CAS 5.2.3 - Memcache monotiring
41 views
Skip to first unread message
Mr Rao
Oct 22, 2018, 2:34:42 AM10/22/18
to CAS Community
Hi,
We have been monitoring memcache using https://casurl/cas/status cas 3.x version, we changed Monitoring bean to pass only our custom memcache health check.
I see that in new CAS health check has lot of end points and also all end points are secured , all I want to do is create custom mecache health check and we want to use it in our load balancer health check instead of exposing it on the web , as we use it internally we do not need security for this end point. I do not want to expose all spring boot endpoints mentioned in the doc at https://apereo.github.io/cas/5.2.x/installation/Monitoring-Statistics.html
Any help is appreciated.
Thanks
Rao
Mr Rao
Oct 22, 2018, 7:15:26 PM10/22/18
to CAS Community
I've tried to disable the security by setting endpoints.sensitive=false but I still get Access Denise error when access https://localhost:8443/cas/status
I created a Simple controller to check memcache health and tried to use https://localhost:8443/cas/status and I still get Access Denise error .
But when I changed my controller end point url like https://localhost:8443/cas/statusxxx This works.
It looks like there is some thing either in CAS code or spring boot acuator looking for url with /status ???
Basically I want to disable all monitoring included in CAS and use my custom Controller end point to check memcache health. How do I disable complete monitoring from CAS and make my health check url to be https://localhost:8443/cas/status ?
Thanks
Rao
Andy Ng
Oct 23, 2018, 12:50:21 AM10/23/18
to CAS Community
`/status/health` is the recommended endpoint to retrive health check on 5.3.x . (https://apereo.github.io/cas/5.3.x/installation/Monitoring-Statistics.html)
However, if `/status/health` does not exists on 5.2.x, then your `/status` endpoint will do the monitoring job just fine for 5.2.x (might need to be careful when upgrading to 5.3.x).
As for how to enable the endpoint, I have the following setup in my testing CAS server:
You can see if the above properties is sufficient, and remove them line by line if you deem it too open.
However, if `/status/health` does not exists on 5.2.x, then your `/status` endpoint will do the monitoring job just fine for 5.2.x (might need to be careful when upgrading to 5.3.x).
As for how to enable the endpoint, I have the following setup in my testing CAS server:
cas.monitor.endpoints.status.enabled=true
cas.monitor.endpoints.status.sensitive=false
cas.monitor.endpoints.healthCheck.enabled=true
cas.monitor.endpoints.healthCheck.sensitive=false
You can see if the above properties is sufficient, and remove them line by line if you deem it too open.
I do not know about /cas/statusxxx, it shows access error on my server.
You can disable other core CAS monitoring in:
Set up a bean with the same name, disabling those monitoring in:
| final Set<Monitor> monitors = beans.entrySet().stream() | |
| .map(Map.Entry::getValue) | |
| .collect(Collectors.toSet()); |
And should be good to go. But... those monitoring are pretty lightweighted imo, I don't see why need to disable them, but your server your all :)
However, be careful that in 5.3.x, the Monitoring is completely revampted, so if you change this in 5.2.x, you might need to reconfigure again in 5.3.x.
Cheers!
- Andy
- Andy
Reply all
Reply to author
Forward
0 new messages