charm-haproxy

Merge lp:~dparv/charm-haproxy/add_nrpe_ssl_certificate_check into lp:charm-haproxy

  1. add_nrpe_ssl_certificate_check
  2. Merge into trunk
Proposed by Diko Parvanov
Status: Merged
Approved by: Haw Loeung
Approved revision: 152
Merged at revision: 152
Proposed branch: lp:~dparv/charm-haproxy/add_nrpe_ssl_certificate_check
Merge into: lp:charm-haproxy
Diff against target: 47 lines (+29/-0)
2 files modified
config.yaml (+12/-0)
hooks/hooks.py (+17/-0)
To merge this branch: bzr merge lp:~dparv/charm-haproxy/add_nrpe_ssl_certificate_check
Reviewer Review Type Date Requested Status
Haw Loeung +1 Approve
Canonical IS Reviewers Pending
Review via email: mp+432121@code.launchpad.net

Commit message

Added NRPE check for certificate expiration

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
Haw Loeung (hloeung) wrote :

LGTM

review: Approve (+1)
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision 152

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'config.yaml'
--- config.yaml 2021-11-04 16:24:19 +0000
+++ config.yaml 2022-10-25 08:06:22 +0000
@@ -290,3 +290,15 @@
290 to configured backends. In "active-active" mode, each unit will proxy the290 to configured backends. In "active-active" mode, each unit will proxy the
291 traffic directly to the backends. The "active-passive" mode gives a better291 traffic directly to the backends. The "active-passive" mode gives a better
292 control of the maximum connection that will be opened to a backend server.292 control of the maximum connection that will be opened to a backend server.
293 tls_warn_days:
294 type: int
295 default: 30
296 description: |
297 Number of days left for the TLS certificate to expire before warning in
298 the nagios NRPE check.
299 tls_crit_days:
300 type: int
301 default: 14
302 description: |
303 Number of days left for the TLS certificate to expire before alerting
304 Critical in the NRPE check.
293305
=== modified file 'hooks/hooks.py'
--- hooks/hooks.py 2021-12-02 15:12:00 +0000
+++ hooks/hooks.py 2022-10-25 08:06:22 +0000
@@ -1203,6 +1203,23 @@
1203 install_nrpe_scripts()1203 install_nrpe_scripts()
1204 for check_args in checks_args:1204 for check_args in checks_args:
1205 nrpe_compat.add_check(*check_args)1205 nrpe_compat.add_check(*check_args)
1206 ssl_cert = config_data.get("ssl_cert")
1207 if ssl_cert:
1208 cmd_params = ["/usr/lib/nagios/plugins/check_http"]
1209 host, port = ('127.0.0.1', '443')
1210 cmd_params.append(" -H {} -p {}".format(host, port))
1211 cmd_params.append(" -u /")
1212 cmd_params.append(
1213 " -C {},{}".format(
1214 config_data.get("tls_warn_days") or 30,
1215 config_data.get("tls_crit_days") or 14,
1216 )
1217 )
1218 nrpe_compat.add_check(
1219 shortname="https_cert",
1220 description="Certificate expiry check for local unit",
1221 check_cmd=" ".join(cmd_params),
1222 )
1206 else:1223 else:
1207 for check_args in checks_args:1224 for check_args in checks_args:
1208 if os.path.isfile(nrpe_scripts_dest + '/' + check_args[2]):1225 if os.path.isfile(nrpe_scripts_dest + '/' + check_args[2]):

Subscribers

People subscribed via source and target branches

to all changes: