Fix README.md

.coveragerc

@@ -17,7 +17,7 @@ exclude_lines =
     if 0:
     if __name__ == .__main__.:
 source =
-    ./certcheck/
+    ./check_cert/
 
 
 [html]

.gitignore

@@ -1,5 +1,8 @@
 *.pyc
 /.coverage
 /build*
-certcheck.egg-info/*
+check_cert.egg-info/*
 debian/files
+*.swp
+debian/check-cert*
+.pybuild/

.travis.yml

@@ -0,0 +1,12 @@
+language: python
+python:
+  - "2.7"
+install: "pip install -r requirements.txt --use-mirrors"
+script: "./run_tests.py"
+before_script:
+  - wget https://github.com/vespian/pymisc/archive/1.2.0.tar.gz -O /tmp/pymisc-1.2.0.tar.gz
+  - tar -xvf /tmp/pymisc-1.2.0.tar.gz -C /tmp/
+  - cd /tmp/pymisc-1.2.0/
+  - pip install -r ./requirements.txt --use-mirrors
+  - ./setup.py install
+  - cd $TRAVIS_BUILD_DIR

README.md

@@ -1,22 +1,32 @@
-# _Certchecker_
+# _check_cert_
 
-_Certchecker is a certificate expiration check capable of scanning GIT repos
-and sending data on expiring/expired certificates back to the monitoring system
-(currently only Riemann)._
+[![Build
+Status](https://travis-ci.org/vespian/check-cert.svg?branch=master)](https://travis-ci.org/vespian/check-cert)
+
+_check_cert is a certificate expiration check capable of scanning GIT repos
+and sending data on expiring/expired certificates back to the monitoring system._
 
 ## Project Setup
 
-In order to run certchecker you need to following dependencies installed:
-- Bernhard - Riemann client library (https://github.com/banjiewen/bernhard)
-- Google's protobuf library
-- yaml bindings for python (http://pyyaml.org/)
-- Dulwich - python implementation of GIT (https://www.samba.org/~jelmer/dulwich/docs/)
-- ssh command in your PATH
-- argparse library
+In order to run check_cert you need to have following dependencies installed:
+* Dulwich - python implementation of GIT (https://www.samba.org/~jelmer/dulwich/docs/)
+* *ssh* command in your PATH
+* argparse library
+* pyOpenSSL (https://launchpad.net/pyopenssl/)
+* pymisc (https://github.com/vespian/pymisc)
+* python 2.6 or 2.7
+* dulwich library
 
 You can also use debian packaging rules from debian/ directory to build a deb
 package.
 
+Unfortunatelly, dulwich library is broken on wheezy:
+
+https://bugs.launchpad.net/dulwich/+bug/1326213
+
+so the script depends on the newest version (0.9.7) even though 0.8.5 is
+sufficient when it comes to functionality.
+
 ## Usage
 
 ### Configuration
@@ -25,7 +35,7 @@ Actions taken by the script are determined by its command line and the
 configuration file. The command line has a build-in help system:
 
 ```
-usage: certcheck [-h] [--version] -c CONFIG_FILE [-v] [-s] [-d]
+usage: check_cert [-h] [--version] -c CONFIG_FILE [-v] [-s] [-d]
 
 Simple certificate expiration check
 
@@ -45,9 +55,12 @@ The configuration file is a plain YAML document. It's syntax is as follows:
 
 ```
 ---
-lockfile: /tmp/certcheck.lock
-warn_treshold: 30
-critical_treshold: 15
+#Global
+lockfile: /tmp/check_cert.lock
+
+#Riemann related:
+riemann_enabled: False
+riemann_ttl: 60
 riemann_hosts:
   static:
     - 192.168.122.16:5555:udp
@@ -57,19 +70,28 @@ riemann_hosts:
     - _riemann._udp
 riemann_tags:
   - production
-  - class::certcheck
-repo_host: git.example.net
+  - class::check_cert
+
+#Nagios related:
+nrpe_enabled: True
+
+#Repository related:
+repo_host: git.example.com
 repo_port: 22
-repo_url: /example-repo
+repo_url: /sample-repo
 repo_masterbranch: refs/heads/production
-repo_localdir: /tmp/certcheck-temprepo
-repo_user: certcheck
-repo_pubkey: ./certcheck_id_rsa
- # format - dict, hash as a key, and value as a comment
- # sha1sum ./certificate_to_be_ignored
+repo_localdir: /tmp/check_cert-temprepo
+repo_user: check_cert
+repo_pubkey: /home/vespian/work/tmp_tickets/cert_check/check_cert_id_rsa
+
+#Check related:
+warn_treshold: 30
+critical_treshold: 15
+# sha1sum ./certificate_to_be_ignored
+# format - dict, hash as a key, and value as a comment
 ignored_certs:
-  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa: "some VPN key"
-  bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb: "some unused certificate"
+  aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa: "cert a"
+  bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb: "cert b"
 ```
 
 ### Operation
@@ -84,9 +106,9 @@ The connection is established using the $repo_pubkey pubkey, and the $repo_user
 itself should have very limited privileges.
 
 Next, the repository is scanned in search of files ending with one of the
-certcheck:CERTIFICATE_EXTENSIONS extensions. Currently all possible
+check_cert:CERTIFICATE_EXTENSIONS extensions. Currently all possible
 certificate extensions are listed but only ['pem', 'crt', 'cer'] are currently
-supported (see certcheck:get_cert_expiration method). For the remaing ones
+supported (see check_cert:get_cert_expiration method). For the remaing ones
 only a warning is issued.
 
 For each certificate found a sha1sum is computed, and if the result is found in
@@ -99,33 +121,30 @@ $warn_tresh but more than $critical_tresh - a "warning" partial status is gene-
 rated. Unsuported certificate yields an 'unknown' state and expired ones of
 course the 'critical'.
 
-All the 'partial status' updates are agregated and each message can only ele-
-vate up the final status of the metric send to Riemann. Currently, the hierar-
-chy is as follows:
+All the 'partial status' updates are agregated by the 'pymisc' library and
+each message can only elevate up the final status of the metric send to
+monitoring system. Currently, the hierarchy is as follows:
 
        (lowest)ok->warn->critical->unknown(highest)
 
 script errors, exceptions and unexcpected conditions result in imidiate elevation
 to 'unknown' status and sending the metric to monitoring system ASAP if only
 possible.
 
-IP addresses/ports of the Riemann instances can be defined in two ways:
- * statically, by providing a list of riemann instances in $riemann_servers
-   var. The format of the list entry is hostname:port:proto. 'proto' can be one
-   of 'udp' or 'tcp'.
- * by providing a SRV record, i.e. '_riemann._udp'. All the values
-   (host, port) will be resolved automatically. Protocol is chosen basing on
-   the SRV entry itself.
-
-The final metric is send to *all* Riemann instances with TTL equal to
-certcheck:DATA_TTL == 25 hours.
+Interfacing with monitoring system is done by pymisc. Following options are
+passed directly to the library. Please see pymisc's documentation for
+information on their meaning:
+* $riemann_enabled
+* $riemann_ttl
+* $riemann_hosts
+* $riemann_tags
+* $nrpe_enabled
 
 ### Maintenance
 
 In order to not to let the "$repo_tmpdir/repository" repository grow endlessly
-a 'git gc' command should be executed once a day by i.e. a cronjob. It should
+a 'git gc' command should be executed once a day by i.e. a cronjob. It will
 repack all the packs and remove dangling objects.
-Please see the doc/USAGE.md file for details.
 
 ## Contributing
 
@@ -144,7 +163,7 @@ test/ directory you can find:
 Unittests can be started either by using *nosetest* command:
 
 ```
-certcheck/ (master✗) # nosetests
+check_cert/ (master✗) # nosetests
 [20:33:02]
 ......
 ----------------------------------------------------------------------
@@ -156,7 +175,7 @@ OK
 or by issuing the *run_tests.py* command:
 
 ```
-certcheck/ (master✗) # run_tests.py
+check_cert/ (master✗) # run_tests.py
 [20:33:04]
 Created test certificate expired_3_days.pem
 Created test certificate expire_6_days.pem

bin/certcheck → bin/check_cert

@@ -14,10 +14,10 @@
 # License for the specific language governing permissions and limitations under
 # the License.
 
-import certcheck
+import check_cert
 
 
 if __name__ == '__main__':
-    args_dict = certcheck.parse_command_line()
+    args_dict = check_cert.parse_command_line()
 
-    certcheck.main(**args_dict)
+    check_cert.main(**args_dict)