Module: check_mk
Branch: master
Commit: 46fcee1c06f8583d2a1aeb1410e93b1807a83014
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=46fcee1c06f858…
Author: Tom Baerwinkel <tb(a)mathias-kettner.de>
Date: Tue Oct 24 09:26:41 2017 +0200
5347 agent_ucs_bladecenter: add option to disable certificate validation
The SSL certificate validation of the agent_ucs_bladecenter can now be
disabled in the WATO rule "Check state of UCS Bladecenter".
Change-Id: Ia0dca983965801900cc2dd37bed780c382f1cea3
---
.werks/5347 | 11 +++++++++++
agents/special/agent_ucs_bladecenter | 9 +++++++--
checks/agent_ucs_bladecenter | 3 +++
web/plugins/wato/datasource_programs.py | 9 ++++++++-
4 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/.werks/5347 b/.werks/5347
new file mode 100644
index 0000000..10349cc
--- /dev/null
+++ b/.werks/5347
@@ -0,0 +1,11 @@
+Title: agent_ucs_bladecenter: add option to disable certificate validation
+Level: 1
+Component: checks
+Compatible: compat
+Edition: cre
+Version: 1.5.0i1
+Date: 1508829646
+Class: feature
+
+The SSL certificate validation of the agent_ucs_bladecenter can now be
+disabled in the WATO rule "Check state of UCS Bladecenter".
diff --git a/agents/special/agent_ucs_bladecenter b/agents/special/agent_ucs_bladecenter
index 085a7a7..872b69f 100755
--- a/agents/special/agent_ucs_bladecenter
+++ b/agents/special/agent_ucs_bladecenter
@@ -44,12 +44,13 @@ OPTIONS:
-h, --help Show this help message and exit
-u, --username Sets the username
-p, --password Sets the password
+ --no-cert-check Disables the checking of the servers ssl certificate
--debug Debug mode: let Python exceptions come through
""")
short_options = 'hu:p:'
long_options = [
- 'help', 'username=', 'password=', 'debug',
'ucssdk'
+ 'help', 'username=', 'password=', 'debug',
'ucssdk', 'no-cert-check'
]
try:
@@ -61,6 +62,7 @@ except getopt.GetoptError, err:
opt_debug = False
opt_username = ""
opt_password = ""
+opt_verify = True
opt_ucssdk = False
for o,a in opts:
@@ -73,6 +75,8 @@ for o,a in opts:
from UcsSdk import *
elif o in [ '-p', '--password' ]:
opt_password = a
+ elif o in [ '--no-cert-check' ]:
+ opt_verify = False
elif o in [ '-h', '--help' ]:
usage()
sys.exit(0)
@@ -119,7 +123,8 @@ class Server:
"Content-Type": 'text/xml; charset="utf-8"'
}
- response = self.session_handle.post("https://%s/nuova" % self.netloc,
headers=headers, data=payload)
+ response = self.session_handle.post("https://%s/nuova" % self.netloc,
headers=headers,
+ data=payload, verify=opt_verify)
data = response.text
if opt_debug:
sys.stderr.write("<==== %s\n" % data)
diff --git a/checks/agent_ucs_bladecenter b/checks/agent_ucs_bladecenter
index 74e48a1..9ba0120 100644
--- a/checks/agent_ucs_bladecenter
+++ b/checks/agent_ucs_bladecenter
@@ -30,6 +30,9 @@ def agent_ucsbladecenter_arguments(params, hostname, ipaddress):
args += " -u " + quote_shell_string(params["username"])
args += " -p " + quote_shell_string(params["password"])
+ if params.get("no_cert_check"):
+ args += " --no-cert-check"
+
args += " " + quote_shell_string(ipaddress)
return args
diff --git a/web/plugins/wato/datasource_programs.py
b/web/plugins/wato/datasource_programs.py
index da9539c..cf50e07 100644
--- a/web/plugins/wato/datasource_programs.py
+++ b/web/plugins/wato/datasource_programs.py
@@ -609,8 +609,15 @@ register_rule(group,
allow_empty = False,
)
),
+ ( "no_cert_check",
+ FixedValue(
+ True,
+ title = _("Disable SSL certificate validation"),
+ totext = _("SSL certificate validation is disabled"),
+ )
+ ),
],
- optional_keys = False
+ optional_keys = ['no_cert_check']
),
title = _("Check state of UCS Bladecenter"),
help = _("This rule selects the UCS Bladecenter agent instead of the normal
Check_MK Agent "