Univention Bugzilla – Bug 33593
Insufficient quoting univention-nagios/30univention-nagios-client.inst - join fails
Last modified: 2014-01-29 11:18:39 CET
In univention-nagios/30univention-nagios-client.inst "${ldap_base}" is not quoted, leading to a join failure when the LDAP-base contains a blank, e.g. "ou=Zentrale Bremen,o=Univention GmbH,c=de" diff --git nagios/univention-nagios/30univention-nagios-client.inst nagios/univention-nagios/30univention-nagios-client.inst index 12363f3..609c9e0 100755 --- nagios/univention-nagios/30univention-nagios-client.inst +++ nagios/univention-nagios/30univention-nagios-client.inst @@ -53,9 +53,9 @@ if [ ! "$nagios_client_autoregister" = "no" ] ; then # Enable Nagios for this host # Managed clients are still called "fatclient" in Config Registry if [ "$server_role" = "fatclient" ] ; then - univention-directory-manager computers/managedclient modify "$@" --dn ${ldap_hostdn} --append-option="nagios" + univention-directory-manager computers/managedclient modify "$@" --dn "${ldap_hostdn}" --append-option="nagios" else - univention-directory-manager computers/${server_role} modify "$@" --dn ${ldap_hostdn} --append-option="nagios" + univention-directory-manager "computers/${server_role}" modify "$@" --dn "${ldap_hostdn}" --append-option="nagios" fi # remove obsolete services from host Some more cleanup: 1. Use "udm --position" instead of "udm --filter | grep" which breaks if the LDAP dn contains regular-expression meta-characters. 2. Also remove use of "$?" is is useless when combined with ! or "| grep". 3. Convert large disjunction in "if" into "switch" statement. diff --git nagios/univention-nagios/30univention-nagios-client.inst nagios/univention-nagios/30univention-nagios-client.inst index 12363f3..99cddcd 100755 --- nagios/univention-nagios/30univention-nagios-client.inst +++ nagios/univention-nagios/30univention-nagios-client.inst @@ -41,11 +41,34 @@ eval "$(univention-config-registry shell)" univention-config-registry commit /etc/nagios/nrpe.cfg +assign_service () { + local dn="cn=${1},cn=nagios,${ldap_base}" + shift 1 + if udm nagios/service list "$@" --position "$dn" >/dev/null + then + univention-directory-manager nagios/service modify "$@" --dn "$dn" --append assignedHosts="$ldap_hostdn" + else + echo "Skipping $dn" + fi +} + +remove_service () { + local dn="cn=${1},cn=nagios,${ldap_base}" + shift 1 + if udm nagios/service list "$@" --position "$dn" >/dev/null + then + univention-directory-manager nagios/service modify "$@" --dn "$dn" --remove assignedHosts="$ldap_hostdn" + else + echo "Skipping $dn" + fi +} + # only register host to ldap if nagios/client/autoregister is not "no" if [ ! "$nagios_client_autoregister" = "no" ] ; then - if ! udm container/cn list "$@" --filter cn=nagios | grep "^DN: cn=nagios,$ldap_base$" 2>/dev/null >/dev/null ; then - echo "Cannot find container cn=nagios,$ldap_base (ldapsearch error $?)" + if ! udm container/cn list "$@" --position "cn=nagios,$ldap_base$" >/dev/null + then + echo "Cannot find container cn=nagios,$ldap_base" echo "Please check if univention-nagios-server is installed on a system in UCS domain." exit 0 fi @@ -53,80 +76,43 @@ if [ ! "$nagios_client_autoregister" = "no" ] ; then # Enable Nagios for this host # Managed clients are still called "fatclient" in Config Registry if [ "$server_role" = "fatclient" ] ; then - univention-directory-manager computers/managedclient modify "$@" --dn ${ldap_hostdn} --append-option="nagios" + univention-directory-manager computers/managedclient modify "$@" --dn "${ldap_hostdn}" --append-option="nagios" else - univention-directory-manager computers/${server_role} modify "$@" --dn ${ldap_hostdn} --append-option="nagios" + univention-directory-manager "computers/${server_role}" modify "$@" --dn "${ldap_hostdn}" --append-option="nagios" fi # remove obsolete services from host - oldServices="UNIVENTION_SMTP UNIVENTION_LDAP" - for i in $oldServices; do - dn="cn=$i,cn=nagios,$ldap_base" - if udm nagios/service list "$@" --filter name="$i" | grep -q "^DN: cn=$i"; then - univention-directory-manager nagios/service modify "$@" --dn "$dn" \ - --remove assignedHosts="${ldap_hostdn}" - fi - done + remove_service "UNIVENTION_SMTP" "$@" + remove_service "UNIVENTION_LDAP" "$@" # append host to default services - for dn in "cn=UNIVENTION_PING,cn=nagios,$ldap_base" \ - "cn=UNIVENTION_DISK_ROOT,cn=nagios,$ldap_base" \ - "cn=UNIVENTION_SWAP,cn=nagios,$ldap_base" \ - "cn=UNIVENTION_DNS,cn=nagios,$ldap_base" \ - "cn=UNIVENTION_SMTP2,cn=nagios,$ldap_base" \ - "cn=UNIVENTION_REPLICATION,cn=nagios,$ldap_base" \ - "cn=UNIVENTION_LOAD,cn=nagios,$ldap_base" \ - "cn=UNIVENTION_NSCD,cn=nagios,$ldap_base" ; do - rdn="$(echo $dn | sed -e 's|,.*||')" - if udm nagios/service list "$@" --filter "$rdn" | grep "^DN: $dn" 2>/dev/null >/dev/null; then - univention-directory-manager nagios/service modify "$@" --append assignedHosts="${ldap_hostdn}" --dn "$dn" - else - echo "Skipping $dn (code $?)" - fi - done + assign_service "UNIVENTION_PING" "$@" + assign_service "UNIVENTION_DISK_ROOT" "$@" + assign_service "UNIVENTION_SWAP" "$@" + assign_service "UNIVENTION_DNS" "$@" + assign_service "UNIVENTION_SMTP2" "$@" + assign_service "UNIVENTION_REPLICATION" "$@" + assign_service "UNIVENTION_LOAD" "$@" + assign_service "UNIVENTION_NSCD" "$@" # add ssl check only on role "domaincontroler_master/backup" - if [ "$server_role" = "domaincontroller_master" -o \ - "$server_role" = "domaincontroller_backup" ] ; then - for dn in "cn=UNIVENTION_SSL,cn=nagios,$ldap_base"; do - rdn="$(echo $dn | sed -e 's|,.*||')" - if udm nagios/service list "$@" --filter "$rdn" | grep "^DN: $dn" 2>/dev/null >/dev/null; then - univention-directory-manager nagios/service modify "$@" --append assignedHosts="${ldap_hostdn}" --dn "$dn" - else - echo "Skipping $dn (code $?)" - fi - done - fi + case "$server_role" in + domaincontroller_master|domaincontroller_backup) + assign_service "cn=UNIVENTION_SSL" "$@" + esac # add ldap check only on role "domaincontroler_*" - if [ "$server_role" = "domaincontroller_master" -o \ - "$server_role" = "domaincontroller_backup" -o \ - "$server_role" = "domaincontroller_slave" ] ; then - for dn in "cn=UNIVENTION_LDAP_AUTH,cn=nagios,$ldap_base" \ - "cn=UNIVENTION_NTP,cn=nagios,$ldap_base"; do - rdn="$(echo $dn | sed -e 's|,.*||')" - if udm nagios/service list "$@" --filter "$rdn" | grep "^DN: $dn" 2>/dev/null >/dev/null; then - univention-directory-manager nagios/service modify "$@" --append assignedHosts="${ldap_hostdn}" --dn "$dn" - else - echo "Skipping $dn (code $?)" - fi - done - fi + case "$server_role" in + domaincontroller_master|domaincontroller_backup|domaincontroller_slave) + assign_service "cn=UNIVENTION_LDAP_AUTH" "$@" + assign_service "cn=UNIVENTION_NTP" "$@" + esac # add joinstatus check only on role "domaincontroler_*, memberserver and managedclients" - if [ "$server_role" = "domaincontroller_master" -o \ - "$server_role" = "domaincontroller_backup" -o \ - "$server_role" = "domaincontroller_slave" -o \ - "$server_role" = "memberserver" -o \ - "$server_role" = "fatclient" ] ; then - dn="cn=UNIVENTION_JOINSTATUS,cn=nagios,$ldap_base" - rdn="$(echo $dn | sed -e 's|,.*||')" - if udm nagios/service list "$@" --filter "$rdn" | grep "^DN: $dn" 2>/dev/null >/dev/null; then - univention-directory-manager nagios/service modify "$@" --append assignedHosts="${ldap_hostdn}" --dn "$dn" - else - echo "Skipping $dn (code $?)" - fi - fi + case "$server_role" in + domaincontroller_master|domaincontroller_backup|domaincontroller_slave|memberserver|fatclient) + assign_service "cn=UNIVENTION_JOINSTATUS" "$@" + esac fi joinscript_save_current_version
Patch for UCS-3.2 (the previous one was for UCS-3.0): diff --git a/branches/ucs-3.2/ucs-3.2-0/nagios/univention-nagios/30univention-nagios-client.inst b/branches/ucs-3.2/ucs-3.2-0/nagios/univention-nagios/30univention-nagios-client.inst index f1afb16..df05d48 100755 --- a/branches/ucs-3.2/ucs-3.2-0/nagios/univention-nagios/30univention-nagios-client.inst +++ b/branches/ucs-3.2/ucs-3.2-0/nagios/univention-nagios/30univention-nagios-client.inst @@ -53,9 +53,9 @@ if [ ! "$nagios_client_autoregister" = "no" ] ; then # Enable Nagios for this host # Managed clients are still called "fatclient" in Config Registry if [ "$server_role" = "fatclient" ] ; then - univention-directory-manager computers/managedclient modify "$@" --dn ${ldap_hostdn} --append-option="nagios" || die + univention-directory-manager computers/managedclient modify "$@" --dn "$ldap_hostdn" --append-option="nagios" || die else - univention-directory-manager computers/${server_role} modify "$@" --dn ${ldap_hostdn} --append-option="nagios" || die + univention-directory-manager computers/${server_role} modify "$@" --dn "$ldap_hostdn" --append-option="nagios" || die fi # remove obsolete services from host
fixed quoting in 30univention-nagios-client.inst and 28univention-nagios-server.inst YAML: 2014-01-08-univention-nagios.yaml
OK: univention-nagios r46949 OK: aptitude install univention-nagios-client=7.0.5-6.259.201401141920 > Calling joinscript 30univention-nagios-client.inst ... > Joinscript 30univention-nagios-client.inst finished with exitcode 1 that message is expected and normal, but still confusing. OK: ./internal/repo-ng/announce/announce_errata -V ucs-3.2-0/doc/errata/staging/2014-01-08-univention-nagios.yaml "ucs-3.2-0/doc/errata/staging/2014-01-08-univention-nagios.yaml" looks valid OK: Update # printf univention >./univention # ldap_position="ou=a b,dc=phahn,dc=qa" /usr/sbin/univention-join -dcaccount Administrator -dcpwd ./univention ... Configure 30univention-nagios-client.inst failed # tail /var/log/univention/join.log Configure 30univention-nagios-client.inst Fri Jan 17 12:23:43 CET 2014 File: /etc/nagios/nrpe.cfg WARNING: the following arguments are ignored: "b,dc=phahn,dc=qa" "--append-option=nagios" E: object not found Fri Jan 17 12:23:44 CET 2014: finish /usr/sbin/univention-join # echo 'deb http://omar.knut.univention.de/build2 ucs_3.2-0-errata3.2-0/$(ARCH)/' >>/etc/apt/sources.list # aptitude -q update # aptitude install univention-nagios-client=7.0.5-7.260.201401151238 # echo -n univention > univention ; univention-run-join-scripts -dcaccount Administrator -dcpwd ./univention ... Running 30univention-nagios-client.inst done ... # univention-ldapsearch -xLLLb "$(ucr get ldap/hostdn)" univentionNagiosEnabled dn: cn=nagios2,ou=a b,dc=phahn,dc=qa univentionNagiosEnabled: 1 OK: Install # ... /etc/apt/sources.list ; ... update ; ... install ; univention-join ... ... Configure 30univention-nagios-client.inst done
http://errata.univention.de/ucs/3.2/36.html