Merge pull request #46 from mpraeger/ipsec

Add support for basic ipsec metrics

config/config.go

@@ -26,6 +26,7 @@ type Config struct {
 		InterfaceDiagnostic bool `yaml:"interface_diagnostic,omitempty"`
 		Storage             bool `yaml:"storage,omitempty"`
 		Accounting          bool `yaml:"accounting,omitempty"`
+		Ipsec               bool `yaml:"ipsec,omitempty"`
 	} `yaml:"features,omitempty"`
 }
 
@@ -61,6 +62,7 @@ func setDefaultValues(c *Config) {
 	f.Environment = true
 	f.Interfaces = true
 	f.InterfaceDiagnostic = true
+	f.Ipsec = false
 	f.OSPF = true
 	f.LDP = true
 	f.Routes = true

ipsec/ipsec_collector.go

@@ -0,0 +1,78 @@
+package ipsec
+
+import (
+	"fmt"
+
+	"github.com/czerwonk/junos_exporter/collector"
+	"github.com/czerwonk/junos_exporter/rpc"
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+const prefix string = "junos_ipsec_security_associations_"
+
+var (
+	blockState    *prometheus.Desc
+	activeTunnels *prometheus.Desc
+)
+
+func init() {
+	l := []string{"target", "description", "name"}
+
+	blockState = prometheus.NewDesc(prefix+"state", "State of the Security Association", l, nil)
+	activeTunnels = prometheus.NewDesc(prefix+"active_tunnels", "Total active tunnels", l, nil)
+}
+
+type ipsecCollector struct {
+}
+
+// NewCollector creates a new collector
+func NewCollector() collector.RPCCollector {
+	return &ipsecCollector{}
+}
+
+// Describe describes the metrics
+func (*ipsecCollector) Describe(ch chan<- *prometheus.Desc) {
+	ch <- blockState
+	ch <- activeTunnels
+}
+
+// Collect collects metrics from JunOS
+func (c *ipsecCollector) Collect(client *rpc.Client, ch chan<- prometheus.Metric, labelValues []string) error {
+	var x = IpsecRpc{}
+	err := client.RunCommandAndParse("show security ipsec security-associations", &x)
+	if err != nil {
+		return err
+	}
+
+	ls := append(labelValues, "active tunnels", "")
+	ch <- prometheus.MustNewConstMetric(activeTunnels, prometheus.GaugeValue, float64(x.Information.ActiveTunnels), ls...)
+
+	for _, block := range x.Information.SecurityAssociations {
+		c.collectForSecurityAssociation(block, ch, labelValues)
+	}
+
+	return nil
+}
+
+func (c *ipsecCollector) collectForSecurityAssociation(block IpsecSecurityAssociationBlock, ch chan<- prometheus.Metric, labelValues []string) {
+	// build SA name
+	var saName string
+	var saDesc string
+	for _, sa := range block.SecurityAssociations {
+		saName = sa.RemoteGateway
+		saDesc = fmt.Sprintf("security association for remote gateway %s", sa.RemoteGateway)
+	}
+	lp := append(labelValues, saDesc, saName)
+	stateVal := stateToInt(&block.State)
+	ch <- prometheus.MustNewConstMetric(blockState, prometheus.GaugeValue, float64(stateVal), lp...)
+}
+
+func stateToInt(state *string) int {
+	retval := 0
+
+	if *state == "up" {
+		retval = 1
+	}
+
+	return retval
+}

ipsec/rpc.go

@@ -0,0 +1,32 @@
+package ipsec
+
+// IpsecRpc is the root element for xml unmarshalling
+type IpsecRpc struct {
+	Information struct {
+		ActiveTunnels        int                             `xml:"total-active-tunnels"`
+		SecurityAssociations []IpsecSecurityAssociationBlock `xml:"ipsec-security-associations-block"`
+	} `xml:"ipsec-security-associations-information"`
+}
+
+// IpsecSecurityAssociationBlock is used for xml unmarshalling
+type IpsecSecurityAssociationBlock struct {
+	State                string                     `xml:"sa-block-state"`
+	SecurityAssociations []IpsecSecurityAssociation `xml:"ipsec-security-associations"`
+}
+
+// IpsecSecurityAssociation is used for xml unmarshalling
+type IpsecSecurityAssociation struct {
+	Direction              string `xml:"sa-direction"`
+	TunnelIndex            int64  `xml:"sa-tunnel-index"`
+	Spi                    string `xml:"sa-spi"`
+	AuxSpi                 string `xml:"sa-aux-spi"`
+	RemoteGateway          string `xml:"sa-remote-gateway"`
+	Port                   int    `xml:"sa-port"`
+	MonitoringState        string `xml:"sa-vpn-monitoring-state"`
+	Protocol               string `xml:"sa-protocol"`
+	EspEncryptionAlgorithm string `xml:"sa-esp-encryption-algorithm"`
+	HmacAlgorithm          string `xml:"sa-hmac-algorithm"`
+	HardLifetime           string `xml:"sa-hard-lifetime"`
+	LifesizeRemaining      string `xml:"sa-lifesize-remaining"`
+	VirtualSystem          string `xml:"sa-virtual-system"`
+}

junos_collector.go

@@ -14,6 +14,7 @@ import (
 	"github.com/czerwonk/junos_exporter/firewall"
 	"github.com/czerwonk/junos_exporter/interfacediagnostics"
 	"github.com/czerwonk/junos_exporter/interfaces"
+	"github.com/czerwonk/junos_exporter/ipsec"
 	"github.com/czerwonk/junos_exporter/isis"
 	"github.com/czerwonk/junos_exporter/l2circuit"
 	"github.com/czerwonk/junos_exporter/ldp"
@@ -77,6 +78,10 @@ func collectors() map[string]collector.RPCCollector {
 		m["isis"] = isis.NewCollector()
 	}
 
+	if f.Ipsec {
+		m["ipsec"] = ipsec.NewCollector()
+	}
+
 	if f.LDP {
 		m["ldp"] = ldp.NewCollector()
 	}

main.go

@@ -49,6 +49,7 @@ var (
 	firewallEnabled             = flag.Bool("firewall.enabled", true, "Scrape Firewall count metrics")
 	interfacesEnabled           = flag.Bool("interfaces.enabled", true, "Scrape interface metrics")
 	interfaceDiagnosticsEnabled = flag.Bool("ifdiag.enabled", true, "Scrape optical interface diagnostic metrics")
+	ipsecEnabled                = flag.Bool("ipsec.enabled", false, "Scrape IPSec metrics")
 	storageEnabled              = flag.Bool("storage.enabled", true, "Scrape system storage metrics")
 	accountingEnabled           = flag.Bool("accounting.enabled", false, "Scrape accounting flow metrics")
 	alarmFilter                 = flag.String("alarms.filter", "", "Regex to filter for alerts to ignore")
@@ -175,6 +176,7 @@ func loadConfigFromFlags() *config.Config {
 	f.Firewall = *firewallEnabled
 	f.Interfaces = *interfacesEnabled
 	f.InterfaceDiagnostic = *interfaceDiagnosticsEnabled
+	f.Ipsec = *ipsecEnabled
 	f.ISIS = *isisEnabled
 	f.NAT = *natEnabled
 	f.OSPF = *ospfEnabled