[MediaWiki-commits] [Gerrit] nagios: restructure check_ssl & misc fixes - change (operations/puppet)

2014-12-30 Thread Faidon Liambotis (Code Review) 
Faidon Liambotis has submitted this change and it was merged.

Change subject: nagios: restructure check_ssl & misc fixes
..


nagios: restructure check_ssl & misc fixes

- Restructure as a local package that has a run() that gets called if
  we're invoked directly or via the Icinga ePN (Python-__main__-style)
- Make the plugin ePN compatible but don't remove the -epn flags just
  yet as Icinga has troubles reloading the plugin when it gets changed.
- Minor reformatting across the board to make perl -w, perltidy &
  perlcritic happier.
- Print an informative message when we're returning an OK status.

Change-Id: I2ddda5bc7021d7ebcc4af44be2ebfcdfeadff24c
---
M modules/nagios_common/files/check_commands/check_ssl
1 file changed, 113 insertions(+), 93 deletions(-)

Approvals:
  Faidon Liambotis: Looks good to me, approved
  BBlack: Looks good to me, but someone else must approve
  jenkins-bot: Verified



diff --git a/modules/nagios_common/files/check_commands/check_ssl 
b/modules/nagios_common/files/check_commands/check_ssl
index 5930bac..347835d 100755
--- a/modules/nagios_common/files/check_commands/check_ssl
+++ b/modules/nagios_common/files/check_commands/check_ssl
@@ -14,6 +14,8 @@
 #   check_ssl -H svn.wikimedia.org -p 443
 #   check_ssl -H text-lb.wikimedia.org -p 443 --cn en.wikipedia.org --warning 
30 --critical 60 --issuer GlobalSign
 
+package Local::CheckSSL;
+
 use strict;
 use warnings;
 use Nagios::Plugin::Getopt;
@@ -24,80 +26,86 @@
 use Date::Parse;
 use POSIX qw(strftime);
 
-my $ng = Nagios::Plugin::Getopt->new(
-usage => 'Usage: %s -H  -p  -w  -c  
[...]',
-version => 1,
-blurb   => 'Connects to a host and checks their SSL/TLS certificate',
-);
+# this not exactly great; this isn't a very OO-package, but ePN restricts the
+# use of global variables, so package variables should do, for now.
+our ( $ng, $cn );
+our ( $client, @crit, @warn, @ok, @verbose );
 
-$ng->arg(
-spec => 'host|H=s',
-help => 'Hostname or IP address of the server to check against',
-required => 1,
-);
-$ng->arg(
-spec => 'port|p=i',
-help => 'TCP port',
-required => 1,
-);
-$ng->arg(
-spec => 'cn|n=s',
-help => 'commonName to check for (default: hostname)',
-);
-$ng->arg(
-spec => 'protocol|P=s',
-help => 'use the specific protocol 
(http|rfc2818|xmpp|ftp|smtp|imap|pop3|snmp|ldap|sip|gist), default: %s',
-default => 'http',
-);
-$ng->arg(
-spec => 'ipv4|4',
-help => 'force IPv4',
-);
-$ng->arg(
-spec => 'ipv6|6',
-help => 'force IPv6',
-);
-$ng->arg(
-spec=> 'rootcert|r=s',
-help=> 'root certificate or directory (default: %s)',
-default => '/etc/ssl/certs',
-);
-$ng->arg(
-spec => 'ssl|S=s',
-help => 'force SSL/TLS version (SSLv3, TLSv1, TLSv1.1 etc)',
-);
-$ng->arg(
-spec=> 'verify|no-verify|verify!',
-help=> 'verify hostname & authority (default: true)',
-default => 1,
-);
-$ng->arg(
-spec => 'subject|s=s',
-help => 'subject name to match against',
-);
-$ng->arg(
-spec => 'issuer|i=s',
-help => 'issuer name to match against',
-);
+sub init {
+( @crit, @warn, @ok, @verbose ) = ();
 
-$ng->arg(
-spec => 'warning|w=i',
-help => 'minimum number of days a certificate has to be valid to issue a 
WARNING status (default: %s)',
-default => 30,
-);
-$ng->arg(
-spec => 'critical|c=i',
-help => 'minimum number of days a certificate has to be valid to issue a 
CRITICAL status (default: %s)',
-default => 15,
-);
+$ng = Nagios::Plugin::Getopt->new(
+usage   => 'Usage: %s -H  -p  -w  -c  [...]',
+version => 1,
+blurb   => 'Connects to a host and checks their SSL/TLS certificate',
+);
 
-$ng->getopts;
-my $cn = $ng->cn ? $ng->cn : $ng->host;
+$ng->arg(
+spec => 'host|H=s',
+help => 'Hostname or IP address of the server to check against',
+required => 1,
+);
+$ng->arg(
+spec => 'port|p=i',
+help => 'TCP port',
+required => 1,
+);
+$ng->arg(
+spec => 'cn|n=s',
+help => 'commonName to check for (default: hostname)',
+);
+$ng->arg(
+spec => 'protocol|P=s',
+help =>
+'use the specific protocol (http|xmpp|ftp|smtp|imap|pop3|snmp|ldap|sip), 
default: %s',
+default => 'http',
+);
+$ng->arg(
+spec => 'ipv4|4',
+help => 'force IPv4',
+);
+$ng->arg(
+spec => 'ipv6|6',
+help => 'force IPv6',
+);
+$ng->arg(
+spec=> 'rootcert|r=s',
+help=> 'root certificate or directory (default: %s)',
+default => '/etc/ssl/certs',
+);
+$ng->arg(
+spec => 'ssl|S=s',
+help => 'force SSL/TLS version (SSLv3, TLSv1, TLSv1.1 etc)',
+);
+$ng->arg(
+spec=> 'noverify|no-verify',
+help=> 'do not verify hostname & authority (d

[MediaWiki-commits] [Gerrit] nagios: restructure check_ssl & misc fixes - change (operations/puppet)

2014-12-30 Thread Faidon Liambotis (Code Review) 
Faidon Liambotis has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/182303

Change subject: nagios: restructure check_ssl & misc fixes
..

nagios: restructure check_ssl & misc fixes

- Restructure as a local package that has a run() that gets called if
  we're invoked directly or via the Icinga ePN (Python-__main__-style)
- Make the plugin ePN compatible but don't remove the -epn flags just
  yet as Icinga has troubles reloading the plugin when it gets changed.
- Minor reformatting across the board to make perl -w, perltidy &
  perlcritic happier.
- Push a informative message even when we're returning OK.

Change-Id: I2ddda5bc7021d7ebcc4af44be2ebfcdfeadff24c
---
M modules/nagios_common/files/check_commands/check_ssl
1 file changed, 113 insertions(+), 93 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/03/182303/1

diff --git a/modules/nagios_common/files/check_commands/check_ssl 
b/modules/nagios_common/files/check_commands/check_ssl
index 5930bac..347835d 100755
--- a/modules/nagios_common/files/check_commands/check_ssl
+++ b/modules/nagios_common/files/check_commands/check_ssl
@@ -14,6 +14,8 @@
 #   check_ssl -H svn.wikimedia.org -p 443
 #   check_ssl -H text-lb.wikimedia.org -p 443 --cn en.wikipedia.org --warning 
30 --critical 60 --issuer GlobalSign
 
+package Local::CheckSSL;
+
 use strict;
 use warnings;
 use Nagios::Plugin::Getopt;
@@ -24,80 +26,86 @@
 use Date::Parse;
 use POSIX qw(strftime);
 
-my $ng = Nagios::Plugin::Getopt->new(
-usage => 'Usage: %s -H  -p  -w  -c  
[...]',
-version => 1,
-blurb   => 'Connects to a host and checks their SSL/TLS certificate',
-);
+# this not exactly great; this isn't a very OO-package, but ePN restricts the
+# use of global variables, so package variables should do, for now.
+our ( $ng, $cn );
+our ( $client, @crit, @warn, @ok, @verbose );
 
-$ng->arg(
-spec => 'host|H=s',
-help => 'Hostname or IP address of the server to check against',
-required => 1,
-);
-$ng->arg(
-spec => 'port|p=i',
-help => 'TCP port',
-required => 1,
-);
-$ng->arg(
-spec => 'cn|n=s',
-help => 'commonName to check for (default: hostname)',
-);
-$ng->arg(
-spec => 'protocol|P=s',
-help => 'use the specific protocol 
(http|rfc2818|xmpp|ftp|smtp|imap|pop3|snmp|ldap|sip|gist), default: %s',
-default => 'http',
-);
-$ng->arg(
-spec => 'ipv4|4',
-help => 'force IPv4',
-);
-$ng->arg(
-spec => 'ipv6|6',
-help => 'force IPv6',
-);
-$ng->arg(
-spec=> 'rootcert|r=s',
-help=> 'root certificate or directory (default: %s)',
-default => '/etc/ssl/certs',
-);
-$ng->arg(
-spec => 'ssl|S=s',
-help => 'force SSL/TLS version (SSLv3, TLSv1, TLSv1.1 etc)',
-);
-$ng->arg(
-spec=> 'verify|no-verify|verify!',
-help=> 'verify hostname & authority (default: true)',
-default => 1,
-);
-$ng->arg(
-spec => 'subject|s=s',
-help => 'subject name to match against',
-);
-$ng->arg(
-spec => 'issuer|i=s',
-help => 'issuer name to match against',
-);
+sub init {
+( @crit, @warn, @ok, @verbose ) = ();
 
-$ng->arg(
-spec => 'warning|w=i',
-help => 'minimum number of days a certificate has to be valid to issue a 
WARNING status (default: %s)',
-default => 30,
-);
-$ng->arg(
-spec => 'critical|c=i',
-help => 'minimum number of days a certificate has to be valid to issue a 
CRITICAL status (default: %s)',
-default => 15,
-);
+$ng = Nagios::Plugin::Getopt->new(
+usage   => 'Usage: %s -H  -p  -w  -c  [...]',
+version => 1,
+blurb   => 'Connects to a host and checks their SSL/TLS certificate',
+);
 
-$ng->getopts;
-my $cn = $ng->cn ? $ng->cn : $ng->host;
+$ng->arg(
+spec => 'host|H=s',
+help => 'Hostname or IP address of the server to check against',
+required => 1,
+);
+$ng->arg(
+spec => 'port|p=i',
+help => 'TCP port',
+required => 1,
+);
+$ng->arg(
+spec => 'cn|n=s',
+help => 'commonName to check for (default: hostname)',
+);
+$ng->arg(
+spec => 'protocol|P=s',
+help =>
+'use the specific protocol (http|xmpp|ftp|smtp|imap|pop3|snmp|ldap|sip), 
default: %s',
+default => 'http',
+);
+$ng->arg(
+spec => 'ipv4|4',
+help => 'force IPv4',
+);
+$ng->arg(
+spec => 'ipv6|6',
+help => 'force IPv6',
+);
+$ng->arg(
+spec=> 'rootcert|r=s',
+help=> 'root certificate or directory (default: %s)',
+default => '/etc/ssl/certs',
+);
+$ng->arg(
+spec => 'ssl|S=s',
+help => 'force SSL/TLS version (SSLv3, TLSv1, TLSv1.1 etc)',
+);
+$ng->arg(
+spec=> 'noverify|no-verify',
+help=> 'do not verify hostname & authority (default: verify)',
+