[Nagiosplug-devel] RFC: Plugins config file (final proposal)

Ton Voon ton.voon at altinity.com
Mon Jan 29 10:45:48 CET 2007


Hi!

I'm trying to wrap up this RFC from October last year (http:// 
thread.gmane.org/gmane.network.nagios.plugins.devel/4199) so that we  
can have some text written in the developer-guidelines before  
starting work on implementing it.

This is a summary of the thread on it. I think I have all the angles  
covered, but please let me know if not.


PROBLEM

There are security issues with passing user authentication  
information into some plugins via the command line. We would like the  
use of configuration files, secured at the file level, allowing  
configuration variables on a per-plugin basis.


PROPOSED SOLUTION

A new option is allowed: --extra-opts. The idea is this option is  
"replaced" with configuration options within a configuration file.

The configuration file has a windows ini style format:

[stanza name]
option1=argument1
option2=argument2

There can be multiple stanzas in a configuration file. The options  
are directly mapped to the plugin parameter options. The  
configuration file has no concept of whether the options are valid or  
not for the specific plugin. The options can be the long or short  
options - the routine will assume all single letter options are short  
options.

The --extra-opts parameter will take a value in the format:

--extra-opts=[stanza_name][@config_filename]

If stanza_name is missed out, will assume stanza_name = plugin name.

If @config_filename is missed out, will search for the configuration  
file in default locations.



EXAMPLE

The default config file holds:

[check_mysql]
username=tonvoon
password=secret

[more_options]
username=altinity
warning=10
critical=15

An invocation of:

./check_mysql -S --extra-opts= --extra-opts=more_options -H localhost

is effectively:

./check-mysql -S --username=tonvoon --password=secret --- 
username=altinity --warning=10 --critical=5 H localhost

Note --username is listed twice. The function will just process  
arguments as if it was above. It is the responsibility of the plugin  
to handle duplicated options.


IMPLEMENTATION DETAILS

The configuration file would be searched for in default locations  
(specified at compile time).

A stanza_name of "default" is reserved for future use.

As this facility can be used beyond just authentication (for  
instance, common parameters on a plugin basis), it is up to the  
system administrator to ensure the file permissions on a  
configuration file is appropriate.

If -v -v -v is specified, the config file routine will print the  
output of the equivalent command line options with all --extra-opts  
options replaced.

The implementation should allow multiple specifications of --extra-opts.



If no one disagrees with this, I'll add it to the developer- 
guidelines on Wednesday, and then we can move onto an implementation  
phase and see who wants to have a go at writing this in C or perl.

Ton

http://www.altinity.com
T: +44 (0)870 787 9243
F: +44 (0)845 280 1725
Skype: tonvoon






More information about the Devel mailing list