Context
The plugin set has no native HTTP availability check. Admins fall back to
upstream Nagios check_http (deprecated) or check_curl (libcurl-based
successor). Both are wide-scope monolithic checks. CONTRIBUTING's
"one tool, one task" rule asks for narrow, single-threshold checks. This issue
migrates the HTTP availability subset to a Python plugin in our repo, leaving
certificate, TLS-compliance, security-header and freshness concerns to
dedicated siblings.
Scope
Plugin http. Single threshold axis: response time. All other behaviours are
pass/fail switches.
Parameters (named long form only, alphabetical):
--always-ok, --insecure, --no-proxy, --timeout--url, --method, --data, --data-file, --content-type,
--header (append), --user-agent--auth-user, --auth-pass. Proxy configuration is read from the
standard environment variables (http_proxy, https_proxy, no_proxy),
including user:pass@ for proxy authentication. --no-proxy disables
proxy use, in line with the project-wide convention.--http-version 1.1|2|3, --tls-min 1.2|1.3--resolve host:port:addr (curl-style; replaces upstream -I)--use-ipv4, --use-ipv6--expect-status (CSV; default 200..399)--expect-body, --expect-body-regex,
--expect-body-regex-flags i,s,
--invert-expect-body-regex,
--expect-body-state warning|critical--expect-header (append; format Name: regex)--page-size-min, --page-size-max--on-redirect ok|warning|critical|follow|sticky|stickyport,
--max-redirs--no-body, --show-body, --cookie-jar, --accept-encoding--lengthy--warning, --critical: Nagios ranges over response time in seconds.
Values accept compound human-duration syntax (e.g. 5s, 30s, 1m30s),
parsed via lib.human.humanrange2seconds.
Out of scope (delegated to siblings)
- Certificate days remaining, hostname match, chain verification:
cert.
- TLS protocol and cipher compliance:
tls-compliance.
- Security headers (HSTS, CSP, ...):
security-headers.
- Document freshness via Last-Modified:
http-last-modified.
Perfdata: time, dns_time, connect_time, tls_time, ttfb,
transfer_time, size, status_code.
Dependencies
Reference
- Upstream
check_curl.c for parameter coverage.
example plugin for structure, DESCRIPTION, README, unit tests.
Upstream lessons (from Nagios monitoring-plugins issues)
Test scenarios derived from upstream bugs
Classification
New plugin. Enhancement.
Context
The plugin set has no native HTTP availability check. Admins fall back to
upstream Nagios
check_http(deprecated) orcheck_curl(libcurl-basedsuccessor). Both are wide-scope monolithic checks. CONTRIBUTING's
"one tool, one task" rule asks for narrow, single-threshold checks. This issue
migrates the HTTP availability subset to a Python plugin in our repo, leaving
certificate, TLS-compliance, security-header and freshness concerns to
dedicated siblings.
Scope
Plugin
http. Single threshold axis: response time. All other behaviours arepass/fail switches.
Parameters (named long form only, alphabetical):
--always-ok,--insecure,--no-proxy,--timeout--url,--method,--data,--data-file,--content-type,--header(append),--user-agent--auth-user,--auth-pass. Proxy configuration is read from thestandard environment variables (
http_proxy,https_proxy,no_proxy),including
user:pass@for proxy authentication.--no-proxydisablesproxy use, in line with the project-wide convention.
--http-version 1.1|2|3,--tls-min 1.2|1.3--resolve host:port:addr(curl-style; replaces upstream-I)--use-ipv4,--use-ipv6--expect-status(CSV; default 200..399)--expect-body,--expect-body-regex,--expect-body-regex-flags i,s,--invert-expect-body-regex,--expect-body-state warning|critical--expect-header(append; formatName: regex)--page-size-min,--page-size-max--on-redirect ok|warning|critical|follow|sticky|stickyport,--max-redirs--no-body,--show-body,--cookie-jar,--accept-encoding--lengthy--warning,--critical: Nagios ranges over response time in seconds.Values accept compound human-duration syntax (e.g.
5s,30s,1m30s),parsed via
lib.human.humanrange2seconds.Out of scope (delegated to siblings)
cert.tls-compliance.security-headers.http-last-modified.Perfdata:
time,dns_time,connect_time,tls_time,ttfb,transfer_time,size,status_code.Dependencies
Linuxfabrik/lib#137.Reference
check_curl.cfor parameter coverage.exampleplugin for structure, DESCRIPTION, README, unit tests.Upstream lessons (from Nagios monitoring-plugins issues)
--severity warn|crit(defaultwarn) controls the state on sockettimeout, replacing the upstream hard-coded CRITICAL. Refs upstream
check_http and check_curl: custom return states for timeouts monitoring-plugins/monitoring-plugins#2265. Aligns with our CONTRIBUTING
which prefers WARN for timeout situations and with the project-wide
--severityconvention used bygitlab-health,gitlab-liveness,gitlab-readiness,jitsi-videobridge-statusand others.getaddrinfo()for the target host when a proxy is active(i.e.
http_proxy/https_proxyis set in the environment and--no-proxyis not given). Resolution is delegated to the proxy. Refsupstream check_curl populates CURLOPT_RESOLVE using getaddrinfo() when proxy is defined. monitoring-plugins/monitoring-plugins#2208.
--cookie-jarmust be re-sent across all redirecthops within a single check run (server may set a session cookie on the
first redirect). Refs upstream
check_http: save cookies over redirect monitoring-plugins/monitoring-plugins#1423.
--source-addressfor outbound binding on multi-homed hosts,if the chosen HTTP stack supports it without extra effort. Refs upstream
add 'source address' option check_tcp and check_http [sf#2983867] monitoring-plugins/monitoring-plugins#938.
Test scenarios derived from upstream bugs
one-line error (no usage block). Refs upstream
check_http: don't show Usage when cert or key file does not exist or is not readable monitoring-plugins/monitoring-plugins#2164.
redirect: the redirect must follow correctly through the proxy tunnel.
Refs upstream Check_curl: Does not appear to work correctly via proxy with specific port when redirect set monitoring-plugins/monitoring-plugins#2143.
Classification
New plugin. Enhancement.