commit edc8f4296a5ef78ca69883dcf84b0808d9a4b61a Author: Pim van Pelt Date: Tue Mar 24 20:30:16 2026 +0100 initial checkin diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f2a51e4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +ctlog-uptime-exporter diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..33ba419 --- /dev/null +++ b/LICENSE @@ -0,0 +1,188 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship made available under + the License, as indicated by a copyright notice that is included in + or attached to the work (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other transformations + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean, as submitted to the Licensor for inclusion + in the Work by the copyright owner or by an individual or Legal Entity + authorized to submit on behalf of the copyright owner. For the purposes + of this definition, "submitted" means any form of electronic, verbal, + or written communication sent to the Licensor or its representatives, + including but not limited to communication on electronic mailing lists, + source code control systems, and issue tracking systems that are managed + by, or on behalf of, the Licensor for the purpose of recording and + managing contributions to the Work, but excluding communication that is + conspicuously marked or designated in writing by the copyright owner as + "Not a Contribution." + + "Contributor" shall mean Licensor and any Legal Entity on behalf of + whom a Contribution has been received by the Licensor and included + within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by the combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a cross-claim + or counterclaim in a lawsuit) alleging that the Work or any Contributor + constitutes patent or contributory patent infringement, then any patent + licenses granted to You under this License for that Work shall + terminate as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or Derivative + Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, You must include a readable copy of the + attribution notices contained within such NOTICE file, in + at least one of the following places: within a NOTICE text + file distributed as part of the Derivative Works; within + the Source form or documentation, if provided along with the + Derivative Works; or, within a display generated by the + Derivative Works, if and wherever such third-party notices + normally appear. The contents of the NOTICE file are for + informational purposes only and do not modify the License. + You may add Your own attribution notices within Derivative + Works that You distribute, alongside or in addition to the + NOTICE text from the Work, provided that such additional + attribution notices cannot be construed as modifying the License. + + You may add Your own license statement for Your modifications and + may provide additional grant of rights to use, copy, modify, merge, + publish, distribute, sublicense, and/or sell copies of the + Contribution, either on an exclusive or non-exclusive basis. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or reproducing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or exemplary damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or all other + commercial damages or losses), even if such Contributor has been + advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may offer only + conditions consistent with this License and charge a reasonable + fee for such obligations. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the format in question. It may also be + appropriate to include a statement of copyright. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..0713c38 --- /dev/null +++ b/README.md @@ -0,0 +1,52 @@ +# ctlog-uptime-exporter + +A Prometheus exporter for [Certificate Transparency](https://certificate.transparency.dev/) log uptime data published by Google at: + +``` +https://www.gstatic.com/ct/compliance/endpoint_uptime_24h.csv +``` + +The CSV reports the 24-hour uptime percentage for each CT log URL broken down by operation type (`add-chain`, `get-entries`, `get-sth`, etc.). This exporter fetches that CSV on a configurable schedule and exposes the data as Prometheus metrics. + +## Metrics + +| Metric | Labels | Description | +|---|---|---| +| `ct_log_uptime_ratio` | `log_url`, `endpoint` | 24h uptime as a ratio (0–1) | +| `ct_log_uptime_fetch_success` | — | 1 if the last fetch succeeded, 0 otherwise | +| `ct_log_uptime_fetch_timestamp_seconds` | — | Unix timestamp of the last fetch attempt | + +Standard `go_*` and `process_*` metrics are also exposed. + +## Usage + +```sh +go build -o ctlog-uptime-exporter . +./ctlog-uptime-exporter +``` + +Metrics are served at `http://localhost:9781/metrics`. + +## Flags + +| Flag | Default | Description | +|---|---|---| +| `-listen` | `:9781` | Address to listen on | +| `-url` | `https://www.gstatic.com/ct/compliance/endpoint_uptime_24h.csv` | URL of the uptime CSV | +| `-interval` | `12h` | How often to fetch the CSV | +| `-jitter` | `5m` | Maximum ±jitter applied to the fetch interval | + +The exporter fetches the CSV once on startup, then repeats every `-interval` ± a random value up to `-jitter`. This avoids thundering-herd effects if multiple instances run in parallel. + +## Example Prometheus scrape config + +```yaml +scrape_configs: + - job_name: ctlog_uptime + static_configs: + - targets: ['localhost:9781'] +``` + +## License + +Apache 2.0 — see [LICENSE](LICENSE). diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..23f890c --- /dev/null +++ b/go.mod @@ -0,0 +1,16 @@ +module git.ipng.ch/certificate-transparency/ctlog-uptime-exporter + +go 1.24.6 + +require ( + github.com/beorn7/perks v1.0.1 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect + github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/prometheus/client_golang v1.23.2 // indirect + github.com/prometheus/client_model v0.6.2 // indirect + github.com/prometheus/common v0.66.1 // indirect + github.com/prometheus/procfs v0.16.1 // indirect + go.yaml.in/yaml/v2 v2.4.2 // indirect + golang.org/x/sys v0.35.0 // indirect + google.golang.org/protobuf v1.36.8 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..6e2f63e --- /dev/null +++ b/go.sum @@ -0,0 +1,21 @@ +github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= +github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= +github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h0RJWRi/o0o= +github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= +github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= +github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= +github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs= +github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA= +github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= +github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= +go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= +go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= +golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= +golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= +google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/main.go b/main.go new file mode 100644 index 0000000..c439c09 --- /dev/null +++ b/main.go @@ -0,0 +1,136 @@ +package main + +import ( + "encoding/csv" + "flag" + "fmt" + "io" + "log" + "math/rand" + "net/http" + "strconv" + "sync" + "time" + + "github.com/prometheus/client_golang/prometheus" + "github.com/prometheus/client_golang/prometheus/promhttp" +) + + +type exporter struct { + mu sync.RWMutex + uptime *prometheus.GaugeVec + fetchOk prometheus.Gauge + fetchAt prometheus.Gauge +} + +func newExporter(reg prometheus.Registerer) *exporter { + e := &exporter{ + uptime: prometheus.NewGaugeVec(prometheus.GaugeOpts{ + Name: "ct_log_uptime_ratio", + Help: "24h uptime ratio (0–1) for a CT log endpoint, sourced from gstatic.com.", + }, []string{"log_url", "endpoint"}), + fetchOk: prometheus.NewGauge(prometheus.GaugeOpts{ + Name: "ct_log_uptime_fetch_success", + Help: "1 if the last CSV fetch succeeded, 0 otherwise.", + }), + fetchAt: prometheus.NewGauge(prometheus.GaugeOpts{ + Name: "ct_log_uptime_fetch_timestamp_seconds", + Help: "Unix timestamp of the last CSV fetch attempt.", + }), + } + reg.MustRegister(e.uptime, e.fetchOk, e.fetchAt) + return e +} + +func (e *exporter) fetch(csvURL string) error { + resp, err := http.Get(csvURL) + if err != nil { + return fmt.Errorf("GET %s: %w", csvURL, err) + } + defer resp.Body.Close() + if resp.StatusCode != http.StatusOK { + return fmt.Errorf("unexpected status %s", resp.Status) + } + + r := csv.NewReader(resp.Body) + // skip header + if _, err := r.Read(); err != nil { + return fmt.Errorf("read header: %w", err) + } + + // collect new values before updating metrics + type row struct{ logURL, endpoint string; ratio float64 } + var rows []row + for { + rec, err := r.Read() + if err == io.EOF { + break + } + if err != nil { + return fmt.Errorf("read row: %w", err) + } + if len(rec) < 3 { + continue + } + pct, err := strconv.ParseFloat(rec[2], 64) + if err != nil { + log.Printf("skipping row with unparseable uptime %q: %v", rec[2], err) + continue + } + rows = append(rows, row{rec[0], rec[1], pct / 100.0}) + } + + e.mu.Lock() + defer e.mu.Unlock() + e.uptime.Reset() + for _, row := range rows { + e.uptime.WithLabelValues(row.logURL, row.endpoint).Set(row.ratio) + } + return nil +} + +func (e *exporter) run(csvURL string, interval, jitter time.Duration) { + do := func() { + e.fetchAt.SetToCurrentTime() + if err := e.fetch(csvURL); err != nil { + log.Printf("fetch error: %v", err) + e.fetchOk.Set(0) + } else { + log.Printf("fetch ok") + e.fetchOk.Set(1) + } + } + + do() + for { + delta := time.Duration(rand.Int63n(int64(2*jitter))) - jitter + sleep := interval + delta + log.Printf("next fetch in %s", sleep.Round(time.Second)) + time.Sleep(sleep) + do() + } +} + +func main() { + addr := flag.String("listen", ":9781", "address to listen on") + csvURL := flag.String("url", "https://www.gstatic.com/ct/compliance/endpoint_uptime_24h.csv", "URL of the uptime CSV") + interval := flag.Duration("interval", 12*time.Hour, "how often to fetch the CSV") + jitter := flag.Duration("jitter", 5*time.Minute, "maximum ±jitter applied to the fetch interval") + flag.Parse() + + reg := prometheus.NewRegistry() + reg.MustRegister(prometheus.NewProcessCollector(prometheus.ProcessCollectorOpts{})) + reg.MustRegister(prometheus.NewGoCollector()) + + exp := newExporter(reg) + go exp.run(*csvURL, *interval, *jitter) + + http.Handle("/metrics", promhttp.HandlerFor(reg, promhttp.HandlerOpts{})) + http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { + fmt.Fprintf(w, `metrics`) + }) + + log.Printf("listening on %s", *addr) + log.Fatal(http.ListenAndServe(*addr, nil)) +}