check_mk_configuration.py
@@ -312,10 +312,11 @@ register_configvar(group,
maxvalue = 65535,
default_value = 389,
)),
- ("use_ssl", Checkbox(
- title = _("Use SSL"),
- label = _("SSL encrypted connection"),
- help = _("Connect to the LDAP server with a SSL encrypted connection."),
+ ("use_ssl", FixedValue(
+ title = _("Use SSL"),
+ help = _("Connect to the LDAP server with a SSL encrypted connection."),
+ value = True,
+ totext = _("Encrypt the network connection using SSL."),
)),
("version", Integer(
title = _("LDAP Version"),
@@ -335,22 +336,7 @@ register_configvar(group,
("openldap", _("OpenLDAP")),
],
)),
- ("bind", Optional(
- Tuple(
- elements = [
- LDAPDistinguishedName(
- title = _("Bind DN"),
- help = _("Specify the distinguished name to be used to bind to "
- "the LDAP directory."),
- size = 80,
- ),
- Password(
- title = _("Bind Password"),
- help = _("Specify the password to be used to bind to "
- "the LDAP directory."),
- ),
- ],
- ),
+ ("bind", Tuple(
title = _("LDAP Bind Credentials"),
help = _("Set the credentials to be used to connect to the LDAP server. The "
"used account must not be allowed to do any changes in the directory "
@@ -359,10 +345,22 @@ register_configvar(group,
"case you don't have to configure anything here."
"It must be possible to list all needed user and group objects from the "
"directory."),
- label = _("Specify bind credentials"),
+ elements = [
+ LDAPDistinguishedName(
+ title = _("Bind DN"),
+ help = _("Specify the distinguished name to be used to bind to "
+ "the LDAP directory."),
+ size = 80,
+ ),
+ Password(
+ title = _("Bind Password"),
+ help = _("Specify the password to be used to bind to "
+ "the LDAP directory."),
+ ),
+ ],
)),
],
- optional_keys = [],
+ optional_keys = ['use_ssl', 'bind', ],
),
domain = "multisite",
)
Module: check_mk
Branch: master
Commit: 23c81a9db024f87c1ae2db7884daadf447ff22ef
URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=23c81a9db024f8…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Mon Nov 19 11:56:57 2012 +0100
ldap: added sync plugin to add user roles depending on group memberships
---
web/htdocs/wato.py | 17 ++++++++---------
web/plugins/userdb/ldap.py | 43 +++++++++++++++++++++++++++++++++++++++++--
2 files changed, 49 insertions(+), 11 deletions(-)
diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py
index 0bfc779..039186f 100644
--- a/web/htdocs/wato.py
+++ b/web/htdocs/wato.py
@@ -8175,6 +8175,7 @@ def mode_edit_user(phase):
forms.section(_("Roles"))
entries = roles.items()
entries.sort(cmp = lambda a,b: cmp((a[1]["alias"],a[0]), (b[1]["alias"],b[0])))
+ is_member_of_at_least_one = False
for role_id, role in entries:
if not is_locked('roles'):
html.checkbox("role_" + role_id, role_id in user.get("roles", []))
@@ -8182,17 +8183,15 @@ def mode_edit_user(phase):
html.write("<a href='%s'>%s</a><br>" % (url, role["alias"]))
else:
is_member = role_id in user.get("roles", [])
- html.hidden_field("role_" + role_id, is_member and '1' or '')
- if not is_member:
- html.write('<i>%s</i>' % _('No roles assigned.'))
- else:
+ if is_member:
+ is_member_of_at_least_one = True
+
url = make_link([("mode", "edit_role"), ("edit", role_id)])
html.write("<a href='%s'>%s</a><br>" % (url, role["alias"]))
- html.help(_("By assigning roles to a user he obtains permissions. "
- "If a user has more than one role, he gets the maximum of all "
- "permissions of his roles. "
- "Users without any role have no permissions to use Multisite at all "
- "but still can be monitoring contacts and receive notifications."))
+
+ html.hidden_field("role_" + role_id, is_member and '1' or '')
+ if not is_member_of_at_least_one:
+ html.write('<i>%s</i>' % _('No roles assigned.'))
# Contact groups
forms.header(_("Contact Groups"), isopen=False)
diff --git a/web/plugins/userdb/ldap.py b/web/plugins/userdb/ldap.py
index 284fdee..9a31d96 100644
--- a/web/plugins/userdb/ldap.py
+++ b/web/plugins/userdb/ldap.py
@@ -248,7 +248,7 @@ def ldap_get_users(add_filter = None):
return result
-def ldap_user_groups(username):
+def ldap_user_groups(username, attr = 'cn'):
user_dn = ldap_get_user_dn(username)
# Apply configured group ldap filter and only reply with groups
@@ -259,7 +259,11 @@ def ldap_user_groups(username):
groups = []
for dn, group in ldap_search(ldap_replace_macros(config.ldap_groupspec['dn']),
filt, ['cn']):
- groups.append(group['cn'][0])
+ if attr == 'cn':
+ groups.append(group['cn'][0])
+
+ elif attr == 'dn':
+ groups.append(dn)
return groups
@@ -440,6 +444,41 @@ ldap_attribute_plugins['groups_to_contactgroups'] = {
'lock_attributes': ['contactgroups'],
}
+def ldap_convert_groups_to_roles(params, user_id, ldap_user, user):
+ groups = []
+ # 1. Fetch DNs of all LDAP groups of the user
+ ldap_groups = [ g.lower() for g in ldap_user_groups(user_id, 'dn') ]
+
+ # 2. Loop all roles mentioned in params (configured to be synchronized)
+ roles = []
+ for role_id, dn in params.items():
+ if dn.lower() in ldap_groups:
+ roles.append(role_id)
+
+ return {'roles': roles}
+
+def ldap_list_roles_with_group_dn():
+ import wato
+ roles = wato.load_roles()
+
+ elements = []
+ for role_id, role in wato.load_roles().items():
+ elements.append((role_id, LDAPDistinguishedName(
+ title = role['alias'] + ' - ' + _("Specify the Group DN"),
+ help = _("Distinguished Name of the LDAP group to add users this role."),
+ size = 80,
+ )))
+ return elements
+
+ldap_attribute_plugins['groups_to_roles'] = {
+ 'title': _('Roles'),
+ 'help': _('Configures the roles of the user depending on its group memberships '
+ 'in LDAP.'),
+ 'convert': ldap_convert_groups_to_roles,
+ 'lock_attributes': ['roles'],
+ 'parameters': ldap_list_roles_with_group_dn,
+}
+
# .----------------------------------------------------------------------.
# | _ _ _ |
# | | | | | ___ ___ | | _____ |