Jump to content

TLS/Runbook

From Wikitech
< TLS

This page contains service runbooks to handle (among other things) certificate expiration alerts.


CertAlmostExpired

Every probe using TLS also exports the certificate (chain) earliest expiration date. The certificate(s) presented during the probe are about to expire. Check the linked dashboard(s) for more information. For service::catalog probes the instance label is in the form of service:port where service is the service's key in the catalog.

fooservice:443

The alert will link to this anchor for fooservice:443

swift-https:443

Process is documented at Swift/How_To#Update_internal_TLS_certificates

gitlab:22

The GitLab ssh service is not running (used for git and not ops access). Make sure to check the status of this service:

systemctl status ssh-gitlab

And start/restart the service:

systemctl start ssh-gitlab
# or
systemctl restart ssh-gitlab