Merge "Check for cert alarms in health-query-upgrade"
This commit is contained in:
commit
2ff2a7c088
|
@ -1,4 +1,4 @@
|
|||
# Copyright (c) 2020-2022 Wind River Systems, Inc.
|
||||
# Copyright (c) 2020-2023 Wind River Systems, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
|
@ -354,14 +354,18 @@ def get_system(token, method, api_cmd, api_cmd_headers=None,
|
|||
|
||||
def get_token():
|
||||
"""Get token for the sysinv user."""
|
||||
|
||||
keystone_conf = CONF.get('KEYSTONE_AUTHTOKEN')
|
||||
|
||||
token = _get_token(
|
||||
CONF.keystone_authtoken.auth_url + '/v3/auth/tokens',
|
||||
CONF.keystone_authtoken.project_name,
|
||||
CONF.keystone_authtoken.username,
|
||||
CONF.keystone_authtoken.password,
|
||||
CONF.keystone_authtoken.user_domain_name,
|
||||
CONF.keystone_authtoken.project_domain_name,
|
||||
CONF.keystone_authtoken.region_name)
|
||||
keystone_conf.auth_url + '/v3/auth/tokens',
|
||||
keystone_conf.project_name,
|
||||
keystone_conf.username,
|
||||
keystone_conf.password,
|
||||
keystone_conf.user_domain_name,
|
||||
keystone_conf.project_domain_name,
|
||||
keystone_conf.region_name)
|
||||
|
||||
return token
|
||||
|
||||
|
||||
|
@ -466,7 +470,7 @@ def init_keystone_auth_opts():
|
|||
help='Authorization url')
|
||||
]
|
||||
|
||||
keystone_opt_group = cfg.OptGroup(name='keystone_authtoken',
|
||||
keystone_opt_group = cfg.OptGroup(name='KEYSTONE_AUTHTOKEN',
|
||||
title='Keystone options')
|
||||
cfg.CONF.register_opts(keystone_opts, group=keystone_opt_group.name)
|
||||
|
||||
|
|
|
@ -2271,6 +2271,9 @@ CERT_LOCATION_MAP = {
|
|||
# TODO(): TPM
|
||||
}
|
||||
|
||||
# Certificates alarm id
|
||||
CERT_ALARM_IDS = ['500.200', '500.210']
|
||||
|
||||
CERT_ALARM_ANNOTATION_ALARM = 'starlingx.io/alarm'
|
||||
CERT_ALARM_ANNOTATION_ALARM_BEFORE = 'starlingx.io/alarm-before'
|
||||
CERT_ALARM_ANNOTATION_ALARM_SEVERITY = 'starlingx.io/alarm-severity'
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Copyright (c) 2018-2022 Wind River Systems, Inc.
|
||||
# Copyright (c) 2018-2023 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
@ -18,6 +18,7 @@ from sysinv.common import kubernetes
|
|||
from sysinv.common import utils
|
||||
from sysinv.common.fm import fmclient
|
||||
from sysinv.common.storage_backend_conf import StorageBackendConfig
|
||||
from sysinv.cert_alarm.audit import CertAlarmAudit
|
||||
from sysinv.api.controllers.v1 import patch_api
|
||||
from sysinv.api.controllers.v1 import vim_api
|
||||
|
||||
|
@ -37,6 +38,7 @@ class Health(object):
|
|||
self._dbapi = dbapi
|
||||
self._ceph = ceph.CephApiOperator()
|
||||
self._kube_operator = kubernetes.KubeOperator()
|
||||
self._cert_alarm_manager = CertAlarmAudit()
|
||||
|
||||
def _check_hosts_provisioned(self, hosts):
|
||||
"""Checks that each host is provisioned"""
|
||||
|
@ -105,16 +107,24 @@ class Health(object):
|
|||
if alarm_ignore_list is None:
|
||||
alarm_ignore_list = []
|
||||
|
||||
self._cert_alarm_manager.run_full_audit()
|
||||
|
||||
alarms = fmclient(context).alarm.list(include_suppress=True)
|
||||
|
||||
success = True
|
||||
allowed = 0
|
||||
affecting = 0
|
||||
cert_alarm = 0
|
||||
|
||||
# Separate alarms that are mgmt affecting
|
||||
for alarm in alarms:
|
||||
if alarm.alarm_id not in alarm_ignore_list:
|
||||
mgmt_affecting = alarm.mgmt_affecting == "True"
|
||||
if not mgmt_affecting:
|
||||
if alarm.alarm_id in constants.CERT_ALARM_IDS:
|
||||
cert_alarm += 1
|
||||
if not force:
|
||||
success = False
|
||||
elif not mgmt_affecting:
|
||||
allowed += 1
|
||||
if not force:
|
||||
success = False
|
||||
|
@ -122,7 +132,7 @@ class Health(object):
|
|||
affecting += 1
|
||||
success = False
|
||||
|
||||
return success, allowed, affecting
|
||||
return success, allowed, affecting, cert_alarm
|
||||
|
||||
def _check_active_is_controller_0(self):
|
||||
"""Checks that active controller is controller-0"""
|
||||
|
@ -425,15 +435,17 @@ class Health(object):
|
|||
|
||||
health_ok = health_ok and success
|
||||
|
||||
success, allowed, affecting = self._check_alarms(
|
||||
success, allowed, affecting, cert_alarm = self._check_alarms(
|
||||
context,
|
||||
force=force,
|
||||
alarm_ignore_list=alarm_ignore_list)
|
||||
output += _('No alarms: [%s]\n') \
|
||||
% (Health.SUCCESS_MSG if success else Health.FAIL_MSG)
|
||||
if not success:
|
||||
output += _('[%s] alarms found, [%s] of which are management '
|
||||
'affecting\n') % (allowed + affecting, affecting)
|
||||
output += _('[%s] alarms found, [%s] of which are management affecting '
|
||||
'and [%s] are certificate expiration alarms. '
|
||||
'Use "fm alarm-list" for details') % (allowed + affecting + cert_alarm,
|
||||
affecting, cert_alarm)
|
||||
|
||||
health_ok = health_ok and success
|
||||
|
||||
|
|
Loading…
Reference in New Issue