Add new nagios check for vault health
Improved check_vault_version.py to also check whether vault is sealed, therefore renaming it to check_vault_health.py. Registered the new check with NRPE and removed the old one. The alert of vault being sealed takes precedence over version checking. Closes-bug: #1856025 Change-Id: I9b5ec739d27f35b793e91f61f070995105f80d06
This commit is contained in:
parent
edbca2f5ff
commit
e003c17044
|
@ -44,7 +44,7 @@ def get_vault_snap_version():
|
|||
return version
|
||||
|
||||
|
||||
def get_vault_server_version(verify=True):
|
||||
def get_vault_server_health(verify=True):
|
||||
ctx = None
|
||||
if not verify:
|
||||
ctx = ssl.create_default_context()
|
||||
|
@ -52,7 +52,7 @@ def get_vault_server_version(verify=True):
|
|||
ctx.verify_mode = ssl.CERT_NONE
|
||||
|
||||
with urlopen(VAULT_HEALTH_URL, context=ctx) as health:
|
||||
return json.loads(health.read().decode('utf-8'))['version']
|
||||
return json.loads(health.read().decode('utf-8'))
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
@ -64,12 +64,17 @@ if __name__ == '__main__':
|
|||
sys.exit(2)
|
||||
|
||||
try:
|
||||
serverv = get_vault_server_version(verify=VAULT_VERIFY_SSL)
|
||||
health = get_vault_server_health(verify=VAULT_VERIFY_SSL)
|
||||
except Exception as e:
|
||||
print('CRITICAL: failed to fetch version of '
|
||||
print('CRITICAL: failed to fetch health of '
|
||||
'running vault server: {}'.format(e))
|
||||
sys.exit(2)
|
||||
|
||||
if health['sealed'] is True:
|
||||
print('CRITICAL: vault is sealed.')
|
||||
sys.exit(2)
|
||||
|
||||
serverv = health['version']
|
||||
if serverv == snapv:
|
||||
print('OK: running vault ({}) is the same '
|
||||
'as the installed snap ({})'.format(
|
|
@ -1,4 +1,5 @@
|
|||
import base64
|
||||
import os
|
||||
import psycopg2
|
||||
import subprocess
|
||||
import tenacity
|
||||
|
@ -12,6 +13,7 @@ from charmhelpers.contrib.charmsupport.nrpe import (
|
|||
add_init_service_checks,
|
||||
get_nagios_hostname,
|
||||
get_nagios_unit_name,
|
||||
remove_deprecated_check,
|
||||
)
|
||||
|
||||
from charmhelpers.contrib.openstack.utils import (
|
||||
|
@ -380,15 +382,20 @@ def update_nagios(svc):
|
|||
hostname = get_nagios_hostname()
|
||||
current_unit = get_nagios_unit_name()
|
||||
nrpe = NRPE(hostname=hostname)
|
||||
remove_deprecated_check(nrpe, ['vault_version'])
|
||||
add_init_service_checks(nrpe, ['vault'], current_unit)
|
||||
try:
|
||||
os.remove('/usr/lib/nagios/plugins/check_vault_version.py')
|
||||
except FileNotFoundError:
|
||||
pass
|
||||
write_file(
|
||||
'/usr/lib/nagios/plugins/check_vault_version.py',
|
||||
open('files/nagios/check_vault_version.py', 'rb').read(),
|
||||
'/usr/lib/nagios/plugins/check_vault_health.py',
|
||||
open('files/nagios/check_vault_health.py', 'rb').read(),
|
||||
perms=0o755)
|
||||
nrpe.add_check(
|
||||
'vault_version',
|
||||
'Check running vault server version is same as installed snap',
|
||||
'/usr/lib/nagios/plugins/check_vault_version.py',
|
||||
'vault_health',
|
||||
'Check running vault server version and health',
|
||||
'/usr/lib/nagios/plugins/check_vault_health.py',
|
||||
)
|
||||
nrpe.write()
|
||||
set_state('vault.nrpe.configured')
|
||||
|
|
Loading…
Reference in New Issue