add loal_x509 collector

This commit is contained in:
histausse 2021-10-11 13:22:09 +02:00
parent 5bc708fa9e
commit dc8bd8cae5
Signed by: histausse
GPG key ID: 67486F107F62E9E9
6 changed files with 120 additions and 0 deletions

View file

@ -0,0 +1,25 @@
#!/usr/bin/env bash
sanitize() {
while read -r data; do
set -- $data
printf %q "$1" | sed -e 's/\\ / /g'
done
}
print_metric() {
while read -r data; do
set -- $data
if [ -f "$1" ]; then
exp_date=`openssl x509 -enddate --noout -in "$1" | sed -e 's/notAfter=//g'`
exp_date_unixtime=`date -d "$exp_date" -u +%s`
cname=`openssl x509 -subject --noout -in "$1" | sed -e 's/^.*CN = //' | sed -e 's/,.*$//' | sanitize`
filename=`realpath "$1" | sanitize`
echo "local_x509_expiry_date{cname=\"$cname\",file=\"$filename\"} $exp_date_unixtime"
fi
done
}
echo '# HELP local_x509_expiry_date The cert expiry date in unixtime'
echo '# TYPE local_x509_expiry_date gauge'
printf '%s\n' "$@" | print_metric

View file

@ -0,0 +1,5 @@
# The list of certs to monitor
ARGS="
/etc/letsencrypt/live/**/cert.pem
/etc/hackypky/crts/*.pem
"

View file

@ -0,0 +1,8 @@
[Unit]
Description=Collect local x509 certificate metrics for prometheus-node-exporter
[Service]
Type=oneshot
EnvironmentFile=/etc/default/prometheus-node-exporter-local_x509
Environment=TMPDIR=/var/lib/prometheus/node-exporter
ExecStart=/bin/bash -c "/usr/share/prometheus-node-exporter-collectors/local_x509.sh $ARGS | sponge /var/lib/prometheus/node-exporter/local_x509.prom"

View file

@ -0,0 +1,9 @@
[Unit]
Description=Run local x509 metrics collection every 15 minutes
[Timer]
OnBootSec=0
OnUnitActiveSec=15min
[Install]
WantedBy=timers.target

View file

@ -0,0 +1,69 @@
---
- name: Install moreutils # we need the sponge command
apt:
name:
- moreutils
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Ensure /usr/share/prometheus-node-exporter exist
file:
path: /usr/share/prometheus-node-exporter/
state: directory
group: root
owner: root
mode: u=rwx,g=rx,o=rx
# Optionnal, but used with the hacky_pki role
- name: Ensure /etc/hackypky/crts/ exist
file:
path: "{{ item }}"
state: directory
group: root
owner: root
mode: u=rwx,g=rx,o=rx
loop:
- /etc/hackypky
- /etc/hackypky/crts
- name: Add the script
copy:
src: local_x509.sh
dest: /usr/share/prometheus-node-exporter/local_x509.sh
group: root
owner: root
mode: u=rwx,g=,o=
- name: Add the env file
copy:
src: prometheus-node-exporter-local_x509
dest: /etc/default/prometheus-node-exporter-local_x509
group: root
owner: root
force: no
mode: u=rwx,g=r,o=r
- name: Add the timer
copy:
src: prometheus-node-exporter-local_x509.timer
dest: /lib/systemd/system/prometheus-node-exporter-local_x509.timer
group: root
owner: root
mode: u=rw,g=r,o=r
- name: Add the service
copy:
src: prometheus-node-exporter-local_x509.service
dest: /lib/systemd/system/prometheus-node-exporter-local_x509.service
group: root
owner: root
mode: u=rw,g=r,o=r
- name: Enable the timer
systemd:
name: prometheus-node-exporter-local_x509.timer
enabled: true

View file

@ -35,6 +35,10 @@
retries: 3
until: apt_result is succeeded
- name: Install the local_x509 exporter
import_tasks: local_x509_collector.yml
- name: Ensure /etc/node_exporter exist
file:
path: /etc/node_exporter