From e054d35cc0b422b7770e410d5eab98ffb5fa43fe Mon Sep 17 00:00:00 2001 From: Ruslan Gilfanov Date: Sun, 21 Jun 2026 23:12:05 +0300 Subject: [PATCH] =?UTF-8?q?monitoring:=20OpenVPN=20per-client=20(openvpn?= =?UTF-8?q?=5Fexporter=20=D0=BD=D0=B0=20ru1=20+=20=D0=B4=D0=B0=D1=88=D0=B1?= =?UTF-8?q?=D0=BE=D1=80=D0=B4)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- stacks/monitoring-agent/docker-compose.yml | 17 +++-- .../provisioning/dashboards/openvpn.json | 76 +++++++++++++++++++ stacks/monitoring/prometheus/prometheus.yml | 4 + .../prometheus/targets/openvpn/ru1.yml | 3 + 4 files changed, 95 insertions(+), 5 deletions(-) create mode 100644 stacks/monitoring/grafana/provisioning/dashboards/openvpn.json create mode 100644 stacks/monitoring/prometheus/targets/openvpn/ru1.yml diff --git a/stacks/monitoring-agent/docker-compose.yml b/stacks/monitoring-agent/docker-compose.yml index 83524fb..76622d7 100644 --- a/stacks/monitoring-agent/docker-compose.yml +++ b/stacks/monitoring-agent/docker-compose.yml @@ -1,8 +1,5 @@ -# Каноничный агент мониторинга для удалённой ноды: node-exporter + cadvisor в host-network -# (node-exporter видит реальные интерфейсы хоста — ens3/eth0/wg*/tun*). -# Порты 9100/8080 ОБЯЗАТЕЛЬНО закрыть на ноде только для IP fr1 -# (ufw allow from / iptables INPUT DROP ! -s ). Скрейп — по публичному IP ноды. -# Используется на ru1. de1 пока на старом bridge-варианте (сетевые метрики = docker-бридж). +# Агент мониторинга ru1: node-exporter + cadvisor (host-net) + openvpn-exporter. +# Порты 9100/8080/9176 закрыты iptables INPUT (только fr1 161.97.93.252). Скрейп — по публичному IP. name: monitoring-agent services: @@ -34,3 +31,13 @@ services: - /sys:/sys:ro - /var/lib/docker/:/var/lib/docker:ro - /dev/disk/:/dev/disk:ro + + openvpn-exporter: + image: kumina/openvpn-exporter:latest + network_mode: host + restart: unless-stopped + command: + - -openvpn.status_paths=/run/openvpn-server/status-openvpn.log,/var/log/openvpn-ru-status.log + volumes: + - /run/openvpn-server:/run/openvpn-server:ro + - /var/log:/var/log:ro diff --git a/stacks/monitoring/grafana/provisioning/dashboards/openvpn.json b/stacks/monitoring/grafana/provisioning/dashboards/openvpn.json new file mode 100644 index 0000000..a522438 --- /dev/null +++ b/stacks/monitoring/grafana/provisioning/dashboards/openvpn.json @@ -0,0 +1,76 @@ +{ + "uid": "openvpn-clients", + "title": "OpenVPN — клиенты", + "tags": ["openvpn", "vpn", "infra"], + "timezone": "browser", + "schemaVersion": 39, + "version": 1, + "refresh": "30s", + "time": { "from": "now-24h", "to": "now" }, + "templating": { + "list": [ + { + "name": "instance", "type": "query", + "datasource": { "type": "prometheus", "uid": "prometheus" }, + "query": { "query": "label_values(openvpn_up, instance)", "refId": "v" }, + "refresh": 2, "includeAll": true, "multi": true, "current": { "text": "All", "value": "$__all" } + } + ] + }, + "panels": [ + { + "type": "stat", "title": "Клиентов онлайн", "gridPos": { "h": 4, "w": 8, "x": 0, "y": 0 }, + "datasource": { "type": "prometheus", "uid": "prometheus" }, + "fieldConfig": { "defaults": { "unit": "short", "color": { "mode": "fixed", "fixedColor": "green" } } }, + "targets": [ { "expr": "sum(openvpn_openvpn_server_connected_clients{instance=~\"$instance\"})", "refId": "A" } ] + }, + { + "type": "stat", "title": "Скачано клиентами (за период)", "gridPos": { "h": 4, "w": 8, "x": 8, "y": 0 }, + "datasource": { "type": "prometheus", "uid": "prometheus" }, + "fieldConfig": { "defaults": { "unit": "bytes", "color": { "mode": "fixed", "fixedColor": "blue" } } }, + "options": { "graphMode": "area" }, + "targets": [ { "expr": "sum(increase(openvpn_server_client_sent_bytes_total{instance=~\"$instance\"}[$__range]))", "refId": "A" } ] + }, + { + "type": "stat", "title": "Загружено клиентами (за период)", "gridPos": { "h": 4, "w": 8, "x": 16, "y": 0 }, + "datasource": { "type": "prometheus", "uid": "prometheus" }, + "fieldConfig": { "defaults": { "unit": "bytes", "color": { "mode": "fixed", "fixedColor": "purple" } } }, + "options": { "graphMode": "area" }, + "targets": [ { "expr": "sum(increase(openvpn_server_client_received_bytes_total{instance=~\"$instance\"}[$__range]))", "refId": "A" } ] + }, + { + "type": "table", "title": "Активные клиенты (кто / откуда / VPN-IP / когда подключился)", "gridPos": { "h": 8, "w": 24, "x": 0, "y": 4 }, + "datasource": { "type": "prometheus", "uid": "prometheus" }, + "targets": [ { "expr": "openvpn_server_client_received_bytes_total{instance=~\"$instance\"}", "refId": "A", "instant": true, "format": "table" } ], + "transformations": [ + { "id": "organize", "options": { + "excludeByName": { "Time": true, "__name__": true, "job": true, "username": true, "Value": true }, + "renameByName": { + "common_name": "Клиент", "instance": "Сервер (нода)", "real_address": "Откуда (real IP)", + "virtual_address": "VPN IP", "status_path": "Профиль", "connection_time": "Подключён (unix)" + } + } } + ], + "fieldConfig": { "defaults": {}, "overrides": [] } + }, + { + "type": "timeseries", "title": "Download по клиентам (сервер → клиент), бит/с", "gridPos": { "h": 8, "w": 12, "x": 0, "y": 12 }, + "datasource": { "type": "prometheus", "uid": "prometheus" }, + "fieldConfig": { "defaults": { "unit": "bps", "custom": { "drawStyle": "line", "lineWidth": 2, "fillOpacity": 10 } } }, + "targets": [ { "expr": "rate(openvpn_server_client_sent_bytes_total{instance=~\"$instance\"}[$__rate_interval])*8", "legendFormat": "{{common_name}}", "refId": "A" } ] + }, + { + "type": "timeseries", "title": "Upload по клиентам (клиент → сервер), бит/с", "gridPos": { "h": 8, "w": 12, "x": 12, "y": 12 }, + "datasource": { "type": "prometheus", "uid": "prometheus" }, + "fieldConfig": { "defaults": { "unit": "bps", "custom": { "drawStyle": "line", "lineWidth": 2, "fillOpacity": 10 } } }, + "targets": [ { "expr": "rate(openvpn_server_client_received_bytes_total{instance=~\"$instance\"}[$__rate_interval])*8", "legendFormat": "{{common_name}}", "refId": "A" } ] + }, + { + "type": "bargauge", "title": "Трафик по клиентам за период (download + upload)", "gridPos": { "h": 7, "w": 24, "x": 0, "y": 20 }, + "datasource": { "type": "prometheus", "uid": "prometheus" }, + "fieldConfig": { "defaults": { "unit": "bytes" } }, + "options": { "displayMode": "gradient", "orientation": "horizontal" }, + "targets": [ { "expr": "sum by (common_name) (increase(openvpn_server_client_sent_bytes_total{instance=~\"$instance\"}[$__range]) + increase(openvpn_server_client_received_bytes_total{instance=~\"$instance\"}[$__range]))", "legendFormat": "{{common_name}}", "refId": "A", "instant": true } ] + } + ] +} diff --git a/stacks/monitoring/prometheus/prometheus.yml b/stacks/monitoring/prometheus/prometheus.yml index e7e6a70..79c8d5a 100644 --- a/stacks/monitoring/prometheus/prometheus.yml +++ b/stacks/monitoring/prometheus/prometheus.yml @@ -31,3 +31,7 @@ scrape_configs: - targets: ["gitea:3000"] labels: instance: fr1 + + - job_name: openvpn + file_sd_configs: + - files: ["/etc/prometheus/targets/openvpn/*.yml"] diff --git a/stacks/monitoring/prometheus/targets/openvpn/ru1.yml b/stacks/monitoring/prometheus/targets/openvpn/ru1.yml new file mode 100644 index 0000000..59da4df --- /dev/null +++ b/stacks/monitoring/prometheus/targets/openvpn/ru1.yml @@ -0,0 +1,3 @@ +- targets: ["85.198.109.86:9176"] + labels: + instance: ru1