T6523: Telegraf use nft scripts only if the firewall configured

If a firewall is not configured there is no reason to get and execute telegraf firewall custom scripts as there are no nft chain in the firewall nftables configuration (cherry picked from commit ebff0c4)
vyos · Jul 2, 2024 · 536613d · 536613d
1 parent 134889f
commit 536613d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/data/templates/telegraf/telegraf.j2 b/data/templates/telegraf/telegraf.j2
@@ -130,7 +130,9 @@ metric_name_label = "{{ loki.metric_name_label }}"
 {% if influxdb is vyos_defined %}
 [[inputs.exec]]
   commands = [
+{%     if nft_chains is vyos_defined %}
     "{{ custom_scripts_dir }}/show_firewall_input_filter.py",
+{%     endif %}
     "{{ custom_scripts_dir }}/show_interfaces_input_filter.py",
     "{{ custom_scripts_dir }}/vyos_services_input_filter.py"
   ]

diff --git a/src/conf_mode/service_monitoring_telegraf.py b/src/conf_mode/service_monitoring_telegraf.py
@@ -86,7 +86,8 @@ def get_config(config=None):
     monitoring['custom_scripts_dir'] = custom_scripts_dir
     monitoring['hostname'] = get_hostname()
     monitoring['interfaces_ethernet'] = Section.interfaces('ethernet', vlan=False)
-    monitoring['nft_chains'] = get_nft_filter_chains()
+    if conf.exists('firewall'):
+        monitoring['nft_chains'] = get_nft_filter_chains()
 
     # Redefine azure group-metrics 'single-table' and 'table-per-metric'
     if 'azure_data_explorer' in monitoring: