Add Prometheus Service
This commit is contained in:
parent
0eca4f3eaf
commit
e7311a3963
@ -46,6 +46,10 @@ standard_wireguard_port=51820
|
||||
standard_whois_port=43
|
||||
standard_xymon_port=1984
|
||||
|
||||
# - Prometheus services
|
||||
# -
|
||||
standard_prometheus_ports="9100,9256"
|
||||
|
||||
# - Mattermost (MM) Service
|
||||
# -
|
||||
stansard_mattermost_udp_ports_in="8443"
|
||||
|
||||
@ -508,6 +508,37 @@ nc_turn_udp_ports="$standard_turn_service_udp_ports"
|
||||
# -
|
||||
tftp_server_ips=""
|
||||
|
||||
|
||||
# - Prometheus Monitoring - local Server
|
||||
# -
|
||||
# - blank separated list of IPv4 addresses
|
||||
# -
|
||||
prometheus_local_server_ips=""
|
||||
|
||||
# - (Remote) prometheus ports
|
||||
# -
|
||||
# - !! comma separated list of ports
|
||||
# -
|
||||
prometheus_remote_client_ports="$standard_prometheus_ports"
|
||||
|
||||
|
||||
# - Prometheus Monitoring - local Client
|
||||
# -
|
||||
# - blank separated list of IPv4 addresses
|
||||
# -
|
||||
prometheus_local_client_ips=""
|
||||
|
||||
# - Local prometheus ports
|
||||
# -
|
||||
# - !! comma separated list of ports
|
||||
# -
|
||||
prometheus_local_client_ports="$standard_prometheus_ports"
|
||||
|
||||
# - blank separated list of IPv4 addresses
|
||||
# -
|
||||
prometheus_remote_server_ips=""
|
||||
|
||||
|
||||
# - Munin Server
|
||||
# -
|
||||
munin_server_ips=""
|
||||
|
||||
@ -527,6 +527,37 @@ nc_turn_udp_ports="$standard_turn_service_udp_ports"
|
||||
# -
|
||||
tftp_server_ips=""
|
||||
|
||||
|
||||
# - Prometheus Monitoring - local Server
|
||||
# -
|
||||
# - blank separated list of IPv6 addresses
|
||||
# -
|
||||
prometheus_local_server_ips=""
|
||||
|
||||
# - (Remote) prometheus ports
|
||||
# -
|
||||
# - !! comma separated list of ports
|
||||
# -
|
||||
prometheus_remote_client_ports="$standard_prometheus_ports"
|
||||
|
||||
|
||||
# - Prometheus Monitoring - local Client
|
||||
# -
|
||||
# - blank separated list of IPv6 addresses
|
||||
# -
|
||||
prometheus_local_client_ips=""
|
||||
|
||||
# - Local prometheus ports
|
||||
# -
|
||||
# - !! comma separated list of ports
|
||||
# -
|
||||
prometheus_local_client_ports="$standard_prometheus_ports"
|
||||
|
||||
# - blank separated list of IPv6 addresses
|
||||
# -
|
||||
prometheus_remote_server_ips=""
|
||||
|
||||
|
||||
# - Munin Server
|
||||
# -
|
||||
munin_server_ips=""
|
||||
|
||||
@ -366,8 +366,8 @@ done
|
||||
# - (local) Dovecot auth service
|
||||
# ---
|
||||
declare -a dovecot_auth_allowed_network_arr
|
||||
for _port in $dovecot_auth_allowed_networks ; do
|
||||
dovecot_auth_allowed_network_arr+=("$_port")
|
||||
for _ip in $dovecot_auth_allowed_networks ; do
|
||||
dovecot_auth_allowed_network_arr+=("$_ip")
|
||||
done
|
||||
|
||||
# ---
|
||||
@ -440,6 +440,27 @@ for _ip in $tel_sys_ips ; do
|
||||
tel_sys_ip_arr+=("$_ip")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Prometheus Monitoring - local Server
|
||||
# ---
|
||||
declare -a prometheus_local_server_ip_arr
|
||||
for _ip in $prometheus_local_server_ips ; do
|
||||
prometheus_local_server_ip_arr+=("$_ip")
|
||||
done
|
||||
|
||||
# ---
|
||||
# - Prometheus Monitoring - local Client
|
||||
# ---
|
||||
declare -a prometheus_local_client_ip_arr
|
||||
for _ip in $prometheus_local_client_ips; do
|
||||
prometheus_local_client_ip_arr+=("$_ip")
|
||||
done
|
||||
declare -a prometheus_remote_server_ip_arr
|
||||
for _ip in $prometheus_remote_server_ips ; do
|
||||
prometheus_remote_server_ip_arr+=("$_ip")
|
||||
done
|
||||
|
||||
|
||||
# ---
|
||||
# - IP Addresses Munin
|
||||
# ---
|
||||
|
||||
@ -1573,6 +1573,40 @@ done
|
||||
echo_done
|
||||
|
||||
|
||||
# ---
|
||||
# - Prometheus Monitoring - local Server
|
||||
# ---
|
||||
|
||||
echononl "\t\tLocal Prometheus Service"
|
||||
|
||||
if [[ ${#prometheus_local_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
for _ip in ${prometheus_local_server_ip_arr[@]} ; do
|
||||
$ip6t -A OUTPUT -p tcp -s $_ip -m multiport --dports $prometheus_remote_client_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Prometheus Monitoring - local client
|
||||
# ---
|
||||
|
||||
echononl "\t\tLocal Prometheus Client"
|
||||
|
||||
if [[ ${#prometheus_local_client_ip_arr[@]} -gt 0 ]] && [[ ${#prometheus_remote_server_ip_arr[@]} -gt 0 ]]; then
|
||||
for _ip in ${prometheus_local_client_ip_arr[@]} ; do
|
||||
for _ip in ${prometheus_remote_server_ip_arr[@]} ; do
|
||||
$ip6t -A INPUT -p tcp -d $_ip -m multiport --dports $prometheus_local_client_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Munin remote service
|
||||
# ---
|
||||
@ -1603,13 +1637,13 @@ if [[ ${#munin_server_ip_arr[@]} -gt 0 ]] || [[ ${#forward_munin_server_ip_arr[@
|
||||
|
||||
if [[ ${#munin_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
for _ip in ${munin_server_ip_arr[@]} ; do
|
||||
$ip6t -A OUTPUT -p tcp --syn -s $_ip --dport $munin_remote_port -m state --state NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -p tcp -s $_ip --dport $munin_remote_port -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
if [[ ${#forward_munin_server_ip_arr[@]} -gt 0 ]] && $kernel_forward_between_interfaces ; then
|
||||
for _ip in ${forward_munin_server_ip_arr[@]} ; do
|
||||
$ip6t -A FORWARD -p tcp --syn -s $_ip --dport $munin_remote_port -m state --state NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -p tcp -s $_ip --dport $munin_remote_port -m state --state NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
@ -1745,6 +1745,40 @@ done
|
||||
echo_done
|
||||
|
||||
|
||||
# ---
|
||||
# - Prometheus Monitoring - local Server
|
||||
# ---
|
||||
|
||||
echononl "\t\tLocal Prometheus Service"
|
||||
|
||||
if [[ ${#prometheus_local_server_ip_arr[@]} -gt 0 ]] ; then
|
||||
for _ip in ${prometheus_local_server_ip_arr[@]} ; do
|
||||
$ipt -A OUTPUT -p tcp -s $_ip -m multiport --dports $prometheus_remote_client_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Prometheus Monitoring - local client
|
||||
# ---
|
||||
|
||||
echononl "\t\tLocal Prometheus Client"
|
||||
|
||||
if [[ ${#prometheus_local_client_ip_arr[@]} -gt 0 ]] && [[ ${#prometheus_remote_server_ip_arr[@]} -gt 0 ]]; then
|
||||
for _ip in ${prometheus_local_client_ip_arr[@]} ; do
|
||||
for _ip in ${prometheus_remote_server_ip_arr[@]} ; do
|
||||
$ipt -A INPUT -p tcp -d $_ip -m multiport --dports $prometheus_local_client_ports -m state --state NEW -j ACCEPT
|
||||
done
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Munin remote service
|
||||
# ---
|
||||
@ -1753,9 +1787,9 @@ echononl "\t\tMunin remote service"
|
||||
|
||||
if [ "X$munin_remote_ip" != "X" ]; then
|
||||
for _dev in ${ext_if_arr[@]} ; do
|
||||
$ipt -A INPUT -i $_dev -p tcp --syn -s $munin_remote_ip --dport $munin_local_port -m state --state NEW -j ACCEPT
|
||||
$ipt -A INPUT -i $_dev -p tcp -s $munin_remote_ip --dport $munin_local_port -m state --state NEW -j ACCEPT
|
||||
if $kernel_activate_forwarding ; then
|
||||
$ipt -A FORWARD -i $_dev -p tcp --syn -s $munin_remote_ip --dport $munin_local_port -m state --state NEW -j ACCEPT
|
||||
$ipt -A FORWARD -i $_dev -p tcp-s $munin_remote_ip --dport $munin_local_port -m state --state NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user