artickl
commented
4 months ago Should I move the 10-minute threshold into the munin plugin config?
Closed artickl closed 4 months ago
artickl
commented
4 months ago Should I move the 10-minute threshold into the munin plugin config?
kenyon
commented
4 months ago @pimlie as the original author, can you review this?
artickl
commented
4 months ago Hi @pimlie, can you check it one more time, please? Everything is updated!
PS: Another question... I replaced the external IP address for the peer name with an internal IP address. This adjustment was necessary because I utilize WireGuard to connect my devices to my home network. As a result, my peer's IP address is always dynamic, while the internal IP address associated with the peer key remains static. Therefore, displaying the peer name by external IP address is not relevant in my situation. Do you think it makes sense? And if yes, should it be a config option?
$ diff plugins/wireguard/wireguard_ plugins/wireguard/wireguard_internal
97c97
< echo "${unsafe_peer_id//[.:]/_}"
---
> echo "${unsafe_peer_id//[.,:\/]/_}"
150c150
< peer_id=$(safe_peer_id "${peer[2]}")
---
> peer_id=$(safe_peer_id "${peer[3]}")
159c159
< up_${peer_id}.label ${peer[2]}
---
> up_${peer_id}.label ${peer[3]}
191c191
< peer_id=$(safe_peer_id "${peer[2]}")
---
> peer_id=$(safe_peer_id "${peer[3]}")
pimlie
commented
4 months ago @artickl LGTM!
Hmm, that's a good observation. My suggestion would be to differentiate between peer_id and peer_name (for use as graph label).
For the peer_id we could probably use the last 8 characters of the peer's public key, similar as to a git short hash. That should be unique enough in almost any cases. This is what we use as identifier in the munin config etc
For the peer_name we should probably make it configurable indeed, with options either the public key short hash, the endpoint or the allowed-ips. If we want to go fancy we could also add support for a dictionary that maps public keys to user defined names.
Something as follows:
[wireguard_*]
user root
# comma separated list containing: pubkey, endpoint, allowedips, mapping
env.wg_peer_naming mapping,endpoint # Display endpoint if public key short hash not found in mapping
env.wg_peer_name_map abc1234:"mobile" abcd5678:"desktop"The mapping might a bit tricky to implement in bash, but it's def. possible. We can also do that in a separate PR, let me know if you want to have a look at that
artickl
commented
4 months ago Absolutely! Let's proceed with that plan! We'll handle it in a separate pull request. I'll start working on it soon, perhaps over the weekend.
As for the current pull request, if there are no further questions, let's go ahead and merge it and then close it. I'll make sure to reference this pull request in the next one.
Enhancing the wireguard_ plugin in Munin by adding active peer information based on the latest handshake timestamp. This addition provides insights into ongoing connections. The decision to use a 10-minute interval balances the need for accuracy with minimizing data fluctuations. This enhancement improves monitoring capabilities and contributes to a more comprehensive overview of WireGuard activity.