python中命令的远程执行

发布于 2025-02-04 02:28:49 字数 1683 浏览 1 评论 0原文

我绝不会经常编写脚本，但是我试图编写一个Nagios插件来检查远程主机上RAID控制器的状态。问题在于，获得输出的命令需要提高特权。实现这一目标的正确，最有效的方法是什么？目的是运行：

'/opt/opt/megaraid/megacli/megacli64 -showsummary -a0'

在监视服务器的远程主机上，

然后遵循此逻辑的基本思想：

#Nagios Plugin for Testing LSI Raid Status
import os, sys
import argparse
import socket
import subprocess
#nagios exit codes do not change#
OK = 0
WARNING = 1
CRITICAL = 2
DEPENDENT = 3
UNKNOWN = 4
#nagios exit codes do not change#
#patterns to be searched
active = str("Active")
online = str("Online")
k = str("OK")
degrade = str("Degraded")
fail = str("Failed")
parser = argparse.ArgumentParser(description='Py3 script for monitoring RAID status.')
#arguments
parser.add_argument("--user",
       metavar = '-U',
       help = "username for remote connection")
parser.add_argument("--hostname",
        metavar = '-H',
        help = "hostname of the remote host")
args = parser.parse_args()
print(args)
#turning args into variables
hostname = args.hostname
user = args.user
ssh = subprocess.Popen(f"ssh {user}@{hostname} /opt/MegaRAID/MegaCli/MegaCli64 -ShowSummary -a0", shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
check = ssh.stdoutreadlines()
OK_STR = str("RAID is OK!")
WARN_STR = str("Warning! Something is wrong with the RAID!")
CRIT_STR = str("CRITICAL! THE RAID IS BROKEN")
UNK_STR = str("Uh oh! Something ain't right?")
if (degrade) in (check):
    print(WARN_STR) and exit(WARNING)
elif (fail) in (check):
    print (CRIT_STR) and exit(CRITICAL)
elif (active) or (online) or (k) in (check):
    print(OK_STR) and exit(OK)
else:
    print(UNK_STR) and exit(UNKNOWN)

有什么想法吗？这与我的强项（也是一个未完成的剧本）相去甚远，所以我为外行形式和措辞中的任何混乱而道歉。

原文

By no means do I write scripts very often, but I am trying to write a Nagios plugin to check the status of a RAID controller on a remote host. The issue is that the command to get the output requires elevated privileges. What would be the correct, and most effective way to pull this off? The goal is to run:

'/opt/MegaRAID/MegaCli/MegaCli64 -ShowSummary -a0'

on a remote host from the monitoring server,

and then follow the basic idea of this logic:

#Nagios Plugin for Testing LSI Raid Status
import os, sys
import argparse
import socket
import subprocess
#nagios exit codes do not change#
OK = 0
WARNING = 1
CRITICAL = 2
DEPENDENT = 3
UNKNOWN = 4
#nagios exit codes do not change#
#patterns to be searched
active = str("Active")
online = str("Online")
k = str("OK")
degrade = str("Degraded")
fail = str("Failed")
parser = argparse.ArgumentParser(description='Py3 script for monitoring RAID status.')
#arguments
parser.add_argument("--user",
       metavar = '-U',
       help = "username for remote connection")
parser.add_argument("--hostname",
        metavar = '-H',
        help = "hostname of the remote host")
args = parser.parse_args()
print(args)
#turning args into variables
hostname = args.hostname
user = args.user
ssh = subprocess.Popen(f"ssh {user}@{hostname} /opt/MegaRAID/MegaCli/MegaCli64 -ShowSummary -a0", shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
check = ssh.stdoutreadlines()
OK_STR = str("RAID is OK!")
WARN_STR = str("Warning! Something is wrong with the RAID!")
CRIT_STR = str("CRITICAL! THE RAID IS BROKEN")
UNK_STR = str("Uh oh! Something ain't right?")
if (degrade) in (check):
    print(WARN_STR) and exit(WARNING)
elif (fail) in (check):
    print (CRIT_STR) and exit(CRITICAL)
elif (active) or (online) or (k) in (check):
    print(OK_STR) and exit(OK)
else:
    print(UNK_STR) and exit(UNKNOWN)

Any thoughts? This is far from my forte (and also an unfinished script) so I apologize for the layman format and any confusion in my phrasing.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

梦太阳 2025-02-11 02:28:49

我正在尝试编写Nagios插件，以检查远程主机上RAID控制器的状态。问题在于，获得输出的命令需要提高特权。做到这一点的正确，最有效的方法是什么？

我建议您在所讨论的系统上远程运行脚本，然后给用户NRPE守护程序正在运行（可能nagios或类似）sudo权限，以使用一些非常确切的参数运行该脚本。

nrpe.cfg文件提到了此示例：

# Usage scenario:
# Execute restricted commmands using sudo.  For this to work, you need to add
# the nagios user to your /etc/sudoers.  An example entry for alllowing
# execution of the plugins from might be:
#
# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/

...但是没有理由如此宽容，您只能通过仅允许确切命令来使其更安全：

nagios ALL = NOPASSWD: /usr/sbin/megacli

请注意，这允许使用该命令的任何参数，甚至更安全，它将不允许任何其他变体（示例）：

nagios ALL = NOPASSWD: /usr/sbin/megacli -a foo -b bar -c5 -w1

然后配置NRPE命令在其之前使用Sudo运行上面的命令，并且应该使用。您可以通过su验证：访问Nagios用户并亲自尝试使用sudo命令。

另外，请注意，您很可能会为Python Nagios插件导入一些可用的模块，这使您更容易获得对阈值及其语法之类的内置支持。

I am trying to write a Nagios plugin to check the status of a RAID controller on a remote host. The issue is that the command to get the output requires elevated privileges. What would be the correct, and most effective way to pull this off?

I would recommend running the script remotely over NRPE on the system in question, and then give the user the NRPE daemon is running as (probably nagios or similar) sudo permissions to run that script with some very exact parameters.

The nrpe.cfg file mentions this example:

# Usage scenario:
# Execute restricted commmands using sudo.  For this to work, you need to add
# the nagios user to your /etc/sudoers.  An example entry for alllowing
# execution of the plugins from might be:
#
# nagios          ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/

...but there's no reason to be so forgiving, you can make it a lot safer by only allowing an exact command:

nagios ALL = NOPASSWD: /usr/sbin/megacli

Note that this allows any parameters with that command, this is even safer as it will not allow any other variants (example):

nagios ALL = NOPASSWD: /usr/sbin/megacli -a foo -b bar -c5 -w1

Then configure the nrpe command to run the above with sudo before it, and it should work. You can verify by su:ing to the nagios user and trying the sudo command yourself.

Also, note that there are very likely some available modules you can import for python nagios plugins that makes it easier for you, to get built-in support for things like thresholds and their syntax.

回复收藏 0 原文

~没有更多了~