This repository contains a utility that exposes the results of rpki-client via a HTTP API.
2021-03-05 v0.7.2:
- Ignore lines with intertwined output, prevents
rpki-client: pulling ...
(and similar) from being parsed as URLs. - Updated s6 version
2021-02-08 v0.7.1:
- Hotfix: Exception on path being hit.
2021-02-08 v0.7.0:
- Track vanished files and directory count.
- Track the number of no longer referenced repositories.
- Track the number of revoked certificate lines.
2021-01-21 v0.6.2:
- Start webserver/prometheus endpoint immediately when waiting for delay
2021-01-06 v0.6.1:
- Start with a random delay of up to 600s when non-interactive
2021-01-06 v0.6.0:
- Start with a random delay of up to 300s when non-interactive
2020-12-19 v0.5.1:
- Fix: Crash when files removed line is missing due to unsuccessful run.
2020-12-17 v0.5.0:
- Track overclaiming ROAs
- Track number of deleted files
2020-12-1 v0.4.6:
- Track repositories pulled from
2020-11-30 v0.4.5:
- Set missing labels to 0.
2020-11-26 v0.4.4:
- Fix label removal bug --- old labels should now be removed.
2020-11-26 v0.4.3:
- Parse 'bad message digest' warnings.
2020-11-25 v0.4.2:
- Attempt to remove non-existent labels in a different way.
2020-11-25 v0.4.1:
- Change container so command can be picked up from command line, e.g.
docker run --rm [image name] s6-setuidgid daemon python3 -m rpkiclientweb -c /config/config.yml -v -v
2020-11-24 v0.4:
- Parse
rpki-client
output for warnings and add these as metrics.
2020-09-04 v0.3.1:
- Add index http endpoint.
- Fix the
/result
endpoint.
2020-07-27 v0.3.0:
- Metric names start with
rpkiclient
instead ofrpki_client
.
Create a config.yml
file and run the utility with python -m rpki_client -v -c [config_file_name]
.
Note that the default config only contains the RIPE NCC tal for ease of use during testing
Or run a docker container:
# edit ./config.yml and put in ./config/config.yml
docker run \
-p 8888:8888 \
--detach \
--name rpki-client-web \
-v ./config:/config \
tiesdekock/rpki-client-web
/config - output the current config
/result - exit code, stdout, and stderr of last rpki-client run
/metrics - prometheus metrics
/validated/objects - validated RPKI objects
For now, clone the repository and run pipenv install
to install the dependencies.
Afterwards you can run the project if you are in the correct python environment
or by using pipenv (pipenv run python -m rpki_client -v -c ./config.yml
).
Fedora packages needed:
- rpki-client
- python-devel
- git
- python-pipenv
- gcc
There is a prometheus endpoint available on /metrics
. The easiest way to check
that rpki-client
exited successfully is to monitor the exit codes. When the
process is killed due to a timeout the exit code is -9. You could create an
alert for either the existence of non-zero exit codes or for the recent
occurrence of one.
# HELP rpkiclient_update_total Number of rpki-client updates
# TYPE rpkiclient_update_total counter
rpkiclient_update_total{returncode="-9"} 1.0
# HELP rpkiclient_update_created Number of rpki-client updates
# TYPE rpkiclient_update_created gauge
rpkiclient_update_created{returncode="-9"} 1.5911933945483255e+09
rpkiclient_removed_unreferenced
: The number of repositories that are no longer referenced from a trust anchor.rpkiclient_warnings{hostname="<repo hostname",type="<type of error>"}
: Tracks specific types of error per repository when they happen. For a healthy repository, no warnings should exist.rpki_objects{type="<type>"}
: Object count by type, both regular ("number of ROAs") and extraordinary ("number of rejected certificates") metrics.