OPNSense Prometheus exporter

These details have not been verified by PyPI

Project links

Homepage

Project description

OPNSense Prometheus exporter

I've configures OPNSense with High Availability settings using 2 servers.

So I've 2 servers: MAIN and BACKUP, in normal situation MAIN server is expected to be active and the BACKUP server to be in hot_standby state.

The initial needs was to be able to make sure that BACKUP server is ready (hot standby) to get the main server role with the active state at any time.

Unfortunately I've not found a proper configuration to call OPNSense HTTP API over opnvpn on backup server using blackbox configuratoin. That why I've started to develop this exporter install on a server on the LAN to be able to resquest both OPNSense servers.

Metrics

This exporter gives following metrics, all metrics received following labels:

instance: by default this is set with the hostname where is running this exporter service
host: the host of the OPNSense
role: main or backup to determine the OPNSense server role.

Enums

opnsense_main_ha_state: (deprecated) OPNSense HA state of the MAIN server
opnsense_backup_ha_state: (deprecated) OPNSense HA state of the BACKUP server
opnsense_server_ha_state: OPNSense HA state, on of following value:
- active: that OPNSense server is receiving traffic
- hot_standby: the OPNSense server is ready to be promote as active server
- maintenancemode: the OPNSense server was turned into maintenance mode
- unavailable: the OPNSense server wasn't accessible or return unexpected value

Gauges

opnsense_active_server_traffic_rate: Active OPNSense server traffic rate per interfaces bits/s add following labels:
- interface: the interface to export (values given using --opnsense-interfaces)
- metric: the metric name (as today one of rate_bits_in, rate_bits_in)

Usage

Note: Most updated documentation from command line !

opnsense-exporter --help
usage: opnsense-exporter [-h] [--check-frequency-seconds FREQUENCY]
                         [--main-host MAIN] [--backup-host BACKUP]
                         [--opnsense-user USER]
                         [--opnsense-interfaces INTERFACES]
                         [--opnsense-password PASSWORD]
                         [--prometheus-instance PROM_INSTANCE]

OPNSense prometheus exporter

optional arguments:
  -h, --help            show this help message and exit
  --check-frequency-seconds FREQUENCY, -c FREQUENCY
                        How often (in seconds) this server requests
                        OPNSense servers (default: 2)
  --main-host MAIN, -m MAIN
                        MAIN OPNsense server that should be in `active`
                        state in normal configuration.
  --backup-host BACKUP, -b BACKUP
                        BACKUP OPNsense server that should be `hot_standby`
                        state in normal configuration.
  --opnsense-user USER, -u USER
                        OPNsense user. Expect to be the same on MAIN and
                        BACKUP servers
  --opnsense-interfaces INTERFACES, -i INTERFACES
                        OPNsense interfaces (coma separated) list to
                        export trafic rates (bytes/s). An empty string ''
                        means not calling the traffic diagnostic REST API
                        so no `opnsense_active_server_traffic_rate`
                        metric. (default: wan,lan)
  --opnsense-timeout-sec-get-vip-status GET_VIP_STATUS_TIMEOUT_SEC
                        Allow to configure timeout while requesting
                        OPNSense REST API
                        /api/diagnostics/interface/get_vip_status/
                        (default: 5)
  --opnsense-timeout-sec-get-traffic GET_TRAFFIC_TIMEOUT_SEC
                        Allow to configure timeout while requesting
                        OPNSense REST API
                        /api/diagnostics/traffic/top/[INTERFACES]
                        (default: 15)
  --opnsense-password PASSWORD, -p PASSWORD
                        OPNsense password. Expect to be the same on MAIN
                        and BACKUP servers
  --prometheus-instance PROM_INSTANCE
                        Exporter Instance name, default value computed with
                        hostname where the server is running. Use to set
                        the instance label. (default: my-opnsense-prom-exporter-server)

You can setup env through .env file or environment variables with defined as default values (so command line will get the precedent):

CHECK_FREQUENCY_SECONDS: default value for --check-frequency-seconds param
OPNSENSE_MAIN_HOST: default value for --main-host param
OPNSENSE_BACKUP_HOST: default value for --backup-host param
OPNSENSE_USERNAME: default value for --opnsense-user param
OPNSENSE_PASSWORD: default value for --opnsense-password param
OPNSENSE_INTERFACES: default value for --opnsense-interfaces param
OPNSENSE_TIMEOUT_SEC_GET_VIP_STATUS: default value for --opnsense-timeout-sec-get-vip-status param
OPNSENSE_TIMEOUT_SEC_GET_TRAFFIC: default value for --opnsense-timeout-sec-get-traffic param

Roadmap

allow to change the listening port (today it force using 8000)
improves logging to get a debug mode to understand errors based on unexpected payloads

Changelog

Version 1.1.0 (2023-09-06)

allow to configure OPNSense REST API calls timeout per REST API endpoint adding --opnsense-timeout-sec-get-vip-status and --opnsense-timeout-sec-get-traffic parameters.

Version 1.0.0 (2023-09-06)

remove opnsense_main_ha_state and opnsense_backup_ha_state metrics marked as deprecated on version 0.5.0 and replace by opnsense_server_ha_state and role label
allow empty string interfaces to not call diagnostic traffic REST API

Version 0.5.1 (2023-09-04)

FIX opnsense_server_ha_state calls were not implemented

Version 0.5.0 (2023-09-04)

add role label in metrics
all to configure supervised interfaces using --opnsense-interfaces
replace active_server_bytes_received and active_server_bytes_transmitted by opnsense_active_server_traffic_rate
add opnsense_server_ha_state and mark opnsense_main_ha_state and opnsense_backup_ha_state as deprecated.

Version 0.4.0 (2023-09-02)

Higher timeout while getting WAN traffic info

Version 0.3.0 (2023-09-02)

Use proper method to compute WAN traffic

Version 0.2.0 (2023-09-01)

Setup automatic release from gitlab while pushing new tag

Version 0.1.0 (2023-09-01)

Initial version

Project details

These details have not been verified by PyPI

Project links

Homepage

Release history Release notifications | RSS feed

This version

1.1.0

Sep 6, 2023

1.0.0

Sep 6, 2023

0.5.1

Sep 3, 2023

0.5.0

Sep 3, 2023

0.4.0

Sep 2, 2023

0.3.0

Sep 2, 2023

0.2.0

Sep 1, 2023

0.1.0

Sep 1, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

opnsense-prom-exporter-1.1.0.tar.gz (13.0 kB view hashes)

Uploaded Sep 6, 2023 Source

Built Distribution

opnsense_prom_exporter-1.1.0-py3-none-any.whl (12.3 kB view hashes)

Uploaded Sep 6, 2023 Python 3

Hashes for opnsense-prom-exporter-1.1.0.tar.gz

Hashes for opnsense-prom-exporter-1.1.0.tar.gz
Algorithm	Hash digest
SHA256	`4807b1b5490c9dd164556e5c77c307f97edc008c510b152fd5559586f9492106`
MD5	`56aad28369fcaacfdf456ee975b5a546`
BLAKE2b-256	`7cb6e4e5c087aa465bc308d9af64f8280fcd6d489ad14380ee9715a8706ca0ec`

Hashes for opnsense_prom_exporter-1.1.0-py3-none-any.whl

Hashes for opnsense_prom_exporter-1.1.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`27e2b2b584c55b0003bc518ebcfb89ce526642305ce4822ad28763eebab69896`
MD5	`1e7ab7700d3acc97db095736b92d1d63`
BLAKE2b-256	`506d1f8d8860dce2561b06ecc4af23e911020e13298e8a792eba2a4f829b5636`