From c5d2282ea90c5566a369720873018920568fe3ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ou=C5=A1ek?= <brousek@ics.muni.cz>
Date: Thu, 11 Jan 2024 17:03:03 +0100
Subject: [PATCH] chore: remove shell scripts, update README

---
 README.md                                  |  64 ++++---
 backup_database.sh                         |  18 --
 nagios/README.md                           | 193 ---------------------
 nagios/git_pull_check.sh                   |  54 ------
 nagios/ldap_status.sh                      |  36 ----
 nagios/mariadb_replication_check.sh        |  40 -----
 nagios/mariadb_replication_check_config.sh |  10 --
 nagios/rpc_status.sh                       |  26 ---
 nagios/services_running_check.sh           |  42 -----
 9 files changed, 30 insertions(+), 453 deletions(-)
 delete mode 100755 backup_database.sh
 delete mode 100644 nagios/README.md
 delete mode 100755 nagios/git_pull_check.sh
 delete mode 100755 nagios/ldap_status.sh
 delete mode 100755 nagios/mariadb_replication_check.sh
 delete mode 100644 nagios/mariadb_replication_check_config.sh
 delete mode 100644 nagios/rpc_status.sh
 delete mode 100755 nagios/services_running_check.sh

diff --git a/README.md b/README.md
index d219faf..4747482 100644
--- a/README.md
+++ b/README.md
@@ -31,51 +31,47 @@ For usage instructions, run:
 run_probes
 ```
 
-### separate_ssp_script.py
+### separate_ssp_logs
 
-- Script for remove all logs from test accounts from SimpleSAMLlogs
+Script removes all logs from test accounts from SimpleSAMLphp logs.
 
-- Params:
-  - 1 - The file name
+Params:
 
-### backup_database.sh
+- 1 - The file name
 
-- Do mysqldump into `/opt/mariadb_backup` and remove all dump file older than 7 days
+### separate_oidc_logs
 
-### separate_oidc_logs.py
+Script removes all logs from test accounts from mitreID logs.
 
-- Script for remove all logs from test accounts from OIDC logs
+### metadata_expiration
 
-### metadata_expiration.py
+This script checks whether there are some metadata close to expiration date.
 
-- This script checks whether there are some metadata close to expiration date
+Params:
 
-- Params:
-  - 1 - url to a page which prints a time when expires the metadata closest to
-    expiration
+- 1 - url to a page which prints a time when expires the metadata closest to expiration
 
-### print_docker_versions.py
+### print_docker_versions
 
-- This script collects system info, docker engine info and the versions of running
-  containers and then prints it to the stdout in the JSON format
-- A python [docker library](https://pypi.org/project/docker/) is needed to run the
-  script
+This script collects system info, docker engine info and the versions of running
+containers and then prints it to the stdout in the JSON format.
 
-- Options:
-  - -e,--exclude NAMES - space delimited string of container names to exclude from the
-    listing
+For usage instructions, run:
 
-### run_version_script.py
+```sh
+print_docker_versions --help
+```
 
-- This scripts runs the print_docker_version.py script on the given machines. The
+### run_version_script
+
+- This scripts runs the print_docker_versions script on the given machines. The
   collected versions are then printed as a MD table to the stdout
 
-- Options:
-  - -e,--exclude NAMES - space delimited string of container names to exclude from the
-    listing
-- Params:
-  - 1... - machines to run the script on in the form of user@adress, the user needs
-    root privileges to execute the script
+For usage instructions, run:
+
+```sh
+run_version_script --help
+```
 
 ## Nagios probes
 
@@ -101,7 +97,7 @@ For usage instructions, run:
 check_mongodb --help
 ```
 
-### check_saml.py
+### check_saml
 
 SAML authentication check compatible with SimpleSAMLphp and mitreID.
 
@@ -117,7 +113,7 @@ check_saml --help
 Example:
 
 ```sh
-python3 check_saml.py
+python3 check_saml
     --username "my_username"
     --password "my_password"
     --username-field "j_username"
@@ -125,7 +121,7 @@ python3 check_saml.py
     --postlogout-string "Successful logout"
 ```
 
-### check_user_logins.py
+### check_user_logins
 
 Check users which login in repeatedly more often than a specified threshold (logins per
 seconds).
@@ -139,7 +135,7 @@ check_user_logins --help
 Example:
 
 ```sh
-python3 check_user_logins.py
+python3 check_user_logins
     -p /var/log/proxyaai/simplesamlphp/simplesamlphp/simplesamlphp.log
     -l 5
     -s 60
@@ -161,7 +157,7 @@ check_ldap --help
 
 Check whether an LDAP replica is up to date with the provider.
 
-#### Usage
+For usage instructions, run:
 
 ```sh
 check_ldap_syncrepl --help
diff --git a/backup_database.sh b/backup_database.sh
deleted file mode 100755
index ae97834..0000000
--- a/backup_database.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-
-BACKUP_FOLDER="/opt/mariadb_backup"
-
-# Ensure that backup folder exist
-if [[ ! -d ${BACKUP_FOLDER} ]]; then
-    mkdir ${BACKUP_FOLDER}
-fi
-
-BACKUP_FILE_NAME=${BACKUP_FOLDER}/backup_$(date -u +'%Y-%m-%d_%HH:%MM').sql
-
-# Backup all databases
-mysqldump --all-databases > ${BACKUP_FILE_NAME}
-
-echo "Database was dumped into ${BACKUP_FILE_NAME}"
-
-#Remove old backups > 7days
-find ${BACKUP_FOLDER} -name "backup_*.sql" -type f -mtime +7 -delete
diff --git a/nagios/README.md b/nagios/README.md
deleted file mode 100644
index 7e26607..0000000
--- a/nagios/README.md
+++ /dev/null
@@ -1,193 +0,0 @@
-# ProxyIdP Nagios scripts
-
-## List of Local scripts
-
-Local scripts are located in /usr/lib/check_mk/local/
-
-### php_syntax_check.sh
-
-- Attributes to be filled:
-<pre>
-
-# List of paths to check separated by space
-
-paths=""
-
-</pre>
-
-### git_pull_check.sh
-
-- Attributes to be filled:
-<pre>
-
-# The root directory to check
-
-dir=""
-
-</pre>
-
-### services_running_check.sh
-
-- Attributes to be filled:
-<pre>
-
-# List of service names separated by space
-
-services=""
-
-</pre>
-
-### Proxy idp authentication test - local
-
-There are two main scripts (one of them uses SAML, the other uses OIDC) checking the login to SP via the host from which the scripts run and some helper scripts located in folder `proxy_idp_auth_test_script/`
-The main script gradually try to sign in via AAI Playground IdP, MUNI IdP and CESNET IdP.
-
-These scripts are able to cache their last result.
-
-- Params:
-
-  - 1 - if this param contains '-f', script does not use its cache and is forced to do whole login process
-
-- Main scripts:
-  - proxy_idp_auth_test_saml.sh
-  - proxy_idp_auth_test_oidc.sh
-- Helper scripts:
-  - proxy_idp_auth_test_script/saml_auth_test_aai.sh
-  - proxy_idp_auth_test_script/saml_auth_test_cesnet.sh
-  - proxy_idp_auth_test_script/saml_auth_test_muni.sh
-  - proxy_idp_auth_test_script/oidc_auth_test_aai.sh
-  - proxy_idp_auth_test_script/oidc_auth_test_cesnet.sh
-  - proxy_idp_auth_test_script/oidc_auth_test_muni.sh
-- Requirements:
-
-  - library _bc_
-      <pre>
-      apt-get install bc
-      </pre>
-  - Configuration file proxy_idp_auth_test_config.sh in the same folder as script
-
-    - Attributes to be filled:
-        <pre>
-        # The urls of tested SP
-        # For example: https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authentication=muni
-        AAI_SAML_TEST_SITE=""          # Needed only for SAML
-        MUNI_SAML_TEST_SITE=""          # Needed only for SAML
-        CESNET_SAML_TEST_SITE=""        # Needed only for SAML
-        AAI_OIDC_TEST_SITE=""          # Needed only for OIDC
-        MUNI_OIDC_TEST_SITE=""          # Needed only for OIDC
-        CESNET_OIDC_TEST_SITE=""        # Needed only for OIDC
-      
-        # The url of logins form of used IdP
-        # For example: https://idp2.ics.muni.cz/idp/Authn/UserPassword
-        AAI_LOGIN_SITE=""
-        MUNI_LOGIN_SITE=""
-        CESNET_LOGIN_SITE=""
-      
-        # Fill in logins
-        AAI_LOGIN=""
-        MUNI_LOGIN=""
-        CESNET_LOGIN=""
-      
-        # Fill in passwords as string
-        MUNI_PASSWORD=""
-        CESNET_PASSWORD=""
-      
-        # Fill in the instance name
-        # Instance name must not contain a space
-        INSTANCE_NAME=""
-      
-        # Fill in the global domain name of ProxyIdP
-        # For example: login.cesnet.cz
-        PROXY_DOMAIN_NAME=""
-      
-        # How long is normal for total roundtrip (seconds)
-        SAML_WARNING_TIME=10        # Needed only for SAML
-        OIDC_WARNING_TIME=15        # Needed only for OIDC
-      
-        # Timeout time
-        TIMEOUT_TIME=40
-        
-        # Cache time
-        CACHE_TIME=60
-        </pre>
-
-### ldap_status.sh
-
-This script checks if the LDAP servers are accessible
-
-- Requirements:
-  - library _ldap-utils_
-      <pre>
-      apt-get install ldap-utils
-      </pre>
-- Attributes to be filled:
-    <pre>
-    # LDAP username
-    user=""
-  
-    # LDAP password
-    password=""
-  
-    # Base dn of LDAP tree
-    basedn=""
-  
-    # eduPersonPrincipalName which will be searched
-    searchedIdentity=""
-  
-    # List of LDPA hostnames separated by space
-    # Included ldap:// or ldaps://
-    hostnames=""
-    </pre>
-
-## List of plugins
-
-Plugins are located in /usr/lib/check_mk/plugins/
-
-## Nagios active scripts
-
-Active scripts are located in Nagios machine
-
-### Proxy idp authentication test - active
-
-There are two main scripts (one uses SAML, the other uses OIDC) checking the login via active ProxyIdP machine and some helper scripts located in folder `proxy_idp_auth_test_script/`
-The main script gradually try to sign in via AAI Playground IdP, MUNI IdP and CESNET IdP.
-
-- Main scripts:
-  - proxy_idp_auth_test_active_saml.sh
-  - proxy_idp_auth_test_active_oidc.sh
-- Helper scripts:
-  - proxy_idp_auth_test_script/saml_auth_test_cesnet_active.sh
-  - proxy_idp_auth_test_script/saml_auth_test_muni_active.sh
-  - proxy_idp_auth_test_script/oidc_auth_test_cesnet_active.sh
-  - proxy_idp_auth_test_script/oidc_auth_test_muni_active.sh
-- How to run these scripts:
-  - Params:
-    - 1 - The url of tested SP via MU account
-    - 2 - The url of login form of MU IdP
-    - 3 - MU Login
-    - 4 - MU Password
-    - 5 - The url of tested SP via CESNET account
-    - 6 - The url of login form of CESNET IdP
-    - 7 - CESNET Login
-    - 8 - CESNET Password
-    - 9 - Roundtrip time (in seconds) - The standard login time. After this time the return value can be changed to WARNING state
-    - 10 - Timeout time (in seconds) - After this time the helper script timeouts
-  - Examples:
-      <pre>
-      ./proxy_idp_auth_test_active_saml.sh "https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authenticate=muni" "https://idp2.ics.muni.cz/idp/Authn/UserPassword" "login" "passwd" "https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authenticate=cesnet" "https://idp2.ics.muni.cz/idp/Authn/UserPassword" "login" "passwd" 10 40
-      ./proxy_idp_auth_test_active_oidc.sh "https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authenticate=muni" "https://idp2.ics.muni.cz/idp/Authn/UserPassword" "login" "passwd" "https://aai-playground.ics.muni.cz/simplesaml/nagios_check.php?proxy_idp=cesnet&authenticate=cesnet" "https://idp2.ics.muni.cz/idp/Authn/UserPassword" "login" "passwd" 15 40
-      </pre>
-
-### mariadb_replication_check.sh
-
-This script checks the database replication
-
-- How to run this script:
-  - Params:
-    - 1 - Path to the configuration
-  - Requirements:
-    - Configuration file - Example configuration file: `mariadb_replication_check_config.sh`
-  - Example:
-      <pre>
-      ./mariadb_replication_check.sh "mariadb_check_config.sh"
-      </pre>
diff --git a/nagios/git_pull_check.sh b/nagios/git_pull_check.sh
deleted file mode 100755
index 47c110a..0000000
--- a/nagios/git_pull_check.sh
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/bash
-#########################################################################
-## Script to check for new commits in the specified local git repos.   ##
-## Copares hash of the HEAD with the origin/production latest commit's ##
-## hash.                                                               ##
-## Status 0 indicates repository being up-to-date                      ##
-## Status 1 indicates the commits are different and update can be made ##
-## Status 2 indicates that given directory does not exist or it is not ##
-## a valid git repository. Invalid repo is when it is not git repo at  ##
-## all, or the origin/production branch does not exist in remote repo  ##
-#########################################################################
-
-# List of paths to check separated by space
-REPOS=""
-
-function print_result {
-    echo "$1 git_pull_check_dir=$2"
-}
-
-for REPO_PATH in $REPOS
-do
-    if [[ -d $REPO_PATH ]]; then
-        cd $REPO_PATH
-        git status >/dev/null 2>&1
-        if [[ $? -ne 0 ]]; then
-            STATUS=2
-            STATUS_TEXT="CRITICAL - Directory $REPO_PATH is not a git repository"
-            print_result "$STATUS" "$STATUS_TEXT"
-            continue;
-        fi
-        git fetch origin >/dev/null 2>&1
-        git ls-remote --exit-code --heads origin production >/dev/null 2>&1
-        if [[ $? -ne 0 ]]; then
-            STATUS=2
-            STATUS_TEXT="CRITICAL - Repository $REPO_PATH does not have origin/production"
-            print_result "$STATUS" "$STATUS_TEXT"
-            continue;
-        fi
-        LOCAL_HASH=$(git rev-parse HEAD 2>/dev/null)
-        REMOTE_HASH=$(git rev-parse origin/production 2>/dev/null)
-        if [[ "$LOCAL_HASH" == "$REMOTE_HASH" ]] ; then
-            STATUS=0
-            STATUS_TEXT="OK"
-        else
-            STATUS=1
-            STATUS_TEXT="WARNING - New commits available in $REPO_PATH"
-        fi
-    else
-        STATUS=2
-        STATUS_TEXT="CRITICAL - Directory $REPO_PATH does not exist"
-    fi
-    print_result "$STATUS" "$STATUS_TEXT"
-done
-
diff --git a/nagios/ldap_status.sh b/nagios/ldap_status.sh
deleted file mode 100755
index 89729df..0000000
--- a/nagios/ldap_status.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-
-# LDAP username
-USER=""
-
-# LDAP password
-PASSWORD=""
-
-# Base dn of LDAP tree
-BASEDN=""
-
-# eduPersonPrincipalName which the script will look for
-IDENTITY=""
-
-# List of LDAP HOSTNAMES separated by whitespace
-# Each value must start with ldap:// or ldaps://
-# For example: "ldaps://hostname.com ldap://hostname.com"
-HOSTNAMES=""
-
-for HOSTNAME in $HOSTNAMES
-do
-    START_TIME=$(date +%s%N)
-    if [[ -z $PASSWORD ]]; then
-        LDAP_RESULT=$(timeout 10 ldapsearch  -x -H $HOSTNAME -b $BASEDN  "(eduPersonPrincipalNames=$IDENTITY)" 2>&1)
-    else
-        LDAP_RESULT=$(timeout 10 ldapsearch  -x -H $HOSTNAME -D $USER -w $PASSWORD -b $BASEDN  "(eduPersonPrincipalNames=$IDENTITY)" 2>&1)
-    fi
-    RESULT=$?
-    END_TIME=$(date +%s%N)
-    TOTAL_TIME=$(echo "scale=4;$(expr ${END_TIME} - ${START_TIME}) / 1000000000" | bc -l)
-    if [[ $RESULT == 0  ]]; then
-        echo "0 ldap_status-$HOSTNAME total_time=${TOTAL_TIME} OK"
-    else
-        echo "2 ldap_status-$HOSTNAME total_time=${TOTAL_TIME} ${LDAP_RESULT}"
-    fi
-done
diff --git a/nagios/mariadb_replication_check.sh b/nagios/mariadb_replication_check.sh
deleted file mode 100755
index 4a4ada5..0000000
--- a/nagios/mariadb_replication_check.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/bin/bash
-
-FILENAME=$1
-
-if [ "$#" -ne 1 ]; then
-    echo "You must enter exactly 1 command line arguments!"
-    echo "The first param must be the file with the configuration!"
-    exit 127
-fi
-
-if [[ ! -f ${FILENAME} ]]; then
-    echo "File ${FILENAME} doesn't exist."
-    echo "The first param must be the file with the configuration!"
-    exit 127
-fi
-
-source "${FILENAME}"
-
-count=0
-
-for i in ${machines}; do
-    listOfMachines[${count}]=${i}
-    result[${count}]=$(mysql -u ${USER} -p${PASSWD} -h ${i} --execute="SHOW STATUS LIKE 'wsrep_last_committed';" 2> /dev/null | tr -dc '0-9')
-
-    if [[ -z ${result[${count}]} ]]; then
-        echo "CRITICAL -  mariadb_replication_check - ${i}: An error appeared while connecting mariadb."
-        exit 2
-    fi
-    count=$(expr ${count} + 1)
-done
-
-for i in $(seq 0 $(expr ${count} - 2)); do
-    if [[ ${result[i]} -ne ${result[i+1]} ]]; then
-        echo "CRITICAL -  mariadb_replication_check - The result from ${machines[1]} (${result[i]}) is not equal to the result from ${machines[i+1]} (${result[i+1]})"
-        exit 2
-    fi
-done
-
-echo "OK - mariadb_replication_check - OK"
-exit 0
diff --git a/nagios/mariadb_replication_check_config.sh b/nagios/mariadb_replication_check_config.sh
deleted file mode 100644
index db5abcc..0000000
--- a/nagios/mariadb_replication_check_config.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/bash
-
-# User
-USER=""
-
-# Password
-PASSWD=""
-
-# List of addresses separated by space
-machines=""
diff --git a/nagios/rpc_status.sh b/nagios/rpc_status.sh
deleted file mode 100644
index 6f1a851..0000000
--- a/nagios/rpc_status.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-# RPC username
-USER=""
-
-# RPC password
-PASSWORD=""
-
-# RPC domain with authentication method
-# Example: "perun.cesnet.cz/krb"
-DOMAIN=""
-
-# Valid userId - This id will be used in getUserById call
-USER_ID=""
-
-URL="https://${DOMAIN}/rpc/json/usersManager/getUserById?id=${USER_ID}"
-
-START_TIME=$(date +%s%N)
-RPC_RESULT=$(timeout 10 curl --user ${USER}:${PASSWORD} ${URL} 2>&1)
-END_TIME=$(date +%s%N)
-TOTAL_TIME=$(echo "scale=4;$(expr ${END_TIME} - ${START_TIME}) / 1000000000" | bc -l)
-if [[ $RPC_RESULT == *\"id\":${USER_ID}*  ]]; then
-    echo "0 rpc_status total_time=${TOTAL_TIME} OK"
-else
-    echo "2 rpc_status total_time=${TOTAL_TIME} ${RPC_RESULT}"
-fi
diff --git a/nagios/services_running_check.sh b/nagios/services_running_check.sh
deleted file mode 100755
index b8efec4..0000000
--- a/nagios/services_running_check.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-
-# List of service names separated by space
-services=""
-
-for service in $services
-do
-    serviceStatusResult=$(service $service status -v 2> /dev/null)
-    IFS=$'\n'
-    re="Active:.*"
-    reActive="Active: active \(running\)"
-    reStopped="Active: inactive \(dead\)"
-
-    if [[ -n $serviceStatusResult ]] ; then
-
-        for item in $serviceStatusResult
-        do
-            if [[ $item =~ $re ]]; then
-                serviceStatus=$item
-                break
-            fi
-        done
-
-        if [[ $serviceStatus =~ $reActive ]]; then
-            status=0
-            statustxt="Service $service is running."
-        else
-            if [[ $serviceStatus =~ $reStopped ]]; then
-                status=2
-                statustxt="Service $service is stopped."
-            else
-                status=2
-                statustxt="Service $service is in unknown state: $serviceStatus"
-            fi
-        fi
-    else
-        status=2
-        statustxt="Service $service doesn't exist"
-    fi
-
-    echo "$status service_running_check_$service - $statustxt"
-done
\ No newline at end of file
-- 
GitLab