-
-
Notifications
You must be signed in to change notification settings - Fork 453
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: add initial support for prometheus metrics. #1465
base: develop
Are you sure you want to change the base?
Conversation
just add this to the existing monitoring endpoint instead of duplicating all the code. just add whatever fields you want to the response. doesn't make sense to duplicate 90% of the code lol is exactly the same |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## develop #1465 +/- ##
===========================================
+ Coverage 81.13% 81.65% +0.52%
===========================================
Files 116 116
Lines 7791 7829 +38
===========================================
+ Hits 6321 6393 +72
+ Misses 1470 1436 -34 ☔ View full report in Codecov by Sentry. |
171886e
to
af42a8f
Compare
thank you I am busy atm but will answer all your questions hopefully over weekend but looking good so far nice! |
Thanks for the update! No hurry here. One more question, in case I do not figure it out before you have time: Is there a redacted example |
use this ansible role to setup a debian 11 vm for trmm development: https://github.com/amidaware/tacticalrmm/tree/develop/ansible here's example of local_settings.py from the above role SECRET_KEY = "changeme"
DEBUG = True
ALLOWED_HOSTS = ["api.example.com"]
ADMIN_URL = "admin/"
CORS_ORIGIN_ALLOW_ALL = True
DATABASES = {
"default": {
"ENGINE": "django.db.backends.postgresql",
"NAME": "tacticalrmm",
"USER": "tactical",
"PASSWORD": "changeme",
"HOST": "localhost",
"PORT": "5432",
}
}
REDIS_HOST = "localhost"
CERT_FILE = "/etc/ssl/certs/tacticalpub.pem"
KEY_FILE = "/etc/ssl/certs/tacticalpriv.pem"
MESH_USERNAME = "tactical"
MESH_SITE = "https://mesh.example.com"
MESH_TOKEN_KEY = "changeme" |
Just seeing your message now. I will check out the role. I initially misunderstood that I figured out why my tests were failing on my existing VM. The createdb permission was missing in pgsql. For others that run across this my tests failing to run was resolved with:
|
f969e54
to
3a8decc
Compare
For when you have time: The existing
Thanks! |
Look into python mock, check codebase is full of them. Just mock the return values of the functions that check certs. |
2e02f78
to
c63839c
Compare
--- Metrics for the prometheus endpoint are slightly different from the json one. - I do not want to break things for those that use the old endpoint. - Some metrics are hard to utilize in Prometheus without a format change. (example: certificate timestamp) - Usually blackbox_exporter would cover certificate monitoring, but since people use TRMM with multiple proxies both internal monitoring and blackbox_exporter may be useful. - Memory and disk space was not transfered because they are system wide and Prometheus users likely will have node_exporter installed for that. - Prometheus format has slightly more detailed metrics. --- Instructions: 1. Setup MON_TOKEN variable in `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` for your bearer_token. This is the same as for the json endpoint. See [Tips and Tricks](https://docs.tacticalrmm.com/tipsntricks/#monitor-your-trmm-instance-via-the-built-in-monitoring-endpoint). 2. Test with curl command: `curl -s -H "Authorization: Bearer $MON_TOKEN" https://api.trmm.example.com/core/status/` 3. Setup Prometheus job with: ``` - job_name: trmm scrape_interval: 60s metrics_path: /core/status/ scheme: https bearer_token: $MON_TOKEN static_configs: - targets: - api.trmm.example.com ```
I did look at mocking/patching the certificate loading bits and was successful but found that supplying a small fake cert tests additional untested areas so I used that route. I have been trying to get the tests to cover the impossible to reach else case in core/views.py but have not been able to find a way to patch the decorator before it gets loaded. Thank you for the guidance. |
you're not hitting that line in the tests cuz as you wrote in the comment, it's not possible to get there. so just remove that last else statement from the view. it's never gonna hit there anyway, and your tests already prove that lol |
942055f
to
903a2d6
Compare
Could someone look over this and let me know if this okay for adding initial support for Prometheus metrics?
/metrics
is used as that is traditional for Prometheus environments. I can change it back to/core/metrics
if required.@csrf_exempt
is actually needed or wanted here; the monitoring endpoint made it seem so, to me.Use instructions:
MON_TOKEN
as in Tips and Tricks.curl -s -H "Authorization: Bearer $MON_TOKEN" https://api.trmm.example.com/metrics
edit: updated instructions to share json status endpoint. instructions also in commit message now.