merge: update-example-systemd-file

* Merge branch 'update-example-systemd-file' into 'main'
* See merge request hectorjsmith/fail2ban-prometheus-exporter!115
* Merged by: Hector <hector@hjs.dev>

.goreleaser.yml

@@ -20,7 +20,10 @@ dockers:
   - "registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:{{ .Major }}.{{ .Minor }}-amd64"
   - 'registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:{{ .Version }}-amd64'
   - "registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest-amd64"
+  extra_files:
+  - health
   use: buildx
+  dockerfile: Dockerfile.goreleaser
   build_flag_templates:
   - "--pull"
   - "--platform=linux/amd64"
@@ -37,7 +40,10 @@ dockers:
   - "registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:{{ .Major }}.{{ .Minor }}-arm64"
   - 'registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:{{ .Version }}-arm64'
   - "registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest-arm64"
+  extra_files:
+  - health
   use: buildx
+  dockerfile: Dockerfile.goreleaser
   build_flag_templates:
   - "--pull"
   - "--platform=linux/arm64"

Dockerfile

@@ -1,11 +1,26 @@
+FROM golang:1.20-buster AS build
+
+# Create build workspace folder
+WORKDIR /workspace
+ADD . /workspace
+
+# Install updates and build tools
+RUN apt update --yes && \
+    apt install --yes build-essential
+
+# Build the actual binary
+RUN make build
+
+# -- -- -- -- -- --
+
+# Set up image to run the tool
 FROM alpine
 
 # Create main app folder to run from
 WORKDIR /app
 
-# Copy compiled binary to release image
-# (must build the binary before running docker build)
-COPY fail2ban_exporter /app/fail2ban_exporter
+# Copy built binary from build image
+COPY --from=build /workspace/fail2ban_exporter /app
 
 # Setup a healthcheck
 COPY health /app/health

Dockerfile.goreleaser

@@ -0,0 +1,15 @@
+FROM alpine
+
+# Create main app folder to run from
+WORKDIR /app
+
+# Copy compiled binary to release image
+# (must build the binary before running docker build)
+COPY fail2ban_exporter /app/fail2ban_exporter
+
+# Setup a healthcheck
+COPY health /app/health
+RUN apk add curl
+HEALTHCHECK --interval=10s --timeout=4s --retries=3 CMD /app/health
+
+ENTRYPOINT ["/app/fail2ban_exporter"]

Makefile

@@ -51,5 +51,5 @@ build:
 
 # Build project docker container
 .PHONY: build/docker
-build/docker: build
+build/docker:
 	docker build -t fail2ban-prometheus-exporter .

README.md

@@ -11,6 +11,7 @@ Collect metrics from a running fail2ban instance.
 3. Configuration
 4. Building from source
 5. Textfile metrics
+6. Troubleshooting
 
 ## 1. Quick Start
 
@@ -204,3 +205,35 @@ docker run -d \
     -p "9191:9191" \
     registry.gitlab.com/hectorjsmith/fail2ban-prometheus-exporter:latest
 ```
+
+## 6. Troubleshooting
+
+### 6.1. "no such file or directory"
+
+```
+error opening socket: dial unix /var/run/fail2ban/fail2ban.sock: connect: no such file or directory
+```
+
+There are a couple of potential causes for the error above.
+
+**File not found**
+
+The first is that the file does not exist, so first check that the file path shown in the error actually exists on the system running the exporter.
+The fail2ban server may be storing the socket file in another location on your machine.
+
+If you are using docker, make sure the correct host folder was mounted to the correct location.
+
+If the file is not in the expected location, you can run the exporter with the corresponding CLI flag or environment variable to use a different file path.
+
+**Permissions**
+
+If the file does exist, the likely cause are file permissions.
+By default, the fail2ban server runs as the `root` user and the socket file can only be accessed by the same user.
+If you are running the exporter as a non-root user, it will not be able to open the socket file to read/write commands to the server, leading to the error above.
+
+In this case there are a few solutions:
+1. Run the exporter as the same user as fail2ban (usually `root`)
+2. Update the fail2ban server config to run as a non-root user, then run the exporter as the same user
+3. Update the socket file permissions to be less restrictive
+
+I would recommend option `1.` since it is the simplest. Option `2.` is a bit more complex, check the [fail2ban server documentation](https://coderwall.com/p/haj28a/running-rootless-fail2ban-on-debian) for more details. And option `3.` is just a temporary fix. The socket file gets re-created each time the fail2ban server is restarted and the original permissions will be restored, so you will need to update the permissions every time the server restarts.

_examples/systemd/fail2ban_exporter.service

@@ -1,9 +1,19 @@
 [Unit]
-Description=Fail2Ban Exporter
+Description=Fail2ban metric exporter for Prometheus
+Documentation=https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter/-/blob/main/README.md
+Requires=network-online.target
+After=network-online.target
 
 [Service]
-User=fail2ban_exporter
 ExecStart=/usr/sbin/fail2ban_exporter
+Restart=on-failure
+RestartSec=5s
+NoNewPrivileges=true
+
+# Currently need to run the exporter as root to ensure it has read/write access to the
+# fail2ban socket file.
+User=root
+Group=root
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target

go.mod

@@ -3,20 +3,19 @@ module gitlab.com/hectorjsmith/fail2ban-prometheus-exporter
 go 1.20
 
 require (
-	github.com/alecthomas/kong v0.8.0
+	github.com/alecthomas/kong v0.8.1
 	github.com/kisielk/og-rek v1.2.0
 	github.com/nlpodyssey/gopickle v0.2.0
-	github.com/prometheus/client_golang v1.16.0
+	github.com/prometheus/client_golang v1.17.0
 )
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.44.0 // indirect
-	github.com/prometheus/procfs v0.11.1 // indirect
-	golang.org/x/sys v0.12.0 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 )

go.sum

@@ -1,38 +1,33 @@
 github.com/alecthomas/assert/v2 v2.1.0 h1:tbredtNcQnoSd3QBhQWI7QZ3XHOVkw1Moklp2ojoH/0=
-github.com/alecthomas/kong v0.8.0 h1:ryDCzutfIqJPnNn0omnrgHLbAggDQM2VWHikE1xqK7s=
-github.com/alecthomas/kong v0.8.0/go.mod h1:n1iCIO2xS46oE8ZfYCNDqdR0b0wZNrXAIAqro/2132U=
+github.com/alecthomas/kong v0.8.1 h1:acZdn3m4lLRobeh3Zi2S2EpnXTd1mOL6U7xVml+vfkY=
+github.com/alecthomas/kong v0.8.1/go.mod h1:n1iCIO2xS46oE8ZfYCNDqdR0b0wZNrXAIAqro/2132U=
 github.com/alecthomas/repr v0.1.0 h1:ENn2e1+J3k09gyj2shc0dHr/yjaWSHRlrJ4DPMevDqE=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/kisielk/og-rek v1.2.0 h1:CTvDIin+YnetsSQAYbe+QNAxXU3B50C5hseEz8xEoJw=
 github.com/kisielk/og-rek v1.2.0/go.mod h1:6ihsOSzSAxR/65S3Bn9zNihoEqRquhDQZ2c6I2+MG3c=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg=
+github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k=
 github.com/nlpodyssey/gopickle v0.2.0 h1:4naD2DVylYJupQLbCQFdwo6yiXEmPyp+0xf5MVlrBDY=
 github.com/nlpodyssey/gopickle v0.2.0/go.mod h1:YIUwjJ2O7+vnBsxUN+MHAAI3N+adqEGiw+nDpwW95bY=
-github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
-github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
-github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
-github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
-github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
+github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM=
+github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
 google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=