Make check_fdb.py generate commands to fix fdb#108
Open
matteopozza wants to merge 3 commits intomasterfrom
Open
Make check_fdb.py generate commands to fix fdb#108matteopozza wants to merge 3 commits intomasterfrom
matteopozza wants to merge 3 commits intomasterfrom
Conversation
matteopozza
changed the title
matteopozza
commented
Apr 14, 2026
| "00:00:00:00:00:00", | ||
| ] | ||
|
|
||
| COMMANDS_FILE_PATH = "/run/nrpe/fix_fdb.sh" |
Contributor
Author
There was a problem hiding this comment.
by default nrpe service is configured to have a private tmp folder. As a consequence, when writing to /tmp (or /var/tmp) folder, the content is actually written into /tmp/systemd-private-....-nrpe.service.../tmp. This is a bit unfortunate because we do not want to change the /tmp setting for all the infra, but admins might forget about the private tmp peculiarity.
For this reason, I am proposing to put it in /run/nrpe folder. The folder is meant to be used for runtime data, and nrpe user has enough rights to write in it.
matteopozza
commented
Apr 14, 2026
| # make sure file has correct permissions | ||
| os.chmod( | ||
| COMMANDS_FILE_PATH, | ||
| stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR | # owner (7) |
Contributor
Author
There was a problem hiding this comment.
I'm suggesting an unusual 754 as permission combination because:
- we are fine with anyone being able to read the content of the script
- we need at least the nrpe user to be able to write to the file
- the script needs to be run by root. Nevertheless, if it is not marked as executable, then root itself will need to do a chmod to run the script. By granting execution permissions to nrpe we avoid this inconvenient. I have extended the execution permissions to the group as well, but it is probably not necessary so we could also try 744 if we want.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Opsview check
check_fdbcurrently produces information on records that need to be fixed in the fdb in a human-readable form. The admin still needs to compose those information into commands to fix the identified issues. The proposed change add to the opsview check the capability of generating the commands to fix the fdb problematic records, so that the admin can run directly the generated commands.