diff --git a/checks.d/http_check.py b/checks.d/http_check.py index e37d777092..dc9253ee29 100644 --- a/checks.d/http_check.py +++ b/checks.d/http_check.py @@ -378,6 +378,7 @@ def report_as_service_check(self, sc_name, status, instance, msg=None): def check_cert_expiration(self, instance, timeout, instance_ca_certs): warning_days = int(instance.get('days_warning', 14)) + critical_days = int(instance.get('days_critical', 7)) url = instance.get('url') o = urlparse(url) @@ -402,6 +403,10 @@ def check_cert_expiration(self, instance, timeout, instance_ca_certs): if days_left.days < 0: return Status.DOWN, "Expired by {0} days".format(days_left.days) + elif days_left.days < critical_days: + return Status.CRITICAL, "This cert TTL is critical: only {0} days before it expires"\ + .format(days_left.days) + elif days_left.days < warning_days: return Status.WARNING, "This cert is almost expired, only {0} days left"\ .format(days_left.days) diff --git a/checks/network_checks.py b/checks/network_checks.py index b7dc9c3929..84cc032dcc 100644 --- a/checks/network_checks.py +++ b/checks/network_checks.py @@ -18,6 +18,7 @@ class Status: DOWN = "DOWN" WARNING = "WARNING" + CRITICAL = "CRITICAL" UP = "UP" @@ -33,7 +34,8 @@ class NetworkCheck(AgentCheck): STATUS_TO_SERVICE_CHECK = { Status.UP : AgentCheck.OK, Status.WARNING : AgentCheck.WARNING, - Status.DOWN : AgentCheck.CRITICAL + Status.CRITICAL : AgentCheck.CRITICAL, + Status.DOWN : AgentCheck.CRITICAL, } """ diff --git a/conf.d/http_check.yaml.example b/conf.d/http_check.yaml.example index 282b786c03..d4b07cbe57 100644 --- a/conf.d/http_check.yaml.example +++ b/conf.d/http_check.yaml.example @@ -73,12 +73,14 @@ instances: # The (optional) ssl_expire will instruct the check # to create a service check that checks the expiration of the # ssl certificate. Allow for a warning to occur when x days are - # left in the certificate. + # left in the certificate, and alternatively raise a critical + # warning if the certificate is y days from the expiration date. # The SSL certificate will always be validated for this additional # service check regardless of the value of disable_ssl_validation # # check_certificate_expiration: true # days_warning: 14 + # days_critical: 7 # The (optional) headers parameter allows you to send extra headers # with the request. This is useful for explicitly specifying the host diff --git a/tests/checks/integration/test_http_check.py b/tests/checks/integration/test_http_check.py index 23ce8005f6..1fe1953d15 100644 --- a/tests/checks/integration/test_http_check.py +++ b/tests/checks/integration/test_http_check.py @@ -57,19 +57,29 @@ 'url': 'https://github.com:443', 'timeout': 1, 'check_certificate_expiration': True, - 'days_warning': 14 + 'days_warning': 14, + 'days_critical': 7 }, { 'name': 'cert_exp_soon', 'url': 'https://google.com', 'timeout': 1, 'check_certificate_expiration': True, - 'days_warning': 9999 + 'days_warning': 9999, + 'days_critical': 7 + }, { + 'name': 'cert_critical', + 'url': 'https://google.com', + 'timeout': 1, + 'check_certificate_expiration': True, + 'days_warning': 9999, + 'days_critical': 9999 }, { 'name': 'conn_error', 'url': 'https://thereisnosuchlink.com', 'timeout': 1, 'check_certificate_expiration': True, - 'days_warning': 14 + 'days_warning': 14, + 'days_critical': 7 } ] } @@ -80,7 +90,8 @@ 'url': 'https://github.com', 'timeout': 1, 'check_certificate_expiration': True, - 'days_warning': 14 + 'days_warning': 14, + 'days_critical': 7 }, ] } @@ -91,7 +102,8 @@ 'url': 'https://github.com', 'timeout': 1, 'check_certificate_expiration': True, - 'days_warning': 14 + 'days_warning': 14, + 'days_critical': 7 }, ] } @@ -203,6 +215,10 @@ def test_check_ssl(self): self.assertServiceCheckOK("http.can_connect", tags=tags) self.assertServiceCheckWarning("http.ssl_cert", tags=tags) + tags = ['url:https://google.com', 'instance:cert_critical'] + self.assertServiceCheckOK("http.can_connect", tags=tags) + self.assertServiceCheckCritical("http.ssl_cert", tags=tags) + tags = ['url:https://thereisnosuchlink.com', 'instance:conn_error'] self.assertServiceCheckCritical("http.can_connect", tags=tags) self.assertServiceCheckCritical("http.ssl_cert", tags=tags)