Merge pull request 'metrics' (#375) from stats into develop
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/375language-on-posts
commit
18bf82d747
@ -0,0 +1,33 @@
|
||||
# Monitoring Akkoma
|
||||
|
||||
If you run akkoma, you may be inclined to collect metrics to ensure your instance is running smoothly,
|
||||
and that there's nothing quietly failing in the background.
|
||||
|
||||
To facilitate this, akkoma exposes prometheus metrics to be scraped.
|
||||
|
||||
## Prometheus
|
||||
|
||||
See: [export_prometheus_metrics](../configuration/cheatsheet#instance)
|
||||
|
||||
To scrape prometheus metrics, we need an oauth2 token with the `admin:metrics` scope.
|
||||
|
||||
consider using [constanze](https://akkoma.dev/AkkomaGang/constanze) to make this easier -
|
||||
|
||||
```bash
|
||||
constanze token --client-app --scopes "admin:metrics" --client-name "Prometheus"
|
||||
```
|
||||
|
||||
or see `scripts/create_metrics_app.sh` in the source tree for the process to get this token.
|
||||
|
||||
Once you have your token of the form `Bearer $ACCESS_TOKEN`, you can use that in your prometheus config:
|
||||
|
||||
```yaml
|
||||
- job_name: akkoma
|
||||
scheme: https
|
||||
authorization:
|
||||
credentials: $ACCESS_TOKEN # this should have the bearer prefix removed
|
||||
metrics_path: /api/v1/akkoma/metrics
|
||||
static_configs:
|
||||
- targets:
|
||||
- example.com
|
||||
```
|
@ -0,0 +1,24 @@
|
||||
defmodule Pleroma.Web.AkkomaAPI.MetricsController do
|
||||
use Pleroma.Web, :controller
|
||||
|
||||
alias Pleroma.Web.Plugs.OAuthScopesPlug
|
||||
alias Pleroma.Config
|
||||
|
||||
plug(
|
||||
OAuthScopesPlug,
|
||||
%{scopes: ["admin:metrics"]}
|
||||
when action in [
|
||||
:show
|
||||
]
|
||||
)
|
||||
|
||||
def show(conn, _params) do
|
||||
if Config.get([:instance, :export_prometheus_metrics], true) do
|
||||
conn
|
||||
|> text(TelemetryMetricsPrometheus.Core.scrape())
|
||||
else
|
||||
conn
|
||||
|> send_resp(404, "Not Found")
|
||||
end
|
||||
end
|
||||
end
|
@ -0,0 +1,21 @@
|
||||
defmodule Pleroma.Web.Plugs.CSPNoncePlug do
|
||||
import Plug.Conn
|
||||
|
||||
def init(opts) do
|
||||
opts
|
||||
end
|
||||
|
||||
def call(conn, _opts) do
|
||||
assign_csp_nonce(conn)
|
||||
end
|
||||
|
||||
defp assign_csp_nonce(conn) do
|
||||
nonce =
|
||||
:crypto.strong_rand_bytes(128)
|
||||
|> Base.url_encode64()
|
||||
|> binary_part(0, 15)
|
||||
|
||||
conn
|
||||
|> assign(:csp_nonce, nonce)
|
||||
end
|
||||
end
|
@ -0,0 +1,131 @@
|
||||
defmodule Pleroma.Web.Telemetry do
|
||||
use Supervisor
|
||||
import Telemetry.Metrics
|
||||
alias Pleroma.Stats
|
||||
|
||||
def start_link(arg) do
|
||||
Supervisor.start_link(__MODULE__, arg, name: __MODULE__)
|
||||
end
|
||||
|
||||
@impl true
|
||||
def init(_arg) do
|
||||
children = [
|
||||
{:telemetry_poller, measurements: periodic_measurements(), period: 10_000},
|
||||
{TelemetryMetricsPrometheus.Core, metrics: prometheus_metrics()}
|
||||
]
|
||||
|
||||
Supervisor.init(children, strategy: :one_for_one)
|
||||
end
|
||||
|
||||
# A seperate set of metrics for distributions because phoenix dashboard does NOT handle them well
|
||||
defp distribution_metrics do
|
||||
[
|
||||
distribution(
|
||||
"phoenix.router_dispatch.stop.duration",
|
||||
# event_name: [:pleroma, :repo, :query, :total_time],
|
||||
measurement: :duration,
|
||||
unit: {:native, :second},
|
||||
tags: [:route],
|
||||
reporter_options: [
|
||||
buckets: [0.1, 0.2, 0.5, 1, 2.5, 5, 10, 25, 50, 100, 250, 500, 1000]
|
||||
]
|
||||
),
|
||||
|
||||
# Database Time Metrics
|
||||
distribution(
|
||||
"pleroma.repo.query.total_time",
|
||||
# event_name: [:pleroma, :repo, :query, :total_time],
|
||||
measurement: :total_time,
|
||||
unit: {:native, :millisecond},
|
||||
reporter_options: [
|
||||
buckets: [0.1, 0.2, 0.5, 1, 2.5, 5, 10, 25, 50, 100, 250, 500, 1000]
|
||||
]
|
||||
),
|
||||
distribution(
|
||||
"pleroma.repo.query.queue_time",
|
||||
# event_name: [:pleroma, :repo, :query, :total_time],
|
||||
measurement: :queue_time,
|
||||
unit: {:native, :millisecond},
|
||||
reporter_options: [
|
||||
buckets: [0.01, 0.025, 0.05, 0.1, 0.2, 0.5, 1, 2.5, 5, 10]
|
||||
]
|
||||
),
|
||||
distribution(
|
||||
"oban_job_exception",
|
||||
event_name: [:oban, :job, :exception],
|
||||
measurement: :duration,
|
||||
tags: [:worker],
|
||||
tag_values: fn tags -> Map.put(tags, :worker, tags.job.worker) end,
|
||||
unit: {:native, :second},
|
||||
reporter_options: [
|
||||
buckets: [0.01, 0.025, 0.05, 0.1, 0.2, 0.5, 1, 2.5, 5, 10]
|
||||
]
|
||||
),
|
||||
distribution(
|
||||
"tesla_request_completed",
|
||||
event_name: [:tesla, :request, :stop],
|
||||
measurement: :duration,
|
||||
tags: [:response_code],
|
||||
tag_values: fn tags -> Map.put(tags, :response_code, tags.env.status) end,
|
||||
unit: {:native, :second},
|
||||
reporter_options: [
|
||||
buckets: [0.01, 0.025, 0.05, 0.1, 0.2, 0.5, 1, 2.5, 5, 10]
|
||||
]
|
||||
),
|
||||
distribution(
|
||||
"oban_job_completion",
|
||||
event_name: [:oban, :job, :stop],
|
||||
measurement: :duration,
|
||||
tags: [:worker],
|
||||
tag_values: fn tags -> Map.put(tags, :worker, tags.job.worker) end,
|
||||
unit: {:native, :second},
|
||||
reporter_options: [
|
||||
buckets: [0.01, 0.025, 0.05, 0.1, 0.2, 0.5, 1, 2.5, 5, 10]
|
||||
]
|
||||
)
|
||||
]
|
||||
end
|
||||
|
||||
defp summary_metrics do
|
||||
[
|
||||
# Phoenix Metrics
|
||||
summary("phoenix.endpoint.stop.duration",
|
||||
unit: {:native, :millisecond}
|
||||
),
|
||||
summary("phoenix.router_dispatch.stop.duration",
|
||||
tags: [:route],
|
||||
unit: {:native, :millisecond}
|
||||
),
|
||||
summary("pleroma.repo.query.total_time", unit: {:native, :millisecond}),
|
||||
summary("pleroma.repo.query.decode_time", unit: {:native, :millisecond}),
|
||||
summary("pleroma.repo.query.query_time", unit: {:native, :millisecond}),
|
||||
summary("pleroma.repo.query.queue_time", unit: {:native, :millisecond}),
|
||||
summary("pleroma.repo.query.idle_time", unit: {:native, :millisecond}),
|
||||
|
||||
# VM Metrics
|
||||
summary("vm.memory.total", unit: {:byte, :kilobyte}),
|
||||
summary("vm.total_run_queue_lengths.total"),
|
||||
summary("vm.total_run_queue_lengths.cpu"),
|
||||
summary("vm.total_run_queue_lengths.io"),
|
||||
last_value("pleroma.local_users.total"),
|
||||
last_value("pleroma.domains.total"),
|
||||
last_value("pleroma.local_statuses.total")
|
||||
]
|
||||
end
|
||||
|
||||
def prometheus_metrics, do: summary_metrics() ++ distribution_metrics()
|
||||
def live_dashboard_metrics, do: summary_metrics()
|
||||
|
||||
defp periodic_measurements do
|
||||
[
|
||||
{__MODULE__, :instance_stats, []}
|
||||
]
|
||||
end
|
||||
|
||||
def instance_stats do
|
||||
stats = Stats.get_stats()
|
||||
:telemetry.execute([:pleroma, :local_users], %{total: stats.user_count}, %{})
|
||||
:telemetry.execute([:pleroma, :domains], %{total: stats.domain_count}, %{})
|
||||
:telemetry.execute([:pleroma, :local_statuses], %{total: stats.status_count}, %{})
|
||||
end
|
||||
end
|
@ -1,2 +1,8 @@
|
||||
<h1><%= Gettext.dpgettext("static_pages", "oauth authorized page title", "Successfully authorized") %></h1>
|
||||
<h2><%= raw Gettext.dpgettext("static_pages", "oauth token code message", "Token code is <br>%{token}", token: safe_to_string(html_escape(@auth.token))) %></h2>
|
||||
<div>
|
||||
<div class="panel-heading">
|
||||
<%= Gettext.dpgettext("static_pages", "oauth authorized page title", "Successfully authorized") %>
|
||||
</div>
|
||||
<div class="panel-content">
|
||||
<%= raw Gettext.dpgettext("static_pages", "oauth token code message", "Token code is <br>%{token}", token: safe_to_string(html_escape(@auth.token))) %>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -1,2 +1,8 @@
|
||||
<h1><%= Gettext.dpgettext("static_pages", "oauth authorization exists page title", "Authorization exists") %></h1>
|
||||
<h2><%= raw Gettext.dpgettext("static_pages", "oauth token code message", "Token code is <br>%{token}", token: safe_to_string(html_escape(@token.token))) %></h2>
|
||||
<div>
|
||||
<div class="panel-heading">
|
||||
<%= Gettext.dpgettext("static_pages", "oauth authorization exists page title", "Authorization exists") %>
|
||||
</div>
|
||||
<div class="panel-content">
|
||||
<%= raw Gettext.dpgettext("static_pages", "oauth token code message", "Token code is <br>%{token}", token: safe_to_string(html_escape(@token.token))) %>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -0,0 +1,158 @@
|
||||
form {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.input {
|
||||
color: var(--muted-text-color);
|
||||
display: flex;
|
||||
margin-left: 1em;
|
||||
margin-right: 1em;
|
||||
flex-direction: column;
|
||||
}
|
||||
|
||||
input {
|
||||
padding: 10px;
|
||||
margin-top: 5px;
|
||||
margin-bottom: 10px;
|
||||
background-color: var(--background-color);
|
||||
color: var(--primary-text-color);
|
||||
border: 0;
|
||||
transition-property: border-bottom;
|
||||
transition-duration: 0.35s;
|
||||
border-bottom: 2px solid #2a384a;
|
||||
font-size: 14px;
|
||||
width: inherit;
|
||||
box-sizing: border-box;
|
||||
}
|
||||
|
||||
.scopes-input {
|
||||
display: flex;
|
||||
flex-direction: column;
|
||||
margin: 1em 0;
|
||||
color: var(--muted-text-color);
|
||||
}
|
||||
|
||||
.scopes-input label:first-child {
|
||||
height: 2em;
|
||||
}
|
||||
|
||||
.scopes {
|
||||
display: flex;
|
||||
flex-wrap: wrap;
|
||||
color: var(--primary-text-color);
|
||||
}
|
||||
|
||||
.scope {
|
||||
display: flex;
|
||||
flex-basis: 100%;
|
||||
height: 2em;
|
||||
align-items: center;
|
||||
}
|
||||
|
||||
.scope:before {
|
||||
color: var(--primary-text-color);
|
||||
content: "✔\fe0e";
|
||||
margin-left: 1em;
|
||||
margin-right: 1em;
|
||||
}
|
||||
|
||||
[type="checkbox"]+label {
|
||||
display: none;
|
||||
cursor: pointer;
|
||||
margin: 0.5em;
|
||||
}
|
||||
|
||||
[type="checkbox"] {
|
||||
display: none;
|
||||
}
|
||||
|
||||
[type="checkbox"]+label:before {
|
||||
cursor: pointer;
|
||||
display: inline-block;
|
||||
color: white;
|
||||
background-color: var(--background-color);
|
||||
border: 4px solid var(--background-color);
|
||||
box-shadow: 0px 0px 1px 0 var(--brand-color);
|
||||
width: 1.2em;
|
||||
height: 1.2em;
|
||||
margin-right: 1.0em;
|
||||
content: "";
|
||||
transition-property: background-color;
|
||||
transition-duration: 0.35s;
|
||||
color: var(--background-color);
|
||||
margin-bottom: -0.2em;
|
||||
border-radius: 2px;
|
||||
}
|
||||
|
||||
[type="checkbox"]:checked+label:before {
|
||||
background-color: var(--brand-color);
|
||||
}
|
||||
|
||||
a.button,
|
||||
button {
|
||||
width: 100%;
|
||||
background-color: #1c2a3a;
|
||||
color: var(--primary-text-color);
|
||||
border-radius: 4px;
|
||||
border: none;
|
||||
padding: 10px 16px;
|
||||
margin-top: 20px;
|
||||
margin-bottom: 20px;
|
||||
text-transform: uppercase;
|
||||
font-size: 16px;
|
||||
box-shadow: 0px 0px 2px 0px black,
|
||||
0px 1px 0px 0px rgba(255, 255, 255, 0.2) inset,
|
||||
0px -1px 0px 0px rgba(0, 0, 0, 0.2) inset;
|
||||
}
|
||||
|
||||
a.button:hover,
|
||||
button:hover {
|
||||
cursor: pointer;
|
||||
box-shadow: 0px 0px 0px 1px var(--brand-color),
|
||||
0px 1px 0px 0px rgba(255, 255, 255, 0.2) inset,
|
||||
0px -1px 0px 0px rgba(0, 0, 0, 0.2) inset;
|
||||
}
|
||||
|
||||
.actions {
|
||||
display: flex;
|
||||
flex-grow: 1;
|
||||
}
|
||||
|
||||
.actions button,
|
||||
.actions a.button {
|
||||
width: auto;
|
||||
margin-left: 2%;
|
||||
width: 45%;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.account-header__banner {
|
||||
width: 100%;
|
||||
height: 80px;
|
||||
background-size: cover;
|
||||
background-position: center;
|
||||
}
|
||||
|
||||
.account-header__avatar {
|
||||
width: 64px;
|
||||
height: 64px;
|
||||
background-size: cover;
|
||||
background-position: center;
|
||||
margin: -60px 10px 10px;
|
||||
border: 6px solid var(--foreground-color);
|
||||
border-radius: 999px;
|
||||
}
|
||||
|
||||
.account-header__meta {
|
||||
padding: 12px 20px 17px 70px;
|
||||
}
|
||||
|
||||
.account-header__display-name {
|
||||
font-size: 20px;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
.account-header__nickname {
|
||||
font-size: 14px;
|
||||
color: var(--muted-text-color);
|
||||
}
|
@ -0,0 +1,65 @@
|
||||
#!/bin/sh
|
||||
|
||||
read -p "Instance URL (e.g https://example.com): " INSTANCE_URL
|
||||
|
||||
echo "Creating oauth app..."
|
||||
|
||||
RESP=$(curl \
|
||||
-XPOST \
|
||||
$INSTANCE_URL/api/v1/apps \
|
||||
--silent \
|
||||
--data-urlencode 'client_name=fedibash' \
|
||||
--data-urlencode 'redirect_uris=urn:ietf:wg:oauth:2.0:oob' \
|
||||
--data-urlencode 'scopes=admin:metrics' \
|
||||
--header "Content-Type: application/x-www-form-urlencoded"
|
||||
)
|
||||
|
||||
client_id=$(echo $RESP | jq -r .client_id)
|
||||
client_secret=$(echo $RESP | jq -r .client_secret)
|
||||
|
||||
if [ -z "$client_id" ]; then
|
||||
echo "Could not create an app"
|
||||
echo "$RESP"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Please visit the following URL and input the code provided"
|
||||
AUTH_URL="$INSTANCE_URL/oauth/authorize?client_id=$client_id&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=admin:metrics&response_type=code"
|
||||
if [ ! -z "$BROWSER" ]; then
|
||||
$BROWSER $AUTH_URL
|
||||
fi;
|
||||
|
||||
echo $AUTH_URL
|
||||
|
||||
read -p "Code: " CODE
|
||||
|
||||
echo "Requesting code..."
|
||||
|
||||
RESP=$(curl \
|
||||
-XPOST \
|
||||
$INSTANCE_URL/oauth/token \
|
||||
--silent \
|
||||
--header "Content-Type: application/x-www-form-urlencoded" \
|
||||
--data-urlencode "client_id=$client_id" \
|
||||
--data-urlencode "client_secret=$client_secret" \
|
||||
--data-urlencode "code=$CODE" \
|
||||
--data-urlencode "grant_type=authorization_code" \
|
||||
--data-urlencode 'redirect_uri=urn:ietf:wg:oauth:2.0:oob' \
|
||||
--data-urlencode "scope=admin:metrics"
|
||||
)
|
||||
echo $RESP
|
||||
ACCESS_TOKEN="$(echo $RESP | jq -r .access_token)"
|
||||
|
||||
echo "Token is $ACCESS_TOKEN"
|
||||
DOMAIN=$(echo $INSTANCE_URL | sed -e 's/^https:\/\///')
|
||||
|
||||
echo "Use the following config in your prometheus.yml:
|
||||
- job_name: akkoma
|
||||
scheme: https
|
||||
authorization:
|
||||
credentials: $ACCESS_TOKEN
|
||||
metrics_path: /api/v1/akkoma/metrics
|
||||
static_configs:
|
||||
- targets:
|
||||
- $DOMAIN
|
||||
"
|
@ -0,0 +1,33 @@
|
||||
defmodule Pleroma.Web.AkkomaAPI.MetricsControllerTest do
|
||||
use Pleroma.Web.ConnCase, async: true
|
||||
|
||||
describe "GET /api/v1/akkoma/metrics" do
|
||||
test "should return metrics when the user has admin:metrics" do
|
||||
%{conn: conn} = oauth_access(["admin:metrics"])
|
||||
|
||||
resp =
|
||||
conn
|
||||
|> get("/api/v1/akkoma/metrics")
|
||||
|> text_response(200)
|
||||
|
||||
assert resp =~ "# HELP"
|
||||
end
|
||||
|
||||
test "should not allow users that do not have the admin:metrics scope" do
|
||||
%{conn: conn} = oauth_access(["read:metrics"])
|
||||
|
||||
conn
|
||||
|> get("/api/v1/akkoma/metrics")
|
||||
|> json_response(403)
|
||||
end
|
||||
|
||||
test "should be disabled by export_prometheus_metrics" do
|
||||
clear_config([:instance, :export_prometheus_metrics], false)
|
||||
%{conn: conn} = oauth_access(["admin:metrics"])
|
||||
|
||||
conn
|
||||
|> get("/api/v1/akkoma/metrics")
|
||||
|> response(404)
|
||||
end
|
||||
end
|
||||
end
|
Loading…
Reference in new issue