Global Settings API for Certificate Observability

The VMware Telco Cloud Automation provides APIs for debugging or updating the default certificate observability options. Run the following API on the relevant VMware Telco Cloud Automation Manager (TCA-M) or Control Plane (TCA-CP) instance.

API

Global Settings API

PUT https://<TCA_M | TCA_CP>/admin/hybridity/api/global/settings/<namespace>/<option>

Note:

This API only returns options if you have previously configured any option. If not, by default it will be empty.

Options


Namespace	Option	Description	Sample Request
CertObs	`refreshViewSchedule` **Applicable only on TCA-Manager.	Cron expression for deciding the frequency of refreshing the materialized view. Default is "0 /5 * * ?" (every 5 minutes).	`{ "value": "0 /5 * * ?" }`
CertObsAlarms	`alarmSyncIntervalCron` **Applicable only on TCA-Manager	Cron expression for deciding the frequency of the alarm service job. Default is "0 10 * * * ?" (10th minute of every hour).	`{ "value": "0 10 * * * ?" }`
CertObs	`default_gracePeriodHrs`	Grace period (in hours). Certificate observability service will report "Expiring" status if the certificate for any component expires within the grace period. Default value is "2190" (3 months), and the minimum value is "168" (1 week).	`{ "value": "3600" }`
CertObs	`default_cronExpression`	Cron expression for deciding the frequency at which certificate observability service scans all the endpoints. Default is "0 0 * * * ?" (every hour) Cron Syntax: http://www.quartz-scheduler.org/documentation/quartz-2.3.0/tutorials/crontrigger.html	`{ "value": "0 /2 * * ?" }`

Apart from the above mentioned options, you can also configure for various endpoint types, as listed in the following table.


Namespace	Option	Description	Sample Request
CertObs	`<endpointType>_gracePeriodHrs`	Grace period (in hours). Certificate observability service will report "Expiring" status if the certificate for all components of type <endpointType> expires within the grace period. Default value is "2190" (3 months), and the minimum value is "168" (1 week). This value will override the default_gracePeriodHrs (if provided). Accepted values for <endpointType> are: [vcenter, nsx, harbor, vro, airgap, tca_cp, syslog, vrli, kubernetes]. Example, "vcenter_gracePeriodHrs"	`{ "value": "2800" }`
CertObs	`<endpointType>_cronExpression`	Cron expression for deciding the frequency at which certificate observability service scans all the endpoints of type <endpointType>. Default is "0 0 * * * ?" (every hour). This value will override the default_cronExpression (if provided). Accepted values for <endpointType> are: [vcenter, nsx, harbor, vro, airgap, tca_cp, syslog, vrli, kubernetes]. Example, "nsx_cronExpression" Cron Syntax: http://www.quartz-scheduler.org/documentation/quartz-2.3.0/tutorials/crontrigger.html	`{ "value": "0 /2 * * ?" }`

Alarms Feature Flag

The alarm feature flag allows you to turn the alarm feature on or off for the certificate observability. By default, the feature is turned on. When the feature is disabled, the service deletes all the present alarms for certificate observability and does not run again unless it is enabled.

On enabling the feature again, the service re-instantiates and collects alarms depending on the current system conditions.


Namespace	Option	Description	Sample Request
featureSettings	CertObsAlarms **Applicable only on TCA-M.	Feature flag (boolean) for certificate observability alarms.	{ "value": "true \| false" }

Sample cUrl command to update the `default_gracePeriodHrs`:

curl --location --request PUT 'https://<TCA-M | TCA-CP>/admin/hybridity/api/global/settings/CertObs/default_gracePeriodHrs' \
--header 'Content-Type: application/json' \
--data-raw '{  
  "value": "1800"
}'

// Sample response on successful request.

{"isSuccess":true,"status":"SUCCESS","httpStatusCode":200}

Sample cUrl command to get the user configured `refreshViewSchedule` value:

curl --location --request GET 'https://<TCA-M | TCA-CP>/admin/hybridity/api/global/settings/CertObs/refreshViewSchedule' \
--header 'Content-Type: application/json'

// Sample response on successful request.  

{    
      "name": "refreshViewSchedule",    
      "value": "0 *\/5 * * * ?",    
      "namespace": "CertObs"
}

Sample cUrl command to update the `vcenter_cronExpression`:

curl --location --request PUT 'https://<TCA-M | TCA-CP>/admin/hybridity/api/global/settings/CertObs/vcenter_cronExpression' \
--header 'Content-Type: application/json' \
--data-raw '{  
  "value": "0 */2 * * * ?"
}'

// Sample response on successful request.

{"isSuccess":true,"status":"SUCCESS","httpStatusCode":200}

Sample cUrl command to update the `alarmSyncIntervalCron`:

// Setting the frequency for the alarm service to run every 2 minutes.
curl --location --request PUT 'https://<TCA-M>/admin/hybridity/api/global/settings/CertObsAlarms/alarmSyncIntervalCron' \ 
--header 'Content-Type: application/json' \ 
--data-raw '{   
  "value": "0 */2 * * * ?" 
}'   

// Response on successful request. 

{"isSuccess":true,"status":"SUCCESS","httpStatusCode":200}

Sample cUrl command to Disable the Certificate Observability Alarms:

curl --location --request PUT 'https://<TCA-M>/admin/hybridity/api/global/settings/featureSettings/CertObsAlarms' \ 
--header 'Content-Type: application/json' \ 
--data-raw '{   
  "value": "false" 
}'   

// Response on successful request. 

{"isSuccess":true,"status":"SUCCESS","httpStatusCode":200}