[tor-commits] [bridgedb/master] Refactor script.

phw at torproject.org phw at torproject.org
Wed May 27 17:14:43 UTC 2020


commit 91af6c1bbad6a71663372642c5b6531cd197e806
Author: Philipp Winter <phw at nymity.ch>
Date:   Tue Feb 18 10:59:14 2020 -0800

    Refactor script.
---
 scripts/nagios-email-check | 191 +++++++++++++++++++++++++++++++++++++++++++++
 scripts/nagios_email_check | 162 --------------------------------------
 2 files changed, 191 insertions(+), 162 deletions(-)

diff --git a/scripts/nagios-email-check b/scripts/nagios-email-check
new file mode 100755
index 0000000..7287646
--- /dev/null
+++ b/scripts/nagios-email-check
@@ -0,0 +1,191 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+#
+# This file is part of  BridgeDB, a Tor bridge distribution system.
+#
+# This script sends an email request for bridges to BridgeDB and then checks if
+# it got a response.  The result is written to STATUS_FILE, which is consumed
+# by Nagios.  Whenever BridgeDB fails to respond with bridges, we will get a
+# Nagios alert.
+#
+# Run this script via crontab every three hours as follows:
+#   0 */3 * * * path/to/nagios-email-check $(cat path/to/gmail.key)
+
+
+import sys
+import smtplib
+import time
+import imaplib
+import email
+import email.utils
+
+# Standard Nagios return codes
+OK, WARNING, CRITICAL, UNKNOWN = range(4)
+
+FROM_EMAIL = "testbridgestorbrowser at gmail.com"
+TO_EMAIL = "bridges at torproject.org"
+SMTP_SERVER = "imap.gmail.com"
+SMTP_PORT = 993
+
+MESSAGE_FROM = TO_EMAIL
+MESSAGE_BODY = "Here are your bridges:"
+
+STATUS_FILE = "/srv/bridges.torproject.org/check/status"
+
+# This will contain our test email's message ID.  We later make sure that this
+# message ID is referenced in the In-Reply-To header of BridgeDB's response.
+MESSAGE_ID = None
+
+
+def log(*args, **kwargs):
+    """
+    Generic log function.
+    """
+
+    print("[+]", *args, file=sys.stderr, **kwargs)
+
+
+def get_email_response(password):
+    """
+    Open our Gmail inbox and see if we got a response.
+    """
+
+    log("Checking for email response.")
+    mail = imaplib.IMAP4_SSL(SMTP_SERVER)
+    try:
+        mail.login(FROM_EMAIL, password)
+    except Exception as e:
+        return WARNING, str(e)
+
+    mail.select("INBOX")
+
+    _, data = mail.search(None, "ALL")
+    email_ids = data[0].split()
+    if len(email_ids) == 0:
+        log("Found no response.")
+        return CRITICAL, "No emails from BridgeDB found"
+
+    return check_email(mail, email_ids)
+
+
+def check_email(mail, email_ids):
+    """
+    Check if we got our expected email response.
+    """
+
+    log("Checking {:,} emails.".format(len(email_ids)))
+    for email_id in email_ids:
+        _, data = mail.fetch(email_id, "(RFC822)")
+
+        # The variable `data` contains the full email object fetched by imaplib
+        # <https://docs.python.org/3/library/imaplib.html#imaplib.IMAP4.fetch>
+        # We are only interested in the response part containing the email
+        # envelope.
+        for response_part in data:
+            if isinstance(response_part, tuple):
+                m = str(response_part[1], "utf-8")
+                msg = email.message_from_string(m)
+                email_from = "{}".format(msg["From"])
+                email_body = "{}".format(msg.as_string())
+                email_reply_to = "{}".format(msg["In-Reply-To"])
+
+                if (MESSAGE_FROM == email_from) and \
+                   (MESSAGE_BODY in email_body) and \
+                   (MESSAGE_ID == email_reply_to):
+                    mail.store(email_id, '+X-GM-LABELS', '\\Trash')
+                    mail.expunge()
+                    mail.close()
+                    mail.logout()
+                    log("Found correct response (referencing {})."
+                        .format(MESSAGE_ID))
+                    return OK, "BridgeDB's email responder works"
+                else:
+                    mail.store(email_id, '+X-GM-LABELS', '\\Trash')
+    mail.expunge()
+    mail.close()
+    mail.logout()
+    log("Found no response.")
+    return WARNING, "No emails from BridgeDB found"
+
+
+def send_email_request(password):
+    """
+    Attempt to send a bridge request over Gmail.
+    """
+
+    subject = "Bridges"
+    body = "get bridges"
+
+    log("Sending email.")
+    global MESSAGE_ID
+    MESSAGE_ID = email.utils.make_msgid(idstring="test-bridgedb",
+                                        domain="gmail.com")
+    email_text = "From: %s\r\nTo: %s\r\nMessage-ID: %s\r\nSubject: %s\r\n" \
+                 "\r\n%s" % (FROM_EMAIL, TO_EMAIL, MESSAGE_ID, subject, body)
+
+    try:
+        mail = smtplib.SMTP_SSL("smtp.gmail.com", 465)
+        mail.login(FROM_EMAIL, password)
+        mail.sendmail(FROM_EMAIL, TO_EMAIL, email_text)
+        mail.close()
+        log("Email successfully sent (message ID: %s)." % MESSAGE_ID)
+        return OK, "Sent email bridge request"
+    except Exception as e:
+        log("Error while sending email: %s" % err)
+        return UNKNOWN, str(e)
+
+
+def write_status_file(status, message):
+    """
+    Write the given `status` and `message` to our Nagios status file.
+    """
+
+    codes = {
+        0: "OK",
+        1: "WARNING",
+        2: "CRITICAL",
+        3: "UNKNOWN"
+    }
+    code = codes.get(status, UNKNOWN)
+
+    with open(STATUS_FILE, "w") as fd:
+        fd.write("{}\n{}: {}".format(code, status, message))
+    log("Wrote status='%s', message='%s' to status file." % (status, message))
+
+
+if __name__ == "__main__":
+    status, message = None, None
+
+    # Our Gmail password should be in sys.argv[1].
+
+    if len(sys.argv) == 2:
+        password = sys.argv[1]
+    else:
+        log("No email password provided.")
+        write_status_file(UNKNOWN, "No email password provided")
+        sys.exit(1)
+
+    # Send an email request to BridgeDB.
+
+    try:
+        status, message = send_email_request(password)
+    except Exception as e:
+        write_status_file(UNKNOWN, repr(e))
+        sys.exit(1)
+
+    wait_time = 60
+    log("Waiting %d seconds for a response." % wait_time)
+    time.sleep(wait_time)
+
+    # Check if we've received an email response.
+
+    try:
+        status, message = get_email_response(password)
+    except KeyboardInterrupt:
+        status, message = CRITICAL, "Caught Control-C..."
+    except Exception as e:
+        status = CRITICAL
+        message = repr(e)
+    finally:
+        write_status_file(status, message)
+        sys.exit(status)
diff --git a/scripts/nagios_email_check b/scripts/nagios_email_check
deleted file mode 100644
index 767d055..0000000
--- a/scripts/nagios_email_check
+++ /dev/null
@@ -1,162 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-#
-# This file is part of  BridgeDB, a Tor bridge distribution system.
-#
-# This scripts send an email to bridgedb requesting a bridge and check if the
-# service reply with a valid bridge. A status file is written in path specified
-# by STATUS_FILE.
-#
-# The STATUS_FILE is read by nagios that will send an alert whenever bridgedb
-# will not send a valid email response.
-#
-# Run via crontab
-# Ex: */10 * * * * <path_to_bridgedb>/scripts/nagios_email_check $(cat <path_to_email_key/gmail.key)
-#
-# :authors: hiro <hiro at torproject.org>
-#           see also AUTHORS file
-#
-# :license: This is Free Software. See LICENSE for license information.
-#
-#
-
-
-import sys
-import smtplib
-import time
-import imaplib
-import email
-import time
-
-# Standard Nagios return codes
-OK, WARNING, CRITICAL, UNKNOWN = range(4)
-
-ORG_EMAIL   = "@gmail.com"
-FROM_EMAIL  = "test.bridges.browser" + ORG_EMAIL
-SMTP_SERVER = "imap.gmail.com"
-SMTP_PORT   = 993
-
-MESSAGE_FROM = "bridges at torproject.org"
-MESSAGE_SUBJECT = "Bridges"
-MESSAGE_BODY = "Here are your bridges:"
-
-STATUS_FILE = "/srv/bridgedb.torproject.org/check/status"
-
-# -------------------------------------------------
-#
-# Utility to read email from Gmail Using Python
-#
-# ------------------------------------------------
-
-def test_email_from_gmail(password):
-    mail = imaplib.IMAP4_SSL(SMTP_SERVER)
-    try:
-        mail.login(FROM_EMAIL, password)
-    except Exception as e:
-        return WARNING, str(e)
-
-    mail.select('INBOX')
-
-    _, data = mail.search(None, 'ALL')
-    mail_ids = data[0]
-
-    id_list = mail_ids.split()
-
-    status, message = check_email(id_list)
-
-    return status, message
-
-
-def check_email(id_list):
-    first_email_id = int(str(id_list[0], 'utf-8'))
-    latest_email_id = int(str(id_list[-1], 'utf-8'))
-
-    for i in range(int(latest_email_id), int(first_email_id), -1):
-        _, data = mail.fetch(str(i), '(RFC822)')
-
-
-        # The variable data contains the full email object fetched by imaplib
-        # https://docs.python.org/3/library/imaplib.html#imaplib.IMAP4.fetch
-        # We are only interested in the response part containing the email envelope.
-
-        for response_part in data:
-            if isinstance(response_part, tuple):
-                m = str(response_part[1], 'utf-8')
-                msg = email.message_from_string(m)
-                email_subject = "{}".format(msg['subject'])
-                email_from = "{}".format(msg['from'])
-                email_body = "{}".format(msg.as_string())
-
-                if (MESSAGE_FROM == email_from) and (MESSAGE_SUBJECT == email_subject) and (MESSAGE_BODY in email_body):
-                    mail.store(str(i), '+FLAGS', '\\Deleted')
-                    mail.close()
-                    return OK, "Bridgedb is good and sending emails with working bridges"
-                else:
-                    mail.store(str(i), '+FLAGS', '\\Deleted')
-
-        mail.close()
-        return WARNING, "No emails from gettor found"
-
-
-def send_email_from_gmail(password):
-    sent_from = FROM_EMAIL
-    sent_to = ["{}".format(MESSAGE_FROM)]
-    subject = 'Bridges'
-    body = 'get bridges'
-
-    email_text = """From: %s\nTo: %s\nSubject: %s\n\n%s""" % (sent_from, ", ".join(sent_to), subject, body)
-
-    try:
-        mail = smtplib.SMTP_SSL('smtp.gmail.com', 465)
-        mail.login(sent_from, password)
-        mail.sendmail(sent_from, sent_to, email_text)
-        mail.close()
-        return OK, "Test email sent"
-    except Exception as e:
-        return UNKNOWN, str(e)
-
-if __name__ == "__main__":
-    status, message = None, None
-
-    if len(sys.argv) == 2:
-        password = sys.argv[1]
-    else:
-        return UNKNOWN, "Empty email password"
-
-    try:
-        status_file = open(STATUS_FILE, 'r')
-        message = status_file.read()
-        status_file.close()
-    except OSError:
-        status = UNKNOWN
-        message = "Status file has been created {}".format(STATUS_FILE)
-        status_file = open(STATUS_FILE,'w')
-        status_file.write("UNKNOWN\n3: %s" % message)
-        status_file.close()
-
-    try:
-        status, message = send_email_from_gmail(password)
-    except Exception as e:
-        status = UNKNOWN
-        message = repr(e)
-        status_file = open(STATUS_FILE,'w')
-        status_file.write("UNKNOWN\n3: %s" % message)
-        status_file.close()
-
-    time.sleep(600)
-
-    try:
-        status, message = test_email_from_gmail(password)
-    except KeyboardInterrupt:
-        status, message = CRITICAL, "Caught Control-C..."
-    except Exception as e:
-        status = CRITICAL
-        message = repr(e)
-    finally:
-        d = {0: "OK", 1: "WARNING", 2: "CRITICAL", 3: "UNKNOWN"}
-        status_file = open(STATUS_FILE,'w')
-        status_file.write("{}\n{}: {}" % (d[status], status, message))
-
-        status_file.close()
-
-        sys.exit(status)





More information about the tor-commits mailing list