OpenStack Ceilometer Charm

Extend NRPE checks for reporting soon-to-expire certificates to Nagios

Bug #1949881 reported by Aurelien Lourot
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ceph RADOS Gateway Charm
New
Undecided
Unassigned
Charm Helpers
In Progress
Undecided
Unassigned
OpenStack Ceilometer Charm
New
Undecided
Unassigned
OpenStack Cinder Charm
New
Undecided
Unassigned
OpenStack Dashboard Charm
New
Undecided
Unassigned
OpenStack Glance Charm
New
Undecided
Unassigned
OpenStack Heat Charm
New
Undecided
Unassigned
OpenStack Keystone Charm
New
Undecided
Unassigned
OpenStack Neutron API Charm
In Progress
Wishlist
Anna Savchenko
OpenStack Nova Cloud Controller Charm
New
Undecided
Unassigned
OpenStack Swift Proxy Charm
New
Undecided
Unassigned
charm-ovn-central
New
Undecided
Unassigned

Bug Description

The idea came out of lp:1914708. There seems to be an easy way to extend the existing NRPE (Nagios remote plugin executor) checks of each charm to get alerts when certificates are about to expire.

Taking charm-neutron-api as an example, but this applies to all charms that report to Nagios and expose an HTTPS API. Thus the common logic should be placed in charm-helpers, [1] which is a library used by all charms.

The charm produces an NRPE config [2] that is used to report to the Nagios charm. One of the NRPE checks [3][4][5] makes use of `check_http`, [6] which could also be used to report on certificate expiration times.

[1] https://github.com/juju/charm-helpers
[2] https://github.com/openstack/charm-neutron-api/blob/master/hooks/neutron_api_hooks.py#L714
[3] https://github.com/openstack/charm-neutron-api/blob/master/hooks/neutron_api_hooks.py#L713
[4] https://github.com/juju/charm-helpers/blob/master/charmhelpers/contrib/charmsupport/nrpe.py#L504
[5] https://github.com/juju/charm-helpers/blob/master/charmhelpers/contrib/openstack/files/check_haproxy.sh
[6] https://nagios-plugins.org/doc/man/check_http.html

See original description
Aurelien Lourot (aurelien-lourot)
Changed in vault-charm:
status: New → In Progress
importance: Undecided → Wishlist
Aurelien Lourot (aurelien-lourot)
summary: - Unit status should show when the certificates are about to expire
+ Extend NRPE checks for reporting soon-to-expire certificates to Nagios
description: updated
no longer affects: vault-charm
Changed in charm-helpers:
status: New → In Progress
Aurelien Lourot (aurelien-lourot)
Changed in charm-neutron-api:
assignee: nobody → Anna Savchenko (annsavchenko)
importance: Undecided → Wishlist
status: New → In Progress
Revision history for this message
James Troup (elmo) wrote :

So, err, we have the openstack-service-checks charm which already does this in one place. It'd be nice if we could avoid taking the number of SSL alerts we get and multiplying them by 3x?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.