Skip to content

Latest commit

 

History

History
164 lines (139 loc) · 7.36 KB

README.md

File metadata and controls

164 lines (139 loc) · 7.36 KB

X-Road-scripts

Python2 is no longer supported. You can find previous scripts with Python2 support under py2 branch.

This repository contains helper scripts that can simplify usage and administration of X-Road.

Provided scripts support TLS authentication with Security Server. Self-signed key and certificate can be created with openssl:

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

If Security Server requires TLS authentication then you can add your TLS certificate in Security Server administration interface: MEMBER/SUBSYSTEM -> Internal Servers -> INTERNAL TLS CERTIFICATES

Scripts were tested with Python 3.8 (Ubuntu 20.04 LTS) and Python 3.10 (Ubuntu 22.04 LTS)

Messagelog:

cat_mlog.sh - This script prints the contents of archived X-Road messagelog files to STDOUT. Therefore, providing a way to "grep" the contents of messagelog files.

cat_mlog_st.sh - Slower version of cat_mlog.sh that additionally outputs message SigningTime.

Global Configuration and Metadata services

xrdinfo - Python module that can be imported and used in any Python3 application. It implements the following:

  • Loading of global configuration from Security Server, Central Server, or Configuration Proxy.
  • Parsing of shared_params.xml and returning various elements.
  • Handling of listMethods and allowedMethods X-Road requests for SOAP.
  • Handling of listMethods and allowedMethods X-Road requests for REST.
  • Handling of getWsdl X-Road requests.
  • Handling of getOpenApi X-Road requests.
  • Listing endpoints from OpenAPI documents.

xrdinfo module can be installed using pip:

# From checked out repository
pip install xrdinfo-src/
# Or directly from github
pip install 'xrdinfo @ git+https://github.com/ria-ee/X-Road-scripts.git@main#subdirectory=xrdinfo-src'

There are also some scripts that use xrdinfo module. Note that output identifiers consist of slash separated Percent-Encoded parts to be compatible with X-Road REST identifiers:

Health and Environment monitoring

metrics.py - X-Road Health and Environment monitoring collector for Zabbix. Can be used by:

  • Central monitoring to collect Environmental and Health data about all Security Servers in X-Road instance.
  • Security Server owners to collect Environmental data of their Security Server.
  • X-Road members to collect other members Health data.

When using MySQL as Zabbix database pay attention to Zabbix installation guide! You need to use "character set utf8mb4 collate utf8mb4_bin" database creation parameters because service names and versions are case-sensitive in X-Road and "service.v1" is not equal to "Service.V1".

NB! Tested with Zabbix 6.0 LTS.

zabbix_cron.sh - Sample shell script that can be executed from crontab to periodically collect the data.

Use the provided examples to create your configuration file:

Environment monitoring is using Zabbix template envmon_template.xml that should be imported into Zabbix prior to execution of the collector.

Collector requires py-zabbix package which can be installed with:

sudo pip install py-zabbix

Miscellaneous

rights_given.py - Can be executed inside Security Server to display the list of Access Rights granted. Time is displayed in local timezone. This script is using psycopg2 python module that can be installed with the following command:

sudo apt-get install python3-psycopg2

The result is in CSV format and is outputted to STDOUT.

Usage:

sudo su xroad -c "python3 rights_given.py" > rights.csv

oldest_log_without_timestamp.py - Can be executed inside Security Server to display time of the oldest message that was not timestamped. Returns nothing if all messages are timestamped. This script is using psycopg2 python module. Returns time in UTC.

last_successful_message.py - Can be executed inside Operational Monitoring machine (by default Security Server machine) to display time of the last successful message. This script is using psycopg2 python module. Returns time in UTC.

certs_expiration.py - Can be executed inside Security Server to display expiration dates of all active and registered certificates. Returns time in UTC.

ocsp_produced.py - Can be executed inside Security Server to display OCSP production time (the time of OCSP response production) for all active and registered certificates. Returns "ERROR" if ocsp response is not found. Returns time in UTC.

globalconf_expiration.py - Can be executed inside Security Server to display expiration times of global configuration parts.

updated_hosts.py - Can be used to check how many hosts in Zabbix were updated recently. Zabbix URL and credentials can be passed as command line arguments or via configuration file. Example configuration file: updated_hosts.cfg_example.