From cddae4aba5179dbd7c2c635b49eda4e086c08c78 Mon Sep 17 00:00:00 2001 From: "Costa Tsaousis (ktsaou)" Date: Wed, 3 Jan 2018 00:26:09 +0200 Subject: added libreswan charts.d plugin --- charts.d/Makefile.am | 1 + charts.d/README.md | 293 +++++++++++++++++++++++------------------ charts.d/libreswan.chart.sh | 166 +++++++++++++++++++++++ conf.d/Makefile.am | 1 + conf.d/charts.d/libreswan.conf | 25 ++++ 5 files changed, 361 insertions(+), 125 deletions(-) create mode 100644 charts.d/libreswan.chart.sh create mode 100644 conf.d/charts.d/libreswan.conf diff --git a/charts.d/Makefile.am b/charts.d/Makefile.am index 85bcef3cfd..104ba86afa 100644 --- a/charts.d/Makefile.am +++ b/charts.d/Makefile.am @@ -16,6 +16,7 @@ dist_charts_DATA = \ example.chart.sh \ exim.chart.sh \ hddtemp.chart.sh \ + libreswan.chart.sh \ load_average.chart.sh \ mem_apps.chart.sh \ mysql.chart.sh \ diff --git a/charts.d/README.md b/charts.d/README.md index 37c9d22ec3..748af08a1b 100644 --- a/charts.d/README.md +++ b/charts.d/README.md @@ -1,5 +1,76 @@ The following charts.d plugins are supported: +--- + +# hddtemp + +The plugin will collect temperatures from disks + +It will create one chart with all active disks + +1. **temperature in Celsius** + +### configuration + +hddtemp needs to be running in daemonized mode + +```sh +# host with daemonized hddtemp +hddtemp_host="localhost" + +# port on which hddtemp is showing data +hddtemp_port="7634" + +# array of included disks +# the default is to include all +hddtemp_disks=() +``` + +--- + +# libreswan + +The plugin will collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels. + +The following charts are created, **per tunnel**: + +1. **Uptime** + + * the uptime of the tunnel + +2. **Traffic** + + * bytes in + * bytes out + +### configuration + +Its config file is `/etc/netdata/charts.d/libreswan.conf`. + +The plugin executes 2 commands to collect all the information it needs: + +```sh +ipsec whack --status +ipsec whack --trafficstatus +``` + +The first command is used to extract the currently established tunnels, their IDs and their names. +The second command is used to extract the current uptime and traffic. + +Most probably user `netdata` will not be able to query libreswan, so the `ipsec` commands will be denied. +The plugin attempts to run `ipsec` as `sudo ipsec ...`, to get access to libreswan statistics. + +To allow user `netdata` execute `sudo ipsec ...`, create the file `/etc/sudoers.d/netdata` with this content: + +``` +netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --status +netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --trafficstatus +``` + +Make sure the path `/sbin/ipsec` matches your setup (execute `which ipsec` to find the right path). + +--- + # mysql The plugin will monitor one or more mysql servers @@ -76,67 +147,89 @@ The above sets the mysql command only for server2. server1 will use the system d If no configuration is given, the plugin will attempt to connect to mysql server at localhost. + --- -# squid +# nut -The plugin will monitor a squid server. +The plugin will collect UPS data for all UPSes configured in the system. -It will produce 4 charts: +The following charts will be created: -1. **Squid Client Bandwidth** in kbps +1. **UPS Charge** - * in - * out - * hits + * percentage changed -2. **Squid Client Requests** in requests/sec +2. **UPS Battery Voltage** - * requests - * hits - * errors + * current voltage + * high voltage + * low voltage + * nominal voltage -3. **Squid Server Bandwidth** in kbps +3. **UPS Input Voltage** - * in - * out + * current voltage + * fault voltage + * nominal voltage -4. **Squid Server Requests** in requests/sec +4. **UPS Input Current** - * requests - * errors + * nominal current -### autoconfig +5. **UPS Input Frequency** -The plugin will by itself detect squid servers running on -localhost, on ports 3128 or 8080. + * current frequency + * nominal frequency -It will attempt to download URLs in the form: +6. **UPS Output Voltage** -- `cache_object://HOST:PORT/counters` -- `/squid-internal-mgr/counters` + * current voltage + +7. **UPS Load** + + * current load + +8. **UPS Temperature** + + * current temperature -If any succeeds, it will use this. ### configuration -If you need to configure it by hand, create the file -`/etc/netdata/squid.conf` with the following variables: +This is the internal default for `/etc/netdata/nut.conf` -- `squid_host=IP` the IP of the squid host -- `squid_port=PORT` the port the squid is listening -- `squid_url="URL"` the URL with the statistics to be fetched from squid -- `squid_timeout=SECONDS` how much time we should wait for squid to respond -- `squid_update_every=SECONDS` the frequency of the data collection +```sh +# a space separated list of UPS names +# if empty, the list returned by 'upsc -l' will be used +nut_ups= -Example `/etc/netdata/squid.conf`: +# how frequently to collect UPS data +nut_update_every=2 +``` + +--- + +# postfix + +The plugin will collect the postfix queue size. + +It will create two charts: + +1. **queue size in emails** +2. **queue size in KB** + +### configuration + +This is the internal default for `/etc/netdata/postfix.conf` ```sh -squid_host=127.0.0.1 -squid_port=3128 -squid_url="cache_object://127.0.0.1:3128/counters" -squid_timeout=2 -squid_update_every=5 +# the postqueue command +# if empty, it will use the one found in the system path +postfix_postqueue= + +# how frequently to collect queue size +postfix_update_every=15 ``` --- @@ -189,113 +282,63 @@ sensors_excluded=() --- -# hddtemp - -The plugin will collect temperatures from disks - -It will create one chart with all active disks - -1. **temperature in Celsius** - -### configuration - -hddtemp needs to be running in daemonized mode - -```sh -# host with daemonized hddtemp -hddtemp_host="localhost" - -# port on which hddtemp is showing data -hddtemp_port="7634" - -# array of included disks -# the default is to include all -hddtemp_disks=() -``` - ---- - -# postfix - -The plugin will collect the postfix queue size. - -It will create two charts: - -1. **queue size in emails** -2. **queue size in KB** - -### configuration - -This is the internal default for `/etc/netdata/postfix.conf` - -```sh -# the postqueue command -# if empty, it will use the one found in the system path -postfix_postqueue= - -# how frequently to collect queue size -postfix_update_every=15 -``` - ---- - -# nut - -The plugin will collect UPS data for all UPSes configured in the system. - -The following charts will be created: +# squid -1. **UPS Charge** +The plugin will monitor a squid server. - * percentage changed +It will produce 4 charts: -2. **UPS Battery Voltage** +1. **Squid Client Bandwidth** in kbps - * current voltage - * high voltage - * low voltage - * nominal voltage + * in + * out + * hits -3. **UPS Input Voltage** +2. **Squid Client Requests** in requests/sec - * current voltage - * fault voltage - * nominal voltage + * requests + * hits + * errors -4. **UPS Input Current** +3. **Squid Server Bandwidth** in kbps - * nominal current + * in + * out -5. **UPS Input Frequency** +4. **Squid Server Requests** in requests/sec - * current frequency - * nominal frequency + * requests + * errors -6. **UPS Output Voltage** +### autoconfig - * current voltage +The plugin will by itself detect squid servers running on +localhost, on ports 3128 or 8080. -7. **UPS Load** +It will attempt to download URLs in the form: - * current load +- `cache_object://HOST:PORT/counters` +- `/squid-internal-mgr/counters` -8. **UPS Temperature** +If any succeeds, it will use this. - * current temperature +### configuration +If you need to configure it by hand, create the file +`/etc/netdata/squid.conf` with the following variables: -### configuration +- `squid_host=IP` the IP of the squid host +- `squid_port=PORT` the port the squid is listening +- `squid_url="URL"` the URL with the statistics to be fetched from squid +- `squid_timeout=SECONDS` how much time we should wait for squid to respond +- `squid_update_every=SECONDS` the frequency of the data collection -This is the internal default for `/etc/netdata/nut.conf` +Example `/etc/netdata/squid.conf`: ```sh -# a space separated list of UPS names -# if empty, the list returned by 'upsc -l' will be used -nut_ups= - -# how frequently to collect UPS data -nut_update_every=2 +squid_host=127.0.0.1 +squid_port=3128 +squid_url="cache_object://127.0.0.1:3128/counters" +squid_timeout=2 +squid_update_every=5 ``` - ---- - diff --git a/charts.d/libreswan.chart.sh b/charts.d/libreswan.chart.sh new file mode 100644 index 0000000000..61d935adee --- /dev/null +++ b/charts.d/libreswan.chart.sh @@ -0,0 +1,166 @@ +# no need for shebang - this file is loaded from charts.d.plugin + +# netdata +# real-time performance and health monitoring, done right! +# (C) 2018 Costa Tsaousis +# GPL v3+ +# + +# _update_every is a special variable - it holds the number of seconds +# between the calls of the _update() function +libreswan_update_every=1 + +# the priority is used to sort the charts on the dashboard +# 1 = the first chart +libreswan_priority=90000 + +# set to 1, to run ipsec with sudo +libreswan_sudo=1 + +# global variables to store our collected data + +# [TUNNELID] = TUNNELNAME +# here we track the *latest* established tunnels +# as detected by: ipsec whack --status +declare -A libreswan_connected_tunnels=() + +# [TUNNELID] = VALUE +# here we track values of all established tunnels (not only the latest) +# as detected by: ipsec whack --trafficstatus +declare -A libreswan_traffic_in=() +declare -A libreswan_traffic_out=() +declare -A libreswan_established_add_time=() + +# [TUNNELNAME] = CHARTID +# here we remember CHARTIDs of all tunnels +# we need this to avoid converting tunnel names to chart IDs on every iteration +declare -A libreswan_tunnel_charts=() + +# run the ipsec command +libreswan_ipsec() { + if [ ${libreswan_sudo} -ne 0 ] + then + sudo -n "${IPSEC_CMD}" "${@}" + return $? + else + "${IPSEC_CMD}" "${@}" + return $? + fi +} + +# fetch latest values - fill the arrays +libreswan_get() { + # do all the work to collect / calculate the values + # for each dimension + + # empty the variables + libreswan_traffic_in=() + libreswan_traffic_out=() + libreswan_established_add_time=() + libreswan_connected_tunnels=() + + # convert the ipsec command output to a shell script + # and source it to get the values + source <( + { + libreswan_ipsec whack --status; + libreswan_ipsec whack --trafficstatus; + } | sed -n \ + -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\".*IPsec SA established.*newest IPSEC.*|libreswan_connected_tunnels[\"\1\"]=\"\2\"|p" \ + -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\",.* add_time=\([0-9]\+\),.* inBytes=\([0-9]\+\),.* outBytes=\([0-9]\+\).*|libreswan_traffic_in[\"\1\"]=\"\4\"; libreswan_traffic_out[\"\1\"]=\"\5\"; libreswan_established_add_time[\"\1\"]=\"\3\";|p" + ) || return 1 + + # check we got some data + [ ${#libreswan_connected_tunnels[@]} -eq 0 ] && return 1 + + return 0 +} + +# _check is called once, to find out if this chart should be enabled or not +libreswan_check() { + # this should return: + # - 0 to enable the chart + # - 1 to disable the chart + + require_cmd ipsec || return 1 + + # check that we can collect data + libreswan_get || return 1 + + return 0 +} + +# create the charts for an ipsec tunnel +libreswan_create_one() { + local n="${1}" name + + name="${libreswan_connected_tunnels[${n}]}" + + [ ! -z "${libreswan_tunnel_charts[${name}]}" ] && return 0 + + libreswan_tunnel_charts[${name}]="$(fixid "${name}")" + + cat < +# GPL v3+ +# + +# the data collection frequency +# if unset, will inherit the netdata update frequency +#libreswan_update_every=1 + +# the charts priority on the dashboard +#libreswan_priority=90000 + +# set to 1, to run ipsec with sudo (the default) +# set to 0, to run ipsec without sudo +#libreswan_sudo=1 + +# TO ALLOW NETDATA RUN ipsec AS ROOT +# CREATE THE FILE: /etc/sudoers.d/netdata +# WITH THESE 2 LINES (uncommented of course): +# +# netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --status +# netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --trafficstatus -- cgit v1.2.3