X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=nagixsc_http2nagios.py;h=e8646cc3b66cd7859d4942e694881220492eb066;hb=516498cc4b6965e8c26156a03a8ba85866fd936b;hp=4c23fe50d908cf549b6df4e25cfaab5a5bf82956;hpb=0ced934858e4ff861feebf37c5301752a0986e75;p=nagixsc.git

diff --git a/nagixsc_http2nagios.py b/nagixsc_http2nagios.py
index 4c23fe5..e8646cc 100755
--- a/nagixsc_http2nagios.py
+++ b/nagixsc_http2nagios.py
@@ -22,6 +22,8 @@ from nagixsc import *
 parser = optparse.OptionParser()
 
 parser.add_option('-c', '', dest='cfgfile', help='Config file')
+parser.add_option('-d', '--daemon', action='store_true', dest='daemon', help='Daemonize, go to background')
+parser.add_option('', '--nossl', action='store_true', dest='nossl', help='Disable SSL (overwrites config file)')
 
 parser.set_defaults(cfgfile='http2nagios.cfg')
 
@@ -35,19 +37,89 @@ if cfg_list == []:
 	print 'Config file "%s" could not be read!' % options.cfgfile
 	sys.exit(1)
 
-config = {}
+config = {
+			'ip': '0.0.0.0',
+			'port': '15667',
+			'ssl': False,
+			'sslcert': None,
+			'conf_dir': '',
+			'pidfile': '/var/run/nagixsc_conf2http.pid',
+			'acl': False,
+		}
+
+if 'ip' in cfgread.options('server'):
+	config['ip'] = cfgread.get('server', 'ip')
+
+if 'port' in cfgread.options('server'):
+	config['port'] = cfgread.get('server', 'port')
 try:
-	config['ip']   = cfgread.get('server', 'ip')
-	config['port'] = cfgread.getint('server', 'port')
-	config['ssl']  = cfgread.getboolean('server', 'ssl')
-	config['cert'] = cfgread.get('server', 'sslcert')
+	config['port'] = int(config['port'])
+except ValueError:
+	print 'Port "%s" not an integer!' % config['port']
+	sys.exit(127)
+
+if 'ssl' in cfgread.options('server'):
+	try:
+		config['ssl'] = cfgread.getboolean('server', 'ssl')
+	except ValueError:
+		print 'Value for "ssl" ("%s") not boolean!' % cfgread.get('server', 'ssl')
+		sys.exit(127)
+
+if config['ssl']:
+	if 'sslcert' in cfgread.options('server'):
+		config['sslcert'] = cfgread.get('server', 'sslcert')
+	else:
+		print 'SSL but no certificate file specified!'
+		sys.exit(127)
+
+try:
+	config['mode'] = cfgread.get('server', 'mode')
+except ConfigParser.NoOptionError:
+	print 'No "mode" specified!'
+	sys.exit(127)
+
+if config['mode']=='checkresult':
+	try:
+		config['checkresultdir'] = cfgread.get('mode_checkresult','dir')
+	except ConfigParser.NoOptionError:
+		print 'No "dir" in section "mode_checkresult" specified!'
+		sys.exit(127)
+
+	if os.access(config['checkresultdir'],os.W_OK) == False:
+		print 'Checkresult directory "%s" is not writable!' % config['checkresultdir']
+		sys.exit(1)
+
+elif config['mode']=='passive':
+	try:
+		config['pipe'] = cfgread.get('mode_passive','pipe')
+	except ConfigParser.NoOptionError:
+		print 'No "pipe" in section "mode_passive" specified!'
+		sys.exit(127)
+
+	if os.access(config['pipe'],os.W_OK) == False:
+		print 'Nagios command pipe "%s" is not writable!' % config['pipe']
+		sys.exit(1)
+
+else:
+	print 'Mode "%s" is neither "checkresult" nor "passive"!'
+	sys.exit(127)
+
+acls = { 'a_hl':{}, 'a_hr':{}, }
+if 'acl' in cfgread.options('server'):
+	try:
+		config['acl'] = cfgread.getboolean('server', 'acl')
+	except ValueError:
+		print 'Value for "acl" ("%s") not boolean!' % cfgread.get('server', 'acl')
+		sys.exit(127)
+if config['acl']:
+	if cfgread.has_section('acl_allowed_hosts_list'):
+		for user in cfgread.options('acl_allowed_hosts_list'):
+			acls['a_hl'][user] = [ah.lstrip().rstrip() for ah in cfgread.get('acl_allowed_hosts_list',user).split(',')]
+	if cfgread.has_section('acl_allowed_hosts_re'):
+		for user in cfgread.options('acl_allowed_hosts_re'):
+			acls['a_hr'][user] = re.compile(cfgread.get('acl_allowed_hosts_re',user))
 
-	config['max_xml_file_size']  = cfgread.get('server', 'max_xml_file_size')
-	config['checkresultdir'] = cfgread.get('mode_checkresult', 'dir')
 
-except ConfigParser.NoOptionError, e:
-	print 'Config file error: %s ' % e
-	sys.exit(1)
 
 users = {}
 for u in cfgread.options('users'):
@@ -102,36 +174,69 @@ class HTTP2NagiosHandler(MyHTTPRequestHandler):
 			doc = read_xml_from_string(xmltext)
 			checks = xml_to_dict(doc)
 
-			(count_services, count_failed, list_failed) = dict2out_checkresult(checks, xml_get_timestamp(doc), config['checkresultdir'], 0)
+			if config['acl']:
+				new_checks = []
+				for check in checks:
+					if authdata[0] in acls['a_hl'] and check['host_name'] in acls['a_hl'][authdata[0]]:
+						new_checks.append(check)
+					elif authdata[0] in acls['a_hr'] and (acls['a_hr'][authdata[0]]).search(check['host_name']):
+						new_checks.append(check)
+
+				count_acl_failed = len(checks) - len(new_checks)
+				checks = new_checks
+			else:
+				count_acl_failed = None
+
+			if config['mode'] == 'checkresult':
+				(count_services, count_failed, list_failed) = dict2out_checkresult(checks, xml_get_timestamp(doc), config['checkresultdir'])
+
+				if count_failed < count_services:
+					self.send_response(200)
+					self.send_header('Content-Type', 'text/plain')
+					self.end_headers()
+					statusmsg = 'Wrote %s check results, %s failed' % (count_services, count_failed)
+					if count_acl_failed != None:
+						statusmsg += ' - %s check results failed ACL check' % count_acl_failed
+					self.wfile.write(statusmsg)
+					return
+				else:
+					self.http_error(501, 'Could not write all %s check results' % count_services)
+					return
+
+			elif config['mode'] == 'passive':
+				count_services = dict2out_passive(checks, xml_get_timestamp(doc), config['pipe'])
 
-			if count_failed < count_services:
 				self.send_response(200)
 				self.send_header('Content-Type', 'text/plain')
 				self.end_headers()
-				self.wfile.write('Wrote %s check results, %s failed' % (count_services, count_failed))
-				return
-			else:
-				http_error(500, 'Could not write all %s check results' % count_services)
+				self.wfile.write('Wrote %s check results' % count_services)
 				return
 
 		else:
-			http_error(500, 'Nag(IX)SC - No data received')
+			self.http_error(502, 'Nag(IX)SC - No data received')
 			return
 
 
 
 def main():
-	if config['ssl'] and not os.path.isfile(config['cert']):
-		print 'SSL certificate "%s" not found!' % config['cert']
+	if options.nossl:
+		config['ssl'] = False
+
+	if config['ssl'] and not os.path.isfile(config['sslcert']):
+		print 'SSL certificate "%s" not found!' % config['sslcert']
 		sys.exit(127)
 
-	server = MyHTTPServer((config['ip'], config['port']), HTTP2NagiosHandler, ssl=config['ssl'], sslpemfile=config['cert'])
+	if options.daemon:
+		daemonize(pidfile=config['pidfile'])
+	else:
+		print 'curl -v -u nagixsc:nagixsc -F \'xmlfile=@xml/nagixsc.xml\' http://127.0.0.1:%s/\n\n' % config['port']
+
+	server = MyHTTPServer((config['ip'], config['port']), HTTP2NagiosHandler, ssl=config['ssl'], sslpemfile=config['sslcert'])
 	try:
 		server.serve_forever()
 	except:
 		server.socket.close()
 
 if __name__ == '__main__':
-	print 'curl -v -u nagixsc:nagixsc -F \'xmlfile=@xml/nagixsc.xml\' http://127.0.0.1:15667/\n\n'
 	main()