diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/monitoring')
4 files changed, 302 insertions, 385 deletions
diff --git a/nixpkgs/nixos/modules/services/monitoring/collectd.nix b/nixpkgs/nixos/modules/services/monitoring/collectd.nix index 45e3312c0f44..6a4c678eb21f 100644 --- a/nixpkgs/nixos/modules/services/monitoring/collectd.nix +++ b/nixpkgs/nixos/modules/services/monitoring/collectd.nix @@ -79,6 +79,10 @@ in { }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' - ${cfg.user} - - -" + ]; + systemd.services.collectd = { description = "Collectd Monitoring Agent"; after = [ "network.target" ]; @@ -87,16 +91,9 @@ in { serviceConfig = { ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -f"; User = cfg.user; - PermissionsStartOnly = true; Restart = "on-failure"; RestartSec = 3; }; - - preStart = '' - mkdir -p "${cfg.dataDir}" - chmod 755 "${cfg.dataDir}" - chown -R ${cfg.user} "${cfg.dataDir}" - ''; }; users.users = optional (cfg.user == "collectd") { diff --git a/nixpkgs/nixos/modules/services/monitoring/graphite.nix b/nixpkgs/nixos/modules/services/monitoring/graphite.nix index f59bc56962b1..2365142af40e 100644 --- a/nixpkgs/nixos/modules/services/monitoring/graphite.nix +++ b/nixpkgs/nixos/modules/services/monitoring/graphite.nix @@ -123,7 +123,7 @@ in { graphite carbon. For more information visit - <link xlink:href="http://graphite-api.readthedocs.org/en/latest/"/> + <link xlink:href="https://graphite-api.readthedocs.org/en/latest/"/> ''; default = false; type = types.bool; diff --git a/nixpkgs/nixos/modules/services/monitoring/munin.nix b/nixpkgs/nixos/modules/services/monitoring/munin.nix index f67986327245..ffe223fedbe1 100644 --- a/nixpkgs/nixos/modules/services/monitoring/munin.nix +++ b/nixpkgs/nixos/modules/services/monitoring/munin.nix @@ -8,7 +8,7 @@ # spawn-fcgi -s /run/munin/fastcgi-graph.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph # spawn-fcgi -s /run/munin/fastcgi-html.sock -U www-data -u munin -g munin /usr/lib/munin/cgi/munin-cgi-html # https://paste.sh/vofcctHP#-KbDSXVeWoifYncZmLfZzgum -# nginx http://munin.readthedocs.org/en/latest/example/webserver/nginx.html +# nginx https://munin.readthedocs.org/en/latest/example/webserver/nginx.html with lib; diff --git a/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix b/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix index e7ac12c07d33..d8384e0d35b3 100644 --- a/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix +++ b/nixpkgs/nixos/modules/services/monitoring/prometheus/default.nix @@ -22,9 +22,6 @@ let workingDir = stateDirBase + stateDir; workingDir2 = stateDirBase + cfg2.stateDir; - # Get a submodule without any embedded metadata: - _filter = x: filterAttrs (k: v: k != "_module") x; - # a wrapper that verifies that the configuration is valid promtoolCheck = what: name: file: pkgs.runCommand "${name}-${what}-checked" { buildInputs = [ cfg.package ]; } '' @@ -50,11 +47,11 @@ let # This becomes the main config file for Prometheus 1 promConfig = { - global = cfg.globalConfig; + global = filterValidPrometheus cfg.globalConfig; rule_files = map (promtoolCheck "check-rules" "rules") (cfg.ruleFiles ++ [ (pkgs.writeText "prometheus.rules" (concatStringsSep "\n" cfg.rules)) ]); - scrape_configs = filterEmpty cfg.scrapeConfigs; + scrape_configs = filterValidPrometheus cfg.scrapeConfigs; }; generatedPrometheusYml = writePrettyJSON "prometheus.yml" promConfig; @@ -77,11 +74,11 @@ let # This becomes the main config file for Prometheus 2 promConfig2 = { - global = cfg2.globalConfig; + global = filterValidPrometheus cfg2.globalConfig; rule_files = map (prom2toolCheck "check rules" "rules") (cfg2.ruleFiles ++ [ (pkgs.writeText "prometheus.rules" (concatStringsSep "\n" cfg2.rules)) ]); - scrape_configs = filterEmpty cfg2.scrapeConfigs; + scrape_configs = filterValidPrometheus cfg2.scrapeConfigs; alerting = optionalAttrs (cfg2.alertmanagerURL != []) { alertmanagers = [{ static_configs = [{ @@ -108,7 +105,7 @@ let ] ++ optional (cfg2.webExternalUrl != null) "--web.external-url=${cfg2.webExternalUrl}"; - filterEmpty = filterAttrsListRecursive (_n: v: !(v == null || v == [] || v == {})); + filterValidPrometheus = filterAttrsListRecursive (n: v: !(n == "_module" || v == null)); filterAttrsListRecursive = pred: x: if isAttrs x then listToAttrs ( @@ -123,41 +120,37 @@ let map (filterAttrsListRecursive pred) x else x; - promTypes.globalConfig = types.submodule { - options = { - scrape_interval = mkOption { - type = types.str; - default = "1m"; - description = '' - How frequently to scrape targets by default. - ''; - }; + mkDefOpt = type : defaultStr : description : mkOpt type (description + '' - scrape_timeout = mkOption { - type = types.str; - default = "10s"; - description = '' - How long until a scrape request times out. - ''; - }; + Defaults to <literal>${defaultStr}</literal> in prometheus + when set to <literal>null</literal>. + ''); - evaluation_interval = mkOption { - type = types.str; - default = "1m"; - description = '' - How frequently to evaluate rules by default. - ''; - }; + mkOpt = type : description : mkOption { + type = types.nullOr type; + default = null; + inherit description; + }; - external_labels = mkOption { - type = types.attrsOf types.str; - description = '' - The labels to add to any time series or alerts when - communicating with external systems (federation, remote - storage, Alertmanager). - ''; - default = {}; - }; + promTypes.globalConfig = types.submodule { + options = { + scrape_interval = mkDefOpt types.str "1m" '' + How frequently to scrape targets by default. + ''; + + scrape_timeout = mkDefOpt types.str "10s" '' + How long until a scrape request times out. + ''; + + evaluation_interval = mkDefOpt types.str "1m" '' + How frequently to evaluate rules by default. + ''; + + external_labels = mkOpt (types.attrsOf types.str) '' + The labels to add to any time series or alerts when + communicating with external systems (federation, remote + storage, Alertmanager). + ''; }; }; @@ -169,145 +162,127 @@ let The job name assigned to scraped metrics by default. ''; }; - scrape_interval = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - How frequently to scrape targets from this job. Defaults to the - globally configured default. - ''; - }; - scrape_timeout = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Per-target timeout when scraping this job. Defaults to the - globally configured default. - ''; - }; - metrics_path = mkOption { - type = types.str; - default = "/metrics"; - description = '' - The HTTP resource path on which to fetch metrics from targets. - ''; - }; - honor_labels = mkOption { - type = types.bool; - default = false; - description = '' - Controls how Prometheus handles conflicts between labels - that are already present in scraped data and labels that - Prometheus would attach server-side ("job" and "instance" - labels, manually configured target labels, and labels - generated by service discovery implementations). - - If honor_labels is set to "true", label conflicts are - resolved by keeping label values from the scraped data and - ignoring the conflicting server-side labels. - - If honor_labels is set to "false", label conflicts are - resolved by renaming conflicting labels in the scraped data - to "exported_<original-label>" (for example - "exported_instance", "exported_job") and then attaching - server-side labels. This is useful for use cases such as - federation, where all labels specified in the target should - be preserved. - ''; - }; - scheme = mkOption { - type = types.enum ["http" "https"]; - default = "http"; - description = '' - The URL scheme with which to fetch metrics from targets. - ''; - }; - params = mkOption { - type = types.attrsOf (types.listOf types.str); - default = {}; - description = '' - Optional HTTP URL parameters. - ''; - }; - basic_auth = mkOption { - type = types.nullOr (types.submodule { - options = { - username = mkOption { - type = types.str; - description = '' - HTTP username - ''; - }; - password = mkOption { - type = types.str; - description = '' - HTTP password - ''; - }; + scrape_interval = mkOpt types.str '' + How frequently to scrape targets from this job. Defaults to the + globally configured default. + ''; + + scrape_timeout = mkOpt types.str '' + Per-target timeout when scraping this job. Defaults to the + globally configured default. + ''; + + metrics_path = mkDefOpt types.str "/metrics" '' + The HTTP resource path on which to fetch metrics from targets. + ''; + + honor_labels = mkDefOpt types.bool "false" '' + Controls how Prometheus handles conflicts between labels + that are already present in scraped data and labels that + Prometheus would attach server-side ("job" and "instance" + labels, manually configured target labels, and labels + generated by service discovery implementations). + + If honor_labels is set to "true", label conflicts are + resolved by keeping label values from the scraped data and + ignoring the conflicting server-side labels. + + If honor_labels is set to "false", label conflicts are + resolved by renaming conflicting labels in the scraped data + to "exported_<original-label>" (for example + "exported_instance", "exported_job") and then attaching + server-side labels. This is useful for use cases such as + federation, where all labels specified in the target should + be preserved. + ''; + + honor_timestamps = mkDefOpt types.bool "true" '' + honor_timestamps controls whether Prometheus respects the timestamps present + in scraped data. + + If honor_timestamps is set to <literal>true</literal>, the timestamps of the metrics exposed + by the target will be used. + + If honor_timestamps is set to <literal>false</literal>, the timestamps of the metrics exposed + by the target will be ignored. + ''; + + scheme = mkDefOpt (types.enum ["http" "https"]) "http" '' + The URL scheme with which to fetch metrics from targets. + ''; + + params = mkOpt (types.attrsOf (types.listOf types.str)) '' + Optional HTTP URL parameters. + ''; + + basic_auth = mkOpt (types.submodule { + options = { + username = mkOption { + type = types.str; + description = '' + HTTP username + ''; }; - }); - default = null; - apply = x: mapNullable _filter x; - description = '' - Optional http login credentials for metrics scraping. - ''; - }; - tls_config = mkOption { - type = types.nullOr promTypes.tls_config; - default = null; - apply = x: mapNullable _filter x; - description = '' - Configures the scrape request's TLS settings. - ''; - }; - dns_sd_configs = mkOption { - type = types.listOf promTypes.dns_sd_config; - default = []; - apply = x: map _filter x; - description = '' - List of DNS service discovery configurations. - ''; - }; - consul_sd_configs = mkOption { - type = types.listOf promTypes.consul_sd_config; - default = []; - apply = x: map _filter x; - description = '' - List of Consul service discovery configurations. - ''; - }; - file_sd_configs = mkOption { - type = types.listOf promTypes.file_sd_config; - default = []; - apply = x: map _filter x; - description = '' - List of file service discovery configurations. - ''; - }; - static_configs = mkOption { - type = types.listOf promTypes.static_config; - default = []; - apply = x: map _filter x; - description = '' - List of labeled target groups for this job. - ''; - }; - ec2_sd_configs = mkOption { - type = types.listOf promTypes.ec2_sd_config; - default = []; - apply = x: map _filter x; - description = '' - List of EC2 service discovery configurations. - ''; - }; - relabel_configs = mkOption { - type = types.listOf promTypes.relabel_config; - default = []; - apply = x: map _filter x; - description = '' - List of relabel configurations. - ''; - }; + password = mkOption { + type = types.str; + description = '' + HTTP password + ''; + }; + }; + }) '' + Optional http login credentials for metrics scraping. + ''; + + bearer_token = mkOpt types.str '' + Sets the `Authorization` header on every scrape request with + the configured bearer token. It is mutually exclusive with + <option>bearer_token_file</option>. + ''; + + bearer_token_file = mkOpt types.str '' + Sets the `Authorization` header on every scrape request with + the bearer token read from the configured file. It is mutually + exclusive with <option>bearer_token</option>. + ''; + + tls_config = mkOpt promTypes.tls_config '' + Configures the scrape request's TLS settings. + ''; + + proxy_url = mkOpt types.str '' + Optional proxy URL. + ''; + + ec2_sd_configs = mkOpt (types.listOf promTypes.ec2_sd_config) '' + List of EC2 service discovery configurations. + ''; + + dns_sd_configs = mkOpt (types.listOf promTypes.dns_sd_config) '' + List of DNS service discovery configurations. + ''; + + consul_sd_configs = mkOpt (types.listOf promTypes.consul_sd_config) '' + List of Consul service discovery configurations. + ''; + + file_sd_configs = mkOpt (types.listOf promTypes.file_sd_config) '' + List of file service discovery configurations. + ''; + + static_configs = mkOpt (types.listOf promTypes.static_config) '' + List of labeled target groups for this job. + ''; + + relabel_configs = mkOpt (types.listOf promTypes.relabel_config) '' + List of relabel configurations. + ''; + + sample_limit = mkDefOpt types.int "0" '' + Per-scrape limit on number of scraped samples that will be accepted. + If more than this number of samples are present after metric relabelling + the entire scrape will be treated as failed. 0 means no limit. + ''; }; }; @@ -337,66 +312,41 @@ let The AWS Region. ''; }; - endpoint = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Custom endpoint to be used. - ''; - }; - access_key = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - The AWS API key id. If blank, the environment variable - <literal>AWS_ACCESS_KEY_ID</literal> is used. - ''; - }; - secret_key = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - The AWS API key secret. If blank, the environment variable - <literal>AWS_SECRET_ACCESS_KEY</literal> is used. - ''; - }; - profile = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Named AWS profile used to connect to the API. - ''; - }; - role_arn = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - AWS Role ARN, an alternative to using AWS API keys. - ''; - }; - refresh_interval = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Refresh interval to re-read the instance list. - ''; - }; - port = mkOption { - type = types.int; - default = 80; - description = '' - The port to scrape metrics from. If using the public IP - address, this must instead be specified in the relabeling - rule. - ''; - }; - filters = mkOption { - type = types.nullOr (types.listOf promTypes.filter); - default = null; - description = '' - Filters can be used optionally to filter the instance list by other criteria. - ''; - }; + endpoint = mkOpt types.str '' + Custom endpoint to be used. + ''; + + access_key = mkOpt types.str '' + The AWS API key id. If blank, the environment variable + <literal>AWS_ACCESS_KEY_ID</literal> is used. + ''; + + secret_key = mkOpt types.str '' + The AWS API key secret. If blank, the environment variable + <literal>AWS_SECRET_ACCESS_KEY</literal> is used. + ''; + + profile = mkOpt types.str '' + Named AWS profile used to connect to the API. + ''; + + role_arn = mkOpt types.str '' + AWS Role ARN, an alternative to using AWS API keys. + ''; + + refresh_interval = mkDefOpt types.str "60s" '' + Refresh interval to re-read the instance list. + ''; + + port = mkDefOpt types.int "80" '' + The port to scrape metrics from. If using the public IP + address, this must instead be specified in the relabeling + rule. + ''; + + filters = mkOpt (types.listOf promTypes.filter) '' + Filters can be used optionally to filter the instance list by other criteria. + ''; }; }; @@ -409,6 +359,7 @@ let for the available filters. ''; }; + value = mkOption { type = types.listOf types.str; default = []; @@ -427,56 +378,63 @@ let A list of DNS SRV record names to be queried. ''; }; - refresh_interval = mkOption { - type = types.str; - default = "30s"; - description = '' - The time after which the provided names are refreshed. - ''; - }; + + refresh_interval = mkDefOpt types.str "30s" '' + The time after which the provided names are refreshed. + ''; }; }; promTypes.consul_sd_config = types.submodule { options = { - server = mkOption { - type = types.str; - description = "Consul server to query."; - }; - token = mkOption { - type = types.nullOr types.str; - description = "Consul token"; - }; - datacenter = mkOption { - type = types.nullOr types.str; - description = "Consul datacenter"; - }; - scheme = mkOption { - type = types.nullOr types.str; - description = "Consul scheme"; - }; - username = mkOption { - type = types.nullOr types.str; - description = "Consul username"; - }; - password = mkOption { - type = types.nullOr types.str; - description = "Consul password"; - }; + server = mkDefOpt types.str "localhost:8500" '' + Consul server to query. + ''; - services = mkOption { - type = types.listOf types.str; - description = '' - A list of services for which targets are retrieved. - ''; - }; - tag_separator = mkOption { - type = types.str; - default = ","; - description = '' - The string by which Consul tags are joined into the tag label. - ''; - }; + token = mkOpt types.str "Consul token"; + + datacenter = mkOpt types.str "Consul datacenter"; + + scheme = mkDefOpt types.str "http" "Consul scheme"; + + username = mkOpt types.str "Consul username"; + + password = mkOpt types.str "Consul password"; + + tls_config = mkOpt promTypes.tls_config '' + Configures the Consul request's TLS settings. + ''; + + services = mkOpt (types.listOf types.str) '' + A list of services for which targets are retrieved. + ''; + + tags = mkOpt (types.listOf types.str) '' + An optional list of tags used to filter nodes for a given + service. Services must contain all tags in the list. + ''; + + node_meta = mkOpt (types.attrsOf types.str) '' + Node metadata used to filter nodes for a given service. + ''; + + tag_separator = mkDefOpt types.str "," '' + The string by which Consul tags are joined into the tag label. + ''; + + allow_stale = mkOpt types.bool '' + Allow stale Consul results + (see <link xlink:href="https://www.consul.io/api/index.html#consistency-modes"/>). + + Will reduce load on Consul. + ''; + + refresh_interval = mkDefOpt types.str "30s" '' + The time after which the provided names are refreshed. + + On large setup it might be a good idea to increase this value + because the catalog will change all the time. + ''; }; }; @@ -488,108 +446,74 @@ let Patterns for files from which target groups are extracted. Refer to the Prometheus documentation for permitted filename patterns and formats. - - ''; - }; - refresh_interval = mkOption { - type = types.str; - default = "30s"; - description = '' - Refresh interval to re-read the files. ''; }; + + refresh_interval = mkDefOpt types.str "5m" '' + Refresh interval to re-read the files. + ''; }; }; promTypes.relabel_config = types.submodule { options = { - source_labels = mkOption { - type = with types; nullOr (listOf str); - default = null; - description = '' - The source labels select values from existing labels. Their content - is concatenated using the configured separator and matched against - the configured regular expression. - ''; - }; - separator = mkOption { - type = types.str; - default = ";"; - description = '' - Separator placed between concatenated source label values. - ''; - }; - target_label = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Label to which the resulting value is written in a replace action. - It is mandatory for replace actions. - ''; - }; - regex = mkOption { - type = types.str; - default = "(.*)"; - description = '' - Regular expression against which the extracted value is matched. - ''; - }; - replacement = mkOption { - type = types.str; - default = "$1"; - description = '' - Replacement value against which a regex replace is performed if the - regular expression matches. - ''; - }; - action = mkOption { - type = types.enum ["replace" "keep" "drop"]; - default = "replace"; - description = '' - Action to perform based on regex matching. - ''; - }; + source_labels = mkOpt (types.listOf types.str) '' + The source labels select values from existing labels. Their content + is concatenated using the configured separator and matched against + the configured regular expression. + ''; + + separator = mkDefOpt types.str ";" '' + Separator placed between concatenated source label values. + ''; + + target_label = mkOpt types.str '' + Label to which the resulting value is written in a replace action. + It is mandatory for replace actions. + ''; + + regex = mkDefOpt types.str "(.*)" '' + Regular expression against which the extracted value is matched. + ''; + + modulus = mkOpt types.int '' + Modulus to take of the hash of the source label values. + ''; + + replacement = mkDefOpt types.str "$1" '' + Replacement value against which a regex replace is performed if the + regular expression matches. + ''; + + action = mkDefOpt (types.enum ["replace" "keep" "drop"]) "replace" '' + Action to perform based on regex matching. + ''; + }; }; promTypes.tls_config = types.submodule { options = { - ca_file = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - CA certificate to validate API server certificate with. - ''; - }; - cert_file = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Certificate file for client cert authentication to the server. - ''; - }; - key_file = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - Key file for client cert authentication to the server. - ''; - }; - server_name = mkOption { - type = types.nullOr types.str; - default = null; - description = '' - ServerName extension to indicate the name of the server. - http://tools.ietf.org/html/rfc4366#section-3.1 - ''; - }; - insecure_skip_verify = mkOption { - type = types.bool; - default = false; - description = '' - Disable validation of the server certificate. - ''; - }; + ca_file = mkOpt types.str '' + CA certificate to validate API server certificate with. + ''; + + cert_file = mkOpt types.str '' + Certificate file for client cert authentication to the server. + ''; + + key_file = mkOpt types.str '' + Key file for client cert authentication to the server. + ''; + + server_name = mkOpt types.str '' + ServerName extension to indicate the name of the server. + http://tools.ietf.org/html/rfc4366#section-3.1 + ''; + + insecure_skip_verify = mkOpt types.bool '' + Disable validation of the server certificate. + ''; }; }; @@ -662,7 +586,6 @@ in { globalConfig = mkOption { type = promTypes.globalConfig; default = {}; - apply = _filter; description = '' Parameters that are valid in all configuration contexts. They also serve as defaults for other configuration sections @@ -688,7 +611,6 @@ in { scrapeConfigs = mkOption { type = types.listOf promTypes.scrape_config; default = []; - apply = x: map _filter x; description = '' A list of scrape configurations. ''; @@ -786,7 +708,6 @@ in { globalConfig = mkOption { type = promTypes.globalConfig; default = {}; - apply = _filter; description = '' Parameters that are valid in all configuration contexts. They also serve as defaults for other configuration sections @@ -812,7 +733,6 @@ in { scrapeConfigs = mkOption { type = types.listOf promTypes.scrape_config; default = []; - apply = x: map _filter x; description = '' A list of scrape configurations. ''; |