From 381a4252ae8c9384d257350d258508e5d496799f Mon Sep 17 00:00:00 2001 From: Jesse Luehrs Date: Sun, 5 Jul 2020 20:26:08 -0400 Subject: add certbot telegraf plugin --- modules/tick/files/plugins/certbot | 3 +++ modules/tick/files/plugins/certbot.conf | 3 +++ modules/tick/files/plugins/certbot.sudoers | 3 +++ modules/tick/files/plugins/certbot_inner | 14 +++++++++++++ modules/tick/manifests/client/plugin/certbot.pp | 26 +++++++++++++++++++++++++ 5 files changed, 49 insertions(+) create mode 100644 modules/tick/files/plugins/certbot create mode 100644 modules/tick/files/plugins/certbot.conf create mode 100644 modules/tick/files/plugins/certbot.sudoers create mode 100644 modules/tick/files/plugins/certbot_inner create mode 100644 modules/tick/manifests/client/plugin/certbot.pp (limited to 'modules/tick') diff --git a/modules/tick/files/plugins/certbot b/modules/tick/files/plugins/certbot new file mode 100644 index 0000000..af3f340 --- /dev/null +++ b/modules/tick/files/plugins/certbot @@ -0,0 +1,3 @@ +#!/bin/sh + +sudo "$(dirname $0)/certbot_inner" diff --git a/modules/tick/files/plugins/certbot.conf b/modules/tick/files/plugins/certbot.conf new file mode 100644 index 0000000..0e4a923 --- /dev/null +++ b/modules/tick/files/plugins/certbot.conf @@ -0,0 +1,3 @@ +[[inputs.exec]] +commands = ["/etc/telegraf/plugins/certbot"] +data_format = "influx" diff --git a/modules/tick/files/plugins/certbot.sudoers b/modules/tick/files/plugins/certbot.sudoers new file mode 100644 index 0000000..bab97c7 --- /dev/null +++ b/modules/tick/files/plugins/certbot.sudoers @@ -0,0 +1,3 @@ +Cmnd_Alias CERTBOTINNER = /etc/telegraf/plugins/certbot_inner +telegraf ALL=(ALL) NOPASSWD: CERTBOTINNER +Defaults!CERTBOTINNER !logfile, !syslog, !pam_session diff --git a/modules/tick/files/plugins/certbot_inner b/modules/tick/files/plugins/certbot_inner new file mode 100644 index 0000000..5d31c35 --- /dev/null +++ b/modules/tick/files/plugins/certbot_inner @@ -0,0 +1,14 @@ +#!/usr/bin/env ruby + +require 'openssl' + +config_dir = "/media/persistent/certbot" + +(Dir.entries("#{config_dir}/live/") - [".", ".."]).each do |site| + next unless File.directory?("#{config_dir}/live/#{site}") + cert = File.read("#{config_dir}/live/#{site}/cert.pem") + x509 = OpenSSL::X509::Certificate.new(cert) + days = (x509.not_after - Time.now) / 60 / 60 / 24 + sanitized_site = site.gsub(/[^a-zA-Z0-9]/, '_') + puts "certbot,site=#{sanitized_site} days_remaining=#{days}" +end diff --git a/modules/tick/manifests/client/plugin/certbot.pp b/modules/tick/manifests/client/plugin/certbot.pp new file mode 100644 index 0000000..17d99ab --- /dev/null +++ b/modules/tick/manifests/client/plugin/certbot.pp @@ -0,0 +1,26 @@ +class tick::client::plugin::certbot { + file { + "/etc/telegraf/telegraf.d/certbot.conf": + source => 'puppet:///modules/tick/plugins/certbot.conf', + require => [ + File["/etc/telegraf/telegraf.d"], + File["/etc/telegraf/plugins/certbot"], + ], + notify => Service["telegraf"]; + "/etc/telegraf/plugins/certbot": + source => 'puppet:///modules/tick/plugins/certbot', + mode => '0755', + require => [ + File['/etc/telegraf/plugins'], + File['/etc/telegraf/plugins/certbot_inner'], + File['/etc/sudoers.d/telegraf-certbot'], + ]; + "/etc/telegraf/plugins/certbot_inner": + source => 'puppet:///modules/tick/plugins/certbot_inner', + mode => '0755', + require => File['/etc/telegraf/plugins']; + "/etc/sudoers.d/telegraf-certbot": + source => 'puppet:///modules/tick/plugins/certbot.sudoers', + require => Package['sudo']; + } +} -- cgit v1.2.3-54-g00ecf