Skip to content
Snippets Groups Projects
Commit c5d2282e authored by Pavel Břoušek's avatar Pavel Břoušek
Browse files

chore: remove shell scripts, update README

parent 2dad7f66
No related branches found
No related tags found
No related merge requests found
Pipeline #376683 passed
Stage: .pre
Stage: test
Stage: release
Hide whitespace changes
Inline Side-by-side
Showing
with 30 additions and 453 deletions
README.md
+ 30
34
View file @ c5d2282e
......@@ -31,51 +31,47 @@ For usage instructions, run:
run_probes
```
### separate_ssp_script.py
### separate_ssp_logs
- Script for remove all logs from test accounts from SimpleSAMLlogs
Script removes all logs from test accounts from SimpleSAMLphp logs.
- Params:
- 1 - The file name
Params:
### backup_database.sh
- 1 - The file name
- Do mysqldump into `/opt/mariadb_backup` and remove all dump file older than 7 days
### separate_oidc_logs
### separate_oidc_logs.py
Script removes all logs from test accounts from mitreID logs.
- Script for remove all logs from test accounts from OIDC logs
### metadata_expiration
### metadata_expiration.py
This script checks whether there are some metadata close to expiration date.
- This script checks whether there are some metadata close to expiration date
Params:
- Params:
- 1 - url to a page which prints a time when expires the metadata closest to
expiration
- 1 - url to a page which prints a time when expires the metadata closest to expiration
### print_docker_versions.py
### print_docker_versions
- This script collects system info, docker engine info and the versions of running
containers and then prints it to the stdout in the JSON format
- A python [docker library](https://pypi.org/project/docker/) is needed to run the
script
This script collects system info, docker engine info and the versions of running
containers and then prints it to the stdout in the JSON format.
- Options:
- -e,--exclude NAMES - space delimited string of container names to exclude from the
listing
For usage instructions, run:
### run_version_script.py
```sh
print_docker_versions --help
```
- This scripts runs the print_docker_version.py script on the given machines. The
### run_version_script
- This scripts runs the print_docker_versions script on the given machines. The
collected versions are then printed as a MD table to the stdout
- Options:
- -e,--exclude NAMES - space delimited string of container names to exclude from the
listing
- Params:
- 1... - machines to run the script on in the form of user@adress, the user needs
root privileges to execute the script
For usage instructions, run:
```sh
run_version_script --help
```
## Nagios probes
......@@ -101,7 +97,7 @@ For usage instructions, run:
check_mongodb --help
```
### check_saml.py
### check_saml
SAML authentication check compatible with SimpleSAMLphp and mitreID.
......@@ -117,7 +113,7 @@ check_saml --help
Example:
```sh
python3 check_saml.py
python3 check_saml
--username "my_username"
--password "my_password"
--username-field "j_username"
......@@ -125,7 +121,7 @@ python3 check_saml.py
--postlogout-string "Successful logout"
```
### check_user_logins.py
### check_user_logins
Check users which login in repeatedly more often than a specified threshold (logins per
seconds).
......@@ -139,7 +135,7 @@ check_user_logins --help
Example:
```sh
python3 check_user_logins.py
python3 check_user_logins
-p /var/log/proxyaai/simplesamlphp/simplesamlphp/simplesamlphp.log
-l 5
-s 60
......@@ -161,7 +157,7 @@ check_ldap --help
Check whether an LDAP replica is up to date with the provider.
#### Usage
For usage instructions, run:
```sh
check_ldap_syncrepl --help
......
backup_database.sh deleted 100755 → 0
+ 0
18
View file @ 2dad7f66
#!/bin/bash
BACKUP_FOLDER="/opt/mariadb_backup"
# Ensure that backup folder exist
if [[ ! -d ${BACKUP_FOLDER} ]]; then
mkdir ${BACKUP_FOLDER}
fi
BACKUP_FILE_NAME=${BACKUP_FOLDER}/backup_$(date -u +'%Y-%m-%d_%HH:%MM').sql
# Backup all databases
mysqldump --all-databases > ${BACKUP_FILE_NAME}
echo "Database was dumped into ${BACKUP_FILE_NAME}"
#Remove old backups > 7days
find ${BACKUP_FOLDER} -name "backup_*.sql" -type f -mtime +7 -delete
nagios/README.md deleted 100644 → 0
+ 0
193
View file @ 2dad7f66
# ProxyIdP Nagios scripts
## List of Local scripts
Local scripts are located in /usr/lib/check_mk/local/
### php_syntax_check.sh
- Attributes to be filled:
<pre>
# List of paths to check separated by space
paths=""
</pre>
### git_pull_check.sh
- Attributes to be filled:
<pre>
# The root directory to check
dir=""
</pre>
### services_running_check.sh
- Attributes to be filled:
<pre>
# List of service names separated by space
services=""
</pre>
### Proxy idp authentication test - local
There are two main scripts (one of them uses SAML, the other uses OIDC) checking the login to SP via the host from which the scripts run and some helper scripts located in folder `proxy_idp_auth_test_script/`
The main script gradually try to sign in via AAI Playground IdP, MUNI IdP and CESNET IdP.
These scripts are able to cache their last result.
- Params:
- 1 - if this param contains '-f', script does not use its cache and is forced to do whole login process
- Main scripts:
- proxy_idp_auth_test_saml.sh
- proxy_idp_auth_test_oidc.sh
- Helper scripts:
- proxy_idp_auth_test_script/saml_auth_test_aai.sh
- proxy_idp_auth_test_script/saml_auth_test_cesnet.sh
- proxy_idp_auth_test_script/saml_auth_test_muni.sh
- proxy_idp_auth_test_script/oidc_auth_test_aai.sh
- proxy_idp_auth_test_script/oidc_auth_test_cesnet.sh
- proxy_idp_auth_test_script/oidc_auth_test_muni.sh
- Requirements:
- library _bc_
<pre>
apt-get install bc
</pre>
- Configuration file proxy_idp_auth_test_config.sh in the same folder as script
- Attributes to be filled:
<pre>
# The urls of tested SP
# For example: https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authentication=muni
AAI_SAML_TEST_SITE="" # Needed only for SAML
MUNI_SAML_TEST_SITE="" # Needed only for SAML
CESNET_SAML_TEST_SITE="" # Needed only for SAML
AAI_OIDC_TEST_SITE="" # Needed only for OIDC
MUNI_OIDC_TEST_SITE="" # Needed only for OIDC
CESNET_OIDC_TEST_SITE="" # Needed only for OIDC
# The url of logins form of used IdP
# For example: https://idp2.ics.muni.cz/idp/Authn/UserPassword
AAI_LOGIN_SITE=""
MUNI_LOGIN_SITE=""
CESNET_LOGIN_SITE=""
# Fill in logins
AAI_LOGIN=""
MUNI_LOGIN=""
CESNET_LOGIN=""
# Fill in passwords as string
MUNI_PASSWORD=""
CESNET_PASSWORD=""
# Fill in the instance name
# Instance name must not contain a space
INSTANCE_NAME=""
# Fill in the global domain name of ProxyIdP
# For example: login.cesnet.cz
PROXY_DOMAIN_NAME=""
# How long is normal for total roundtrip (seconds)
SAML_WARNING_TIME=10 # Needed only for SAML
OIDC_WARNING_TIME=15 # Needed only for OIDC
# Timeout time
TIMEOUT_TIME=40
# Cache time
CACHE_TIME=60
</pre>
### ldap_status.sh
This script checks if the LDAP servers are accessible
- Requirements:
- library _ldap-utils_
<pre>
apt-get install ldap-utils
</pre>
- Attributes to be filled:
<pre>
# LDAP username
user=""
# LDAP password
password=""
# Base dn of LDAP tree
basedn=""
# eduPersonPrincipalName which will be searched
searchedIdentity=""
# List of LDPA hostnames separated by space
# Included ldap:// or ldaps://
hostnames=""
</pre>
## List of plugins
Plugins are located in /usr/lib/check_mk/plugins/
## Nagios active scripts
Active scripts are located in Nagios machine
### Proxy idp authentication test - active
There are two main scripts (one uses SAML, the other uses OIDC) checking the login via active ProxyIdP machine and some helper scripts located in folder `proxy_idp_auth_test_script/`
The main script gradually try to sign in via AAI Playground IdP, MUNI IdP and CESNET IdP.
- Main scripts:
- proxy_idp_auth_test_active_saml.sh
- proxy_idp_auth_test_active_oidc.sh
- Helper scripts:
- proxy_idp_auth_test_script/saml_auth_test_cesnet_active.sh
- proxy_idp_auth_test_script/saml_auth_test_muni_active.sh
- proxy_idp_auth_test_script/oidc_auth_test_cesnet_active.sh
- proxy_idp_auth_test_script/oidc_auth_test_muni_active.sh
- How to run these scripts:
- Params:
- 1 - The url of tested SP via MU account
- 2 - The url of login form of MU IdP
- 3 - MU Login
- 4 - MU Password
- 5 - The url of tested SP via CESNET account
- 6 - The url of login form of CESNET IdP
- 7 - CESNET Login
- 8 - CESNET Password
- 9 - Roundtrip time (in seconds) - The standard login time. After this time the return value can be changed to WARNING state
- 10 - Timeout time (in seconds) - After this time the helper script timeouts
- Examples:
<pre>
./proxy_idp_auth_test_active_saml.sh "https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authenticate=muni" "https://idp2.ics.muni.cz/idp/Authn/UserPassword" "login" "passwd" "https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authenticate=cesnet" "https://idp2.ics.muni.cz/idp/Authn/UserPassword" "login" "passwd" 10 40
./proxy_idp_auth_test_active_oidc.sh "https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authenticate=muni" "https://idp2.ics.muni.cz/idp/Authn/UserPassword" "login" "passwd" "https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authenticate=cesnet" "https://idp2.ics.muni.cz/idp/Authn/UserPassword" "login" "passwd" 15 40
</pre>
### mariadb_replication_check.sh
This script checks the database replication
- How to run this script:
- Params:
- 1 - Path to the configuration
- Requirements:
- Configuration file - Example configuration file: `mariadb_replication_check_config.sh`
- Example:
<pre>
./mariadb_replication_check.sh "mariadb_check_config.sh"
</pre>
nagios/git_pull_check.sh deleted 100755 → 0
+ 0
54
View file @ 2dad7f66
#!/bin/bash
#########################################################################
## Script to check for new commits in the specified local git repos. ##
## Copares hash of the HEAD with the origin/production latest commit's ##
## hash. ##
## Status 0 indicates repository being up-to-date ##
## Status 1 indicates the commits are different and update can be made ##
## Status 2 indicates that given directory does not exist or it is not ##
## a valid git repository. Invalid repo is when it is not git repo at ##
## all, or the origin/production branch does not exist in remote repo ##
#########################################################################
# List of paths to check separated by space
REPOS=""
function print_result {
echo "$1 git_pull_check_dir=$2"
}
for REPO_PATH in $REPOS
do
if [[ -d $REPO_PATH ]]; then
cd $REPO_PATH
git status >/dev/null 2>&1
if [[ $? -ne 0 ]]; then
STATUS=2
STATUS_TEXT="CRITICAL - Directory $REPO_PATH is not a git repository"
print_result "$STATUS" "$STATUS_TEXT"
continue;
fi
git fetch origin >/dev/null 2>&1
git ls-remote --exit-code --heads origin production >/dev/null 2>&1
if [[ $? -ne 0 ]]; then
STATUS=2
STATUS_TEXT="CRITICAL - Repository $REPO_PATH does not have origin/production"
print_result "$STATUS" "$STATUS_TEXT"
continue;
fi
LOCAL_HASH=$(git rev-parse HEAD 2>/dev/null)
REMOTE_HASH=$(git rev-parse origin/production 2>/dev/null)
if [[ "$LOCAL_HASH" == "$REMOTE_HASH" ]] ; then
STATUS=0
STATUS_TEXT="OK"
else
STATUS=1
STATUS_TEXT="WARNING - New commits available in $REPO_PATH"
fi
else
STATUS=2
STATUS_TEXT="CRITICAL - Directory $REPO_PATH does not exist"
fi
print_result "$STATUS" "$STATUS_TEXT"
done
nagios/ldap_status.sh deleted 100755 → 0
+ 0
36
View file @ 2dad7f66
#!/bin/bash
# LDAP username
USER=""
# LDAP password
PASSWORD=""
# Base dn of LDAP tree
BASEDN=""
# eduPersonPrincipalName which the script will look for
IDENTITY=""
# List of LDAP HOSTNAMES separated by whitespace
# Each value must start with ldap:// or ldaps://
# For example: "ldaps://hostname.com ldap://hostname.com"
HOSTNAMES=""
for HOSTNAME in $HOSTNAMES
do
START_TIME=$(date +%s%N)
if [[ -z $PASSWORD ]]; then
LDAP_RESULT=$(timeout 10 ldapsearch -x -H $HOSTNAME -b $BASEDN "(eduPersonPrincipalNames=$IDENTITY)" 2>&1)
else
LDAP_RESULT=$(timeout 10 ldapsearch -x -H $HOSTNAME -D $USER -w $PASSWORD -b $BASEDN "(eduPersonPrincipalNames=$IDENTITY)" 2>&1)
fi
RESULT=$?
END_TIME=$(date +%s%N)
TOTAL_TIME=$(echo "scale=4;$(expr ${END_TIME} - ${START_TIME}) / 1000000000" | bc -l)
if [[ $RESULT == 0 ]]; then
echo "0 ldap_status-$HOSTNAME total_time=${TOTAL_TIME} OK"
else
echo "2 ldap_status-$HOSTNAME total_time=${TOTAL_TIME} ${LDAP_RESULT}"
fi
done
nagios/mariadb_replication_check.sh deleted 100755 → 0
+ 0
40
View file @ 2dad7f66
#!/bin/bash
FILENAME=$1
if [ "$#" -ne 1 ]; then
echo "You must enter exactly 1 command line arguments!"
echo "The first param must be the file with the configuration!"
exit 127
fi
if [[ ! -f ${FILENAME} ]]; then
echo "File ${FILENAME} doesn't exist."
echo "The first param must be the file with the configuration!"
exit 127
fi
source "${FILENAME}"
count=0
for i in ${machines}; do
listOfMachines[${count}]=${i}
result[${count}]=$(mysql -u ${USER} -p${PASSWD} -h ${i} --execute="SHOW STATUS LIKE 'wsrep_last_committed';" 2> /dev/null | tr -dc '0-9')
if [[ -z ${result[${count}]} ]]; then
echo "CRITICAL - mariadb_replication_check - ${i}: An error appeared while connecting mariadb."
exit 2
fi
count=$(expr ${count} + 1)
done
for i in $(seq 0 $(expr ${count} - 2)); do
if [[ ${result[i]} -ne ${result[i+1]} ]]; then
echo "CRITICAL - mariadb_replication_check - The result from ${machines[1]} (${result[i]}) is not equal to the result from ${machines[i+1]} (${result[i+1]})"
exit 2
fi
done
echo "OK - mariadb_replication_check - OK"
exit 0
nagios/mariadb_replication_check_config.sh deleted 100644 → 0
+ 0
10
View file @ 2dad7f66
#!/bin/bash
# User
USER=""
# Password
PASSWD=""
# List of addresses separated by space
machines=""
nagios/rpc_status.sh deleted 100644 → 0
+ 0
26
View file @ 2dad7f66
#!/bin/bash
# RPC username
USER=""
# RPC password
PASSWORD=""
# RPC domain with authentication method
# Example: "perun.cesnet.cz/krb"
DOMAIN=""
# Valid userId - This id will be used in getUserById call
USER_ID=""
URL="https://${DOMAIN}/rpc/json/usersManager/getUserById?id=${USER_ID}"
START_TIME=$(date +%s%N)
RPC_RESULT=$(timeout 10 curl --user ${USER}:${PASSWORD} ${URL} 2>&1)
END_TIME=$(date +%s%N)
TOTAL_TIME=$(echo "scale=4;$(expr ${END_TIME} - ${START_TIME}) / 1000000000" | bc -l)
if [[ $RPC_RESULT == *\"id\":${USER_ID}* ]]; then
echo "0 rpc_status total_time=${TOTAL_TIME} OK"
else
echo "2 rpc_status total_time=${TOTAL_TIME} ${RPC_RESULT}"
fi
nagios/services_running_check.sh deleted 100755 → 0
+ 0
42
View file @ 2dad7f66
#!/bin/bash
# List of service names separated by space
services=""
for service in $services
do
serviceStatusResult=$(service $service status -v 2> /dev/null)
IFS=$'\n'
re="Active:.*"
reActive="Active: active \(running\)"
reStopped="Active: inactive \(dead\)"
if [[ -n $serviceStatusResult ]] ; then
for item in $serviceStatusResult
do
if [[ $item =~ $re ]]; then
serviceStatus=$item
break
fi
done
if [[ $serviceStatus =~ $reActive ]]; then
status=0
statustxt="Service $service is running."
else
if [[ $serviceStatus =~ $reStopped ]]; then
status=2
statustxt="Service $service is stopped."
else
status=2
statustxt="Service $service is in unknown state: $serviceStatus"
fi
fi
else
status=2
statustxt="Service $service doesn't exist"
fi
echo "$status service_running_check_$service - $statustxt"
done
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment