Improve port number management

2024-09-03 19:46:06 +02:00 · 2024-04-09 20:29:45 +02:00 · 2024-04-09 20:29:45 +02:00 · ac4b0cd537
commit ac4b0cd537
parent 4e2122479f
2 changed files with 75 additions and 10 deletions
--- a/conf/monitorix.conf
+++ b/conf/monitorix.conf
@ -715,16 +715,36 @@ secure_log_date_format = %b %e
 # PORT graph
 # -----------------------------------------------------------------------------
 <port>
-    max = 6
+    max = 50
    rule = 24000
-    list = 22, 25, 80, 443, 587, 993
+    list = 22v4, 22v6, 25v4, 25v6, 80v4, 80v6, 443v4, 443v6, 587v4, 587v6, 993v4, 993v6
    {%- for port_info in port_infos.splitlines() -%}
        {%- set port_info_array = port_info.split(',') -%}
        {%- set ip_version = port_info_array[1] -%}
        {%- set port = port_info_array[0] -%}
        , {{ port }}v{{ ip_version }}
    {%- endfor %}
    <desc>
-        22      = SSH,       tcp, in,      0, 1000
+        {{ ssh_port }}v4 = SSH,       tcp,  in,      0, {{ net_max_speed }}
-        25      = SMTP,      tcp, in/out,  0, 1000
+        {{ ssh_port }}v6 = SSH,       tcp6, in,      0, {{ net_max_speed }}
-        80      = HTTP,      tcp, in,      0, 1000
+        25v4             = SMTP,      tcp,  in/out,  0, {{ net_max_speed }}
-        443     = HTTPS,     tcp, in,      0, 1000
+        25v6             = SMTP,      tcp6, in/out,  0, {{ net_max_speed }}
-        587     = SMTP-TLS,  tcp, in,      0, 1000
+        80v4             = HTTP,      tcp,  in,      0, {{ net_max_speed }}
-        993     = IMAPS,     tcp, in,      0, 1000
+        80v6             = HTTP,      tcp6, in,      0, {{ net_max_speed }}
        443v4            = HTTPS,     tcp,  in,      0, {{ net_max_speed }}
        443v6            = HTTPS,     tcp6, in,      0, {{ net_max_speed }}
        587v4            = SMTP-TLS,  tcp,  in,      0, {{ net_max_speed }}
        587v6            = SMTP-TLS,  tcp6, in,      0, {{ net_max_speed }}
        993v4            = IMAPS,     tcp,  in,      0, {{ net_max_speed }}
        993v6            = IMAPS,     tcp6, in,      0, {{ net_max_speed }}
    {%- for port_info in port_infos.splitlines() %}
        {%- set port_info_array = port_info.split(',') %}
        {%- set proto = port_info_array[2] %}
        {%- set ip_version = port_info_array[1] %}
        {%- set port = port_info_array[0] %}
        {%- set name = port_info_array[3] %}
        {{ port }}v{{ ip_version }} = {{ name }}, {{ proto }}{% if ip_version == '6' %}6{% endif %}, in, 0, {{ net_max_speed }}
    {%- endfor %}
    </desc>
    graphs_per_row = 3
 </port>
@ -1005,7 +1025,7 @@ secure_log_date_format = %b %e
                {%- if loop.index > 1 -%}, {%- endif -%}
                {%- set phpversion = php_pool_info.split(',')[0] -%}
                {%- set pool_name = php_pool_info.split(',')[1] -%}
-                {{- pool_name }}-{{ phpversion -}}
+                {{ pool_name }}-{{ phpversion }}
            {%- endfor %}
    </list>
    <desc>
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -32,12 +32,16 @@ home_dir_filter() {
 interface_speed_map() {
    while read -r item; do
-        speed=$(cat /sys/class/net/"$item"/speed || echo 1000)
+        speed=$(cat /sys/class/net/"$item"/speed 2>/dev/null || echo 1000)
        echo "$item,$speed"
    done
 }
 load_vars() {
    # Big warning here
    # This function is called by the hook in install/upgrade/remove yunohost operation
    # We we need to ensure that this function the quickest as possible
    # Note that we don't use the yunohost command internationally for optimization
    if ynh_package_is_installed --package=mysql; then
        readonly mysql_installed=true
    else
@ -72,6 +76,47 @@ load_vars() {
    readonly home_user_dirs="$(echo /home/* | home_dir_filter)"
    readonly net_gateway="$(ip --json route show default | jq -r '.[0].dev')"
    readonly net_interface_list="$(ip --json link show | jq -r '.[].ifname | select(. != "lo")' | interface_speed_map)"
    readonly net_max_speed="$(cat /sys/class/net/*/speed  2>/dev/null | sort | tail -n1)"
    readonly ssh_port="$((grep ssh_port /etc/yunohost/settings.yml || echo 22) | cut -d: -f2 | xargs)"
    readonly port_infos="$(python3 <<EOF
 import yaml, socket
 hard_coded_ports = ["25", "53", "80", "443", "587", "993"]
 with open("/etc/yunohost/firewall.yml", "r") as f:
    firewall = yaml.safe_load(f)
    tcp4_port_list = [str(port) for port in firewall['ipv4']['TCP']
                      if str(port) not in hard_coded_ports]
    tcp6_port_list = [str(port) for port in firewall['ipv6']['TCP']
                      if str(port) not in hard_coded_ports]
    udp4_port_list = [str(port) for port in firewall['ipv4']['UDP']
                      if str(port) not in hard_coded_ports]
    udp6_port_list = [str(port) for port in firewall['ipv6']['UDP']
                      if str(port) not in hard_coded_ports]
 with open("/etc/yunohost/services.yml", "r") as f:
    services = yaml.safe_load(f)
    port_map = dict()
    for key, value in services.items():
        if 'needs_exposed_ports' in value:
            for port in value['needs_exposed_ports']:
                port_map[str(port)] = key
 def generate_port_info(proto, ip_version, port):
    if port in port_map:
        name = port_map[port]
    else:
        try:
            name = socket.getservbyport(int(port), proto)
        except:
            name = "Port_" + port
    return "%s,%s,%s,%s" % (port, ip_version, proto, name)
 result = [generate_port_info("tcp", "4", port) for port in tcp4_port_list] + \
         [generate_port_info("tcp", "6", port) for port in tcp6_port_list] + \
         [generate_port_info("udp", "4", port) for port in udp4_port_list] + \
         [generate_port_info("udp", "6", port) for port in udp6_port_list]
 result.sort()
 print('\n'.join(result))
 EOF
 )"
    if compgen -G /etc/php/*/fpm/pool.d; then
        # Note that 'pm.status_listen' option is only supported on php >= 8.0 so we ignore older pools