First commit

README.md

@@ -0,0 +1,154 @@
+# MikroTik Monitoring with Container feature
+Aiming to have a beautiful Grafana Dashboard to monitor a MikroTik device?\
+You are in the right place!
+
+Monitoring  MikroTik using 3 Containers (SNMP Exporter + Prometheus + Grafana).\
+[MikroTik Container](https://help.mikrotik.com/docs/display/ROS/Container) is available in RouterOS from v7.\
+Using it to monitor the MikroTik itself reduce the costs and complexity derived from deploying a new dedicated machine for the same objective.\
+
+[SNMP Exporter](https://hub.docker.com/r/prom/snmp-exporter), [Prometheus](https://hub.docker.com/r/prom/prometheus) and [Grafana](https://hub.docker.com/r/grafana/grafana) are a well known stack of tools that enable to monitor any type of device with appropriate configurations.\ 
+In this scenario the metrics are retrieved in real time with SNMP, Prometheus act as timeseries database with query and Grafana had that sweet dashboards.\
+
+In my configuration I have a MikroTik RouterBoard L009UiGS (ARM) with ROS v7.12 but the steps are very general and almost equal for every version.\ 
+# Setup steps
+First of all Enable SNMP on MikroTik in IP->SNMP, tick the box and leave others as default.\
+## 1. MikroTik activate Container feature
+First of all we have to activate the *Container* package on MikroTik, to default it is disabled.\
+To check if it is also activated in WinBox, open *New Terminal* and run: 
+`system/device-mode/pr`\
+After the mode (e.g. `mode: enterprise`) should be compare the string `container: yes`\
+If you have already activated it, go next to the step 2.\
+Else if not you have to **download, install and activate the package**.\
+
+1. **Download**
+	- Go to https://mikrotik.com/download/archive
+	- Select your ROS version
+	- Download the *all_packages* zip of your architecture
+		- You can see your architecture in WinBox `System->Resources`
+
+2. **Install**
+	- From the downloaded zip extract file *"container-X.Y.npk"* and upload it inside *Files* in MikroTik (you can Drag and Drop the file inside WinBox)
+	- Now *System->Reboot* the MikroTik in order to install the package
+		- After that you can already see *Container* features on the left bar of WinBox but you still cannot use it until you activate it.   
+
+3. **Activate**
+	- In WinBox, open *New Terminal* and run:
+		- `system/device-mode/update container=yes`
+	- After that you have to shutdown the MikroTik as explained in the CLI, turning power off or pressing button of MikroTik device, otherwise the activation is stopped.
+	- If the activation worked after the boot you can check running in New Terminal `system/device-mode/pr` again as above.
+
+## 2. MikroTik VETH interfaces configuration
+Note: After each following step press before *Apply* and then *OK* buttons.
+1. Go to *Bridge* and in *Bridge* tab create a *New Interface*
+	- Name: docker
+		- Leave the rest of fields as default
+2. Go to *IP->Addresses* add a *New Address*
+	- Address: 192.168.50.1/24
+	- Network: 192.168.50.0
+	- Interface select "docker"
+3. Go to *IP->Firewall* in *NAT* tab create a *New NAT Rule*
+	- Chain select "srcnat"
+	- Src. Address: 192.168.50.0/24
+		- (This is the *Addresses* of the *Bridge* "docker")
+	- Go to *Action* tab and as *Action* select "masquerade"
+4. Go to *Interfaces* and in *VETH* tab add 3 *Interfaces* (*Copy* the first to speed up the process)
+	1. *New Interface* for **Grafana**
+		- Name: grafana
+		- Address: 192.168.50.100/24
+		- Gateway: 192.168.50.1
+	2. *New Interface* for **SNMP Exporter**
+		- Name: snmp_exporter
+		- Address: 192.168.50.101/24
+		- Gateway: 192.168.50.1
+	3. *New Interface* for **Prometehus**
+		- Name: prometheus
+		- Address: 192.168.50.102/24
+		- Gateway: 192.168.50.1
+5. Go to *Bridge* and in *Ports* tab **create a *New Bridge Port* for each *VETH interface*** (grafana, snmp_exporter, prometheus) created above and select *"docker"* as Bridge.
+	- (In order to Bridge all the interfaces on the same subnet LAN)
+
+## 3. Configuration files
+Prepare configuration files for containers.\
+1. Download the 3 folders (grafana, prometheus and snmp) from the repository.
+2. Modify files as follow:
+	- grafana/provisioning/datasource.yml
+		- url: http://192.168.50.102:9090 
+		- (or your prometheus VETH IP)
+	- prometheus/prometheus.yml
+		- in *job_name MikroTik* change targets to your Mikrotik ip (MikroTik IP where SNMP is enabled)
+		- in *replacement* put the snmp_exporter VETH IP: 192.168.50.101:9116
+3. Finally load the 3 folders in MikroTik ***Files***.
+
+## 4. MikroTik Containers configuration
+First of all we have to to set the Environment variables and Mount path to volume for our Containers. 
+1. Go to *Container* and in **Envs** tab.\
+	The Envs interest only the grafana container, we define this 3 envs for it:
+	- Name: `grafana`, Key: `GF_SECURITY_ADMIN_USE`, Value: `admin`
+	- Name: `grafana`, Key: `GF_SECURITY_ADMIN_PASSWORD`, Value: `mikrotik`
+	- Name: `grafana`, Key: `GF_SECURITY_SIGN_UP`, Value: `false`
+
+2. Go to *Container* and in **Mounts** tab.\
+	Note: all *src path* is at your choice e.g. path to an external usb drive attached to MikroTik.
+	There are one Mount for each container:
+	- Name: `grafana`, Src: `/usb1/grafana/provisioning`, Dst: `/etc/grafana/provisioning/`
+	- Name: `prometheus`, Src: `/usb1/prometheus`, Dst: `/etc/prometheus`
+	- Name: `snmp`, Src: `/usb1/snmp`, Dst: `/etc/snmp_exporter`
+
+3. Finally, go to *Container* and in **Container** tab press *Config* button
+	- Registry URL: https://registry-1.docker.io
+	- Tmp Dir: /pull
+		- (This path is at your choice e.g. path to an external usb drive attached to MikroTik)
+
+4. Now in tab Container we can create a container for each VETH created before.\
+	Note: in each container the `Root Dir` path field is at your choice (e.g. path to an external usb drive attached to MikroTik e.g. `/usb1/grafana_dir`).\
+	**After you fill out the fields of each container press *Apply* and wait for download/extracting of the container until in status appear *"stopped"* (if it appear is all OK) then go to create the next container, else if appear status: "*error*", *Copy* the  container, delete the old, and re-try to *Apply*.**
+	- New Container for Grafana
+		- Remote Image: grafana/grafana:9.1.0
+		- Interface select *"grafana"*
+		- Envslist: grafana
+		- Mounts select "*grafana*"
+		- Root Dir: /usb1/grafana_dir
+		- (Tick *Logging* and *Start On Boot* boxes if you want)
+	- New Container for Prometheus
+		- Remote Image: prom/prometheus:latest
+		- Interface select *"prometheus"*
+		- Cmd: --config.file=/etc/prometheus/prometheus.yml
+		- Root Dir: /usb1/prometheus_dir
+		- Mounts select *"prometheus"*
+		- (Tick *Logging* and *Start On Boot* boxes if you want)
+	- New Container for SNMP Exporter
+		- Remote Image: prom/snmp-exporter:latest
+		- Interface select *"snmp_exporter"*
+		- Cmd: --config.file=/etc/snmp_exporter/snmp.yml
+		- Root Dir: /usb1/snmp_dir
+		- Mounts select *"snmp"*
+		- (Tick *Logging* and *Start On Boot* boxes if you want)
+
+## 5. Start Container
+After all you can Start and Stop the container using the respective button.\
+Start all containers in order (SNMP Exporter, Prometheus and Grafana) and enjoy.\
+
+![containers](container_image.png)
+### Link 
+If you configured the VETH interfaces and other as above, then:
+- Grafana: [192.168.50.100:3000](192.168.50.100:3000) 
+	- admin:mikrotik
+- Prometheus: [192.168.50.102:9090](192.168.50.102:9090) 
+- SNMP Exporter: [192.168.50.101:9116](192.168.50.101:9116)
+
+Obv, you should assure that they are reachable from your host.  
+# Possible issues
+- In some version for ARM Grafana show "No data" to interface in and out:
+	- Rapid solution: edit the dashboard, edit the query, change $scrap_intervall to 30s or others. (after you modify the ether1 all other will change automatically)
+	- Solution: from grafana 9.1.0 the problem was resolved
+- Container store is created only the first time that the Apply button is pressed 
+	- Possible issue: mikrotik container create a directory instead of container store
+	- If you create or remove container with same Root Dir of another the conflicts is coming to you! 
+	- Be careful before removing container, when you do it the relative Root Dir is eliminated (even container store)
+	- Be careful before press Apply button delete all the container that you want to eliminate
+- When Start the container check in Files if the Root Dir is created as "container store" type, if not there was a problem (starting the container will fail with "execve: No such file or directory"), copy the container setup and change the Root Dir until the container is started correctly
+
+Thanks [@IgorKha](https://github.com/IgorKha/) for [configuration files](https://github.com/IgorKha/Grafana-Mikrotik/) and [Dashboard](https://grafana.com/grafana/dashboards/14420-mikrotik-monitoring/).
+
+Special thanks to my MikroTik teacher @rolando.
+

grafana/provisioning/dashboards/dashboard.yml

@@ -0,0 +1,11 @@
+apiVersion: 1
+
+providers:
+- name: 'Prometheus'
+  orgId: 1
+  folder: ''
+  type: file
+  disableDeletion: false
+  editable: true
+  options:
+    path: /etc/grafana/provisioning/dashboards

grafana/provisioning/datasources/datasource.yml

@@ -0,0 +1,50 @@
+# config file version
+apiVersion: 1
+
+# list of datasources that should be deleted from the database
+deleteDatasources:
+  - name: Prometheus
+    orgId: 1
+
+# list of datasources to insert/update depending
+# whats available in the database
+datasources:
+  # <string, required> name of the datasource. Required
+- name: Prometheus
+  # <string, required> datasource type. Required
+  type: prometheus
+  # <string, required> access mode. direct or proxy. Required
+  access: proxy
+  # <int> org id. will default to orgId 1 if not specified
+  orgId: 1
+  # <string> url
+  url: http://192.168.50.102:9090 # prometheus IP
+  # <string> database password, if used
+  password:
+  # <string> database user, if used
+  user:
+  # <string> database name, if used
+  database:
+  # <bool> enable/disable basic auth
+  basicAuth: false
+  # <string> basic auth username, if used
+  basicAuthUser:
+  # <string> basic auth password, if used
+  basicAuthPassword:
+  # <bool> enable/disable with credentials headers
+  withCredentials:
+  # <bool> mark as default datasource. Max one per org
+  isDefault: true
+  # <map> fields that will be converted to json and stored in json_data
+  jsonData:
+     graphiteVersion: "1.1"
+     tlsAuth: false
+     tlsAuthWithCACert: false
+  # <string> json object of data that will be encrypted.
+  secureJsonData:
+    tlsCACert: "..."
+    tlsClientCert: "..."
+    tlsClientKey: "..."
+  version: 1
+  # <bool> allow users to edit datasources from the UI.
+  editable: true

prometheus/prometheus.yml

@@ -0,0 +1,54 @@
+# Sample config for Prometheus.
+
+global:
+  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
+  # scrape_timeout is set to the global default (10s).
+
+  # Attach these labels to any time series or alerts when communicating with
+  # external systems (federation, remote storage, Alertmanager).
+  external_labels:
+      monitor: 'Mikrotik'
+
+# Alertmanager configuration
+alerting:
+  alertmanagers:
+  - static_configs:
+    - targets: ['localhost:9093']
+
+# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
+rule_files:
+  # - "first_rules.yml"
+  # - "second_rules.yml"
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: 'prometheus'
+
+    # Override the global default and scrape targets from this job every 5 seconds.
+    scrape_interval: 10s
+    scrape_timeout: 10s
+    tls_config:
+      insecure_skip_verify: true
+    # metrics_path defaults to '/metrics'
+    # scheme defaults to 'http'.
+
+    #static_configs:
+      #- targets: ['localhost:9090']
+
+  - job_name: Mikrotik
+    static_configs:
+      - targets:
+        - 192.168.1.33 # mikrotik_ip
+    metrics_path: /snmp
+    params:
+      module: [mikrotik]
+    relabel_configs:
+      - source_labels: [__address__]
+        target_label: __param_target
+      - source_labels: [__param_target]
+        target_label: instance
+      - target_label: __address__
+        replacement: 192.168.50.101:9116  # The SNMP exporter's real hostname:port.