monitoring/commands: Replace SecureShell' with RemoteCommandFile'

`RemoteCommandFile' is configured via property setters instead of the too general `setEndpoint' function. The ssh command to be executed only has the option 'BatchMode' set to 'yes' as this is enough to disable interactive authentication methods. Further, all arguments become espaced. refs #6593
2025-07-28 08:14:03 +02:00 · 2014-08-29 15:08:58 +02:00 · 2014-08-29 15:08:58 +02:00 · 249099348e
commit 249099348e
parent ec46b368df
2 changed files with 188 additions and 102 deletions
--- a/modules/monitoring/library/Monitoring/Command/Transport/RemoteCommandFile.php
+++ b/modules/monitoring/library/Monitoring/Command/Transport/RemoteCommandFile.php
@ -0,0 +1,188 @@
 <?php
 // {{{ICINGA_LICENSE_HEADER}}}
 // {{{ICINGA_LICENSE_HEADER}}}
 namespace Icinga\Module\Monitoring\Command\Transport;
 use LogicException;
 use Icinga\Logger\Logger;
 use Icinga\Module\Monitoring\Command\Exception\TransportException;
 use Icinga\Module\Monitoring\Command\IcingaCommand;
 /**
 * A remote Icinga command file
 *
 * Key-based SSH login must be possible for the user to log in as on the remote host
 */
 class RemoteCommandFile implements CommandTransportInterface
 {
    /**
     * Remote host
     *
     * @var string
     */
    protected $host;
    /**
     * Port to connect to on the remote host
     *
     * @var int
     */
    protected $port = 22;
    /**
     * User to log in as on the remote host
     *
     * Defaults to current PHP process' user
     *
     * @var string
     */
    protected $user;
    /**
     * Path to the Icinga command file on the remote host
     *
     * @var string
     */
    protected $path;
    /**
     * Set the remote host
     *
     * @param   string $host
     *
     * @return  self
     */
    public function setHost($host)
    {
        $this->host = (string) $host;
        return $this;
    }
    /**
     * Get the remote host
     *
     * @return string
     */
    public function getHost()
    {
        return $this->host;
    }
    /**
     * Set the port to connect to on the remote host
     *
     * @param   int $port
     *
     * @return  self
     */
    public function setPort($port)
    {
        $this->port = (int) $port;
        return $this;
    }
    /**
     * Get the port to connect on the remote host
     *
     * @return int
     */
    public function getPort()
    {
        return $this->port;
    }
    /**
     * Set the user to log in as on the remote host
     *
     * @param   string $user
     *
     * @return  self
     */
    public function setUser($user)
    {
        $this->user = (string) $user;
        return $this;
    }
    /**
     * Get the user to log in as on the remote host
     *
     * Defaults to current PHP process' user
     *
     * @return string|null
     */
    public function getUser()
    {
        return $this->user;
    }
    /**
     * Set the path to the Icinga command file on the remote host
     *
     * @param   string $path
     *
     * @return  self
     */
    public function setPath($path)
    {
        $this->path = (string) $path;
        return $this;
    }
    /**
     * Get the path to the Icinga command file on the remote host
     *
     * @return string
     */
    public function getPath()
    {
        return $this->path;
    }
    /**
     * Write the command to the Icinga command file on the remote host
     *
     * @param   IcingaCommand $command
     *
     * @throws  LogicException
     * @throws  TransportException
     */
    public function send(IcingaCommand $command)
    {
        if (! isset($this->path)) {
            throw new LogicException;
        }
        Logger::debug(
            sprintf(
                mt('monitoring', 'Sending external Icinga command "%s" to the remote command file "%s:%u%s"'),
                $command,
                $this->host,
                $this->port,
                $this->path
            )
        );
        $ssh = sprintf('ssh -o BatchMode=yes -p %u', $this->port);  // -o BatchMode=yes for disabling interactive
                                                                    // authentication methods
        if (isset($this->user)) {
            $ssh .= sprintf(' -l %s', escapeshellarg($this->user));
        }
        $ssh .= sprintf(
            ' %s "echo %s > %s" 2>&1',  // Redirect stderr to stdout
            escapeshellarg($this->host),
            escapeshellarg($command),
            escapeshellarg($this->path)
        );
        exec($ssh, $output, $status);
        if ($status !== 0) {
            throw new TransportException(
                mt(
                    'monitoring',
                    'Can\'t send external Icinga command "%s": %s'
                ),
                $ssh,
                implode(' ', $output)
            );
        }
    }
 }
--- a/modules/monitoring/library/Monitoring/Command/Transport/SecureShell.php
+++ b/modules/monitoring/library/Monitoring/Command/Transport/SecureShell.php
@ -1,102 +0,0 @@
 <?php
 // {{{ICINGA_LICENSE_HEADER}}}
 // {{{ICINGA_LICENSE_HEADER}}}
 namespace Icinga\Protocol\Commandpipe\Transport;
 use RuntimeException;
 use Zend_Config;
 use Icinga\Logger\Logger;
 /**
 * Command pipe transport class that uses ssh for connecting to a remote filesystem with the icinga.cmd pipe
 *
 * The remote host must have KeyAuth enabled for this user
 */
 class SecureShell implements Transport
 {
    /**
     * The remote host to connect to
     *
     * @var string
     */
    private $host = 'localhost';
    /**
     * The location of the icinga pipe on the remote host
     *
     * @var string
     */
    private $path = "/usr/local/icinga/var/rw/icinga.cmd";
    /**
     * The SSH port of the remote host
     *
     * @var int
     */
    private $port = 22;
    /**
     * The user to authenticate with on the remote host
     *
     * @var String
     */
    private $user = null;
    /**
     * Overwrite the target file of this Transport class using the given config from instances.ini
     *
     * @param   Zend_Config $config
     *
     * @see     Transport::setEndpoint()
     */
    public function setEndpoint(Zend_Config $config)
    {
        $this->host = isset($config->host) ? $config->host : 'localhost';
        $this->port = isset($config->port) ? $config->port : 22;
        $this->user = isset($config->user) ? $config->user : null;
        $this->path = isset($config->path) ? $config->path : '/usr/local/icinga/var/rw/icinga.cmd';
    }
    /**
     * Write the given external command to the command pipe
     *
     * @param   string $command
     *
     * @throws  RuntimeException When the command could not be sent to the remote Icinga host
     * @see     Transport::send()
     */
    public function send($command)
    {
        $retCode = 0;
        $output = array();
        Logger::debug(
            'Icinga instance is on different host, attempting to send command %s via ssh to %s:%s/%s',
            $command,
            $this->host,
            $this->port,
            $this->path
        );
        $hostConnector = $this->user ? $this->user . "@" . $this->host : $this->host;
        $command = escapeshellarg('['. time() .'] ' . $command);
        $sshCommand = sprintf(
            'ssh -o BatchMode=yes -o KbdInteractiveAuthentication=no %s -p %d'
          . ' "echo %s > %s" 2>&1',
            $hostConnector,
            $this->port,
            $command,
            $this->path
        );
        exec($sshCommand, $output, $retCode);
        Logger::debug("Command '%s' exited with %d: %s", $sshCommand, $retCode, $output);
        if ($retCode != 0) {
            $msg =  'Could not send command to remote Icinga host: '
                . implode(PHP_EOL, $output)
                . " (returncode $retCode)";
            Logger::error($msg);
            throw new RuntimeException($msg);
        }
    }
 }