Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/neonsludge/crl-updater

A daemon to manage and monitor CRL file updates.
https://github.com/neonsludge/crl-updater

Last synced: 7 days ago
JSON representation

A daemon to manage and monitor CRL file updates.

Host: GitHub
URL: https://github.com/neonsludge/crl-updater
Owner: NeonSludge
License: mit
Created: 2020-03-19T15:48:02.000Z (almost 5 years ago)
Default Branch: master
Last Pushed: 2020-07-15T07:12:29.000Z (over 4 years ago)
Last Synced: 2024-11-07T20:23:07.462Z (about 2 months ago)
Language: Go
Homepage:
Size: 33.2 KB
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # crl-updater

Small daemon that takes a list of CRL file update jobs, runs them periodically and publishes success and failure counts as Prometheus metrics. 

It performs basic sanity checks on the files that are being downloaded:

* Source file MUST be smaller than the limit specified at the job level.

* Source file MUST start with a standard X.509 CRL PEM header (`-----BEGIN X509 CRL-----`) OR its first two bytes MUST equal `0x30 0x82` OR `0x30 0x83`. This check is performed on the first 24 bytes of the source file. If it does not pass, the download attempt will fail.

There is also an option to disable these checks for a specific job.

```

$ crl-updater -h

Usage of crl-updater:

  -cfg string

        path to a config file in YAML format (default "/etc/crl-updater.yaml")

  -metrics string

        address for publishing metrics in Prometheus format (default ":8080")

```

### Config file

#### Example:

```

jobs:

  - url: "http://example.com/crl/crl1.crl"

    dest: /etc/crl/crl1.crl

    schedule: "*/5 * * * *"

    mode: 0600

    owner: user1

    group: group1

    limit: 65536

  - url: "http://example.com/crl/crl2.crl"

    dest: /etc/crl/crl2.crl

    schedule: "0 12 * * *"

    force: true

```

#### Job parameters:

| Parameter | Description                              | Default       |

| --------- | ---------------------------------------- | ------------- |

| url       | URL to download the CRL file from.       | none          |

| dest      | Path to save the downloaded CRL file to. | none          |

| schedule  | CRL update cron schedule.                | @hourly       |

| mode      | Permissions for the destination file.    | 0644          |

| owner     | Owner of the destination file.           | current user  |

| group     | Group of the destination file.           | current group |

| limit     | CRL file size limit in bytes.            | 10485760      |

| force     | Force CRL update, skip all checks.       | false         |

### Metrics

The following Prometheus metrics are available at the `/metrics` endpoint:

| Metric | Description | Type |

| ------ | ----------- | ---- |

crl_updater_success{job="job ID", file="destination file name"} | Number of successful CRL update attempts per job. | Counter |

crl_updater_error{job="job ID", file="destination file name"} | Number of unsuccessful CRL update attempts per job. | Counter |

crl_updater_success_total | Number of successful CRL update attempts. | Counter |

crl_updater_error_total | Number of unsuccessful CRL update attempts. | Counter |