Module: check_mk
Branch: master
Commit: 7dafc031e04ab4525bdde53305dc3e45a392fbef
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7dafc031e04ab4…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Wed Dec 12 08:20:52 2018 +0100
6929 FIX Distributed WATO login: Protect against some config failures
When building up a distributed Check_MK with distributed WATO, there
are two situations which could end up in problematic situations which
are handled now in a better way:
<ul>
<li>Connecting a central Check_MK Managed Services based site to a CEE
or CRE based site resulted in a broken slave site. When trying to login
a CME site into a CEE site, an error message now prevents the login.</li>
<li>We have added a checkbox to the login dialog to confirm that one
really wants to overwrite the configuration of the remote site with the
central sites configuration.</li>
</ul>
This changes the protocol of the login automation call, but is fully
compatibile with previous versions. We may add additional checks in
the future based on the involved Check_MK editions and versions. The
sites now exchange their versions.
CMK-1370
Change-Id: I2d12dffa4da1fe2c510ac737acbad29127877fec
---
.werks/6929 | 22 ++++++++++++++++++++++
cmk/gui/wato/pages/automation.py | 14 +++++++++++++-
cmk/gui/wato/pages/sites.py | 27 ++++++++++++++++++++++++---
3 files changed, 59 insertions(+), 4 deletions(-)
diff --git a/.werks/6929 b/.werks/6929
new file mode 100644
index 0000000..b1651eb
--- /dev/null
+++ b/.werks/6929
@@ -0,0 +1,22 @@
+Title: Distributed WATO login: Protect against some config failures
+Level: 1
+Component: wato
+Class: fix
+Compatible: compat
+Edition: cre
+State: unknown
+Version: 1.6.0i1
+Date: 1544597077
+
+When building up a distributed Check_MK with distributed WATO, there
+are two situations which could end up in problematic situations which
+are handled now in a better way:
+
+<ul>
+<li>Connecting a central Check_MK Managed Services based site to a CEE
+or CRE based site resulted in a broken slave site. When trying to login
+a CME site into a CEE site, an error message now prevents the login.</li>
+<li>We have added a checkbox to the login dialog to confirm that one
+really wants to overwrite the configuration of the remote site with the
+central sites configuration.</li>
+</ul>
diff --git a/cmk/gui/wato/pages/automation.py b/cmk/gui/wato/pages/automation.py
index d458d03..7e1f7b0 100644
--- a/cmk/gui/wato/pages/automation.py
+++ b/cmk/gui/wato/pages/automation.py
@@ -28,6 +28,7 @@ automation functions on slaves,"""
import traceback
+import cmk
import cmk.gui.config as config
import cmk.gui.watolib as watolib
import cmk.gui.userdb as userdb
@@ -53,7 +54,18 @@ class ModeAutomationLogin(WatoWebApiMode):
raise MKAuthException(_("This account has no permission for
automation."))
html.set_output_format("python")
- html.write_html(repr(watolib.get_login_secret(True)))
+
+ if not html.has_var("_version"):
+ # Be compatible to calls from sites using versions before 1.5.0p10.
+ # Deprecate with 1.7 by throwing an exception in this situation.
+ response = watolib.get_login_secret(create_on_demand=True)
+ else:
+ response = {
+ "version": cmk.__version__,
+ "edition_short": cmk.edition_short(),
+ "login_secret":
watolib.get_login_secret(create_on_demand=True),
+ }
+ html.write_html(repr(response))
register_page_handler("automation_login", lambda:
ModeAutomationLogin().page())
diff --git a/cmk/gui/wato/pages/sites.py b/cmk/gui/wato/pages/sites.py
index 9f9e3a6..593ee48 100644
--- a/cmk/gui/wato/pages/sites.py
+++ b/cmk/gui/wato/pages/sites.py
@@ -28,6 +28,7 @@
import re
import traceback
+import cmk
import cmk.gui.config as config
import cmk.gui.watolib as watolib
import cmk.gui.userdb as userdb
@@ -560,7 +561,24 @@ class ModeDistributedMonitoring(ModeSites):
name = html.var("_name", "").strip()
passwd = html.var("_passwd", "").strip()
try:
- secret = watolib.do_site_login(login_id, name, passwd)
+ if not html.get_checkbox("_confirm"):
+ raise MKUserError(
+ "_confirm",
+ _("You need to confirm that you want to "
+ "overwrite the remote site configuration."))
+
+ response = watolib.do_site_login(login_id, name, passwd)
+
+ if isinstance(response, dict):
+ if cmk.is_managed_edition() and response["edition_short"]
!= "cme":
+ raise MKUserError(
+ None,
+ _("The Check_MK Managed Services Edition can only
"
+ "be connected with other sites using the CME."))
+ secret = response["login_secret"]
+ else:
+ secret = response
+
site["secret"] = secret
self._site_mgmt.save_sites(configured_sites)
message = _("Successfully logged into remote site %s.") %
html.render_tt(
@@ -597,11 +615,14 @@ class ModeDistributedMonitoring(ModeSites):
html.begin_form("login", method="POST")
forms.header(_('Login credentials'))
- forms.section(_('Administrator name:'))
+ forms.section(_('Administrator name'))
html.text_input("_name")
html.set_focus("_name")
- forms.section(_('Administrator password:'))
+ forms.section(_('Administrator password'))
html.password_input("_passwd")
+ forms.section(_('Confirm overwrite'))
+ html.checkbox(
+ "_confirm", False, label=_("Confirm overwrite of the remote
site configuration"))
forms.end()
html.button("_do_login", _("Login"))
html.button("_abort", _("Abort"))