Merge lp:~verterok/charms/trusty/logstash/lumberjack-cert-check into lp:~tanuki/charms/trusty/logstash/trunk

Proposed by Guillermo Gonzalez on 2015-09-30
Status: Merged
Approved by: Guillermo Gonzalez on 2015-09-30
Approved revision: 59
Merged at revision: 58
Proposed branch: lp:~verterok/charms/trusty/logstash/lumberjack-cert-check
Merge into: lp:~tanuki/charms/trusty/logstash/trunk
Diff against target: 88 lines (+52/-0)
2 files modified
config.yaml (+4/-0)
hooks/nrpe-external-master-relation-changed (+48/-0)
To merge this branch: bzr merge lp:~verterok/charms/trusty/logstash/lumberjack-cert-check
Reviewer Review Type Date Requested Status
Celso Providelo (community) 2015-09-30 Approve on 2015-09-30
Review via email: mp+272910@code.launchpad.net

Commit message

Add nrpe check of lumberjack ssl certificate expiration.

Description of the change

Add nrpe check of lumberjack ssl certificate expiration.

WARNING before 30 days and CRITICAL from 14 days until end date

To post a comment you must log in.
Celso Providelo (cprov) wrote :

Nice work! Clear and objective check shortname & description.

Hopefully it will also make its way upstream.

Thanks Guillermo.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'config.yaml'
2--- config.yaml 2015-09-07 21:39:38 +0000
3+++ config.yaml 2015-09-30 13:31:17 +0000
4@@ -47,3 +47,7 @@
5 default: "--ssl -H localhost -p 5043 -c 0.3"
6 type: string
7 description: The parameters to pass to the nrpe plugin check_tcp.
8+ nagios_check_cert_params:
9+ default: "-D 30,14 -H 127.0.0.1 -p 5043"
10+ type: string
11+ description: The parameters to pass to the nrpe plugin "check_tcp --ssl" to check certificate expiration date.
12
13=== modified file 'hooks/nrpe-external-master-relation-changed'
14--- hooks/nrpe-external-master-relation-changed 2015-05-05 23:38:46 +0000
15+++ hooks/nrpe-external-master-relation-changed 2015-09-30 13:31:17 +0000
16@@ -7,10 +7,46 @@
17
18 from charmhelpers.core import hookenv
19 from charmhelpers.contrib.charmsupport import nrpe
20+from charmhelpers.contrib.charmsupport.nrpe import NRPE
21
22 hooks = hookenv.Hooks()
23 log = hookenv.log
24
25+
26+class CustomIntervalCheck(nrpe.Check):
27+
28+ service_template = ("""
29+#---------------------------------------------------
30+# This file is Juju managed
31+#---------------------------------------------------
32+define service {{
33+ use active-service
34+ host_name {nagios_hostname}
35+ service_description {nagios_hostname}[{shortname}] """
36+ """{description}
37+ check_command check_nrpe!{command}
38+ servicegroups {nagios_servicegroup}
39+%s
40+}}
41+""")
42+ intervals_template = " {} {}\n"
43+
44+ def __init__(self, shortname, description, check_cmd, normal_check_interval=None,
45+ retry_check_interval=None, notification_interval=None):
46+ super(CustomIntervalCheck, self).__init__(shortname, description, check_cmd)
47+ intervals = {}
48+ if normal_check_interval:
49+ intervals['normal_check_interval'] = normal_check_interval
50+ if retry_check_interval:
51+ intervals['retry_check_interval'] = retry_check_interval
52+ if notification_interval:
53+ intervals['notification_interval'] = notification_interval
54+ intervals_config = ""
55+ for k, v in intervals.items():
56+ intervals_config += self.intervals_template.format(k, v)
57+ self.service_template = CustomIntervalCheck.service_template % intervals_config
58+
59+
60 @hooks.hook('nrpe-external-master-relation-changed')
61 def update_nrpe_checks():
62 nrpe_compat = nrpe.NRPE()
63@@ -23,6 +59,7 @@
64 check_cmd='check_procs %s' % check_procs_params
65 )
66 check_tcp_params = conf.get('nagios_check_tcp_params')
67+ check_cert_params = conf.get('nagios_check_cert_params')
68 config_data = hookenv.config()
69 # Only setup lumberjack protocol if ssl cert and key are configured
70 if config_data['ssl_cert'] and config_data['ssl_key']:
71@@ -32,6 +69,17 @@
72 description='Check logstash lumberjack input tcp port',
73 check_cmd='check_tcp %s' % check_tcp_params
74 )
75+ if check_cert_params:
76+ # check certificate expiry date, daily and retry every 2 hs
77+ cert_check = CustomIntervalCheck(
78+ shortname='lumberjack_ssl_check',
79+ description='Check logstash ssl certificate expiry date',
80+ check_cmd='check_tcp --ssl {}'.format(check_cert_params),
81+ normal_check_interval=1440, # minutes
82+ retry_check_interval=120, # minutes
83+ )
84+ nrpe_compat.checks.append(cert_check)
85+
86 nrpe_compat.write()
87
88 if __name__ == "__main__":

Subscribers

People subscribed via source and target branches