There will be maintenance performed on git.ligo.org, chat.ligo.org, containers.lig.org, and docs.ligo.org starting at 9am PDT on Tuesday 18th August 2020. There will be an extremely small period of downtime at the start of the maintenance window as various services are restarted. Please address any comments, questions, or concerns to computing-help@igwn.org.

Verified Commit 37dd5c29 authored by Thomas Downes's avatar Thomas Downes Committed by Tanner Prestegard

Add nagios shibboleth status check for use as kubernetes health/readiness probes

parent 3c61e44c
......@@ -40,6 +40,7 @@ COPY docker/shibboleth-ds /etc/shibboleth-ds
COPY docker/apache-config /etc/apache2/sites-available/gracedb.conf
COPY docker/login.ligo.org.cert.LIGOCA.pem /etc/shibboleth/login.ligo.org.cert.LIGOCA.pem
COPY docker/inc-md-cert.pem /etc/shibboleth/inc-md-cert.pem
COPY docker/check_shibboleth_status /usr/local/bin/check_shibboleth_status
RUN a2dissite 000-default.conf && \
a2ensite gracedb.conf && \
......
#!/usr/bin/python
'''
Pulls Shibboleth status.sso page, checks for:
1. Presence of <OK/> tags under Status and SessionCache,
2. Presence of required metadata feeds (see metadata_feeds).
Run ./check_shibboleth_status -h for help.
'''
# Imports
import argparse, urllib2, sys
import xml.etree.ElementTree as ET
# Parameters - may need to be modified in the future
# if Shibboleth status pages change or new metadata
# providers are added.
tags_to_check = ["Status", "SessionCache"] # XML tags to check for "OK" status.
# Metadata feeds.
default_metadata_feeds = ["ligo-approved-idp-none", "incommon", "cirrus"]
# Default arguments
default_host = "localhost"
default_urlpath = "Shibboleth.sso/Status"
default_timeout = 10
# Process arguments.
parser = argparse.ArgumentParser(formatter_class=
argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("-H", "--host", type=str,
help="Hostname of gracedb server",
default=default_host)
parser.add_argument("-U", "--urlpath", type=str,
help="Path to gracedb server Shibboleth status page",
default=default_urlpath)
parser.add_argument("-T", "--timeout", type=int,
help="Maximum time (in sec.) to allow connecting to server",
default=default_timeout)
parser.add_argument("-F", "--feeds", type=str,
help=("Comma-separated list of metadata feeds to check"
"for the presence of"), default=",".join(
default_metadata_feeds))
args = parser.parse_args()
host = "http://" + args.host
urlpath = args.urlpath
timeout = args.timeout
metadata_feeds = args.feeds.split(",")
# Get XML data from URL.
host_url = host + "/" + urlpath
try:
response = urllib2.urlopen(host_url, timeout=timeout)
except urllib2.URLError:
print "Error opening Shibboleth status page (" + host_url + ")."
sys.exit(2)
except:
print "Unknown error opening Shibboleth status page (" + host_url + ")."
sys.exit(3)
# Convert from string to ElementTree
try:
status_tree = ET.fromstring(response.read())
except ET.ParseError:
# Error parsing response.
print "Error parsing response from server - not in XML format."
sys.exit(2)
except:
# Error that is not ParseError.
print "Unknown error occurred when parsing response from server."
sys.exit(3)
response.close()
# Process XML. ----------------------------
# Check 1: find <Status> and <SessionCache> tags, make sure
# they both contain an <OK/> child.
for tag in tags_to_check:
status_tag = status_tree.find(tag)
if (status_tag is None):
print "Error: tag \'" + tag + "\' not found."
sys.exit(2)
else:
status_OK = status_tag.find('OK')
if (status_OK is None):
print "Error: tag \'" + tag + "\' is not OK."
sys.exit(2)
# Check 2: make sure metadata feeds that we expect
# are actually there.
metaprov_tags = status_tree.findall("MetadataProvider")
srcs = [element.attrib['source'] for element in metaprov_tags]
for feed in metadata_feeds:
feed_found = [src.lower().find(feed) >= 0 for src in srcs]
if (sum(feed_found) < 1):
print "MetadataProvider " + feed + " not found."
sys.exit(2)
elif (sum(feed_found) < 1):
print "MetadataProvider " + feed + "found in multiple elements."
sys.exit(2)
# If we make it to this point, everything is OK.
print "All MetadataProviders found. Status and SessionCache are OK."
sys.exit(0)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment