[Nagiosplug-devel] Guidelines
Andreas Ericsson
ae at op5.se
Wed Jun 1 07:26:33 CEST 2005
I've been going through the plugin guidelines and noticed a couple of
weird things and hints in them, for example;
* "Print only one line of text"
This should be changed to "Always make sure the first line of output
contains something useful", as it's usually useful to (by default) print
any error messages later on so the user sees them when running them from
command-line. I'd be happy to print a queuing system for error messages
so they can be printed at plugin exit.
* "The plugins are copyrighted by their respective authors", and later
on, "The copyright for the changes will then revert to the Nagios Plugin
Development Team".
This second statement is just pure BS anyway, as the signover of
copyrights requires a fair amount of paperwork and cannot be automated
by a statement on a webpage. If anything, you can force authors to make
their changes GPL'd (the GPL already states this explicitly, but it's
still a good idea to make it painfully obvious on the webpage). The code
submitted to the project *IS* GPL, but may be copyrighted by others. If
those others choose to change the copyright of their copy of the code,
they cannot make those changes apply retroactively to the code-versions
in the nagiosplug repository.
* "Don't execute system commands without specifying their full path".
The reason given (trojans earlier in the path) is fairly moot given that
if someone can add files to any element of the path the game is most
certainly lost. It's good for making sure idiots don't write code that
wildly spawn external programs though.
* "Validate all input"
Considering the fact that not a single plugin does this today (unless
you're thinking validate_arguments()), this is just a waste of
web-space. The fact that the spopen()-enabled plugins run commands on a
large array of hosts which produce vastly different output, this turns
somewhat impossible.
* "All network plugins should use DEFAULT_SOCKET_TIMEOUT to timeout".
For many plugins, this is largely meaningless as most of them can
calculate how long they will have to run at a maximum before they return
CRITICAL anyway (check_tcp with -w and -c flags, check_ping, etc).
Having them hung in kernel-space when they'll still return CRITICAL
won't make anybody happier.
This should be changed to "Use DEFAULT_SOCKET_TIMEOUT as default unless
a value can be properly calculated".
* "In addition to the reserved options" .... and what follows.
I notice that there are no less than 4 of the 5 listed "standard"
options that are supposed to denote username in one form or another.
Please just drop this section entirely, or decide on ONE thing to use.
the --url option, currently applying to a single plugin (check_http)
isn't exactly what I would call "standard".
In addition, it would be nice to see a section called "Don't waste
return values just so you can (possibly inaccurately) recalculate them
later". Another section, named "Use the appropriate function for the
job" would also be nice as well as "Prefer ANSI C over non-standard
functions". For reasons to this, take a look at the use of strstr()
(which isn't an intrinsic function) being used as strchr() (which IS an
intrinsic function) in too many of the plugins, as well as strpbrk(),
strspn() and friends.
All of those new sections could be bundled under "Optimization", which
would then incorporate the "Allow sibling call optimizations" and "How
To Make Life Easy For The Compiler".
end rant;
Sorry to those of you whom I'm sure took offense. None was actually
intended.
--
Andreas Ericsson andreas.ericsson at op5.se
OP5 AB www.op5.se
Lead Developer
More information about the Devel
mailing list