From 749c69b1c8fce968ea9bbf9dec5e2a18ab4a2c6d Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Thu, 5 May 2022 16:12:23 +0000
Subject: monitoring: T4315: Add telegraf output plugin prometheus-client

Add output Plugin "prometheus-client" for telegraf

set service monitoring telegraf prometheus-client xxx
---
 data/templates/monitoring/override.conf.tmpl       |  2 +
 data/templates/monitoring/telegraf.tmpl            | 20 ++++++
 interface-definitions/include/username.xml.i       | 11 +++
 .../service_monitoring_telegraf.xml.in             | 79 ++++++++++++++++++++++
 src/conf_mode/service_monitoring_telegraf.py       | 22 ++++--
 5 files changed, 128 insertions(+), 6 deletions(-)
 create mode 100644 interface-definitions/include/username.xml.i

diff --git a/data/templates/monitoring/override.conf.tmpl b/data/templates/monitoring/override.conf.tmpl
index f8f150791..00dbc63a0 100644
--- a/data/templates/monitoring/override.conf.tmpl
+++ b/data/templates/monitoring/override.conf.tmpl
@@ -2,6 +2,8 @@
 After=vyos-router.service
 ConditionPathExists=/run/telegraf/vyos-telegraf.conf
 [Service]
+{% if influxdb_configured is defined %}
 Environment=INFLUX_TOKEN={{ authentication.token }}
+{% endif %}
 CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SYS_ADMIN
 AmbientCapabilities=CAP_NET_RAW CAP_NET_ADMIN
diff --git a/data/templates/monitoring/telegraf.tmpl b/data/templates/monitoring/telegraf.tmpl
index cf33eec4e..f80dc5f45 100644
--- a/data/templates/monitoring/telegraf.tmpl
+++ b/data/templates/monitoring/telegraf.tmpl
@@ -14,12 +14,30 @@
   logfile = ""
   hostname = ""
   omit_hostname = false
+{% if influxdb_configured is defined %}
 [[outputs.influxdb_v2]]
   urls = ["{{ url }}:{{ port }}"]
   insecure_skip_verify = true
   token = "$INFLUX_TOKEN"
   organization = "{{ authentication.organization }}"
   bucket = "{{ bucket }}"
+{% endif %}
+{% if prometheus_client is defined %}
+ [[outputs.prometheus_client]]
+   ## Address to listen on
+   listen = "{{ prometheus_client.listen_address if prometheus_client.listen_address is defined else '' }}:{{ prometheus_client.port }}"
+   metric_version = {{ prometheus_client.metric_version }}
+{%     if prometheus_client.authentication is defined %}
+{%          if prometheus_client.authentication.username is defined and prometheus_client.authentication.username is not none and prometheus_client.authentication.password is defined and prometheus_client.authentication.password is not none  %}
+   ## Use HTTP Basic Authentication
+   basic_username = "{{ prometheus_client.authentication.username }}"
+   basic_password = "{{ prometheus_client.authentication.password }}"
+{%          endif %}
+{%     endif %}
+{%     if prometheus_client.allow_from is defined and prometheus_client.allow_from is not none %}
+   ip_range = {{ prometheus_client.allow_from }}
+{%     endif %}
+{% endif %}
 [[inputs.cpu]]
     percpu = true
     totalcpu = true
@@ -50,6 +68,7 @@
   server = "unixgram:///run/telegraf/telegraf_syslog.sock"
   best_effort = true
   syslog_standard = "RFC3164"
+{% if influxdb_configured is defined %}
 [[inputs.exec]]
   commands = [
     "{{ custom_scripts_dir }}/show_firewall_input_filter.py",
@@ -58,3 +77,4 @@
   ]
   timeout = "10s"
   data_format = "influx"
+{% endif %}
diff --git a/interface-definitions/include/username.xml.i b/interface-definitions/include/username.xml.i
new file mode 100644
index 000000000..2263ec08d
--- /dev/null
+++ b/interface-definitions/include/username.xml.i
@@ -0,0 +1,11 @@
+<!-- include start from username.xml.i -->
+<leafNode name="username">
+  <properties>
+    <help>Authentication username</help>
+    <constraint>
+      <regex>^[-_a-zA-Z0-9.]{1,100}</regex>
+    </constraint>
+    <constraintErrorMessage>Illegal characters or more than 100 characters</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in
index 81ba67430..b38e0dd51 100644
--- a/interface-definitions/service_monitoring_telegraf.xml.in
+++ b/interface-definitions/service_monitoring_telegraf.xml.in
@@ -85,6 +85,85 @@
                 </properties>
                 <defaultValue>all</defaultValue>
               </leafNode>
+              <node name="prometheus-client">
+                 <properties>
+                   <help>Output plugin Prometheus client</help>
+                 </properties>
+                 <children>
+                   <node name="authentication">
+                     <properties>
+                       <help>HTTP basic authentication parameters</help>
+                     </properties>
+                     <children>
+                       #include <include/username.xml.i>
+                       <leafNode name="password">
+                         <properties>
+                           <help>Authentication password</help>
+                           <valueHelp>
+                             <format>txt</format>
+                             <description>Authentication password</description>
+                           </valueHelp>
+                         </properties>
+                       </leafNode>
+                     </children>
+                   </node>
+                   <leafNode name="allow-from">
+                     <properties>
+                       <help>Networks allowed to query this server</help>
+                       <valueHelp>
+                         <format>ipv4net</format>
+                         <description>IP address and prefix length</description>
+                       </valueHelp>
+                       <valueHelp>
+                         <format>ipv6net</format>
+                         <description>IPv6 address and prefix length</description>
+                       </valueHelp>
+                       <multi/>
+                       <constraint>
+                         <validator name="ip-prefix"/>
+                       </constraint>
+                     </properties>
+                   </leafNode>
+                   <leafNode name="listen-address">
+                     <properties>
+                       <help>Local IP addresses to listen on</help>
+                       <completionHelp>
+                         <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
+                       </completionHelp>
+                       <valueHelp>
+                         <format>ipv4</format>
+                         <description>IPv4 address to listen for incoming connections</description>
+                       </valueHelp>
+                       <valueHelp>
+                         <format>ipv6</format>
+                         <description>IPv6 address to listen for incoming connections</description>
+                       </valueHelp>
+                       <constraint>
+                         <validator name="ipv4-address"/>
+                         <validator name="ipv6-address"/>
+                         <validator name="ipv6-link-local"/>
+                       </constraint>
+                     </properties>
+                   </leafNode>
+                   <leafNode name="metric-version">
+                     <properties>
+                       <help>Metric version control mapping from Telegraf to Prometheus format</help>
+                       <valueHelp>
+                         <format>u32:1-2</format>
+                         <description>Metric version (default: 2)</description>
+                       </valueHelp>
+                       <constraint>
+                         <validator name="numeric" argument="--range 1-2"/>
+                       </constraint>
+                     </properties>
+                     <defaultValue>2</defaultValue>
+                   </leafNode>
+                   #include <include/port-number.xml.i>
+                   <leafNode name="port">
+                     <defaultValue>9273</defaultValue>
+                   </leafNode>
+                 </children>
+               </node>
               <leafNode name="url">
                 <properties>
                   <help>Remote URL [REQUIRED]</help>
diff --git a/src/conf_mode/service_monitoring_telegraf.py b/src/conf_mode/service_monitoring_telegraf.py
index 8a972b9fe..a71565df4 100755
--- a/src/conf_mode/service_monitoring_telegraf.py
+++ b/src/conf_mode/service_monitoring_telegraf.py
@@ -99,6 +99,15 @@ def get_config(config=None):
     monitoring['interfaces_ethernet'] = get_interfaces('ethernet', vlan=False)
     monitoring['nft_chains'] = get_nft_filter_chains()
 
+    if 'authentication' in monitoring or \
+       'url' in monitoring:
+        monitoring['influxdb_configured'] = True
+
+    # Ignore default XML values if config doesn't exists
+    # Delete key from dict
+    if not conf.exists(base + ['prometheus-client']):
+        del monitoring['prometheus_client']
+
     return monitoring
 
 def verify(monitoring):
@@ -106,13 +115,14 @@ def verify(monitoring):
     if not monitoring:
         return None
 
-    if 'authentication' not in monitoring or \
-       'organization' not in monitoring['authentication'] or \
-       'token' not in monitoring['authentication']:
-        raise ConfigError(f'Authentication "organization and token" are mandatory!')
+    if 'influxdb_configured' in monitoring:
+        if 'authentication' not in monitoring or \
+           'organization' not in monitoring['authentication'] or \
+           'token' not in monitoring['authentication']:
+            raise ConfigError(f'Authentication "organization and token" are mandatory!')
 
-    if 'url' not in monitoring:
-        raise ConfigError(f'Monitoring "url" is mandatory!')
+        if 'url' not in monitoring:
+            raise ConfigError(f'Monitoring "url" is mandatory!')
 
     return None
 
-- 
cgit v1.2.3