vROps Dashboard – SSL TLS Certificate Days Remaining Checker

vROps Dashboard – SSL TLS Certificate Days Remaining Checker

Full credit to Thomas Kopton for creating the script and how to blog post “Checking SSL/TLS Certificate Validity Period using vRealize Operations and End Point Operations Agent. Please read his post first.
All I did was create a view and colorful dashboard. Feel free to cherry pick away to meet your own creative ideas/business needs.

A big thanks to him to help me troubleshoot why his script would run via command line, but not provide the amount of days in vROps. Hint – the folder and script was uploaded by root and needed to be owned by epops.

Using a CentOS 7 VM – 3.10.0-957.12.2.el7.x86_64 #1 SMP Tue May 14 21:24:32 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
vROps – vRealize Operations Manager – Version 7.5.0.13165949 Build 13165949

SSH into the Centos box as root. SCP the .rpm from the VMW download page. cd/tmp

rpm -i vRealize-Endpoint-Operations-Management-Agent-x86-64-linux-7.5.0-13055136.rpm

Edit the 4 lines in
vi /opt/vmware/epops-agent/conf/agent.properties
agent.setup.serverIP=vrops.my.lab

agent.setup.serverSSLPort=443
agent.setup.serverLogin=admin
agent.setup.serverPword=VMware1!

service epops-agent start

Proof the password is hashed.
cat /opt/vmware/epops-agent/conf/agent.properties | grep agent.setup.serverPword=

Create a “scripts” folder in /opt/vmware/epops-agent/ Ensure the epops user has owner rights that propagates down. See the troubleshooting tab if you do NOT do this.
Copy getSSLRemainigDays.sh into /opt/vmware/epops-agent/scripts and chmod it to 0755
See SSLCheckFiles.zip-master.zip https://code.vmware.com/samples/5770/checking-ssl-tls-certificate-validity-period-using-vrealize-operations-and-end-point-operations-agent

./getSSLRemainigDays.sh vcsa1.my.lab 443
Validate both files in /opt/vmware/epops-agent/scripts are owned by the epops user.

Environment / All Objects / Linux / vm name with the agent / actions / monitor OS object / add monitor script.
path – /opt/vmware/epops-agent/scripts/getSSLRemainigDays.sh
args – vcsa1.my.lab 443
Collection Interval (Minutes) – 720 (12 hours) – I set to 5 mins just to have more plots points for the dashboard.

Repeat for each URL.

Again, the cause of this was the scripts folder was created the root user. The folder and the 2 files in it need to be owned by the epops user.

ls -la /opt/vmware/epops-agent/scripts/getSSLRemainigDays.sh
tail -10 /opt/vmware/epops-agent/log/agent.log

12-06-2019 02:23:06,737 MDT WARN [pool-1-thread-14] [ExecutableProcess] [/opt/vmware/epops-agent/scripts/getSSLRemainigDays.sh, vcsa1.my.lab, 443]: /opt/vmware/epops-agent/scripts/getSSLRemainigDays.sh: line 14: 0: Permission denied

Policy to to “Local”. Note – The default of inherent should work. This was changed as a troubleshooting step.

Create a new View
List
Subject – Script
Metrics – UTILIZATION|Result Value Labeled as Days Left
Direction – Ascending
Yellow – 300 Orange 200 – Red 100 (change to what makes sense. I wanted to show how 185 days looks)
Preview Source – the Centos VMs

Create a new Dashboard with the Health Widget
Refresh Content – On
Self Provider – On
Chart Height – Small
Add New Metric – Custom – Filter for Script – Add UTILIZATION|Result Value
Custom Range – 300 200 100 (change to what makes sense. I wanted to show how 185 days looks)
Input data – Search for script and select all.
Input Transformation – Default of self.

Add a “List” View.
Refresh Content – On
Self Provider – On
Search for the View created in the last step.
Input Data – Object is the centos box.

You can see I renewed the cert on the ESXi host (looking at the 1st tab final dashboard)

Setup

Full credit to Thomas Kopton for creating the script and how to blog post “Checking SSL/TLS Certificate Validity Period using vRealize Operations and End Point Operations Agent. Please read his post first.
All I did was create a view and colorful dashboard. Feel free to cherry pick away to meet your own creative ideas/business needs.

A big thanks to him to help me troubleshoot why his script would run via command line, but not provide the amount of days in vROps. Hint – the folder and script was uploaded by root and needed to be owned by epops.

Using a CentOS 7 VM – 3.10.0-957.12.2.el7.x86_64 #1 SMP Tue May 14 21:24:32 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
vROps – vRealize Operations Manager – Version 7.5.0.13165949 Build 13165949

EPOps

SSH into the Centos box as root. SCP the .rpm from the VMW download page. cd/tmp

rpm -i vRealize-Endpoint-Operations-Management-Agent-x86-64-linux-7.5.0-13055136.rpm

Edit the 4 lines in
vi /opt/vmware/epops-agent/conf/agent.properties
agent.setup.serverIP=vrops.my.lab

agent.setup.serverSSLPort=443
agent.setup.serverLogin=admin
agent.setup.serverPword=VMware1!

service epops-agent start

Proof the password is hashed.
cat /opt/vmware/epops-agent/conf/agent.properties | grep agent.setup.serverPword=

WinSCP

Create a “scripts” folder in /opt/vmware/epops-agent/ Ensure the epops user has owner rights that propagates down. See the troubleshooting tab if you do NOT do this.
Copy getSSLRemainigDays.sh into /opt/vmware/epops-agent/scripts and chmod it to 0755
See SSLCheckFiles.zip-master.zip https://code.vmware.com/samples/5770/checking-ssl-tls-certificate-validity-period-using-vrealize-operations-and-end-point-operations-agent

./getSSLRemainigDays.sh vcsa1.my.lab 443
Validate both files in /opt/vmware/epops-agent/scripts are owned by the epops user.

Monitor Script

Environment / All Objects / Linux / vm name with the agent / actions / monitor OS object / add monitor script.
path – /opt/vmware/epops-agent/scripts/getSSLRemainigDays.sh
args – vcsa1.my.lab 443
Collection Interval (Minutes) – 720 (12 hours) – I set to 5 mins just to have more plots points for the dashboard.

Repeat for each URL.

Troubleshooting

Again, the cause of this was the scripts folder was created the root user. The folder and the 2 files in it need to be owned by the epops user.

ls -la /opt/vmware/epops-agent/scripts/getSSLRemainigDays.sh
tail -10 /opt/vmware/epops-agent/log/agent.log

12-06-2019 02:23:06,737 MDT WARN [pool-1-thread-14] [ExecutableProcess] [/opt/vmware/epops-agent/scripts/getSSLRemainigDays.sh, vcsa1.my.lab, 443]: /opt/vmware/epops-agent/scripts/getSSLRemainigDays.sh: line 14: 0: Permission denied

Policy to to “Local”. Note – The default of inherent should work. This was changed as a troubleshooting step.

View

Create a new View
List
Subject – Script
Metrics – UTILIZATION|Result Value Labeled as Days Left
Direction – Ascending
Yellow – 300 Orange 200 – Red 100 (change to what makes sense. I wanted to show how 185 days looks)
Preview Source – the Centos VMs

Dashboard

Create a new Dashboard with the Health Widget
Refresh Content – On
Self Provider – On
Chart Height – Small
Add New Metric – Custom – Filter for Script – Add UTILIZATION|Result Value
Custom Range – 300 200 100 (change to what makes sense. I wanted to show how 185 days looks)
Input data – Search for script and select all.
Input Transformation – Default of self.

Add a “List” View.
Refresh Content – On
Self Provider – On
Search for the View created in the last step.
Input Data – Object is the centos box.

You can see I renewed the cert on the ESXi host (looking at the 1st tab final dashboard)

Menu