Tidy Hasn't Run

Perform necessary steps to ensure that the tidy process runs within a recommended timeframe.

This health check ensures that the tidy process has executed within a recommended timeframe. A delay in running tidycan lead to degraded vHSM performance due to accumulation of expired or revoked certificate data.

Health Check Name:tidy_last_run

Accessed APIs

Method
Endpoint
Description

READ

/tidy-status

Checks the timestamp of the last tidy run

Configuration Parameters

Parameter
Type
Description

last_run_critical

Duration

Critical threshold for time elapsed since last tidy run (Default: 7d)

last_run_warning

Duration

Warning threshold for time elapsed since last tidy run (Default: 2d)

Health Check Results

Condition
Status Level

Tidy hasn't run within last_run_warning but less than last_run_critical

Warning

Tidy hasn't run within last_run_critical

Critical

  1. Manually trigger a tidy operation:

    vhsm write <mount>/tidy \
        tidy_cert_store=true \
        tidy_revoked_certs=true \
        tidy_acme=true \
        tidy_revocation_queue=true \
        tidy_cross_cluster_revoked_certs=true \
        tidy_revoked_cert_issuer_associations=true
  2. Verify tidy status:

    vhsm read <mount>/tidy-status
  3. Review logs and output to assess cleanup performance.

  4. Reconfigure auto-tidy settings (if not already configured): Adjust auto-tidy settings based on your findings to ensure regular and efficient cleanup going forward.

Last updated

Was this helpful?