Adjusting NRPE script to work with Vault HA and non-SSL Vault

According to Vault docs https://www.vaultproject.io/api/system/health.html, in standby mode it will return non-200 code by default, causing our current NRPE script to fail. This change is enforcing Vault to return HTTP 200 for both active and standby units. Also, a fix for lp:1813989 is here since Vault is running its healtcheck interface on loopback interface only using port 8220. Change-Id: I47a192396ac18b0f3ea1ea60715e150bd841c7cb Closes-Bug: #1813989 Closes-Bug: #1814323
2019-02-04 22:49:23 +03:00 · 2019-02-04 22:49:23 +03:00 · 666eaa23fa
parent 54a29e06ab
commit 666eaa23fa
1 changed files with 2 additions and 1 deletions
--- a/src/files/nagios/check_vault_version.py
+++ b/src/files/nagios/check_vault_version.py
@ -15,7 +15,7 @@ import sys
 from textwrap import dedent
 from urllib.request import urlopen

-VAULT_HEALTH_URL = 'https://127.0.0.1:8200/v1/sys/health'
+VAULT_HEALTH_URL = 'http://127.0.0.1:8220/v1/sys/health?standbyok=true'
 VAULT_VERIFY_SSL = False

 SNAPD_INFO_REQUEST = dedent("""\
@ -46,6 +46,7 @@ def get_vault_server_version(verify=True):
        ctx = ssl.create_default_context()
        ctx.check_hostname = False
        ctx.verify_mode = ssl.CERT_NONE
+
    with urlopen(VAULT_HEALTH_URL, context=ctx) as health:
        return json.loads(health.read().decode('utf-8'))['version']