sliding sync metrics support

This commit is contained in:
HarHarLinks 2024-06-10 23:30:22 +02:00
parent 75f5a1d880
commit cc70ece99b
6 changed files with 81 additions and 8 deletions

View File

@ -79,6 +79,8 @@ Name | Description
`prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network)
`prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above. `prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
`matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network) `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network)
`matrix_sliding_sync_metrics_enabled`|Set this to `true` to make [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) expose metrics (locally, on the container network)
`matrix_sliding_sync_metrics_proxying_enabled`|Set this to `true` to expose the [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) metrics on `https://matrix.DOMAIN/metrics/sliding-sync`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
`matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network)
`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above. `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above or `matrix_SERVICE_container_labels_metrics_middleware_basic_auth_enabled`/`matrix_SERVICE_container_labels_metrics_middleware_basic_auth_users` variables provided by each role. `matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above or `matrix_SERVICE_container_labels_metrics_middleware_basic_auth_enabled`/`matrix_SERVICE_container_labels_metrics_middleware_basic_auth_users` variables provided by each role.

View File

@ -4941,6 +4941,9 @@ matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook
matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}" matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}" matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
matrix_sliding_sync_systemd_required_services_list_auto: | matrix_sliding_sync_systemd_required_services_list_auto: |
{{ {{
matrix_homeserver_systemd_services_list matrix_homeserver_systemd_services_list
@ -4954,7 +4957,13 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix
matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}" matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}"
###################################################################### matrix_sliding_sync_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
matrix_sliding_sync_metrics_proxying_enabled: "{{ matrix_sliding_sync_metrics_enabled and matrix_metrics_exposure_enabled }}"
matrix_sliding_sync_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
matrix_sliding_sync_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/sliding-sync"
#####################################################################
# #
# /matrix-sliding-sync # /matrix-sliding-sync
# #

View File

@ -38,6 +38,16 @@ matrix_sliding_sync_container_network: ''
# Use this to expose this container to another reverse proxy, which runs in a different container network. # Use this to expose this container to another reverse proxy, which runs in a different container network.
matrix_sliding_sync_container_additional_networks: [] matrix_sliding_sync_container_additional_networks: []
# Enable the exposure of metrics to Prometheus
# See https://github.com/matrix-org/sliding-sync/tree/main/grafana
matrix_sliding_sync_metrics_enabled: false
matrix_sliding_sync_metrics_port: 2112
# Controls whether Sliding Sync metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/sliding-sync`
matrix_sliding_sync_metrics_proxying_enabled: false
matrix_sliding_sync_metrics_proxying_hostname: ''
matrix_sliding_sync_metrics_proxying_path: /metrics/sliding-sync
# matrix_sliding_sync_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container. # matrix_sliding_sync_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
# See `../templates/labels.j2` for details. # See `../templates/labels.j2` for details.
# #
@ -53,6 +63,18 @@ matrix_sliding_sync_container_labels_traefik_entrypoints: web-secure
matrix_sliding_sync_container_labels_traefik_tls: "{{ matrix_sliding_sync_container_labels_traefik_entrypoints != 'web' }}" matrix_sliding_sync_container_labels_traefik_tls: "{{ matrix_sliding_sync_container_labels_traefik_entrypoints != 'web' }}"
matrix_sliding_sync_container_labels_traefik_tls_certResolver: default # noqa var-naming matrix_sliding_sync_container_labels_traefik_tls_certResolver: default # noqa var-naming
# Controls whether labels will be added that expose metrics (see `matrix_sliding_sync_metrics_proxying_enabled`) for Sliding Sync
matrix_sliding_sync_container_labels_public_metrics_enabled: "{{ matrix_sliding_sync_metrics_enabled and matrix_sliding_sync_metrics_proxying_enabled }}"
matrix_sliding_sync_container_labels_public_metrics_traefik_path: "{{ matrix_sliding_sync_metrics_proxying_path }}"
matrix_sliding_sync_container_labels_public_metrics_traefik_rule: "Host(`{{ matrix_sliding_sync_metrics_proxying_hostname }}`) && Path(`{{ matrix_sliding_sync_container_labels_public_metrics_traefik_path }}`)"
matrix_sliding_sync_container_labels_public_metrics_traefik_priority: 0
matrix_sliding_sync_container_labels_public_metrics_traefik_entrypoints: "{{ matrix_sliding_sync_container_labels_traefik_entrypoints }}"
matrix_sliding_sync_container_labels_public_metrics_traefik_tls: "{{ matrix_sliding_sync_container_labels_public_metrics_traefik_entrypoints != 'web' }}"
matrix_sliding_sync_container_labels_public_metrics_traefik_tls_certResolver: "{{ matrix_sliding_sync_container_labels_traefik_tls_certResolver }}" # noqa var-naming
matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: false
# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: ''
# Controls which additional headers to attach to all HTTP responses. # Controls which additional headers to attach to all HTTP responses.
# To add your own headers, use `matrix_sliding_sync_container_labels_traefik_additional_response_headers_custom` # To add your own headers, use `matrix_sliding_sync_container_labels_traefik_additional_response_headers_custom`
matrix_sliding_sync_container_labels_traefik_additional_response_headers: "{{ matrix_sliding_sync_container_labels_traefik_additional_response_headers_auto | combine(matrix_sliding_sync_container_labels_traefik_additional_response_headers_custom) }}" matrix_sliding_sync_container_labels_traefik_additional_response_headers: "{{ matrix_sliding_sync_container_labels_traefik_additional_response_headers_auto | combine(matrix_sliding_sync_container_labels_traefik_additional_response_headers_custom) }}"
@ -89,6 +111,9 @@ matrix_sliding_sync_environment_variable_syncv3_secret: ''
# Controls the SYNCV3_DB environment variable # Controls the SYNCV3_DB environment variable
matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode={{ matrix_sliding_sync_database_sslmode }}' matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode={{ matrix_sliding_sync_database_sslmode }}'
# Controls the SYNCV3_PROM environment variable
matrix_sliding_sync_environment_variable_syncv3_prom: ':{{ matrix_sliding_sync_metrics_port }}'
# Additional environment variables. # Additional environment variables.
matrix_sliding_sync_environment_variables_additional_variables: '' matrix_sliding_sync_environment_variables_additional_variables: ''

View File

@ -3,11 +3,13 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: > msg: >
You need to define a required configuration setting (`{{ item.name }}`). You need to define a required configuration setting (`{{ item.name }}`).
when: "vars[item] == ''" when: "item.when | bool and vars[item.name] == ''"
with_items: with_items:
- matrix_sliding_sync_hostname - {'name': 'matrix_sliding_sync_hostname', when: true}
- matrix_sliding_sync_path_prefix - {'name': 'matrix_sliding_sync_path_prefix', when: true}
- matrix_sliding_sync_database_hostname - {'name': 'matrix_sliding_sync_database_hostname', when: true}
- matrix_sliding_sync_environment_variable_syncv3_server - {'name': 'matrix_sliding_sync_environment_variable_syncv3_server', when: true}
- matrix_sliding_sync_environment_variable_syncv3_secret - {'name': 'matrix_sliding_sync_environment_variable_syncv3_secret', when: true}
- matrix_sliding_sync_container_network - {'name': 'matrix_sliding_sync_container_network', when: true}
- {'name': 'matrix_sliding_sync_metrics_proxying_hostname', when: "{{ matrix_sliding_sync_metrics_proxying_enabled }}"}
- {'name': 'matrix_sliding_sync_metrics_proxying_path_prefix', when: "{{ matrix_sliding_sync_metrics_proxying_enabled }}"}

View File

@ -3,4 +3,8 @@ SYNCV3_SECRET={{ matrix_sliding_sync_environment_variable_syncv3_secret }}
SYNCV3_BINDADDR=:8008 SYNCV3_BINDADDR=:8008
SYNCV3_DB={{ matrix_sliding_sync_environment_variable_syncv3_db }} SYNCV3_DB={{ matrix_sliding_sync_environment_variable_syncv3_db }}
{% if matrix_sliding_sync_metrics_enabled %}
SYNCV3_PROM={{ matrix_sliding_sync_environment_variable_syncv3_prom }}
{% endif %}
{{ matrix_sliding_sync_environment_variables_additional_variables }} {{ matrix_sliding_sync_environment_variables_additional_variables }}

View File

@ -6,6 +6,7 @@ traefik.docker.network={{ matrix_sliding_sync_container_labels_traefik_docker_ne
{% endif %} {% endif %}
traefik.http.services.matrix-sliding-sync.loadbalancer.server.port=8008 traefik.http.services.matrix-sliding-sync.loadbalancer.server.port=8008
traefik.http.services.matrix-sliding-sync-metrics.loadbalancer.server.port={{ matrix_sliding_sync_metrics_port }}
{% set middlewares = [] %} {% set middlewares = [] %}
@ -41,6 +42,36 @@ traefik.http.routers.matrix-sliding-sync.tls={{ matrix_sliding_sync_container_la
traefik.http.routers.matrix-sliding-sync.tls.certResolver={{ matrix_sliding_sync_container_labels_traefik_tls_certResolver }} traefik.http.routers.matrix-sliding-sync.tls.certResolver={{ matrix_sliding_sync_container_labels_traefik_tls_certResolver }}
{% endif %} {% endif %}
{% if matrix_sliding_sync_container_labels_public_metrics_enabled %}
{% set metrics_middlewares = [] %}
{% if matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled %}
{% set metrics_middlewares = metrics_middlewares + ['matrix-sliding-sync-metrics-basic-auth'] %}
traefik.http.middlewares.matrix-sliding-sync-metrics-basic-auth.basicauth.users={{ matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users }}
{% endif %}
{% set metrics_middlewares = metrics_middlewares + ['matrix-sliding-sync-metrics-replacepath'] %}
traefik.http.middlewares.matrix-sliding-sync-metrics-replacepath.replacepath.path=/metrics
traefik.http.routers.matrix-sliding-sync-metrics.rule={{ matrix_sliding_sync_container_labels_public_metrics_traefik_rule }}
{% if metrics_middlewares | length > 0 %}
traefik.http.routers.matrix-sliding-sync-metrics.middlewares={{ metrics_middlewares | join(',') }}
{% endif %}
{% if matrix_sliding_sync_container_labels_public_metrics_traefik_priority | int > 0 %}
traefik.http.routers.matrix-sliding-sync-metrics.priority={{ matrix_sliding_sync_container_labels_public_metrics_traefik_priority }}
{% endif %}
traefik.http.routers.matrix-sliding-sync-metrics.service=matrix-sliding-sync-metrics
traefik.http.routers.matrix-sliding-sync-metrics.entrypoints={{ matrix_sliding_sync_container_labels_public_metrics_traefik_entrypoints }}
traefik.http.routers.matrix-sliding-sync-metrics.tls={{ matrix_sliding_sync_container_labels_public_metrics_traefik_tls | to_json }}
{% if matrix_sliding_sync_container_labels_public_metrics_traefik_tls %}
traefik.http.routers.matrix-sliding-sync-metrics.tls.certResolver={{ matrix_sliding_sync_container_labels_public_metrics_traefik_tls_certResolver }}
{% endif %}
{% endif %}
{% endif %} {% endif %}
{{ matrix_sliding_sync_container_labels_additional_labels }} {{ matrix_sliding_sync_container_labels_additional_labels }}