feat(metrics): permit access to GuestOS version through metrics-proxy.

dfinity · Jan 22, 2024 · 91d6705 · 91d6705
1 parent 45503d9
commit 91d6705
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 1 deletion.
diff --git a/ic-os/guestos/rootfs/etc/metrics-proxy.yaml b/ic-os/guestos/rootfs/etc/metrics-proxy.yaml
@@ -1,5 +1,5 @@
 proxies:
-  # Allow proxying of certain metrics emitted by orchestrator.
+  # Expose consensus replica telemetry to chainloaded HostOS metrics proxy.
   - listen_on:
       url: https://[::]:42372/metrics/guestos_replica
       # We reuse the SSL cert of node exporter.
@@ -20,6 +20,24 @@ proxies:
       - regex: artifact_pool_consensus_height_stat
         actions:
           - keep
+  # Expose the GuestOS version to chainloaded HostOS metrics proxy.
+  - listen_on:
+      url: https://[::]:42372/metrics/guestos_node_exporter
+      # We reuse the SSL cert of node exporter.
+      certificate_file: /etc/node_exporter/node_exporter.crt
+      key_file: /etc/node_exporter/node_exporter.key
+    connect_to:
+      # Node exporter listens HTTPS on this port.
+      url: https://[::1]:9100/metrics
+      tolerate_bad_tls: true
+    label_filters:
+      - regex: .*
+        actions:
+          - drop
+      # GuestOS version metrics.
+      - regex: guestos_version
+        actions:
+          - keep
 metrics:
   # Telemetry of metrics-proxy itself (port open for GuestOS in ic.json5.template, see nftables.conf in HostOS for context).
   url: https://[::]:19100/metrics

diff --git a/ic-os/hostos/rootfs/etc/metrics-proxy.yaml b/ic-os/hostos/rootfs/etc/metrics-proxy.yaml
@@ -1,4 +1,5 @@
 proxies:
+  # HostOS node exporter metrics proxying.
   - listen_on:
       url: https://[::]:42372/metrics/hostos_node_exporter
       # We reuse the SSL cert of node exporter.
@@ -72,6 +73,8 @@ proxies:
     # The expectation is that clients will scrape at a
     # maximum rate of 1 per 10 seconds (6 / min).
     cache_duration: 8s
+  # GuestOS replica consensus metrics proxying.
+  # This chainloads onto GuestOS metrics proxy instance.
   - listen_on:
       url: https://[::]:42372/metrics/guestos_replica
       # We reuse the SSL cert of node exporter.
@@ -87,6 +90,23 @@ proxies:
     # The expectation is that clients will scrape at a
     # maximum rate of 1 per 10 seconds (6 / min).
     cache_duration: 8s
+  # GuestOS version metrics proxying.
+  # This chainloads onto GuestOS metrics proxy instance.
+  - listen_on:
+      url: https://[::]:42372/metrics/guestos_node_exporter
+      # We reuse the SSL cert of node exporter.
+      certificate_file: /etc/node_exporter/node_exporter.crt
+      key_file: /etc/node_exporter/node_exporter.key
+    connect_to:
+      url: https://guestos:42372/metrics/guestos_node_exporter
+      tolerate_bad_tls: true
+    # The GuestOS metrics proxy already does filtering.
+    # See ic-os/guestos/rootfs/etc/metrics-proxy.yaml
+    # for the filters.
+    label_filters: []
+    # The expectation is that clients will scrape at a
+    # maximum rate of 1 per 10 seconds (6 / min).
+    cache_duration: 8s
 metrics:
   # Telemetry of metrics-proxy itself (see nftables.conf in HostOS).
   url: https://[::]:19100/metrics