We do have icinga checks on SSL certificates for externally facing services. In the context of elasticsearch, the service is purely internal at this point. It relies on Puppet SSL certificates, so we *might* already have something in place to check their expiration. In any case, we need to make sure that we will have early warning of their expiration.
Related Gerrit Patches:
|operations/puppet : production||Corrected port number to check for SSL cert on elasticsearch|
|operations/puppet : production||elasticsarch: add Icinga check for SSL certificate|
|Open||None||T111653 Encrypt all the things|
|Resolved||Gehel||T124444 Look into encrypting Elasticsearch traffic|
|Resolved||Dzahn||T114059 ssl expiry tracking in icinga - we don't monitor that many domains|
|Resolved||Gehel||T130366 Should we have a specific check for SSL certificate expiration on elasticsearch|
one of them: (elastic1001)
"SSL OK - Certificate elastic1001.eqiad.wmnet valid until 2021-03-15 19:57:34 +0000 (expires in 1817 days)"
and here are all of them at the same time:
@Gehel Looks resolved to me, cool!