Merge pull request #1088 from flyingcircusio/PL-132595-vxlan-monitor-…

…control-plane [21.05] Sensu monitoring for EVPN control plane
flyingcircusio · Aug 26, 2024 · fd93945 · fd93945
2 parents 1d6e41d + 1a163b1
commit fd93945
Show file tree

Hide file tree

Showing 9 changed files with 1,004 additions and 115 deletions.
diff --git a/nixos/platform/network.nix b/nixos/platform/network.nix
@@ -784,11 +784,31 @@ in
         in
           "/run/wrappers/bin/sudo ${pkgs.fc.check-link-redundancy}/bin/check_link_redundancy ${links}";
       };
+      rib_integrity_ipv4 = {
+        notification = "Kernel network state has problems with underlay network routes";
+        interval = 300;
+        command = let
+          args = lib.concatMapStringsSep " " (p: "-p " + p) fclib.underlay.subnets;
+        in
+          "sudo -g frrvty ${pkgs.fc.check-rib-integrity}/bin/check_rib_integrity check-unicast-rib ${args}";
+      };
+      rib_integrity_evpn = {
+        notification = "Kernel network state has broken overlay MAC addresses";
+        interval = 300;
+        command = let
+          args = lib.concatMapStringsSep " " (iface: "-n " + (toString iface.vlanId)) vxlanInterfaces;
+        in
+          "sudo -g frrvty ${pkgs.fc.check-rib-integrity}/bin/check_rib_integrity check-evpn-rib ${args}";
+      };
     };
 
     flyingcircus.passwordlessSudoRules = lib.optionals (!isNull fclib.underlay) [{
       commands = [ "${pkgs.fc.check-link-redundancy}/bin/check_link_redundancy" ];
       groups = [ "sensuclient" ];
+    } {
+      commands = [ "${pkgs.fc.check-rib-integrity}/bin/check_rib_integrity" ];
+      groups = [ "sensuclient" ];
+      runAs = ":frrvty";
     }];
 
     systemd.timers.fc-lldp-to-altnames = lib.mkIf (!isNull fclib.underlay) {

diff --git a/nixos/services/frr.nix b/nixos/services/frr.nix
@@ -173,7 +173,7 @@ in
       };
 
     systemd.tmpfiles.rules = [
-      "d /run/frr 0750 frr frr -"
+      "d /run/frr 0755 frr frr -"
     ];
 
     systemd.services =