search

juju / juju-gui-charm

Charm for Juju GUI.
GNU Affero General Public License v3.0
2 stars 16 forks source link

Fix nrpe check for GUI accessible #81

Closed bac closed 7 years ago

bac commented 7 years ago

Fixes #80

The nagios check for the GUI being accessible was previously a custom script that incorrectly used the https protocol when in production the tornado server was running http. This fix corrects the protocol and uses the standard check_http nagios plugin.

jujugui commented 7 years ago

Refer to this link for build results (access rights to CI server needed): http://ci-cge.jujugui.org:8080//job/juju-gui-charm/184/

bac commented 7 years ago

Notes

The charm has a configuration setting secure that controls whether the GUI is served on 443 (true) or 80 (false). By default the value is true. If the charm is deployed stand-alone then the guiserver only listens on 443.

On staging and production the charm is fronted with Apache that does SSL termination and secure=false. Since the nagios check is intended for our production servers, the change made here is customized for that environment. Should one deploy this charm stand-alone with nagios monitoring with the default secure=True, then the nagios check will fail.

The charm could be made smarter to take the value of secure into account. This would affect the update-nrpe.py script and the config-changed hooks. After discussions it was decided the added level of complexity is not worthwhile, since this charm is rarely used except for our production deployments.

QA

  1. Deploy the juju-gui-charm, nrpe-external-master, and relate them.

    juju deploy . --series=xenial
juju deploy nrpe-external-master --series=xenial --force
juju config juju-gui secure=false
juju relate juju-gui nrpe-external-master

  2. SSH to the juju-gui/0 machine and look at /etc/nagios/nrpe.d/check_gui_is_accessible.cfg. Run the command within it and ensure it succeeds:

    /usr/lib/nagios/plugins/check_http -I 127.0.0.1 -p 80 -r version -u /static/gui/build/app/version.json
HTTP OK: HTTP/1.1 200 OK - 236 bytes in 0.002 second response time |time=0.002394s;;;0.000000 size=236B;;;0

  3. Re-run the command changing the port and the success string ('version'). See that it fails.

  4. Stop the guiserver and re-run the original nagios check, seeing it fail.

    sudo systemctl stop guiserver
/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -p 80 -r version -u /static/gui/build/app/version.json
connect to address 127.0.0.1 and port 80: Connection refused
HTTP CRITICAL - Unable to open TCP socket

  5. Start it back up and see the check succeed.

jujugui commented 7 years ago

Refer to this link for build results (access rights to CI server needed): http://ci-cge.jujugui.org:8080//job/juju-gui-charm/185/

jrwren commented 7 years ago

Thank you for the excellent QA instructions.

bac commented 7 years ago

:shipit:

jujugui commented 7 years ago

Status: merge request accepted. Url: http://ci-gce.jujugui.org:8080/job/juju-gui-charm-merge