exchange connections munin plugin

tor_connections started blocking and I wasn't able to find the root
cause for it nor an updated version of the plugin.
This also blocked munin itself, which had the issue that the node
disappeared within munin.

Based on https://lists.torproject.org/pipermail/tor-talk/2006-June/010486.html
it seems to more or less match the open filedescriptors and hence
we monitor rather this than rely on a unmanageable plugin.

The only drawback is that this must run as root, as non-root users
can't read the filedescriptors from proc.

2 files changed, 32 insertions, 162 deletions

diff --git a/files/munin/tor_connections b/files/munin/tor_connections
deleted file mode 100755
index c1d0a92..0000000
--- a/files/munin/tor_connections
+++ /dev/null
@@ -1,162 +0,0 @@
-#!/usr/bin/perl -w
-#
-# Munin plugin to monitor Tor
-#
-# Author: Ge van Geldorp <ge@gse.nl>
-#
-# Parameters understood:
-#
-# 	host       - Change which host to graph (default localhost)
-# 	port       - Change which port to connect to (default 9051)
-#	password   - Plain-text control channel password (see torrc
-#	             HashedControlPassword parameter)
-#	cookiefile - Name of the file containing the control channel cookie
-#	             (see torrc CookieAuthentication parameter)
-#
-# Using HashedControlPassword authentication has the problem that you must
-# include the plain-text password in the munin config file. To have any
-# effect, that file shouldn't be world-readable.
-# If you're using CookieAuthentication, you should run this plugin as a user
-# which has read access to the tor datafiles. Also note that bugs in versions
-# upto and including 0.1.1.20 prevent CookieAuthentication from working.
-#
-# Usage: place in /etc/munin/node.d/ (or link it there using ln -s)
-#
-# Parameters understood:
-# 	config   (required)
-# 	autoconf (optional - used by munin-config)
-#
-#
-# Magic markers - optional - used by installation scripts and
-# munin-config:
-#
-#%# family=contrib
-#%# capabilities=autoconf
-
-use strict;
-use IO::Socket::INET;
-
-# Config
-our $address = $ENV{host}  || "localhost";	# Default: localhost
-our $port    = $ENV{port}  || 9051;		# Default: 9051
-
-# Don't edit below this line
-
-sub Authenticate
-{
-	my ($socket) = @_;
-	my $authline = "AUTHENTICATE";
-	if (defined($ENV{cookiefile})) {
-		if (open(COOKIE, "<$ENV{cookiefile}")) {
-			binmode COOKIE;
-			my $cookie;
-			$authline .= " ";
-			while (read(COOKIE, $cookie, 32)) {
-				foreach my $byte (unpack "C*", $cookie) {
-					$authline .= sprintf "%02x", $byte;
-				}
-			}
-			close COOKIE;
-		}
-	} elsif (defined($ENV{password})) {
-		$authline .= ' "' . $ENV{password} . '"';
-	}
-	print $socket "$authline\r\n";
-	my $replyline = <$socket>;
-	if (substr($replyline, 0, 1) != '2') {
-		$replyline =~ s/\s*$//;
-		return "Failed to authenticate: $replyline";
-	}
-
-	return;
-}
-
-if ($ARGV[0] and $ARGV[0] eq "autoconf") {
-	# Try to connect to the daemon
-	my $socket = IO::Socket::INET->new("$address:$port")
-		or my $failed = 1;
-
-	if ($failed) {
-		print "no (failed to connect to $address port $port)\n";
-		exit 1;
-	}
-
-	my $msg = Authenticate($socket);
-	if (defined($msg)) {
-		print $socket "QUIT\r\n";
-		close($socket);
-		print "no ($msg)\n";
-		exit 1;
-	}
-
-	print $socket "QUIT\r\n";
-	close($socket);
-	print "yes\n";
-	exit 0;
-}
-
-my %connections = ("new",       0,
-                   "launched",  0,
-                   "connected", 0,
-                   "failed",    0,
-                   "closed",    0);
-
-if ($ARGV[0] and $ARGV[0] eq "config") {
-	print "graph_title Connections\n";
-	print "graph_args -l 0 --base 1000\n";
-	print "graph_vlabel connections\n";
-	print "graph_category Tor\n";
-	print "graph_period second\n";
-	print "graph_info This graph shows the number of Tor OR connections.\n";
-
-	foreach my $status (keys %connections) {
-		print "$status.label $status\n";
-		print "$status.type GAUGE\n";
-		print "$status.max 50000\n";
-		print "$status.min 0\n";
-	}
-	
-        exit 0;
-}
-
-my $socket = IO::Socket::INET->new("$address:$port")
-	or die("Couldn't connect to $address port $port: $!");
-
-my $msg = Authenticate($socket);
-if (defined($msg)) {
-	print $socket "QUIT\r\n";
-	close($socket);
-	die "$msg\n";
-}
-
-print $socket "GETINFO orconn-status\r\n";
-my $replyline = <$socket>;
-if (substr($replyline, 0, 1) != '2') {
-	print $socket "QUIT\r\n";
-	close($socket);
-	$replyline =~ s/\s*$//;
-	die "Failed to get orconn-status info: $replyline\n";
-}
-
-while (! (($replyline = <$socket>) =~ /^\.\s*$/)) {
-	my @reply = split(/\s+/, $replyline);
-	$connections{lc($reply[1])}++;
-}
-$replyline = <$socket>;
-if (substr($replyline, 0, 1) != '2') {
-	print $socket "QUIT\r\n";
-	close($socket);
-	$replyline =~ s/\s*$//;
-	die "Failed to authenticate: $replyline\n";
-}
-
-print $socket "QUIT\r\n";
-close($socket);
-
-while (my ($status, $count) = each(%connections)) {
-	print "$status.value $count\n";
-}
-
-exit 0;
-
-# vim:syntax=perl
diff --git a/files/munin/tor_openfds b/files/munin/tor_openfds
new file mode 100644
index 0000000..69f63bc
--- /dev/null
+++ b/files/munin/tor_openfds
@@ -0,0 +1,32 @@
+#!/usr/bin/perl -w
+# https://lists.torproject.org/pipermail/tor-talk/2006-June/010486.html
+
+use strict;
+
+# Script to monitor the amount of FDs used by
+# the Tor process (var/run/tor/tor.pid)
+
+if ($ARGV[0] and $ARGV[0] =~ /^\s*config\s*$/i)
+{
+        print "graph_title Open file descriptors for Tor\n";
+        print "graph_args --base 1000 -l 0\n";
+        print "graph_vlabel open FDs\n";
+        print "graph_category network\n";
+        print "count.label TorFDs\n";
+        exit 0;
+}
+
+open (PID, "/var/run/tor/tor.pid") or exit 1;
+my $pid = <PID>;
+close PID;
+chomp $pid;
+
+$pid =~ /^[0-9]+$/ or exit 1;
+
+opendir (FDS, "/proc/$pid/fd") or exit 1;
+my @fds = readdir(FDS);
+closedir FDS;
+
+my $count = scalar @fds - 2;
+
+print "count.value $count\n";