Content Cache Charm

Merge ~hloeung/content-cache-charm:nagios-monitoring into content-cache-charm:master

  1. Git
  2. lp:~hloeung/content-cache-charm
  3. nagios-monitoring
  4. Merge into master
Proposed by Haw Loeung
Status: Merged
Approved by: Paul Collins
Approved revision: 2f0c6daaa28122881daa4ff6c7aa01b9377d0936
Merged at revision: 45a438f459cbe0a26f787ed84135db814f6b6bac
Proposed branch: ~hloeung/content-cache-charm:nagios-monitoring
Merge into: content-cache-charm:master
Diff against target: 106 lines (+1/-62)
2 files modified
reactive/content_cache.py (+1/-26)
tests/unit/test_content_cache.py (+0/-36)
Reviewer Review Type Date Requested Status
Paul Collins lgtm Approve
Canonical IS Reviewers Pending
Review via email: mp+384309@code.launchpad.net

Commit message

Remove TLS1.0 and TLS1.1 checks, they're confusing with negate - LP:1879608

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Paul Collins (pjdc) :
review: Approve (lgtm)
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 45a438f459cbe0a26f787ed84135db814f6b6bac

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/reactive/content_cache.py b/reactive/content_cache.py
2index dfca6a7..576980f 100644
3--- a/reactive/content_cache.py
4+++ b/reactive/content_cache.py
5@@ -165,7 +165,7 @@ def configure_nginx(conf_path=None):
6 conf['enable_prometheus_metrics'] = enable_prometheus_metrics
7
8 if ngx_conf.write_site(site, ngx_conf.render(conf)):
9- hookenv.log('Wrote out new configs for site: {}'.format(site))
10+ hookenv.log('Wrote out new configs for site: {}:{}'.format(site, conf['listen_port']))
11 changed = True
12
13 if configure_nginx_metrics(ngx_conf, enable_prometheus_metrics):
14@@ -363,31 +363,6 @@ def configure_nagios():
15
16 nagios_name = '{}-{}'.format(site, location)
17
18- if tls:
19- # Negative Listen/frontend checks to alert on obsolete TLS versions
20- for tlsrev in ('1', '1.1'):
21- check_name = utils.generate_nagios_check_name(
22- nagios_name, 'site', 'no_tls_{}'.format(tlsrev.replace('.', '_'))
23- )
24- cmd = (
25- '/usr/lib/nagios/plugins/negate'
26- ' /usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H {site_name}'
27- ' -p {port} --ssl={tls} --sni -j {method} -u {path}{token}'.format(
28- site_name=site_name,
29- port=frontend_port,
30- method=method,
31- url=url,
32- path=path,
33- token=token,
34- tls=tlsrev,
35- )
36- )
37- nrpe_setup.add_check(
38- shortname=check_name,
39- description='{} confirm obsolete TLS v{} denied'.format(site, tlsrev),
40- check_cmd=cmd,
41- )
42-
43 # Listen / frontend check
44 check_name = utils.generate_nagios_check_name(nagios_name, 'site', 'listen')
45 cmd = (
46diff --git a/tests/unit/test_content_cache.py b/tests/unit/test_content_cache.py
47index 746a427..9b1d6cf 100644
48--- a/tests/unit/test_content_cache.py
49+++ b/tests/unit/test_content_cache.py
50@@ -549,18 +549,6 @@ site1.local:
51
52 want = [
53 mock.call(
54- shortname='site_site2_local_no_tls_1',
55- description='site2.local confirm obsolete TLS v1 denied',
56- check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
57- ' -H site2.local -p 443 --ssl=1 --sni -j GET -u /check/',
58- ),
59- mock.call(
60- shortname='site_site2_local_no_tls_1_1',
61- description='site2.local confirm obsolete TLS v1.1 denied',
62- check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
63- ' -H site2.local -p 443 --ssl=1.1 --sni -j GET -u /check/',
64- ),
65- mock.call(
66 shortname='site_site2_local_listen',
67 description='site2.local site listen check',
68 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 443 --ssl=1.2 --sni'
69@@ -577,18 +565,6 @@ site1.local:
70 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 8081 -j GET -u /check/',
71 ),
72 mock.call(
73- shortname='site_site2_local_my_local_content_no_tls_1',
74- description='site2.local confirm obsolete TLS v1 denied',
75- check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
76- ' -H site2.local -p 443 --ssl=1 --sni -j HEAD -u /my-local-content/',
77- ),
78- mock.call(
79- shortname='site_site2_local_my_local_content_no_tls_1_1',
80- description='site2.local confirm obsolete TLS v1.1 denied',
81- check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
82- ' -H site2.local -p 443 --ssl=1.1 --sni -j HEAD -u /my-local-content/',
83- ),
84- mock.call(
85 shortname='site_site2_local_my_local_content_listen',
86 description='site2.local site listen check',
87 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 443 --ssl=1.2'
88@@ -601,18 +577,6 @@ site1.local:
89 ' -u /my-local-content/',
90 ),
91 mock.call(
92- shortname='site_site2_local_my_local_content2_no_tls_1',
93- description='site2.local confirm obsolete TLS v1 denied',
94- check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
95- ' -H site2.local -p 443 --ssl=1 --sni -j HEAD -u /my-local-content2/',
96- ),
97- mock.call(
98- shortname='site_site2_local_my_local_content2_no_tls_1_1',
99- description='site2.local confirm obsolete TLS v1.1 denied',
100- check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
101- ' -H site2.local -p 443 --ssl=1.1 --sni -j HEAD -u /my-local-content2/',
102- ),
103- mock.call(
104 shortname='site_site2_local_my_local_content2_listen',
105 description='site2.local site listen check',
106 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 443 --ssl=1.2 --sni'

Subscribers

People subscribed via source and target branches