diff --git a/extra/alerts/alert_file.sh.sample b/extra/alerts/alert_file.sh.sample index 5bfe383689..a6a4913c78 100644 --- a/extra/alerts/alert_file.sh.sample +++ b/extra/alerts/alert_file.sh.sample @@ -1,106 +1,102 @@ #!/bin/bash # # Copyright (C) 2015 Andrew Beekhof # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public # License as published by the Free Software Foundation; either # version 2 of the License, or (at your option) any later version. # # This software is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # ############################################################################## -# This sample script assumes that only users who already have root access can -# edit the CIB. Otherwise, a malicious user can create damage anywhere in the -# filesystem where user hacluster has access - as well as writing to special -# files. -# If that is not the case in your environment, you should edit this script to -# validate the log-destination. -# # Sample configuration (cib fragment in xml notation) # ================================ # # -# -# +# +# # # # # # # # # # if [ -z $CRM_alert_version ]; then - echo "Pacemaker version 1.1.15 is required" >> ${CRM_alert_recipient} + echo "Pacemaker version 1.1.15 or later is required" >> "${CRM_alert_recipient}" exit 0 fi debug_exec_order_default="false" +# Pacemaker passes instance attributes to alert agents as environment variables. +# It is completely up to the agent what instance attributes to support. +# Here, we define an instance attribute "debug_exec_order". : ${debug_exec_order=${debug_exec_order_default}} if [ "${debug_exec_order}" = "true" ] tstamp=`printf "%04d. " "$CRM_alert_node_sequence"` if [ ! -z $CRM_alert_timestamp ]; then tstamp="${tstamp} $CRM_alert_timestamp (`date "+%H:%M:%S.%06N"`): " fi else if [ ! -z $CRM_alert_timestamp ]; then tstamp="$CRM_alert_timestamp: " fi fi case $CRM_alert_kind in node) - echo "${tstamp}Node '${CRM_alert_node}' is now '${CRM_alert_desc}'" >> ${CRM_alert_recipient} + echo "${tstamp}Node '${CRM_alert_node}' is now '${CRM_alert_desc}'" >> "${CRM_alert_recipient}" ;; fencing) # Other keys: # # CRM_alert_node # CRM_alert_task # CRM_alert_rc # - echo "${tstamp}Fencing ${CRM_alert_desc}" >> ${CRM_alert_recipient} + echo "${tstamp}Fencing ${CRM_alert_desc}" >> "${CRM_alert_recipient}" ;; resource) # Other keys: # # CRM_alert_target_rc # CRM_alert_status # CRM_alert_rc # if [ ${CRM_alert_interval} = "0" ]; then CRM_alert_interval="" else CRM_alert_interval=" (${CRM_alert_interval})" fi if [ ${CRM_alert_target_rc} = "0" ]; then CRM_alert_target_rc="" else CRM_alert_target_rc=" (target: ${CRM_alert_target_rc})" fi case ${CRM_alert_desc} in Cancelled) ;; *) - echo "${tstamp}Resource operation '${CRM_alert_task}${CRM_alert_interval}' for '${CRM_alert_rsc}' on '${CRM_alert_node}': ${CRM_alert_desc}${CRM_alert_target_rc}" >> ${CRM_alert_recipient} + echo "${tstamp}Resource operation '${CRM_alert_task}${CRM_alert_interval}' for '${CRM_alert_rsc}' on '${CRM_alert_node}': ${CRM_alert_desc}${CRM_alert_target_rc}" >> "${CRM_alert_recipient}" ;; esac ;; *) - echo "${tstamp}Unhandled $CRM_alert_kind alert" >> ${CRM_alert_recipient} - env | grep CRM_alert >> ${CRM_alert_recipient} + echo "${tstamp}Unhandled $CRM_alert_kind alert" >> "${CRM_alert_recipient}" + env | grep CRM_alert >> "${CRM_alert_recipient}" ;; esac diff --git a/extra/alerts/alert_smtp.sh.sample b/extra/alerts/alert_smtp.sh.sample index 81bbc5f76b..e677271f69 100644 --- a/extra/alerts/alert_smtp.sh.sample +++ b/extra/alerts/alert_smtp.sh.sample @@ -1,112 +1,113 @@ #!/bin/bash # # Copyright (C) 2016 Klaus Wenninger # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public # License as published by the Free Software Foundation; either # version 2 of the License, or (at your option) any later version. # # This software is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. # # You should have received a copy of the GNU General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # ############################################################################## # # Sample configuration (cib fragment in xml notation) # ================================ # # -# -# +# +# # # # # -# +# # # # email_recipient="${CRM_alert_recipient}" email_client_default="sendmail" email_sender_default="hacluster" email_recipient_default="root" : ${email_client=${email_client_default}} : ${email_sender=${email_sender_default}} : ${email_recipient=${email_recipient_default}} node_name=`uname -n` cluster_name=`crm_attribute --query -n cluster-name -q` email_body=`env | grep CRM_alert_` if [ ! -z "${email_sender##*@*}" ]; then email_sender="${email_sender}@${node_name}" fi if [ ! -z "${email_recipient##*@*}" ]; then email_recipient="${email_recipient}@${node_name}" fi if [ -z ${CRM_alert_version} ]; then - email_subject="Pacemaker version 1.1.15 is required for smtp-helper" - + email_subject="Pacemaker version 1.1.15 or later is required for alerts" else - case ${CRM_alert_kind} in node) email_subject="${CRM_alert_timestamp} ${cluster_name}: Node '${CRM_alert_node}' is now '${CRM_alert_desc}'" ;; fencing) email_subject="${CRM_alert_timestamp} ${cluster_name}: Fencing ${CRM_alert_desc}" ;; resource) if [ ${CRM_alert_interval} = "0" ]; then CRM_alert_interval="" else CRM_alert_interval=" (${CRM_alert_interval})" fi if [ ${CRM_alert_target_rc} = "0" ]; then CRM_alert_target_rc="" else CRM_alert_target_rc=" (target: ${CRM_alert_target_rc})" fi case ${CRM_alert_desc} in Cancelled) ;; *) email_subject="${CRM_alert_timestamp} ${cluster_name}: Resource operation '${CRM_alert_task}${CRM_alert_interval}' for '${CRM_alert_rsc}' on '${CRM_alert_node}': ${CRM_alert_desc}${CRM_alert_target_rc}" ;; esac ;; *) email_subject="${CRM_alert_timestamp} ${cluster_name}: Unhandled $CRM_alert_kind alert" ;; esac +fi - if [ ! -z "${email_subject}" ]; then - case $email_client in - sendmail) - sendmail -t -r ${email_sender} <<__EOF__ +if [ ! -z "${email_subject}" ]; then + case $email_client in + # This sample script supports only sendmail for sending the email. + # Support for additional senders can easily be added by adding + # new cases here. + sendmail) + sendmail -t -r "${email_sender}" <<__EOF__ From: ${email_sender} To: ${email_recipient} Return-Path: ${email_sender} Subject: ${email_subject} ${email_body} __EOF__ - ;; - *) - ;; - esac - fi + ;; + *) + ;; + esac fi diff --git a/extra/alerts/alert_snmp.sh.sample b/extra/alerts/alert_snmp.sh.sample index 8f8de7bc43..6f16e0e7c4 100644 --- a/extra/alerts/alert_snmp.sh.sample +++ b/extra/alerts/alert_snmp.sh.sample @@ -1,162 +1,145 @@ #!/bin/sh # # Description: Manages a SNMP trap, provided by NTT OSSC as an # script under Heartbeat/LinuxHA control # # Copyright (c) 2016 NIPPON TELEGRAPH AND TELEPHONE CORPORATION # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # ############################################################################## -# This sample script assumes that only users who already have root access can -# edit the CIB. Otherwise, a malicious user could run commands as hacluster by -# inserting shell code into the trap_options variable. If that is not the case -# in your environment, you should edit this script to remove or validate -# trap_options. +# This sample script assumes that only users who already have +# hacluster-equivalent access to the cluster nodes can edit the CIB. Otherwise, +# a malicious user could run commands as hacluster by inserting shell code into +# the trap_options or timestamp-format parameters. # # Sample configuration (cib fragment in xml notation) # ================================ # # -# -# +# +# # # # # # # # # # # ================================ -# ================================ -# -# -# -# -# -# -# -# -# -# -# -# -# -# -# ================================ if [ -z "$CRM_alert_version" ]; then echo "Pacemaker version 1.1.15 or later is required" exit 0 fi # trap_binary_default="/usr/bin/snmptrap" trap_version_default="2c" trap_options_default="" trap_community_default="public" trap_node_states_default="all" trap_fencing_tasks_default="all" trap_resource_tasks_default="all" trap_monitor_success_default="false" trap_add_hires_timestamp_oid_default="true" : ${trap_binary=${trap_binary_default}} : ${trap_version=${trap_version_default}} : ${trap_options=${trap_options_default}} : ${trap_community=${trap_community_default}} : ${trap_node_states=${trap_node_states_default}} : ${trap_fencing_tasks=${trap_fencing_tasks_default}} : ${trap_resource_tasks=${trap_resource_tasks_default}} : ${trap_monitor_success=${trap_monitor_success_default}} : ${trap_add_hires_timestamp_oid=${trap_add_hires_timestamp_oid_default}} if [ "${trap_add_hires_timestamp_oid}" = "true" ]; then hires_timestamp="HOST-RESOURCES-MIB::hrSystemDate s ${CRM_alert_timestamp}" fi is_in_list() { item_list=`echo "$1" | tr ',' ' '` if [ "${item_list}" = "all" ]; then return 0 else for act in $item_list do act=`echo "$act" | tr A-Z a-z` [ "$act" != "$2" ] && continue return 0 done fi return 1 } case "$CRM_alert_kind" in node) is_in_list "${trap_node_states}" "${CRM_alert_desc}" [ $? -ne 0 ] && exit 0 "${trap_binary}" -v "${trap_version}" ${trap_options} \ -c "${trap_community}" "${CRM_alert_recipient}" "" \ PACEMAKER-MIB::pacemakerNotificationTrap \ PACEMAKER-MIB::pacemakerNotificationNode s "${CRM_alert_node}" \ PACEMAKER-MIB::pacemakerNotificationDescription s "${CRM_alert_desc}" \ ${hires_timestamp} ;; fencing) is_in_list "${trap_fencing_tasks}" "${CRM_alert_task}" [ $? -ne 0 ] && exit 0 "${trap_binary}" -v "${trap_version}" ${trap_options} \ -c "${trap_community}" "${CRM_alert_recipient}" "" \ PACEMAKER-MIB::pacemakerNotificationTrap \ PACEMAKER-MIB::pacemakerNotificationNode s "${CRM_alert_node}" \ PACEMAKER-MIB::pacemakerNotificationOperation s "${CRM_alert_task}" \ PACEMAKER-MIB::pacemakerNotificationDescription s "${CRM_alert_desc}" \ PACEMAKER-MIB::pacemakerNotificationReturnCode i ${CRM_alert_rc} \ ${hires_timestamp} ;; resource) is_in_list "${trap_resource_tasks}" "${CRM_alert_task}" [ $? -ne 0 ] && exit 0 case "${CRM_alert_desc}" in Cancelled) ;; *) if [ "${trap_monitor_success}" = "false" ]; then if [[ ${CRM_alert_rc} -eq 0 && "${CRM_alert_task}" == "monitor" ]]; then exit; fi fi "${trap_binary}" -v "${trap_version}" ${trap_options} \ -c "${trap_community}" "${CRM_alert_recipient}" "" \ PACEMAKER-MIB::pacemakerNotificationTrap \ PACEMAKER-MIB::pacemakerNotificationNode s "${CRM_alert_node}" \ PACEMAKER-MIB::pacemakerNotificationResource s "${CRM_alert_rsc}" \ PACEMAKER-MIB::pacemakerNotificationOperation s "${CRM_alert_task}" \ PACEMAKER-MIB::pacemakerNotificationDescription s "${CRM_alert_desc}" \ PACEMAKER-MIB::pacemakerNotificationStatus i ${CRM_alert_status} \ PACEMAKER-MIB::pacemakerNotificationReturnCode i ${CRM_alert_rc} \ PACEMAKER-MIB::pacemakerNotificationTargetReturnCode i ${CRM_alert_target_rc} \ ${hires_timestamp} ;; esac ;; *) ;; esac