Mergepull30

[BartVerc]

Merging #30 into master.

[BartVerc]

Hi @rayjanoka,
I merged your changes with master to resolve the issues. Could you please test and confirm if it still works?

[rayjanoka]

Hey @BartVerc, I checked it out and it looks good!

[jirib]

Could we run it via sudo? I don't want to give full rights to exporter. Sorry, I'm not docker fan :)

This works for me:

--- a/exporters/openvpn_exporter.go
+++ b/exporters/openvpn_exporter.go
@@ -489,7 +489,7 @@ func (e *OpenVPNExporter) collectStatusFromFile(statusPath string, ch chan<- pro
 }
 
 func (e *OpenVPNExporter) collectStatusFromApi(statusPath string, ch chan<- prometheus.Metric) error {
-       cmd := exec.Command("/usr/local/openvpn_as/scripts/sacli", "VPNStatus")
+       cmd := exec.Command("/bin/sudo", "/usr/local/openvpn_as/scripts/sacli", "VPNStatus")
        var stdout, stderr bytes.Buffer
        cmd.Stdout = &stdout
        cmd.Stderr = &stderr

[jirib]

Works for me but as I don't want run docker at VPN GW:

# curl -s http://localhost:9176/metrics  | grep ^openvpn_server_build_info
openvpn_server_build_info{instance_id="openvpn_0",status_path="api",title="OpenVPN 2.4.9as1 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 25 2020"} 1

BTW, what could be also nice would be metrics for certs' expiration.

[jirib]

I see that whole process dies when there's error from ./sacli.

# ./sacli VPNStatus
ERROR: --sock parameter (u'/usr/local/openvpn_as/etc/sock/sagent.localroot', u'/usr/local/openvpn_as/etc/sock/sagent') doesn't point to active socket: util/options:79,sagent/sacli:537,sagent/sacli:310,<string>:1,sagent/sagent_entry:49,sagent/sacli:1274,util/options:79,sagent/sacli:537,sagent/sacli:310,util/error:74,util/error:55

# i use patched openvpn_exporter to run via sudo, itself running as nobody user
# su -s /bin/sh nobody -c '/usr/local/bin/openvpn_exporter -openvpn.status_type api'
2020/08/27 16:20:14 Starting OpenVPN Exporter
2020/08/27 16:20:14 Listen address: :9176
2020/08/27 16:20:14 Metrics path: /metrics
2020/08/27 16:20:14 openvpn.status_path: examples/client.status,examples/server2.status,examples/server3.status
2020/08/27 16:20:14 Ignore Individuals: false
2020/08/27 16:20:14 openvpn.status_type: api
2020/08/27 16:20:27 cmd.Run() failed with exit status 1

# su -s /bin/sh nobody -c 'sudo /usr/local/openvpn_as/scripts/sacli VPNStatus'
ERROR: --sock parameter (u'/usr/local/openvpn_as/etc/sock/sagent.localroot', u'/usr/local/openvpn_as/etc/sock/sagent') doesn't point to active socket: util/options:79,sagent/sacli:537,sagent/sacli:310,<string>:1,sagent/sagent_entry:49,sagent/sacli:1274,util/options:79,sagent/sacli:537,sagent/sacli:310,util/error:74,util/error:55

[jirib]

I suppose this causes whole process die when ./sacli VPNStatus returns error. It smells it's not correct.