[
https://issues.apache.org/jira/browse/NIFIREG-262?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Doran updated NIFIREG-262:
--------------------------------
Summary: Add TLS certificates self-health check to actuator /health
endpoint (was: Add TLS certificates self-health check to actuator `/health`
endpoint)
> Add TLS certificates self-health check to actuator /health endpoint
> -------------------------------------------------------------------
>
> Key: NIFIREG-262
> URL: https://issues.apache.org/jira/browse/NIFIREG-262
> Project: NiFi Registry
> Issue Type: New Feature
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Priority: Minor
>
> This feature idea started from a conversation with sd3 in Apache NiFi Slack:
> https://apachenifi.slack.com/archives/C0L9UPWJZ/p1556638630001200
> For folks that want to do external, automated monitoring, it is helpful if
> the web services being monitored can perform some self-health checks and
> expose the results in a web api (for example, a REST API endpoint that
> returns a JSON formatted result of self-health checks).
> For NiFi Registry, we have a {{GET /nifi-registry-api/actuator/health}}
> endpoint that can be used.
> This feature idea is to add a health check that runs on demand as part of
> that endpoint that checks: if TLS is enabled (can get this from
> nifi-registry.properties), loads the SSLContext and checks that that
> certificates are valid and not expired. The results of this check, along with
> the expiration timestamps, can be reported in the health check results so
> that external monitoring tools (such as PagerDuty, Nagios, Prometheus Alert
> Manager, etc), could poll the endpoint, alert if the certs check fails, and
> trigger an alert in advance if the expiration timestamp is close.
> This also applies to Apache NiFi, although I am not familiar if a standard
> {{/health}} endpoint already exists there or if one needs to be introduced.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
