Skip to content
This repository has been archived by the owner on Nov 18, 2020. It is now read-only.

Provide a health check that would fail if node certificate expires in a certain amount of time #305

Closed
michaelklishin opened this issue Jan 30, 2019 · 4 comments
Closed

Provide a health check that would fail if node certificate expires in a certain amount of time #305

michaelklishin opened this issue Jan 30, 2019 · 4 comments
Assignees
@michaelklishin
Labels
enhancement
Milestone
3.8.1

Comments

@michaelklishin
Copy link
Member

michaelklishin commented Jan 30, 2019
edited by lukebakken
Loading

See #292 and #304 for background and Pivotal CF Certificate Rotation docs for inspiration.

rabbitmq-diagnostics check_certificate_expiration --within 1 --unit month

rabbitmq-diagnostics check_certificate_expiration --within 3 --unit weeks

Suggested by @lynhines.

[168224642]
@michaelklishin michaelklishin self-assigned this Jan 30, 2019
@codeadict
Copy link

codeadict commented Aug 3, 2019
edited
Loading

For some clarification on the intended functionality:

  • Will this command return non-zero if any listener has a certificate that expires within the given period, probably returning the listener and expires_on?
  • In case there are no certificates expiring in that period it returns 0 with a message indicating that there is not any certificate expiring.
  • Should the unit parameter account for days and years as well as described on Pivotal CF Certificate Rotation?

@michaelklishin
Copy link
Member Author

@codeadict correct. We can use that format (30d, 2m, 1y and so on), although anything else that's reasonable also would work.

@dcorbacho dcorbacho mentioned this issue Oct 8, 2019
Merged
11 tasks
acogoluegnes added a commit that referenced this issue Oct 8, 2019
@acogoluegnes
Remove unused variable
1768dc8 
References #304, #305
acogoluegnes added a commit that referenced this issue Oct 8, 2019
@acogoluegnes
Add test for certificate expiration verification
5cc92e5 
References #304, #305
@michaelklishin
Copy link
Member Author

Implemented in #381 by @dcorbacho and @acogoluegnes.

@michaelklishin michaelklishin added this to the 3.8.1 milestone Oct 8, 2019
acogoluegnes added a commit that referenced this issue Oct 9, 2019
@acogoluegnes
Improve unit label in check_certificate_expiration
417cd4c 
This avoids output like "within 1 years".

And fix a typo.

References #304, #305
@michaelklishin
Copy link
Member Author

michaelklishin commented Oct 7, 2020
edited
Loading

An HTTP API version of this check has shipped in rabbitmq/rabbitmq-management#844.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@michaelklishin michaelklishin

Labels
enhancement
Projects
None yet
Milestone
3.8.1
Development

No branches or pull requests
2 participants
@michaelklishin @codeadict