Getting monitoring data through SSH (#140)

* Getting monitoring data through SSH

Author: BaranekD

CHANGELOG.md

@@ -5,6 +5,9 @@ All notable changes to this project will be documented in this file.
 ### Changed
 - Refactored Disco page. See the config template for example configuration.
 
+#### Changed
+- Obtaining the data from Nagios is done through SSH instead of a certificate and calling an API
+
 #### Added
 - Added extended PerunEntitlements
 

composer.json

@@ -28,6 +28,7 @@
         "cesnet/simplesamlphp-module-perunauthorize": "~2.0",
         "cesnet/simplesamlphp-module-chartjs": "~2.8.0",
         "symfony/var-exporter": "^5.0",
+        "phpseclib/phpseclib": "~3.0",
         "ext-curl": "*",
         "ext-json": "*"
     }

lib/NagiosStatusConnector.php

@@ -2,7 +2,10 @@
 
 namespace SimpleSAML\Module\perun;
 
-use SimpleSAML\Logger;
+use phpseclib3\Crypt\RSA;
+use phpseclib3\Net\SSH2;
+use SimpleSAML\Error\Exception;
+
 
 /**
  * Class sspmod_perun_NagiosStatusConnector
@@ -11,17 +14,16 @@
  */
 class NagiosStatusConnector extends StatusConnector
 {
-    const NAGIOS_URL = 'status.nagios.url';
-    const NAGIOS_CERT_PATH = 'status.nagios.certificate_path';
-    const NAGIOS_CERT_PASSWORD = 'status.nagios.certificate_password';
-    const NAGIOS_CA_PATH = 'status.nagios.ca_path';
-    const NAGIOS_PEER_VERIFY = 'status.nagios.peer_verification';
-
-    private $url;
-    private $certPath;
-    private $certPassword;
-    private $caPath;
-    private $peerVerification;
+    protected const STATUS_NAGIOS = 'status_nagios';
+    protected const HOST = 'host';
+    protected const KEY_PATH = 'key_path';
+    protected const LOGIN = 'login';
+    protected const COMMAND = 'command';
+
+    private $host;
+    private $keyPath;
+    private $login;
+    private $command;
 
     /**
      * NagiosStatusConnector constructor.
@@ -30,55 +32,50 @@ public function __construct()
     {
         parent::__construct();
 
-        $this->url = $this->configuration->getString(self::NAGIOS_URL, '');
-        $this->certPath = $this->configuration->getString(self::NAGIOS_CERT_PATH, '');
-        $this->certPassword = $this->configuration->getString(self::NAGIOS_CERT_PASSWORD, '');
-        $this->caPath = $this->configuration->getString(self::NAGIOS_CA_PATH, '');
-        $this->peerVerification = $this->configuration->getBoolean(self::NAGIOS_PEER_VERIFY, false);
-
-        if (empty($this->url)) {
-            throw new \Exception('Required option \'' . self::NAGIOS_URL . '\' is empty!');
-        } elseif (empty($this->certPath)) {
-            throw new \Exception('Required option \'' . self::NAGIOS_CERT_PATH . '\' is empty!');
-        } elseif (empty($this->caPath)) {
-            throw new \Exception('Required option \'' . self::NAGIOS_CA_PATH . '\' is empty!');
+        $config = $this->configuration->getConfigItem(self::STATUS_NAGIOS, null);
+
+        if (is_null($this->host)) {
+            throw new Exception('Property  \'' . self::STATUS_NAGIOS . '\' is missing or invalid!');
         }
-    }
 
+        $this->host = $config->getString(self::HOST, null);
+        $this->keyPath = $config->getString(self::KEY_PATH, null);
+        $this->login = $config->getString(self::LOGIN, null);
+        $this->command = $config->getString(self::COMMAND, null);
+
+        if (empty($this->host)) {
+            throw new Exception('Required option \'' . self::HOST . '\' is empty!');
+        } elseif (empty($this->keyPath)) {
+            throw new Exception('Required option \'' . self::KEY_PATH . '\' is empty!');
+        } elseif (empty($this->login)) {
+            throw new Exception('Required option \'' . self::LOGIN . '\' is empty!');
+        } elseif (empty($this->command)) {
+            throw new Exception('Required option \'' . self::COMMAND . '\' is empty!');
+        }
+    }
 
     public function getStatus()
     {
         $result = [];
-        $serviceStatuses = [];
-
-        $ch = curl_init();
-        curl_setopt($ch, CURLOPT_URL, $this->url);
-        curl_setopt($ch, CURLOPT_VERBOSE, true);
-        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $this->peerVerification);
-        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($ch, CURLOPT_SSLCERT, $this->certPath);
-        curl_setopt($ch, CURLOPT_CAPATH, $this->caPath);
-        curl_setopt($ch, CURLOPT_SSLKEYPASSWD, $this->certPassword);
-
-        $response = curl_exec($ch);
 
-        if ($response === false) {
-            Logger::error(curl_error($ch));
+        if (!($key = file_get_contents($this->keyPath))) {
+            throw new Exception('Cannot load ket from path:  \'' . $this->keyPath . '\' !');
         }
 
-        curl_close($ch);
+        $key = RSA::load($key);
+        $ssh = new SSH2($this->host);
 
-        $jsonResponse = json_decode($response, true);
-
-        if (isset($jsonResponse['status']['service_status'])) {
-            $serviceStatuses = $jsonResponse['status']['service_status'];
+        if (!$ssh->login($this->login, $key)) {
+            throw new Exception('Error during ssh connection to \'' . $this->login . '@' . $this->host . '\' !');
         }
 
-        foreach ($serviceStatuses as $serviceStatus) {
-            $status = [];
-            $status['name'] = $serviceStatus['service_display_name'];
-            $status['status'] = $serviceStatus['status'];
-            array_push($result, $status);
+        $output = $ssh->exec($this->command);
+        $lines = explode("\n", $output);
+        array_pop($lines);
+
+        foreach ($lines as $line) {
+            $lineParts = explode(";", $line);
+            $result[$lineParts[0]][$lineParts[1]] = $lineParts[2];
         }
 
         return $result;

lib/StatusConnector.php

@@ -19,6 +19,9 @@ abstract class StatusConnector
     const CONFIG_FILE_NAME = 'module_perun.php';
     const STATUS_TYPE = 'status.type';
 
+    const OK = 0;
+    const WARNING = 1;
+
     protected $configuration;
 
     /**
@@ -68,11 +71,13 @@ abstract public function getStatus();
      */
     public static function getBadgeByStatus($status)
     {
-        if ($status === OK) {
+        $statusAsInt = intval($status);
+
+        if ($statusAsInt === self::OK) {
             return '<span class="status label label-success">OK</span>';
-        } elseif ($status === WARNING) {
+        } elseif ($statusAsInt === self::WARNING) {
             return '<span class="status label label-warning">WARNING</span>';
-        } elseif ($status === CRITICAL || $status === UNKNOWN) {
+        } else {
             return '<span class="status label label-danger">CRITICAL</span>';
         }
     }

www/status.php

@@ -1,36 +1,38 @@
 <?php
 
-use SimpleSAML\Module\perun\StatusConnector;
-
-const OK = 'OK';
-const WARNING = 'WARNING';
-const CRITICAL = 'CRITICAL';
-const UNKNOWN = 'UNKNOWN';
 
 const CONFIG_FILE_NAME = 'module_perun.php';
+const STATUS_NAGIOS = 'status_nagios';
 const SHOWN_SERVICES = 'status.shown_services';
 
+const HOST = 'host';
+const PROBE_IDENTIFIER = 'probe_identifier';
+const STATUS = 'status';
+
 $services = [];
+$shownServicesList = [];
 
 $config = SimpleSAML_Configuration::getInstance();
 $perunConfig = SimpleSAML_Configuration::getConfig(CONFIG_FILE_NAME);
 
-$shownServicesList = $perunConfig->getArray(SHOWN_SERVICES, []);
+$params = $perunConfig->getArray(STATUS_NAGIOS, []);
+
+if (isset($params[SHOWN_SERVICES]) && is_array($params[SHOWN_SERVICES])) {
+    $shownServicesList = $params[SHOWN_SERVICES];
+}
 
 $statusConnector = sspmod_perun_StatusConnector::getInstance();
 $services = $statusConnector->getStatus();
 
 $shownServices = [];
 
-
 if (empty($shownServicesList)) {
     $shownServices = $services;
 } else {
-    foreach ($services as $service) {
-        $serviceName = $service['name'];
-        if (in_array($serviceName, array_keys($shownServicesList))) {
-            $service['name'] = $shownServicesList[$serviceName]['name'];
-            $service['description'] = $shownServicesList[$serviceName]['description'];
+    foreach ($shownServicesList as $service) {
+        if (isset($services[$service[HOST]][$service[PROBE_IDENTIFIER]])) {
+            $host = $services[$service[HOST]];
+            $service[STATUS] = $host[$service[PROBE_IDENTIFIER]];
             array_push($shownServices, $service);
         }
     }