-
Notifications
You must be signed in to change notification settings - Fork 8
Collecting and Visualizing Metrics
If you ever ran a server or hosted some application yourself, you probably already understand the value of effective metrics and their visualization. When I created this project, I wanted to track how many certificates it processes and identify any errors missed logs. That's why I added support for exporting Prometheus-style metrics.
This document provides a comprehensive guide on setting up a monitoring stack from scratch and integrating certstream-server-go metrics into a Prometheus database for visualization with Grafana. For the purpose of simplicity, we'll utilize docker-compose on a linux server.
This document assumes you know docker (and docker-compose) and the linux command line.
It requires you to have docker and docker-compose (either v1 or v2) installed on your system.
You should also have basic network/socket knowledge for setting up the listen addresses of the services.
Let's begin by creating a new directory that'll hold our configuration and application data.
As an example we will use /opt/prometheus-grafana as the base directory.
This directory will contain the docker-compose.yml file, as well as three config directories for application configuration files and two data directories used for persisting and backing up the data (e.g. prometheus db).
You can use these commands to create empty directories and config files:
mkdir prometheus prometheus_data grafana grafana_data certstream
touch prometheus/prometheus.yml grafana/config.monitoring certstream/config.yaml
The final directory layout should look something like this:
.
├── docker-compose.yml
├── certstream/
│ └── config.yaml
├── grafana/
│ └── config.monitoring
├── grafana_data/
├── prometheus/
│ └── prometheus.yml
└── prometheus_data/
Please ensure that the directories have matching read, write, and execute permissions for the users specified in the docker-compose.yml file. Alternatively, you may create individual users for each service and grant them specific permissions on the directories.
The certstream config is probably the easiest. The full documentation on the config parameters can be found here.
In the config.yml (certstream directory) you can enable the prometheus exporter in the config like so:
certstream/config.yaml:
webserver:
listen_addr: "0.0.0.0"
listen_port: 80
full_url: "/full-stream"
lite_url: "/"
domains_only_url: "/domains-only"
cert_path: ""
cert_key_path: ""
prometheus:
enabled: true
listen_addr: "0.0.0.0"
listen_port: 80
metrics_url: "/metrics"Enter the interface and port for the /metrics endpoint.
When using docker, the interface and port are only used within the docker container.
It is recommended to use 0.0.0.0 as the IP when running in a docker container.
Don't forget to also configure the port in the docker-compose.yml file.
If both prometheus and webserver are set to the same IP, a second port does not need to be configured.
Once enabled, you should be able to access metrics via http from the /metrics endpoint.
In order to store our metrics, we need to configure Prometheus to scrape our /metrics endpoint.
I suggest increasing the scrape_interval to 5s to have more detailed statistics.
prometheus/prometheus.yml:
global:
scrape_interval: 5s # By default, scrape targets every 15 seconds.
# Attach these labels to any time series or alerts when communicating with
# external systems (federation, remote storage, Alertmanager).
external_labels:
monitor: 'codelab-monitor'
# A scrape configuration containing exactly one endpoint to scrape:
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
- job_name: 'Prometheus'
static_configs:
- targets: ['127.0.0.1:9090']
- job_name: 'certstream'
scheme: https
static_configs:
- targets: ['certstream.example.com']
Enter the IP/port combination or the hostname in the targets field. In case your prometheus/grafana stack runs on another machine and you need to connect to the /metrics endpoint via https, make sure to add the scheme: https to the prometheus config.
You can find the full Prometheus documentation here
Grafana barely needs any configuration out of the box. At least give it some information about the domain and the root url the site runs on. Since we're using the docker version, we're advised to configure Grafana using environment variables.
grafana/config.monitoring:
GF_SERVER_DOMAIN=grafana.example.com
GF_SERVER_ROOT_URL="https://grafana.example.com/"You can extend the Grafana config by some mailing parameters, in case you want to send out mails from your Grafana instance.
GF_SMTP_ENABLED=true
GF_SMTP_HOST=mail.example.com
GF_SMTP_PASSWORD=examplePassword
GF_SMTP_USER=example
GF_SMTP_FROM_ADDRESS="grafana@example.com"
GF_SMTP_FROM_NAME="Grafana Example"The whole documentation can be found here.
The final component is the docker-compose.yml file, which ties all of our services together into a single, manageable stack. You can find the docker-compose.yml in the root directory of this GitHub repository.
wget https://raw.githubusercontent.com/d-Rickyy-b/certstream-server-go/master/docker-compose.yml
Feel free to change the ports to your likings. A comprehensive guide on docker networking can be found in the official docker docs.
As mentioned above, make sure the directories have sufficient read, write, and execute permissions for the users running the services. You can specify the uid:gid in the docker-compose.yml if needed.
To ensure stability, the image versions are pinned. If you wish to update a service (e.g. Grafana), simply update the version number in the image tag (image: grafana/grafana:9.3.1) and run the following command: docker-compose pull && docker-compose stop && docker-compose up --force-recreate --build -d && docker image prune. This will pull the new version and recreate the stack. Alternatively, you can update individual containers by stopping and recreating them individually.
In order to start the monitoring stack including the certstream service, run docker-compose up -d (or docker compose up -d on compose v2).