Skip to content

NeonSludge/crl-updater

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
cmd/crl-updater
cmd/crl-updater
 
 
pkg/utils
pkg/utils
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

crl-updater

Small daemon that takes a list of CRL file update jobs, runs them periodically and publishes success and failure counts as Prometheus metrics.

It performs basic sanity checks on the files that are being downloaded:

  • Source file MUST be smaller than the limit specified at the job level.
  • Source file MUST start with a standard X.509 CRL PEM header (-----BEGIN X509 CRL-----) OR its first two bytes MUST equal 0x30 0x82 OR 0x30 0x83. This check is performed on the first 24 bytes of the source file. If it does not pass, the download attempt will fail.

There is also an option to disable these checks for a specific job.

$ crl-updater -h
Usage of crl-updater:
  -cfg string
        path to a config file in YAML format (default "/etc/crl-updater.yaml")
  -metrics string
        address for publishing metrics in Prometheus format (default ":8080")

Config file

Example:

jobs:
  - url: "http://example.com/crl/crl1.crl"
    dest: /etc/crl/crl1.crl
    schedule: "*/5 * * * *"
    mode: 0600
    owner: user1
    group: group1
    limit: 65536
  - url: "http://example.com/crl/crl2.crl"
    dest: /etc/crl/crl2.crl
    schedule: "0 12 * * *"
    force: true

Job parameters:

Parameter Description Default
url URL to download the CRL file from. none
dest Path to save the downloaded CRL file to. none
schedule CRL update cron schedule. @hourly
mode Permissions for the destination file. 0644
owner Owner of the destination file. current user
group Group of the destination file. current group
limit CRL file size limit in bytes. 10485760
force Force CRL update, skip all checks. false

Metrics

The following Prometheus metrics are available at the /metrics endpoint:

Metric Description Type
crl_updater_success{job="job ID", file="destination file name"} Number of successful CRL update attempts per job. Counter
crl_updater_error{job="job ID", file="destination file name"} Number of unsuccessful CRL update attempts per job. Counter
crl_updater_success_total Number of successful CRL update attempts. Counter
crl_updater_error_total Number of unsuccessful CRL update attempts. Counter

About

A daemon to manage and monitor CRL file updates.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages