Class: Solanum::Source::Certificate

Inherits:

Solanum::Source

• Object
• Solanum::Source
• Solanum::Source::Certificate

Defined in:

lib/solanum/source/certificate.rb

Instance Attribute Summary

• #ca_cert ⇒ Object readonly

  Returns the value of attribute ca_cert.

• #expiry_states ⇒ Object readonly

  Returns the value of attribute expiry_states.

• #host ⇒ Object readonly

  Returns the value of attribute host.

• #port ⇒ Object readonly

  Returns the value of attribute port.

Attributes inherited from Solanum::Source

#attributes, #period, #type

Instance Method Summary

• #collect! ⇒ Object

  Collect metric events.

• #connect ⇒ Object
• #initialize(opts) ⇒ Certificate constructor

  A new instance of Certificate.

Methods inherited from Solanum::Source

#next_run

Constructor Details

#initialize(opts) ⇒ Certificate

Returns a new instance of Certificate.

# File 'lib/solanum/source/certificate.rb', line 10

def initialize(opts)
  super(opts)
  @host = opts['host'] or raise "No host provided"
  @port = opts['port'] || 443
  @hostname = opts['hostname'] || @host
  @ca_cert = opts['ca_cert']
  @expiry_states = opts['expiry_states'] || {}
end

Instance Attribute Details

#ca_cert ⇒ Object (readonly)

Returns the value of attribute ca_cert.

# File 'lib/solanum/source/certificate.rb', line 7

def ca_cert
  @ca_cert
end

#expiry_states ⇒ Object (readonly)

Returns the value of attribute expiry_states.

# File 'lib/solanum/source/certificate.rb', line 7

def expiry_states
  @expiry_states
end

#host ⇒ Object (readonly)

Returns the value of attribute host.

# File 'lib/solanum/source/certificate.rb', line 7

def host
  @host
end

#port ⇒ Object (readonly)

Returns the value of attribute port.

# File 'lib/solanum/source/certificate.rb', line 7

def port
  @port
end

Instance Method Details

#collect! ⇒ Object

Collect metric events.

# File 'lib/solanum/source/certificate.rb', line 48

def collect!
  events = []
  prefix = "certificate #{@hostname}"

  begin
    connect do |ssl|
      cert = ssl.peer_cert

      # Connect okay.
      events << {
        service: "#{prefix} connect",
        metric: 1,
        state: 'ok',
        description: "Certificate for #{@hostname} verified successfully",
      }

      # Certificate expiration time.
      #puts cert.inspect
      expiry = cert.not_after - Time.now
      expiry_days = expiry/86400
      events << {
        service: "#{prefix} expiry",
        metric: expiry_days,
        state: state_under(@expiry_states, expiry_days),
        description: "Certificate for #{@hostname} expires in #{duration_str(expiry)}",
      }
    end
  rescue => e
    # Connect error.
    events << {
      service: "#{prefix} connect",
      metric: 1,
      state: 'critical',
      description: "Error connecting to #{@hostname}: #{e}",
    }
  end

  events
end

#connect ⇒ Object

# File 'lib/solanum/source/certificate.rb', line 20

def connect
  # Configure context.
  ctx = OpenSSL::SSL::SSLContext.new
  #ctx.verify_hostname = true  # Only in ruby 2.x?

  if @ca_cert
    ctx.ca_file = @ca_cert
    ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
  end

  # Open socket connection.
  sock = TCPSocket.new(@host, @port)
  ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
  ssl.sync_close = true
  ssl.hostname = @hostname
  ssl.connect

  yield ssl if block_given?
ensure
  if ssl
    ssl.close
  elsif sock
    sock.close
  end
end