search

NetApp / harvest

Open-metrics endpoint for ONTAP and StorageGRID
https://netapp.github.io/harvest/latest
Apache License 2.0
141 stars 36 forks source link

feat: Implementing certificate expiry detail in security dashboard #3000

Closed Hardikl closed 2 weeks ago

Hardikl commented 4 weeks ago
image
Hardikl commented 4 weeks ago
image image
Hardikl commented 3 weeks ago

Updated the changes in .127 system for review.

image
Hardikl commented 3 weeks ago

Added 2 alerts, one warning alert for certificates expiring within 1 month and second critical alert for certificates expired.

image
Hardikl commented 3 weeks ago
image
Hardikl commented 3 weeks ago

security_certificate.yml creates 2 metrics, one security_certificate_labels with extra 2 labels and one metric security_certificate_expiry_time which never used in dashboard. 

harvest % curl -s http://localhost:13001/metrics | grep -Ev "#|metadata_" | grep security 
security_certificate_labels{certificateExpiryStatus="expired",certificateIssuerType="self_signed",cluster="umeng-aff300-01-02",datacenter="rest",name="umeng-aff300-01-02_172BB302639CAC9B",scope="cluster",serial_number="172BB302639CAC9B",svm="umeng-aff300-01-02",type="server",uuid="806b6fe6-6ef8-11ed-a5cd-00a098d39e12"} 1.0
security_certificate_expiry_time{cluster="umeng-aff300-01-02",datacenter="rest",uuid="806b6fe6-6ef8-11ed-a5cd-00a098d39e12"} 1701160909
harvest % curl -s http://localhost:13001/metrics | grep -Ev "#|metadata_" | grep security  | wc -l
       2

So, to re-use this existing template, only one change is required in dashboard where passing certificateExpiryStatus!=\"\",certificateIssuerType!=\"\" in security_certificate_labels where earlier it was used all extra filters would be removed from the template.