Skip to content

Add SSL usage for module configuration. Enchanchement ? #8

New issue
New issue
Open
Open
Add SSL usage for module configuration. Enchanchement ?#8
@mroberty8

Description

@mroberty8
mroberty8
opened on May 31, 2016

It's will be appreciable to add ssl support on mongo connection for database using ssl protocol with auth method.

For example on our server we used ssl protocol with auth method to login on database.

This tools is very good but we dont have ssl support for authentification.

For example we apply some change on installed module :

  • modified app/mongostat.js
var shelljs = require('shelljs');
var pmx = require('pmx');
var probe = pmx.probe();

var refresh = function() {
  var mongostat = "mongostat --noheaders --port " + pmx.getConf().port + " -n 1";
  if (pmx.getConf().ip && pmx.getConf().ip !== ''){
    mongostat += ' -h ' + pmx.getConf().ip;
  }
  if (pmx.getConf().username != 0 && pmx.getConf().password != false && pmx.getConf().authDB != false) {
    mongostat += ' -u ' + pmx.getConf().username + ' -p "' + pmx.getConf().password + '" --authenticationDatabase ' + pmx.getConf().authDB;
  }

  // get ssl value
  var ssl  = pmx.getConf().ssl;
  var auth = pmx.getConf().auth;
  // here process ssl config if defined
  if (ssl !== false) {
    // enable ssl
    mongostat += ' --ssl ';
    // has ca ?
    if (ssl.ca) {
      // add command 
      mongostat += ' --sslCAFile ' + ssl.ca;
    }
    // has key ?
    if (ssl.cert) {
      // add command
      mongostat += ' --sslPEMKeyFile ' + ssl.cert;
    }
    // check identify ?
    if (!ssl.checkServerIdentity) {
      // add command
      mongostat += ' --sslAllowInvalidHostnames';
    }
  }
  // enable auth mechanism
  if (auth.authenticationMechanism !== false && auth.authenticationMechanism !== '') {
    // add command
    mongostat += ' --authenticationMechanism "' + auth.authenticationMechanism + '"';
  }

  var top_cpu_process = shelljs.exec(mongostat, { async : true, silent : false }, function(err, out) {
    if (err) {
      return console.error('Fail: could not retrieve mongostat metrics', err);
    }
    var str_info = out.replace( /[\s\n\r]+/g,' ');
    var data = str_info.split(' ');
    insert.set(data[1]);
    query.set(data[2]);
    update.set(data[3]);
    deleted.set(data[4]);
    command.set(data[6]);
    mapped.set(data[8]);
    vsize.set(data[9]);
    netIn.set(data[14]);
    netOut.set(data[15]);
    conn.set(data[16]);
  });
};

setInterval(refresh, 5000);

var insert = probe.metric({
  name: 'Insert',
  value: 'N/A'
});

var query = probe.metric({
  name: 'Query',
  value: 'N/A'
});

var update = probe.metric({
  name: 'Update',
  value: 'N/A'
});

var deleted = probe.metric({
  name: 'Delete',
  value: 'N/A'
});

var netIn = probe.metric({
  name: 'netIn',
  value: 'N/A'
});
var netOut = probe.metric({
  name: 'netOut',
  value: 'N/A'
});

var conn = probe.metric({
  name: 'Connections',
  value: 'N/A'
});

var mapped = probe.metric({
  name: 'Mapped',
  value: 'N/A'
});

var vsize = probe.metric({
  name: 'Vsize',
  value: 'N/A'
});

var command = probe.metric({
  name: 'Command',
  value: 'N/A'
});

refresh();
  • modified app.js
'use strict';

var pmx = require('pmx');
var MongoClient = require('mongodb').MongoClient;
var assert = require('assert');
var fs = require('fs');

pmx.initModule({

  widget : {

    pid : pmx.resolvePidPaths(['/var/run/mongodb.pid',
                               '/var/run/mongodb/mongodb.pid']),

          logo : 'http://mongodb.org/static/images/mongodb-logo.png',

    theme            : ['#262E35', '#222222', '#3ff', '#3ff'],

    el : {
      probes  : true,
      actions : true
    },

    block : {
      actions : false,
      issues  : false,
      meta    : true,

      main_probes : ['Insert', 'Query', 'Update', 'Delete', 'Command', 'netOut', 'netIn']
    }

  }

}, function(err, conf) {

  conf.ssl = {
   ca   : 'CA_PATH_FILE',
   cert : 'CERT_PATH_FILE',
   key  : 'KEY_PATH_FILE',
   sslValidate : true,
   checkServerIdentity : false
  };

  // default auth conf
  // maybe add here user password alreday defined on current module ?
  conf.auth = {
   authenticationMechanism : 'SCRAM-SHA-1'
  }
  // default value
  var url       = 'mongodb://' + conf.ip + ':' + conf.port + '/test';
  var options   = {};
  // add ssl property
  if (conf.ssl !== false) {
    //add ssl flag on url for mongoclient
    url += '?ssl=true';
    // Build options
    options = {
      server : {
        sslValidate : conf.ssl.sslValidate,
        checkServerIdentity : conf.ssl.checkServerIdentity
      }
    }
    // has ca ?
    if (conf.ssl.ca) {
      options.server.sslCA = [fs.readFileSync(conf.ssl.ca)]
    }
    // has key ?
    if (conf.ssl.key) {
      options.server.sslKey = fs.readFileSync(conf.ssl.key);
    }
    // has cert ?
    if (conf.ssl.cert) {
      options.server.sslCert = fs.readFileSync(conf.ssl.cert);
    }
  }

  MongoClient.connect(url, options, function(err, db) {
    assert.equal(null, err);
    console.log("Connected correctly to server.");
    db.close();
  });
  require('./lib/mongostat.js');
});

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions