[Nagiosplug-devel] RFC: Plugins config file (final proposal)
Ton Voon
ton.voon at altinity.com
Mon Jan 29 10:45:48 CET 2007
Hi!
I'm trying to wrap up this RFC from October last year (http://
thread.gmane.org/gmane.network.nagios.plugins.devel/4199) so that we
can have some text written in the developer-guidelines before
starting work on implementing it.
This is a summary of the thread on it. I think I have all the angles
covered, but please let me know if not.
PROBLEM
There are security issues with passing user authentication
information into some plugins via the command line. We would like the
use of configuration files, secured at the file level, allowing
configuration variables on a per-plugin basis.
PROPOSED SOLUTION
A new option is allowed: --extra-opts. The idea is this option is
"replaced" with configuration options within a configuration file.
The configuration file has a windows ini style format:
[stanza name]
option1=argument1
option2=argument2
There can be multiple stanzas in a configuration file. The options
are directly mapped to the plugin parameter options. The
configuration file has no concept of whether the options are valid or
not for the specific plugin. The options can be the long or short
options - the routine will assume all single letter options are short
options.
The --extra-opts parameter will take a value in the format:
--extra-opts=[stanza_name][@config_filename]
If stanza_name is missed out, will assume stanza_name = plugin name.
If @config_filename is missed out, will search for the configuration
file in default locations.
EXAMPLE
The default config file holds:
[check_mysql]
username=tonvoon
password=secret
[more_options]
username=altinity
warning=10
critical=15
An invocation of:
./check_mysql -S --extra-opts= --extra-opts=more_options -H localhost
is effectively:
./check-mysql -S --username=tonvoon --password=secret ---
username=altinity --warning=10 --critical=5 H localhost
Note --username is listed twice. The function will just process
arguments as if it was above. It is the responsibility of the plugin
to handle duplicated options.
IMPLEMENTATION DETAILS
The configuration file would be searched for in default locations
(specified at compile time).
A stanza_name of "default" is reserved for future use.
As this facility can be used beyond just authentication (for
instance, common parameters on a plugin basis), it is up to the
system administrator to ensure the file permissions on a
configuration file is appropriate.
If -v -v -v is specified, the config file routine will print the
output of the equivalent command line options with all --extra-opts
options replaced.
The implementation should allow multiple specifications of --extra-opts.
If no one disagrees with this, I'll add it to the developer-
guidelines on Wednesday, and then we can move onto an implementation
phase and see who wants to have a go at writing this in C or perl.
Ton
http://www.altinity.com
T: +44 (0)870 787 9243
F: +44 (0)845 280 1725
Skype: tonvoon
More information about the Devel
mailing list