Closed bnerickson closed 1 year ago
Npeca75
commented
1 year ago but why python ???
think about OpenWRT devices they are limited in flash size LibreNMS have already support for OpenWRT, so it would be shame to left out WG from OpenWRT because interpreter could not fit in limited flash
is there any chance to rewrite this in ASH ? yes, ASH is default in OpenWRT, and it will run nicely on full Linux bash environment
bnerickson
commented
1 year ago but why python ???
think about OpenWRT devices they are limited in flash size LibreNMS have already support for OpenWRT, so it would be shame to left out WG from OpenWRT because interpreter could not fit in limited flash
is there any chance to rewrite this in ASH ? yes, ASH is default in OpenWRT, and it will run nicely on full Linux bash environment
No, this will not be rewritten in ASH. Anyone interested in writing a version that can run on OpenWRT is welcome to do so using my code as a baseline, however.
To be clear, this is aimed at supporting a Linux server running WireGuard that runs Python3.
lfanton
commented
1 year ago Hi, thanks for this code, I'm testing on my VM but its seams dosent work on Rocky Linux 8.7. My wireguard wgX.conf is like this:
`[Interface] Address = x.x.x.x ListenPort = NNNNN PrivateKey = server_private_key_xxxxxxxxxxx
[Peer] PublicKey = peer_public_key_zzzzzzzzzzzz AllowedIPs = y.y.y.y Endpoint = ServerIP:port PersistentKeepalive = 25 ` So in the json file I've used "peer_public_key_zzzzzzzzzzzz" and ="PeerName" but the output is always:
{ "wg_cmd": "/bin/wg", "public_key_to_arbitrary_name": { "wgX": { "peer_public_key_zzzzzzzzzzzz": "PeerName" } } }
{"errorString": "Command Output Parsing Error: 'list index out of range'", "error": 1, "version": 1, "data": {}}
Ok, now It work, I've more than 1 interface on my wireguard server and I've see that the code check on fixed position the outputs values. After I've temporary disable all the others interface and I've leaved only one, the script works fine.
lfanton
commented
1 year ago Hi, unfortunately the librenms graph dosnt work, json file and snmp config seams ok.
hs123org
commented
1 year ago My snmpd is running as user 'Debian-snmp' (on Ubuntu) and thus cannot execute 'wg show'. Running the python script locally as user root properly parses my JSON config and produces valid JSON much like the one see in the opening post.
Sample output of the issue:
# runuser -u Debian-snmp -- python3 /etc/snmp/wireguard.py {"errorString": "Command Execution Error: 'Command '['/usr/bin/wg', 'show', 'wg0', 'dump']' returned non-zero exit status 1.'", "error": 1, "version": 1, "data": {}}
My workaround is this as root user on the target host:
# cp /usr/bin/wg /usr/bin/mywg
# chown root:Debian-snmp /usr/bin/mywg
# chmod 4755 /usr/bin/mywg
Before using this the wireguard.json config needs to be updated to have wg_cmd to point to /usr/bin/mywg!
'runuser -u Debian-snmp -- python3 /etc/snmp/wireguard.py' now produces proper JSON output
simion-chis
commented
12 months ago @hs123org Thank you for this solution. Worked for me on Debian 12. Now I can see the graphs
sudo -u Debian-snmp /etc/snmp/wireguard.py
#output
{"errorString": "", "error": 0, "version": 1, "data": {"wg0": {"peerName": {"minutes_since_last_handshake": 1391, "bytes_rcvd": 169184, "bytes_sent": 410684}}}}
This script is the first part in a couple of PRs to add a Wireguard application to LibreNMS. This script runs a "wg" command, then parses all of the clients, traffic data, and last handshake data for each Wireguard interface. Ideally, this will be displayed to the user on both the Wireguard server's interface page as-well-as the application-specific page. For now, here's how the latter looks:
I went back-and-forth on whether to just use the public key as the identifier for clients and add the "friendly name" as an optional parameter. However, in the interest of security (sending public keys unencrypted over SNMPv2), I dropped that idea and am forcing users to define the mappings themselves.
Example script output: