nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-20 19:16:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/prometheus: add remaining service discovery options

Browse Source
This commit is contained in:
Yannik Rödel 2021-11-05 12:18:13 +01:00
parent b3d4f6d841
commit 7d34d32b3d
1 changed files with 484 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

492
nixos/modules/services/monitoring/prometheus/default.nix
View File

@ -343,7 +343,9 @@ let
Optional proxy URL.
'';
# azure_sd_configs
azure_sd_configs = mkOpt (types.listOf promTypes.azure_sd_config) ''
List of Azure service discovery configurations.
'';
consul_sd_configs = mkOpt (types.listOf promTypes.consul_sd_config) ''
List of Consul service discovery configurations.
@ -393,13 +395,17 @@ let
List of HTTP service discovery configurations.
'';
# kubernetes_sd_configs
kubernetes_sd_configs = mkOpt (types.listOf promTypes.kubernetes_sd_config) ''
List of Kubernetes service discovery configurations.
'';
kuma_sd_configs = mkOpt (types.listOf promTypes.kuma_sd_config) ''
List of Kuma service discovery configurations.
'';
# lightsail_sd_configs
lightsail_sd_configs = mkOpt (types.listOf promTypes.lightsail_sd_config) ''
List of Lightsail service discovery configurations.
'';
linode_sd_configs = mkOpt (types.listOf promTypes.linode_sd_config) ''
List of Linode service discovery configurations.
@ -413,14 +419,29 @@ let
List of AirBnB's Nerve service discovery configurations.
'';
# openstack_sd_configs
# scaleway_sd_configs
openstack_sd_configs = mkOpt (types.listOf promTypes.openstack_sd_config) ''
List of OpenStack service discovery configurations.
'';
puppetdb_sd_configs = mkOpt (types.listOf promTypes.puppetdb_sd_config) ''
List of PuppetDB service discovery configurations.
'';
scaleway_sd_configs = mkOpt (types.listOf promTypes.scaleway_sd_config) ''
List of Scaleway service discovery configurations.
'';
serverset_sd_configs = mkOpt (types.listOf promTypes.serverset_sd_config) ''
List of Zookeeper Serverset service discovery configurations.
'';
# triton_sd_configs
triton_sd_configs = mkOpt (types.listOf promTypes.triton_sd_config) ''
List of Triton Serverset service discovery configurations.
'';
uyuni_sd_configs = mkOpt (types.listOf promTypes.uyuni_sd_config) ''
List of Uyuni Serverset service discovery configurations.
'';
static_configs = mkOpt (types.listOf promTypes.static_config) ''
List of labeled target groups for this job.
@ -479,6 +500,63 @@ let
# Config types: service discovery
#
# For this one, the docs actually define all types needed to use mkSdConfigModule, but a bunch
# of them are marked with 'currently not support by Azure' so we don't bother adding them in
# here.
promTypes.azure_sd_config = types.submodule {
options = {
environment = mkDefOpt types.str "AzurePublicCloud" ''
The Azure environment.
'';
authentication_method = mkDefOpt (types.enum [ "OAuth" "ManagedIdentity" ]) "OAuth" ''
The authentication method, either OAuth or ManagedIdentity.
See https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview
'';
subscription_id = mkOption {
type = types.str;
description = ''
The subscription ID.
'';
};
tenant_id = mkOpt types.str ''
Optional tenant ID. Only required with authentication_method OAuth.
'';
client_id = mkOpt types.str ''
Optional client ID. Only required with authentication_method OAuth.
'';
client_secret = mkOpt types.str ''
Optional client secret. Only required with authentication_method OAuth.
'';
refresh_interval = mkDefOpt types.str "300s" ''
Refresh interval to re-read the instance list.
'';
port = mkDefOpt types.int "80" ''
The port to scrape metrics from. If using the public IP
address, this must instead be specified in the relabeling
rule.
'';
proxy_url = mkOpt types.str ''
Optional proxy URL.
'';
follow_redirects = mkDefOpt types.bool "true" ''
Configure whether HTTP requests follow HTTP 3xx redirects.
'';
tls_config = mkOpt promTypes.tls_config ''
TLS configuration.
'';
};
};
promTypes.consul_sd_config = mkSdConfigModule {
server = mkDefOpt types.str "localhost:8500" ''
Consul server to query.
@ -805,6 +883,77 @@ let
};
};
promTypes.kubernetes_sd_config = mkSdConfigModule {
api_server = mkOpt types.str ''
The API server addresses. If left empty, Prometheus is assumed to run inside
of the cluster and will discover API servers automatically and use the pod's
CA certificate and bearer token file at /var/run/secrets/kubernetes.io/serviceaccount/.
'';
role = mkOption {
type = types.enum [ "endpoints" "service" "pod" "node" "ingress" ];
description = ''
The Kubernetes role of entities that should be discovered.
One of endpoints, service, pod, node, or ingress.
'';
};
kubeconfig_file = mkOpt types.str ''
Optional path to a kubeconfig file.
Note that api_server and kube_config are mutually exclusive.
'';
namespaces = mkOpt
(
types.submodule {
options = {
names = mkOpt (types.listOf types.str) ''
Namespace name.
'';
};
}
) ''
Optional namespace discovery. If omitted, all namespaces are used.
'';
selectors = mkOpt
(
types.listOf (
types.submodule {
options = {
role = mkOption {
type = types.str;
description = ''
Selector role
'';
};
label = mkOpt types.str ''
Selector label
'';
field = mkOpt types.str ''
Selector field
'';
};
}
)
) ''
Optional label and field selectors to limit the discovery process to a subset of available resources.
See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors/
and https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ to learn more about the possible
filters that can be used. Endpoints role supports pod, service and endpoints selectors, other roles
only support selectors matching the role itself (e.g. node role can only contain node selectors).
Note: When making decision about using field/label selector make sure that this
is the best approach - it will prevent Prometheus from reusing single list/watch
for all scrape configs. This might result in a bigger load on the Kubernetes API,
because per each selector combination there will be additional LIST/WATCH. On the other hand,
if you just want to monitor small subset of pods in large cluster it's recommended to use selectors.
Decision, if selectors should be used or not depends on the particular situation.
'';
};
promTypes.kuma_sd_config = mkSdConfigModule {
server = mkOption {
type = types.str;
@ -822,6 +971,43 @@ let
'';
};
promTypes.lightsail_sd_config = types.submodule {
options = {
region = mkOpt types.str ''
The AWS region. If blank, the region from the instance metadata is used.
'';
endpoint = mkOpt types.str ''
Custom endpoint to be used.
'';
access_key = mkOpt types.str ''
The AWS API keys. If blank, the environment variable <literal>AWS_ACCESS_KEY_ID</literal> is used.
'';
secret_key = mkOpt types.str ''
The AWS API keys. If blank, the environment variable <literal>AWS_SECRET_ACCESS_KEY</literal> is used.
'';
profile = mkOpt types.str ''
Named AWS profile used to connect to the API.
'';
role_arn = mkOpt types.str ''
AWS Role ARN, an alternative to using AWS API keys.
'';
refresh_interval = mkDefOpt types.str "60s" ''
Refresh interval to re-read the instance list.
'';
port = mkDefOpt types.int "80" ''
The port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
'';
};
};
promTypes.linode_sd_config = mkSdConfigModule {
port = mkDefOpt types.int "80" ''
The port to scrape metrics from.
@ -883,9 +1069,299 @@ let
};
};
promTypes.openstack_sd_config = types.submodule {
options =
let
userDescription = ''
username is required if using Identity V2 API. Consult with your provider's
control panel to discover your account's username. In Identity V3, either
userid or a combination of username and domain_id or domain_name are needed.
'';
domainDescription = ''
At most one of domain_id and domain_name must be provided if using username
with Identity V3. Otherwise, either are optional.
'';
projectDescription = ''
The project_id and project_name fields are optional for the Identity V2 API.
Some providers allow you to specify a project_name instead of the project_id.
Some require both. Your provider's authentication policies will determine
how these fields influence authentication.
'';
applicationDescription = ''
The application_credential_id or application_credential_name fields are
required if using an application credential to authenticate. Some providers
allow you to create an application credential to authenticate rather than a
password.
'';
in
{
role = mkOption {
type = types.str;
description = ''
The OpenStack role of entities that should be discovered.
'';
};
region = mkOption {
type = types.str;
description = ''
The OpenStack Region.
'';
};
identity_endpoint = mkOpt types.str ''
identity_endpoint specifies the HTTP endpoint that is required to work with
the Identity API of the appropriate version. While it's ultimately needed by
all of the identity services, it will often be populated by a provider-level
function.
'';
username = mkOpt types.str userDescription;
userid = mkOpt types.str userDescription;
password = mkOpt types.str ''
password for the Identity V2 and V3 APIs. Consult with your provider's
control panel to discover your account's preferred method of authentication.
'';
domain_name = mkOpt types.str domainDescription;
domain_id = mkOpt types.str domainDescription;
project_name = mkOpt types.str projectDescription;
project_id = mkOpt types.str projectDescription;
application_credential_name = mkOpt types.str applicationDescription;
application_credential_id = mkOpt types.str applicationDescription;
application_credential_secret = mkOpt types.str ''
The application_credential_secret field is required if using an application
credential to authenticate.
'';
all_tenants = mkDefOpt types.bool "false" ''
Whether the service discovery should list all instances for all projects.
It is only relevant for the 'instance' role and usually requires admin permissions.
'';
refresh_interval = mkDefOpt types.str "60s" ''
Refresh interval to re-read the instance list.
'';
port = mkDefOpt types.int "80" ''
The port to scrape metrics from. If using the public IP address, this must
instead be specified in the relabeling rule.
'';
availability = mkDefOpt (types.enum [ "public" "admin" "internal" ]) "public" ''
The availability of the endpoint to connect to. Must be one of public, admin or internal.
'';
tls_config = mkOpt promTypes.tls_config ''
TLS configuration.
'';
};
};
promTypes.puppetdb_sd_config = mkSdConfigModule {
url = mkOption {
type = types.str;
description = ''
The URL of the PuppetDB root query endpoint.
'';
};
query = mkOption {
type = types.str;
description = ''
Puppet Query Language (PQL) query. Only resources are supported.
https://puppet.com/docs/puppetdb/latest/api/query/v4/pql.html
'';
};
include_parameters = mkDefOpt types.bool "false" ''
Whether to include the parameters as meta labels.
Due to the differences between parameter types and Prometheus labels,
some parameters might not be rendered. The format of the parameters might
also change in future releases.
Note: Enabling this exposes parameters in the Prometheus UI and API. Make sure
that you don't have secrets exposed as parameters if you enable this.
'';
refresh_interval = mkDefOpt types.str "60s" ''
Refresh interval to re-read the resources list.
'';
port = mkDefOpt types.int "80" ''
The port to scrape metrics from.
'';
};
promTypes.scaleway_sd_config = types.submodule {
options = {
access_key = mkOption {
type = types.str;
description = ''
Access key to use. https://console.scaleway.com/project/credentials
'';
};
secret_key = mkOpt types.str ''
Secret key to use when listing targets. https://console.scaleway.com/project/credentials
It is mutually exclusive with `secret_key_file`.
'';
secret_key_file = mkOpt types.str ''
Sets the secret key with the credentials read from the configured file.
It is mutually exclusive with `secret_key`.
'';
project_id = mkOption {
type = types.str;
description = ''
Project ID of the targets.
'';
};
role = mkOption {
type = types.enum [ "instance" "baremetal" ];
description = ''
Role of the targets to retrieve. Must be `instance` or `baremetal`.
'';
};
port = mkDefOpt types.int "80" ''
The port to scrape metrics from.
'';
api_url = mkDefOpt types.str "https://api.scaleway.com" ''
API URL to use when doing the server listing requests.
'';
zone = mkDefOpt types.str "fr-par-1" ''
Zone is the availability zone of your targets (e.g. fr-par-1).
'';
name_filter = mkOpt types.str ''
Specify a name filter (works as a LIKE) to apply on the server listing request.
'';
tags_filter = mkOpt (types.listOf types.str) ''
Specify a tag filter (a server needs to have all defined tags to be listed) to apply on the server listing request.
'';
refresh_interval = mkDefOpt types.str "60s" ''
Refresh interval to re-read the managed targets list.
'';
proxy_url = mkOpt types.str ''
Optional proxy URL.
'';
follow_redirects = mkDefOpt types.bool "true" ''
Configure whether HTTP requests follow HTTP 3xx redirects.
'';
tls_config = mkOpt promTypes.tls_config ''
TLS configuration.
'';
};
};
# These are exactly the same.
promTypes.serverset_sd_config = promTypes.nerve_sd_config;
promTypes.triton_sd_config = types.submodule {
options = {
account = mkOption {
type = types.str;
description = ''
The account to use for discovering new targets.
'';
};
role = mkDefOpt (types.enum [ "container" "cn" ]) "container" ''
The type of targets to discover, can be set to:
- "container" to discover virtual machines (SmartOS zones, lx/KVM/bhyve branded zones) running on Triton
- "cn" to discover compute nodes (servers/global zones) making up the Triton infrastructure
'';
dns_suffix = mkOption {
type = types.str;
description = ''
The DNS suffix which should be applied to target.
'';
};
endpoint = mkOption {
type = types.str;
description = ''
The Triton discovery endpoint (e.g. <literal>cmon.us-east-3b.triton.zone</literal>). This is
often the same value as dns_suffix.
'';
};
groups = mkOpt (types.listOf types.str) ''
A list of groups for which targets are retrieved, only supported when targeting the <literal>container</literal> role.
If omitted all containers owned by the requesting account are scraped.
'';
port = mkDefOpt types.int "9163" ''
The port to use for discovery and metric scraping.
'';
refresh_interval = mkDefOpt types.str "60s" ''
The interval which should be used for refreshing targets.
'';
version = mkDefOpt types.int "1" ''
The Triton discovery API version.
'';
tls_config = mkOpt promTypes.tls_config ''
TLS configuration.
'';
};
};
promTypes.uyuni_sd_config = mkSdConfigModule {
server = mkOption {
type = types.str;
description = ''
The URL to connect to the Uyuni server.
'';
};
username = mkOption {
type = types.str;
description = ''
Credentials are used to authenticate the requests to Uyuni API.
'';
};
password = mkOption {
type = types.str;
description = ''
Credentials are used to authenticate the requests to Uyuni API.
'';
};
entitlement = mkDefOpt types.str "monitoring_entitled" ''
The entitlement string to filter eligible systems.
'';
separator = mkDefOpt types.str "," ''
The string by which Uyuni group names are joined into the groups label
'';
refresh_interval = mkDefOpt types.str "60s" ''
Refresh interval to re-read the managed targets list.
'';
};
promTypes.static_config = types.submodule {
options = {
targets = mkOption {
@ -1356,7 +1832,7 @@ in
};
systemd.services.prometheus = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
after = [ "network.target" ];
preStart = mkIf (!cfg.enableReload) ''
${lib.getBin pkgs.envsubst}/bin/envsubst -o "/run/prometheus/prometheus-substituted.yaml" \
-i "${prometheusYml}"
@ -1367,7 +1843,7 @@ in
concatStringsSep " \\\n " cmdlineArgs);
ExecReload = mkIf cfg.enableReload "+${reload}/bin/reload-prometheus";
User = "prometheus";
Restart = "always";
Restart = "always";
EnvironmentFile = mkIf (cfg.environmentFile != null && !cfg.enableReload) [ cfg.environmentFile ];
RuntimeDirectory = "prometheus";
RuntimeDirectoryMode = "0700";