git commit: AMBARI-3188. Nagios alerts should work with http authentication enabled. (odiachenko)

odiachenko Thu, 12 Sep 2013 23:38:45 -0700

Updated Branches:
  refs/heads/trunk 2aaf8bc14 -> 043604e60


AMBARI-3188. Nagios alerts should work with http authentication enabled. 
(odiachenko)


Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/043604e6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/043604e6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/043604e6

Branch: refs/heads/trunk
Commit: 043604e606ca63025da5d2913646a3eaae5056b5
Parents: 2aaf8bc
Author: Oleksandr Diachenko <[email protected]>
Authored: Thu Sep 12 22:49:45 2013 +0300
Committer: Oleksandr Diachenko <[email protected]>
Committed: Thu Sep 12 22:50:18 2013 +0300

----------------------------------------------------------------------
 .../hdp-nagios/files/check_name_dir_status.php  | 29 ++++++--
 .../hdp-nagios/files/hdp_nagios_init.php        | 72 ++++++++++++++++++++
 .../hdp-nagios/manifests/server/config.pp       |  1 +
 .../templates/hadoop-commands.cfg.erb           |  2 +-
 .../templates/hadoop-services.cfg.erb           |  2 +-
 5 files changed, 99 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/043604e6/ambari-agent/src/main/puppet/modules/hdp-nagios/files/check_name_dir_status.php
----------------------------------------------------------------------
diff --git 
a/ambari-agent/src/main/puppet/modules/hdp-nagios/files/check_name_dir_status.php
 
b/ambari-agent/src/main/puppet/modules/hdp-nagios/files/check_name_dir_status.php
index a810db1..4430f8b 100644
--- 
a/ambari-agent/src/main/puppet/modules/hdp-nagios/files/check_name_dir_status.php
+++ 
b/ambari-agent/src/main/puppet/modules/hdp-nagios/files/check_name_dir_status.php
@@ -19,17 +19,36 @@
 
 /* This plugin makes call to namenode, get the jmx-json document
  * check the NameDirStatuses to find any offline (failed) directories
- * check_jmx -H hostaddress -p port
+ * check_jmx -H hostaddress -p port -k keytab path -r principal name -t kinit 
path -s security enabled
  */
+ 
+  include "hdp_nagios_init.php";
 
-  $options = getopt ("h:p:");
-  if (!array_key_exists('h', $options) || !array_key_exists('p', $options)) {
+  $options = getopt ("h:p:k:r:t:s:");
+  if (!array_key_exists('h', $options) || !array_key_exists('p', $options)
+    || !array_key_exists('k', $options) || !array_key_exists('r', $options)
+    || !array_key_exists('t', $options) || !array_key_exists('s', $options)
+  ) {
     usage();
     exit(3);
   }
 
   $host=$options['h'];
   $port=$options['p'];
+  $keytab_path=$options['k'];
+  $principal_name=$options['r'];
+  $kinit_path_local=$options['t'];
+  $security_enabled=$options['s'];
+  
+  /* Kinit if security enabled */
+  $status = kinit_if_needed($security_enabled, $kinit_path_local, 
$keytab_path, $principal_name);
+  $retcode = $status[0];
+  $output = $status[1];
+  
+  if ($output != 0) {
+    echo "CRITICAL: Error doing kinit for nagios. $output";
+    exit (2);
+  }
 
   /* Get the json document */
   $ch = curl_init();
@@ -61,6 +80,6 @@
 
   /* print usage */
   function usage () {
-    echo "Usage: $0 -h <host> -p port\n";
+    echo "Usage: $0 -h <host> -p port -k keytab path -r principal name -t 
kinit path -s security enabled";
   }
-?>
+?>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/043604e6/ambari-agent/src/main/puppet/modules/hdp-nagios/files/hdp_nagios_init.php
----------------------------------------------------------------------
diff --git 
a/ambari-agent/src/main/puppet/modules/hdp-nagios/files/hdp_nagios_init.php 
b/ambari-agent/src/main/puppet/modules/hdp-nagios/files/hdp_nagios_init.php
new file mode 100644
index 0000000..55e4b2b
--- /dev/null
+++ b/ambari-agent/src/main/puppet/modules/hdp-nagios/files/hdp_nagios_init.php
@@ -0,0 +1,72 @@
+<?php
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Common functions called from other alerts
+ *
+ */
+ 
+ /*
+ * Function for kinit. Checks if security enabled and klist for this principal 
doesn't returns nothing,
+ * make kinit call in this case.
+ */
+  function kinit_if_needed($security_enabled, $kinit_path_local, $keytab_path, 
$principal_name) {
+    if($security_enabled === 'true') {
+    
+      $is_logined = is_logined($principal_name);
+      
+      if (!$is_logined)
+        $status = kinit($kinit_path_local, $keytab_path, $principal_name);
+      else
+        $status = array(0, '');
+    } else {
+      $status = array(0, '');
+    }
+  
+    return $status;
+  }
+  
+  
+  /*
+  * Checks if user is logined on kerberos
+  */
+  function is_logined($principal_name) {
+    $check_cmd = "klist|grep $principal_name 1> /dev/null 2>/dev/null ; [[ $? 
!= 0 ]] && echo 1";
+    $check_output =  shell_exec($check_cmd);
+    
+    if ($check_output)
+      return false;
+    else
+      return true;
+  }
+
+  /*
+  * Runs kinit command.
+  */
+  function kinit($kinit_path_local, $keytab_path, $principal_name) {
+    $init_cmd = "$kinit_path_local -kt $keytab_path $principal_name 2>&1";
+    $kinit_output = shell_exec($init_cmd);
+    if ($kinit_output) 
+      $status = array(1, $kinit_output);
+    else
+      $status = array(0, '');
+      
+    return $status;
+  }
+ 
+ ?>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/043604e6/ambari-agent/src/main/puppet/modules/hdp-nagios/manifests/server/config.pp
----------------------------------------------------------------------
diff --git 
a/ambari-agent/src/main/puppet/modules/hdp-nagios/manifests/server/config.pp 
b/ambari-agent/src/main/puppet/modules/hdp-nagios/manifests/server/config.pp
index 9f1c44e..cdae953 100644
--- a/ambari-agent/src/main/puppet/modules/hdp-nagios/manifests/server/config.pp
+++ b/ambari-agent/src/main/puppet/modules/hdp-nagios/manifests/server/config.pp
@@ -52,6 +52,7 @@ class hdp-nagios::server::config()
   hdp-nagios::server::check { 'check_nodemanager_health.sh': }
   hdp-nagios::server::check { 'check_resourcemanager_nodes_percentage.sh': }
   hdp-nagios::server::check { 'check_namenodes_ha.sh': }
+  hdp-nagios::server::check { 'hdp_nagios_init.php': }
 
   anchor{'hdp-nagios::server::config::begin':} -> 
Hdp-nagios::Server::Configfile<||> -> anchor{'hdp-nagios::server::config::end':}
   Anchor['hdp-nagios::server::config::begin'] -> Hdp-nagios::Server::Check<||> 
-> Anchor['hdp-nagios::server::config::end']

http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/043604e6/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb
----------------------------------------------------------------------
diff --git 
a/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb
 
b/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb
index 6acaa39..32c7348 100644
--- 
a/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb
+++ 
b/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb
@@ -66,7 +66,7 @@ define command{
 
 define command{
         command_name    check_name_dir_status
-        command_line    php $USER1$/check_name_dir_status.php -h $HOSTADDRESS$ 
-p $ARG1$
+        command_line    php $USER1$/check_name_dir_status.php -h $HOSTADDRESS$ 
-p $ARG1$ -k $ARG2$ -r $ARG3$ -t $ARG4$ -s $ARG5$
        }
 
 define command{

http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/043604e6/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
----------------------------------------------------------------------
diff --git 
a/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
 
b/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
index 6f6a12d..f1d4b3b 100644
--- 
a/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
+++ 
b/ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb
@@ -257,7 +257,7 @@ define service {
         use                     hadoop-service
         service_description     NAMENODE::NameNode edit logs directory status
         servicegroups           HDFS
-        check_command           
check_name_dir_status!<%=scope.function_hdp_template_var("::hdp::namenode_port")%>
+        check_command           
check_name_dir_status!<%=scope.function_hdp_template_var("::hdp::namenode_port")%>!<%=scope.function_hdp_template_var("nagios_keytab_path")%>!<%=scope.function_hdp_template_var("nagios_principal_name")%>!<%=scope.function_hdp_template_var("kinit_path_local")%>!<%=scope.function_hdp_template_var("::hdp::params::security_enabled")%>
         normal_check_interval   0.5
         retry_check_interval    0.5
         max_check_attempts      3

git commit: AMBARI-3188. Nagios alerts should work with http authentication enabled. (odiachenko)

Reply via email to