From e36800cefafb19bb4fb7c5358252f473c92b461f Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Mon, 14 Jun 2021 17:00:45 -0400 Subject: [PATCH] Update metric name and handle the case where there is no active root CA. --- .changelog/9924.txt | 2 +- agent/consul/leader_metrics.go | 7 +++++-- website/content/docs/agent/telemetry.mdx | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.changelog/9924.txt b/.changelog/9924.txt index 5a5777acc..5462fc796 100644 --- a/.changelog/9924.txt +++ b/.changelog/9924.txt @@ -1,4 +1,4 @@ ```release-note:improvement -telemetry: add a new `mesh.root-ca.expiry` metric for tracking when the root certificate expires. +telemetry: add a new `mesh.active-root-ca.expiry` metric for tracking when the root certificate expires. ``` diff --git a/agent/consul/leader_metrics.go b/agent/consul/leader_metrics.go index 63a4dd1c7..ea936a0a9 100644 --- a/agent/consul/leader_metrics.go +++ b/agent/consul/leader_metrics.go @@ -19,7 +19,7 @@ var CertExpirationGauges = []prometheus.GaugeDefinition{ }, } -var metricsKeyMeshRootCAExpiry = []string{"mesh", "root-ca", "expiry"} +var metricsKeyMeshRootCAExpiry = []string{"mesh", "active-root-ca", "expiry"} func rootCAExpiryMonitor(s *Server) certExpirationMonitor { return certExpirationMonitor{ @@ -31,8 +31,11 @@ func rootCAExpiryMonitor(s *Server) certExpirationMonitor { Query: func() (time.Duration, error) { state := s.fsm.State() _, root, err := state.CARootActive(nil) - if err != nil { + switch { + case err != nil: return 0, fmt.Errorf("failed to retrieve root CA: %w", err) + case root == nil: + return 0, fmt.Errorf("no active root CA") } return time.Until(root.NotAfter), nil diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 9bca6fff8..af50c131f 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -478,7 +478,7 @@ These metrics give insight into the health of the cluster as a whole. | `consul.catalog.connect.query-tag..` | Increments for each connect-based catalog query for the given service with the given tag. | queries | counter | | `consul.catalog.connect.query-tags..` | Increments for each connect-based catalog query for the given service with the given tags. | queries | counter | | `consul.catalog.connect.not-found.` | Increments for each connect-based catalog query where the given service could not be found. | queries | counter | -| `consul.mesh.root-ca.expiry` | The number of seconds until the root CA expires, updated every hour. | seconds | gauge | +| `consul.mesh.active-root-ca.expiry` | The number of seconds until the root CA expires, updated every hour. | seconds | gauge | ## Connect Built-in Proxy Metrics