def check_ca_clones(self): for host in self.clone_cas: cur_clone_msg = ' Host: ' + host.Hostname + ' Port: ' + host.SecurePort # Reach out and get some certs, to serve as a data and connectivity check try: connection = PKIConnection(protocol='https', hostname=host.Hostname, port=host.SecurePort, verify=False) cert_client = CertClient(connection) # get the first 3 in case we cant to make a sanity check of replicated data certs = cert_client.list_certs(size=3) if certs is not None and len(certs.cert_data_info_list) == 3: logger.info('Cert data successfully obtained from clone.') else: raise BaseException('CA clone problem reading data.' + cur_clone_msg) except BaseException as e: logger.error("Internal server error %s", e) raise BaseException('Internal error testing CA clone.' + cur_clone_msg) return
def check(self): if not self.instance.exists(): logger.debug('Invalid instance: %s', self.instance.name) yield Result(self, constants.CRITICAL, msg='Invalid PKI instance: %s' % self.instance.name) return self.instance.load() ca = self.instance.get_subsystem('ca') if not ca: logger.info( "No CA configured, skipping dogtag CA connectivity check") return try: # Make a plain HTTP GET request to /ca/admin/ca/getStatus REST api end point # and check if the CA is ready if ca.is_ready(): logger.debug("CA instance is running") # Make a plain HTTPS GET to "find" one certificate, to test that # the server is up AND is able to respond back connection = PKIConnection(protocol='https', hostname='localhost', port='8443', verify=False) cert_client = CertClient(connection) cert = cert_client.list_certs(size=1) cert_info = cert.cert_data_info_list[0] if cert_info: # All we care is whether the serial_number is not NONE if cert_info.serial_number: logger.info("Serial number of retrieved cert: %s", cert_info.serial_number) yield Result(self, constants.SUCCESS, serial_number=cert_info.serial_number, subject_dn=cert_info.subject_dn) else: logger.info( "Serial number cannot retrieved for cert: %s", cert_info) yield Result( self, constants.ERROR, msg= "Unable to read serial number from retrieved cert", cert_info=cert_info, serverURI=connection.serverURI, cert_url=cert_client.cert_url) else: logger.info( "Request was made but none of the certs were retrieved" ) yield Result( self, constants.ERROR, msg= "PKI server is up. But, unable to retrieve any certs", serverURI=connection.serverURI, rest_path=cert_client.cert_url) else: yield Result(self, constants.CRITICAL, msg='CA subsystem is down') except BaseException as e: logger.error("Internal server error %s", e) yield Result(self, constants.CRITICAL, msg="Internal server error. Is your CA subsystem and " "LDAP database up?", instance_name=self.instance.name, exception="%s" % e)