zabbix_agentd: Add WireGuard specific monitoring items

Adds new IPFire specific monitoring capabilities to Zabbix Agent:
- ipfire.wireguard.peers.discovery: Discovery of configured WireGuard
  clients. Returns a JSON array.
- ipfire.wireguard.statusreport.get: Parses and returns output of
  `wireguardctrl dump` as a JSON array.

Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/packages/zabbix_agentd b/config/rootfiles/packages/zabbix_agentd
index cc75a49bd82d7f8b4b4be6f1430da195c786f988..52cb37e933108b604d2c538414615bd0021f5f7c 100644 (file)
--- a/config/rootfiles/packages/zabbix_agentd
+++ b/config/rootfiles/packages/zabbix_agentd
@@ -22,6 +22,7 @@ var/ipfire/zabbix_agentd/userparameters/userparameter_pakfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ipfire.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
 var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
+var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
 var/ipfire/zabbix_agentd/scripts
 var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 var/ipfire/zabbix_agentd/scripts/ipfire_services.pl

diff --git a/config/zabbix_agentd/sudoers b/config/zabbix_agentd/sudoers
index 921e20c894d88d94f33878aed9b2fe931162d42d..57273a2c87b723acdccae53ad52a8ed9e271a11e 100644 (file)
--- a/config/zabbix_agentd/sudoers
+++ b/config/zabbix_agentd/sudoers
@@ -9,6 +9,6 @@
 #
 Defaults:zabbix !requiretty
 zabbix ALL=(ALL) NOPASSWD: /opt/pakfire/pakfire status, /usr/sbin/fping, /usr/sbin/arping, /usr/local/bin/getipstat
-zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log
+zabbix ALL=(ALL) NOPASSWD: /bin/cat /var/run/ovpnserver.log, /usr/local/bin/wireguardctrl dump
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_certificate_detail.sh
 zabbix ALL=(ALL) NOPASSWD: /var/ipfire/zabbix_agentd/scripts/ipfire_services.pl

diff --git a/config/zabbix_agentd/userparameter_wireguard.conf b/config/zabbix_agentd/userparameter_wireguard.conf
new file mode 100644 (file)
index 0000000..b792528
--- /dev/null
+++ b/config/zabbix_agentd/userparameter_wireguard.conf
@@ -0,0 +1,6 @@
+# Parameters for monitoring IPFire WireGuard specific metrics
+#
+# Discovery of configured WireGuard peers
+UserParameter=ipfire.wireguard.peers.discovery,cat /var/ipfire/wireguard/peers 2>/dev/null | awk -F',' 'BEGIN { ORS = ""; print "[" } { printf "%s{\"{#NAME}\":\"%s\",\"{#ID}\":\"%s\",\"{#STATE}\":\"%s\",\"{#REMARK_B64}\":\"%s\",\"{#TYPE}\":\"%s\"}", separator, $4, $5, $2, $11, $3; separator = ","; } END { print "]" }'
+# Get Wireguard status report
+UserParameter=ipfire.wireguard.statusreport.get,sudo /usr/local/bin/wireguardctrl dump | awk 'BEGIN { ORS = ""; print "[" } NR>1 { printf "%s{\"id\":\"%s\",\"endpoint\":\"%s\",\"allowed_ip\":\"%s\",\"handshake_timestamp\":%s,\"bytes_in\":%s,\"bytes_out\":%s}", separator, $1, $3, $4, $5, $6, $7; separator = ","; } END { print "]" }'

diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd
index ebd184628fc774739c965734f78bd8af6f72f7fe..6d0a6b4ea0c3e0e7cc343de8facb8e2b6ef66754 100644 (file)
--- a/lfs/zabbix_agentd
+++ b/lfs/zabbix_agentd
@@ -114,6 +114,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                /var/ipfire/zabbix_agentd/userparameters/userparameter_ovpn.conf
        install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_gateway.conf \
                /var/ipfire/zabbix_agentd/userparameters/userparameter_gateway.conf
+       install -v -m 644 $(DIR_SRC)/config/zabbix_agentd/userparameter_wireguard.conf \
+               /var/ipfire/zabbix_agentd/userparameters/userparameter_wireguard.conf
 
        # Install IPFire-specific Zabbix Agent scripts
        -mkdir -pv /var/ipfire/zabbix_agentd/scripts