Enable SSL certificates monitoring

Enable SSL certificates monitoringΒΆ


This feature is available starting from the MCP 2019.2.3 maintenance update. Before enabling the feature, follow the steps described in Apply maintenance updates.

If you use SSL certificates in your MCP deployment, you can configure StackLight LMA to monitor such certificates and issue an alert when a certificate is due to expire. By default, the alerts raise if a certificate expires less than in 60 and 30 days. This allows for generating a new certificate and replacing the existing one on time to prevent from a cluster outage caused by an expired certificate.

To enable SSL certificates monitoring:

  1. Log in to the Salt Master node.

  2. Verify that you have updated the salt-formulas-salt package.

  3. Update the Salt mine:

    salt -C 'I@salt:minion' state.sls salt.minion.grains
    salt -C 'I@salt:minion' mine.update
  4. Update the Telegraf configuration:

    salt -C 'I@telegraf:agent' state.sls telegraf
  5. Update the Prometheus configuration:

    salt -C 'I@prometheus:server and I@docker:swarm' state.sls prometheus.server