Archive for the ‘Tech Tips & Tricks’ Category

A Prometheus exporter for Dovecot

Monday, January 16th, 2017

To start this year’s series of contribution to the open source community, we’re proud to announce the release of yet another tool that we use to monitor our production setup, namely a Prometheus metrics exporter for the Dovecot POP/IMAP mail server.

One of the key features of Prometheus is that it is very well suited for white box monitoring, i.e. having graphs and alerts based on internal state of the program, as opposed to testing just the externally visible behaviour of the system. For Dovecot we’re very interested in using white box monitoring to be able to graph traffic and resource usage per customer, domain and user.

It turns out that we’re in luck, as Dovecot 2.1 and later ship with a statistics module that provides access to this kind information. When enabled, Dovecot binds to an additional UNIX or TCP socket on which metrics are exported. The Dovecot exporter that we’ve published on GitHub is basically a light-weight proxy that converts the metrics from Dovecot’s format into Prometheus metrics, exporting them over HTTP.

Below is a screenshot of our Dovecot exporter in action. The graph shows the rate of IMAP commands sent to our mail server, broken down by IMAP username.

If your email setup is also based on Dovecot and use Prometheus for monitoring, we’d like to invite you to give this exporter a try as well. Feel free to file issues or send pull requests on GitHub.

The Collectd encrypted packet format

Friday, March 21st, 2014

Yesterday, Logstash 1.4.0 was released containing many improvements, one of which was contributed by us. We’ve implemented signature verification and packet decryption in the collectd input plugin. This blogpost will give an overview of how encryption and signing is used in the collectd binary protocol.

We’re currently working on deploying a logstash infrastructure that will eventually extend our monitoring and trending capabilties. At the same time, we want to move from our pull-based trending (Munin) to push-based (Collectd). Logstash recently added a Collectd input plugin, but it didn’t support decryption and signature verification of collectd packets. As we send (some) of this data over the public internet, we need to encrypt this traffic, so we decided to implement this.

During implementation, we discovered that the documentation was scarce and the comments in the collectd source-code appeared incomplete. This post gives a description of the collectd signed and encrypted packet formats. It assumes that you’re familiar with the collectd binary protocol.


Icinga check for Linux.Fokirtor

Friday, November 15th, 2013

We were notified this morning of the specifics of the attack that struck Hetzner at the start of this year. Or rather, the backdoor software that was used to provide access to the machines. It does not detail what vulnerability was exploited to actually install the Trojan. But it’s still a good idea to make sure your current processes are not infected.

So we went ahead and created a check that can detect Linux.Fokirtor, based on the information provided by Hetzner and Symantec.

Changing the VLAN-ID of an interface in a bridge with minimal downtime

Friday, August 23rd, 2013

In one of our datacenters, our upstream-provider needed to change the VLAN-ID of our uplink to be in line with their policies. We wanted to do this with minimal downtime.

Debian and Trac: How to solve the ‘No module named svn’ Trac error.

Tuesday, June 11th, 2013

If you get the error:

Unsupported version control system “svn”: No module named svn

When trying to connect your trac to a subversion repository, try installing python-subversion. This was needed on Wheezy for me.