48d0237b07
fixes CVE-2016-8641 (bsc#1011630 and bsc#1018047) OBS-URL: https://build.opensuse.org/package/show/server:monitoring/icinga?expand=0&rev=180
312 lines
9.5 KiB
Bash
312 lines
9.5 KiB
Bash
#! /bin/sh
|
|
# Copyright (c) 1995-2001 SuSE GmbH Nuernberg, Germany.
|
|
# 2002 SuSE Linux AG Nuernberg, Germany.
|
|
# 2007 SuSE Linux GmbH Nuernberg, Germany.
|
|
# 2010 SUSE LINUX Products GmbH, Nuernberg, Germany
|
|
#
|
|
# Author: Wolfgang Rosenauer, Lars Vogdt
|
|
#
|
|
#
|
|
# /etc/init.d/icinga
|
|
#
|
|
# and symbolic its link
|
|
#
|
|
# /usr/sbin/rcicinga
|
|
#
|
|
# System startup script for icinga
|
|
#
|
|
### BEGIN INIT INFO
|
|
# Provides: icinga monitoring_daemon
|
|
# Required-Start: $local_fs $remote_fs $syslog $network
|
|
# Required-Stop: $local_fs $remote_fs $syslog $network
|
|
# Should-Start: $time sendmail httpd2 $named cron ido2db
|
|
# Should-Stop: sendmail ido2db
|
|
# Default-Start: 3 5
|
|
# Default-Stop: 0 1 2 6
|
|
# Short-Description: Network monitor Icinga
|
|
# Description: Starts and stops the Icinga monitor
|
|
# used to provide network services status for hosts,
|
|
# services and networks.
|
|
### END INIT INFO
|
|
|
|
. /etc/rc.status
|
|
|
|
ICINGA_BIN='/usr/sbin/icinga'
|
|
ICINGA_CFG='/etc/icinga/icinga.cfg'
|
|
ICINGA_SYSCONFIG='/etc/sysconfig/icinga'
|
|
ICINGA_CFG_ERR_LOG='/var/log/icinga/config.err'
|
|
ICINGA_DAEMONCHK='/usr/lib/icinga/cgi/daemonchk.cgi'
|
|
|
|
# Read config and log errors in logfile
|
|
config_check() {
|
|
case "$1" in
|
|
verbose)
|
|
$ICINGA_BIN -v "$ICINGA_CFG" >"$ICINGA_CFG_ERR_LOG" 2>&1
|
|
if [ $? -eq 0 ]; then
|
|
return 0
|
|
else
|
|
return 1
|
|
fi
|
|
;;
|
|
*)
|
|
$ICINGA_BIN -v "$ICINGA_CFG" >/dev/null 2>&1
|
|
if [ $? -eq 0 ]; then
|
|
return 0
|
|
else
|
|
$ICINGA_BIN -v "$ICINGA_CFG" >"$ICINGA_CFG_ERR_LOG" 2>&1
|
|
return 1
|
|
fi
|
|
;;
|
|
esac
|
|
}
|
|
|
|
# grab a config option
|
|
get_var() {
|
|
if [ -n "$2" ]; then
|
|
set -- `grep ^$1 $2 | sed 's@=@ @' | tr -d '[:cntrl:]'`
|
|
else
|
|
set -- `grep ^$1 "$ICINGA_CFG" | sed 's@=@ @' | tr -d '[:cntrl:]'`
|
|
fi
|
|
shift # remove first ARG => search-string
|
|
echo $*
|
|
}
|
|
|
|
# check some default files and directories
|
|
check_files() {
|
|
# remove some perhaps left over files
|
|
for file in "$command_file" "$lock_file" "$status_file" "$temp_file"; do
|
|
test -f "$file" && rm -f "$file"
|
|
done
|
|
}
|
|
|
|
check_lock_file() {
|
|
PIDDIR=$(dirname $lock_file)
|
|
case "$PIDDIR" in
|
|
/var/run)
|
|
if [ x"$icinga_user" != x"root" ]; then
|
|
DATESTRING=`date +"%Y%m%d"`
|
|
mv -f "$ICINGA_CFG" "$ICINGA_CFG-$DATESTRING"
|
|
sed -e "s|^lock_file.*|pid_file=$lock_file|g" "$ICINGA_CFG-$DATESTRING" > "$ICINGA_CFG"
|
|
/bin/logger -t rcicinga "Configured $lock_file in $ICINGA_CFG moved to $lock_file. Backup is $ICINGA_CFG-$DATESTRING"
|
|
test -f "$lock_file" && rm -f "$lock_file"
|
|
install -d -m755 -o$icinga_user -g$icinga_group $(dirname "$lock_file")
|
|
else
|
|
test -d "$PIDDIR" || mkdir -p "$PIDDIR"
|
|
fi
|
|
;;
|
|
*)
|
|
install -d -m755 -o$icinga_user -g$icinga_group $(dirname "$lock_file")
|
|
esac
|
|
}
|
|
|
|
# Check for missing binaries (stale symlinks should not happen)
|
|
# Note: Special treatment of stop for LSB conformance
|
|
test -x "$ICINGA_BIN" || { echo "$ICINGA_BIN not installed or not executable.";
|
|
if [ "$1" = "stop" ]; then exit 0;
|
|
else exit 5; fi; }
|
|
|
|
# Check for existence of needed config file
|
|
test -r "$ICINGA_CFG" || { echo "$ICINGA_CFG not existing or readable.";
|
|
if [ "$1" = "stop" ]; then exit 0;
|
|
else exit 6; fi; }
|
|
|
|
# Check for existence of sysconfig file and read it
|
|
test -r "$ICINGA_SYSCONFIG" || { echo "$ICINGA_SYSCONFIG not existing or readable.";
|
|
if [ "$1" = "stop" ]; then exit 0;
|
|
else exit 6; fi; }
|
|
|
|
. "$ICINGA_SYSCONFIG"
|
|
|
|
# set values for sysconfig vars
|
|
if [ -n "$ICINGA_NICELEVEL" ]; then
|
|
NICELEVEL="-n $ICINGA_NICELEVEL"
|
|
else
|
|
NICELEVEL="-n 0"
|
|
fi
|
|
if [ -z "$ICINGA_TIMEOUT" ]; then
|
|
ICINGA_TIMEOUT=10
|
|
fi
|
|
|
|
#
|
|
# get variables from config file
|
|
#
|
|
icinga_user="$(get_var icinga_user)"
|
|
icinga_group="$(get_var icinga_group)"
|
|
lock_file="$(get_var lock_file)"
|
|
status_file="$(get_var status_file)"
|
|
log_file="$(get_var log_file)"
|
|
temp_file="$(get_var temp_file)"
|
|
temp_path="$(get_var temp_path)"
|
|
state_retention_file="$(get_var state_retention_file)"
|
|
command_file="$(get_var command_file)"
|
|
resource_file="$(get_var resource_file)"
|
|
check_result_path="$(get_var check_result_path)"
|
|
check_external_commands="$(get_var check_external_commands)"
|
|
|
|
#
|
|
# use default values if above check doesn't work
|
|
#
|
|
: ${icinga_user:=icinga}
|
|
: ${icinga_group:=icinga}
|
|
: ${icinga_cmdgrp:=icingacmd}
|
|
: ${resource_file:=/etc/icinga/resource.cfg}
|
|
# check ownership files
|
|
: ${check_result_path:=/var/spool/icinga/checkresults}
|
|
: ${log_file:=/var/log/icinga/icinga.log}
|
|
: ${state_retention_file:=/var/spool/icinga/retention.dat}
|
|
: ${status_file:=/var/spool/icinga/status.dat}
|
|
: ${check_external_commands:=0}
|
|
: ${temp_path:=/var/run/icinga/tmp}
|
|
: ${temp_file:=/var/run/icinga/icinga.tmp}
|
|
# files to remove
|
|
: ${command_file:=/var/run/icinga/icinga.cmd}
|
|
: ${lock_file:=/var/run/icinga/icinga.pid}
|
|
|
|
# Reset status of this service
|
|
rc_reset
|
|
|
|
case "$1" in
|
|
start)
|
|
echo -n "Starting Icinga "
|
|
# create checkresult dir if missing
|
|
if [ ! -d "$check_result_path" ]; then
|
|
mkdir -p "$check_result_path"
|
|
chown --no-dereference $icinga_user:$icinga_group "$check_result_path"
|
|
chmod 775 "$check_result_path"
|
|
fi
|
|
if [ ! -d "$temp_path" ]; then
|
|
case "$temp_path" in
|
|
/var/run/icinga/tmp)
|
|
install -d -m775 -o$icinga_user -g$icinga_group "$temp_path"
|
|
;;
|
|
*)
|
|
/bin/logger -t rcicinga "$temp_path does not exist - creating now"
|
|
install -d -m775 -o$icinga_user -g$icinga_group "$temp_path"
|
|
;;
|
|
esac
|
|
fi
|
|
config_check
|
|
if [ $? -eq 0 ]; then
|
|
# check if icinga is already running
|
|
ICINGAPID=$(pidof "$ICINGA_BIN")
|
|
if [ -z "$ICINGAPID" ]; then
|
|
check_files
|
|
check_lock_file
|
|
fi
|
|
startproc $NICELEVEL -p "$lock_file" "$ICINGA_BIN" -d "$ICINGA_CFG"
|
|
if [ "$check_external_commands" != 0 ]; then
|
|
while [ ! -e "$command_file" ] && [ $ICINGA_TIMEOUT -gt 0 ]; do
|
|
sleep 1
|
|
ICINGA_TIMEOUT=$(($ICINGA_TIMEOUT - 1))
|
|
done
|
|
chgrp --no-dereference $icinga_cmdgrp "$command_file"
|
|
fi
|
|
else
|
|
echo "Error in configuration - please read $ICINGA_CFG_ERR_LOG"
|
|
rc_failed
|
|
fi
|
|
rc_status -v
|
|
;;
|
|
stop)
|
|
echo -n "Shutting down Icinga "
|
|
# we have to wait for icinga to exit and remove its
|
|
# own Lockfile, otherwise a following "start" could
|
|
# happen, and then the exiting icinga will remove the
|
|
# new Lockfile, allowing multiple icinga daemons
|
|
# to (sooner or later) run - John Sellens
|
|
if checkproc "$ICINGA_BIN" ; then
|
|
killproc -p "$lock_file" -TERM "$ICINGA_BIN"
|
|
sleep 1
|
|
if [ -e "$lock_file" ]; then
|
|
echo "Warning - Icinga did not exit in a timely manner. Waiting..."
|
|
while [ -e "$lock_file" ] && [ $ICINGA_TIMEOUT -gt 0 ] ; do
|
|
sleep 1
|
|
ICINGA_TIMEOUT=$(($ICINGA_TIMEOUT - 1))
|
|
echo -n '.'
|
|
[ $ICINGA_TIMEOUT -eq 41 ] && echo
|
|
done
|
|
fi
|
|
if checkproc "$ICINGA_BIN" ; then
|
|
killproc -p "$lock_file" -SIGKILL "$ICINGA_BIN"
|
|
echo -n "Warning: Icinga killed"
|
|
fi
|
|
else
|
|
echo -n "Icinga not running"
|
|
rc_failed 7
|
|
fi
|
|
check_files
|
|
rc_reset
|
|
rc_status -v
|
|
;;
|
|
try-restart)
|
|
## Do a restart only if the service was active before.
|
|
$0 status
|
|
if test $? = 0; then
|
|
$0 restart
|
|
else
|
|
rc_reset # Not running is not a failure.
|
|
fi
|
|
rc_status
|
|
;;
|
|
restart)
|
|
$0 check
|
|
$0 stop
|
|
$0 start
|
|
rc_status
|
|
;;
|
|
reload|force-reload)
|
|
echo -n "Reload service Icinga "
|
|
config_check
|
|
if [ $? -eq 0 ]; then
|
|
echo -n "Passed configuration check - reloading..."
|
|
killproc -HUP -p "$lock_file" "$ICINGA_BIN"
|
|
else
|
|
echo "- Error in configuration files"
|
|
echo -n "- aborting reload - please read $ICINGA_CFG_ERR_LOG"
|
|
rc_failed
|
|
fi
|
|
rc_status -v
|
|
;;
|
|
status)
|
|
echo -n "Checking for Icinga "
|
|
if [ -x "$ICINGA_DAEMONCHK" ]; then
|
|
if "$ICINGA_DAEMONCHK" -l "$lock_file"; then
|
|
rc_failed 0
|
|
else
|
|
rc_failed 1
|
|
fi
|
|
else
|
|
checkproc -p "$lock_file" "$ICINGA_BIN"
|
|
fi
|
|
rc_status -v
|
|
;;
|
|
check)
|
|
echo -n "Starting configuration check "
|
|
config_check
|
|
if [ $? -eq 0 ]; then
|
|
echo "- passed configuration check"
|
|
test -f $ICINGA_CFG_ERR_LOG && rm $ICINGA_CFG_ERR_LOG
|
|
rc_reset
|
|
else
|
|
echo "- detected Error in configuration files"
|
|
echo "Please read $ICINGA_CFG_ERR_LOG"
|
|
rc_failed
|
|
fi
|
|
rc_status -v
|
|
;;
|
|
check_verbose|show-errors)
|
|
echo "Running verbose configuration check..."
|
|
config_check verbose
|
|
exitcode=$?
|
|
cat "$ICINGA_CFG_ERR_LOG"
|
|
rc_failed $exitcode
|
|
rc_status -v
|
|
rc_exit
|
|
;;
|
|
*)
|
|
echo "Usage: $0 {start|stop|status|try-restart|restart|reload|check|check_verbose|show-errors}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
rc_exit
|