Skip to content
Snippets Groups Projects
Commit b9190084 authored by micah's avatar micah :speech_balloon:
Browse files

Replace openvpn-exporter with textfile exporter. 

The upstream openvpn-exporter was emitting high cardinality metrics, because of
the CN being an unique identifier based off of the certificate. This would cause
the tsdb to fill with unnecessary, and unrelated metrics.

This removes that exporter (which has not seen commits for years) and replaces
it with the prometheus-node-exporter textfile collector, which will emit metrics
produced by the shell script that is run every 10 seconds. It will only emit
these metrics:

openvpn_server_connected_clients{status_path="/tmp/openvpn-status-tcp"}
openvpn_server_connected_clients{status_path="/tmp/openvpn-status-udp"}
openvpn_up{status_path="/tmp/openvpn-status-tcp"}
openvpn_up{status_path="/tmp/openvpn-status-udp"}
parent 54c64ebb
Branches new_ovpn_exporter
Tags
1 merge request!5Replace openvpn-exporter with textfile exporter.
Pipeline #124257 passed
Stage: build
Show whitespace changes
Inline Side-by-side
Dockerfile
+ 5
3
View file @ b9190084
...@@ -12,8 +12,6 @@ ENV GOPATH=/go ...@@ -12,8 +12,6 @@ ENV GOPATH=/go
WORKDIR $GOPATH WORKDIR $GOPATH
RUN git clone https://github.com/OperatorFoundation/shapeshifter-dispatcher /shapeshifter-dispatcher && cd /shapeshifter-dispatcher && git reset --hard 34bd4b3fe24537a8a7a827825a1a19f2ad13adae && /usr/lib/go-1.19/bin/go build RUN git clone https://github.com/OperatorFoundation/shapeshifter-dispatcher /shapeshifter-dispatcher && cd /shapeshifter-dispatcher && git reset --hard 34bd4b3fe24537a8a7a827825a1a19f2ad13adae && /usr/lib/go-1.19/bin/go build
RUN strip /shapeshifter-dispatcher/shapeshifter-dispatcher RUN strip /shapeshifter-dispatcher/shapeshifter-dispatcher
RUN /usr/lib/go-1.19/bin/go install github.com/kumina/openvpn_exporter@latest
RUN strip $GOPATH/bin/openvpn_exporter
FROM registry.git.autistici.org/ai3/docker/s6-base FROM registry.git.autistici.org/ai3/docker/s6-base
...@@ -32,10 +30,13 @@ RUN apt-get -q update \ ...@@ -32,10 +30,13 @@ RUN apt-get -q update \
socat \ socat \
lua-socket \ lua-socket \
lua-sec \ lua-sec \
prometheus-node-exporter \
&& rm -rf /var/lib/apt/lists/* && rm -rf /var/lib/apt/lists/*
# Remove unwanted prometheus-node-exporter scripts installed by the package
RUN rm -f /var/lib/prometheus-node-exporter/*
COPY --from=build /shapeshifter-dispatcher/shapeshifter-dispatcher /usr/local/bin/shapeshifter-dispatcher COPY --from=build /shapeshifter-dispatcher/shapeshifter-dispatcher /usr/local/bin/shapeshifter-dispatcher
COPY --from=build /go/bin/openvpn_exporter /usr/local/bin/openvpn_exporter
RUN setcap cap_net_admin,cap_net_bind_service+ep /usr/sbin/openvpn RUN setcap cap_net_admin,cap_net_bind_service+ep /usr/sbin/openvpn
RUN setcap cap_net_admin+ep /bin/ip RUN setcap cap_net_admin+ep /bin/ip
...@@ -44,3 +45,4 @@ RUN update-alternatives --set iptables /usr/sbin/iptables-legacy ...@@ -44,3 +45,4 @@ RUN update-alternatives --set iptables /usr/sbin/iptables-legacy
# S6 configuration # S6 configuration
COPY conf/ /etc/ COPY conf/ /etc/
COPY openvpn-metrics.sh /usr/local/sbin/openvpn-metrics.sh
conf/services.d/openvpn-exporter/run
+ 1
2
View file @ b9190084
#!/bin/sh #!/bin/sh
echo "Starting openvpn-exporter" every 10 /usr/local/sbin/openvpn-metrics.sh
exec /usr/local/bin/openvpn_exporter -openvpn.status_paths "/tmp/openvpn-status-tcp,/tmp/openvpn-status-udp" -ignore.individuals true
conf/services.d/prometheus-node-exporter/finish 0 → 100755
+ 4
0
View file @ b9190084
#!/bin/sh
echo "Exiting prometheus-node-exporter"
s6-svscanctl -t /var/run/s6/services
conf/services.d/prometheus-node-exporter/run 0 → 100755
+ 4
0
View file @ b9190084
#!/bin/sh
echo "Starting prometheus-node-exporter"
exec /usr/bin/prometheus-node-exporter --collector.disable-defaults --collector.textfile --collector.textfile.directory /tmp/prometheus --web.listen-address=":9176"
openvpn-metrics.sh 0 → 100755
+ 43
0
View file @ b9190084
#!/bin/sh
# Execute a metrics-generating script and safely write its
# output to /tmp/prometheus
#
#
output_dir="/tmp/prometheus"
output_file="${output_dir}/openvpn.prom"
umask 022
tmp_file="${output_file}.$$"
trap "rm -f $tmp_file 2>/dev/null" EXIT INT TERM
mkdir -p $output_dir
echo "# HELP openvpn_up Whether scraping OpenVPN's metrics was successful." > $tmp_file
echo '# TYPE openvpn_up gauge' >> $tmp_file
echo -n 'openvpn_up{status_path="/tmp/openvpn-status-tcp"} ' >> $tmp_file
if [ -r /tmp/openvpn-status-tcp ];
then
echo "1" >> $tmp_file
echo "# HELP openvpn_server_connected_clients Number Of Connected Clients" >> $tmp_file
echo "# TYPE openvpn_server_connected_clients gauge" >> $tmp_file
tcp_connected=$(cat /tmp/openvpn-status-tcp |grep CLIENT_LIST|wc -l)
echo -n 'openvpn_server_connected_clients{status_path="/tmp/openvpn-status-tcp"} ' >> $tmp_file
echo $tcp_connected >> $tmp_file
else
echo "0" >> $tmp_file
fi
echo -n 'openvpn_up{status_path="/tmp/openvpn-status-udp"} ' >> $tmp_file
if [ -r /tmp/openvpn-status-udp ];
then
echo "1" >> $tmp_file
udp_connected=$(cat /tmp/openvpn-status-udp |grep CLIENT_LIST|wc -l)
echo -n 'openvpn_server_connected_clients{status_path="/tmp/openvpn-status-udp"} ' >> $tmp_file
echo $udp_connected >> $tmp_file
else
echo "0" >> $tmp_file
fi
mv -f "$tmp_file" "$output_file"
exit $?
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment