add loal_x509 collector

roles/prometheus-node-exporter/files/local_x509.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+sanitize() {
+    while read -r data; do
+        set -- $data
+        printf %q "$1" | sed -e 's/\\ / /g'
+    done
+}
+
+print_metric() {
+    while read -r data; do
+        set -- $data
+		if [ -f "$1" ]; then
+            exp_date=`openssl x509 -enddate --noout -in "$1" | sed -e 's/notAfter=//g'`
+            exp_date_unixtime=`date -d "$exp_date" -u +%s`
+            cname=`openssl x509 -subject --noout -in "$1" | sed -e 's/^.*CN = //' | sed -e 's/,.*$//' | sanitize`
+            filename=`realpath "$1" | sanitize`
+            echo "local_x509_expiry_date{cname=\"$cname\",file=\"$filename\"} $exp_date_unixtime"
+		fi
+    done
+}
+
+echo '# HELP local_x509_expiry_date The cert expiry date in unixtime'
+echo '# TYPE local_x509_expiry_date gauge'
+printf '%s\n' "$@" | print_metric

roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509

@@ -0,0 +1,5 @@
+# The list of certs to monitor
+ARGS="
+    /etc/letsencrypt/live/**/cert.pem
+    /etc/hackypky/crts/*.pem
+"

roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Collect local x509 certificate metrics for prometheus-node-exporter
+
+[Service]
+Type=oneshot
+EnvironmentFile=/etc/default/prometheus-node-exporter-local_x509
+Environment=TMPDIR=/var/lib/prometheus/node-exporter
+ExecStart=/bin/bash -c "/usr/share/prometheus-node-exporter-collectors/local_x509.sh $ARGS | sponge /var/lib/prometheus/node-exporter/local_x509.prom"

roles/prometheus-node-exporter/files/prometheus-node-exporter-local_x509.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Run local x509  metrics collection every 15 minutes
+
+[Timer]
+OnBootSec=0
+OnUnitActiveSec=15min
+
+[Install]
+WantedBy=timers.target

roles/prometheus-node-exporter/tasks/local_x509_collector.yml

@@ -0,0 +1,69 @@
+---
+- name: Install moreutils # we need the sponge command
+  apt:
+    name:
+      - moreutils
+    state: latest
+    update_cache: true
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Ensure /usr/share/prometheus-node-exporter exist
+  file:
+    path: /usr/share/prometheus-node-exporter/
+    state: directory
+    group: root
+    owner: root
+    mode: u=rwx,g=rx,o=rx
+
+# Optionnal, but used with the hacky_pki role
+- name: Ensure /etc/hackypky/crts/ exist
+  file:
+    path: "{{ item }}"
+    state: directory
+    group: root
+    owner: root
+    mode: u=rwx,g=rx,o=rx
+  loop:
+    - /etc/hackypky
+    - /etc/hackypky/crts
+
+- name: Add the script
+  copy:
+    src: local_x509.sh
+    dest: /usr/share/prometheus-node-exporter/local_x509.sh
+    group: root
+    owner: root
+    mode: u=rwx,g=,o=
+
+- name: Add the env file
+  copy:
+    src: prometheus-node-exporter-local_x509
+    dest: /etc/default/prometheus-node-exporter-local_x509
+    group: root
+    owner: root
+    force: no
+    mode: u=rwx,g=r,o=r
+
+- name: Add the timer
+  copy:
+    src: prometheus-node-exporter-local_x509.timer
+    dest: /lib/systemd/system/prometheus-node-exporter-local_x509.timer
+    group: root
+    owner: root
+    mode: u=rw,g=r,o=r
+
+- name: Add the service
+  copy:
+    src: prometheus-node-exporter-local_x509.service
+    dest: /lib/systemd/system/prometheus-node-exporter-local_x509.service
+    group: root
+    owner: root
+    mode: u=rw,g=r,o=r
+
+- name: Enable the timer
+  systemd:
+    name: prometheus-node-exporter-local_x509.timer
+    enabled: true
+

roles/prometheus-node-exporter/tasks/main.yml

@@ -35,6 +35,10 @@
   retries: 3
   until: apt_result is succeeded
 
+
+- name: Install the local_x509 exporter
+  import_tasks: local_x509_collector.yml
+
 - name: Ensure /etc/node_exporter exist
   file:
     path: /etc/node_exporter