Allow configuring MAXIMUM_VALIDITY/IGNORE_MAXIMUM_VALIDITY for check_ssl_cert_options
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| charm-openstack-service-checks |
Fix Released
|
Undecided
|
Mustafa Kemal Gilor | ||
Bug Description
This is another instance of false(?) CRITICAL errors raised by the check_ssl_cert, which is pretty similar to #2008190 and #1996123 LP bugs. The default configuration of check_ssl_cert enforces a maximum validity period of 397 days for all certificates and this causes CRITICAL errors to be raised, which makes the users uncomfortable:
SSL_CERT CRITICAL example.com: The certificate cannot be valid for more than 397 days (1080)|
We could add another boolean flag for enabling/disabling this check, and/or for altering the MAXIMUM_VALIDITY, but this will cause unnecessary clutter in the charm config options given that check_ssl_cert has a long list of options, and there may be future instances of false alerts related to check_ssl_cert's defaults.
So, my suggestion would be to add a `check-
Related branches
- Eric Chen: Approve
- 🤖 prod-jenkaas-bootstack: Approve (continuous-integration)
- Robert Gildein: Approve
- BootStack Reviewers: Pending requested
-
Diff: 151 lines (+97/-0)4 files modified.gitignore (+1/-0)
src/config.yaml (+8/-0)
src/lib/lib_openstack_service_checks.py (+13/-0)
src/tests/unit/test_lib.py (+75/-0)
| Changed in charm-openstack-service-checks: | |
| status: | New → In Progress |
| assignee: | nobody → Mustafa Kemal Gilor (mustafakemalgilor) |
| Changed in charm-openstack-service-checks: | |
| status: | In Progress → Fix Committed |
| Changed in charm-openstack-service-checks: | |
| milestone: | none → 23.07 |
| Changed in charm-openstack-service-checks: | |
| status: | Fix Committed → Fix Released |
