mirror of
https://github.com/munin-monitoring/contrib.git
synced 2025-07-21 18:41:03 +00:00
4c6df3d282
[mas_]: Add plugin to check users on a matrix authentication service (currently only for matrix synapse)
169 lines
4.6 KiB
Bash
169 lines
4.6 KiB
Bash
#!/usr/bin/env sh
|
|
# shellcheck shell=dash
|
|
|
|
set -e
|
|
|
|
: << =cut
|
|
|
|
=head1 NAME
|
|
|
|
mas_ - Monitor users on a matrix authentication service over admin API
|
|
|
|
=head1 APPLICABLE SYSTEMS
|
|
|
|
Matrix authentication service (currently only with matrix-synapse systems)
|
|
|
|
=head1 CONFIGURATION
|
|
|
|
Requires installed curl and jq, a command-line json processor.
|
|
|
|
This is a wildcard plugin. It monitors some simple values over the admin API
|
|
of matrix authentication service. Link mas_<masurl> to this file. The admin
|
|
endpoint has to be reachable from the plugin. The adminapi endpoint on the
|
|
matrix authentication service has to be enabled and a client (with client_id
|
|
and client_id) has to be configured accordingly.
|
|
|
|
ln -s /usr/share/munin/plugins/mas_ \
|
|
/etc/munin/plugins/mas_domain.tld
|
|
|
|
Set parameters in your munin-node configuration
|
|
|
|
[mas_masurl]
|
|
env.client_id <client_id>
|
|
env.client_secret <client_secret>
|
|
env.bot_names <list of bot names>
|
|
env.port <port>
|
|
env.scheme <default: https>
|
|
env.timeout <default: 2s>
|
|
|
|
To monitor a matrix authentication service instance on localhost you need
|
|
following:
|
|
|
|
ln -s /usr/share/munin/plugins/mas_ \
|
|
/etc/munin/plugins/mas_localhost
|
|
|
|
[mas_localhost]
|
|
env.client_id <client_id>
|
|
env.client_secret <client_secret>
|
|
env.port 8081
|
|
env.scheme http
|
|
|
|
=head1 AUTHOR
|
|
|
|
Copyright (C) 2025 Sebastian L. (https://momou.ch),
|
|
|
|
=head1 LICENSE
|
|
|
|
GPLv2
|
|
|
|
=head1 MAGIC MARKERS
|
|
|
|
#%# family=manual
|
|
#%# capabilities=autoconf
|
|
|
|
=cut
|
|
|
|
# shellcheck disable=SC1090
|
|
. "$MUNIN_LIBDIR/plugins/plugin.sh"
|
|
|
|
if [ "${MUNIN_DEBUG:-0}" = 1 ]; then
|
|
set -x
|
|
fi
|
|
|
|
CLIENT_ID="${client_id:-}"
|
|
CLIENT_SECRET="${client_secret:-}"
|
|
PORT="${port:-443}"
|
|
QUERY_LIMIT="${query_limit:-10000}"
|
|
MASSERVER="${0##*mas_}"
|
|
SCHEME="${scheme:-https}://"
|
|
TIMEOUT="${timeout:-2}"
|
|
CLEANMASSERVER="$(clean_fieldname "${MASSERVER}")"
|
|
|
|
get_access_token () {
|
|
ACCESS_TOKEN=$(curl -s -f -m "${TIMEOUT}" -u "$CLIENT_ID:$CLIENT_SECRET" -d "grant_type=client_credentials&scope=urn:mas:admin" "${SCHEME}${MASSERVER}/oauth2/token" | jq -r '.access_token')
|
|
}
|
|
|
|
fetch_url () {
|
|
get_access_token
|
|
curl -s -f -m "${TIMEOUT}" "$@"
|
|
}
|
|
|
|
case $1 in
|
|
|
|
autoconf)
|
|
if [ ! -x "$(command -v curl)" ]; then
|
|
echo "no (curl not found)"
|
|
elif [ ! -x "$(command -v jq)" ]; then
|
|
echo "no (jq not found)"
|
|
else
|
|
get_access_token
|
|
fetch_url -I -H "Authorization: Bearer ${ACCESS_TOKEN}" -I "${SCHEME}${MASSERVER}:${PORT}/api/admin/v1/users" \
|
|
| grep -iq "Content-Type: application/json" \
|
|
&& echo "yes" \
|
|
|| echo "no (invalid or empty response from matrix authentication service admin api)"
|
|
fi
|
|
exit 0
|
|
;;
|
|
config)
|
|
|
|
cat << EOM
|
|
multigraph mas_users_${CLEANMASSERVER}
|
|
graph_title Users on ${MASSERVER} (matrix authentication service)
|
|
graph_args --base 1000 -l 0
|
|
graph_printf %.0lf
|
|
graph_vlabel users
|
|
graph_info users
|
|
graph_category chat
|
|
registered.label registered users
|
|
registered.info registered users
|
|
registered.min 0
|
|
active.label active users
|
|
active.info active users
|
|
active.min 0
|
|
bots.label active bots
|
|
bots.info active bots
|
|
bots.min 0
|
|
deactivated.label deactivated users
|
|
deactivated.info deactivated users
|
|
deactivated.min 0
|
|
sessions.label user sessions
|
|
sessions.info user sessions
|
|
sessions.min 0
|
|
sessions.draw LINE2
|
|
EOM
|
|
exit 0
|
|
;;
|
|
|
|
esac
|
|
|
|
mktemp_command="${mktemp_command:-/usr/bin/mktemp}"
|
|
USERS_FILE=$($mktemp_command) || exit 73
|
|
trap 'rm -f "$USERS_FILE"' EXIT
|
|
|
|
get_access_token
|
|
fetch_url -g -H "Authorization: Bearer ${ACCESS_TOKEN}" "${SCHEME}${MASSERVER}:${PORT}/api/admin/v1/users?page[first]=${QUERY_LIMIT}" > "$USERS_FILE"
|
|
sessions=$(fetch_url -g -H "Authorization: Bearer ${ACCESS_TOKEN}" "${SCHEME}${MASSERVER}:${PORT}/api/admin/v1/user-sessions?filter[status]=active&page[first]=${QUERY_LIMIT}" | jq .meta[])
|
|
|
|
echo "multigraph mas_users_${CLEANMASSERVER}"
|
|
if total="$(jq -r .meta[] "$USERS_FILE" | grep -E "^[0-9]+$")"; then
|
|
if [ -n "$bot_names" ]; then
|
|
bot_names_grep=$(echo "$bot_names" | tr ' ' '|')
|
|
bot_names_grep="$bot_names_grep|"
|
|
fi
|
|
active_bots=$(jq '.data[] | select(.attributes.locked_at == null)' "$USERS_FILE" | grep -cE "\"username\": \"${bot_names_grep}.*bot\"")
|
|
deactivated_users=$(jq '.data[] | select(.attributes.locked_at != null)' "$USERS_FILE" | grep -E "\"username\": \"" | { grep -vcE "\"${bot_names_grep}.*bot\"" || true; })
|
|
registered_users=$(( total - active_bots ))
|
|
active_users=$(( registered_users - deactivated_users ))
|
|
|
|
echo registered.value "$registered_users"
|
|
echo active.value "$active_users"
|
|
echo bots.value "$active_bots"
|
|
echo deactivated.value "$deactivated_users"
|
|
echo sessions.value "$sessions"
|
|
else
|
|
echo "registered.value U"
|
|
echo "active.value U"
|
|
echo "bots.value U"
|
|
echo "deactivated.value U"
|
|
echo "sessions.value U"
|
|
fi
|