yahoo / netchasm Goto Github PK
View Code? Open in Web Editor NEWAn Automated health checking and server status verification system.
License: Apache License 2.0
An Automated health checking and server status verification system.
License: Apache License 2.0
An addition to the API to load config directly from the control socket instead of having to parse a YAML file can helpful when integrating with other applications.
Does NetCHASM support http2 (or later) health checks?
It's unclear from my scanning of the documentation whether NetCHASM supports making health checks to servers which support only http2 (i.e. no http/1.1 support).
Change would be to add http2 support (if it does not exist).
Such support would be useful for checking servers running gRPC services which are http2 based, but do not support http/1.1. We often have a situation now running Java gRPC services where a health check comes in for, say, GET /status.html HTTP/1.1
on the same port as the Java gRPC service. In Java gRPC, this results in an error and a long stack backtrace (see grpc/grpc-java#7692).
If the current code can be modified to make use of Dynamic libraries for instantiation of derived class objects instead of concrete instantiation as is done currently during initialization from the master config, inclusion of unwanted libraries in the final binary can be avoided when developers have their own implementation of the derived classes . For example :- inclusion of MDBM library can be avoided when developers have their own implementation of the storage base class that makes use of a different backend database.
Currently, the only way to add/remove servers to host groups using the provided API is to make the desired changes in the config and to issue a reload of the config. A new API to dynamically add/remove servers to host groups will avoid this time consuming reload.
A build target that does not compile AUX features
modify the existing slimbuild target to exclude AUX as well
NetCHASM should build under Ubuntu LTS 22.04 and CentOS 9 which be default use OpenSSL3.
NetCHASM fails to compile against OpenSSL3 because it uses a function that has been removed: FIPS_mode_set(). Here is the compile error:
/home/ubuntu/NetCHASM/src/internal/HMStateManager.cpp:106:5: error: ‘FIPS_mode_set’ was not declared in this scope
106 | FIPS_mode_set(0);
| ^~~~~~~~~~~~~
make[2]: *** [src/internal/CMakeFiles/netchasm_core.dir/build.make:692: src/internal/CMakeFiles/netchasm_core.dir/HMStateManager.cpp.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:426: src/internal/CMakeFiles/netchasm_core.dir/all] Error 2
make: *** [Makefile:166: all] Error 2
Note that there are also some functions used in NetCHASM that have been deprecated in OpenSSL3 (and some deprecated in OpenSSL 1.1.0). These functions will still work for now, but it is advisable to use the newer, non-deprecated functions to avoid the build breaking in the future. I've attached a full build log against OpenSSL3 which contains all the warnings of deprecated functions. Here is an example:
/home/ubuntu/NetCHASM/src/api/HMControlTLSSocketClient.cpp: In constructor ‘HMControlTLSSocketClient::HMControlTLSSocketClient(HMAPIIPAddress&, uint16_t, std::string&, std::string&, std::string&)’:
/home/ubuntu/NetCHASM/src/api/HMControlTLSSocketClient.cpp:100:40: warning: ‘const SSL_METHOD* TLSv1_2_method()’ is deprecated: Since OpenSSL 1.1.0 [-Wdeprecated-declarations]
100 | m_ctx = SSL_CTX_new(TLSv1_2_method());
| ^
In file included from /home/ubuntu/NetCHASM/include/NetCHASM/HMControlTLSSocketClient.h:11,
from /home/ubuntu/NetCHASM/src/api/HMControlTLSSocketClient.cpp:12:
/usr/include/openssl/ssl.h:2020:50: note: declared here
2020 | OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
| ^~~~~~~~~~~~~~
/home/ubuntu/NetCHASM/src/api/HMControlTLSSocketClient.cpp:100:40: warning: ‘const SSL_METHOD* TLSv1_2_method()’ is deprecated: Since OpenSSL 1.1.0 [-Wdeprecated-declarations]
100 | m_ctx = SSL_CTX_new(TLSv1_2_method());
| ^
In file included from /home/ubuntu/NetCHASM/include/NetCHASM/HMControlTLSSocketClient.h:11,
from /home/ubuntu/NetCHASM/src/api/HMControlTLSSocketClient.cpp:12:
/usr/include/openssl/ssl.h:2020:50: note: declared here
2020 | OSSL_DEPRECATEDIN_1_1_0 __owur const SSL_METHOD *TLSv1_2_method(void); /* TLSv1.2 */
| ^~~~~~~~~~~~~~
/home/ubuntu/NetCHASM/src/internal/HMWorkHealthCheckCurl.cpp:86:21: warning: ‘void RSA_free(RSA*)’ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
86 | RSA_free(rsa);
| ^
In file included from /usr/include/openssl/x509.h:36,
from /usr/include/openssl/ssl.h:31,
from /home/ubuntu/NetCHASM/include/internal/HMEventLoopLibEvent.h:15,
from /home/ubuntu/NetCHASM/include/internal/HMStateManager.h:9,
from /home/ubuntu/NetCHASM/src/internal/HMWorkHealthCheckCurl.cpp:10:
/usr/include/openssl/rsa.h:293:28: note: declared here
293 | OSSL_DEPRECATEDIN_3_0 void RSA_free(RSA *r);
| ^~~~~~~~
Full Log: make.log
I'm not really sure why FIPS_mode_set(0) (which would attempt to turn FIPS Mode off) is called as I can't find an instance in the NetCHASM code where FIPS mode is turned on. The OpenSSL page on migrating to OpenSSL3 is here: https://www.openssl.org/docs/man3.0/man7/migration_guide.html#Deprecated-low-level-encryption-functions and it says this:
Removed FIPS_mode() and FIPS_mode_set()
These functions are legacy APIs that are not applicable to the new provider model. Applications should instead use [EVP_default_properties_is_fips_enabled(3)](https://www.openssl.org/docs/man3.0/man3/EVP_default_properties_is_fips_enabled.html) and [EVP_default_properties_enable_fips(3)](https://www.openssl.org/docs/man3.0/man3/EVP_default_properties_enable_fips.html).
So I can't fully suggest what to change here to fix this issue.
Clone the repository on Ubuntu 22.04 LTS and follow the normal steps for building. Install the pre-reqs, run the cmake command then make. Note that I also had to install and use g++-9 because NetCHASM won't build with g++-11 due to compiler changes.
OpenSSL3 is the current version of the OpenSSL project and has been adopted by Ubuntu 22.04, CentOS 9, and presumably will be the default for most distros going forward. The older OpenSSL versions will go EOL eventually thus meaning that all systems that want to use OpenSSL must upgrade. Unfortunately, OpenSSL has deprecated or removed some of their API in this major version update. If people want to use NetCHASM on these newer distros then it will have to be updated to support the OpenSSL 3.0 APIs. Here is the migration guide which helps explain this.
An optimization can be introduced when a Host group consists of only IP addresses instead of Domain names for servers. Currently, Work orders for DNS resolution are placed on the Queue even when just the IP addresses for the servers are provided in the config. This can be avoided if NetCHASM can detect host groups with only IP addresses and cancel this part of the code flow.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.