diff --git a/.drone.yml b/.drone.yml deleted file mode 100644 index e241c76..0000000 --- a/.drone.yml +++ /dev/null @@ -1,610 +0,0 @@ ---- -kind: pipeline -type: kubernetes -name: linter - -clone: - disable: true - -platform: - os: linux - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: markdown lint - commands: - - markdownlint *.md - image: git.cryptic.systems/volker.raschek/markdownlint:0.45.0 - resources: - limits: - cpu: 150 - memory: 150M - -- name: email-notification - environment: - SMTP_FROM_ADDRESS: - from_secret: smtp_from_address - SMTP_FROM_NAME: - from_secret: smtp_from_name - SMTP_HOST: - from_secret: smtp_host - SMTP_USERNAME: - from_secret: smtp_username - SMTP_PASSWORD: - from_secret: smtp_password - image: git.cryptic.systems/volker.raschek/drone-email:0.2.0 - resources: - limits: - cpu: 150 - memory: 150M - when: - status: - - changed - - failure - -trigger: - event: - exclude: - - tag - ---- -kind: pipeline -type: docker -name: unit-test-amd64 - -clone: - disable: true - -platform: - arch: amd64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: unit-test - commands: - - go test -v ./... - image: docker.io/library/golang:1.24.3 - -trigger: - event: - exclude: - - tag - ---- -kind: pipeline -type: docker -name: unit-test-arm64 - -clone: - disable: true - -platform: - arch: arm64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: unit-test - commands: - - go test -v ./... - image: docker.io/library/golang:1.24.3 - -trigger: - event: - include: - - pull_request - - push - exclude: - - tag - ---- -kind: pipeline -type: docker -name: dry-run-amd64 - -clone: - disable: true - -depends_on: -- linter -- unit-test-amd64 - -platform: - os: linux - arch: amd64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: build - image: docker.io/plugins/docker:20.18.8 - settings: - auto_tag: false - dockerfile: Dockerfile - dry_run: true - force_tag: true - no_cache: true - purge: true - mirror: - from_secret: docker_io_mirror - registry: git.cryptic.systems - repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter - tags: latest-amd64 - username: - from_secret: git_cryptic_systems_container_registry_user - password: - from_secret: git_cryptic_systems_container_registry_password - -- name: email-notification - environment: - SMTP_FROM_ADDRESS: - from_secret: smtp_from_address - SMTP_FROM_NAME: - from_secret: smtp_from_name - SMTP_HOST: - from_secret: smtp_host - SMTP_USERNAME: - from_secret: smtp_username - SMTP_PASSWORD: - from_secret: smtp_password - image: git.cryptic.systems/volker.raschek/drone-email:0.2.0 - when: - status: - - changed - - failure - -trigger: - branch: - exclude: - - master - event: - - pull_request - - push - repo: - - volker.raschek/prometheus-fail2ban-exporter - ---- -kind: pipeline -type: docker -name: dry-run-arm64-v8 - -clone: - disable: true - -depends_on: -- linter -- unit-test-arm64 - -platform: - os: linux - arch: arm64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: build - image: docker.io/plugins/docker:20.18.8 - settings: - auto_tag: false - dockerfile: Dockerfile - dry_run: true - force_tag: true - no_cache: true - purge: true - mirror: - from_secret: docker_io_mirror - registry: git.cryptic.systems - repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter - tags: latest-arm64-v8 - username: - from_secret: git_cryptic_systems_container_registry_user - password: - from_secret: git_cryptic_systems_container_registry_password - -- name: email-notification - environment: - SMTP_FROM_ADDRESS: - from_secret: smtp_from_address - SMTP_FROM_NAME: - from_secret: smtp_from_name - SMTP_HOST: - from_secret: smtp_host - SMTP_USERNAME: - from_secret: smtp_username - SMTP_PASSWORD: - from_secret: smtp_password - image: git.cryptic.systems/volker.raschek/drone-email:0.2.0 - when: - status: - - changed - - failure - -trigger: - branch: - exclude: - - master - event: - - pull_request - - push - repo: - - volker.raschek/prometheus-fail2ban-exporter - ---- -kind: pipeline -type: docker -name: latest-amd64 - -clone: - disable: true - -depends_on: -- linter -- unit-test-amd64 - -platform: - os: linux - arch: amd64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: build - image: docker.io/plugins/docker:20.18.8 - settings: - auto_tag: false - dockerfile: Dockerfile - force_tag: true - no_cache: true - purge: true - mirror: - from_secret: docker_io_mirror - registry: git.cryptic.systems - repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter - tags: latest-amd64 - username: - from_secret: git_cryptic_systems_container_registry_user - password: - from_secret: git_cryptic_systems_container_registry_password - -- name: email-notification - environment: - SMTP_FROM_ADDRESS: - from_secret: smtp_from_address - SMTP_FROM_NAME: - from_secret: smtp_from_name - SMTP_HOST: - from_secret: smtp_host - SMTP_USERNAME: - from_secret: smtp_username - SMTP_PASSWORD: - from_secret: smtp_password - image: git.cryptic.systems/volker.raschek/drone-email:0.2.0 - when: - status: - - changed - - failure - -trigger: - branch: - - master - event: - - cron - - push - repo: - - volker.raschek/prometheus-fail2ban-exporter - ---- -kind: pipeline -type: docker -name: latest-arm64-v8 - -clone: - disable: true - -depends_on: -- linter -- unit-test-arm64 - -platform: - os: linux - arch: arm64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: build - image: docker.io/plugins/docker:20.18.8 - settings: - auto_tag: false - dockerfile: Dockerfile - force_tag: true - no_cache: true - purge: true - mirror: - from_secret: docker_io_mirror - registry: git.cryptic.systems - repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter - tags: latest-arm64-v8 - username: - from_secret: git_cryptic_systems_container_registry_user - password: - from_secret: git_cryptic_systems_container_registry_password - -- name: email-notification - environment: - SMTP_FROM_ADDRESS: - from_secret: smtp_from_address - SMTP_FROM_NAME: - from_secret: smtp_from_name - SMTP_HOST: - from_secret: smtp_host - SMTP_USERNAME: - from_secret: smtp_username - SMTP_PASSWORD: - from_secret: smtp_password - image: git.cryptic.systems/volker.raschek/drone-email:0.2.0 - when: - status: - - changed - - failure - -trigger: - branch: - - master - event: - - cron - - push - repo: - - volker.raschek/prometheus-fail2ban-exporter - ---- -kind: pipeline -type: kubernetes -name: latest-manifest - -clone: - disable: true - -depends_on: -- latest-amd64 -- latest-arm64-v8 - -# docker.io/plugins/manifest only for amd64 architectures available -node_selector: - kubernetes.io/os: linux - kubernetes.io/arch: amd64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: build-manifest - image: docker.io/plugins/manifest:1.4.0 - settings: - auto_tag: false - ignore_missing: true - spec: manifest.tmpl - username: - from_secret: git_cryptic_systems_container_registry_user - password: - from_secret: git_cryptic_systems_container_registry_password - -- name: email-notification - environment: - SMTP_FROM_ADDRESS: - from_secret: smtp_from_address - SMTP_FROM_NAME: - from_secret: smtp_from_name - SMTP_HOST: - from_secret: smtp_host - SMTP_USERNAME: - from_secret: smtp_username - SMTP_PASSWORD: - from_secret: smtp_password - image: git.cryptic.systems/volker.raschek/drone-email:0.2.0 - resources: - limits: - cpu: 150 - memory: 150M - when: - status: - - changed - - failure - -trigger: - branch: - - master - event: - - cron - - push - repo: - - volker.raschek/prometheus-fail2ban-exporter - ---- -kind: pipeline -type: docker -name: tagged-amd64 - -clone: - disable: true - -platform: - os: linux - arch: amd64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: build - image: docker.io/plugins/docker:20.18.8 - settings: - auto_tag: true - auto_tag_suffix: amd64 - dockerfile: Dockerfile - force_tag: true - no_cache: true - purge: true - mirror: - from_secret: docker_io_mirror - registry: git.cryptic.systems - repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter - username: - from_secret: git_cryptic_systems_container_registry_user - password: - from_secret: git_cryptic_systems_container_registry_password - build_args: - - VERSION=${DRONE_TAG} - -- name: email-notification - environment: - SMTP_FROM_ADDRESS: - from_secret: smtp_from_address - SMTP_FROM_NAME: - from_secret: smtp_from_name - SMTP_HOST: - from_secret: smtp_host - SMTP_USERNAME: - from_secret: smtp_username - SMTP_PASSWORD: - from_secret: smtp_password - image: git.cryptic.systems/volker.raschek/drone-email:0.2.0 - when: - status: - - changed - - failure - -trigger: - event: - - tag - repo: - - volker.raschek/prometheus-fail2ban-exporter - ---- -kind: pipeline -type: docker -name: tagged-arm64-v8 - -clone: - disable: true - -platform: - os: linux - arch: arm64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: build - image: docker.io/plugins/docker:20.18.8 - settings: - auto_tag: true - auto_tag_suffix: arm64-v8 - dockerfile: Dockerfile - force_tag: true - no_cache: true - purge: true - mirror: - from_secret: docker_io_mirror - registry: git.cryptic.systems - repo: git.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter - username: - from_secret: git_cryptic_systems_container_registry_user - password: - from_secret: git_cryptic_systems_container_registry_password - build_args: - - VERSION=${DRONE_TAG} - -- name: email-notification - environment: - SMTP_FROM_ADDRESS: - from_secret: smtp_from_address - SMTP_FROM_NAME: - from_secret: smtp_from_name - SMTP_HOST: - from_secret: smtp_host - SMTP_USERNAME: - from_secret: smtp_username - SMTP_PASSWORD: - from_secret: smtp_password - image: git.cryptic.systems/volker.raschek/drone-email:0.2.0 - when: - status: - - changed - - failure - -trigger: - event: - - tag - repo: - - volker.raschek/prometheus-fail2ban-exporter - ---- -kind: pipeline -type: kubernetes -name: tagged-manifest - -clone: - disable: true - -depends_on: -- tagged-amd64 -- tagged-arm64-v8 - -# docker.io/plugins/manifest only for amd64 architectures available -node_selector: - kubernetes.io/os: linux - kubernetes.io/arch: amd64 - -steps: -- name: clone - image: git.cryptic.systems/volker.raschek/git:1.4.0 - -- name: build-manifest - image: docker.io/plugins/manifest:1.4.0 - settings: - auto_tag: true - ignore_missing: true - spec: manifest.tmpl - username: - from_secret: git_cryptic_systems_container_registry_user - password: - from_secret: git_cryptic_systems_container_registry_password - -- name: email-notification - environment: - SMTP_FROM_ADDRESS: - from_secret: smtp_from_address - SMTP_FROM_NAME: - from_secret: smtp_from_name - SMTP_HOST: - from_secret: smtp_host - SMTP_USERNAME: - from_secret: smtp_username - SMTP_PASSWORD: - from_secret: smtp_password - image: git.cryptic.systems/volker.raschek/drone-email:0.2.0 - resources: - limits: - cpu: 150 - memory: 150M - when: - status: - - changed - - failure - -trigger: - event: - - tag - repo: - - volker.raschek/prometheus-fail2ban-exporter diff --git a/.markdownlint.yaml b/.markdownlint.yaml index 0e98dd1..34c4081 100644 --- a/.markdownlint.yaml +++ b/.markdownlint.yaml @@ -45,19 +45,17 @@ MD012: # MD013/line-length - Line length MD013: # Number of characters - line_length: 80 + line_length: 120 # Number of characters for headings - heading_line_length: 80 + heading_line_length: 120 # Number of characters for code blocks - code_block_line_length: 80 + code_block_line_length: 120 # Include code blocks code_blocks: false # Include tables tables: false # Include headings headings: true - # Include headings - headers: true # Strict length checking strict: false # Stern length checking @@ -70,11 +68,6 @@ MD022: # Blank lines below heading lines_below: 1 -# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content -MD024: - # Only check sibling headings - allow_different_nesting: true - # MD025/single-title/single-h1 - Multiple top-level headings in the same document MD025: # Heading level diff --git a/README.md b/README.md index 6267fbd..d10f685 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,7 @@ # prometheus-fail2ban-exporter -[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/prometheus-fail2ban-exporter/status.svg)](https://drone.cryptic.systems/volker.raschek/prometheus-fail2ban-exporter) - -This is a fork of Hector's fail2ban -[exporter](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter). This -fork contains some changes to get the application running in a kubernetes -cluster. +This is a fork of Hector's fail2ban [exporter](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter). This fork +contains some changes to get the application running in a kubernetes cluster. ## Table of Contents @@ -21,8 +17,8 @@ The exporter can be run as a standalone binary or a docker container. ### 1.1. Standalone -The following command will start collecting metrics from the -`/var/run/fail2ban/fail2ban.sock` file and expose them on port `9191`. +The following command will start collecting metrics from the `/var/run/fail2ban/fail2ban.sock` file and expose them on +port `9191`. ```bash $ fail2ban_exporter --collector.f2b.socket=/var/run/fail2ban/fail2ban.sock --web.listen-address=":9191" @@ -35,12 +31,10 @@ $ fail2ban_exporter --collector.f2b.socket=/var/run/fail2ban/fail2ban.sock --web ``` Binary files for each release can be found on the -[releases](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases) -page. +[releases](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/releases) page. -There is also an [example systemd service -file](/_examples/systemd/fail2ban_exporter.service) included in the repository. -This is a starting point to run the exporter as a service. +There is also an [example systemd service file](/_examples/systemd/fail2ban_exporter.service) included in the +repository. This is a starting point to run the exporter as a service. ### 1.2. Docker @@ -68,14 +62,11 @@ services: ``` Use the `:latest` tag to get the latest stable release. See the [registry -page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry) -for all available tags. +page](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/container_registry) for all available tags. -**NOTE:** While it is possible to mount the `fail2ban.sock` file directly, it is -recommended to mount the parent folder instead. The `.sock` file is deleted by -fail2ban on shutdown and re-created on startup and this causes problems for the -docker mount. See [this -reply](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/issues/11#note_665003499) +**NOTE:** While it is possible to mount the `fail2ban.sock` file directly, it is recommended to mount the parent folder +instead. The `.sock` file is deleted by fail2ban on shutdown and re-created on startup and this causes problems for the +docker mount. See [this reply](https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/issues/11#note_665003499) for more details. ## 2. Metrics @@ -117,20 +108,18 @@ Status for the jail: sshd ### 2.1. Grafana -The metrics exported by this tool are compatible with Prometheus and Grafana. A -sample grafana dashboard can be found in the -[grafana.json](/_examples/grafana/dashboard.json) file. Just import the contents -of this file into a new Grafana dashboard to get started. +The metrics exported by this tool are compatible with Prometheus and Grafana. A sample grafana dashboard can be found in +the [grafana.json](/_examples/grafana/dashboard.json) file. Just import the contents of this file into a new Grafana +dashboard to get started. -The dashboard supports displaying data from multiple exporters. Use the -`instance` dashboard variable to select which ones to display. +The dashboard supports displaying data from multiple exporters. Use the `instance` dashboard variable to select which +ones to display. *(Sample dashboard is compatible with Grafana `9.1.8` and above)* ## 3. Configuration -The exporter is configured with CLI flags and environment variables. -There are no configuration files. +The exporter is configured with CLI flags and environment variables. There are no configuration files. ### CLI flags @@ -164,8 +153,7 @@ Flags: ### Environment variables -Each environment variable corresponds to a CLI flag. -If both are specified, the CLI flag takes precedence. +Each environment variable corresponds to a CLI flag. If both are specified, the CLI flag takes precedence. | Environment variable | Corresponding CLI flag | |---------------------------------|---------------------------------------------------| @@ -185,23 +173,18 @@ Building from source has the following dependencies: From there, simply run `make build` -This will download the necessary dependencies and build a `fail2ban_exporter` -binary in the root of the project. +This will download the necessary dependencies and build a `fail2ban_exporter` binary in the root of the project. ## 5. Textfile metrics -For more flexibility the exporter also allows exporting metrics collected from a -text file. +For more flexibility the exporter also allows exporting metrics collected from a text file. -To enable textfile metrics provide the directory to read files from with the -`--collector.textfile.directory` flag. +To enable textfile metrics provide the directory to read files from with the `--collector.textfile.directory` flag. -Metrics collected from these files will be exposed directly alongside the other -metrics without any additional processing. This means that it is the -responsibility of the file creator to ensure the format is correct. +Metrics collected from these files will be exposed directly alongside the other metrics without any additional +processing. This means that it is the responsibility of the file creator to ensure the format is correct. -By exporting textfile metrics an extra metric is also exported with an error -count for each file: +By exporting textfile metrics an extra metric is also exported with an error count for each file: ```text # HELP textfile_error Checks for errors while reading text files @@ -213,8 +196,7 @@ textfile_error{path="file.prom"} 0 ### Running in Docker -To collect textfile metrics inside a docker container, a couple of things need -to be done: +To collect textfile metrics inside a docker container, a couple of things need to be done: 1. Mount the folder with the metrics files 2. Set the `F2B_COLLECTOR_TEXT_PATH` environment variable