diff options
| -rw-r--r-- | data/templates/monitoring/override.conf.tmpl | 2 | ||||
| -rw-r--r-- | data/templates/monitoring/telegraf.tmpl | 20 | ||||
| -rw-r--r-- | interface-definitions/include/username.xml.i | 11 | ||||
| -rw-r--r-- | interface-definitions/service_monitoring_telegraf.xml.in | 79 | ||||
| -rwxr-xr-x | src/conf_mode/service_monitoring_telegraf.py | 22 |
5 files changed, 128 insertions, 6 deletions
diff --git a/data/templates/monitoring/override.conf.tmpl b/data/templates/monitoring/override.conf.tmpl index f8f150791..00dbc63a0 100644 --- a/data/templates/monitoring/override.conf.tmpl +++ b/data/templates/monitoring/override.conf.tmpl @@ -2,6 +2,8 @@ After=vyos-router.service ConditionPathExists=/run/telegraf/vyos-telegraf.conf [Service] +{% if influxdb_configured is defined %} Environment=INFLUX_TOKEN={{ authentication.token }} +{% endif %} CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN diff --git a/data/templates/monitoring/telegraf.tmpl b/data/templates/monitoring/telegraf.tmpl index cf33eec4e..f80dc5f45 100644 --- a/data/templates/monitoring/telegraf.tmpl +++ b/data/templates/monitoring/telegraf.tmpl @@ -14,12 +14,30 @@ logfile = "" hostname = "" omit_hostname = false +{% if influxdb_configured is defined %} [[outputs.influxdb_v2]] urls = ["{{ url }}:{{ port }}"] insecure_skip_verify = true token = "$INFLUX_TOKEN" organization = "{{ authentication.organization }}" bucket = "{{ bucket }}" +{% endif %} +{% if prometheus_client is defined %} + [[outputs.prometheus_client]] + ## Address to listen on + listen = "{{ prometheus_client.listen_address if prometheus_client.listen_address is defined else '' }}:{{ prometheus_client.port }}" + metric_version = {{ prometheus_client.metric_version }} +{% if prometheus_client.authentication is defined %} +{% if prometheus_client.authentication.username is defined and prometheus_client.authentication.username is not none and prometheus_client.authentication.password is defined and prometheus_client.authentication.password is not none %} + ## Use HTTP Basic Authentication + basic_username = "{{ prometheus_client.authentication.username }}" + basic_password = "{{ prometheus_client.authentication.password }}" +{% endif %} +{% endif %} +{% if prometheus_client.allow_from is defined and prometheus_client.allow_from is not none %} + ip_range = {{ prometheus_client.allow_from }} +{% endif %} +{% endif %} [[inputs.cpu]] percpu = true totalcpu = true @@ -50,6 +68,7 @@ server = "unixgram:///run/telegraf/telegraf_syslog.sock" best_effort = true syslog_standard = "RFC3164" +{% if influxdb_configured is defined %} [[inputs.exec]] commands = [ "{{ custom_scripts_dir }}/show_firewall_input_filter.py", @@ -58,3 +77,4 @@ ] timeout = "10s" data_format = "influx" +{% endif %} diff --git a/interface-definitions/include/username.xml.i b/interface-definitions/include/username.xml.i new file mode 100644 index 000000000..2263ec08d --- /dev/null +++ b/interface-definitions/include/username.xml.i @@ -0,0 +1,11 @@ +<!-- include start from username.xml.i --> +<leafNode name="username"> + <properties> + <help>Authentication username</help> + <constraint> + <regex>^[-_a-zA-Z0-9.]{1,100}</regex> + </constraint> + <constraintErrorMessage>Illegal characters or more than 100 characters</constraintErrorMessage> + </properties> +</leafNode> +<!-- include end --> diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in index 81ba67430..b38e0dd51 100644 --- a/interface-definitions/service_monitoring_telegraf.xml.in +++ b/interface-definitions/service_monitoring_telegraf.xml.in @@ -85,6 +85,85 @@ </properties> <defaultValue>all</defaultValue> </leafNode> + <node name="prometheus-client"> + <properties> + <help>Output plugin Prometheus client</help> + </properties> + <children> + <node name="authentication"> + <properties> + <help>HTTP basic authentication parameters</help> + </properties> + <children> + #include <include/username.xml.i> + <leafNode name="password"> + <properties> + <help>Authentication password</help> + <valueHelp> + <format>txt</format> + <description>Authentication password</description> + </valueHelp> + </properties> + </leafNode> + </children> + </node> + <leafNode name="allow-from"> + <properties> + <help>Networks allowed to query this server</help> + <valueHelp> + <format>ipv4net</format> + <description>IP address and prefix length</description> + </valueHelp> + <valueHelp> + <format>ipv6net</format> + <description>IPv6 address and prefix length</description> + </valueHelp> + <multi/> + <constraint> + <validator name="ip-prefix"/> + </constraint> + </properties> + </leafNode> + <leafNode name="listen-address"> + <properties> + <help>Local IP addresses to listen on</help> + <completionHelp> + <script>${vyos_completion_dir}/list_local_ips.sh --both</script> + </completionHelp> + <valueHelp> + <format>ipv4</format> + <description>IPv4 address to listen for incoming connections</description> + </valueHelp> + <valueHelp> + <format>ipv6</format> + <description>IPv6 address to listen for incoming connections</description> + </valueHelp> + <constraint> + <validator name="ipv4-address"/> + <validator name="ipv6-address"/> + <validator name="ipv6-link-local"/> + </constraint> + </properties> + </leafNode> + <leafNode name="metric-version"> + <properties> + <help>Metric version control mapping from Telegraf to Prometheus format</help> + <valueHelp> + <format>u32:1-2</format> + <description>Metric version (default: 2)</description> + </valueHelp> + <constraint> + <validator name="numeric" argument="--range 1-2"/> + </constraint> + </properties> + <defaultValue>2</defaultValue> + </leafNode> + #include <include/port-number.xml.i> + <leafNode name="port"> + <defaultValue>9273</defaultValue> + </leafNode> + </children> + </node> <leafNode name="url"> <properties> <help>Remote URL [REQUIRED]</help> diff --git a/src/conf_mode/service_monitoring_telegraf.py b/src/conf_mode/service_monitoring_telegraf.py index 8a972b9fe..a71565df4 100755 --- a/src/conf_mode/service_monitoring_telegraf.py +++ b/src/conf_mode/service_monitoring_telegraf.py @@ -99,6 +99,15 @@ def get_config(config=None): monitoring['interfaces_ethernet'] = get_interfaces('ethernet', vlan=False) monitoring['nft_chains'] = get_nft_filter_chains() + if 'authentication' in monitoring or \ + 'url' in monitoring: + monitoring['influxdb_configured'] = True + + # Ignore default XML values if config doesn't exists + # Delete key from dict + if not conf.exists(base + ['prometheus-client']): + del monitoring['prometheus_client'] + return monitoring def verify(monitoring): @@ -106,13 +115,14 @@ def verify(monitoring): if not monitoring: return None - if 'authentication' not in monitoring or \ - 'organization' not in monitoring['authentication'] or \ - 'token' not in monitoring['authentication']: - raise ConfigError(f'Authentication "organization and token" are mandatory!') + if 'influxdb_configured' in monitoring: + if 'authentication' not in monitoring or \ + 'organization' not in monitoring['authentication'] or \ + 'token' not in monitoring['authentication']: + raise ConfigError(f'Authentication "organization and token" are mandatory!') - if 'url' not in monitoring: - raise ConfigError(f'Monitoring "url" is mandatory!') + if 'url' not in monitoring: + raise ConfigError(f'Monitoring "url" is mandatory!') return None |