WhatTheMike
2 years ago
parent
cca25975c8
commit
12df809250
@ -0,0 +1,49 @@
|
|||||||
|
---
|
||||||
|
- name: Configure mini-monitoring server
|
||||||
|
hosts: smolmonitor
|
||||||
|
tasks:
|
||||||
|
- name: Performing APT cache update and package upgrade
|
||||||
|
ansible.builtin.apt:
|
||||||
|
upgrade: yes
|
||||||
|
update_cache: yes
|
||||||
|
cache_valid_time: 86400
|
||||||
|
become: true
|
||||||
|
become_method: sudo
|
||||||
|
- name: Update/install necessary packages
|
||||||
|
ansible.builtin.package:
|
||||||
|
name:
|
||||||
|
- vim
|
||||||
|
- wget
|
||||||
|
- curl
|
||||||
|
- openssl
|
||||||
|
state: latest
|
||||||
|
become: true
|
||||||
|
become_method: sudo
|
||||||
|
- name: Download vim config from aperture (root)
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
dest: /root/.vimrc
|
||||||
|
url: https://aperture.dismyserver.net/.vimrc
|
||||||
|
become: true
|
||||||
|
become_method: sudo
|
||||||
|
|
||||||
|
- name: Verify misc script dir exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /opt/sublight/scripts
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
####- certificate monitoring script
|
||||||
|
|
||||||
|
- name: Verify certificate script is deployed
|
||||||
|
ansible.builtin.template:
|
||||||
|
dest: /opt/sublight/scripts/collect-certdata.sh
|
||||||
|
src: /root/ansible/templates/collect-certdata.sh.j2
|
||||||
|
mode: '0744'
|
||||||
|
- name: Ensure cert monitoring script is scheduled
|
||||||
|
ansible.builtin.cron:
|
||||||
|
name: "Poll cert data"
|
||||||
|
minute: "*"
|
||||||
|
job: "/opt/sublight/scripts/collect-certdata.sh"
|
||||||
|
user: root
|
||||||
|
state: present
|
||||||
|
become: true
|
||||||
|
become_method: sudo
|
||||||
@ -0,0 +1,32 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Recommended crontab:
|
||||||
|
# * * * * * /path/to/collect-certdata.sh
|
||||||
|
|
||||||
|
influx_host="{{ influx_host }}"
|
||||||
|
influx_path="/api/v2/write"
|
||||||
|
influx_org="{{ influx_org }}"
|
||||||
|
influx_bucket="{{ influx_bucket }}"
|
||||||
|
influx_token="{{ influx_token }}"
|
||||||
|
influx_metric="certificate"
|
||||||
|
domains=({% for dns in certificate_monitor_domains %}"{{dns}}" {% endfor %})
|
||||||
|
|
||||||
|
influx_url="${influx_host}${influx_path}?org=${influx_org}&bucket=${influx_bucket}"
|
||||||
|
influx_header_auth="Authorization: Token ${influx_token}"
|
||||||
|
influx_header_content="Content-Type: text/plain; charset=utf-8"
|
||||||
|
influx_header_accept="Accept: application/json"
|
||||||
|
|
||||||
|
for dn in ${domains[@]}; do
|
||||||
|
certificate="$(openssl s_client -connect ${dn}:443 2>/dev/null </dev/null | openssl x509)"
|
||||||
|
|
||||||
|
# Calculation broken down from https://gist.github.com/holly/4205943
|
||||||
|
datestr=`echo "${certificate}" | openssl x509 -enddate -noout | cut -d'=' -f2`
|
||||||
|
daystr=`date -d "$datestr" "+%s"`
|
||||||
|
current_time=$(date "+%s")
|
||||||
|
days=`echo $((($daystr - $current_time) / 60 / 60 / 24))`
|
||||||
|
|
||||||
|
data="${influx_metric},domain=${dn} remaining=${days}i"
|
||||||
|
|
||||||
|
curl --request POST "${influx_url}" --header "${influx_header_auth}" --header "${influx_header_content}" --header "${influx_header_accept}" --data-binary "${data}"
|
||||||
|
|
||||||
|
done
|
||||||
Loading…
Reference in new issue