Krecik
Asynchronous, parallel external service checker (and reporter), using industry standard libraries: Curl, ngHTTP2 and OpenSSL.
Author:
Daniel (@dmilith) Dettlaff
Features:
-
Asynchronous and multithreaded by default.
-
JSON format used for both checks (input) and products (output).
-
Uses OpenSSL 1.1.1a+ to provide "TLS-cert expiration check" functionality.
-
HTTP2 used as default.
Software requirements:
- Rust >= 1.32.0
- Curl >= 7.x
- OpenSSL >= 1.1.1a
- NgHTTP2 >= 1.36.0
- Jq >= 1.5
Additional build requirements:
- Clang >= 6.x
- Make >= 3.x
- Cmake >= 3.16
- Perl >= 5.x
- POSIX compliant base-system (tested on systems: FreeBSD/ HardenedBSD/ Darwin and Linux)
Few words about design solutions…
… and especially about current state of linking with shared dynamic libraries by Cargo on LLVM-driven FreeBSD systems…
To make a long story short - Cargo on FreeBSD/ HardenedBSD/ Linux, doesn't set proper runtime path (RPATH/RUNPATH in binary header), when shared libraries are outside of standard /lib:/usr/lib:/usr/local/lib library paths.
There are two quick solutions for this problem - one is bad
, one is ugly
.
Bad solution is hacking LD_LIBRARY_PATH shell-env value - and this is considered to be unethical choice (but still… choice of the many…).
Ugly solution is ugly, but at least solves problem for development time…
NOTE: Krecik at current stage will use static linking by default.
This means that each release will encapsulate exact versions of:
Curl, OpenSSL and ngHTTP2 libraries - linked directly into krecik
binary.
Caveats. Solutions for potential problems:
Krecik relies on fully featured build of Curl, which is available via Sofin binary-bundle: Curl_lib
. To install prebuilt "Curl_lib" on supported system:
_myusername=""
Prebuilt version of Curl_lib
bundle is available for systems:
-
svdOS-12.2 - NOTE Under svdOS, binary-bundle file is NOT a tar file, but Lz4 compressed ZFS dataset of software bundle.
NOTE: Curl_lib binary-bundle provides all Krecik library requirements: CURL, OpenSSL, ngHTTP2 and IDN2.
Configuration:
By default Krecik looks for configuration under:
- /etc/krecik/krecik.conf
- /Services/Krecik/service.conf
- /Projects/krecik/krecik.conf
- krecik.conf
Krecik dynamic configuration file format:
Fields explanation:
-
ok_message
- Notification message that will be sent (per notifier) when all checks are successful. -
log_file
- Krecik log file location. -
notifiers
- List of Slack notifiers used by each Check definition by name.
Fully featured Krecik check file example:
Default expectations:
-
Domain check expectation:
ValidExpiryPeriod(14)
(each domain has to be valid for at least 14 days). -
Page check expectations:
ValidCode(200)
(http error code is 200) +ValidLength(128)
(content length is at least 128 bytes long) +ValidContent("body")
(content contains "body")
Development:
Build debug version:
Lazy developer mode (using cargo-watch
+ cargo-clippy
, warnings: enabled, watch awaits for code change for first run):
bin/devel
Eager developer mode (using cargo-watch
+ cargo-clippy
, warnings: enabled, watch compiles code immediately):
bin/devel dev
Build release version:
bin/build
Run:
Launch "dev" WebAPI server (NOTE: enables DEBUG logger level and makes cargo build process verbose):
bin/run dev
Launch "release" WebAPI server:
bin/run
Test:
NOTE: If one of servers mentioned above… is started, the script mentioned below will do additional round of built in tests over HTTP2-Check-API:
bin/test
Mapping remote configuration resources:
For now, the only defined remote resource type is: "PongoHost". To configure Pongo API resource, create file: checks/remotes/yourname.json
with contents:
External JSON resources repositories support:
-
Create new repository with JSON files with definitions of your checks. Check file-format examples can be found in:
checks/tests/*.json
. Commit your checks. -
Now in
krecik
repository do:cd krecik/checks
. -
Clone your checks-resource repository, here I called it "frontends":
git clone git@github.com:my-company-id/krecik-frontends.git frontends
. -
Start
krecik
web-server in dev mode:bin/run dev
(starts MUCH faster in dev mode).
Build requirements for svdOS systems:
For svdOS (custom HardenedBSD x86_64) servers using Sofin:
Install build requirements with:
s i Openssl Rust Perl Make
then publish bundles settings to the environment with:
s env +Openssl +Rust +Perl +Make
After build bring back dynamic env setup with:
s env reset
Why "Krecik"?
It's been my favorite cartoon… It's a little tribute for mr Zdeněk Miler as well :)
License
-
BSD
-
MIT