Welcome to the VSHN Knowledge Base

Overview

Analyze status certificate expiry report generated by openshift-ansible. The report is generated once a day on the Ansible master machine. A script to run the report manually as well as the resulting files can be found in /etc/openshift-cert-expiry.

Technical Details

Implementation

Global base checkNo
Puppet profiles using this checkprofile_openshift3

Check plugins

Namecheck_openshift_cert_expiry_report
Packagesnagios-plugins-openshift
CheckCommand namecheck_openshift_cert_expiry_report
Upstream source linkhttps://git.vshn.net/vshn/nagios-plugins-openshift/

List of variables

Icinga2 variableConfigured inDefault ValueDescription



Troubleshooting/Known issues

Certificates are not checked correctly

Solution

Execute the following command to update the certificate check file manually on the infra node:

/usr/local/profile_openshift3-cronjob/certificate-expiry-report

To approve all certificates of a cluster

oc get csr -o name | xargs oc adm certificate approve

Tuning