[MediaWiki-commits] [Gerrit] nagios: restructure check_ssl & misc fixes - change (operations/puppet)
Faidon Liambotis has submitted this change and it was merged. Change subject: nagios: restructure check_ssl & misc fixes .. nagios: restructure check_ssl & misc fixes - Restructure as a local package that has a run() that gets called if we're invoked directly or via the Icinga ePN (Python-__main__-style) - Make the plugin ePN compatible but don't remove the -epn flags just yet as Icinga has troubles reloading the plugin when it gets changed. - Minor reformatting across the board to make perl -w, perltidy & perlcritic happier. - Print an informative message when we're returning an OK status. Change-Id: I2ddda5bc7021d7ebcc4af44be2ebfcdfeadff24c --- M modules/nagios_common/files/check_commands/check_ssl 1 file changed, 113 insertions(+), 93 deletions(-) Approvals: Faidon Liambotis: Looks good to me, approved BBlack: Looks good to me, but someone else must approve jenkins-bot: Verified diff --git a/modules/nagios_common/files/check_commands/check_ssl b/modules/nagios_common/files/check_commands/check_ssl index 5930bac..347835d 100755 --- a/modules/nagios_common/files/check_commands/check_ssl +++ b/modules/nagios_common/files/check_commands/check_ssl @@ -14,6 +14,8 @@ # check_ssl -H svn.wikimedia.org -p 443 # check_ssl -H text-lb.wikimedia.org -p 443 --cn en.wikipedia.org --warning 30 --critical 60 --issuer GlobalSign +package Local::CheckSSL; + use strict; use warnings; use Nagios::Plugin::Getopt; @@ -24,80 +26,86 @@ use Date::Parse; use POSIX qw(strftime); -my $ng = Nagios::Plugin::Getopt->new( -usage => 'Usage: %s -H -p -w -c [...]', -version => 1, -blurb => 'Connects to a host and checks their SSL/TLS certificate', -); +# this not exactly great; this isn't a very OO-package, but ePN restricts the +# use of global variables, so package variables should do, for now. +our ( $ng, $cn ); +our ( $client, @crit, @warn, @ok, @verbose ); -$ng->arg( -spec => 'host|H=s', -help => 'Hostname or IP address of the server to check against', -required => 1, -); -$ng->arg( -spec => 'port|p=i', -help => 'TCP port', -required => 1, -); -$ng->arg( -spec => 'cn|n=s', -help => 'commonName to check for (default: hostname)', -); -$ng->arg( -spec => 'protocol|P=s', -help => 'use the specific protocol (http|rfc2818|xmpp|ftp|smtp|imap|pop3|snmp|ldap|sip|gist), default: %s', -default => 'http', -); -$ng->arg( -spec => 'ipv4|4', -help => 'force IPv4', -); -$ng->arg( -spec => 'ipv6|6', -help => 'force IPv6', -); -$ng->arg( -spec=> 'rootcert|r=s', -help=> 'root certificate or directory (default: %s)', -default => '/etc/ssl/certs', -); -$ng->arg( -spec => 'ssl|S=s', -help => 'force SSL/TLS version (SSLv3, TLSv1, TLSv1.1 etc)', -); -$ng->arg( -spec=> 'verify|no-verify|verify!', -help=> 'verify hostname & authority (default: true)', -default => 1, -); -$ng->arg( -spec => 'subject|s=s', -help => 'subject name to match against', -); -$ng->arg( -spec => 'issuer|i=s', -help => 'issuer name to match against', -); +sub init { +( @crit, @warn, @ok, @verbose ) = (); -$ng->arg( -spec => 'warning|w=i', -help => 'minimum number of days a certificate has to be valid to issue a WARNING status (default: %s)', -default => 30, -); -$ng->arg( -spec => 'critical|c=i', -help => 'minimum number of days a certificate has to be valid to issue a CRITICAL status (default: %s)', -default => 15, -); +$ng = Nagios::Plugin::Getopt->new( +usage => 'Usage: %s -H -p -w -c [...]', +version => 1, +blurb => 'Connects to a host and checks their SSL/TLS certificate', +); -$ng->getopts; -my $cn = $ng->cn ? $ng->cn : $ng->host; +$ng->arg( +spec => 'host|H=s', +help => 'Hostname or IP address of the server to check against', +required => 1, +); +$ng->arg( +spec => 'port|p=i', +help => 'TCP port', +required => 1, +); +$ng->arg( +spec => 'cn|n=s', +help => 'commonName to check for (default: hostname)', +); +$ng->arg( +spec => 'protocol|P=s', +help => +'use the specific protocol (http|xmpp|ftp|smtp|imap|pop3|snmp|ldap|sip), default: %s', +default => 'http', +); +$ng->arg( +spec => 'ipv4|4', +help => 'force IPv4', +); +$ng->arg( +spec => 'ipv6|6', +help => 'force IPv6', +); +$ng->arg( +spec=> 'rootcert|r=s', +help=> 'root certificate or directory (default: %s)', +default => '/etc/ssl/certs', +); +$ng->arg( +spec => 'ssl|S=s', +help => 'force SSL/TLS version (SSLv3, TLSv1, TLSv1.1 etc)', +); +$ng->arg( +spec=> 'noverify|no-verify', +help=> 'do not verify hostname & authority (d
[MediaWiki-commits] [Gerrit] nagios: restructure check_ssl & misc fixes - change (operations/puppet)
Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/182303 Change subject: nagios: restructure check_ssl & misc fixes .. nagios: restructure check_ssl & misc fixes - Restructure as a local package that has a run() that gets called if we're invoked directly or via the Icinga ePN (Python-__main__-style) - Make the plugin ePN compatible but don't remove the -epn flags just yet as Icinga has troubles reloading the plugin when it gets changed. - Minor reformatting across the board to make perl -w, perltidy & perlcritic happier. - Push a informative message even when we're returning OK. Change-Id: I2ddda5bc7021d7ebcc4af44be2ebfcdfeadff24c --- M modules/nagios_common/files/check_commands/check_ssl 1 file changed, 113 insertions(+), 93 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/03/182303/1 diff --git a/modules/nagios_common/files/check_commands/check_ssl b/modules/nagios_common/files/check_commands/check_ssl index 5930bac..347835d 100755 --- a/modules/nagios_common/files/check_commands/check_ssl +++ b/modules/nagios_common/files/check_commands/check_ssl @@ -14,6 +14,8 @@ # check_ssl -H svn.wikimedia.org -p 443 # check_ssl -H text-lb.wikimedia.org -p 443 --cn en.wikipedia.org --warning 30 --critical 60 --issuer GlobalSign +package Local::CheckSSL; + use strict; use warnings; use Nagios::Plugin::Getopt; @@ -24,80 +26,86 @@ use Date::Parse; use POSIX qw(strftime); -my $ng = Nagios::Plugin::Getopt->new( -usage => 'Usage: %s -H -p -w -c [...]', -version => 1, -blurb => 'Connects to a host and checks their SSL/TLS certificate', -); +# this not exactly great; this isn't a very OO-package, but ePN restricts the +# use of global variables, so package variables should do, for now. +our ( $ng, $cn ); +our ( $client, @crit, @warn, @ok, @verbose ); -$ng->arg( -spec => 'host|H=s', -help => 'Hostname or IP address of the server to check against', -required => 1, -); -$ng->arg( -spec => 'port|p=i', -help => 'TCP port', -required => 1, -); -$ng->arg( -spec => 'cn|n=s', -help => 'commonName to check for (default: hostname)', -); -$ng->arg( -spec => 'protocol|P=s', -help => 'use the specific protocol (http|rfc2818|xmpp|ftp|smtp|imap|pop3|snmp|ldap|sip|gist), default: %s', -default => 'http', -); -$ng->arg( -spec => 'ipv4|4', -help => 'force IPv4', -); -$ng->arg( -spec => 'ipv6|6', -help => 'force IPv6', -); -$ng->arg( -spec=> 'rootcert|r=s', -help=> 'root certificate or directory (default: %s)', -default => '/etc/ssl/certs', -); -$ng->arg( -spec => 'ssl|S=s', -help => 'force SSL/TLS version (SSLv3, TLSv1, TLSv1.1 etc)', -); -$ng->arg( -spec=> 'verify|no-verify|verify!', -help=> 'verify hostname & authority (default: true)', -default => 1, -); -$ng->arg( -spec => 'subject|s=s', -help => 'subject name to match against', -); -$ng->arg( -spec => 'issuer|i=s', -help => 'issuer name to match against', -); +sub init { +( @crit, @warn, @ok, @verbose ) = (); -$ng->arg( -spec => 'warning|w=i', -help => 'minimum number of days a certificate has to be valid to issue a WARNING status (default: %s)', -default => 30, -); -$ng->arg( -spec => 'critical|c=i', -help => 'minimum number of days a certificate has to be valid to issue a CRITICAL status (default: %s)', -default => 15, -); +$ng = Nagios::Plugin::Getopt->new( +usage => 'Usage: %s -H -p -w -c [...]', +version => 1, +blurb => 'Connects to a host and checks their SSL/TLS certificate', +); -$ng->getopts; -my $cn = $ng->cn ? $ng->cn : $ng->host; +$ng->arg( +spec => 'host|H=s', +help => 'Hostname or IP address of the server to check against', +required => 1, +); +$ng->arg( +spec => 'port|p=i', +help => 'TCP port', +required => 1, +); +$ng->arg( +spec => 'cn|n=s', +help => 'commonName to check for (default: hostname)', +); +$ng->arg( +spec => 'protocol|P=s', +help => +'use the specific protocol (http|xmpp|ftp|smtp|imap|pop3|snmp|ldap|sip), default: %s', +default => 'http', +); +$ng->arg( +spec => 'ipv4|4', +help => 'force IPv4', +); +$ng->arg( +spec => 'ipv6|6', +help => 'force IPv6', +); +$ng->arg( +spec=> 'rootcert|r=s', +help=> 'root certificate or directory (default: %s)', +default => '/etc/ssl/certs', +); +$ng->arg( +spec => 'ssl|S=s', +help => 'force SSL/TLS version (SSLv3, TLSv1, TLSv1.1 etc)', +); +$ng->arg( +spec=> 'noverify|no-verify', +help=> 'do not verify hostname & authority (default: verify)', +