Export metrics from your OpenLDAP servers to your Prometheus monitoring system.
You'll need a working OpenLDAP server, and a working Prometheus server. Setup and installation of those is left as an exercise to the reader.
The exporter service is developed and tested using Python 2. The ldaptor requires features in Twisted that have not been ported to Python 3 as of Twisted 16.4.0.
The OpenLDAP exporter opens up a new LDAP connection to the OpenLDAP
server each time Prometheus scrapes the exporter. LDAP objects with
the objectClass
of monitorCounterObject
or
monitoredObject
under the cn=Monitor
base are searched
for. Any objects that are found that have data that can be converted
to a floating point number are exported as metrics with the object's
distinguished name as a label.
See the OpenLDAP Manual for more information on how OpenLDAP exposes performance metrics.
git clone https://github.com/jcollie/openldap_exporter.git
cd openldap_exporter
virtualenv --python=/usr/bin/python2 /opt/openldap_exporter
/opt/openldap_exporter/bin/pip install --requirement requirements.txt
cp openldap_exporter.py /opt/openldap_exporter
cp openldap_exporter.yml /opt/openldap_exporter
vi /opt/openldap_exporter/openldap_exporter.yml
# edit configuration file
cp openldap_exporter.service /etc/systemd/system
systemctl daemon-reload
systemctl enable openldap_exporter
systemctl start openldap_exporter
docker build . -t openldap_exporter
The OpenLDAP configuration needs to be modified to allow querying the monitoring database over a remote connection. The following command should be run on the OpenLDAP server:
# ldapmodify -Y EXTERNAL -H ldapi:// <<EOF
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=example,dc=com" read by * none
-
EOF
Replace cn=Manager,dc=example,dc=com
with the distinguished name
of the user that you want to read the metrics with.
Consult the OpenLDAP manual for more information on configuring OpenLDAP access lists.
The exporter is configured using command line options:
usage: openldap_exporter [-h] --config CONFIG
Prometheus OpenLDAP exporter
optional arguments:
-h, --help show this help message and exit
--config CONFIG configuration file
The configuration file is a YAML formatted file that looks like this:
---
server: tcp:port=9142
client: tcp:host=127.0.0.1:port=389
binddn: cn=Manager,dc=example,dc=com
bindpw: changeme
Twisted server endpoint specifiers are described here. Twisted client endpoint specifiers are described here.
docker run -d -v <location of the config>/openldap_exporter.yml:/config/openldap_exporter.yml -p 9142:9142 --net host openldap_exporter
Add a job to your Promethus configuration that looks like the following:
scrape_configs:
- job_name: 'openldap'
scrape_interval: 30s
scrape_timeout: 10s
target_groups:
- targets:
- 'localhost:9142'
openldap_up 1
openldap_monitor_counter_object{dn="cn=Max File Descriptors,cn=Connections,cn=Monitor"} 1024.0
openldap_monitor_counter_object{dn="cn=Total,cn=Connections,cn=Monitor"} 1553.0
openldap_monitor_counter_object{dn="cn=Current,cn=Connections,cn=Monitor"} 5.0
openldap_monitor_counter_object{dn="cn=Bytes,cn=Statistics,cn=Monitor"} 57082372.0
openldap_monitor_counter_object{dn="cn=PDU,cn=Statistics,cn=Monitor"} 2243556.0
openldap_monitor_counter_object{dn="cn=Entries,cn=Statistics,cn=Monitor"} 567713.0
openldap_monitor_counter_object{dn="cn=Referrals,cn=Statistics,cn=Monitor"} 0.0
openldap_monitor_counter_object{dn="cn=Read,cn=Waiters,cn=Monitor"} 5.0
openldap_monitor_counter_object{dn="cn=Write,cn=Waiters,cn=Monitor"} 0.0
openldap_monitored_object{dn="cn=Max,cn=Threads,cn=Monitor"} 16.0
openldap_monitored_object{dn="cn=Max Pending,cn=Threads,cn=Monitor"} 0.0
openldap_monitored_object{dn="cn=Open,cn=Threads,cn=Monitor"} 9.0
openldap_monitored_object{dn="cn=Starting,cn=Threads,cn=Monitor"} 0.0
openldap_monitored_object{dn="cn=Active,cn=Threads,cn=Monitor"} 1.0
openldap_monitored_object{dn="cn=Pending,cn=Threads,cn=Monitor"} 0.0
openldap_monitored_object{dn="cn=Backload,cn=Threads,cn=Monitor"} 1.0
openldap_monitored_object{dn="cn=Uptime,cn=Time,cn=Monitor"} 3351414.0
Copyright © 2017 by Jeffrey C. Ollie jeff@ocjtech.us
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.