Removing the changelog file from the repo because we are moving to auto generating a changelog for each release.
This file has also always been out of date between releases, making it pointless to have in the repo itself.
Update the example grafana dashboard to add support for multiple
exporter instances. This includes updating panel queries and display
names.
The grafana version has been bumped to 9.1.8.
Add a new startup option to exit the exporter when an error occurs when connecting to the fail2ban socket file.
This option is set to "false" by default.
Rewrite the project README file to be more succinct and to the point. Add
new section on getting started quickly with either docker or the standalone
binary file.
Update CHANGELOG file with recent changes.
Add a basic systemd service file to serve as an example on how to run the
exporter as a system service. Add short README with an overview of the
service file.
Update the goreleaser config to rename the output binary and archive names
to `fail2ban_exporter` instead of defaulting to the project name. This
better aligns with conventions used by other exporters.
Update Dockerfile and Makefile to follow the new naming scheme.
Update the output archives to wrap the build files in a folder. This makes
extracting the archives a little easier.
BREAKING CHANGE: Release binary name has been changed to `fail2ban_exporter`.
Add a new method to the application startup to listen for OS shutdown
signals and handle them appropriately. A shutdown signal will cause the
app to exit immediately.
Use correct syntax for the `ENTRYPOINT` field in the Dockerfile to ensure
that OS signals get passed down to the running application.
Replace existing CLI flags to make them more consistent and follow a more
standard format.
Remove CLI flags and environment variables that are no longer relevant.
Add short `-v` option for version flag.
Update README with new documentation.
BREAKING CHANGE: Replace `--socket` flag with `--collector.f2b.socket`.
BREAKING CHANGE: Merge `--port` flag and `--web.listen-address` into a single flag.
BREAKING CHANGE: Remove `--collector.textfile` flag, its value is now derived from `--collector.textfile.directory`.
BREAKING CHANGE: Remove `F2B_COLLECTOR_TEXT` and `F2B_WEB_PORT` environment variables.
Update the docker image to remove the `run.sh` script and instead run the
exporter directly. This keeps the docker image as simple as possible.
Update README file with extra info on how to collect textfile metrics in
a docker container.
BREAKING CHANGE: Using the textfile collector in docker now requires setting environment variables.
Update the exporter logging on startup to include the exporter version,
the path to the fail2ban socket, and whether basic-auth is enabled or not.
Fix code printing error messages on invalid CLI parameters to correct line
breaks and correctly print the "usage" information.
Update the CLI param parser to include a default value for the fail2ban
socket file path. This is the default location fail2ban creates the socket
file on an ubuntu-based system.
Update the Dockerfile entrypoint script to use the correct version flag
syntax. The flag now requires two dashes instead of one. The syntax for
the texfile collector has also change, and the script was updated
accordingly.
Fix incorrect order of variable assignment when parsing CLI flags.
Replace CLI parsing functionality with the `kingpin` library to better
support configuring the tool with environment variables.
Add new environment variables to configure the tool.
BREAKING CHANGE: CLI params now require two dashes instead of one (e.g. `--socket`)
Add new CLI parameters to enable protecting the API endpoints with basic
auth authentication.
Wrap the server endpoints in a new auth middleware that protects it using
the provided basic auth credentials (if set).
Store the provided basic auth credentials as hashed values to prevent them
from being accidentally leaked.
Add unit tests to ensure the new functionality works as expected.
Update the sample Grafana dashboard to use a variable for the data
source. All panels have been updated to use the new variable. This makes
it easier to import the dashboard and have it work with different data
sources.
Add new -web.listen-address command line parameter, so that the
listening interface can be limited. This follows a similar style as
the official prometheus-node-exporter project.
Update project README with the new parameter.
Remove all database-based metrics from the metrics endpoint.
Remove all code related to pulling metrics from the fail2ban database.
Remove all configuration variables related to the fail2ban database.
The CLI parameter for the database path was not removed to avoid breaking
compatibility.
Update docker entrypoint to remove references to the fail2ban database.
Remove all references to the old database metrics from the README.
Add new metrics around basic jail configuration. The new metrics expose the
max retries, ban time, and find time for each jail.
Update project README with the new metrics.
Create a new `collector` folder to store the code for the different
collectors. Move the existing f2b and textfile collectors to this folder.
Minor refactors to the f2b collector to better match the code style of the
newer textfile collector.
Update the goreleaser config to remove windows builds. It doesn't make
sense to build binaries for windows because fail2ban does not provide any
binary for windows. If windows support is required, docker can be used.
Add support for collecting arbitrary metrics from a textfile as well as
metrics collected from fail2ban. This allows other data to be exported
along with the fail2ban metrics (e.g. instance metadata).
Update the docker image to allow mounting a folder with a collection of
metric files to be exported. Only files ending in `.prom` with be read.
Update project README with the new functionality.
Add a new request handler for the root URL (`/`) to render a simple HTML
page with a link to the metrics page. This follows the convention of other
metric exporters.
Update the exporter startup to add more log messages. The server address,
port, and metrics path are now logged on startup.
A "ready" log message is printed when the server is up and running.
Split out all the code to define exporter functions and collect data into
a new package. The new package is responsible for all exporter related
activity. This makes the code easier to read.
Split the code for collecting metrics from the database and from the socket
into different files to make the separation more obvious.
Add a new `f2b_version` metric that includes the version of the fail2ban
server and the exporter.
Add a new socket command to get back the fail2ban server version.
Update the project changelog.
Refactor the changelog structure to no longer be fully automated. It now
includes some manual tweaks.
Update the Makefile command to generate a new `CHANGELOG_gen.md` file
instead of overwriting the existing Changelog file.
Update all old database-based metrics to include the `deprecated` text.
Add a warning on startup if connecting to the fail2ban database to state
that this functionality will be removed in a future release.
Rename deprecated methods and variables.
Add new metric to collect the number of errors found when connecting to the
fail2ban server socket. Errors are split into two categories: connection
errors (e.g. socket file not found), and request errors (e.g. invalid
response received from server).
Update the `up` metric to return `0` if the socket connection fails.
Improve error logging.
Update the code collecting metrics to open a new socket connection each
time metrics are collected. This ensures that a new socket connection is
used each time and avoids errors caused by fail2ban being restarted.
Update the docker container to support mounting the fail2ban server socket
and pointing the exporter at it. This allows the exporter to interact with
the socket from within the container.
The entire `/var/run` folder is mounted instead of just the socket file to
correctly handle fail2ban restarts (where the file will be deleted).
Add new metric to track the total number of jails configured in fail2ban.
Add new metrics for the current and total number of filter failures for
each jail, as well as the current/total number of banned IPs per jail.
The new metrics are collected by sending the `status [jail]` command to the
fail2ban server and parsing the response data.
Read the response data from the socket in chunks to prevent errors when
processing large payloads. The initial implementation solved large payloads
by just defining a very large buffer, but this is not a solution. The new
code reads the socket data in a loop until a terminator is found and
appends all the data into a single byte array.
Reduce the buffer size to `1024` bytes.
Add support for connecting the exporter directly to the fail2ban server's
socket to send requests and receive data. The path to the socket file is
optional and specified on startup.
Export a new metric based on the response of the `ping` command sent to the
fail2ban server. The metric is set to 1 if the server responds with `pong`
and 0 in any other case. This metric is only shown if the path to the
socket file was provided on startup.
Update the database query counting the number of banned IPs to filter out
any bans that have already expired. An expired ban is defined as a ban
where the "time of ban" plus the "duration of ban" is less than the
current time.
This is necessary because bans that have expired are not automatically
removed from the database and will cause metrics to diverge from the counts
reported by `fail2ban-client`.
Add a new metric to count the number of database errors that have been
found since startup. This complements the `up` metric to have better
visibility into occasional database errors.
The `up` metric is now based on whether an error was found while reading
data from the database to build other metrics. Note that there is a chance
the `up` metric will not be correctly set if the last metric to be built
before the `up` metric does not throw an error.
Add a new prometheus metric to track which jails are currently enabled.
Add a new database query to read the jail name and enabled status from the
database.
Add new metric to readme file.
Update the Gitlab CI/CD pipeline to include a step to build and push the
project docker image. The CI/CD step uses existing Makefile commands to
build the docker image.
Update the project Dockerfile to compile the tool during the docker build
instead of assuming the goreleaser tool was run previously. This allows
for custom data to be set in the compiled tool (e.g. compiled by docker)
and removes the dependency on another build step.
Update the Makefile to include a new command to build the tool for docker
which sets the version data correctly. Rename the docker commands to follow
the `docker/build-...` format to avoid confusion with the build commands.
Update the project structure to move all golang files to a new `src/`
folder. This keeps all the code located in the same place and easier to
work with.
Update the Makefile and goreleaser config to continue to work with the new
folder structure.
Add a project Dockerfile to allow deploying the application in a docker
container. Add a `run.sh` script to start the application in the container.
Add Makefile commands to build the docker image based on the Dockerfile.
Fix possible nil reference error in the `db` package.
Remove the `CGO_ENABLED=0` flag from the `goreleaser` configuration. This
was causing the compiled binary to throw segmentation errors when
collecting metrics.
Add the `git-chglog` tool to handle auto-generating the project changelog
based on the commit history. Add a custom configuration and file template.
Update the Makefile to include a command to generate the changelog.
Update the Gitlab CI/CD process to include a build stage that uses
`goreleaser` to build and package the application. The output of the build
is stored as an artifact for 1 day.
Add the `goreleaser` tool to the repository to handle building and
publishing the application. Add a simple configuration file to build the
application for all major OS versions.
Update the Makefile to include commands to build release and snapshot
versions of the tool.
Add a placeholder CHANGELOG file to be included in the package files.
Add a check when connecting to the sqlite3 database to ensure that the file
exists before connecting. If the file does not exist, the connection fails.
Add support for configuring CLI parameters in the application using a new
`cfg` package. The `cfg` package exports an `AppSettings` struct that
contains the settings the application was run with.
Update the application to use the new CLI parameters to set the db to open
and the port to use for the metrics server.
Add support for setting the app version during build. The app includes a
`-version` flag to print the stored version data.
Export the number of banned IPs stored in the fail2ban database as well
as the number of bad IPs.
Update the queries used to collect data to better handle cases where the
database table for bad/banned IPs is empty. The new query always lists all
jails, even when the count is zero.
Update exported metrics to spit the number of bad IPs per jail using metric
value labels. This includes a change to the database code to use a
different query that groups the count by the `jail` column.
Add dependencies on `sqlite` to allow connecting to the fail2ban database.
Add a new `db` module to handle all the database connections and data
queries used to generate metrics.
Export a new metric for the total number of bad IPs stored in the fail2ban
database.
Add dependency on the prometheus library to start exporting metrics. Add
a new `up` metric that always returns `1` to ensure the exporter is
working as expected.
The `.service` file in this directory should be copied to the `/etc/systemd/system/` folder.
- It expects the binary file to be installed at `/usr/sbin/fail2ban_exporter`.
- It expects a user named `fail2ban_exporter` to exist. This user should not have a shell or any special privileges
aside from read-access to the fail2ban socket file.
- It expects a user named `fail2ban_exporter` to exist. This user should not have a shell or any special privileges aside from read-access to the fail2ban socket file.
The `ExecStart` line can be modified to add any custom CLI flags.
Description=Prometheus exporter for fail2ban metrics
Requires=network-online.target
After=network-online.target
[Service]
EnvironmentFile=/etc/conf.d/EXECUTABLE
ExecStart=/usr/bin/EXECUTABLE
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5s
NoNewPrivileges=true
# NOTE: Would be great to create and use a dedicated user/group via
# sysusers.conf to access the fail2ban socket, but currently it is no possible
# without manual configuration of the fail2ban daemon.
User=root
Group=root
[Install]
WantedBy=multi-user.target
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.