Module: check_mk
Branch: master
Commit: 829bae733f6fe3dd65fa3398c4a623c8c9845d15
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=829bae733f6fe3…
Author: Andreas Boesl <ab(a)mathias-kettner.de>
Date: Fri Jul 3 12:55:34 2015 +0200
#2398 agent_vsphere: now able to opt-out of servers ssl certifcate check
Starting with python 2.7.9 the ssl certificate of the target server is always validiated.
This caused problems when the certfile was not correctly registered on the monitoring
server.
You can now choose in the datasource program, to disable the certificate check.
If this check should be done, you can configure if the hostname or a better suited
hostname
should be used for this validiation.
---
.werks/2398 | 15 +++++++++++++++
ChangeLog | 1 +
agents/special/agent_vsphere | 15 ++++++++++++---
checks/agent_vsphere | 11 ++++++++++-
web/plugins/wato/datasource_programs.py | 15 ++++++++++++++-
5 files changed, 52 insertions(+), 5 deletions(-)
diff --git a/.werks/2398 b/.werks/2398
new file mode 100644
index 0000000..afb14f4
--- /dev/null
+++ b/.werks/2398
@@ -0,0 +1,15 @@
+Title: agent_vsphere: now able to opt-out of servers ssl certifcate check
+Level: 2
+Component: checks
+Class: feature
+Compatible: compat
+State: unknown
+Version: 1.2.7i3
+Date: 1435920578
+
+Starting with python 2.7.9 the ssl certificate of the target server is always
validiated.
+This caused problems when the certfile was not correctly registered on the monitoring
server.
+
+You can now choose in the datasource program, to disable the certificate check.
+If this check should be done, you can configure if the hostname or a better suited
hostname
+should be used for this validiation.
diff --git a/ChangeLog b/ChangeLog
index a6f1929..714396b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@
* 1260 jolokia_metrics.perm_gen: New Check to monitor used Perm Space on a JVM
* 2317 agent_ruckus_spot: new special agent for querying access point statistics via
web interface...
* 2371 appdynamics_memory, appdynamics_sessions, appdynamics_web_container: New
checks for AppDynamic...
+ * 2398 agent_vsphere: now able to opt-out of servers ssl certifcate check...
* 2315 FIX: windows agent: BOM replacement, fixed incorrect byte offset...
* 2316 FIX: windows agent: fix garbled output of cached agent plugins...
* 2358 FIX: check_mk_agent.solaris: more correct computation of zfs used space...
diff --git a/agents/special/agent_vsphere b/agents/special/agent_vsphere
index 582012e..608d383 100755
--- a/agents/special/agent_vsphere
+++ b/agents/special/agent_vsphere
@@ -388,6 +388,7 @@ OPTIONS:
by the Site Recovery Manager (SRM) and are identified by
not
having any assigned virtual disks.
-p, --port port Alternative port number (default is 443 for the https
connection)
+ --no-cert-check Disables the checking of the servers ssl certificate
--pysphere Fallback to old pysphere based special agent. It
supports
ESX 4.1 but is very slow.
-H, --hostname Specify a hostname. This is neccessary if this is
@@ -429,7 +430,7 @@ OPTIONS:
short_options = 'hi:u:s:Dat:H:Pp:S:'
long_options = [
- 'help', 'user=', 'secret=', 'direct',
'agent', 'debug', 'modules=', 'timeout=',
+ 'help', 'user=', 'secret=', 'direct',
'agent', 'debug', 'modules=', 'timeout=',
'no-cert-check',
'hostname=', 'tracefile=', "pysphere", "port=",
"spaces=", "host_pwr_display=", "vm_pwr_display="
]
@@ -446,6 +447,7 @@ opt_host_pwr_display = None
opt_vm_pwr_display = None
opt_tracefile = None
opt_spaces = "underscore"
+opt_no_cert = False
error = None
error_exit = 1
@@ -475,6 +477,8 @@ for o,a in opts:
opt_skip_placeholder_vm = True
elif o in [ '-p', '--port' ]:
opt_port = a
+ elif o in [ '--no-cert-check' ]:
+ opt_no_cert = True
elif o == '--pysphere':
opt_pysphere = True
elif o in [ '-u', '--user' ]:
@@ -655,7 +659,12 @@ def encode_url(text):
# Initialize server connection
try:
netloc = host_address + ":" + str(opt_port)
- server_handle = httplib.HTTPSConnection(netloc)
+
+ if opt_no_cert:
+ import ssl
+ server_handle = httplib.HTTPSConnection(netloc, context =
ssl._create_unverified_context())
+ else:
+ server_handle = httplib.HTTPSConnection(netloc)
if opt_debug:
sys.stderr.write("Connecting to %s..." % netloc)
@@ -932,7 +941,7 @@ if not error:
print "<<<esx_vsphere_sensors:sep(59)>>>"
for key in sorted(hostsystems_sensors[hostname].keys()):
data = hostsystems_sensors[hostname][key]
- if data["key"] in ["green",
"unknown"]:
+ if data["key"] in ["green", "unknown",
"Green"]:
continue
print '%s;%s;%s;%s;%s;%s;%s;%s;%s' % (
data["name"].replace(";",
"_"),
diff --git a/checks/agent_vsphere b/checks/agent_vsphere
index e0ce618..757cc20 100644
--- a/checks/agent_vsphere
+++ b/checks/agent_vsphere
@@ -65,7 +65,16 @@ def agent_vsphere_arguments(params, hostname, ipaddress):
if params.get("host_pwr_display"):
args += ' --host_pwr_display %s' %
params.get("host_pwr_display")
- args += " " + quote_shell_string(ipaddress)
+ if "ssl" in params:
+ if params["ssl"] == False:
+ args += ' --no-cert-check ' + quote_shell_string(ipaddress)
+ elif params["ssl"] == True:
+ args += " " + quote_shell_string(hostname)
+ else:
+ args += " " + quote_shell_string(params["ssl"])
+ else: # legacy mode
+ args += " " + quote_shell_string(ipaddress)
+
return args
special_agent_info['vsphere'] = agent_vsphere_arguments
diff --git a/web/plugins/wato/datasource_programs.py
b/web/plugins/wato/datasource_programs.py
index 691c30c..3df0584 100644
--- a/web/plugins/wato/datasource_programs.py
+++ b/web/plugins/wato/datasource_programs.py
@@ -70,6 +70,19 @@ register_rule(group,
maxvalue = 65535,
)
),
+ ( "ssl",
+ Alternative(
+ title = _("SSL certificate checking"),
+ elements = [
+ FixedValue( False, title = _("Deactivated"),
totext=""),
+ FixedValue( True, title = _("Use hostname"),
totext=""),
+ TextAscii( title = _("Use other hostname"),
+ help = _("The IP of the other hostname needs
to be the same IP as the host address")
+ )
+ ],
+ default_value = False
+ )
+ ),
( "timeout",
Integer(
title = _("Connect Timeout"),
@@ -171,7 +184,7 @@ register_rule(group,
help = _("This rule selects the vSphere agent instead of the normal Check_MK
Agent "
"and allows monitoring of VMWare ESX via the vSphere API. You can
configure "
"your connection settings here."),
- forth = lambda a: dict([("skip_placeholder_vms", True),
("use_pysphere" , False), ("spaces", "underscore")] +
a.items())
+ forth = lambda a: dict([("skip_placeholder_vms", True),
("ssl", False), ("use_pysphere" , False), ("spaces",
"underscore")] + a.items())
),
factory_default = FACTORY_DEFAULT_UNUSED, # No default, do not use setting if no rule
matches
match = 'first')