Mirrors/Munin-Contrib
1
0
Fork 0
mirror of https://github.com/munin-monitoring/contrib.git synced 2025-07-22 14:16:00 +00:00
Code Issues Releases Wiki Activity

letsencrypt_weekly: enable monitoring multiple directories (#1456)

Browse source 
* letsencrypt_weekly: enable monitoring multiple directories

* letsencrypt_weekly: fix typo

---------

Co-authored-by: Kenyon Ralph <kenyon@kenyonralph.com>
This commit is contained in:
Andreas Perhab 2024-09-27 06:30:03 +02:00 committed by GitHub
parent 304b5beb58
commit 178261c57c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 32 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

35
plugins/ssl/letsencrypt_weekly
View file

@ -25,6 +25,15 @@ You can configure the warning and critical limits for this plugin:
# critical when more than 50 certificates have been requested in the last week # critical when more than 50 certificates have been requested in the last week
env.critical :50 env.critical :50
If you have multiple letsencrypt directories e.g. one running in docker, you can configure them separated by spaces:
[letsencrypt_weekly]
# run with a user that is able to read /etc/letsencrypt/csr/ files and at least list directories in
# /etc/letsencrypt/archive/
user root
# monitor the server as well as the docker volume letsencrypt_certs
env.letsencrypt_dirs /etc/letsencrypt/ /var/lib/docker/volumes/letsencrypt_certs/_data/
=head1 AGGREGATION CONFIGURATION =head1 AGGREGATION CONFIGURATION
When you have multiple servers issuing certficates for the same registered domain you can aggregate the numbers with When you have multiple servers issuing certficates for the same registered domain you can aggregate the numbers with
@ -86,13 +95,24 @@ GPLv2
. "$MUNIN_LIBDIR/plugins/plugin.sh" . "$MUNIN_LIBDIR/plugins/plugin.sh"
if [ "$MUNIN_DEBUG" == "1" ] ; then
set -x
fi
warning=${warning:-:40} warning=${warning:-:40}
critical=${critical:-:50} #letsencrypt doesn't allow more than 50 certificates per week critical=${critical:-:50} #letsencrypt doesn't allow more than 50 certificates per week
# see https://letsencrypt.org/docs/rate-limits/ # see https://letsencrypt.org/docs/rate-limits/
letsencrypt_dirs=${letsencrypt_dirs:-/etc/letsencrypt}
csr_directories=()
archive_directories=()
for letsencrypt_dir in ${letsencrypt_dirs}; do
csr_directories+=("${letsencrypt_dir%/}/csr/")
archive_directories+=("${letsencrypt_dir%/}/archive/")
done
get_files_and_domains() { get_files_and_domains() {
find /etc/letsencrypt/csr/ -mtime -7 -type f -print0 2>/dev/null | xargs -0 -I pem bash -c 'echo -n "pem "; openssl req -in pem -text -noout | grep DNS: | sed "s/.*DNS://g"' find "${csr_directories[@]}" -mtime -7 -type f -print0 2>/dev/null | xargs -0 -I pem bash -c 'echo -n "pem "; openssl req -in pem -text -noout | grep DNS: | sed "s/.*DNS://g"'
} }
get_registered_domains() { get_registered_domains() {
@ -100,9 +120,18 @@ get_registered_domains() {
local TRIM_SUBDOMAIN local TRIM_SUBDOMAIN
REMOVE_PATH='s,.*/,,;' REMOVE_PATH='s,.*/,,;'
TRIM_SUBDOMAIN='s/.*\.\([a-z0-9-]\+\.[a-z]\+\)/\1/;' TRIM_SUBDOMAIN='s/.*\.\([a-z0-9-]\+\.[a-z]\+\)/\1/;'
find /etc/letsencrypt/archive/ -mindepth 1 -maxdepth 1 | sed "$REMOVE_PATH $TRIM_SUBDOMAIN" | sort | uniq find "${archive_directories[@]}" -mindepth 1 -maxdepth 1 | sed "$REMOVE_PATH $TRIM_SUBDOMAIN" | sort | uniq
} }
if [ "$MUNIN_DEBUG" = "1" ] ; then
set +x
echo "files:"
get_files_and_domains
echo "registered domains:"
get_registered_domains
set -x
fi
if [ "$1" = "autoconf" ] ; then if [ "$1" = "autoconf" ] ; then
test -d /etc/letsencrypt/csr/ && echo "yes" || echo "no (directory /etc/letsencrypt/csr does not exist)" test -d /etc/letsencrypt/csr/ && echo "yes" || echo "no (directory /etc/letsencrypt/csr does not exist)"
elif [ "$1" = "config" ] ; then elif [ "$1" = "config" ] ; then
@ -138,7 +167,7 @@ elif [ "$1" = "" ] ; then
file=${file_domain% *} file=${file_domain% *}
domain=${file_domain#* } domain=${file_domain#* }
registered_domain_key=$(echo "$domain" | sed 's/.*\.\([a-z0-9-]\+\.[a-z]\+\)/\1/;s/[-.]/_/g') registered_domain_key=$(echo "$domain" | sed 's/.*\.\([a-z0-9-]\+\.[a-z]\+\)/\1/;s/[-.]/_/g')
previous_certs=$(find "/etc/letsencrypt/archive/$domain" -name 'cert*.pem' -not -cnewer "$file" | wc -l) previous_certs=$(find "${archive_directories[@]}" -path "*/$domain/*" -name 'cert*.pem' -not -cnewer "$file" | wc -l)
if [ "$previous_certs" -gt 0 ] ; then if [ "$previous_certs" -gt 0 ] ; then
value_key="${registered_domain_key}_renewal_weekly.value " value_key="${registered_domain_key}_renewal_weekly.value "
else else