Skip to content

Commit

Permalink
Merge pull request #216 from woutd/add-ca-ssl
Browse files Browse the repository at this point in the history
Add ssl_ca_cert_file option.
  • Loading branch information
mzupan authored Apr 19, 2017
2 parents eb2ab11 + e88baa6 commit 6f8711a
Showing 1 changed file with 9 additions and 5 deletions.
14 changes: 9 additions & 5 deletions check_mongodb.py
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@ def main(argv):
choices=['2','3'])
p.add_option('-a', '--authdb', action='store', type='string', dest='authdb', default='admin', help='The database you want to authenticate against')
p.add_option('--insecure', action='store_true', dest='insecure', default=False, help="Don't verify SSL/TLS certificates")
p.add_option('--ssl-ca-cert-file', action='store', type='string', dest='ssl_ca_cert_file', default=None, help='Path to Certificate Authority file for SSL')
p.add_option('-f', '--ssl-cert-file', action='store', type='string', dest='cert_file', default=None, help='Path to PEM encoded key and cert for client authentication')

options, arguments = p.parse_args()
Expand Down Expand Up @@ -177,6 +178,7 @@ def main(argv):
ssl = options.ssl
replicaset = options.replicaset
insecure = options.insecure
ssl_ca_cert_file = options.ssl_ca_cert_file
cert_file = options.cert_file

if action == 'replica_primary' and replicaset is None:
Expand All @@ -188,7 +190,7 @@ def main(argv):
# moving the login up here and passing in the connection
#
start = time.time()
err, con = mongo_connect(host, port, ssl, user, passwd, replicaset, authdb, insecure, cert_file)
err, con = mongo_connect(host, port, ssl, user, passwd, replicaset, authdb, insecure, ssl_ca_cert_file, cert_file)

if err != 0:
return err
Expand All @@ -206,7 +208,7 @@ def main(argv):
elif action == "replication_lag":
return check_rep_lag(con, host, warning, critical, False, perf_data, max_lag, user, passwd)
elif action == "replication_lag_percent":
return check_rep_lag(con, host, warning, critical, True, perf_data, max_lag, user, passwd, ssl, insecure, cert_file)
return check_rep_lag(con, host, warning, critical, True, perf_data, max_lag, user, passwd, ssl, insecure, ssl_ca_cert_file, cert_file)
elif action == "replset_state":
return check_replset_state(con, perf_data, warning, critical)
elif action == "memory":
Expand Down Expand Up @@ -274,7 +276,7 @@ def main(argv):
return check_connect(host, port, warning, critical, perf_data, user, passwd, conn_time)


def mongo_connect(host=None, port=None, ssl=False, user=None, passwd=None, replica=None, authdb="admin", insecure=False, ssl_cert=None):
def mongo_connect(host=None, port=None, ssl=False, user=None, passwd=None, replica=None, authdb="admin", insecure=False, ssl_ca_cert_file=None, ssl_cert=None):
from pymongo.errors import ConnectionFailure
from pymongo.errors import PyMongoError
import ssl as SSL
Expand All @@ -287,6 +289,8 @@ def mongo_connect(host=None, port=None, ssl=False, user=None, passwd=None, repli
else:
con_args['ssl_cert_reqs'] = SSL.CERT_REQUIRED
con_args['ssl'] = ssl
if ssl_ca_cert_file:
con_args['ssl_ca_certs'] = ssl_ca_cert_file
if ssl_cert:
con_args['ssl_certfile'] = ssl_cert

Expand Down Expand Up @@ -389,7 +393,7 @@ def check_connections(con, warning, critical, perf_data):
return exit_with_general_critical(e)


def check_rep_lag(con, host, warning, critical, percent, perf_data, max_lag, user, passwd, ssl=None, insecure=None, cert_file=None):
def check_rep_lag(con, host, warning, critical, percent, perf_data, max_lag, user, passwd, ssl=None, insecure=None, ssl_ca_cert_file=None, cert_file=None):
# Get mongo to tell us replica set member name when connecting locally
if "127.0.0.1" == host:
if not "me" in con.admin.command("ismaster","1").keys():
Expand Down Expand Up @@ -498,7 +502,7 @@ def check_rep_lag(con, host, warning, critical, percent, perf_data, max_lag, use
lag = float(optime_lag.seconds + optime_lag.days * 24 * 3600)

if percent:
err, con = mongo_connect(primary_node['name'].split(':')[0], int(primary_node['name'].split(':')[1]), ssl, user, passwd, None, None, insecure, cert_file)
err, con = mongo_connect(primary_node['name'].split(':')[0], int(primary_node['name'].split(':')[1]), ssl, user, passwd, None, None, insecure, ssl_ca_cert_file, cert_file)
if err != 0:
return err
primary_timediff = replication_get_time_diff(con)
Expand Down

0 comments on commit 6f8711a

Please sign in to comment.