NRPE Charm

Merge ~aggkolaitis/charm-nrpe:nrpe_bind_all_option into ~nrpe-charmers/charm-nrpe:master

  1. Git
  2. lp:~aggkolaitis/charm-nrpe
  3. nrpe_bind_all_option
  4. Merge into master
Proposed by Angelos Kolaitis
Status: Rejected
Rejected by: Andrea Ieri
Proposed branch: ~aggkolaitis/charm-nrpe:nrpe_bind_all_option
Merge into: ~nrpe-charmers/charm-nrpe:master
Diff against target: 40 lines (+9/-0)
3 files modified
config.yaml (+5/-0)
hooks/nrpe_helpers.py (+3/-0)
templates/nrpe.tmpl (+1/-0)
Reviewer Review Type Date Requested Status
Andrea Ieri Disapprove
Stuart Bishop (community) Approve
Review via email: mp+374718@code.launchpad.net

Commit message

Added `nrpe_bind_all` boolean option.

LP: #1849800

Description of the change

NRPE binds on all network interfaces by default.

The introduced option allows configuring NRPE to only bind on the interface required by Nagios (which should default to the private address of the machine). The default value is True, to maintain backwards compatibility (binding on all interfaces by default) with existing deployments

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Stuart Bishop (stub) wrote :

The new option looks fine.

I will point out that the default of the private address is incorrect though; since cross model relations servers need to look up the assigned bind addresses (per Juju network spaces, cross model relations, and all that new fun stuff). That is for a future branch though.

review: Approve
Revision history for this message
Andrea Ieri (aieri) wrote :

The code looks good, but I feel that it would be more idiomatic in Juju to try to obtain as much information as possible through the model (i.e. via relations), rather than from the operator. Specifically, we already configure allowed_hosts to be the list of IPs and networks we expect connections from. That information could be further leveraged to automatically determine which interfaces we should be binding to.

review: Disapprove

Unmerged commits

3867e67... by Angelos Kolaitis

Added nrpe_bind_all option

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/config.yaml b/config.yaml
2index 44a6680..031cc10 100644
3--- a/config.yaml
4+++ b/config.yaml
5@@ -1,4 +1,9 @@
6 options:
7+ nrpe_bind_all:
8+ default: True
9+ type: boolean
10+ description: |
11+ Allow NRPE to listen on all interfaces.
12 nagios_master:
13 default: "None"
14 type: string
15diff --git a/hooks/nrpe_helpers.py b/hooks/nrpe_helpers.py
16index abd6398..c5d04df 100644
17--- a/hooks/nrpe_helpers.py
18+++ b/hooks/nrpe_helpers.py
19@@ -267,6 +267,9 @@ class NagiosInfo(dict):
20 self['dont_blame_nrpe'] = '1' if hookenv.config('dont_blame_nrpe') else '0'
21 self['debug'] = '1' if hookenv.config('debug') else '0'
22
23+ self['nrpe_bind_all'] = hookenv.config('nrpe_bind_all')
24+
25+
26
27 class RsyncEnabled(helpers.RelationContext):
28
29diff --git a/templates/nrpe.tmpl b/templates/nrpe.tmpl
30index d7e37cd..ab65696 100644
31--- a/templates/nrpe.tmpl
32+++ b/templates/nrpe.tmpl
33@@ -2,6 +2,7 @@
34 # This file is managed by Juju
35 #--------------------------------------------------------
36
37+{% if not nrpe_bind_all %}server_address={{ nagios_ipaddress }}{% endif %}
38 server_port={{ server_port }}
39 allowed_hosts={{ external_nagios_master }},{{ monitor_allowed_hosts }}
40 nrpe_user=nagios

Subscribers

People subscribed via source and target branches