|
|
@@ -246,8 +246,7 @@ Return:
|
|
|
'total': len(items),
|
|
|
'ok': 0,
|
|
|
'warning': 0,
|
|
|
- 'expired': 0,
|
|
|
- 'total': len(items)
|
|
|
+ 'expired': 0
|
|
|
}
|
|
|
|
|
|
summary_results['expired'] = len([c for c in items if c['health'] == 'expired'])
|
|
|
@@ -468,7 +467,11 @@ an OpenShift Container Platform cluster
|
|
|
|
|
|
######################################################################
|
|
|
# Check etcd certs
|
|
|
+ #
|
|
|
+ # Two things to check: 'external' etcd, and embedded etcd.
|
|
|
######################################################################
|
|
|
+ # FIRST: The 'external' etcd
|
|
|
+ #
|
|
|
# Some values may be duplicated, make this a set for now so we
|
|
|
# unique them all
|
|
|
etcd_certs_to_check = set([])
|
|
|
@@ -507,6 +510,43 @@ an OpenShift Container Platform cluster
|
|
|
classify_cert(expire_check_result, now, time_remaining, expire_window, etcd_certs)
|
|
|
|
|
|
######################################################################
|
|
|
+ # Now the embedded etcd
|
|
|
+ ######################################################################
|
|
|
+ try:
|
|
|
+ with open('/etc/origin/master/master-config.yaml', 'r') as fp:
|
|
|
+ cfg = yaml.load(fp)
|
|
|
+ except IOError:
|
|
|
+ # Not present
|
|
|
+ pass
|
|
|
+ else:
|
|
|
+ if cfg.get('etcdConfig', {}).get('servingInfo', {}).get('certFile', None) is not None:
|
|
|
+ # This is embedded
|
|
|
+ etcd_crt_name = cfg['etcdConfig']['servingInfo']['certFile']
|
|
|
+ else:
|
|
|
+ # Not embedded
|
|
|
+ etcd_crt_name = None
|
|
|
+
|
|
|
+ if etcd_crt_name is not None:
|
|
|
+ # etcd_crt_name is relative to the location of the
|
|
|
+ # master-config.yaml file
|
|
|
+ cfg_path = os.path.dirname(fp.name)
|
|
|
+ etcd_cert = os.path.join(cfg_path, etcd_crt_name)
|
|
|
+ with open(etcd_cert, 'r') as etcd_fp:
|
|
|
+ (cert_subject,
|
|
|
+ cert_expiry_date,
|
|
|
+ time_remaining) = load_and_handle_cert(etcd_fp.read(), now)
|
|
|
+
|
|
|
+ expire_check_result = {
|
|
|
+ 'cert_cn': cert_subject,
|
|
|
+ 'path': etcd_fp.name,
|
|
|
+ 'expiry': cert_expiry_date,
|
|
|
+ 'days_remaining': time_remaining.days,
|
|
|
+ 'health': None,
|
|
|
+ }
|
|
|
+
|
|
|
+ classify_cert(expire_check_result, now, time_remaining, expire_window, etcd_certs)
|
|
|
+
|
|
|
+ ######################################################################
|
|
|
# /Check etcd certs
|
|
|
######################################################################
|
|
|
|
|
|
@@ -524,7 +564,7 @@ an OpenShift Container Platform cluster
|
|
|
######################################################################
|
|
|
# First the router certs
|
|
|
try:
|
|
|
- router_secrets_raw = subprocess.Popen('oc get secret router-certs -o yaml'.split(),
|
|
|
+ router_secrets_raw = subprocess.Popen('oc get -n default secret router-certs -o yaml'.split(),
|
|
|
stdout=subprocess.PIPE)
|
|
|
router_ds = yaml.load(router_secrets_raw.communicate()[0])
|
|
|
router_c = router_ds['data']['tls.crt']
|
|
|
@@ -553,7 +593,7 @@ an OpenShift Container Platform cluster
|
|
|
######################################################################
|
|
|
# Now for registry
|
|
|
try:
|
|
|
- registry_secrets_raw = subprocess.Popen('oc get secret registry-certificates -o yaml'.split(),
|
|
|
+ registry_secrets_raw = subprocess.Popen('oc get -n default secret registry-certificates -o yaml'.split(),
|
|
|
stdout=subprocess.PIPE)
|
|
|
registry_ds = yaml.load(registry_secrets_raw.communicate()[0])
|
|
|
registry_c = registry_ds['data']['registry.crt']
|
Tim Bielawa