diff --git a/docker-jans-auth-server/Dockerfile b/docker-jans-auth-server/Dockerfile index 5d76c177da5..5ceaf522698 100644 --- a/docker-jans-auth-server/Dockerfile +++ b/docker-jans-auth-server/Dockerfile @@ -135,6 +135,16 @@ RUN python3 -m ensurepip \ && pip3 install --no-cache-dir --default-timeout=300 -r /app/requirements.txt \ && pip3 uninstall -y pip wheel +# ========== +# Prometheus +# ========== + +ARG PROMETHEUS_JAVAAGENT_VERSION=0.17.0 +COPY conf/prometheus-config.yaml /opt/prometheus/ +RUN mkdir -p /opt/prometheus \ + && wget -q https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/${PROMETHEUS_JAVAAGENT_VERSION}/jmx_prometheus_javaagent-${PROMETHEUS_JAVAAGENT_VERSION}.jar -O /opt/prometheus/jmx_prometheus_javaagent.jar \ + && java -jar ${JETTY_HOME}/start.jar jetty.home=${JETTY_HOME} jetty.base=${JETTY_BASE}/jans-auth --add-module=jmx,stats + # ======= # Cleanup # ======= @@ -231,7 +241,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ GOOGLE_PROJECT_ID="" \ GOOGLE_APPLICATION_CREDENTIALS=/etc/jans/conf/google-credentials.json \ ADMIN_UI_JWKS=http://0.0.0.0:8080/jans-auth/restv1/jwks \ - CN_JETTY_REQUEST_HEADER_SIZE=8192 + CN_JETTY_REQUEST_HEADER_SIZE=8192 \ + CN_PROMETHEUS_PORT="" # ========== # misc stuff diff --git a/docker-jans-auth-server/README.md b/docker-jans-auth-server/README.md index 36393a4df6f..5f19eb7c0c1 100644 --- a/docker-jans-auth-server/README.md +++ b/docker-jans-auth-server/README.md @@ -75,6 +75,7 @@ The following environment variables are supported by the container: - `CN_GOOGLE_SPANNER_DATABASE_ID`: Google Spanner database ID. - `CN_JETTY_REQUEST_HEADER_SIZE`: Maximum size of request header accepted by Jetty (default to `8192`). - `CN_AUTH_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). +- `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. ### Configure app loggers @@ -146,3 +147,13 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "session": "spanner", } ``` + +### Exposing metrics + +As per v1.0.1, certain metrics can be exposed via Prometheus JMX exporter. +To expose the metrics, set the `CN_PROMETHEUS_PORT` environment variable, i.e. `CN_PROMETHEUS_PORT=9093`. +Afterwards, metrics can be scraped by Prometheus or accessed manually by making request to `/metrics` URL, +i.e. `http://container:9093/metrics`. + +Note that Prometheus JMX exporter uses pre-defined config file (see `conf/prometheus-config.yaml`). +To customize the config, mount custom config file to `/opt/prometheus/prometheus-config.yaml` inside the container. diff --git a/docker-jans-auth-server/conf/prometheus-config.yaml b/docker-jans-auth-server/conf/prometheus-config.yaml new file mode 100644 index 00000000000..6e8a2583872 --- /dev/null +++ b/docker-jans-auth-server/conf/prometheus-config.yaml @@ -0,0 +1,10 @@ +--- +startDelaySeconds: 0 +ssl: false +lowercaseOutputName: true +lowercaseOutputLabelNames: true +whitelistObjectNames: ["org.eclipse.jetty.server.handler:*"] +rules: + - pattern: ".*xx" + - pattern: ".*requests" + - pattern: ".*requestTimeTotal" diff --git a/docker-jans-auth-server/scripts/entrypoint.sh b/docker-jans-auth-server/scripts/entrypoint.sh index 4085d05580e..3bc0429f5d1 100644 --- a/docker-jans-auth-server/scripts/entrypoint.sh +++ b/docker-jans-auth-server/scripts/entrypoint.sh @@ -32,6 +32,17 @@ move_builtin_jars() { fi } +get_prometheus_opt() { + prom_opt="" + + if [ -n "${CN_PROMETHEUS_PORT}" ]; then + prom_opt=" + -javaagent:/opt/prometheus/jmx_prometheus_javaagent.jar=${CN_PROMETHEUS_PORT}:/opt/prometheus/prometheus-config.yaml + " + fi + echo "${prom_opt}" +} + # ========== # ENTRYPOINT # ========== @@ -57,6 +68,7 @@ exec java \ -Djava.io.tmpdir=/tmp \ -Dlog4j2.configurationFile=resources/log4j2.xml \ $(get_debug_opt) \ + $(get_prometheus_opt) \ ${CN_JAVA_OPTIONS} \ -jar /opt/jetty/start.jar \ jetty.deploy.scanInterval=0 \ diff --git a/docker-jans-client-api/.dockerignore b/docker-jans-client-api/.dockerignore index 021092c8a34..6482f2e23ce 100644 --- a/docker-jans-client-api/.dockerignore +++ b/docker-jans-client-api/.dockerignore @@ -3,7 +3,7 @@ # include required files/directories !scripts -!templates +!conf !LICENSE !requirements.txt !jetty diff --git a/docker-jans-client-api/Dockerfile b/docker-jans-client-api/Dockerfile index ddae804ac55..373de6e0106 100644 --- a/docker-jans-client-api/Dockerfile +++ b/docker-jans-client-api/Dockerfile @@ -68,6 +68,16 @@ RUN python3 -m ensurepip \ && pip3 install --no-cache-dir -r /app/requirements.txt \ && pip3 uninstall -y pip wheel +# ========== +# Prometheus +# ========== + +ARG PROMETHEUS_JAVAAGENT_VERSION=0.17.0 +COPY conf/prometheus-config.yaml /opt/prometheus/ +RUN mkdir -p /opt/prometheus \ + && wget -q https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/${PROMETHEUS_JAVAAGENT_VERSION}/jmx_prometheus_javaagent-${PROMETHEUS_JAVAAGENT_VERSION}.jar -O /opt/prometheus/jmx_prometheus_javaagent.jar \ + && java -jar ${JETTY_HOME}/start.jar jetty.home=${JETTY_HOME} jetty.base=${JETTY_BASE}/jans-client-api --add-module=jmx,stats + # ===================== # jans-linux-setup sync # ===================== @@ -206,7 +216,7 @@ LABEL name="janssenproject/client-api" \ RUN mkdir -p /etc/certs /etc/jans/conf ${JETTY_BASE}/jans-client-api/logs COPY jetty/log4j2.xml ${JETTY_BASE}/jans-client-api/resources/ COPY scripts /app/scripts -COPY templates/*.tmpl /app/templates/ +COPY conf/*.tmpl /app/templates/ RUN chmod +x /app/scripts/entrypoint.sh # create non-root user diff --git a/docker-jans-client-api/README.md b/docker-jans-client-api/README.md index dd80c2a7d0f..1f4dff1e11b 100644 --- a/docker-jans-client-api/README.md +++ b/docker-jans-client-api/README.md @@ -66,6 +66,7 @@ The following environment variables are supported by the container: - `GOOGLE_PROJECT_ID`: Google Project ID (default to empty string). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`. - `GOOGLE_APPLICATION_CREDENTIALS`: Path to Google credentials JSON file (default to `/etc/jans/conf/google-credentials.json`). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`. - `CN_CLIENT_API_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). +- `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. ### Configure app loggers @@ -133,3 +134,13 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "session": "spanner", } ``` + +### Exposing metrics + +As per v1.0.1, certain metrics can be exposed via Prometheus JMX exporter. +To expose the metrics, set the `CN_PROMETHEUS_PORT` environment variable, i.e. `CN_PROMETHEUS_PORT=9093`. +Afterwards, metrics can be scraped by Prometheus or accessed manually by making request to `/metrics` URL, +i.e. `http://container:9093/metrics`. + +Note that Prometheus JMX exporter uses pre-defined config file (see `conf/prometheus-config.yaml`). +To customize the config, mount custom config file to `/opt/prometheus/prometheus-config.yaml` inside the container. diff --git a/docker-jans-client-api/templates/jans-couchbase.properties.tmpl b/docker-jans-client-api/conf/jans-couchbase.properties.tmpl similarity index 100% rename from docker-jans-client-api/templates/jans-couchbase.properties.tmpl rename to docker-jans-client-api/conf/jans-couchbase.properties.tmpl diff --git a/docker-jans-client-api/templates/jans-ldap.properties.tmpl b/docker-jans-client-api/conf/jans-ldap.properties.tmpl similarity index 100% rename from docker-jans-client-api/templates/jans-ldap.properties.tmpl rename to docker-jans-client-api/conf/jans-ldap.properties.tmpl diff --git a/docker-jans-client-api/templates/jans-spanner.properties.tmpl b/docker-jans-client-api/conf/jans-spanner.properties.tmpl similarity index 100% rename from docker-jans-client-api/templates/jans-spanner.properties.tmpl rename to docker-jans-client-api/conf/jans-spanner.properties.tmpl diff --git a/docker-jans-client-api/templates/jans-sql.properties.tmpl b/docker-jans-client-api/conf/jans-sql.properties.tmpl similarity index 100% rename from docker-jans-client-api/templates/jans-sql.properties.tmpl rename to docker-jans-client-api/conf/jans-sql.properties.tmpl diff --git a/docker-jans-client-api/templates/jans.properties.tmpl b/docker-jans-client-api/conf/jans.properties.tmpl similarity index 100% rename from docker-jans-client-api/templates/jans.properties.tmpl rename to docker-jans-client-api/conf/jans.properties.tmpl diff --git a/docker-jans-client-api/conf/prometheus-config.yaml b/docker-jans-client-api/conf/prometheus-config.yaml new file mode 100644 index 00000000000..6e8a2583872 --- /dev/null +++ b/docker-jans-client-api/conf/prometheus-config.yaml @@ -0,0 +1,10 @@ +--- +startDelaySeconds: 0 +ssl: false +lowercaseOutputName: true +lowercaseOutputLabelNames: true +whitelistObjectNames: ["org.eclipse.jetty.server.handler:*"] +rules: + - pattern: ".*xx" + - pattern: ".*requests" + - pattern: ".*requestTimeTotal" diff --git a/docker-jans-client-api/templates/salt.tmpl b/docker-jans-client-api/conf/salt.tmpl similarity index 100% rename from docker-jans-client-api/templates/salt.tmpl rename to docker-jans-client-api/conf/salt.tmpl diff --git a/docker-jans-client-api/scripts/entrypoint.sh b/docker-jans-client-api/scripts/entrypoint.sh index 3cb9aec1ae2..939a6eb84ea 100644 --- a/docker-jans-client-api/scripts/entrypoint.sh +++ b/docker-jans-client-api/scripts/entrypoint.sh @@ -2,6 +2,17 @@ set -e +get_prometheus_opt() { + prom_opt="" + + if [ -n "${CN_PROMETHEUS_PORT}" ]; then + prom_opt=" + -javaagent:/opt/prometheus/jmx_prometheus_javaagent.jar=${CN_PROMETHEUS_PORT}:/opt/prometheus/prometheus-config.yaml + " + fi + echo "${prom_opt}" +} + python3 /app/scripts/wait.py python3 /app/scripts/bootstrap.py @@ -21,6 +32,7 @@ exec java \ -Djava.io.tmpdir=/tmp \ -Dpython.home=/opt/jython \ -Dlog4j2.configurationFile=resources/log4j2.xml \ + $(get_prometheus_opt) \ ${CN_JAVA_OPTIONS} \ -jar /opt/jetty/start.jar \ jetty.deploy.scanInterval=0 \ diff --git a/docker-jans-config-api/Dockerfile b/docker-jans-config-api/Dockerfile index 63eef709355..ec38bbd1185 100644 --- a/docker-jans-config-api/Dockerfile +++ b/docker-jans-config-api/Dockerfile @@ -81,6 +81,16 @@ RUN python3 -m ensurepip \ && pip3 install --no-cache-dir --default-timeout=300 -r /app/requirements.txt \ && pip3 uninstall -y pip wheel +# ========== +# Prometheus +# ========== + +ARG PROMETHEUS_JAVAAGENT_VERSION=0.17.0 +COPY conf/prometheus-config.yaml /opt/prometheus/ +RUN mkdir -p /opt/prometheus \ + && wget -q https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/${PROMETHEUS_JAVAAGENT_VERSION}/jmx_prometheus_javaagent-${PROMETHEUS_JAVAAGENT_VERSION}.jar -O /opt/prometheus/jmx_prometheus_javaagent.jar \ + && java -jar ${JETTY_HOME}/start.jar jetty.home=${JETTY_HOME} jetty.base=${JETTY_BASE}/jans-config-api --add-module=jmx,stats + # ======= # Cleanup # ======= @@ -168,7 +178,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_WAIT_SLEEP_DURATION=10 \ CN_JAVA_OPTIONS="" \ GOOGLE_PROJECT_ID="" \ - GOOGLE_APPLICATION_CREDENTIALS=/etc/jans/conf/google-credentials.json + GOOGLE_APPLICATION_CREDENTIALS=/etc/jans/conf/google-credentials.json \ + CN_PROMETHEUS_PORT="" # ==== # misc diff --git a/docker-jans-config-api/README.md b/docker-jans-config-api/README.md index 4fb1a99cf17..d2d5dcd671e 100644 --- a/docker-jans-config-api/README.md +++ b/docker-jans-config-api/README.md @@ -71,6 +71,7 @@ The following environment variables are supported by the container: - `CN_CONFIG_API_PLUGINS`: Comma-separated plugin names that should be enabled (available plugins are `admin-ui` and `scim`). - `CN_TOKEN_SERVER_CERT_FILE`: Path to token server certificate (default to `/etc/certs/token_server.crt`). - `CN_ADMIN_UI_PLUGIN_LOGGERS`: Custom logging configuration for AdminUI plugin in JSON-string format with hash type (see [Configure plugin loggers](#configure-plugin-loggers) section for details). +- `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. ### Configure app loggers @@ -167,3 +168,13 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "session": "spanner", } ``` + +### Exposing metrics + +As per v1.0.1, certain metrics can be exposed via Prometheus JMX exporter. +To expose the metrics, set the `CN_PROMETHEUS_PORT` environment variable, i.e. `CN_PROMETHEUS_PORT=9093`. +Afterwards, metrics can be scraped by Prometheus or accessed manually by making request to `/metrics` URL, +i.e. `http://container:9093/metrics`. + +Note that Prometheus JMX exporter uses pre-defined config file (see `conf/prometheus-config.yaml`). +To customize the config, mount custom config file to `/opt/prometheus/prometheus-config.yaml` inside the container. diff --git a/docker-jans-config-api/conf/prometheus-config.yaml b/docker-jans-config-api/conf/prometheus-config.yaml new file mode 100644 index 00000000000..6e8a2583872 --- /dev/null +++ b/docker-jans-config-api/conf/prometheus-config.yaml @@ -0,0 +1,10 @@ +--- +startDelaySeconds: 0 +ssl: false +lowercaseOutputName: true +lowercaseOutputLabelNames: true +whitelistObjectNames: ["org.eclipse.jetty.server.handler:*"] +rules: + - pattern: ".*xx" + - pattern: ".*requests" + - pattern: ".*requestTimeTotal" diff --git a/docker-jans-config-api/scripts/entrypoint.sh b/docker-jans-config-api/scripts/entrypoint.sh index 3f49339375a..b409d14e64d 100644 --- a/docker-jans-config-api/scripts/entrypoint.sh +++ b/docker-jans-config-api/scripts/entrypoint.sh @@ -21,6 +21,17 @@ get_logging_files() { echo $logs } +get_prometheus_opt() { + prom_opt="" + + if [ -n "${CN_PROMETHEUS_PORT}" ]; then + prom_opt=" + -javaagent:/opt/prometheus/jmx_prometheus_javaagent.jar=${CN_PROMETHEUS_PORT}:/opt/prometheus/prometheus-config.yaml + " + fi + echo "${prom_opt}" +} + python3 /app/scripts/wait.py copy_builtin_plugins @@ -39,6 +50,7 @@ exec java \ -Dlog.base=/opt/jans/jetty/jans-config-api \ -Djava.io.tmpdir=/tmp \ -Dlog4j2.configurationFile=$(get_logging_files) \ + $(get_prometheus_opt) \ ${CN_JAVA_OPTIONS} \ -jar /opt/jetty/start.jar \ jetty.http.port=8074 \ diff --git a/docker-jans-fido2/Dockerfile b/docker-jans-fido2/Dockerfile index e315bc0c39c..ca7bce71dab 100644 --- a/docker-jans-fido2/Dockerfile +++ b/docker-jans-fido2/Dockerfile @@ -94,6 +94,16 @@ RUN python3 -m ensurepip \ && pip3 install --no-cache-dir -r /app/requirements.txt \ && pip3 uninstall -y pip wheel +# ========== +# Prometheus +# ========== + +ARG PROMETHEUS_JAVAAGENT_VERSION=0.17.0 +COPY conf/prometheus-config.yaml /opt/prometheus/ +RUN mkdir -p /opt/prometheus \ + && wget -q https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/${PROMETHEUS_JAVAAGENT_VERSION}/jmx_prometheus_javaagent-${PROMETHEUS_JAVAAGENT_VERSION}.jar -O /opt/prometheus/jmx_prometheus_javaagent.jar \ + && java -jar ${JETTY_HOME}/start.jar jetty.home=${JETTY_HOME} jetty.base=${JETTY_BASE}/jans-fido2 --add-module=jmx,stats + # ======= # Cleanup # ======= @@ -179,7 +189,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_WAIT_SLEEP_DURATION=10 \ CN_JAVA_OPTIONS="" \ GOOGLE_PROJECT_ID="" \ - GOOGLE_APPLICATION_CREDENTIALS=/etc/jans/conf/google-credentials.json + GOOGLE_APPLICATION_CREDENTIALS=/etc/jans/conf/google-credentials.json \ + CN_PROMETHEUS_PORT="" # ========== # misc stuff diff --git a/docker-jans-fido2/README.md b/docker-jans-fido2/README.md index c389000fc8a..45c8a06deec 100644 --- a/docker-jans-fido2/README.md +++ b/docker-jans-fido2/README.md @@ -64,6 +64,7 @@ The following environment variables are supported by the container: - `GOOGLE_PROJECT_ID`: Google Project ID (default to empty string). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`. - `GOOGLE_APPLICATION_CREDENTIALS`: Path to Google credentials JSON file (default to `/etc/jans/conf/google-credentials.json`). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`. - `CN_FIDO2_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). +- `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. ### Configure app loggers @@ -125,3 +126,13 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "session": "spanner", } ``` + +### Exposing metrics + +As per v1.0.1, certain metrics can be exposed via Prometheus JMX exporter. +To expose the metrics, set the `CN_PROMETHEUS_PORT` environment variable, i.e. `CN_PROMETHEUS_PORT=9093`. +Afterwards, metrics can be scraped by Prometheus or accessed manually by making request to `/metrics` URL, +i.e. `http://container:9093/metrics`. + +Note that Prometheus JMX exporter uses pre-defined config file (see `conf/prometheus-config.yaml`). +To customize the config, mount custom config file to `/opt/prometheus/prometheus-config.yaml` inside the container. diff --git a/docker-jans-fido2/conf/prometheus-config.yaml b/docker-jans-fido2/conf/prometheus-config.yaml new file mode 100644 index 00000000000..6e8a2583872 --- /dev/null +++ b/docker-jans-fido2/conf/prometheus-config.yaml @@ -0,0 +1,10 @@ +--- +startDelaySeconds: 0 +ssl: false +lowercaseOutputName: true +lowercaseOutputLabelNames: true +whitelistObjectNames: ["org.eclipse.jetty.server.handler:*"] +rules: + - pattern: ".*xx" + - pattern: ".*requests" + - pattern: ".*requestTimeTotal" diff --git a/docker-jans-fido2/scripts/entrypoint.sh b/docker-jans-fido2/scripts/entrypoint.sh index 763d5e83666..ecdd7159cca 100644 --- a/docker-jans-fido2/scripts/entrypoint.sh +++ b/docker-jans-fido2/scripts/entrypoint.sh @@ -2,6 +2,17 @@ set -e +get_prometheus_opt() { + prom_opt="" + + if [ -n "${CN_PROMETHEUS_PORT}" ]; then + prom_opt=" + -javaagent:/opt/prometheus/jmx_prometheus_javaagent.jar=${CN_PROMETHEUS_PORT}:/opt/prometheus/prometheus-config.yaml + " + fi + echo "${prom_opt}" +} + python3 /app/scripts/wait.py python3 /app/scripts/bootstrap.py @@ -16,5 +27,6 @@ exec java \ -Dlog.base=/opt/jans/jetty/jans-fido2 \ -Djava.io.tmpdir=/tmp \ -Dlog4j2.configurationFile=resources/log4j2.xml \ + $(get_prometheus_opt) \ ${CN_JAVA_OPTIONS} \ -jar /opt/jetty/start.jar jetty.deploy.scanInterval=0 jetty.httpConfig.sendServerVersion=false diff --git a/docker-jans-scim/Dockerfile b/docker-jans-scim/Dockerfile index 5e5790433a1..52988b6392a 100644 --- a/docker-jans-scim/Dockerfile +++ b/docker-jans-scim/Dockerfile @@ -69,6 +69,16 @@ RUN python3 -m ensurepip \ && pip3 install --no-cache-dir -r /app/requirements.txt \ && pip3 uninstall -y pip wheel +# ========== +# Prometheus +# ========== + +ARG PROMETHEUS_JAVAAGENT_VERSION=0.17.0 +COPY conf/prometheus-config.yaml /opt/prometheus/ +RUN mkdir -p /opt/prometheus \ + && wget -q https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/${PROMETHEUS_JAVAAGENT_VERSION}/jmx_prometheus_javaagent-${PROMETHEUS_JAVAAGENT_VERSION}.jar -O /opt/prometheus/jmx_prometheus_javaagent.jar \ + && java -jar ${JETTY_HOME}/start.jar jetty.home=${JETTY_HOME} jetty.base=${JETTY_BASE}/jans-scim --add-module=jmx,stats + # ======= # Cleanup # ======= @@ -154,7 +164,8 @@ ENV CN_MAX_RAM_PERCENTAGE=75.0 \ CN_WAIT_SLEEP_DURATION=10 \ CN_JAVA_OPTIONS="" \ GOOGLE_PROJECT_ID="" \ - GOOGLE_APPLICATION_CREDENTIALS=/etc/jans/conf/google-credentials.json + GOOGLE_APPLICATION_CREDENTIALS=/etc/jans/conf/google-credentials.json \ + CN_PROMETHEUS_PORT="" # ========== # misc stuff diff --git a/docker-jans-scim/README.md b/docker-jans-scim/README.md index eba39e821a3..43f3e5d0acc 100644 --- a/docker-jans-scim/README.md +++ b/docker-jans-scim/README.md @@ -64,6 +64,7 @@ The following environment variables are supported by the container: - `GOOGLE_PROJECT_ID`: Google Project ID (default to empty string). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`. - `GOOGLE_APPLICATION_CREDENTIALS`: Path to Google credentials JSON file (default to `/etc/jans/conf/google-credentials.json`). Used when `CN_CONFIG_ADAPTER` or `CN_SECRET_ADAPTER` set to `google`. - `CN_SCIM_APP_LOGGERS`: Custom logging configuration in JSON-string format with hash type (see [Configure app loggers](#configure-app-loggers) section for details). +- `CN_PROMETHEUS_PORT`: Port used by Prometheus JMX agent (default to empty string). To enable Prometheus JMX agent, set the value to a number. See [Exposing metrics](#exposing-metrics) for details. ### Configure app loggers @@ -131,3 +132,13 @@ As per v1.0.1, hybrid persistence supports all available persistence types. To c "session": "spanner", } ``` + +### Exposing metrics + +As per v1.0.1, certain metrics can be exposed via Prometheus JMX exporter. +To expose the metrics, set the `CN_PROMETHEUS_PORT` environment variable, i.e. `CN_PROMETHEUS_PORT=9093`. +Afterwards, metrics can be scraped by Prometheus or accessed manually by making request to `/metrics` URL, +i.e. `http://container:9093/metrics`. + +Note that Prometheus JMX exporter uses pre-defined config file (see `conf/prometheus-config.yaml`). +To customize the config, mount custom config file to `/opt/prometheus/prometheus-config.yaml` inside the container. diff --git a/docker-jans-scim/conf/prometheus-config.yaml b/docker-jans-scim/conf/prometheus-config.yaml new file mode 100644 index 00000000000..6e8a2583872 --- /dev/null +++ b/docker-jans-scim/conf/prometheus-config.yaml @@ -0,0 +1,10 @@ +--- +startDelaySeconds: 0 +ssl: false +lowercaseOutputName: true +lowercaseOutputLabelNames: true +whitelistObjectNames: ["org.eclipse.jetty.server.handler:*"] +rules: + - pattern: ".*xx" + - pattern: ".*requests" + - pattern: ".*requestTimeTotal" diff --git a/docker-jans-scim/scripts/entrypoint.sh b/docker-jans-scim/scripts/entrypoint.sh index 5b1b7904f24..ec0cdab3f31 100644 --- a/docker-jans-scim/scripts/entrypoint.sh +++ b/docker-jans-scim/scripts/entrypoint.sh @@ -2,6 +2,17 @@ set -e +get_prometheus_opt() { + prom_opt="" + + if [ -n "${CN_PROMETHEUS_PORT}" ]; then + prom_opt=" + -javaagent:/opt/prometheus/jmx_prometheus_javaagent.jar=${CN_PROMETHEUS_PORT}:/opt/prometheus/prometheus-config.yaml + " + fi + echo "${prom_opt}" +} + python3 /app/scripts/wait.py python3 /app/scripts/bootstrap.py @@ -17,5 +28,6 @@ exec java \ -Djava.io.tmpdir=/tmp \ -Dpython.home=/opt/jython \ -Dlog4j2.configurationFile=resources/log4j2.xml \ + $(get_prometheus_opt) \ ${CN_JAVA_OPTIONS} \ -jar /opt/jetty/start.jar jetty.deploy.scanInterval=0 jetty.httpConfig.sendServerVersion=false