diff --git a/cabot/cabot_config.py b/cabot/cabot_config.py index fb3d440ae..2ac38d3f6 100644 --- a/cabot/cabot_config.py +++ b/cabot/cabot_config.py @@ -19,6 +19,7 @@ WWW_SCHEME = os.environ.get('WWW_SCHEME', "https") HTTP_USER_AGENT = os.environ.get('HTTP_USER_AGENT', 'Cabot') +CABOT_HTTP_CHECK_CA_BUNDLE = os.environ.get('CABOT_HTTP_CHECK_CA_BUNDLE') # How often should alerts be sent for important failures? ALERT_INTERVAL = int(os.environ.get('ALERT_INTERVAL', 10)) diff --git a/cabot/cabotapp/models/base.py b/cabot/cabotapp/models/base.py index 69c0728c8..56db4ebfe 100644 --- a/cabot/cabotapp/models/base.py +++ b/cabot/cabotapp/models/base.py @@ -1,5 +1,6 @@ import itertools import json +import os import re import subprocess import time @@ -763,11 +764,20 @@ def _run(self): auth = (self.username if self.username is not None else '', self.password if self.password is not None else '') + ssl_verify = self.verify_ssl_certificate + if self.verify_ssl_certificate and settings.CABOT_HTTP_CHECK_CA_BUNDLE: + if os.path.isfile(settings.CABOT_HTTP_CHECK_CA_BUNDLE): + ssl_verify = settings.CABOT_HTTP_CHECK_CA_BUNDLE + else: + logger.error('Cannot find CA bundle file %r. Check the value of CABOT_HTTP_CHECK_CA_BUNDLE' % + settings.CABOT_HTTP_CHECK_CA_BUNDLE) + ssl_verify = True # Fallback on default CA bundle provided by the Certifi python module + try: resp = requests.get( self.endpoint, timeout=self.timeout, - verify=self.verify_ssl_certificate, + verify=ssl_verify, auth=auth, headers={ "User-Agent": settings.HTTP_USER_AGENT, diff --git a/cabot/cabotapp/tasks.py b/cabot/cabotapp/tasks.py index a13412627..e748699e6 100644 --- a/cabot/cabotapp/tasks.py +++ b/cabot/cabotapp/tasks.py @@ -99,11 +99,7 @@ def clean_db(days_to_retain=7, batch_size=10000): InstanceStatusSnapshot.objects.filter(id__in=instance_snapshot_ids).delete() # If we reached the batch size on either we need to re-queue to continue cleaning up. - if ( - result_count == batch_size or - service_snapshot_count == batch_size or - instance_snapshot_count == batch_size - ): + if result_count == batch_size or service_snapshot_count == batch_size or instance_snapshot_count == batch_size: clean_db.apply_async(kwargs={ 'days_to_retain': days_to_retain, 'batch_size': batch_size}, diff --git a/cabot/cabotapp/views.py b/cabot/cabotapp/views.py index 1b8c16113..f847c87ce 100644 --- a/cabot/cabotapp/views.py +++ b/cabot/cabotapp/views.py @@ -264,7 +264,7 @@ class Meta: }), 'text_match': forms.TextInput(attrs={ 'style': 'width: 100%', - 'placeholder': '[Aa]rachnys\s+[Rr]ules', + 'placeholder': r'[Aa]rachnys\s+[Rr]ules', }), 'status_code': forms.TextInput(attrs={ 'style': 'width: 20%', diff --git a/cabot/settings.py b/cabot/settings.py index 187860113..7699138a3 100644 --- a/cabot/settings.py +++ b/cabot/settings.py @@ -164,7 +164,7 @@ COMPRESS_PRECOMPILERS = ( ('text/coffeescript', 'coffee --compile --stdio'), ('text/eco', - 'eco -i TEMPLATES {infile} && cat "$(echo "{infile}" | sed -e "s/\.eco$/.js/g")"'), + r'eco -i TEMPLATES {infile} && cat "$(echo "{infile}" | sed -e "s/\.eco$/.js/g")"'), ('text/less', 'lessc {infile} > {outfile}'), ) diff --git a/conf/default.env b/conf/default.env index fd289b60d..e9bdd6f61 100644 --- a/conf/default.env +++ b/conf/default.env @@ -28,6 +28,9 @@ CELERY_BROKER_URL=redis://redis:6379/1 # User-Agent string used for HTTP checks HTTP_USER_AGENT=Cabot +# CA bundle to use when verifying SSL certificate in HTTP checks. By default the bundle is provided by the Certifi python module +# CABOT_HTTP_CHECK_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt + # Used for pointing links back in alerts etc. WWW_HTTP_HOST=localhost WWW_SCHEME=http diff --git a/conf/development.env.example b/conf/development.env.example index 8a823bd09..7c259adce 100644 --- a/conf/development.env.example +++ b/conf/development.env.example @@ -38,6 +38,9 @@ GRAPHITE_PASS=password # User-Agent string used for HTTP checks HTTP_USER_AGENT=Cabot +# CA bundle to use when verifying SSL certificate in HTTP checks. By default the bundle is provided by the Certifi python module +# CABOT_HTTP_CHECK_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt + # Hipchat integration HIPCHAT_ALERT_ROOM=room_name_or_id HIPCHAT_API_KEY=your_hipchat_api_key diff --git a/conf/production.env.example b/conf/production.env.example index a092faa84..f419e3649 100644 --- a/conf/production.env.example +++ b/conf/production.env.example @@ -39,6 +39,9 @@ GRAPHITE_PASS=password ## User-Agent string used for Cabot HTTP checks HTTP_USER_AGENT=Cabot +# CA bundle to use when verifying SSL certificate in HTTP checks. By default the bundle is provided by the Certifi python module +# CABOT_HTTP_CHECK_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt + ## Email plugin integration EMAIL_HOST=smtp.example.com # SMTP authentication settings. To disable SMTP authentication, comment out diff --git a/setup.py b/setup.py index 5df0466b6..77e7c0b35 100644 --- a/setup.py +++ b/setup.py @@ -4,7 +4,10 @@ from os import environ as env import subprocess -from pip.req import parse_requirements +try: # for pip >= 10 + from pip._internal.req import parse_requirements +except ImportError: # for pip <= 9.0.3 + from pip.req import parse_requirements requirements = [str(req.req) for req in parse_requirements('requirements.txt', session=False)] requirements_plugins = [str(req.req) for req in parse_requirements('requirements-plugins.txt', session=False)]