search

MindFlavor / prometheus_wireguard_exporter

A Prometheus exporter for WireGuard, written in Rust.
https://mindflavor.github.io/prometheus_wireguard_exporter
MIT License
485 stars 51 forks source link

I propose to add an example for the command lines #89

Closed lausser closed 2 years ago

lausser commented 2 years ago

Hi, it took me some time until i understood that command line parameters -a and -v need an argument. I was always running the exporter as:

mon@wg-1-hvs:~$ cajetan/bin/prometheus_wireguard_exporter -a -v
[2022-03-06T18:26:19Z INFO  prometheus_wireguard_exporter] prometheus_wireguard_exporter v3.6.1 starting...
[2022-03-06T18:26:19Z INFO  prometheus_wireguard_exporter] using options: Options { verbose: false, prepend_sudo: false, separate_allowed_ips: false, extract_names_config_files: None, interfaces: None, export_remote_ip_and_port: false }

I thought the parameters are boolean. And there was no error message. Then i tried environment varibles and noticed that the line using options... showed what it was supposed to show.

mon@wg-1-hvs:~$ PROMETHEUS_WIREGUARD_EXPORTER_PREPEND_SUDO_ENABLED=true PROMETHEUS_WIREGUARD_EXPORTER_VERBOSE_ENABLED=true cajetan/bin/prometheus_wireguard_exporter 
[2022-03-06T18:23:29Z INFO  prometheus_wireguard_exporter] prometheus_wireguard_exporter v3.6.1 starting...
[2022-03-06T18:23:29Z INFO  prometheus_wireguard_exporter] using options: Options { verbose: true, prepend_sudo: true, separate_allowed_ips: false, extract_names_config_files: None, interfaces: None, export_remote_ip_and_port: false }

Finally i tried

mon@wg-1-hvs:~$ cajetan/bin/prometheus_wireguard_exporter -a true -v true
[2022-03-06T18:29:18Z INFO  prometheus_wireguard_exporter] prometheus_wireguard_exporter v3.6.1 starting...
[2022-03-06T18:29:18Z INFO  prometheus_wireguard_exporter] using options: Options { verbose: true, prepend_sudo: true, separate_allowed_ips: false, extract_names_config_files: None, interfaces: None, export_remote_ip_and_port: false }

and everything was fine. You might add prometheus_wireguard_exporter -a true -v true add as an example, then everybody will immediately understand how the command line parameters should be.

SerialVelocity commented 2 years ago

I think this might've be partially fixed in the latest release since I was using -a before and not realising it wasn't working (I hadn't checked the metrics yet). When I use -a now it fails with:

error: The argument '--prepend_sudo <prepend_sudo>' requires a value but none was supplied
DaS-hpolbb commented 2 years ago

Hello, i have the same problem with docker and the following environment:

PROMETHEUS_WIREGUARD_EXPORTER_VERBOSE_ENABLED=true
PROMETHEUS_WIREGUARD_EXPORTER_PREPEND_SUDO_ENABLED=true

and also with the docker minimal example docker run -d --net=host --cap-add=NET_ADMIN --name wgexporter mindflavor/prometheus-wireguard-exporter

error: The argument '--prepend_sudo <prepend_sudo>' requires a value but none was supplied

USAGE:
    prometheus_wireguard_exporter [OPTIONS]
MindFlavor commented 2 years ago

You might add prometheus_wireguard_exporter -a true -v true add as an example, then everybody will immediately understand how the command line parameters should be.

I think you are right, the only mention of the change is in the 3.6.0 CHANGELOG:

... This changes how the exporter evaluates the command line parameters: make sure to consult the documentation on how to convert your command line to the new format. Basically every switch (for example verbose -v) not expect values, either true or false. This is necessary because there is no way to discriminate between an empty environment variable and one that has not been set. ...

I will copy this statement above the parameters table, hopefully it will make the point clear.

thecosmicfrog commented 2 years ago

@MindFlavor I just updated from 3.5.1 to 3.6.3 and noticed that I can't run the Docker image without arguments anymore. My previous docker-compose config with 3.5.1 was:

prometheus-wireguard-exporter:
  image: mindflavor/prometheus-wireguard-exporter:3.5.1
  ports:
    - "9586:9586"
  network_mode: host
  dns:
    - 2001:4860:4860::8888
    - 2001:4860:4860::8844
  cap_add:
    - NET_ADMIN
  restart: "always"

...and had consistent restarts along with the error:

prometheus-wireguard-exporter_1  | USAGE:
prometheus-wireguard-exporter_1  |     prometheus_wireguard_exporter --prepend_sudo <prepend_sudo>
prometheus-wireguard-exporter_1  |
prometheus-wireguard-exporter_1  | For more information try --help
prometheus-wireguard-exporter_1  | error: Found argument '--prepend_sudo true' which wasn't expected, or isn't valid in this context

I fixed it by explicitly adding the arguments, i.e.

prometheus-wireguard-exporter:
  image: mindflavor/prometheus-wireguard-exporter:3.6.3
+ command:
+   - '--prepend_sudo=true'
  ports:
    - "9586:9586"
  network_mode: host
  dns:
    - 2001:4860:4860::8888
    - 2001:4860:4860::8844
  cap_add:
    - NET_ADMIN
  restart: "always"

I'm assuming this wasn't intentional?

Thanks for the great software!

MindFlavor commented 2 years ago

That's weird, the binary shouldn't require prepend_sudo at all. I've just checked from a rustc-compiled 3.6.3 binary and indeed it works without arguments. It's possible that's an artifact of the docker image then. Do you mind connecting to the container's shell (something like docker exec -it container /bin/sh) and launching the binary by hand? This way we will know for sure!

Thank you in advance!

thecosmicfrog commented 2 years ago

@MindFlavor No problem at all!

I updated my docker-compose.yml to have a sleep as below:

prometheus-wireguard-exporter:
  image: mindflavor/prometheus-wireguard-exporter:3.6.3
  entrypoint: "sleep 10000"  # <-- Removed command and added useless entrypoint
  ports:
    - "9586:9586"
  network_mode: host
  dns:
    - 2001:4860:4860::8888
    - 2001:4860:4860::8844
  cap_add:
    - NET_ADMIN
  restart: "always"

And indeed the binary runs without issue:

root@server:~/docker/prometheus_follower# docker exec -it prometheus_follower_prometheus-wireguard-exporter_1 /bin/sh
/usr/local/bin $ /usr/local/bin/prometheus_wireguard_exporter
[2022-04-02T21:03:14Z INFO  prometheus_wireguard_exporter] prometheus_wireguard_exporter v3.6.3 starting...
[2022-04-02T21:03:14Z INFO  prometheus_wireguard_exporter] using options: Options { verbose: false, prepend_sudo: false, separate_allowed_ips: false, extract_names_config_files: None, interfaces: None, export_remote_ip_and_port: false }
[2022-04-02T21:03:14Z INFO  prometheus_wireguard_exporter] starting exporter on http://0.0.0.0:9586/metrics
[2022-04-02T21:03:14Z INFO  prometheus_exporter_base] Listening on http://0.0.0.0:9586/metrics

Cheers, Aaron

lausser commented 2 years ago

@MindFlavor _"...the binary shouldn't require prependsudo at all..." You mean the wg binary? mon@wg-1-hvs:~$ wg Unable to access interface wg0: Operation not permitted

MindFlavor commented 2 years ago

You mean the wg binary?

Sorry I wasn't clear. I meant to say: "the binary does not require the option to be specified in order to start". In other words, the process should start regardless of you adding the --prepend_sudo option or not. If you don't add it, the default, false is used (see @thecosmicfrog's answer above). The --prepend_sudo argument is not mandatory.

I do not mean to imply that the exporter should work without root privileges. It will start but it will error out as soon as it tries to run wg commands (which is, as soon as you query the /metrics url).

Hope that clarifies it a bit!

slch commented 2 years ago

Got error: The argument '--prepend_sudo <prepend_sudo>' requires a value but none was supplied on 3.6.3 (latest)

Isn't it because of this line? https://github.com/MindFlavor/prometheus_wireguard_exporter/blob/master/Dockerfile#L133 Should be CMD [ "-a false" ]?

Works for me with docker run ... --entrypoint /usr/local/bin/prometheus_wireguard_exporter ... :+1:

orzaez commented 11 months ago

Can any body show me the docker-compose from wireguard?? mine its show like this

version: "3.8"
services:
  wg:
    image: lscr.io/linuxserver/wireguard:latest    
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SERVERURL=orzaez.duckdns.org
      - SERVERPORT=51820 #optional
      - PEERS=1 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - PERSISTENTKEEPALIVE_PEERS= #optional
      - LOG_CONFS=true #optional
    container_name: wg
    volumes:
      - /home/orzaezpi/WireGuard and DuckDns/config:/etc/wireguard
      - /path/to/appdata/config:/config
      - /lib/modules:/lib/modules #optional
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - my-network
  wgexporter:
    image: mindflavor/prometheus-wireguard-exporter:latest
    container_name: wgexporter
    networks:
      - my-network
    ports:
      - "9586:9586/tcp"
    command:
      - '--prepend_sudo=true'
  duckdns:
    image: lscr.io/linuxserver/duckdns:latest
    container_name: duckdns
    environment:
      - PUID=1000 #optional
      - PGID=1000 #optional
      - TZ=Etc/UTC #optional
      - SUBDOMAINS=orzaez
      - TOKEN=XXXXXXXXXXXXXXXXXXX
      - LOG_FILE=false #optional
    volumes:
      - /path/to/appdata/config:/config #optional
    restart: unless-stopped
    networks:
      - my-network

And the docker-compose prometheus like :

volumes:
  grafana-data:
  prometheus-data:    
services:
  grafana:
    image: grafana/grafana:8.0.6
    container_name: grafana
    restart: unless-stopped
    volumes:
    - grafana-data:/var/lib/grafana
    ports:
    - 3000:3000
    networks:
      - my-network
  prometheus:
    image: prom/prometheus:v2.28.1
    container_name: prometheus
    restart: unless-stopped
    volumes:
    - /home/orzaezpi/network/prometheus:/etc/prometheus    
    - prometheus-data:/prometheus
    ports:
    - 9090:9090
    command:
    - '--config.file=/etc/prometheus/prometheus.yml'
    - '--storage.tsdb.path=/prometheus'
    - '--storage.tsdb.retention.time=1y'
    - '--web.enable-lifecycle'
    networks:
      - my-network
  node_exporter:
    image: quay.io/prometheus/node-exporter:latest
    container_name: node_exporter
    restart: unless-stopped
    ports:
    - 9100:9100
    command:
    - '--path.rootfs=/host'
    pid: host
    volumes:
    - '/:/host:ro,rslave' 
    networks:
      - my-network
  cadvisor:
    image: klo2k/cadvisor:latest
    container_name: cadvisor
    restart: unless-stopped
    expose:
    - 8080
    volumes:
    - /:/rootfs:ro
    - /var/run:/var/run:rw
    - /sys:/sys:ro
    - /var/lib/docker/:/var/lib/docker:ro
    networks:
      - my-network

sorry for all my mistakes and thanks in advance

simono41 commented 11 months ago

Can any body show me the docker-compose from wireguard?? mine its show like this

version: "3.8"
services:
  wg:
    image: lscr.io/linuxserver/wireguard:latest    
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SERVERURL=orzaez.duckdns.org
      - SERVERPORT=51820 #optional
      - PEERS=1 #optional
      - PEERDNS=auto #optional
      - INTERNAL_SUBNET=10.13.13.0 #optional
      - ALLOWEDIPS=0.0.0.0/0 #optional
      - PERSISTENTKEEPALIVE_PEERS= #optional
      - LOG_CONFS=true #optional
    container_name: wg
    volumes:
      - /home/orzaezpi/WireGuard and DuckDns/config:/etc/wireguard
      - /path/to/appdata/config:/config
      - /lib/modules:/lib/modules #optional
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
    networks:
      - my-network
  wgexporter:
    image: mindflavor/prometheus-wireguard-exporter:latest
    container_name: wgexporter
    networks:
      - my-network
    ports:
      - "9586:9586/tcp"
    command:
      - '--prepend_sudo=true'
  duckdns:
    image: lscr.io/linuxserver/duckdns:latest
    container_name: duckdns
    environment:
      - PUID=1000 #optional
      - PGID=1000 #optional
      - TZ=Etc/UTC #optional
      - SUBDOMAINS=orzaez
      - TOKEN=XXXXXXXXXXXXXXXXXXX
      - LOG_FILE=false #optional
    volumes:
      - /path/to/appdata/config:/config #optional
    restart: unless-stopped
    networks:
      - my-network

And the docker-compose prometheus like :

volumes:
 grafana-data:
 prometheus-data:    
services:
 grafana:
   image: grafana/grafana:8.0.6
   container_name: grafana
   restart: unless-stopped
   volumes:
   - grafana-data:/var/lib/grafana
   ports:
   - 3000:3000
   networks:
     - my-network
 prometheus:
   image: prom/prometheus:v2.28.1
   container_name: prometheus
   restart: unless-stopped
   volumes:
   - /home/orzaezpi/network/prometheus:/etc/prometheus    
   - prometheus-data:/prometheus
   ports:
   - 9090:9090
   command:
   - '--config.file=/etc/prometheus/prometheus.yml'
   - '--storage.tsdb.path=/prometheus'
   - '--storage.tsdb.retention.time=1y'
   - '--web.enable-lifecycle'
   networks:
     - my-network
 node_exporter:
   image: quay.io/prometheus/node-exporter:latest
   container_name: node_exporter
   restart: unless-stopped
   ports:
   - 9100:9100
   command:
   - '--path.rootfs=/host'
   pid: host
   volumes:
   - '/:/host:ro,rslave' 
   networks:
     - my-network
 cadvisor:
   image: klo2k/cadvisor:latest
   container_name: cadvisor
   restart: unless-stopped
   expose:
   - 8080
   volumes:
   - /:/rootfs:ro
   - /var/run:/var/run:rw
   - /sys:/sys:ro
   - /var/lib/docker/:/var/lib/docker:ro
   networks:
     - my-network

sorry for all my mistakes and thanks in advance

Hi this is my docker-compose.yml file

I have my wireguard network in host mode for connect other devices in my network

wireguard-exporter:
--
container_name: wireguard-exporter
#build: builds/prometheus_wireguard_exporter/.
image: 'mindflavor/prometheus-wireguard-exporter:latest'
command:
- '-v=true'
- '-a=true'
- '-l=10.200.0.1'  # notice the listen addr
- '-p=9200'
- '-n=/etc/wireguard/wg0.conf'
network_mode: host
volumes: [ /opt/containers/wireguard/config/wg_confs/wg0.conf:/etc/wireguard/wg0.conf:ro ]
cap_add: [ NET_ADMIN ]