charm-haproxy

Merge lp:~dparv/charm-haproxy/add_nrpe_ssl_certificate_check into lp:charm-haproxy

  1. add_nrpe_ssl_certificate_check
  2. Merge into trunk
Proposed by Diko Parvanov
Status: Merged
Approved by: Haw Loeung
Approved revision: 152
Merged at revision: 152
Proposed branch: lp:~dparv/charm-haproxy/add_nrpe_ssl_certificate_check
Merge into: lp:charm-haproxy
Diff against target: 47 lines (+29/-0)
2 files modified
config.yaml (+12/-0)
hooks/hooks.py (+17/-0)
To merge this branch: bzr merge lp:~dparv/charm-haproxy/add_nrpe_ssl_certificate_check
Reviewer Review Type Date Requested Status
Haw Loeung +1 Approve
Canonical IS Reviewers Pending
Review via email: mp+432121@code.launchpad.net

Commit message

Added NRPE check for certificate expiration

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Haw Loeung (hloeung) wrote :

LGTM

review: Approve (+1)
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 152

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2021-11-04 16:24:19 +0000
3+++ config.yaml 2022-10-25 08:06:22 +0000
4@@ -290,3 +290,15 @@
5 to configured backends. In "active-active" mode, each unit will proxy the
6 traffic directly to the backends. The "active-passive" mode gives a better
7 control of the maximum connection that will be opened to a backend server.
8+ tls_warn_days:
9+ type: int
10+ default: 30
11+ description: |
12+ Number of days left for the TLS certificate to expire before warning in
13+ the nagios NRPE check.
14+ tls_crit_days:
15+ type: int
16+ default: 14
17+ description: |
18+ Number of days left for the TLS certificate to expire before alerting
19+ Critical in the NRPE check.
20
21=== modified file 'hooks/hooks.py'
22--- hooks/hooks.py 2021-12-02 15:12:00 +0000
23+++ hooks/hooks.py 2022-10-25 08:06:22 +0000
24@@ -1203,6 +1203,23 @@
25 install_nrpe_scripts()
26 for check_args in checks_args:
27 nrpe_compat.add_check(*check_args)
28+ ssl_cert = config_data.get("ssl_cert")
29+ if ssl_cert:
30+ cmd_params = ["/usr/lib/nagios/plugins/check_http"]
31+ host, port = ('127.0.0.1', '443')
32+ cmd_params.append(" -H {} -p {}".format(host, port))
33+ cmd_params.append(" -u /")
34+ cmd_params.append(
35+ " -C {},{}".format(
36+ config_data.get("tls_warn_days") or 30,
37+ config_data.get("tls_crit_days") or 14,
38+ )
39+ )
40+ nrpe_compat.add_check(
41+ shortname="https_cert",
42+ description="Certificate expiry check for local unit",
43+ check_cmd=" ".join(cmd_params),
44+ )
45 else:
46 for check_args in checks_args:
47 if os.path.isfile(nrpe_scripts_dest + '/' + check_args[2]):

Subscribers

People subscribed via source and target branches

to all changes: