Content Cache Charm

Merge ~hloeung/content-cache-charm:nagios-monitoring into content-cache-charm:master

  1. Git
  2. lp:~hloeung/content-cache-charm
  3. nagios-monitoring
  4. Merge into master
Proposed by Haw Loeung
Status: Merged
Approved by: Paul Collins
Approved revision: 2f0c6daaa28122881daa4ff6c7aa01b9377d0936
Merged at revision: 45a438f459cbe0a26f787ed84135db814f6b6bac
Proposed branch: ~hloeung/content-cache-charm:nagios-monitoring
Merge into: content-cache-charm:master
Diff against target: 106 lines (+1/-62)
2 files modified
reactive/content_cache.py (+1/-26)
tests/unit/test_content_cache.py (+0/-36)
Reviewer Review Type Date Requested Status
Paul Collins lgtm Approve
Canonical IS Reviewers Pending
Review via email: mp+384309@code.launchpad.net

Commit message

Remove TLS1.0 and TLS1.1 checks, they're confusing with negate - LP:1879608

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Paul Collins (pjdc) :
review: Approve (lgtm)
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 45a438f459cbe0a26f787ed84135db814f6b6bac

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/reactive/content_cache.py b/reactive/content_cache.py
index dfca6a7..576980f 100644
--- a/reactive/content_cache.py
+++ b/reactive/content_cache.py
@@ -165,7 +165,7 @@ def configure_nginx(conf_path=None):
165 conf['enable_prometheus_metrics'] = enable_prometheus_metrics165 conf['enable_prometheus_metrics'] = enable_prometheus_metrics
166166
167 if ngx_conf.write_site(site, ngx_conf.render(conf)):167 if ngx_conf.write_site(site, ngx_conf.render(conf)):
168 hookenv.log('Wrote out new configs for site: {}'.format(site))168 hookenv.log('Wrote out new configs for site: {}:{}'.format(site, conf['listen_port']))
169 changed = True169 changed = True
170170
171 if configure_nginx_metrics(ngx_conf, enable_prometheus_metrics):171 if configure_nginx_metrics(ngx_conf, enable_prometheus_metrics):
@@ -363,31 +363,6 @@ def configure_nagios():
363363
364 nagios_name = '{}-{}'.format(site, location)364 nagios_name = '{}-{}'.format(site, location)
365365
366 if tls:
367 # Negative Listen/frontend checks to alert on obsolete TLS versions
368 for tlsrev in ('1', '1.1'):
369 check_name = utils.generate_nagios_check_name(
370 nagios_name, 'site', 'no_tls_{}'.format(tlsrev.replace('.', '_'))
371 )
372 cmd = (
373 '/usr/lib/nagios/plugins/negate'
374 ' /usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H {site_name}'
375 ' -p {port} --ssl={tls} --sni -j {method} -u {path}{token}'.format(
376 site_name=site_name,
377 port=frontend_port,
378 method=method,
379 url=url,
380 path=path,
381 token=token,
382 tls=tlsrev,
383 )
384 )
385 nrpe_setup.add_check(
386 shortname=check_name,
387 description='{} confirm obsolete TLS v{} denied'.format(site, tlsrev),
388 check_cmd=cmd,
389 )
390
391 # Listen / frontend check366 # Listen / frontend check
392 check_name = utils.generate_nagios_check_name(nagios_name, 'site', 'listen')367 check_name = utils.generate_nagios_check_name(nagios_name, 'site', 'listen')
393 cmd = (368 cmd = (
diff --git a/tests/unit/test_content_cache.py b/tests/unit/test_content_cache.py
index 746a427..9b1d6cf 100644
--- a/tests/unit/test_content_cache.py
+++ b/tests/unit/test_content_cache.py
@@ -549,18 +549,6 @@ site1.local:
549549
550 want = [550 want = [
551 mock.call(551 mock.call(
552 shortname='site_site2_local_no_tls_1',
553 description='site2.local confirm obsolete TLS v1 denied',
554 check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
555 ' -H site2.local -p 443 --ssl=1 --sni -j GET -u /check/',
556 ),
557 mock.call(
558 shortname='site_site2_local_no_tls_1_1',
559 description='site2.local confirm obsolete TLS v1.1 denied',
560 check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
561 ' -H site2.local -p 443 --ssl=1.1 --sni -j GET -u /check/',
562 ),
563 mock.call(
564 shortname='site_site2_local_listen',552 shortname='site_site2_local_listen',
565 description='site2.local site listen check',553 description='site2.local site listen check',
566 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 443 --ssl=1.2 --sni'554 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 443 --ssl=1.2 --sni'
@@ -577,18 +565,6 @@ site1.local:
577 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 8081 -j GET -u /check/',565 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 8081 -j GET -u /check/',
578 ),566 ),
579 mock.call(567 mock.call(
580 shortname='site_site2_local_my_local_content_no_tls_1',
581 description='site2.local confirm obsolete TLS v1 denied',
582 check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
583 ' -H site2.local -p 443 --ssl=1 --sni -j HEAD -u /my-local-content/',
584 ),
585 mock.call(
586 shortname='site_site2_local_my_local_content_no_tls_1_1',
587 description='site2.local confirm obsolete TLS v1.1 denied',
588 check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
589 ' -H site2.local -p 443 --ssl=1.1 --sni -j HEAD -u /my-local-content/',
590 ),
591 mock.call(
592 shortname='site_site2_local_my_local_content_listen',568 shortname='site_site2_local_my_local_content_listen',
593 description='site2.local site listen check',569 description='site2.local site listen check',
594 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 443 --ssl=1.2'570 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 443 --ssl=1.2'
@@ -601,18 +577,6 @@ site1.local:
601 ' -u /my-local-content/',577 ' -u /my-local-content/',
602 ),578 ),
603 mock.call(579 mock.call(
604 shortname='site_site2_local_my_local_content2_no_tls_1',
605 description='site2.local confirm obsolete TLS v1 denied',
606 check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
607 ' -H site2.local -p 443 --ssl=1 --sni -j HEAD -u /my-local-content2/',
608 ),
609 mock.call(
610 shortname='site_site2_local_my_local_content2_no_tls_1_1',
611 description='site2.local confirm obsolete TLS v1.1 denied',
612 check_cmd='/usr/lib/nagios/plugins/negate /usr/lib/nagios/plugins/check_http -I 127.0.0.1'
613 ' -H site2.local -p 443 --ssl=1.1 --sni -j HEAD -u /my-local-content2/',
614 ),
615 mock.call(
616 shortname='site_site2_local_my_local_content2_listen',580 shortname='site_site2_local_my_local_content2_listen',
617 description='site2.local site listen check',581 description='site2.local site listen check',
618 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 443 --ssl=1.2 --sni'582 check_cmd='/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -H site2.local -p 443 --ssl=1.2 --sni'

Subscribers

People subscribed via source and target branches