Making cert alert more critical
Curretnly, only gets warning until zeroday. Adding CRITICAL alert 30 days in advance. WARNING alert 60 days in advance. Related-Bug: #2063814 Change-Id: I76a53b483070398d4ab9e40f6a1e167d46f47f96
This commit is contained in:
Seyeong Kim
parent
360b63bf3c
commit
1b00966719
@ -21,6 +21,13 @@ from cryptography.hazmat.backends import default_backend
|
|||||||
from cryptography import x509
|
from cryptography import x509
|
||||||
|
|
||||||
NAGIOS_PLUGIN_DATA = '/usr/local/lib/nagios/juju_charm_plugin_data'
|
NAGIOS_PLUGIN_DATA = '/usr/local/lib/nagios/juju_charm_plugin_data'
|
||||||
|
UNKNOWN = 3
|
||||||
|
CRITICAL = 2
|
||||||
|
WARN = 1
|
||||||
|
SUCCESS = 0
|
||||||
|
|
||||||
|
CERT_EXPIRY_CRITICAL_LIMIT = 30
|
||||||
|
CERT_EXPIRY_WARN_LIMIT = 60
|
||||||
|
|
||||||
|
|
||||||
class SSLCertificate(object):
|
class SSLCertificate(object):
|
||||||
@ -47,36 +54,43 @@ def check_ovn_certs():
|
|||||||
if not os.path.isdir(NAGIOS_PLUGIN_DATA):
|
if not os.path.isdir(NAGIOS_PLUGIN_DATA):
|
||||||
os.makedirs(NAGIOS_PLUGIN_DATA)
|
os.makedirs(NAGIOS_PLUGIN_DATA)
|
||||||
|
|
||||||
exit_code = 0
|
exit_code = SUCCESS
|
||||||
for cert in ['/etc/ovn/cert_host', '/etc/ovn/ovn-central.crt']:
|
for cert in ['/etc/ovn/cert_host', '/etc/ovn/ovn-central.crt']:
|
||||||
if not os.path.exists(cert):
|
if not os.path.exists(cert):
|
||||||
message = "cert '{}' does not exist.".format(cert)
|
message = "cert '{}' does not exist.".format(cert)
|
||||||
exit_code = 2
|
exit_code = CRITICAL
|
||||||
break
|
break
|
||||||
|
|
||||||
if not os.access(cert, os.R_OK):
|
if not os.access(cert, os.R_OK):
|
||||||
message = "cert '{}' is not readable.".format(cert)
|
message = "cert '{}' is not readable.".format(cert)
|
||||||
exit_code = 2
|
exit_code = CRITICAL
|
||||||
break
|
break
|
||||||
|
|
||||||
try:
|
try:
|
||||||
remaining_days = SSLCertificate(cert).days_remaining
|
remaining_days = SSLCertificate(cert).days_remaining
|
||||||
if remaining_days <= 0:
|
if remaining_days <= 0:
|
||||||
message = "{}: cert has expired.".format(cert)
|
message = "{}: cert has expired.".format(cert)
|
||||||
exit_code = 2
|
exit_code = CRITICAL
|
||||||
break
|
break
|
||||||
|
|
||||||
if remaining_days < 10:
|
if remaining_days < CERT_EXPIRY_CRITICAL_LIMIT:
|
||||||
message = ("{}: cert will expire soon (less than 10 days).".
|
message = ("{}: cert will expire in {} days".
|
||||||
format(cert))
|
format(cert, remaining_days))
|
||||||
exit_code = 1
|
exit_code = CRITICAL
|
||||||
break
|
break
|
||||||
|
|
||||||
|
if remaining_days < CERT_EXPIRY_WARN_LIMIT:
|
||||||
|
message = ("{}: cert will expire in {} days".
|
||||||
|
format(cert, remaining_days))
|
||||||
|
exit_code = WARN
|
||||||
|
break
|
||||||
|
|
||||||
except Exception as exc:
|
except Exception as exc:
|
||||||
message = "failed to check cert '{}': {}".format(cert, str(exc))
|
message = "failed to check cert '{}': {}".format(cert, str(exc))
|
||||||
exit_code = 1
|
exit_code = UNKNOWN
|
||||||
else:
|
else:
|
||||||
message = "all certs healthy"
|
message = "all certs healthy"
|
||||||
exit_code = 0
|
exit_code = SUCCESS
|
||||||
|
|
||||||
ts = datetime.now()
|
ts = datetime.now()
|
||||||
with open(output_path, 'w') as fd:
|
with open(output_path, 'w') as fd:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user