Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add SSL usage for module configuration. Enchanchement ? #8

Open
mroberty8 opened this issue May 31, 2016 · 0 comments
Open

Add SSL usage for module configuration. Enchanchement ? #8

mroberty8 opened this issue May 31, 2016 · 0 comments

Comments

@mroberty8
Copy link

It's will be appreciable to add ssl support on mongo connection for database using ssl protocol with auth method.

For example on our server we used ssl protocol with auth method to login on database.

This tools is very good but we dont have ssl support for authentification.

For example we apply some change on installed module :

  • modified app/mongostat.js
var shelljs = require('shelljs');
var pmx = require('pmx');
var probe = pmx.probe();

var refresh = function() {
  var mongostat = "mongostat --noheaders --port " + pmx.getConf().port + " -n 1";
  if (pmx.getConf().ip && pmx.getConf().ip !== ''){
    mongostat += ' -h ' + pmx.getConf().ip;
  }
  if (pmx.getConf().username != 0 && pmx.getConf().password != false && pmx.getConf().authDB != false) {
    mongostat += ' -u ' + pmx.getConf().username + ' -p "' + pmx.getConf().password + '" --authenticationDatabase ' + pmx.getConf().authDB;
  }

  // get ssl value
  var ssl  = pmx.getConf().ssl;
  var auth = pmx.getConf().auth;
  // here process ssl config if defined
  if (ssl !== false) {
    // enable ssl
    mongostat += ' --ssl ';
    // has ca ?
    if (ssl.ca) {
      // add command 
      mongostat += ' --sslCAFile ' + ssl.ca;
    }
    // has key ?
    if (ssl.cert) {
      // add command
      mongostat += ' --sslPEMKeyFile ' + ssl.cert;
    }
    // check identify ?
    if (!ssl.checkServerIdentity) {
      // add command
      mongostat += ' --sslAllowInvalidHostnames';
    }
  }
  // enable auth mechanism
  if (auth.authenticationMechanism !== false && auth.authenticationMechanism !== '') {
    // add command
    mongostat += ' --authenticationMechanism "' + auth.authenticationMechanism + '"';
  }

  var top_cpu_process = shelljs.exec(mongostat, { async : true, silent : false }, function(err, out) {
    if (err) {
      return console.error('Fail: could not retrieve mongostat metrics', err);
    }
    var str_info = out.replace( /[\s\n\r]+/g,' ');
    var data = str_info.split(' ');
    insert.set(data[1]);
    query.set(data[2]);
    update.set(data[3]);
    deleted.set(data[4]);
    command.set(data[6]);
    mapped.set(data[8]);
    vsize.set(data[9]);
    netIn.set(data[14]);
    netOut.set(data[15]);
    conn.set(data[16]);
  });
};

setInterval(refresh, 5000);

var insert = probe.metric({
  name: 'Insert',
  value: 'N/A'
});

var query = probe.metric({
  name: 'Query',
  value: 'N/A'
});

var update = probe.metric({
  name: 'Update',
  value: 'N/A'
});

var deleted = probe.metric({
  name: 'Delete',
  value: 'N/A'
});

var netIn = probe.metric({
  name: 'netIn',
  value: 'N/A'
});
var netOut = probe.metric({
  name: 'netOut',
  value: 'N/A'
});

var conn = probe.metric({
  name: 'Connections',
  value: 'N/A'
});

var mapped = probe.metric({
  name: 'Mapped',
  value: 'N/A'
});

var vsize = probe.metric({
  name: 'Vsize',
  value: 'N/A'
});

var command = probe.metric({
  name: 'Command',
  value: 'N/A'
});

refresh();
  • modified app.js
'use strict';

var pmx = require('pmx');
var MongoClient = require('mongodb').MongoClient;
var assert = require('assert');
var fs = require('fs');

pmx.initModule({

  widget : {

    pid : pmx.resolvePidPaths(['/var/run/mongodb.pid',
                               '/var/run/mongodb/mongodb.pid']),

          logo : 'http://mongodb.org/static/images/mongodb-logo.png',

    theme            : ['#262E35', '#222222', '#3ff', '#3ff'],

    el : {
      probes  : true,
      actions : true
    },

    block : {
      actions : false,
      issues  : false,
      meta    : true,

      main_probes : ['Insert', 'Query', 'Update', 'Delete', 'Command', 'netOut', 'netIn']
    }

  }

}, function(err, conf) {

  conf.ssl = {
   ca   : 'CA_PATH_FILE',
   cert : 'CERT_PATH_FILE',
   key  : 'KEY_PATH_FILE',
   sslValidate : true,
   checkServerIdentity : false
  };

  // default auth conf
  // maybe add here user password alreday defined on current module ?
  conf.auth = {
   authenticationMechanism : 'SCRAM-SHA-1'
  }
  // default value
  var url       = 'mongodb://' + conf.ip + ':' + conf.port + '/test';
  var options   = {};
  // add ssl property
  if (conf.ssl !== false) {
    //add ssl flag on url for mongoclient
    url += '?ssl=true';
    // Build options
    options = {
      server : {
        sslValidate : conf.ssl.sslValidate,
        checkServerIdentity : conf.ssl.checkServerIdentity
      }
    }
    // has ca ?
    if (conf.ssl.ca) {
      options.server.sslCA = [fs.readFileSync(conf.ssl.ca)]
    }
    // has key ?
    if (conf.ssl.key) {
      options.server.sslKey = fs.readFileSync(conf.ssl.key);
    }
    // has cert ?
    if (conf.ssl.cert) {
      options.server.sslCert = fs.readFileSync(conf.ssl.cert);
    }
  }

  MongoClient.connect(url, options, function(err, db) {
    assert.equal(null, err);
    console.log("Connected correctly to server.");
    db.close();
  });
  require('./lib/mongostat.js');
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mroberty8