add loal_x509 collector
This commit is contained in:
parent
5bc708fa9e
commit
dc8bd8cae5
6 changed files with 120 additions and 0 deletions
25
roles/prometheus-node-exporter/files/local_x509.sh
Executable file
25
roles/prometheus-node-exporter/files/local_x509.sh
Executable file
|
@ -0,0 +1,25 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
sanitize() {
|
||||
while read -r data; do
|
||||
set -- $data
|
||||
printf %q "$1" | sed -e 's/\\ / /g'
|
||||
done
|
||||
}
|
||||
|
||||
print_metric() {
|
||||
while read -r data; do
|
||||
set -- $data
|
||||
if [ -f "$1" ]; then
|
||||
exp_date=`openssl x509 -enddate --noout -in "$1" | sed -e 's/notAfter=//g'`
|
||||
exp_date_unixtime=`date -d "$exp_date" -u +%s`
|
||||
cname=`openssl x509 -subject --noout -in "$1" | sed -e 's/^.*CN = //' | sed -e 's/,.*$//' | sanitize`
|
||||
filename=`realpath "$1" | sanitize`
|
||||
echo "local_x509_expiry_date{cname=\"$cname\",file=\"$filename\"} $exp_date_unixtime"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
echo '# HELP local_x509_expiry_date The cert expiry date in unixtime'
|
||||
echo '# TYPE local_x509_expiry_date gauge'
|
||||
printf '%s\n' "$@" | print_metric
|
|
@ -0,0 +1,5 @@
|
|||
# The list of certs to monitor
|
||||
ARGS="
|
||||
/etc/letsencrypt/live/**/cert.pem
|
||||
/etc/hackypky/crts/*.pem
|
||||
"
|
|
@ -0,0 +1,8 @@
|
|||
[Unit]
|
||||
Description=Collect local x509 certificate metrics for prometheus-node-exporter
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
EnvironmentFile=/etc/default/prometheus-node-exporter-local_x509
|
||||
Environment=TMPDIR=/var/lib/prometheus/node-exporter
|
||||
ExecStart=/bin/bash -c "/usr/share/prometheus-node-exporter-collectors/local_x509.sh $ARGS | sponge /var/lib/prometheus/node-exporter/local_x509.prom"
|
|
@ -0,0 +1,9 @@
|
|||
[Unit]
|
||||
Description=Run local x509 metrics collection every 15 minutes
|
||||
|
||||
[Timer]
|
||||
OnBootSec=0
|
||||
OnUnitActiveSec=15min
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
|
@ -0,0 +1,69 @@
|
|||
---
|
||||
- name: Install moreutils # we need the sponge command
|
||||
apt:
|
||||
name:
|
||||
- moreutils
|
||||
state: latest
|
||||
update_cache: true
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Ensure /usr/share/prometheus-node-exporter exist
|
||||
file:
|
||||
path: /usr/share/prometheus-node-exporter/
|
||||
state: directory
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
|
||||
# Optionnal, but used with the hacky_pki role
|
||||
- name: Ensure /etc/hackypky/crts/ exist
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rwx,g=rx,o=rx
|
||||
loop:
|
||||
- /etc/hackypky
|
||||
- /etc/hackypky/crts
|
||||
|
||||
- name: Add the script
|
||||
copy:
|
||||
src: local_x509.sh
|
||||
dest: /usr/share/prometheus-node-exporter/local_x509.sh
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rwx,g=,o=
|
||||
|
||||
- name: Add the env file
|
||||
copy:
|
||||
src: prometheus-node-exporter-local_x509
|
||||
dest: /etc/default/prometheus-node-exporter-local_x509
|
||||
group: root
|
||||
owner: root
|
||||
force: no
|
||||
mode: u=rwx,g=r,o=r
|
||||
|
||||
- name: Add the timer
|
||||
copy:
|
||||
src: prometheus-node-exporter-local_x509.timer
|
||||
dest: /lib/systemd/system/prometheus-node-exporter-local_x509.timer
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rw,g=r,o=r
|
||||
|
||||
- name: Add the service
|
||||
copy:
|
||||
src: prometheus-node-exporter-local_x509.service
|
||||
dest: /lib/systemd/system/prometheus-node-exporter-local_x509.service
|
||||
group: root
|
||||
owner: root
|
||||
mode: u=rw,g=r,o=r
|
||||
|
||||
- name: Enable the timer
|
||||
systemd:
|
||||
name: prometheus-node-exporter-local_x509.timer
|
||||
enabled: true
|
||||
|
|
@ -35,6 +35,10 @@
|
|||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
|
||||
- name: Install the local_x509 exporter
|
||||
import_tasks: local_x509_collector.yml
|
||||
|
||||
- name: Ensure /etc/node_exporter exist
|
||||
file:
|
||||
path: /etc/node_exporter
|
||||
|
|
Loading…
Reference in a new issue