[checkmk-commits] 5970 Cascading livestatus proxy is now possible

Module: check_mk Branch: master Commit: 6fda98fb8cc91a507e486c84860eadf0b8b7f709 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=6fda98fb8cc91a… Author: Lars Michelsen &lt;lm(a)mathias-kettner.de&gt; Date: Wed Apr 11 11:48:16 2018 +0200 5970 Cascading livestatus proxy is now possible It is now possible to cascade livestatus proxy configurations. This comes in handy to build cascaded distributed GUI (status GUI) setups. The feature has been build for a scenario like this: <ul> <li>A distributed setup where you have remote sites that are not directly reachable</li> <li>These remote sites are only reachable through a single "location master" site</li> <li>You use the "location masters" for configuration of all the related sites</li> <li>The central site is only used as central operating site (overview, reporting) and not for configuration</li> </ul> To get a cascading setup, configure Check_MK like this: <ul> <li>Location master: Create one site in "Distributed configuration" for each local site. Configure the connection parameters to use the Livestatus Proxy. Set the new option to open a TCP port for this connection and insert a TCP port that is currently not used on the local machine (e.g. 6560).</li> <li>Central viewer site: Create one site in "Distributed configuration" for each remote site. Configure it to use the Livestatus Proxy. Set the destination IP address to the IP address of the "Location master" server and set the TCP port to the port you configured for the site in the previous step.</li> </ul> After this you should be able to connect to your cascaded remote sites through the Livestatus Proxy of the "Location master". Change-Id: I28bf7940ad6ee63462fb3bd59da0c6c1727583a4 --- .werks/5970 | 37 +++++++++++++++++++++++++++++++++++ web/htdocs/wato.py | 3 ++- web/htdocs/watolib.py | 22 +++++++++++++++++++++ web/plugins/wato/omd_configuration.py | 22 +-------------------- 4 files changed, 62 insertions(+), 22 deletions(-) diff --git a/.werks/5970 b/.werks/5970 new file mode 100644 index 0000000..7872423 --- /dev/null +++ b/.werks/5970 @@ -0,0 +1,37 @@ +Title: Cascading livestatus proxy is now possible +Level: 2 +Component: liveproxy +Compatible: compat +Edition: cee +Version: 1.5.0b2 +Date: 1523438853 +Class: feature + +It is now possible to cascade livestatus proxy configurations. This comes in +handy to build cascaded distributed GUI (status GUI) setups. + +The feature has been build for a scenario like this: + +<ul> +<li>A distributed setup where you have remote sites that are not directly +reachable</li> <li>These remote sites are only reachable through a single +"location master" site</li> <li>You use the "location masters" for +configuration of all the related sites</li> <li>The central site is only used +as central operating site (overview, reporting) and not for configuration</li> +</ul> + +To get a cascading setup, configure Check_MK like this: + +<ul> +<li>Location master: Create one site in "Distributed configuration" for each +local site. Configure the connection parameters to use the Livestatus Proxy. +Set the new option to open a TCP port for this connection and insert a TCP port +that is currently not used on the local machine (e.g. 6560).</li> <li>Central +viewer site: Create one site in "Distributed configuration" for each remote +site. Configure it to use the Livestatus Proxy. Set the destination IP address +to the IP address of the "Location master" server and set the TCP port to the +port you configured for the site in the previous step.</li> +</ul> + +After this you should be able to connect to your cascaded remote sites through +the Livestatus Proxy of the "Location master". diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index 1570cca..103ed30 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -17471,7 +17471,8 @@ from watolib import \ ACTest, \ ACResultCRIT, \ ACResultWARN, \ - ACResultOK + ACResultOK, \ + LivestatusViaTCP def make_action_link(vars): diff --git a/web/htdocs/watolib.py b/web/htdocs/watolib.py index aef3b35..f345c05 100644 --- a/web/htdocs/watolib.py +++ b/web/htdocs/watolib.py @@ -10024,3 +10024,25 @@ def format_config_value(value): return format_func(value) +class LivestatusViaTCP(Dictionary): + def __init__(self, **kwargs): + kwargs["elements"] = [ + ("port", Integer( + title = _("TCP port"), + minvalue = 1, + maxvalue = 65535, + default_value = kwargs.get("tcp_port", 6557), + )), + ("only_from", ListOfStrings( + title = _("Restrict access to IP addresses"), + help = _("The access to Livestatus via TCP will only be allowed from the " + "configured source IP addresses. You can either configure specific " + "IP addresses or networks in the syntax <tt>10.3.3.0/24</tt>."), + + valuespec = IPv4Network(), + orientation = "horizontal", + allow_empty = False, + )), + ] + kwargs["optional_keys"] = [ "only_from" ] + super(LivestatusViaTCP, self).__init__(**kwargs) diff --git a/web/plugins/wato/omd_configuration.py b/web/plugins/wato/omd_configuration.py index 6933ad5..6905396 100644 --- a/web/plugins/wato/omd_configuration.py +++ b/web/plugins/wato/omd_configuration.py @@ -83,27 +83,7 @@ register_configvar(group, register_configvar(group, "site_livestatus_tcp", Optional( - Dictionary( - elements = [ - ("port", Integer( - title = _("TCP port"), - minvalue = 1, - maxvalue = 65535, - default_value = 6557, - )), - ("only_from", ListOfStrings( - title = _("Restrict access to IP addresses"), - help = _("The access to Livestatus via TCP will only be allowed from the " - "configured source IP addresses. You can either configure specific " - "IP addresses or networks in the syntax <tt>10.3.3.0/24</tt>."), - - valuespec = IPv4Network(), - orientation = "horizontal", - allow_empty = False, - )), - ], - optional_keys = [ "only_from" ], - ), + LivestatusViaTCP(), title = _("Access to Livestatus via TCP"), help = _("Check_MK Livestatus usually listens only on a local UNIX socket - " "for reasons of performance and security. This option is used "