Juju Charms Collection
logstash package

Merge lp:~michael.nelson/charms/trusty/logstash/trunk into lp:~canonical-is-sa/charms/trusty/logstash/trunk

  1. Trusty Tahr (14.04)
  2. trunk
  3. Merge into trunk
Proposed by Michael Nelson
Status: Merged
Merged at revision: 54
Proposed branch: lp:~michael.nelson/charms/trusty/logstash/trunk
Merge into: lp:~canonical-is-sa/charms/trusty/logstash/trunk
Diff against target: 238 lines (+90/-21)
5 files modified
README.md (+4/-5)
config.yaml (+8/-0)
hooks/client-relation-changed (+17/-13)
hooks/config-changed (+13/-3)
hooks/nrpe-external-master-relation-changed (+48/-0)
To merge this branch: bzr merge lp:~michael.nelson/charms/trusty/logstash/trunk
Reviewer Review Type Date Requested Status
Michael Foley (community) Approve
Review via email: mp+275269@code.launchpad.net

Commit message

Add a nagios cert check to avoid cert expiry.
Add extra_config to enable juju setting extra filters.

Description of the change

This branch just merges fixes that the spi (tanuki) team have added to their custom branch and adds two new features (extra-config and nagios_check_cert_params. I left out one spi-specific piece of functionality - opening 5959 for TCP/UDP using python-logstash.

Test still passes (below) but I've not tested with a deploy yet. EDIT: I've just tested this with a local deploy and it worked fine (with the new nagios check pointing out that my cert had only 29 days left of validity).

dev-trusty# ~/charms/logstash/trusty/logstash
$ ./tests/10-deploy
/usr/lib/python3/dist-packages/charmworldlib/api.py:18: ResourceWarning: unclosed <ssl.SSLSocket fd=4, family=AddressFamily.AF_INET, type=SocketType.SOCK_STREAM, proto=6, laddr=('10.55.32.45', 54709), raddr=('91.189.92.33', 443)>
  return self.fetch_json(endpoint, params, 'get')
2015-10-22 05:38:58 Starting deployment of local
2015-10-22 05:38:58 Deploying services...
2015-10-22 05:38:59 Deploying service elasticsearch using cs:trusty/elasticsearch-11
2015-10-22 05:39:03 Deploying service logstash using /home/michael/charms/logstash/trusty/logstash
2015-10-22 05:41:55 Adding relations...
2015-10-22 05:41:55 Adding relation elasticsearch:client <-> logstash:client
2015-10-22 05:42:56 Deployment complete in 238.55 seconds
/usr/lib/python3.4/unittest/case.py:574: ResourceWarning: unclosed <socket.socket fd=4, family=AddressFamily.AF_INET, type=SocketType.SOCK_STREAM, proto=6, laddr=('10.0.3.1', 37457), raddr=('10.0.3.73', 9200)>
  testMethod()
..
----------------------------------------------------------------------
Ran 2 tests in 339.381s

OK

To post a comment you must log in.
Revision history for this message
Michael Foley (foli) wrote :

You mention specifically leaving out opening port 5959 from the spi/tanuki team merge but then the added "example 4" shows using port 5959. I think "example 4" should be left out for now or replaced with an example that actually works with this version of the charm.

review: Needs Fixing
lp:~michael.nelson/charms/trusty/logstash/trunk updated
56. By Michael Nelson

Remove example 4 with the python logstash handler.

Revision history for this message
Michael Nelson (michael.nelson) wrote :

> You mention specifically leaving out opening port 5959 from the spi/tanuki
> team merge but then the added "example 4" shows using port 5959. I think
> "example 4" should be left out for now or replaced with an example that
> actually works with this version of the charm.

Hrmm... I'd not noticed that was added in the tanuki branch - good spot. Removed with r56. Thanks.

Revision history for this message
Michael Foley (foli) wrote :

Looks good now.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'README.md'
--- README.md 2014-07-24 13:26:45 +0000
+++ README.md 2015-10-30 11:20:44 +0000
@@ -28,7 +28,7 @@
28http://ip-of-kibana28http://ip-of-kibana
2929
30example 2 - Indexer + 2 x ElasticSearch + Kibana30example 2 - Indexer + 2 x ElasticSearch + Kibana
31============================================31================================================
3232
33 juju deploy cs:trusty/elasticsearch33 juju deploy cs:trusty/elasticsearch
34 juju add-unit elasticsearch34 juju add-unit elasticsearch
@@ -41,7 +41,7 @@
41http://ip-of-kibana41http://ip-of-kibana
4242
43example 3 - Agent + Indexer + 2 x ElasticSearch + Kibana43example 3 - Agent + Indexer + 2 x ElasticSearch + Kibana
44=============================================44=========================================================
4545
46 juju deploy cs:trusty/elasticsearch46 juju deploy cs:trusty/elasticsearch
47 juju add-unit elasticsearch47 juju add-unit elasticsearch
@@ -54,7 +54,6 @@
54 juju add-relation logstash-agent logstash-indexer:input54 juju add-relation logstash-agent logstash-indexer:input
5555
5656
57
58### Caveats57### Caveats
5958
60The charm will fetch the logstash complete archive every time. 59The charm will fetch the logstash complete archive every time.
@@ -63,13 +62,13 @@
6362
64# Configuration63# Configuration
6564
66The charm supports installation from anywhere that python requeusts can reach and understand. By default it will install a recent revision (1.4.2 as of this writing) from the elasticsearch.org site. this is configurable with 2 options65The charm supports installation from anywhere that python requests can reach and understand. By default it will install a recent revision (1.4.2 as of this writing) from the elasticsearch.org site. this is configurable with 2 options
6766
68 juju set logstash logstash-source="https://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.tar.gz" logstash-sum="d59ef579c7614c5df9bd69cfdce20ed371f728ff"67 juju set logstash logstash-source="https://download.elasticsearch.org/logstash/logstash/logstash-1.4.2.tar.gz" logstash-sum="d59ef579c7614c5df9bd69cfdce20ed371f728ff"
6968
70There is also a configuration option to add arbitrary packages pre-installation of logstash. The format is a space separated list.69There is also a configuration option to add arbitrary packages pre-installation of logstash. The format is a space separated list.
7170
72 juju set logstash extrapackages='vim byobu'71 juju set logstash extra-packages='vim byobu'
7372
74# Contact Information73# Contact Information
7574
7675
=== modified file 'config.yaml'
--- config.yaml 2015-05-12 04:22:21 +0000
+++ config.yaml 2015-10-30 11:20:44 +0000
@@ -19,6 +19,10 @@
19 default: ""19 default: ""
20 type: string20 type: string
21 description: "Base64-encoded SSL key"21 description: "Base64-encoded SSL key"
22 extra-config:
23 type: string
24 default: ''
25 description: "Base64-encoded custom configuration content."
22 nagios_context:26 nagios_context:
23 default: "juju"27 default: "juju"
24 type: string28 type: string
@@ -43,3 +47,7 @@
43 default: "--ssl -H localhost -p 5043 -c 0.3"47 default: "--ssl -H localhost -p 5043 -c 0.3"
44 type: string48 type: string
45 description: The parameters to pass to the nrpe plugin check_tcp.49 description: The parameters to pass to the nrpe plugin check_tcp.
50 nagios_check_cert_params:
51 default: "-D 30,14 -H 127.0.0.1 -p 5043"
52 type: string
53 description: The parameters to pass to the nrpe plugin "check_tcp --ssl" to check certificate expiration date.
4654
=== modified file 'hooks/client-relation-changed'
--- hooks/client-relation-changed 2015-04-21 04:25:51 +0000
+++ hooks/client-relation-changed 2015-10-30 11:20:44 +0000
@@ -29,6 +29,8 @@
29def write_config():29def write_config():
30 with open('host_cache', 'r') as f:30 with open('host_cache', 'r') as f:
31 hosts = f.readlines()31 hosts = f.readlines()
32 if not hosts:
33 sys.exit(0)
3234
33 # Use last host in list as it will be the most recently added35 # Use last host in list as it will be the most recently added
34 # and first host in list may not exist anymore! TODO fix that.36 # and first host in list may not exist anymore! TODO fix that.
@@ -36,24 +38,26 @@
3638
37 out = os.path.join(BASEPATH, 'conf.d', 'output-elasticsearch.conf')39 out = os.path.join(BASEPATH, 'conf.d', 'output-elasticsearch.conf')
38 with open(out, 'w') as p:40 with open(out, 'w') as p:
39 p.write(render(os.path.basename(out), opts))41 p.write(render(os.path.basename(out), opts))
40
4142
4243
43def cache_hosts():44def cache_hosts():
44 host = hookenv.relation_get('host')45 rels = hookenv.relations_of_type("client")
45 if not host:46 if not rels:
46 log('No host received. Assuming nothing to do.')47 log('No client relations. Assuming nothing to do.')
47 sys.exit(0)48 sys.exit(0)
48
49 if not os.path.exists('host_cache'):49 if not os.path.exists('host_cache'):
50 open('host_cache', 'a').close()50 open('host_cache', 'a').close()
5151 for rel in rels:
52 with open('host_cache', 'r') as f:52 host = rel.get('host')
53 hosts = f.readlines()53 if not host:
54 if not host in hosts:54 log('No host received for relation: {}.'.format(rel))
55 with open('host_cache', 'a') as f:55 continue
56 f.write('{}\n'.format(host))56 with open('host_cache', 'r') as f:
57 hosts = f.readlines()
58 if host not in hosts:
59 with open('host_cache', 'a') as f:
60 f.write('{}\n'.format(host))
5761
5862
59if __name__ == "__main__":63if __name__ == "__main__":
6064
=== modified file 'hooks/config-changed'
--- hooks/config-changed 2015-05-05 23:38:46 +0000
+++ hooks/config-changed 2015-10-30 11:20:44 +0000
@@ -39,10 +39,10 @@
39 # This only actually opens the port if we've exposed the service in juju39 # This only actually opens the port if we've exposed the service in juju
40 hookenv.open_port(5043)40 hookenv.open_port(5043)
4141
42 # The install hook is idempotent, so re-run it.42 # Restart the service when configuration has changed.
43 subprocess.check_output(shlex.split('hooks/install'))43 subprocess.check_output(shlex.split('hooks/start'))
4444
45 # TODO: should call update_nrpe_checks() here. See charmsupport/nrpe.py45 subprocess.check_output(shlex.split('hooks/nrpe-external-master-relation-changed'))
4646
4747
48def copy_config():48def copy_config():
@@ -54,11 +54,21 @@
54 key_file = os.path.join(cert_dir, 'logstash.key')54 key_file = os.path.join(cert_dir, 'logstash.key')
5555
56 for f in files:56 for f in files:
57 # skip output-elasticsearch.conf, is managed by
58 # hooks/client-relation-changed
59 if os.path.basename(f) == "output-elasticsearch.conf":
60 continue
57 if os.path.basename(f) != lumberjack_template:61 if os.path.basename(f) != lumberjack_template:
58 with open(os.path.join(BASEPATH, 'conf.d', f), 'w') as p:62 with open(os.path.join(BASEPATH, 'conf.d', f), 'w') as p:
59 p.write(render(os.path.basename(f), opts))63 p.write(render(os.path.basename(f), opts))
6064
61 config_data = hookenv.config()65 config_data = hookenv.config()
66
67 # Write custom configuration if set.
68 if config_data['extra-config']:
69 with open(os.path.join(BASEPATH, 'conf.d', 'extra.conf'), 'w') as f:
70 f.write(str(base64.b64decode(config_data['extra-config'])))
71
62 # Only setup lumberjack protocol if ssl cert and key are configured72 # Only setup lumberjack protocol if ssl cert and key are configured
63 if config_data['ssl_cert'] and config_data['ssl_key']:73 if config_data['ssl_cert'] and config_data['ssl_key']:
64 if not os.path.exists(cert_dir):74 if not os.path.exists(cert_dir):
6575
=== modified file 'hooks/nrpe-external-master-relation-changed'
--- hooks/nrpe-external-master-relation-changed 2015-05-05 23:38:46 +0000
+++ hooks/nrpe-external-master-relation-changed 2015-10-30 11:20:44 +0000
@@ -7,10 +7,46 @@
77
8from charmhelpers.core import hookenv8from charmhelpers.core import hookenv
9from charmhelpers.contrib.charmsupport import nrpe9from charmhelpers.contrib.charmsupport import nrpe
10from charmhelpers.contrib.charmsupport.nrpe import NRPE
1011
11hooks = hookenv.Hooks()12hooks = hookenv.Hooks()
12log = hookenv.log13log = hookenv.log
1314
15
16class CustomIntervalCheck(nrpe.Check):
17
18 service_template = ("""
19#---------------------------------------------------
20# This file is Juju managed
21#---------------------------------------------------
22define service {{
23 use active-service
24 host_name {nagios_hostname}
25 service_description {nagios_hostname}[{shortname}] """
26 """{description}
27 check_command check_nrpe!{command}
28 servicegroups {nagios_servicegroup}
29%s
30}}
31""")
32 intervals_template = " {} {}\n"
33
34 def __init__(self, shortname, description, check_cmd, normal_check_interval=None,
35 retry_check_interval=None, notification_interval=None):
36 super(CustomIntervalCheck, self).__init__(shortname, description, check_cmd)
37 intervals = {}
38 if normal_check_interval:
39 intervals['normal_check_interval'] = normal_check_interval
40 if retry_check_interval:
41 intervals['retry_check_interval'] = retry_check_interval
42 if notification_interval:
43 intervals['notification_interval'] = notification_interval
44 intervals_config = ""
45 for k, v in intervals.items():
46 intervals_config += self.intervals_template.format(k, v)
47 self.service_template = CustomIntervalCheck.service_template % intervals_config
48
49
14@hooks.hook('nrpe-external-master-relation-changed')50@hooks.hook('nrpe-external-master-relation-changed')
15def update_nrpe_checks():51def update_nrpe_checks():
16 nrpe_compat = nrpe.NRPE()52 nrpe_compat = nrpe.NRPE()
@@ -23,6 +59,7 @@
23 check_cmd='check_procs %s' % check_procs_params59 check_cmd='check_procs %s' % check_procs_params
24 )60 )
25 check_tcp_params = conf.get('nagios_check_tcp_params')61 check_tcp_params = conf.get('nagios_check_tcp_params')
62 check_cert_params = conf.get('nagios_check_cert_params')
26 config_data = hookenv.config()63 config_data = hookenv.config()
27 # Only setup lumberjack protocol if ssl cert and key are configured64 # Only setup lumberjack protocol if ssl cert and key are configured
28 if config_data['ssl_cert'] and config_data['ssl_key']:65 if config_data['ssl_cert'] and config_data['ssl_key']:
@@ -32,6 +69,17 @@
32 description='Check logstash lumberjack input tcp port',69 description='Check logstash lumberjack input tcp port',
33 check_cmd='check_tcp %s' % check_tcp_params70 check_cmd='check_tcp %s' % check_tcp_params
34 )71 )
72 if check_cert_params:
73 # check certificate expiry date, daily and retry every 2 hs
74 cert_check = CustomIntervalCheck(
75 shortname='lumberjack_ssl_check',
76 description='Check logstash ssl certificate expiry date',
77 check_cmd='check_tcp --ssl {}'.format(check_cert_params),
78 normal_check_interval=1440, # minutes
79 retry_check_interval=120, # minutes
80 )
81 nrpe_compat.checks.append(cert_check)
82
35 nrpe_compat.write()83 nrpe_compat.write()
3684
37if __name__ == "__main__":85if __name__ == "__main__":

Subscribers

People subscribed via source and target branches