diff options
Diffstat (limited to '')
-rw-r--r-- | collectors/charts.d.plugin/libreswan/Makefile.inc | 13 | ||||
-rw-r--r-- | collectors/charts.d.plugin/libreswan/README.md | 42 | ||||
-rw-r--r-- | collectors/charts.d.plugin/libreswan/libreswan.chart.sh (renamed from charts.d/libreswan.chart.sh) | 9 | ||||
-rw-r--r-- | collectors/charts.d.plugin/libreswan/libreswan.conf (renamed from conf.d/charts.d/libreswan.conf) | 0 |
4 files changed, 61 insertions, 3 deletions
diff --git a/collectors/charts.d.plugin/libreswan/Makefile.inc b/collectors/charts.d.plugin/libreswan/Makefile.inc new file mode 100644 index 000000000..af767d0dd --- /dev/null +++ b/collectors/charts.d.plugin/libreswan/Makefile.inc @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: GPL-3.0-or-later + +# THIS IS NOT A COMPLETE Makefile +# IT IS INCLUDED BY ITS PARENT'S Makefile.am +# IT IS REQUIRED TO REFERENCE ALL FILES RELATIVE TO THE PARENT + +# install these files +dist_charts_DATA += libreswan/libreswan.chart.sh +dist_chartsconfig_DATA += libreswan/libreswan.conf + +# do not install these files, but include them in the distribution +dist_noinst_DATA += libreswan/README.md libreswan/Makefile.inc + diff --git a/collectors/charts.d.plugin/libreswan/README.md b/collectors/charts.d.plugin/libreswan/README.md new file mode 100644 index 000000000..41026cf72 --- /dev/null +++ b/collectors/charts.d.plugin/libreswan/README.md @@ -0,0 +1,42 @@ +# libreswan + +The plugin will collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels. + +The following charts are created, **per tunnel**: + +1. **Uptime** + + * the uptime of the tunnel + +2. **Traffic** + + * bytes in + * bytes out + +### configuration + +Its config file is `/etc/netdata/charts.d/libreswan.conf`. + +The plugin executes 2 commands to collect all the information it needs: + +```sh +ipsec whack --status +ipsec whack --trafficstatus +``` + +The first command is used to extract the currently established tunnels, their IDs and their names. +The second command is used to extract the current uptime and traffic. + +Most probably user `netdata` will not be able to query libreswan, so the `ipsec` commands will be denied. +The plugin attempts to run `ipsec` as `sudo ipsec ...`, to get access to libreswan statistics. + +To allow user `netdata` execute `sudo ipsec ...`, create the file `/etc/sudoers.d/netdata` with this content: + +``` +netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --status +netdata ALL = (root) NOPASSWD: /sbin/ipsec whack --trafficstatus +``` + +Make sure the path `/sbin/ipsec` matches your setup (execute `which ipsec` to find the right path). + +--- diff --git a/charts.d/libreswan.chart.sh b/collectors/charts.d.plugin/libreswan/libreswan.chart.sh index 30632e9ce..6e29f8473 100644 --- a/charts.d/libreswan.chart.sh +++ b/collectors/charts.d.plugin/libreswan/libreswan.chart.sh @@ -1,9 +1,10 @@ +# shellcheck shell=bash disable=SC1117 # no need for shebang - this file is loaded from charts.d.plugin +# SPDX-License-Identifier: GPL-3.0-or-later # netdata # real-time performance and health monitoring, done right! # (C) 2018 Costa Tsaousis <costa@tsaousis.gr> -# GPL v3+ # # _update_every is a special variable - it holds the number of seconds @@ -60,7 +61,8 @@ libreswan_get() { libreswan_connected_tunnels=() # convert the ipsec command output to a shell script - # and source it to get the values + # and source it to get the values + # shellcheck disable=SC1090 source <( { libreswan_ipsec whack --status; @@ -85,6 +87,7 @@ libreswan_check() { require_cmd ipsec || return 1 # make sure it is libreswan + # shellcheck disable=SC2143 if [ -z "$(ipsec --version | grep -i libreswan)" ] then error "ipsec command is not Libreswan. Disabling Libreswan plugin." @@ -140,7 +143,7 @@ libreswan_update_one() { [ -z "${id}" ] && libreswan_create_one "${name}" - uptime=$(( ${libreswan_now} - ${libreswan_established_add_time[${n}]} )) + uptime=$(( libreswan_now - libreswan_established_add_time[${n}] )) [ ${uptime} -lt 0 ] && uptime=0 # write the result of the work. diff --git a/conf.d/charts.d/libreswan.conf b/collectors/charts.d.plugin/libreswan/libreswan.conf index 9b3ee77b7..9b3ee77b7 100644 --- a/conf.d/charts.d/libreswan.conf +++ b/collectors/charts.d.plugin/libreswan/libreswan.conf |