addons:ssh_tunnel

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

addons:ssh_tunnel [2011/04/07 13:37] (current)
Line 1: Line 1:
 +====== ssh_tunnel.sh ======
  
 +^ Author | [[ padraig.lennon@pioneerinvestments.com | Padraig Lennon ]] |
 +^ Compatibility | All Versions |
 +^ Requirements | Linux/​Solaris |
 +^ Download | None |
 +^ Last Update | 2011-04-07 |
 +
 +===== Description =====
 +If you have servers in a DMZ which do not allow inbound connections to port 1984 hobbit, then a common way around it is to allow out ssh (port 22) and create a reverse ssh tunnel to the hobbit server (port 1984) using ssh keys for password-less connections. ​
 +
 +Full details on setting this up can be found on the hobbit wiki: [[http://​en.wikibooks.org/​wiki/​System_Monitoring_with_Xymon/​Other_Docs/​HOWTO#​Monitor_Xymon_clients_in_a_DMZ_using_reverse_SSH_tunnels]] ​
 +
 +(Thanks to Johan Booysen for writing this up)
 +
 +**ssh_tunnels.sh** is a server side bash script which reads the **bb-hosts** file for clients with the appended tag **ssh-tunnels**. ​
 +
 +The script will loop through the list gathered from bb-hosts and check that the reverse ssh tunnel process is up and running. If it is not it will turn red, but it will attempt to restart the tunnel. It will continue to do this until the tunnel is ok.
 +
 +This will result in a new column called **ssh-tunnel** being added to the client display.
 +
 +**Update 0.0.3** - You can now specify non-standard ssh ports to connect to the ssh client. You can do this by using the following syntax: **ssh-tunnel:​NNNN** where NNNN is the port in question. Example ​ **ssh-tunnel:​2222** This is only needed if a non-standard port is used. The script defaults to port 22
 +
 +Please note that if you upgrade your existing version to 0.0.3 you will need to kill all existing tunnels first. This is because the process listing will change. To kill all existing tunnels you can run the command
 +
 +<​code>​
 +for PROCESS in `ps -ef | grep "​[:​]xymon_server:"​ | awk {'​print $2'​}`;​do kill $PROCESS ; done
 +</​code>​
 +
 +where xymon_server is the name of the host running the ssh-tunnels.sh script.. If in doubt just do a directory listing. The script will recreate the tunnels once running
 +
 +
 +===== Installation =====
 +1. Place the script on the Xymon Server in the **/​path/​to/​hobbit/​server/​ext** folder
 +
 +2. chmod 755 /​path/​to/​hobbit/​server/​ext/​ssh_tunnels.sh ​
 +
 +3. Edit the file **/​path/​to/​hobbit/​server/​etc/​hobbitlaunch.cfg**
 +
 +Add the following:
 +<​code>​
 +[ssh-tunnel]
 +    ENVFILE /​path/​to/​hobbit/​server/​etc/​hobbitserver.cfg
 +    CMD $BBHOME/​ext/​ssh-tunnels.sh
 +    LOGFILE $BBSERVERLOGS/​ssh-tunnels.log
 +    INTERVAL 1m
 +</​code>​
 +
 +4. Restart the Xymon Server application
 +
 +===== Source =====
 +==== ssh_tunnel.sh ====
 +<hidden onHidden="​Show Code ⇲" onVisible="​Hide Code ⇱">​
 +<​code>​
 +#!/bin/ksh
 +#set -xv
 +#####################################################################​
 +#
 +#       ​Name: ​                  ​Padraig Lennon
 +#       ​Date: ​                  ​07-Apr-2011
 +#       ​Script Description: ​    Check the SSH tunnels to DMZ (External) Hobbit/​Xymon clients
 +#       ​Version: ​               0.05
 +#       ​Licence: ​                       Please feel free to modify, and use without cost
 +#                                       ​Please leave reference to original author.
 +#
 +#       #########################################################​
 +#
 +#       Date - Modifier - Version - Change
 +#       ​12-Dec-2007 - P.Lennon - 0.01 - Initial Release
 +#       ​19-Aug-2008 - P.Lennon - 0.02 - Updated the script to display the coloured icon on the client
 +#                                                                web page
 +#       ​03-Aug-2009 - P.Lennon - 0.03 - Allow user define the ssh port (if non-standard) in
 +#                                                                bb-host using ssh-tunnel:​port syntax
 +#       ​26-Feb-2010 - P.Lennon - 0.04 - Match exact name of client in COUNT
 +#       ​07-Apr-2011 - P.Lennon - 0.05 - Add "-o StrictHostKeyChecking=no"​ to avoid issues ​
 +#                                                                with Key Checking
 +#
 +
 +###########################################################################​
 +#       ​Constants/​Global variables
 +###########################################################################​
 +
 +PROGNAME=$(basename $0)                 # Script Name
 +TEMP_FILE=/​tmp/​${PROGNAME}.$$.$RANDOM ​  # Temp Output File
 +TEST=ssh-tunnel ​                                        # Hobbit/​Xymon test name
 +COLUMN=$TEST ​                                           # Hobbit/​Xymon test name
 +AUTHOR=padraig.lennon@pioneerinvestments.com # Test Author
 +VERSION="<​p><​center><​h5>​`basename $0`, $AUTHOR </​h5></​center>"​
 +SSH_PORT="​22"​
 +
 +###########################################################################​
 +#       ​Functions
 +###########################################################################​
 +
 +#####
 +#       ​Function to remove temporary files and other housekeeping
 +#       ​Arguments=0
 +#####
 +function clean_up
 +{
 +        rm -f ${TEMP_FILE} ​             # Remove the temp output file
 +}
 +
 +
 +#####
 +#       ​Function called for a graceful exit
 +#       ​Arguments=0
 +#####
 +function graceful_exit
 +{
 +        clean_up
 +        exit
 +}
 +
 +
 +
 +#####
 +#       ​Function for exit due to fatal program error
 +#       ​Arguments=1
 +#       ​Argument 0: string containing descriptive error message
 +#####
 +function error_exit
 +{
 +        local ERR_MSG
 +
 +        ERR_MSG="##​\n#​Error:​ ${1}\n##​\n"​
 +        echo -e ${ERR_MSG} >&2
 +        clean_up
 +        exit 255
 +}
 +
 +
 +
 +#####
 +#       ​Function for printing warning messages
 +#       ​Arguments=1
 +#       ​Argument 0: string containing descriptive warning message
 +#####
 +function warning
 +{
 +        local WARN_MSG
 +
 +        WARN_MSG="##​\n#​Warning:​ ${1}\n##​\n"​
 +        echo -e ${WARN_MSG} >&2
 +}
 +
 +
 +
 +#####
 +#       ​Function for printing script steps
 +#       ​Arguments=1
 +#       ​Argument 0: string containing descriptive step message
 +#####
 +function print_step
 +{
 +        local STEP_MSG
 +
 +        STEP_MSG="#​---->​ ${1}"
 +        echo -e ${STEP_MSG}
 +}
 +
 +
 +
 +#####
 +#       ​Function to perform exit if interrupt signal is trapped
 +#       ​Arguments=0
 +#####
 +function int_exit
 +{
 +        echo -e "​${PROGNAME}:​ Aborted by user"
 +        clean_up
 +        exit 255
 +}
 +
 +
 +
 +
 +#####
 +#       ​Function to display help message for program
 +#       No arguments
 +#####
 +function help
 +{
 +        local tab=$(echo -en "​\t\t"​)
 +
 +cat <<- -EOF-
 +
 +        Check ssh-tunnels to dmz clients
 +
 +
 +        Usage: ${PROGNAME} [-h]
 +
 +        Required parameters:
 +
 +        Optional parameters:
 +
 +        -h, --help ​     Display this help message and exit.
 +
 +
 +        Example(s):
 +
 +        ${PROGNAME}
 +
 +
 +        Exit Codes:
 +        0       ​Success
 +        255     Error
 +
 +
 +        Author: Padraig Lennon
 +
 +-EOF-
 +}
 +
 +
 +#####   USER DEFINED FUNCTIONS ​ ######################​
 +###########################################################################​
 +#       Check command line parameters
 +###########################################################################​
 +
 +# Trap INT signals and properly exit
 +
 +trap int_exit INT
 +
 +
 +
 +# Process command line arguments
 +#       ​Parameters with arguments divide with : i.e. for option o use o:
 +#       ​Parameters with no arguments add the option after the h. no extra :
 +while getopts ":​h"​ opt; do
 +        case $opt in
 +                h )     help
 +                        graceful_exit
 +                        ;;
 +                * )     help
 +                        error_exit "Wrong parameter passed"​
 +                        ;;
 +        esac
 +done
 +
 +
 +
 +###########################################################################​
 +#       Main Body of Script
 +###########################################################################​
 +
 +${GREP} -i "​^[0-9].*#​.*${TEST}"​ ${BBHOSTS} | while read L
 +do
 +   set $L     # To get one line of output from the grep output
 +
 +   ​HOSTIP=$1
 +   ​MACHINEDOTS=$2
 +   ​MACHINE=`echo $MACHINEDOTS | $SED -e '​s/​\./,/​g'​`
 +
 +        for OPTION in `echo $* | $AWK -F# {'​print $2'}| $SED s/\s+/\s/g`
 +        do
 +            OPTION_VAL=`echo $OPTION | $GREP ${TEST} 2>/​dev/​null`
 +            if [ "​$OPTION_VAL"​ != ""​ ] ; then
 +                #       We have found the test definition. Check if an alternative port was supplied
 +                SSH_PORT_VAL=`echo $OPTION_VAL | $AWK -F: {'​print $2'}`
 +                if [ "​$SSH_PORT_VAL"​ != ""​ ] ; then
 +                        SSH_PORT=$SSH_PORT_VAL
 +                else
 +                        SSH_PORT=22
 +                fi
 +            fi
 +        done
 +
 +
 +
 +   ​COLOR=green
 +   ​MSG="​$TEST status for host $MACHINEDOTS"​
 +        CLIENT=`echo $MACHINEDOTS | $AWK -F. {'​print $1'}`
 +
 +    COUNT=`$PS -ef|$GREP "ssh -fnNR [1]984"​| $EGREP "​$SSH_PORT $CLIENT$"​| wc -l | $SED -e "s/\ //g"`
 +    if [  $COUNT -eq 0 ] ; then
 +            COLOR=yellow
 +        #   ​Restarting the Tunnel
 +        ssh -fnNR 1984:​`hostname`:​1984 -o StrictHostKeyChecking=no -p $SSH_PORT $CLIENT
 +        if [ $? -ne 0 ] ; then
 +            MSG="&​red Tunnel is down.. Restart attempt failed"​
 +            COLOR=red
 +        else
 +            MSG="&​yellow Tunnel recently restarted"​
 +            COLOR=yellow
 +        fi
 +    elif [ $COUNT -gt 1 ] ; then
 +        for PROCESS in `$PS -ef | $GREP "ssh -fnNR"​| GREP "​$CLIENT"​ | $AWK {'​print $2'}`
 +        do
 +            kill $PROCESS
 +        done
 +
 +        #   ​Restarting the Tunnel
 +        ssh -fnNR 1984:​`hostname`:​1984 -o StrictHostKeyChecking=no -p $SSH_PORT $CLIENT
 +            if [ $? -ne 0 ] ; then
 +                MSG="&​red Tunnel is down.. Restart attempt failed"​
 +                COLOR=red
 +            else
 +                MSG="&​yellow Tunnel recently restarted"​
 +                COLOR=yellow
 +            fi
 +    else
 +        MSG="&​green SSH Tunnel to $CLIENT ok"
 +    fi
 +
 +$BB $BBDISP "​status $MACHINEDOTS.$COLUMN $COLOR `date`
 +
 +${MSG}
 +
 +
 + ​$VERSION
 +"
 +
 +done
 +
 +graceful_exit
 +</​code>​
 +</​hidden>​
 +
 +===== Known  Bugs and Issues =====
 +
 +===== To Do =====
 +
 +===== Credits =====
 +
 +===== Changelog =====
 +
 +  * **2008-08-14 - 0.0.1**
 +    * Initial release
 +  * **2008-08-19 - 0.0.2**
 +    * Updated the script to display the coloured icon on the client web page
 +  * **2009-08-03 - 0.0.3**
 +    * Allow user define the ssh port (if non-standard) in bb-hosts using ssh-tunnel:​port syntax
 +  * **2010-02-26 - 0.0.4**
 +    * Match exact name of client in COUNT (Thanks Tony Larco for testing)
 +  * **2011-04-07 - 0.0.5**
 +    * Added "-o StrictHostKeyChecking=no"​ to avoid issues with key checking
  • addons/ssh_tunnel.txt
  • Last modified: 2011/04/07 13:37
  • (external edit)