charm-ovn-chassis

nrpe_check_ovn_certs shows cert expiry as WARNING

Bug #2063814 reported by Kamal Bhaskar
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
charm-ovn-central
Fix Released
Undecided
Seyeong Kim
charm-ovn-chassis
Fix Released
Undecided
Seyeong Kim

Bug Description

We discovered recently that the script "check_ovn_certs.py" used for "nrpe_check_ovn_certs" check does not push the return exit_code appropriately.

It can be seen in the below excerpts from the script "check_ovn_certs.py" that it returns "exit_code" 1 (WARNING) for "remaining_days < 10" and exception case:

           remaining_days = SSLCertificate(cert).days_remaining
            if remaining_days <= 0:
                message = "{}: cert has expired.".format(cert)
                exit_code = 2
                break

            if remaining_days < 10:
                message = ("{}: cert will expire soon (less than 10 days).".
                           format(cert))
                exit_code = 1
                break
        except Exception as exc:
            message = "failed to check cert '{}': {}".format(cert, str(exc))
            exit_code = 1

While it should return:

- exit_code = 2 (CRITICAL) for remaining_days < 10 and
- exit_code = 3 (UNKNOWN) for exception case.

Rationale: Keeping the alert as WARNING for "remaining_days < 10" case, keeps it under the radar until there's less than 1 day left to the certificate expiry.

Similar is the case for exception case.

Expectation: "exit_code" returned should be updated as per above request.

ovn charms (ovn-central and ovn-chassis): 22.03/stable rev 165

same is the case for neutron-api-plugin-ovn charm as well.

Tags: sts
Revision history for this message
Nishant Dash (dash3) wrote :

In addition to the issue mentioned by Kamal, the checks on the CHASSIS are wrong here,

56: for cert in ['/etc/ovn/cert_host', '/etc/ovn/ovn-central.crt']:

It should be checking for /etc/ovn/ovn-chassis.crt

Seyeong Kim (seyeongkim)
tags: added: sts
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-central (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/c/x/charm-ovn-central/+/917508

Edward Hope-Morley (hopem)
Changed in charm-ovn-central:
assignee: nobody → Seyeong Kim (seyeongkim)
Changed in charm-ovn-chassis:
assignee: nobody → Seyeong Kim (seyeongkim)
Changed in charm-ovn-central:
status: New → In Progress
Changed in charm-ovn-chassis:
status: New → In Progress
status: In Progress → New
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-central (master)

Reviewed: https://review.opendev.org/c/x/charm-ovn-central/+/917508
Committed: https://opendev.org/x/charm-ovn-central/commit/1b0096671955a754db5caee597b331951a307177
Submitter: "Zuul (22348)"
Branch: master

commit 1b0096671955a754db5caee597b331951a307177
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:30:50 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: I76a53b483070398d4ab9e40f6a1e167d46f47f96

Edward Hope-Morley (hopem)
Changed in charm-ovn-chassis:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-chassis (master)

Reviewed: https://review.opendev.org/c/x/charm-ovn-chassis/+/917511
Committed: https://opendev.org/x/charm-ovn-chassis/commit/f309023b5e627e87844df32492aba6003769d32e
Submitter: "Zuul (22348)"
Branch: master

commit f309023b5e627e87844df32492aba6003769d32e
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:40:38 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: If6e2d7250ee0874983343e8bb055d583e9c54443

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-central (stable/22.09)

Related fix proposed to branch: stable/22.09
Review: https://review.opendev.org/c/x/charm-ovn-central/+/920228

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-central (stable/23.09)

Related fix proposed to branch: stable/23.09
Review: https://review.opendev.org/c/x/charm-ovn-central/+/920229

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on charm-ovn-central (stable/22.09)

Change abandoned by "Seyeong Kim <email address hidden>" on branch: stable/22.09
Review: https://review.opendev.org/c/x/charm-ovn-central/+/920228

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-chassis (stable/23.09)

Related fix proposed to branch: stable/23.09
Review: https://review.opendev.org/c/x/charm-ovn-chassis/+/920230

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-central (stable/23.03)

Related fix proposed to branch: stable/23.03
Review: https://review.opendev.org/c/x/charm-ovn-central/+/920348

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-chassis (stable/23.03)

Related fix proposed to branch: stable/23.03
Review: https://review.opendev.org/c/x/charm-ovn-chassis/+/920349

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-chassis (stable/22.09)

Related fix proposed to branch: stable/22.09
Review: https://review.opendev.org/c/x/charm-ovn-chassis/+/920499

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-central (stable/22.03)

Related fix proposed to branch: stable/22.03
Review: https://review.opendev.org/c/x/charm-ovn-central/+/920631

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-chassis (stable/22.03)

Related fix proposed to branch: stable/22.03
Review: https://review.opendev.org/c/x/charm-ovn-chassis/+/920632

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-central (stable/24.03)

Related fix proposed to branch: stable/24.03
Review: https://review.opendev.org/c/x/charm-ovn-central/+/920877

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to charm-ovn-chassis (stable/24.03)

Related fix proposed to branch: stable/24.03
Review: https://review.opendev.org/c/x/charm-ovn-chassis/+/920878

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-central (stable/24.03)

Reviewed: https://review.opendev.org/c/x/charm-ovn-central/+/920877
Committed: https://opendev.org/x/charm-ovn-central/commit/3e105fdc282d3f689d715ae1f54d3054f34cf7da
Submitter: "Zuul (22348)"
Branch: stable/24.03

commit 3e105fdc282d3f689d715ae1f54d3054f34cf7da
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:30:50 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: I76a53b483070398d4ab9e40f6a1e167d46f47f96
    (cherry picked from commit 1b0096671955a754db5caee597b331951a307177)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-chassis (stable/24.03)

Reviewed: https://review.opendev.org/c/x/charm-ovn-chassis/+/920878
Committed: https://opendev.org/x/charm-ovn-chassis/commit/1b34921854efb2fd726ea4d3225b5811d1f2ab73
Submitter: "Zuul (22348)"
Branch: stable/24.03

commit 1b34921854efb2fd726ea4d3225b5811d1f2ab73
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:40:38 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: If6e2d7250ee0874983343e8bb055d583e9c54443
    (cherry picked from commit f309023b5e627e87844df32492aba6003769d32e)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-central (stable/23.09)

Reviewed: https://review.opendev.org/c/x/charm-ovn-central/+/920229
Committed: https://opendev.org/x/charm-ovn-central/commit/5d715b242203f8b344822bf3840c2e587ec97f01
Submitter: "Zuul (22348)"
Branch: stable/23.09

commit 5d715b242203f8b344822bf3840c2e587ec97f01
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:30:50 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: I76a53b483070398d4ab9e40f6a1e167d46f47f96
    (cherry picked from commit 1b0096671955a754db5caee597b331951a307177)
    (cherry picked from commit 3e105fdc282d3f689d715ae1f54d3054f34cf7da)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-central (stable/23.03)

Reviewed: https://review.opendev.org/c/x/charm-ovn-central/+/920348
Committed: https://opendev.org/x/charm-ovn-central/commit/ebfd46edc42fbe42e99e33702ef2c049a47988e9
Submitter: "Zuul (22348)"
Branch: stable/23.03

commit ebfd46edc42fbe42e99e33702ef2c049a47988e9
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:30:50 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: I76a53b483070398d4ab9e40f6a1e167d46f47f96
    (cherry picked from commit 1b0096671955a754db5caee597b331951a307177)
    (cherry picked from commit 3e105fdc282d3f689d715ae1f54d3054f34cf7da)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-central (stable/22.09)

Reviewed: https://review.opendev.org/c/x/charm-ovn-central/+/920228
Committed: https://opendev.org/x/charm-ovn-central/commit/53fbe05f600c5563511eb40c7fcf30cb386cc6db
Submitter: "Zuul (22348)"
Branch: stable/22.09

commit 53fbe05f600c5563511eb40c7fcf30cb386cc6db
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:30:50 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: I76a53b483070398d4ab9e40f6a1e167d46f47f96
    (cherry picked from commit 1b0096671955a754db5caee597b331951a307177)
    (cherry picked from commit 3e105fdc282d3f689d715ae1f54d3054f34cf7da)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-chassis (stable/23.09)

Reviewed: https://review.opendev.org/c/x/charm-ovn-chassis/+/920230
Committed: https://opendev.org/x/charm-ovn-chassis/commit/2beeb36a959c9265b1b422732d2dabdae839291e
Submitter: "Zuul (22348)"
Branch: stable/23.09

commit 2beeb36a959c9265b1b422732d2dabdae839291e
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:40:38 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: If6e2d7250ee0874983343e8bb055d583e9c54443
    (cherry picked from commit f309023b5e627e87844df32492aba6003769d32e)
    (cherry picked from commit 1b34921854efb2fd726ea4d3225b5811d1f2ab73)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-central (stable/22.03)

Reviewed: https://review.opendev.org/c/x/charm-ovn-central/+/920631
Committed: https://opendev.org/x/charm-ovn-central/commit/9b9ecd258cabe1b9064e2e0bc39000326689eca6
Submitter: "Zuul (22348)"
Branch: stable/22.03

commit 9b9ecd258cabe1b9064e2e0bc39000326689eca6
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:30:50 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: I76a53b483070398d4ab9e40f6a1e167d46f47f96
    (cherry picked from commit 1b0096671955a754db5caee597b331951a307177)
    (cherry picked from commit 3e105fdc282d3f689d715ae1f54d3054f34cf7da)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-chassis (stable/23.03)

Reviewed: https://review.opendev.org/c/x/charm-ovn-chassis/+/920349
Committed: https://opendev.org/x/charm-ovn-chassis/commit/eece6af1845bfc029ef81697b69a6aa8fcb3a206
Submitter: "Zuul (22348)"
Branch: stable/23.03

commit eece6af1845bfc029ef81697b69a6aa8fcb3a206
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:40:38 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: If6e2d7250ee0874983343e8bb055d583e9c54443
    (cherry picked from commit f309023b5e627e87844df32492aba6003769d32e)
    (cherry picked from commit 1b34921854efb2fd726ea4d3225b5811d1f2ab73)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-chassis (stable/22.09)

Reviewed: https://review.opendev.org/c/x/charm-ovn-chassis/+/920499
Committed: https://opendev.org/x/charm-ovn-chassis/commit/6f4c3e3c427b57cc8810af5d816445790641562e
Submitter: "Zuul (22348)"
Branch: stable/22.09

commit 6f4c3e3c427b57cc8810af5d816445790641562e
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:40:38 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: If6e2d7250ee0874983343e8bb055d583e9c54443
    (cherry picked from commit f309023b5e627e87844df32492aba6003769d32e)
    (cherry picked from commit 1b34921854efb2fd726ea4d3225b5811d1f2ab73)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to charm-ovn-chassis (stable/22.03)

Reviewed: https://review.opendev.org/c/x/charm-ovn-chassis/+/920632
Committed: https://opendev.org/x/charm-ovn-chassis/commit/93d2f879c4e026201f0b6557a4a46e78a8035a24
Submitter: "Zuul (22348)"
Branch: stable/22.03

commit 93d2f879c4e026201f0b6557a4a46e78a8035a24
Author: Seyeong Kim <email address hidden>
Date: Tue Apr 30 02:40:38 2024 +0000

    Making cert alert more critical

    Curretnly, only gets warning until zeroday.
    Adding CRITICAL alert 30 days in advance.
    WARNING alert 60 days in advance.

    Related-Bug: #2063814
    Change-Id: If6e2d7250ee0874983343e8bb055d583e9c54443
    (cherry picked from commit f309023b5e627e87844df32492aba6003769d32e)
    (cherry picked from commit 1b34921854efb2fd726ea4d3225b5811d1f2ab73)

Seyeong Kim (seyeongkim)
Changed in charm-ovn-central:
status: In Progress → Fix Released
Changed in charm-ovn-chassis:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.