T6523: Telegraf use nft scripts only if the firewall configuredmergify/bp/sagitta/pr-3748

If a firewall is not configured there is no reason to get and
execute telegraf firewall custom scripts as there are no nft
chain in the firewall nftables configuration

(cherry picked from commit ebff0c481907ac0c2c0be9981c3c3d87caf3003b)

2 files changed, 4 insertions, 1 deletions

diff --git a/data/templates/telegraf/telegraf.j2 b/data/templates/telegraf/telegraf.j2
index f382dbf2e..535e3a347 100644
--- a/data/templates/telegraf/telegraf.j2
+++ b/data/templates/telegraf/telegraf.j2
@@ -130,7 +130,9 @@ metric_name_label = "{{ loki.metric_name_label }}"
 {% if influxdb is vyos_defined %}
 [[inputs.exec]]
   commands = [
+{%     if nft_chains is vyos_defined %}
     "{{ custom_scripts_dir }}/show_firewall_input_filter.py",
+{%     endif %}
     "{{ custom_scripts_dir }}/show_interfaces_input_filter.py",
     "{{ custom_scripts_dir }}/vyos_services_input_filter.py"
   ]
diff --git a/src/conf_mode/service_monitoring_telegraf.py b/src/conf_mode/service_monitoring_telegraf.py
index 9455b6109..db870aae5 100755
--- a/src/conf_mode/service_monitoring_telegraf.py
+++ b/src/conf_mode/service_monitoring_telegraf.py
@@ -86,7 +86,8 @@ def get_config(config=None):
     monitoring['custom_scripts_dir'] = custom_scripts_dir
     monitoring['hostname'] = get_hostname()
     monitoring['interfaces_ethernet'] = Section.interfaces('ethernet', vlan=False)
-    monitoring['nft_chains'] = get_nft_filter_chains()
+    if conf.exists('firewall'):
+        monitoring['nft_chains'] = get_nft_filter_chains()
 
     # Redefine azure group-metrics 'single-table' and 'table-per-metric'
     if 'azure_data_explorer' in monitoring: