updated setup_fastd.yml

added features: - fastd-services-api - install_nginx - install_monitoring
author: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-03-18 18:38:46 +0100
committer: Niklas Yann Wettengel <niyawe@niyawe.de> 2017-03-18 18:38:46 +0100
commit: cd31d75443119be6580e91d5a9a3ab7742f875ab (patch)
tree: 0d12fe52bbb796969336dae613e66ca5f433aba4 /roles/install_monitoring/files
parent: 710a210ae6f165c2e3ce165d30d27f189311656b (diff)
7 files changed, 446 insertions, 0 deletions
diff --git a/roles/install_monitoring/files/check_internet.sh b/roles/install_monitoring/files/check_internet.sh
new file mode 100755
index 0000000..5fbe0c2
--- /dev/null
+++ b/roles/install_monitoring/files/check_internet.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+INTERFACE=mullvad
+FAILED_FILE=/tmp/mullvad.failed
+fail=false
+
+if [ ! -e /sys/class/net/$INTERFACE ]; then
+	echo "$INTERFACE interface does not exist"
+	fail=true
+else
+	start_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes)
+	sleep 30
+	end_bytes=$(cat /sys/class/net/$INTERFACE/statistics/rx_bytes)
+
+	if [ $(($end_bytes-$start_bytes)) -lt 1000 ]; then
+		#echo "no traffic via $INTERFACE"
+		fail=true
+	fi
+fi
+
+if $fail; then
+	systemctl is-active openvpn-client@mullvad.service > /dev/null
+	if [ $? -ne 0 ]; then
+		systemctl status openvpn-client@mullvad.service
+		if [ -e $FAILED_FILE ]; then
+			echo restart openvpn-client@mullvad.service
+			systemctl restart openvpn-client@mullvad.service
+		else
+			touch $FAILED_FILE
+		fi
+	fi
+else
+	if [ -e $FAILED_FILE ]; then
+		rm $FAILED_FILE
+	fi
+fi
+
diff --git a/roles/install_monitoring/files/munin_dhcp_pool_plugin b/roles/install_monitoring/files/munin_dhcp_pool_plugin
new file mode 100755
index 0000000..2cb715d
--- /dev/null
+++ b/roles/install_monitoring/files/munin_dhcp_pool_plugin
@@ -0,0 +1,192 @@
+#!/usr/bin/perl -w
+#
+# Copyright (C) 2008 Rien Broekstra <rien@rename-it.nl>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; version 2 dated June,
+# 1991.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+#
+#
+# Munin plugin to measure saturation of DHCP pools.
+#
+# Configuration variables:
+#
+#       conffile     - path to dhcpd's configuration file (default "/etc/dhcpd.conf")
+#       leasefile    - path to dhcpd's leases file (default "/var/lib/dhcp/dhcpd.leases")
+#
+# Parameters:
+#
+#       config    (required)
+#
+# Version 1.0, 2-12-2008
+
+use POSIX;
+use Time::Local;
+use strict;
+
+my $CONFFILE = exists $ENV{'conffile'} ? $ENV{'conffile'} : "/etc/dhcpd.conf";
+my $LEASEFILE = exists $ENV{'leasefile'} ? $ENV{'leasefile'} : "/var/lib/dhcp/dhcpd.leases";
+
+if ( defined $ARGV[0] and $ARGV[0] eq "autoconf" ) {
+
+}
+elsif ( defined $ARGV[0] and $ARGV[0] eq "config" ) {
+    my (%pools, $start, $label);
+
+    # Print general information
+    print "graph_title DHCP pool usage (in %)\n";
+    print "graph_args --upper-limit 100 -l 0\n";
+    print "graph_vlabel %\n";
+    print "graph_category network\n";
+
+    # Determine the available IP pools
+    %pools = determine_pools();
+    
+    # Print a label for each pool
+    foreach $start (keys %pools) {
+	$label = ip2string($start);
+	$label =~ s/\./\_/g;
+	print "$label.label Pool ".ip2string($start)."\n";
+	print "$label.warning 75\n";
+	print "$label.critical 100\n";
+    }
+}
+else {
+    my (@activeleases, %pools, $start, $end, $size, $free, $label, $lease);
+    
+    # Determine all leased IP addresses 
+    @activeleases = determine_active_leases();
+    
+    # Determine the available IP pools
+    %pools = determine_pools();
+
+    # For each pool, count how many leases from that pool are currently active
+    foreach $start (keys %pools) {
+	$size = $pools{$start};
+	$end = $start+$size;
+	$free = $size;
+
+	foreach $lease (@activeleases) {
+	    if ($lease >= $start && $lease <= $end) {
+		$free--;
+	    }
+	}
+	$label = ip2string($start);
+	$label =~ s/\./\_/g;
+	print "$label.value ".sprintf("%.1f", 100*($size-$free)/$size)."\n";
+    }
+}
+
+# Parse dhcpd.conf for range statements.
+#
+# Returns a hash with start IP -> size
+sub determine_pools {
+    my (%pools, @conffile, $line, $start, $end, $size);
+
+    open(CONFFILE, "<${CONFFILE}") || exit -1;
+    @conffile = <CONFFILE>;
+    close (CONFFILE);
+
+    foreach $line (@conffile) {
+	if ($line =~ /range[\s]+([\d]+\.[\d]+\.[\d]+\.[\d]+)[\s]+([\d]+\.[\d]+\.[\d]+\.[\d]+)/) {
+	    $start = string2ip($1);
+	    $end = string2ip($2);
+	    $size = $end - $start;
+	    defined($start) || next;
+	    defined($end) || next;
+	    
+	    $pools{$start} = $size;
+	}
+    }
+    return %pools;
+}
+
+# Very simple parser for dhcpd.leases. This will break very easily if dhcpd decides to 
+# format the file differently. Ideally a simple recursive-descent parser should be used.
+#
+# Returns an array with currently leased IP's
+sub determine_active_leases {
+    my (@leasefile, $startdate, $enddate, $lease, @activeleases, $mytz, $line, %saw);
+
+    open(LEASEFILE, "<${LEASEFILE}") || exit -1;
+    @leasefile = <LEASEFILE>;
+    close (LEASEFILE);
+
+    @activeleases = ();
+
+    # Portable way of converting a GMT date/time string to timestamp is setting TZ to UTC, and then calling mktime()
+    $mytz = $ENV{'TZ'};
+    $ENV{'TZ'} = 'UTC 0';
+    tzset();
+
+    foreach $line (@leasefile) {
+	if ($line =~ /lease ([\d]+\.[\d]+\.[\d]+\.[\d]+)/) {
+	    $lease = string2ip($1);
+	    defined($lease) || next;
+
+	    undef $startdate;
+	    undef $enddate;
+	}
+	elsif ($line =~ /starts \d ([\d]{4})\/([\d]{2})\/([\d]{2}) ([\d]{2}):([\d]{2}):([\d]{2})/) {
+	    $startdate = mktime($6, $5, $4, $3, $2-1, $1-1900, 0, 0);
+	}
+	elsif ($line =~ /ends \d ([\d]{4})\/([\d]{2})\/([\d]{2}) ([\d]{2}):([\d]{2}):([\d]{2})/) {
+	    $enddate = mktime($6, $5, $4, $3, $2-1, $1-1900, 0, 0);
+	    if (defined($enddate) && defined($startdate) && defined($lease)) {
+		if ($startdate < time() && $enddate > time()) {
+		    push (@activeleases, $lease);
+		}
+	    }
+	}
+
+    }
+    
+    # Set TZ back to its original setting
+    if (defined($mytz)) {
+	$ENV{'TZ'} = $mytz;
+    }
+    else {
+	delete $ENV{'TZ'};
+    }
+    tzset();
+
+    # Sort the array, strip doubles, and return
+    return grep(!$saw{$_}++, @activeleases);
+}
+
+#
+# Helper routine to convert an IP address a.b.c.d into an integer
+#
+# Returns an integer representation of an IP address
+sub string2ip {
+    my $string = shift;
+    defined($string) || return undef;
+    if ($string =~ /([\d]+)\.([\d]+)\.([\d]+)\.([\d]+)/) {
+	if ($1 < 0 || $1 > 255 || $2 < 0 || $2 > 255 || $3 < 0 || $3 > 255 || $4 < 0 || $4 > 255) {
+	    return undef;
+	}
+	else {
+	    return $1 << 24 | $2 << 16 | $3 << 8 | $4;
+	}
+    }
+    return undef;
+}
+	    
+#
+# Returns a dotted quad notation of an 
+#
+sub ip2string {
+    my $ip = shift;
+    defined ($ip) || return undef;
+    return sprintf ("%d.%d.%d.%d", ($ip >> 24) & 0xff, ($ip >> 16) & 0xff, ($ip >> 8) & 0xff, $ip & 0xff);
+}
diff --git a/roles/install_monitoring/files/munin_fastd_conf b/roles/install_monitoring/files/munin_fastd_conf
new file mode 100644
index 0000000..984b05a
--- /dev/null
+++ b/roles/install_monitoring/files/munin_fastd_conf
@@ -0,0 +1,5 @@
+[fastd_*]
+user root
+group root
+env.socketfile /run/ffmyk.socket
+
diff --git a/roles/install_monitoring/files/munin_fastd_plugin b/roles/install_monitoring/files/munin_fastd_plugin
new file mode 100755
index 0000000..35ad65d
--- /dev/null
+++ b/roles/install_monitoring/files/munin_fastd_plugin
@@ -0,0 +1,124 @@
+#!/usr/bin/perl -w
+# -*- perl -*-
+
+=head1 NAME
+
+fastd_ - Plugin to monitor fastd uptime, peers and traffic
+
+=head1 CONFIGURATION
+
+Set user and group to have access to the socket
+Set path to socketfile if not /tmp/fastd.sock
+
+    [fastd_*]
+    user fastd
+    group fastd
+    env.socketfile /tmp/fastd.sock
+
+=head1 USAGE
+
+Link this plugin to /etc/munin/plugins/ with the type of graph (uptime, peers, traffic)
+append to the linkname, ie: /etc/munin/plugins/fastd_peers
+
+After creating the links, restart munin-node. Don't forget to configure the plugin!
+
+=head1 AUTHORS
+
+Dominique Goersch <mail@dgoersch.info>
+
+=head1 LICENSE
+
+GPLv2
+
+=head1 MAGIC MARKERS
+
+ #%# family=manual
+ #%# capabilities=suggest
+
+=cut
+
+
+use strict;
+use warnings;
+use File::Basename;
+use IO::Socket::UNIX qw( SOCK_STREAM );
+use JSON;
+
+my $mode = basename($0);                                                                #get basename
+$mode =~ s/fastd_//;                                                                    #and strip 'fastd_' to get the mode
+
+if ($ARGV[0] and $ARGV[0] eq "config") {                                                #config graph
+    if ($mode eq 'uptime') {                                                            #for uptime
+        print "graph_title fastd Uptime\n";
+        print "graph_info This graph shows the uptime of the fastd on this supernode\n";
+        print "graph_args -l 0\n";
+        print "graph_scale no\n";
+        print "graph_vlabel uptime in days\n";
+        print "graph_category fastd\n";
+        print "uptime.label uptime\n";
+        print "uptime.draw AREA\n";
+    }
+    elsif ($mode eq 'peers') {                                                          #for peers
+        print "graph_title fastd peers\n";
+        print "graph_info This graph shows the peers of the fastd on this supernode\n";
+        print "graph_args -l 0\n";
+        print "graph_scale no\n";
+        print "graph_vlabel peers count\n";
+        print "graph_category fastd\n";
+        print "peers.label peers\n";
+        print "peers.draw AREA\n";
+    }
+    elsif ($mode eq 'traffic') {                                                        #for traffic
+        print "graph_order down up\n";
+        print "graph_title fastd traffic\n";
+        print "graph_args --base 1000\n";
+        print "graph_vlabel bits in (-) / out (+) per second\n";
+        print "graph_category fastd\n";
+        print "graph_info This graph shows the traffic of fast.\n";
+        print "down.label received\n";
+        print "down.type DERIVE\n";
+        print "down.graph no\n";
+        print "down.cdef down,8,*\n";
+        print "down.min 0\n";
+        print "up.label bps\n";
+        print "up.type DERIVE\n";
+        print "up.negative down\n";
+        print "up.cdef up,8,*\n";
+        print "up.min 0\n";
+    }
+    exit 0;
+}
+
+if ($ARGV[0] and $ARGV[0] eq "suggest") {                                               #tell munin about our graphs
+    print "uptime\n";
+    print "peers\n";
+    print "traffic\n";
+}
+
+
+
+my $statusfile = exists $ENV{'socketfile'} ? $ENV{'socketfile'} : "/tmp/fastd.sock";    #get path to socket from environment or use default
+my $socket = IO::Socket::UNIX->new(Type => SOCK_STREAM,Peer => $statusfile)             #open socket
+   or die("Can't connect to server: $!\n");
+
+my $fastdstatus = "";
+foreach my $line (<$socket>) {$fastdstatus .= $line;}                                   #read contents from socket
+my $json = decode_json($fastdstatus);                                                   #decode json
+
+my $fastd_uptime     = $json->{uptime};                                                 #get the uptime from json
+#my $fastd_peers      = scalar(keys(%{$json->{peers}}));                                 #get number of peers from json
+my $fastd_peers = 0;
+for my $key (keys(%{$json->{peers}})) {
+	$fastd_peers = $fastd_peers + ($json->{peers}{$key}{connection}? 1 : 0);
+}
+my $fastd_rx_bytes   = $json->{statistics}->{rx}->{bytes};                              #get recieved bytes from json
+my $fastd_tx_bytes   = $json->{statistics}->{tx}->{bytes};                              #get transmittetd bytes from json
+
+if ( $mode eq 'uptime' ) {
+    printf "uptime.value %.0f\n",$fastd_uptime/86400000;                                #return uptime in seconds
+} elsif ($mode eq 'peers') {
+    print "peers.value $fastd_peers\n";                                                 #return number of peers
+} elsif ($mode eq 'traffic') {
+    print "up.value $fastd_tx_bytes\n";                                                 #return transmitted bytes
+    print "down.value $fastd_rx_bytes\n";                                               #and recieved bytes
+}
diff --git a/roles/install_monitoring/files/munin_global_conf b/roles/install_monitoring/files/munin_global_conf
new file mode 100644
index 0000000..cf418ec
--- /dev/null
+++ b/roles/install_monitoring/files/munin_global_conf
@@ -0,0 +1,6 @@
+[fw_*]
+  user root
+
+[if_ens3]
+  env.speed 1000
+
diff --git a/roles/install_monitoring/files/vnstat b/roles/install_monitoring/files/vnstat
new file mode 100644
index 0000000..cbd2f7c
--- /dev/null
+++ b/roles/install_monitoring/files/vnstat
@@ -0,0 +1,37 @@
+server {
+	listen       80 default_server;
+	listen [::]:80 default_server ipv6only=on;
+	server_name  localhost;
+
+	charset UTF-8;
+
+	index  index.html index.htm;
+	root   /srv/http/vnstat;
+
+	location / {
+		try_files $uri $uri/ =404;
+		autoindex on;
+	}
+
+	# redirect server error pages to the static page /50x.html
+	#
+	error_page   500 502 503 504  /50x.html;
+	location = /50x.html {
+		root   /usr/share/nginx/html;
+	}
+
+	location /nginx_status {
+		stub_status on;
+		access_log   off;
+		allow 127.0.0.1;
+		allow ::1;
+		deny all;
+	}
+
+
+	location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf|svg)$ {
+		expires 30d;
+	# Optional: Don't log access to assets
+		access_log off;
+	}
+}
diff --git a/roles/install_monitoring/files/vnstat.sh b/roles/install_monitoring/files/vnstat.sh
new file mode 100755
index 0000000..7ff875c
--- /dev/null
+++ b/roles/install_monitoring/files/vnstat.sh
@@ -0,0 +1,45 @@
+#!/bin/sh
+set -e
+
+IFACES=$(ls /var/lib/vnstat/)
+
+TARGET=/srv/http/vnstat/
+
+for iface in $IFACES; do
+    /usr/bin/vnstati -i ${iface} -h -o ${TARGET}${iface}_hourly.png
+    /usr/bin/vnstati -i ${iface} -d -o ${TARGET}${iface}_daily.png
+    /usr/bin/vnstati -i ${iface} -m -o ${TARGET}${iface}_monthly.png
+    /usr/bin/vnstati -i ${iface} -t -o ${TARGET}${iface}_top10.png
+    /usr/bin/vnstati -i ${iface} -s -o ${TARGET}${iface}_summary.png
+done
+
+cat > ${TARGET}index.html <<EOT
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
+<head>
+  <titleu1 - Network Traffic</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <meta http-equiv="Content-Language" content="en" />
+</head>
+
+<body style="white-space: nowrap">
+EOT
+
+
+for iface in $IFACES; do
+    sed s/IFACE/${iface}/g >> ${TARGET}index.html <<EOT
+    <div style="display:inline-block;vertical-align: top">
+    <img src="IFACE_summary.png" alt="traffic summary" /><br>
+    <img src="IFACE_monthly.png" alt="traffic per month" /><br>
+    <img src="IFACE_hourly.png" alt="traffic per hour" /><br>
+    <img src="IFACE_top10.png" alt="traffic top10" /><br>
+    <img src="IFACE_daily.png" alt="traffic per day" />
+    </div>
+EOT
+
+done
+
+echo "</body></html>" >> ${TARGET}index.html
+
author	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-03-18 18:38:46 +0100
committer	Niklas Yann Wettengel <niyawe@niyawe.de>	2017-03-18 18:38:46 +0100
commit	cd31d75443119be6580e91d5a9a3ab7742f875ab (patch)
tree	0d12fe52bbb796969336dae613e66ca5f433aba4 /roles/install_monitoring/files
parent	710a210ae6f165c2e3ce165d30d27f189311656b (diff)