Tidy Hasn't Run

Perform necessary steps to ensure that the tidy process runs within a recommended timeframe.

This health check ensures that the tidy process has executed within a recommended timeframe. A delay in running tidycan lead to degraded vHSM performance due to accumulation of expired or revoked certificate data.

Health Check Name:tidy_last_run

Accessed APIs

Method

Endpoint

Description

READ

/tidy-status

Checks the timestamp of the last tidy run

Configuration Parameters

Parameter

Type

Description

last_run_critical

Duration

Critical threshold for time elapsed since last tidy run (Default: 7d)

last_run_warning

Duration

Warning threshold for time elapsed since last tidy run (Default: 2d)

Health Check Results

Condition

Status Level

Tidy hasn't run within last_run_warning but less than last_run_critical

Warning

Tidy hasn't run within last_run_critical

Critical

Recommended Actions

Manually trigger a tidy operation:

vhsm write <mount>/tidy \
    tidy_cert_store=true \
    tidy_revoked_certs=true \
    tidy_acme=true \
    tidy_revocation_queue=true \
    tidy_cross_cluster_revoked_certs=true \
    tidy_revoked_cert_issuer_associations=true

Verify tidy status:
```
vhsm read <mount>/tidy-status
```
Review logs and output to assess cleanup performance.
Reconfigure auto-tidy settings (if not already configured): Adjust auto-tidy settings based on your findings to ensure regular and efficient cleanup going forward.

PreviousAuto-Tidy Disabled NextToo Many Certificates

Last updated 7 months ago

Was this helpful?