From f309023b5e627e87844df32492aba6003769d32e Mon Sep 17 00:00:00 2001 From: Seyeong Kim Date: Tue, 30 Apr 2024 02:40:38 +0000 Subject: [PATCH] Making cert alert more critical Curretnly, only gets warning until zeroday. Adding CRITICAL alert 30 days in advance. WARNING alert 60 days in advance. Related-Bug: #2063814 Change-Id: If6e2d7250ee0874983343e8bb055d583e9c54443 --- src/files/scripts/check_ovn_certs.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/src/files/scripts/check_ovn_certs.py b/src/files/scripts/check_ovn_certs.py index a78739e..c294edc 100755 --- a/src/files/scripts/check_ovn_certs.py +++ b/src/files/scripts/check_ovn_certs.py @@ -21,11 +21,13 @@ from cryptography.hazmat.backends import default_backend from cryptography import x509 NAGIOS_PLUGIN_DATA = '/usr/local/lib/nagios/juju_charm_plugin_data' +UNKNOWN = 3 CRITICAL = 2 WARN = 1 SUCCESS = 0 -CERT_EXPIRY_LIMIT = 60 +CERT_EXPIRY_CRITICAL_LIMIT = 30 +CERT_EXPIRY_WARN_LIMIT = 60 class SSLCertificate(object): @@ -71,14 +73,21 @@ def check_ovn_certs(): exit_code = CRITICAL break - if remaining_days < CERT_EXPIRY_LIMIT: - message = ("{}: cert will expire soon (less than {} days).". - format(cert, CERT_EXPIRY_LIMIT)) + if remaining_days < CERT_EXPIRY_CRITICAL_LIMIT: + message = ("{}: cert will expire in {} days". + format(cert, remaining_days)) + exit_code = CRITICAL + break + + if remaining_days < CERT_EXPIRY_WARN_LIMIT: + message = ("{}: cert will expire in {} days". + format(cert, remaining_days)) exit_code = WARN break + except Exception as exc: message = "failed to check cert '{}': {}".format(cert, str(exc)) - exit_code = WARN + exit_code = UNKNOWN else: message = "all certs healthy" exit_code = SUCCESS