add munin monitoring

master
Niklas Yann Wettengel 7 years ago
parent de66f3d823
commit 4523a78c97

@ -31,13 +31,15 @@ COMMIT
# SSH-Server
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# nginx
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# munin
-A INPUT -p tcp -m tcp --dport 4949 -j ACCEPT
{% if 'fastd' in group_names %}
# dns
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
# nginx
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd
@ -85,8 +87,8 @@ COMMIT
-A FORWARD -o {{ ansible_default_ipv6.interface }} -j REJECT
{% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %}
iptables -A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i {{ peer.name }} -d 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o {{ peer.name }} -s 2a03:2260:1016::/48 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% endfor %}
{% endif %}
COMMIT

@ -31,6 +31,8 @@ COMMIT
# SSH-Server
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# nginx
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
{% if 'fastd' in group_names %}
# dns
@ -40,8 +42,6 @@ COMMIT
{% for site in sites %}
-I INPUT -i bat{{ site.name }} -p udp --dport 67:68 --sport 67:68 -j ACCEPT
{% endfor %}
# nginx
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# ntp
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
# fastd
@ -71,8 +71,8 @@ COMMIT
-A FORWARD -o {{ ansible_default_ipv4.interface }} -j REJECT
{% if 'ffrl_uplink' in group_names %}
{% for peer in ffrl_peers %}
iptables -A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i {{ peer.name }} -d 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o {{ peer.name }} -s 10.222.0.0/16 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
{% endfor %}
{% endif %}

@ -1,5 +0,0 @@
[fastd_*]
user root
group root
env.socketfile /run/ffmyk.socket

@ -0,0 +1,73 @@
#!/usr/bin/perl -w
# -*- perl -*-
=head1 NAME
fastd_peers_ - Plugin to monitor fastd peers
=head1 CONFIGURATION
Set user and group to have access to the socket
Set path to socketfile if not /tmp/fastd.sock
[fastd_peers_*]
user fastd
group fastd
env.socketfile /tmp/fastd.sock
=head1 USAGE
Link this plugin to /etc/munin/plugins/
After creating the links, restart munin-node. Don't forget to configure the plugin!
=head1 AUTHORS
Dominique Goersch <mail@dgoersch.info>
Niklas Yann Wettengel <niyawe@niyawe.de>
=head1 LICENSE
GPLv2
=head1 MAGIC MARKERS
#%# family=manual
=cut
use strict;
use warnings;
use File::Basename;
use IO::Socket::UNIX qw( SOCK_STREAM );
use JSON;
if ($ARGV[0] and $ARGV[0] eq "config") { #config graph
print "graph_title fastd peers\n";
print "graph_info This graph shows the peers of the fastd on this supernode\n";
print "graph_args -l 0\n";
print "graph_scale no\n";
print "graph_vlabel peers count\n";
print "graph_category fastd\n";
print "peers.label peers\n";
print "peers.draw AREA\n";
exit 0;
}
my $statusfile = exists $ENV{'socketfile'} ? $ENV{'socketfile'} : "/tmp/fastd.sock"; #get path to socket from environment or use default
my $socket = IO::Socket::UNIX->new(Type => SOCK_STREAM,Peer => $statusfile) #open socket
or die("Can't connect to server: $!\n");
my $fastdstatus = "";
foreach my $line (<$socket>) {$fastdstatus .= $line;} #read contents from socket
my $json = decode_json($fastdstatus); #decode json
#my $fastd_peers = scalar(keys(%{$json->{peers}})); #get number of peers from json
my $fastd_peers = 0;
for my $key (keys(%{$json->{peers}})) {
$fastd_peers = $fastd_peers + ($json->{peers}{$key}{connection}? 1 : 0);
}
print "peers.value $fastd_peers\n"; #return number of peers

@ -0,0 +1,79 @@
#!/usr/bin/perl -w
# -*- perl -*-
=head1 NAME
fastd_traffic_ - Plugin to monitor fastd traffic
=head1 CONFIGURATION
Set user and group to have access to the socket
Set path to socketfile if not /tmp/fastd.sock
[fastd_traffic_*]
user fastd
group fastd
env.socketfile /tmp/fastd.sock
=head1 USAGE
Link this plugin to /etc/munin/plugins/
After creating the links, restart munin-node. Don't forget to configure the plugin!
=head1 AUTHORS
Dominique Goersch <mail@dgoersch.info>
Niklas Yann Wettengel <niyawe@niyawe.de>
=head1 LICENSE
GPLv2
=head1 MAGIC MARKERS
#%# family=manual
=cut
use strict;
use warnings;
use File::Basename;
use IO::Socket::UNIX qw( SOCK_STREAM );
use JSON;
if ($ARGV[0] and $ARGV[0] eq "config") { #config graph
print "graph_order down up\n";
print "graph_title fastd traffic\n";
print "graph_args --base 1000\n";
print "graph_vlabel bits in (-) / out (+) per second\n";
print "graph_category fastd\n";
print "graph_info This graph shows the traffic of fast.\n";
print "down.label received\n";
print "down.type DERIVE\n";
print "down.graph no\n";
print "down.cdef down,8,*\n";
print "down.min 0\n";
print "up.label bps\n";
print "up.type DERIVE\n";
print "up.negative down\n";
print "up.cdef up,8,*\n";
print "up.min 0\n";
exit 0;
}
my $statusfile = exists $ENV{'socketfile'} ? $ENV{'socketfile'} : "/tmp/fastd.sock"; #get path to socket from environment or use default
my $socket = IO::Socket::UNIX->new(Type => SOCK_STREAM,Peer => $statusfile) #open socket
or die("Can't connect to server: $!\n");
my $fastdstatus = "";
foreach my $line (<$socket>) {$fastdstatus .= $line;} #read contents from socket
my $json = decode_json($fastdstatus); #decode json
my $fastd_rx_bytes = $json->{statistics}->{rx}->{bytes}; #get recieved bytes from json
my $fastd_tx_bytes = $json->{statistics}->{tx}->{bytes}; #get transmittetd bytes from json
print "up.value $fastd_tx_bytes\n"; #return transmitted bytes
print "down.value $fastd_rx_bytes\n"; #and recieved bytes

@ -1,6 +1,6 @@
[fw_*]
user root
[if_ens3]
[if_ens*]
env.speed 1000

@ -10,23 +10,65 @@
dest: /etc/munin/munin-node.conf
notify: restart munin-node
- name: copy fastd plugin
- name: install perl-json
pacman:
name: perl-json
state: present
when: "'fastd' in group_names"
- name: copy fastd peers plugin
copy:
src: munin/munin_fastd_peers
dest: /usr/lib/munin/plugins/fastd_peers_
mode: 0755
when: "'fastd' in group_names"
- name: copy fastd traffic plugin
copy:
src: munin/munin_fastd_plugin
dest: /usr/lib/munin/plugins/fastd_
src: munin/munin_fastd_traffic
dest: /usr/lib/munin/plugins/fastd_traffic_
mode: 0755
when: "'fastd' in group_names"
- name: enable munin plugins for fastd peers
file:
path: /etc/munin/plugins/fastd_peers_ff{{ item.name }}
src: /usr/lib/munin/plugins/fastd_peers_
state: link
with_items: "{{ sites }}"
notify: restart munin-node
when: "'fastd' in group_names"
- name: enable munin plugins for fastd traffic
file:
path: /etc/munin/plugins/fastd_traffic_ff{{ item.name }}
src: /usr/lib/munin/plugins/fastd_traffic_
state: link
with_items: "{{ sites }}"
notify: restart munin-node
when: "'fastd' in group_names"
- name: copy fastd plugin config
template:
src: munin_fastd_conf.j2
dest: /etc/munin/plugin-conf.d/fastd
notify: restart munin-node
when: "'fastd' in group_names"
- name: copy dhcp-pool plugin
copy:
src: munin/munin_dhcp_pool_plugin
dest: /usr/lib/munin/plugins/dhcp-pool
mode: 0755
when: "'fastd' in group_names"
- name: copy fastd plugin config
copy:
src: munin/munin_fastd_conf
dest: /etc/munin/plugin-conf.d/fastd
- name: enable munin plugins for dhcp
file:
path: /etc/munin/plugins/dhcp-pool
src: /usr/lib/munin/plugins/dhcp-pool
state: link
notify: restart munin-node
when: "'fastd' in group_names"
- name: copy global config
copy:
@ -44,17 +86,109 @@
name: perl-lwp-protocol-https
state: present
- name: install perl-json
pacman:
name: perl-json
state: present
- name: enable munin plugins for network monitoring (1/8)
file:
path: /etc/munin/plugins/if_{{ ansible_default_ipv4.interface }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
- name: enable munin plugins for network monitoring (2/8)
file:
path: /etc/munin/plugins/if_{{ ansible_default_ipv6.interface }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
- name: enable munin plugins for network monitoring (3/8)
file:
path: /etc/munin/plugins/if_{{ item[0] }}{{ item[1].name }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
with_nested:
- [ 'bat', 'vpn', 'wg' ]
- "{{ sites }}"
when: "'fastd' in group_names"
- name: enable munin plugins for network monitoring (4/8)
file:
path: /etc/munin/plugins/if_bb{{ hostvars[item]['wireguard_bb_name'] }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
with_items: "{{ groups['uplink'] }}"
when: "'fastd' in group_names"
- name: enable munin plugins for network monitoring (5/8)
file:
path: /etc/munin/plugins/if_bb{{ hostvars[item]['wireguard_bb_name'] }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
with_items: "{{ groups['fastd'] }}"
when: "'uplink' in group_names"
- name: enable munin plugins for network monitoring (6/8)
file:
path: /etc/munin/plugins/if_bb{{ item.name }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
with_items: "{{ wireguard_bb_peers|default([]) }}"
when: "'uplink' in group_names"
- name: enable munin plugins for network monitoring (7/8)
file:
path: /etc/munin/plugins/if_bb{{ item.name }}
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
with_items: "{{ ffrl_peers }}"
when: "'ffrl_uplink' in group_names"
- name: enable munin plugins for network monitoring (8/8)
file:
path: /etc/munin/plugins/if_mullvad
src: /usr/lib/munin/plugins/if_
state: link
notify: restart munin-node
when: "'mullvad_uplink' in group_names"
- name: enable munin plugins
file:
path: /etc/munin/plugins/{{ item.name }}
src: /usr/lib/munin/plugins/{{ item.plugin | default( item.name ) }}
path: /etc/munin/plugins/{{ item }}
src: /usr/lib/munin/plugins/{{ item }}
state: link
with_items: "{{ munin_node_plugins }}"
with_items:
- cpu
- df
- df_inode
- diskstats
- entropy
- forks
- fw_conntrack
- fw_forwarded_local
- fw_packets
- interrupts
- irqstats
- load
- memory
- netstat
- nginx_request
- nginx_status
- ntp_kernel_err
- ntp_kernel_pll_freq
- ntp_kernel_pll_off
- ntp_offset
- open_files
- open_inodes
- proc_pri
- processes
- threads
- uptime
- users
- vmstat
notify: restart munin-node
- name: start and enable munin-node

@ -15,6 +15,7 @@
args:
creates: '/var/lib/vnstat/bat{{ item.name }}'
with_items: "{{ sites }}"
when: "'fastd' in group_names"
- name: add interfaces to vnstat for uplink interfaces
command: /usr/bin/vnstat -u -i bb{{ hostvars[item]['wireguard_bb_name'] }}
@ -22,6 +23,7 @@
creates: "/var/lib/vnstat/bb{{ hostvars[item]['wireguard_bb_name'] }}"
with_items:
- "{{ groups['uplink'] }}"
when: "'fastd' in group_names"
- name: add interfaces to vnstat for outgoing v4 interface
command: /usr/bin/vnstat -u -i {{ ansible_default_ipv4.interface }}

@ -5,5 +5,5 @@
#- name: install ffmyk-influx
# include: install_ffmyk-influx.yml
#- name: install munin
# include: install_munin.yml
- name: install munin
import_tasks: install_munin.yml

@ -0,0 +1,12 @@
{% for site in sites %}
[fastd_peers_ff{{ site.name }}]
user root
group root
env.socketfile /run/ff{{ site.name }}1.socket
[fastd_traffic_ff{{ site.name }}]
user root
group root
env.socketfile /run/ff{{ site.name }}1.socket
{% endfor %}

@ -35,13 +35,13 @@
- configure_static_routes
- install_cronie
#- install_php
#- install_nginx
- install_nginx
- install_ntp
- install_haveged
- install_wireguard
- install_wireguard_backbone
- install_babeld
#- install_monitoring
- install_monitoring
- update_ssh_keys
- install_admin_packages
- name: install openvpn uplink

Loading…
Cancel
Save