Skip to content

Added support for connecting to an UNIX socket #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
magenbrot wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Added support for connecting to an UNIX socket #22

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
bb817e2
* added support for connecting to fastcgi UNIX sockets
magenbrot May 24, 2019
55cb243
moved module check
magenbrot May 24, 2019
d3f9402
added missing semicolon
magenbrot May 24, 2019
b84e8b8
check if --unixsocket is really a socket
magenbrot May 24, 2019
c28e024
resolved merge conflict
magenbrot Jun 12, 2019
1e89525
* re-added lost variable definition...
magenbrot Jun 12, 2019
35687d7
* removed -u, there's no such parameter (use --unixsocket)
magenbrot Jul 4, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 49 additions & 20 deletions check_phpfpm_status.pl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ package main;
my $o_crit_threshold= undef; # critical thresholds entry
my $o_debug= undef; # debug mode
my $o_fastcgi= undef; # direct fastcgi mode (without an http->fastcgi proxy)
my $o_unixsocket= undef; # use a UNIX socket (in direct fastcgi mode)
my $o_servername= undef; # ServerName (host header in http request)
my $o_https= undef; # SSL (HTTPS) mode
my $o_verify_ssl= 0; # SSL verification, False by default
Expand Down Expand Up @@ -107,6 +108,8 @@ sub help {
ServerName, (host header of HTTP request) use it if you specified an IP in -H to match the good Virtualhost in your target
-f, --fastcgi
Connect directly to php-fpm via network or local socket, using fastcgi protocol instead of HTTP.
--unixsocket
Connect to php-fpm via UNIX socket, implies --fastcgi
-U, --user=user
Username for basic auth
-P, --pass=PASS
Expand Down Expand Up @@ -165,13 +168,19 @@ sub help {
check_phpfpm_status.pl -H 127.0.0.1 -s nagios.example.com -w 1,1,1 -c 0,2,2

All these examples used an HTTP proxy (like Nginx or Apache) in front of php-fpm. If php-fpm is listening on a tcp/ip socket
you can also make a direct request on this port (9000 by default) using the fastcgi protocol. You'll need the FastCGI client
tools enabled in Perl (check the README) and the command would use the -f or --fastcgi option (note that SSL or servername
options are useless in this mode).
This can be especially useful if you use php-fpm in an isolated env, without the HTTP proxy support (like in a docker container):
you can also make a direct request on this port (9000 by default) or to an UNIX socket by using the fastcgi protocol. You'll
need the FastCGI client tools enabled in Perl (check the README) and the command would use the -f or --fastcgi and eventually
the --unixsocket option (note that SSL or servername options are useless in this mode).
This can be especially usefull if you use php-fpm in an isolated env, without the HTTP proxy support (like in a docker container).

Connect to an INET socket on port 9002:

check_phpfpm_status.pl -H 127.0.0.1 --fastcgi -p 9002 -w 1,1,1 -c 0,2,2

Connect to the UNIX socket listening in /run/php/php-fpm.sock with a non-standard URL:

check_phpfpm_status.pl -H 127.0.0.1 --fastcgi --unixsocket /run/php/php-fpm.sock -u /secret-status -w 1,1,1 -c 0,2,2

HTTPS/SSL:

Adding --ssl you can reach an https host:
Expand All @@ -193,6 +202,7 @@ sub check_options {
'h' => \$o_help, 'help' => \$o_help,
'd' => \$o_debug, 'debug' => \$o_debug,
'f' => \$o_fastcgi, 'fastcgi' => \$o_fastcgi,
'unixsocket:s' => \$o_unixsocket,
'H:s' => \$o_host, 'hostname:s' => \$o_host,
's:s' => \$o_servername, 'servername:s' => \$o_servername,
'S:s' => \$o_https, 'ssl:s' => \$o_https,
Expand All @@ -202,12 +212,12 @@ sub check_options {
'r:s' => \$o_realm, 'realm:s' => \$o_realm,
'p:i' => \$o_port, 'port:i' => \$o_port,
'V' => \$o_version, 'version' => \$o_version,
'w=s' => \$o_warn_threshold, 'warn=s' => \$o_warn_threshold,
'c=s' => \$o_crit_threshold, 'critical=s' => \$o_crit_threshold,
'w=s' => \$o_warn_threshold, 'warn=s' => \$o_warn_threshold,
'c=s' => \$o_crit_threshold, 'critical=s' => \$o_crit_threshold,
't:i' => \$o_timeout, 'timeout:i' => \$o_timeout,
'x:i' => \$o_verify_ssl, 'verifyhostname:i' => \$o_verify_ssl,
'verifyssl:i' => \$o_verify_ssl,
'X:s' => \$o_cacert_file, 'cacert:s' => \$o_cacert_file,
'X:s' => \$o_cacert_file, 'cacert:s' => \$o_cacert_file,
);

if (defined ($o_help)) {
Expand All @@ -232,6 +242,9 @@ sub check_options {
if (defined($o_fastcgi) && defined($o_https)) {
nagios_exit($phpfpm,"UNKNOWN","You cannot use both --fastcgi and --ssl options, we do not use http (nor https) when we use direct fastcgi access!");
}
if (defined($o_unixsocket) && not defined($o_fastcgi)) {
$o_fastcgi = 1;
}
if (defined($o_debug)) {
print("\nDEBUG thresholds: \nWarning: ($o_warn_threshold) => Min Idle: $o_warn_p_level Max Reached :$o_warn_m_level MaxQueue: $o_warn_q_level");
print("\nCritical ($o_crit_threshold) => : Min Idle: $o_crit_p_level Max Reached: $o_crit_m_level MaxQueue : $o_crit_q_level\n");
Expand Down Expand Up @@ -282,19 +295,35 @@ sub check_options {
if (defined($o_fastcgi)) {
# -- FASTCGI
eval "use FCGI::Client::Connection;";
nagios_exit($phpfpm,"UNKNOWN","You need to install FCGI::Client::Connection CPAN module for this feature: " . $@) if $@;
eval "use IO::Socket::INET;";
nagios_exit($phpfpm,"UNKNOWN","You need to install IO::Socket::INET CPAN module for this feature: " . $@) if $@;

if (!defined($o_port)) {
$o_port = 9000;
}
my $sock = IO::Socket::INET->new(
PeerAddr => $override_ip,
PeerPort => $o_port,
);
if (!$sock) {
nagios_exit($phpfpm,"CRITICAL", "Cannot connect to $override_ip : $o_port !");
nagios_exit($phpfpm,"UNKNOWN","You need to activate FCGI::Client::Connection CPAN module for this feature: " . $@) if $@;

my $sock;
if (defined($o_unixsocket)) {
eval "use IO::Socket::UNIX;";
nagios_exit($phpfpm,"UNKNOWN","You need to activate IO::Socket::UNIX CPAN module for this feature: " . $@) if $@;
if (!-S $o_unixsocket) {
nagios_exit($phpfpm,"UNKNOWN","$o_unixsocket is not an UNIX socket");
}
$sock = IO::Socket::UNIX->new(
Type => SOCK_STREAM(),
Peer => $o_unixsocket,
);
if (!$sock) {
nagios_exit($phpfpm,"CRITICAL", "Cannot connect to UNIX socket $o_unixsocket !");
}
} else {
eval "use IO::Socket::INET;";
nagios_exit($phpfpm,"UNKNOWN","You need to activate IO::Socket::INET CPAN module for this feature: " . $@) if $@;
if (!defined($o_port)) {
$o_port = 9000;
}
$sock = IO::Socket::INET->new(
PeerAddr => $override_ip,
PeerPort => $o_port,
);
if (!$sock) {
nagios_exit($phpfpm,"CRITICAL", "Cannot connect to $override_ip : $o_port !");
}
}
my $fastcgiClient = FCGI::Client::Connection->new(sock => $sock);
$url = $o_url;
Expand Down