Observability for 389ds (rust version)
389ds is an LDAP server and the drop-in replacement for RedHat dirsrv.
See building section
Each tag is also a release. The package is manually built and uploaded. Currently, we only support RPM based package managers (dnf/yum). See releases.
This repository contains the following projects
exporter-389ds-rs: Prometheus exporter for the 389dsnagios-389ds-rs: Nagios plugin for the 389ds.
cn=monitorbased checks and metrics- connection metrics with labeled information about connection DN and IP address
- replication based checks and metrics
- GID number metrics and checks - missing primary GIDs
dsctlcommand based metrics and checks- custom command metrics and checks
- integrity checks of custom commands
In addition to the binaries this repository also provides grafana dashboards. You can see them inside the grafana-389ds-rs directory.
Usage: exporter-389ds-rs [OPTIONS]
Options:
-c, --config <CONFIG>
-P, --page-size <PAGE_SIZE>
-C, --skip-cert-verification
Disable TLS cert verification
-a, --expose-address <EXPOSE_ADDRESS>
-p, --expose-port <EXPOSE_PORT>
-b, --basedn <BASEDN>
-D, --binddn <BINDDN>
-w, --bindpass <BINDPASS>
-H, --host <HOST>
-I, --scrape-interval-seconds <SCRAPE_INTERVAL_SECONDS>
-e, --enable-flags <ENABLE_FLAGS>
[possible values: replication, ldap-monitor, gids-info, dsctl]
-d, --disable-flags <DISABLE_FLAGS>
[possible values: replication, ldap-monitor, gids-info, dsctl]
-h, --help
Print help (see more with '--help')
Perform nagios checks on the 389ds. All limits are using >= or <= comparsions, unless stated otherwise
Usage: check_389ds_rs [OPTIONS] <COMMAND>
Commands:
check-int-metric Check any scraped metric (integers). Fallback for missing options
agreement-status Check status of the replication
agreement-skipped Check skipped entries in the replication
agreement-duration Check duration of the replication
missing-gids Check if there are primary gids that are not present as posixGroup
connections Check number of active connections
errors Check cumber of errors: Errors + SecurityErrors + BindSecurityErrors
recent-restart Check if daemon has been recently restarted
diskspace Check if disk space is low (declared by the daemon)
cli-healthcheck Check health using dsctl cli
custom-query-time Check custom query times
custom-query-integrity Check custom query integrity
help Print this message or the help of the given subcommand(s)
Options:
-c, --config <CONFIG>
-C, --skip-cert-verification Disable TLS cert verification
-H, --host <HOST>
-D, --binddn <BINDDN>
-w, --bindpass <BINDPASS>
-b, --basedn <BASEDN>
-P, --page-size <PAGE_SIZE>
-h, --help Print help
Both the exporter and the nagios plugin will rather work without any configuration. To configure more checks/metrics and support non-standard deployments, tools can be configured by TOML file or CLI options. Example file can be found int the root of the repository. Every key below is optional, unless stated otherwise.
ldap_uri = <string> # default: ldap://localhost
default_base = <string> # default: (auto-detected)
verify_certs = <bool> # default: true
page_size = <int> # default: 999
scrape_interval_seconds = <int> # default: 5
bind = <BIND> # default: None
dsctl = <DSCTL> # default: DSCTL::default
# ---------------------------
# Exporter only
expose_port <int> # default: 9100
expose_address = <string> # default: 0.0.0.0
scrape_flags = <SCRAPE_FLAGS> # default: SCRAPE_FLAGS::default
query = <[QUERY]> # default: []
# ---------------------------
<SCRAPE_FLAGS> type
replication_status = <bool> # default: true
ldap_monitoring = <bool> # default: true
gids_info = <bool> # default: false
dsctl = <bool> # default: false
<DSCTL> type
instance = <string> # default: localhost
timeout_seconds = <int> # default: 10
<BIND> type
dn = <string:required>
pass = <string:required>
<QUERY> type
name = <string:required>
filter = <string:required>
attrs = <[string]> # default: (all attributes)
# ---------------------------
# Overrides for main ldap config
verify_certs = <bool> # default: None
uri = <string> # default: None
page_size = <int> # default: None
default_base = <string> # default: None
bind = <BIND> # default: None
# ---------------------------
cargo xtask dist- The binaries are made ONLY for linux based monitoring/389ds. They may work for other systems, but have not been tested.
rustcandcargo- The binaries are built against
musltarget
To setup git hooks run
cargo xtask setup-repotaplofor the toml formattinggitleaksfor passwords in repo detection
- Pre commit hooks check for different formatting issues and passwords in the repository.
- In order to fix formatting issues run
cargo xtask fmt.
- 389DS-exporter : Prometheus
exporter for 389ds
cn=monitorwithout connections and replication metrics. Data is gathered on each and every request. check_389ds_replication: Nagios plugin for 389ds replicationcheck_ldap_monitor_389ds: nagios checks for commoncn=monitor- Documentation based nagios checks