Currently cert-checker produces its output by printing out a multi-line fully-indented huge json blob:
|
func (r *report) dump() error { |
|
content, err := json.MarshalIndent(r, "", " ") |
|
if err != nil { |
|
return err |
|
} |
|
fmt.Fprintln(os.Stdout, string(content)) |
|
return nil |
|
} |
It prints this directly to stdout, bypassing the configured logger (probably because syslog would mangle the multi-line json). Also, it doesn't collect any prometheus metrics, because it's a shortlived process that might not be scraped during its runtime.
But internally, we have a python wrapper that:
- Runs cert-checker and captures its stdout
- Parses the JSON and re-emits it in a different format to a configured logger
- Produces prometheus metrics based on the count of good and bad certificates found
- Pushes those metrics to a prometheus endpoint, which it discovers via consul service lookup
We can do all of those things directly in Boulder! While the python script may have been helpful in a time before consul service discovery, it doesn't seem like it serves any critical purpose anymore. Let's improve cert-checker's audit log and metric output, so the wrapper is no longer necessary.
Currently cert-checker produces its output by printing out a multi-line fully-indented huge json blob:
boulder/cmd/cert-checker/main.go
Lines 71 to 78 in c62e796
It prints this directly to stdout, bypassing the configured logger (probably because syslog would mangle the multi-line json). Also, it doesn't collect any prometheus metrics, because it's a shortlived process that might not be scraped during its runtime.
But internally, we have a python wrapper that:
We can do all of those things directly in Boulder! While the python script may have been helpful in a time before consul service discovery, it doesn't seem like it serves any critical purpose anymore. Let's improve cert-checker's audit log and metric output, so the wrapper is no longer necessary.