chore(everything): too much honestly

2023-06-27 21:00:25 +02:00 · 2023-06-27 21:00:25 +02:00 · 58a66099c3
commit 58a66099c3
parent 8147aa8e88
14 changed files with 357 additions and 355 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1 @@
 target
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,3 @@
 /debug
 /target
 Cargo.lock
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -0,0 +1,23 @@
 include:
  - project: 'famedly/infra/templates/ci-cd'
    ref: 'rust-v1'
    file: '/rust.yml'
  - project: 'famedly/infra/templates/ci-cd'
    ref: 'docker-v1'
    file: '/docker.yml'
 stages:
  - test
  - build
 cargo-check:
  extends: .cargo_check
 cargo-build:
  extends: .cargo_build
 docker_releases:
  extends: .docker_releases
 docker_tags:
  extends: .docker_tags
--- a/Cargo.toml
+++ b/Cargo.toml
@ -8,9 +8,9 @@ edition = "2021"
 [dependencies]
 config = { version = "0.13.1", features = ["yaml"] }
 serde = { version = "1.0", features = ["derive"] }
-prometheus-client = "0.19.0"
+metrics = "0.21.0"
 metrics-exporter-prometheus = { version = "0.12.1", features = ["http-listener"] }
 futures-util = "0.3.25"
 axum = "0.6.12"
 tokio = { version = "1.21.2", features = ["rt-multi-thread","macros"] }
 rsvici = "0.1"
 anyhow = "1.0.70"
--- a/11
+++ b/11
@ -0,0 +1,11 @@
 FROM registry.gitlab.com/famedly/infra/containers/rust:main as builder
 COPY . /app
 WORKDIR /app
 RUN cargo build --release
 FROM debian:stable-slim
 RUN mkdir -p /opt/openmetrics-vici-exporter
 WORKDIR /opt/openmetrics-vici-exporter
 COPY --from=builder /app/target/release/openmetrics-vici-exporter /usr/local/bin/openmetrics-vici-exporter
 CMD ["/usr/local/bin/openmetrics-vici-exporter"]
--- a/config.yml
+++ b/config.yml
@ -1,5 +1,7 @@
 ---
-vici_socket: "/var/run/charon.vici"
+vici:
-actix_bind_addr: "0.0.0.0"
+  socket: "/var/run/charon.vici"
-actix_bind_port: "80"
+  interval: 10
-actix_auth_token: ""
+server:
  address: "0.0.0.0"
  port: 8001
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -0,0 +1,15 @@
 version: '3'
 services:
  ove:
    restart: "unless-stopped"
    environment:
      - VICI_EXPORTER_VICI_SOCKET="/var/run/charon.vici"
      - VICI_EXPORTER_VICI_INTERVAL=10
      - VICI_EXPORTER_SERVER_ADDRESS=0.0.0.0
      - VICI_EXPORTER_SERVER_PORT=8001
    volumes:
      #- ./config.yml:/opt/openmetrics-vici-exporter/config.yml
      - /var/run/charon.vici:/var/run/charon.vici
    ports:
      - 8111:80/tcp
--- a/rustfmt.toml
+++ b/rustfmt.toml
@ -0,0 +1 @@
 max_width = 120
--- a/shell.nix
+++ b/shell.nix
@ -0,0 +1,5 @@
 { pkgs ? import <nixpkgs> {} }:
  pkgs.mkShell {
    packages = with pkgs; [ rustc cargo gcc rustfmt clippy ];
    name = "rust-env";
 }
--- a/src/config.rs
+++ b/src/config.rs
@ -0,0 +1,41 @@
 use anyhow::Result;
 use config::Config;
 use serde::Deserialize;
 use std::net::{IpAddr, SocketAddr};
 #[derive(Debug, Deserialize)]
 pub struct WebServerConfig {
    pub address: IpAddr,
    pub port: u16,
 }
 impl Into<SocketAddr> for &WebServerConfig {
    fn into(self) -> SocketAddr {
        SocketAddr::from((self.address, self.port))
    }
 }
 #[derive(Debug, Deserialize)]
 pub struct VICIConfig {
    pub socket: String,
    pub interval: u64,
 }
 #[derive(Debug, Deserialize)]
 pub struct Configuration {
    pub server: WebServerConfig,
    pub vici: VICIConfig,
 }
 impl Configuration {
    pub async fn load() -> Result<Configuration> {
        let mut s = Config::builder();
        if std::fs::metadata("config").is_ok(){
            s = s.add_source(config::File::with_name("config"));
        } else { println!("config file not found. continuing with env vars... ") };
        s = s.add_source(config::Environment::with_prefix("VICI_EXPORTER").separator("_"));
 //        s.build().unwrap();
        let conf: Configuration = s.build().unwrap().try_deserialize().unwrap();
        Ok(conf)
    }
 }
--- a/src/main.rs
+++ b/src/main.rs
@ -1,104 +1,56 @@
-#![allow(dead_code)]
+use metrics::{
-
+    describe_gauge, 
-use axum::{
+    gauge, 
-    response::IntoResponse,
+    describe_counter,
-    http::{
+    counter, 
-        StatusCode,
+    IntoLabels, 
-        header::{self}
+    Unit};
-    },
+use metrics_exporter_prometheus::PrometheusBuilder;
-    extract::State,
+use tokio::time::{interval, Duration, MissedTickBehavior};
    routing::get,
    Router,
 };
 use prometheus_client::{
    registry::Registry,
    metrics::{
        family::Family,
    }
 };
 use std::{
 //    collections::HashMap,
 //    error::Error,
    sync::Arc,
    net::{IpAddr,SocketAddr},
 //    path::Path,
 };
 use serde::Deserialize;
 use config::Config;
 pub mod config;
 pub mod vici;
 pub mod metrics;
 #[derive(Debug, Deserialize)]
 struct Configuration {
    vici_socket: String,
    axum_bind_addr: IpAddr,
    axum_bind_port: u16,
 }
 pub async fn metrics_handler(State(state): State<Arc<AppState>>) -> impl IntoResponse {
    let state: Arc<AppState> = state.clone();
    let mut buffer = String::new();
    prometheus_client::encoding::text::encode(&mut buffer, &state.registry).unwrap();
    (
        StatusCode::OK,
        [(header::CONTENT_TYPE, "application/openmetrics-text; version=1.0.0; charset=utf-8")],
        buffer,
    )
 }
 pub struct AppState {
    pub registry: Registry,
    pub vici: vici::VICIState,
 }
 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
-    let settings = Config::builder()
+    let conf = config::Configuration::load().await?;
-        .add_source(config::File::with_name("config"))
+    let mut vici_client = rsvici::unix::connect(conf.vici.socket).await?;
        .add_source(config::Environment::with_prefix("VICI_EXPORTER"))
        .build()
        .unwrap();
    let mut conf: Configuration = settings.try_deserialize().unwrap();
    let mut vici_client = rsvici::unix::connect(conf.vici_socket).await?;
    let mut vici_state: vici::VICIState;
-    let metrics = Arc::new(metrics::Metrics {
+    let mut interval = interval(Duration::from_secs(conf.vici.interval));
-        sa_uptime: Family::default(),
+    interval.set_missed_tick_behavior(MissedTickBehavior::Skip);
    });
-    let mut initial_registery = Registry::default();
+    PrometheusBuilder::new()
        .with_http_listener(&conf.server)
        .install()
        .expect("failed to install recorder/exporter");
-    initial_registery.register(
+    describe_gauge!("sa_uptime", Unit::Seconds, "");
-        "sa_uptime",
+    describe_gauge!("sa_rekey_time", Unit::Seconds, "");
        "How Long a connection has been established",
        metrics.sa_uptime.clone(),
    );
-    let mut state = Arc::new(
+    describe_counter!("sa_child_bytes_out", Unit::Bytes, "");
-        AppState {
+    describe_counter!("sa_child_bytes_in", Unit::Bytes, "");
            registry: initial_registery,
            vici: vici::VICIState::update(&mut vici_client).await?,
        },
    );
    loop {
        let vici_state = vici::VICIState::update(&mut vici_client).await?;
        for (sa_name, sa_values) in vici_state.security_associations {
            let mut labels = sa_values.into_labels();
            labels.push((&("sa_name", sa_name.clone())).into());
-    let addr = SocketAddr::from((conf.axum_bind_addr,conf.axum_bind_port));
+            gauge!("sa_uptime", sa_values.established as f64, labels.clone());
-    let app = Router::new()
+            gauge!("sa_rekey_time", sa_values.rekey_time as f64, labels.clone());
-        .route("/metrics",get(metrics_handler))
+            //gauge!("sa_state")
-        .with_state(state);
+            for (sa_child_name, sa_child_values) in sa_values.child_security_associations {
                let mut child_labels = sa_child_values.into_labels();
                child_labels.push((&("sa_name", sa_name.clone())).into());
                child_labels.push((&("sa_child_name", sa_child_name)).into());
                counter!("sa_child_bytes_in", sa_child_values.bytes_in, child_labels.clone());
                counter!("sa_child_bytes_out", sa_child_values.bytes_out, child_labels.clone());
                counter!("sa_child_packets_in", sa_child_values.packets_in, child_labels.clone());
                counter!("sa_child_packets_out", sa_child_values.packets_out, child_labels.clone());
-    axum::Server::bind(&addr)
+            }
-        .serve(app.into_make_service())
+        }
-        .await
+        interval.tick().await;
-        .unwrap();
+    }
    Ok(())
 }
--- a/src/metrics.rs
+++ b/src/metrics.rs
@ -1,25 +0,0 @@
 use prometheus_client::{
    metrics::{
        family::Family,
        gauge::Gauge,
    }
 };
 use anyhow::Result;
 use crate::vici;
 pub mod labels;
 pub struct Metrics {
    pub sa_uptime: Family<labels::SecurityAssociationLabels, Gauge>,
 }
 impl Metrics {
    pub async fn sa_uptime(&self, security_associations: vici::SecurityAssociations) -> Result<()>{
        for named_sa in security_associations.into_iter() {
            let label_set = labels::SecurityAssociationLabels::set_from_sa(&mut named_sa).await?;
            let (_sa_name, sa_value) = named_sa;
            self.sa_uptime.get_or_create(&label_set).set(sa_value.established as i64);
        }
        Ok(());
    }
 }
--- a/src/metrics/labels.rs
+++ b/src/metrics/labels.rs
@ -1,65 +0,0 @@
 use serde::Deserialize;
 use prometheus_client::encoding::{EncodeLabelValue,EncodeLabelSet};
 use crate::vici;
 use anyhow::Result;
 // I don't really wanna define *all* of this here, it's gonna get really tedious and uncomfortable to maintain.
 /*
 #[derive(Debug, Deserialize, Clone, Hash, PartialEq, Eq)]
 pub struct SecurityAssociationLabels {
    pub uniqueid: String,
    pub local_id: String,
    pub local_host: String,
    pub local_port: u16,
    pub remote_id: String,
    pub remote_host: String,
    pub remote_port: u16,
 }
 */
 #[derive(Debug, Deserialize, Clone, Hash, PartialEq, Eq)]
 pub struct SecurityAssociationInfo {
    pub uniqueid:       String,
    pub version:        u8,
    pub local_host:     String,
    pub local_port:     u16,
    pub local_id:       String,
    pub remote_host:    String,
    pub remote_port:    u16,
    pub remote_id:      String,
    pub if_id_in:       String,
    pub if_id_out:      String,
    pub encr_alg:       String,
    pub encr_keysize:   String,
    pub integ_alg:      String,
    pub integ_keysize:  String,
    pub prf_alg:        String,
    pub dh_group:       Option<String>,
    pub local_vips:     Vec<String>,
    pub remote_vips:    Vec<String>,
 }
 #[derive(Debug, Clone, Hash, PartialEq, Eq, EncodeLabelSet)]
 pub struct SecurityAssociationLabels {
    pub name: String,
    pub uniqueid: String,
    pub ike_version: u8,
    pub local_id: String,
    pub remote_id: String,
 }
 impl SecurityAssociationLabels {
    pub async fn set_from_sa(sa: &mut vici::NamedSecurityAssociation) -> Result<SecurityAssociationLabels> {
        let (sa_name, sa_value) = sa;
        Ok(SecurityAssociationLabels {
            name: sa_name,
            uniqueid: sa_value.uniqueid,
            ike_version: sa_value.version,
            local_id: sa_value.local_id.unwrap(),
            remote_id: sa_value.remote_id.unwrap(),
        })
    }
 }
--- a/src/vici.rs
+++ b/src/vici.rs
@ -6,6 +6,7 @@ use std::collections::HashMap;
 use futures_util::stream::StreamExt;
 use anyhow::Result;
 use metrics::{IntoLabels,Label};
 #[derive(Debug, Deserialize)]
 pub struct VICIState {
@ -24,22 +25,31 @@ impl VICIState {
        Ok(VICIState {
            version: client.request("version", ()).await?,
            statistics: client.request("statistics", ()).await?,
-                policies:               collected_stream::<NamedPolicy, Policies>(client, "list-policies", "list-policy").await,
+            policies: collected_stream::<NamedPolicy, Policies>(client, "list-policies", "list-policy").await?,
-                connections:            collected_stream::<NamedConnection, Connections>(client, "list-connections", "list-conn").await,
+            connections: collected_stream::<NamedConnection, Connections>(client, "list-connections", "list-conn")
-                security_associations:  collected_stream::<NamedSecurityAssociation, SecurityAssociations>(client, "list-sas", "list-sa").await,
+                .await?,
-                certificates:           collected_stream::<NamedCertificate, Certificates>(client, "list-certs", "list-cert").await,
+            security_associations: collected_stream::<NamedSecurityAssociation, SecurityAssociations>(
-                authorities:            collected_stream::<NamedAuthority, Authorities>(client, "list-authorities", "list-authority").await,
+                client, "list-sas", "list-sa",
-                pools:                  collected_stream::<NamedPool, Pools>(client, "list-pools", "list-pool").await,
+            )
            .await?,
            certificates: collected_stream::<NamedCertificate, Certificates>(client, "list-certs", "list-cert").await?,
            authorities: collected_stream::<NamedAuthority, Authorities>(client, "list-authorities", "list-authority")
                .await?,
            pools: collected_stream::<NamedPool, Pools>(client, "list-pools", "list-pool").await?,
        })
    }
 }
-async fn collected_stream<N,C>(client: &mut rsvici::Client, command: &str, event: &str) -> C
+async fn collected_stream<N, C>(client: &mut rsvici::Client, command: &str, event: &str) -> Result<C>
 where
    N: for<'de> serde::Deserialize<'de>,
    C: std::iter::Extend<N> + Default,
 {
-    client.stream_request::<(), N>(command, event, ()).filter_map(|event| async move {event.ok()}).collect::<C>().await
+    Ok(client
        .stream_request::<(), N>(command, event, ())
        .filter_map(|event| async move { event.ok() })
        .collect::<C>()
        .await)
 }
 // Structs for parsing the control interface
@ -59,7 +69,7 @@ pub struct Statistics {
    pub workers: StatisticsWorkers,
    pub queues: StatisticsJobPriorities,
    pub scheduled: String,
-    pub ikesecurity_associations: StatisticsIKESecurityAssociations,
+    pub ikesas: StatisticsIKESecurityAssociations,
    pub plugins: Vec<String>,
    pub mem: Option<StatisticsMem>,
    pub mallinfo: Option<StatisticsMallinfo>,
@ -119,11 +129,12 @@ pub struct Policy {
 }
 #[derive(Debug, Deserialize)]
 #[serde(rename_all = "snake_case")]
 pub enum PolicyMode {
-    tunnel,
+    Tunnel,
-    transport,
+    Transport,
-    pass,
+    Pass,
-    drop,
+    Drop,
 }
 pub type Connections = HashMap<String, Conn>;
@ -167,10 +178,11 @@ pub struct ConnChildSection {
 }
 #[derive(Debug, Deserialize, Clone, Hash, PartialEq, Eq)]
 #[serde(rename_all = "UPPERCASE")]
 pub enum ChildSecurityAssociationMode {
-    TUNNEL,
+    Tunnel,
-    TRANSPORT,
+    Transport,
-    BEET,
+    Beet,
 }
 #[derive(Debug, Deserialize, Clone, Hash, PartialEq, Eq)]
 pub enum ChildSecurityAssociationProtocol {
@ -182,17 +194,27 @@ pub type SecurityAssociations = HashMap<String, SecurityAssociation>;
 pub type NamedSecurityAssociation = (String, SecurityAssociation);
 impl IntoLabels for &SecurityAssociation {
    fn into_labels(self) -> Vec<Label> {
        vec![
            (&("uniqueid", self.uniqueid.clone())).into(),
            (&("remote_id", self.remote_id.clone())).into(),
            (&("local_id", self.local_id.clone())).into(),
        ]
    }
 }
 #[derive(Debug, Deserialize)]
 pub struct SecurityAssociation {
    pub uniqueid: String,
    pub version: u8,
    pub state: String,
-    pub local_host:                  Option<String>,
+    pub local_host: String,
-    pub local_port:                  Option<u16>,
+    pub local_port: u16,
-    pub local_id:                    Option<String>,
+    pub local_id: String,
-    pub remote_host:                 Option<String>,
+    pub remote_host: String,
-    pub remote_port:                 Option<u16>,
+    pub remote_port: u16,
-    pub remote_id:                   Option<String>,
+    pub remote_id: String,
    pub remote_xauth_id: Option<String>,
    pub remote_epa_id: Option<String>,
    pub initiator: Option<bool>,
@ -211,16 +233,27 @@ pub struct SecurityAssociation {
    pub prf_alg: Option<String>,
    pub dh_group: Option<String>,
    pub established: u64,
-    pub rekey_time:                  Option<u32>,
+    pub rekey_time: u32,
    pub reauth_time: Option<u32>,
    pub local_vips: Option<Vec<String>>,
    pub remote_vips: Option<Vec<String>>,
    pub tasks_queued: Option<Vec<String>>,
    pub tasks_active: Option<Vec<String>>,
    pub tasks_passive: Option<Vec<String>>,
-    pub child_security_associations: Option<HashMap<String, SecurityAssociationChild>>,
+    pub child_security_associations: HashMap<String, SecurityAssociationChild>,
 }
 impl IntoLabels for &SecurityAssociationChild {
    fn into_labels(self) -> Vec<Label> {
        vec![
            (&("child_uniqueid", self.uniqueid.clone())).into(),
            (&("child_reqid", self.reqid.clone())).into(),
        ]
    }
 }
 #[derive(Debug, Deserialize)]
 pub struct SecurityAssociationChild {
    pub name: String,
@ -253,7 +286,7 @@ pub struct SecurityAssociationChild {
    pub bytes_out: u64,
    pub packets_out: u64,
    pub use_out: Option<u32>,
-    pub rekey_time:     Option<u32>,
+    pub rekey_time: u32,
    pub life_time: u32,
    pub install_time: u64,
    pub local_ts: Vec<String>,
@ -278,10 +311,14 @@ pub struct Cert {
 #[derive(Debug, Deserialize)]
 pub enum CertType {
    X509,
-    X509_AC,
+    #[serde(alias = "X509_AC")]
-    X509_CRL,
+    X509AC,
-    OSCP_RESPONSE,
+    #[serde(alias = "X509_CRL")]
-    PUBKEY,
+    X509CRL,
    #[serde(alias = "OSCP_RESPONSE")]
    OSCPResponse,
    #[serde(alias = "PUBKEY")]
    PubKey,
 }
 #[derive(Debug, Deserialize)]
@ -308,17 +345,17 @@ pub type Pools = HashMap<String, Pool>;
 pub type NamedPool = (String, Pool);
-#[derive(Debug,Deserialize)]
+#[derive(Debug, Deserialize)]
 pub struct Pool {
    pub name: String,
    pub base: String,
    pub size: u128,
    pub online: u128,
    pub offline: u128,
-    pub leases:  Option<HashMap<u16,PoolLease>>,
+    pub leases: Option<HashMap<u16, PoolLease>>,
 }
-#[derive(Debug,Deserialize)]
+#[derive(Debug, Deserialize)]
 pub struct PoolLease {
    pub address: String,
    pub identity: String,
@ -326,7 +363,8 @@ pub struct PoolLease {
 }
 #[derive(Debug, Deserialize)]
 #[serde(rename_all = "lowercase")]
 pub enum PoolLeaseStatus {
-    online,
+    Online,
-    offline,
+    Offline,
 }