AMBARI-3188. Nagios alerts should work with http authentication enabled. (odiachenko)

ambari-agent/src/main/puppet/modules/hdp-nagios/files/check_name_dir_status.php

@@ -19,17 +19,36 @@
 
 /* This plugin makes call to namenode, get the jmx-json document
  * check the NameDirStatuses to find any offline (failed) directories
- * check_jmx -H hostaddress -p port
+ * check_jmx -H hostaddress -p port -k keytab path -r principal name -t kinit path -s security enabled
  */
+ 
+  include "hdp_nagios_init.php";
 
-  $options = getopt ("h:p:");
-  if (!array_key_exists('h', $options) || !array_key_exists('p', $options)) {
+  $options = getopt ("h:p:k:r:t:s:");
+  if (!array_key_exists('h', $options) || !array_key_exists('p', $options)
+    || !array_key_exists('k', $options) || !array_key_exists('r', $options)
+    || !array_key_exists('t', $options) || !array_key_exists('s', $options)
+  ) {
     usage();
     exit(3);
   }
 
   $host=$options['h'];
   $port=$options['p'];
+  $keytab_path=$options['k'];
+  $principal_name=$options['r'];
+  $kinit_path_local=$options['t'];
+  $security_enabled=$options['s'];
+  
+  /* Kinit if security enabled */
+  $status = kinit_if_needed($security_enabled, $kinit_path_local, $keytab_path, $principal_name);
+  $retcode = $status[0];
+  $output = $status[1];
+  
+  if ($output != 0) {
+    echo "CRITICAL: Error doing kinit for nagios. $output";
+    exit (2);
+  }
 
   /* Get the json document */
   $ch = curl_init();
@@ -61,6 +80,6 @@
 
   /* print usage */
   function usage () {
-    echo "Usage: $0 -h <host> -p port\n";
+    echo "Usage: $0 -h <host> -p port -k keytab path -r principal name -t kinit path -s security enabled";
   }
-?>
+?>

ambari-agent/src/main/puppet/modules/hdp-nagios/files/hdp_nagios_init.php

@@ -0,0 +1,72 @@
+<?php
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/* Common functions called from other alerts
+ *
+ */
+ 
+ /*
+ * Function for kinit. Checks if security enabled and klist for this principal doesn't returns nothing,
+ * make kinit call in this case.
+ */
+  function kinit_if_needed($security_enabled, $kinit_path_local, $keytab_path, $principal_name) {
+    if($security_enabled === 'true') {
+    
+      $is_logined = is_logined($principal_name);
+      
+      if (!$is_logined)
+        $status = kinit($kinit_path_local, $keytab_path, $principal_name);
+      else
+        $status = array(0, '');
+    } else {
+      $status = array(0, '');
+    }
+  
+    return $status;
+  }
+  
+  
+  /*
+  * Checks if user is logined on kerberos
+  */
+  function is_logined($principal_name) {
+    $check_cmd = "klist|grep $principal_name 1> /dev/null 2>/dev/null ; [[ $? != 0 ]] && echo 1";
+    $check_output =  shell_exec($check_cmd);
+    
+    if ($check_output)
+      return false;
+    else
+      return true;
+  }
+
+  /*
+  * Runs kinit command.
+  */
+  function kinit($kinit_path_local, $keytab_path, $principal_name) {
+    $init_cmd = "$kinit_path_local -kt $keytab_path $principal_name 2>&1";
+    $kinit_output = shell_exec($init_cmd);
+    if ($kinit_output) 
+      $status = array(1, $kinit_output);
+    else
+      $status = array(0, '');
+      
+    return $status;
+  }
+ 
+ ?>

ambari-agent/src/main/puppet/modules/hdp-nagios/manifests/server/config.pp

@@ -52,6 +52,7 @@ class hdp-nagios::server::config()
   hdp-nagios::server::check { 'check_nodemanager_health.sh': }
   hdp-nagios::server::check { 'check_resourcemanager_nodes_percentage.sh': }
   hdp-nagios::server::check { 'check_namenodes_ha.sh': }
+  hdp-nagios::server::check { 'hdp_nagios_init.php': }
 
   anchor{'hdp-nagios::server::config::begin':} -> Hdp-nagios::Server::Configfile<||> -> anchor{'hdp-nagios::server::config::end':}
   Anchor['hdp-nagios::server::config::begin'] -> Hdp-nagios::Server::Check<||> -> Anchor['hdp-nagios::server::config::end']

ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-commands.cfg.erb

@@ -66,7 +66,7 @@ define command{
 
 define command{
         command_name    check_name_dir_status
-        command_line    php $USER1$/check_name_dir_status.php -h $HOSTADDRESS$ -p $ARG1$
+        command_line    php $USER1$/check_name_dir_status.php -h $HOSTADDRESS$ -p $ARG1$ -k $ARG2$ -r $ARG3$ -t $ARG4$ -s $ARG5$
        }
 
 define command{

ambari-agent/src/main/puppet/modules/hdp-nagios/templates/hadoop-services.cfg.erb

@@ -257,7 +257,7 @@ define service {
         use                     hadoop-service
         service_description     NAMENODE::NameNode edit logs directory status
         servicegroups           HDFS
-        check_command           check_name_dir_status!<%=scope.function_hdp_template_var("::hdp::namenode_port")%>
+        check_command           check_name_dir_status!<%=scope.function_hdp_template_var("::hdp::namenode_port")%>!<%=scope.function_hdp_template_var("nagios_keytab_path")%>!<%=scope.function_hdp_template_var("nagios_principal_name")%>!<%=scope.function_hdp_template_var("kinit_path_local")%>!<%=scope.function_hdp_template_var("::hdp::params::security_enabled")%>
         normal_check_interval   0.5
         retry_check_interval    0.5
         max_check_attempts      3