Reflect state of Amphora certificates in status
Bug #2003275 reported by
John Lettman
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Octavia Charm |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
We are occasionally running into an issue where Amphora certificates expire without observability. As a result, the discovery of expired certificates usually occurs when Amphorae begin failing.
I suspect it may be helpful to call attention to expired or soon-to-expired certificates, which could be a periodic check that sets a "blocked" status when the certificates are nearing expiration. The change could alleviate the need for external integrations, such as Nagios.
Revision history for this message
| Paul Goins (vultaire) wrote | #1 |
| Changed in charm-octavia: | |
| importance: | Undecided → Wishlist |
| status: | New → Triaged |
Revision history for this message
| Giuseppe Petralia (peppepetra) wrote | #2 |
Revision history for this message
| Alex Kavanagh (ajkavanagh) wrote | #3 |
To post a comment you must log in.
I agree that we need a check here; I just hit this on a cloud myself.
I do think that, while juju status messages can help, we really need something which integrates with LMA tools, be it an NRPE check on certificate expiration, a Prometheus metric regarding days until expiration, or some other method which can be used for triggering alerts prior to expiration.