2 files changed, 104 insertions, 77 deletions
diff --git a/collectors/charts.d.plugin/libreswan/README.md b/collectors/charts.d.plugin/libreswan/README.md
index d75c1ea96..b1c1f05e4 100644
--- a/collectors/charts.d.plugin/libreswan/README.md
+++ b/collectors/charts.d.plugin/libreswan/README.md
@@ -1,6 +1,12 @@
-# libreswan
+<!--
+title: "Libreswan IPSec tunnel monitoring with Netdata"
+custom_edit_url: https://github.com/netdata/netdata/edit/master/collectors/charts.d.plugin/libreswan/README.md
+sidebar_label: "Libreswan IPSec tunnels"
+-->
 
-The plugin will collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels.
+# Libreswan IPSec tunnel monitoring with Netdata
+
+Collects bytes-in, bytes-out and uptime for all established libreswan IPSEC tunnels.
 
 The following charts are created, **per tunnel**:
 
@@ -13,9 +19,15 @@ The following charts are created, **per tunnel**:
 -   bytes in
 -   bytes out
 
-## configuration
+## Configuration
+
+Edit the `charts.d/libreswan.conf` configuration file using `edit-config` from the Netdata [config
+directory](/docs/configure/nodes.md), which is typically at `/etc/netdata`.
 
-Its config file is `/etc/netdata/charts.d/libreswan.conf`.
+```bash
+cd /etc/netdata   # Replace this path with your Netdata config directory, if different
+sudo ./edit-config charts.d/libreswan.conf
+```
 
 The plugin executes 2 commands to collect all the information it needs:
 
diff --git a/collectors/charts.d.plugin/libreswan/libreswan.chart.sh b/collectors/charts.d.plugin/libreswan/libreswan.chart.sh
index 1a8f90b11..bfa2b9ea1 100644
--- a/collectors/charts.d.plugin/libreswan/libreswan.chart.sh
+++ b/collectors/charts.d.plugin/libreswan/libreswan.chart.sh
@@ -37,78 +37,93 @@ declare -A libreswan_established_add_time=()
 # we need this to avoid converting tunnel names to chart IDs on every iteration
 declare -A libreswan_tunnel_charts=()
 
+is_able_sudo_ipsec() {
+  if ! sudo -n -l "${IPSEC_CMD}" whack --status > /dev/null 2>&1; then
+    return 1
+  fi
+  if ! sudo -n -l "${IPSEC_CMD}" whack --trafficstatus > /dev/null 2>&1; then
+    return 1
+  fi
+  return 0
+}
+
 # run the ipsec command
 libreswan_ipsec() {
-	if [ ${libreswan_sudo} -ne 0 ]; then
-		sudo -n "${IPSEC_CMD}" "${@}"
-		return $?
-	else
-		"${IPSEC_CMD}" "${@}"
-		return $?
-	fi
+  if [ ${libreswan_sudo} -ne 0 ]; then
+    sudo -n "${IPSEC_CMD}" "${@}"
+    return $?
+  else
+    "${IPSEC_CMD}" "${@}"
+    return $?
+  fi
 }
 
 # fetch latest values - fill the arrays
 libreswan_get() {
-	# do all the work to collect / calculate the values
-	# for each dimension
-
-	# empty the variables
-	libreswan_traffic_in=()
-	libreswan_traffic_out=()
-	libreswan_established_add_time=()
-	libreswan_connected_tunnels=()
-
-	# convert the ipsec command output to a shell script
-	# and source it to get the values
-	# shellcheck disable=SC1090
-	source <(
-		{
-			libreswan_ipsec whack --status
-			libreswan_ipsec whack --trafficstatus
-		} | sed -n \
-			-e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\".*IPsec SA established.*newest IPSEC.*|libreswan_connected_tunnels[\"\1\"]=\"\2\"|p" \
-			-e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\",.* add_time=\([0-9]\+\),.* inBytes=\([0-9]\+\),.* outBytes=\([0-9]\+\).*|libreswan_traffic_in[\"\1\"]=\"\4\"; libreswan_traffic_out[\"\1\"]=\"\5\"; libreswan_established_add_time[\"\1\"]=\"\3\";|p"
-	) || return 1
-
-	# check we got some data
-	[ ${#libreswan_connected_tunnels[@]} -eq 0 ] && return 1
-
-	return 0
+  # do all the work to collect / calculate the values
+  # for each dimension
+
+  # empty the variables
+  libreswan_traffic_in=()
+  libreswan_traffic_out=()
+  libreswan_established_add_time=()
+  libreswan_connected_tunnels=()
+
+  # convert the ipsec command output to a shell script
+  # and source it to get the values
+  # shellcheck disable=SC1090
+  source <(
+    {
+      libreswan_ipsec whack --status
+      libreswan_ipsec whack --trafficstatus
+    } | sed -n \
+      -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\".*IPsec SA established.*newest IPSEC.*|libreswan_connected_tunnels[\"\1\"]=\"\2\"|p" \
+      -e "s|[0-9]\+ #\([0-9]\+\): \"\(.*\)\",\{0,1\}.* add_time=\([0-9]\+\),.* inBytes=\([0-9]\+\),.* outBytes=\([0-9]\+\).*|libreswan_traffic_in[\"\1\"]=\"\4\"; libreswan_traffic_out[\"\1\"]=\"\5\"; libreswan_established_add_time[\"\1\"]=\"\3\";|p"
+  ) || return 1
+
+  # check we got some data
+  [ ${#libreswan_connected_tunnels[@]} -eq 0 ] && return 1
+
+  return 0
 }
 
 # _check is called once, to find out if this chart should be enabled or not
 libreswan_check() {
-	# this should return:
-	#  - 0 to enable the chart
-	#  - 1 to disable the chart
+  # this should return:
+  #  - 0 to enable the chart
+  #  - 1 to disable the chart
+
+  require_cmd ipsec || return 1
 
-	require_cmd ipsec || return 1
+  # make sure it is libreswan
+  # shellcheck disable=SC2143
+  if [ -z "$(ipsec --version | grep -i libreswan)" ]; then
+    error "ipsec command is not Libreswan. Disabling Libreswan plugin."
+    return 1
+  fi
 
-	# make sure it is libreswan
-	# shellcheck disable=SC2143
-	if [ -z "$(ipsec --version | grep -i libreswan)" ]; then
-		error "ipsec command is not Libreswan. Disabling Libreswan plugin."
-		return 1
-	fi
+  if [ ${libreswan_sudo} -ne 0 ] && ! is_able_sudo_ipsec; then
+    error "not enough permissions to execute ipsec with sudo. Disabling Libreswan plugin."
+    return 1
+  fi
 
-	# check that we can collect data
-	libreswan_get || return 1
+  # check that we can collect data
+  libreswan_get || return 1
 
-	return 0
+  return 0
 }
 
 # create the charts for an ipsec tunnel
 libreswan_create_one() {
-	local n="${1}" name
+  local n="${1}" name
 
-	name="${libreswan_connected_tunnels[${n}]}"
+  name="${libreswan_connected_tunnels[${n}]}"
 
-	[ ! -z "${libreswan_tunnel_charts[${name}]}" ] && return 0
+  [ -n "${libreswan_tunnel_charts[${name}]}" ] && return 0
 
-	libreswan_tunnel_charts[${name}]="$(fixid "${name}")"
+  libreswan_tunnel_charts[${name}]="$(fixid "${name}")"
 
-	cat <<EOF
+  cat << EOF
 CHART libreswan.${libreswan_tunnel_charts[${name}]}_net '${name}_net' "LibreSWAN Tunnel ${name} Traffic" "kilobits/s" "${name}" libreswan.net area $((libreswan_priority)) $libreswan_update_every
 DIMENSION in '' incremental 8 1000
 DIMENSION out '' incremental -8 1000
@@ -116,35 +131,35 @@ CHART libreswan.${libreswan_tunnel_charts[${name}]}_uptime '${name}_uptime' "Lib
 DIMENSION uptime '' absolute 1 1
 EOF
 
-	return 0
+  return 0
 
 }
 
 # _create is called once, to create the charts
 libreswan_create() {
-	local n
-	for n in "${!libreswan_connected_tunnels[@]}"; do
-		libreswan_create_one "${n}"
-	done
-	return 0
+  local n
+  for n in "${!libreswan_connected_tunnels[@]}"; do
+    libreswan_create_one "${n}"
+  done
+  return 0
 }
 
 libreswan_now=$(date +%s)
 
 # send the values to netdata for an ipsec tunnel
 libreswan_update_one() {
-	local n="${1}" microseconds="${2}" name id uptime
+  local n="${1}" microseconds="${2}" name id uptime
 
-	name="${libreswan_connected_tunnels[${n}]}"
-	id="${libreswan_tunnel_charts[${name}]}"
+  name="${libreswan_connected_tunnels[${n}]}"
+  id="${libreswan_tunnel_charts[${name}]}"
 
-	[ -z "${id}" ] && libreswan_create_one "${name}"
+  [ -z "${id}" ] && libreswan_create_one "${name}"
 
-	uptime=$((libreswan_now - libreswan_established_add_time[${n}]))
-	[ ${uptime} -lt 0 ] && uptime=0
+  uptime=$((libreswan_now - libreswan_established_add_time[${n}]))
+  [ ${uptime} -lt 0 ] && uptime=0
 
-	# write the result of the work.
-	cat <<VALUESEOF
+  # write the result of the work.
+  cat << VALUESEOF
 BEGIN libreswan.${id}_net ${microseconds}
 SET in = ${libreswan_traffic_in[${n}]}
 SET out = ${libreswan_traffic_out[${n}]}
@@ -157,16 +172,16 @@ VALUESEOF
 
 # _update is called continiously, to collect the values
 libreswan_update() {
-	# the first argument to this function is the microseconds since last update
-	# pass this parameter to the BEGIN statement (see bellow).
+  # the first argument to this function is the microseconds since last update
+  # pass this parameter to the BEGIN statement (see bellow).
 
-	libreswan_get || return 1
-	libreswan_now=$(date +%s)
+  libreswan_get || return 1
+  libreswan_now=$(date +%s)
 
-	local n
-	for n in "${!libreswan_connected_tunnels[@]}"; do
-		libreswan_update_one "${n}" "${@}"
-	done
+  local n
+  for n in "${!libreswan_connected_tunnels[@]}"; do
+    libreswan_update_one "${n}" "${@}"
+  done
 
-	return 0
+  return 0
 }