diff --git a/fm-api/fm_api/constants.py b/fm-api/fm_api/constants.py index 62377d50..f7164a14 100755 --- a/fm-api/fm_api/constants.py +++ b/fm-api/fm_api/constants.py @@ -39,6 +39,7 @@ FM_ENTITY_TYPE_STORAGE_BACKEND = 'storage_backend' FM_ENTITY_TYPE_IMAGE_CONVERSION = 'fs_name' FM_ENTITY_TYPE_SUBCLOUD = 'subcloud' FM_ENTITY_TYPE_APPLICATION = 'k8s_application' +FM_ENTITY_TYPE_CERTIFICATE = 'certificate' # alarm service sub entity values FM_SERVICE_NETWORKING = 'networking' @@ -301,13 +302,16 @@ FM_ALARM_ID_KUBE_ROOTCA_UPDATE_IN_PROGRESS = ALARM_GROUP_SW_MGMT + ".008" FM_LOG_ID_INVALID_PASSWORD = ALARM_GROUP_SECURITY + ".001" FM_LOG_ID_USER_LOCKOUT = ALARM_GROUP_SECURITY + ".002" - # Security alarm id FM_ALARM_ID_TPM_INIT = ALARM_GROUP_SECURITY + ".100" # Security nonstandard certificate in use for patching alarm id FM_ALARM_ID_NONSTANDARD_CERT_PATCH = ALARM_GROUP_SECURITY + ".101" +# Security ExpiringSoon & Expired Certificates +FM_ALARM_ID_CERT_EXPIRING_SOON = ALARM_GROUP_SECURITY + ".200" +FM_ALARM_ID_CERT_EXPIRED = ALARM_GROUP_SECURITY + ".210" + # Software Update Orchestration FM_ALARM_ID_SW_PATCH_AUTO_APPLY_INPROGRESS = ALARM_GROUP_SW_MGMT + ".101" FM_ALARM_ID_SW_PATCH_AUTO_APPLY_ABORTING = ALARM_GROUP_SW_MGMT + ".102" @@ -496,6 +500,7 @@ ALARM_PROBABLE_CAUSE_73 = 'key-expired' ALARM_PROBABLE_CAUSE_74 = 'out-of-hours-activity' ALARM_PROBABLE_CAUSE_75 = 'configuration-out-of-date' ALARM_PROBABLE_CAUSE_76 = 'configuration-provisioning-required' +ALARM_PROBABLE_CAUSE_77 = 'certificate-expiration' ALARM_PROBABLE_CAUSE_UNKNOWN = 'unknown' ALARM_STATE = [FM_ALARM_STATE_SET, FM_ALARM_STATE_CLEAR, @@ -551,6 +556,7 @@ ALARM_PROBABLE_CAUSE = [ALARM_PROBABLE_CAUSE_1, ALARM_PROBABLE_CAUSE_2, ALARM_PROBABLE_CAUSE_71, ALARM_PROBABLE_CAUSE_72, ALARM_PROBABLE_CAUSE_73, ALARM_PROBABLE_CAUSE_74, ALARM_PROBABLE_CAUSE_75, ALARM_PROBABLE_CAUSE_76, + ALARM_PROBABLE_CAUSE_77, ALARM_PROBABLE_CAUSE_UNKNOWN] diff --git a/fm-doc/fm_doc/events.yaml b/fm-doc/fm_doc/events.yaml index f9bab158..3134b7cc 100755 --- a/fm-doc/fm_doc/events.yaml +++ b/fm-doc/fm_doc/events.yaml @@ -1354,6 +1354,60 @@ Management_Affecting_Severity: none Degrade_Affecting_Severity: none +500.200: + Type: Alarm + Description: |- + Certificate ‘system certificate-show ' (mode=) expiring soon on . + OR + Certificate ‘/’ expiring soon on . + OR + Certificate ‘’ expiring soon on . + Entity_Instance_ID: |- + system.certificate.mode=.uuid= + OR + namespace=.certificate= + OR + namespace=.secret= + OR + system.certificate.k8sRootCA + Severity: major + Proposed_Repair_Action: Renew certificate for the entity identified + Maintenance_Action: + Inhibit_Alarms: + Alarm_Type: operational-violation + Probable_Cause: certificate-expiration + Service_Affecting: False + Suppression: False + Management_Affecting_Severity: none + Degrade_Affecting_Severity: none + +500.210: + Type: Alarm + Description: |- + Certificate ‘system certificate-show ' (mode=) expired. + OR + Certificate ‘/’ expired. + OR + Certificate ‘’ expired. + Entity_Instance_ID: |- + system.certificate.mode=.uuid= + OR + namespace=.certificate= + OR + namespace=.secret= + OR + system.certificate.k8sRootCA + Severity: critical + Proposed_Repair_Action: Renew certificate for the entity identified + Maintenance_Action: + Inhibit_Alarms: + Alarm_Type: operational-violation + Probable_Cause: certificate-expiration + Service_Affecting: False + Suppression: False + Management_Affecting_Severity: none + Degrade_Affecting_Severity: none + 500.500: Type: Log Description: "Host has IMA Appraisal failure for service when executing , reason = ]"