0e4abb0df7
The option `services.prometheus.environmentFile` has been removed since it was causing [issues](https://github.com/NixOS/nixpkgs/issues/126083) and Prometheus now has native support for secret files.
340 lines
11 KiB
Nix
340 lines
11 KiB
Nix
let
|
|
grpcPort = 19090;
|
|
queryPort = 9090;
|
|
minioPort = 9000;
|
|
pushgwPort = 9091;
|
|
|
|
s3 = {
|
|
accessKey = "BKIKJAA5BMMU2RHO6IBB";
|
|
secretKey = "V7f1CwQqAcwo80UEIJEjc5gVQUSSx5ohQ9GSrr12";
|
|
};
|
|
|
|
objstore.config = {
|
|
type = "S3";
|
|
config = {
|
|
bucket = "thanos-bucket";
|
|
endpoint = "s3:${toString minioPort}";
|
|
region = "us-east-1";
|
|
access_key = s3.accessKey;
|
|
secret_key = s3.secretKey;
|
|
insecure = true;
|
|
signature_version2 = false;
|
|
put_user_metadata = {};
|
|
http_config = {
|
|
idle_conn_timeout = "0s";
|
|
insecure_skip_verify = false;
|
|
};
|
|
trace = {
|
|
enable = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
in import ./make-test-python.nix {
|
|
name = "prometheus";
|
|
|
|
nodes = {
|
|
prometheus = { pkgs, ... }: {
|
|
virtualisation.diskSize = 2 * 1024;
|
|
virtualisation.memorySize = 2048;
|
|
environment.systemPackages = [ pkgs.jq ];
|
|
networking.firewall.allowedTCPPorts = [ grpcPort ];
|
|
services.prometheus = {
|
|
enable = true;
|
|
enableReload = true;
|
|
scrapeConfigs = [
|
|
{
|
|
job_name = "prometheus";
|
|
static_configs = [
|
|
{
|
|
targets = [ "127.0.0.1:${toString queryPort}" ];
|
|
labels = { instance = "localhost"; };
|
|
}
|
|
];
|
|
}
|
|
{
|
|
job_name = "pushgateway";
|
|
scrape_interval = "1s";
|
|
static_configs = [
|
|
{
|
|
targets = [ "127.0.0.1:${toString pushgwPort}" ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
rules = [
|
|
''
|
|
groups:
|
|
- name: test
|
|
rules:
|
|
- record: testrule
|
|
expr: count(up{job="prometheus"})
|
|
''
|
|
];
|
|
globalConfig = {
|
|
external_labels = {
|
|
some_label = "required by thanos";
|
|
};
|
|
};
|
|
extraFlags = [
|
|
# Required by thanos
|
|
"--storage.tsdb.min-block-duration=5s"
|
|
"--storage.tsdb.max-block-duration=5s"
|
|
];
|
|
};
|
|
services.prometheus.pushgateway = {
|
|
enable = true;
|
|
web.listen-address = ":${toString pushgwPort}";
|
|
persistMetrics = true;
|
|
persistence.interval = "1s";
|
|
stateDir = "prometheus-pushgateway";
|
|
};
|
|
services.thanos = {
|
|
sidecar = {
|
|
enable = true;
|
|
grpc-address = "0.0.0.0:${toString grpcPort}";
|
|
inherit objstore;
|
|
};
|
|
|
|
# TODO: Add some tests for these services:
|
|
#rule = {
|
|
# enable = true;
|
|
# http-address = "0.0.0.0:19194";
|
|
# grpc-address = "0.0.0.0:19193";
|
|
# query.addresses = [
|
|
# "localhost:19191"
|
|
# ];
|
|
# labels = {
|
|
# just = "some";
|
|
# nice = "labels";
|
|
# };
|
|
#};
|
|
#
|
|
#receive = {
|
|
# http-address = "0.0.0.0:19195";
|
|
# enable = true;
|
|
# labels = {
|
|
# just = "some";
|
|
# nice = "labels";
|
|
# };
|
|
#};
|
|
};
|
|
# Adds a "specialisation" of the above config which allows us to
|
|
# "switch" to it and see if the services.prometheus.enableReload
|
|
# functionality actually reloads the prometheus service instead of
|
|
# restarting it.
|
|
specialisation = {
|
|
"prometheus-config-change" = {
|
|
configuration = {
|
|
environment.systemPackages = [ pkgs.yq ];
|
|
|
|
# This configuration just adds a new prometheus job
|
|
# to scrape the node_exporter metrics of the s3 machine.
|
|
services.prometheus = {
|
|
scrapeConfigs = [
|
|
{
|
|
job_name = "s3-node_exporter";
|
|
static_configs = [
|
|
{
|
|
targets = [ "s3:9100" ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
query = { pkgs, ... }: {
|
|
environment.systemPackages = [ pkgs.jq ];
|
|
services.thanos.query = {
|
|
enable = true;
|
|
http-address = "0.0.0.0:${toString queryPort}";
|
|
store.addresses = [
|
|
"prometheus:${toString grpcPort}"
|
|
];
|
|
};
|
|
};
|
|
|
|
store = { pkgs, ... }: {
|
|
virtualisation.diskSize = 2 * 1024;
|
|
virtualisation.memorySize = 2048;
|
|
environment.systemPackages = with pkgs; [ jq thanos ];
|
|
services.thanos.store = {
|
|
enable = true;
|
|
http-address = "0.0.0.0:10902";
|
|
grpc-address = "0.0.0.0:${toString grpcPort}";
|
|
inherit objstore;
|
|
sync-block-duration = "1s";
|
|
};
|
|
services.thanos.compact = {
|
|
enable = true;
|
|
http-address = "0.0.0.0:10903";
|
|
inherit objstore;
|
|
consistency-delay = "5s";
|
|
};
|
|
services.thanos.query = {
|
|
enable = true;
|
|
http-address = "0.0.0.0:${toString queryPort}";
|
|
store.addresses = [
|
|
"localhost:${toString grpcPort}"
|
|
];
|
|
};
|
|
};
|
|
|
|
s3 = { pkgs, ... } : {
|
|
# Minio requires at least 1GiB of free disk space to run.
|
|
virtualisation = {
|
|
diskSize = 2 * 1024;
|
|
memorySize = 1024;
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ minioPort ];
|
|
|
|
services.minio = {
|
|
enable = true;
|
|
inherit (s3) accessKey secretKey;
|
|
};
|
|
|
|
environment.systemPackages = [ pkgs.minio-client ];
|
|
|
|
services.prometheus.exporters.node = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript = { nodes, ... } : ''
|
|
import json
|
|
|
|
# Before starting the other machines we first make sure that our S3 service is online
|
|
# and has a bucket added for thanos:
|
|
s3.start()
|
|
s3.wait_for_unit("minio.service")
|
|
s3.wait_for_open_port(${toString minioPort})
|
|
s3.succeed(
|
|
"mc config host add minio "
|
|
+ "http://localhost:${toString minioPort} "
|
|
+ "${s3.accessKey} ${s3.secretKey} --api s3v4",
|
|
"mc mb minio/thanos-bucket",
|
|
)
|
|
|
|
# Now that s3 has started we can start the other machines:
|
|
for machine in prometheus, query, store:
|
|
machine.start()
|
|
|
|
# Check if prometheus responds to requests:
|
|
prometheus.wait_for_unit("prometheus.service")
|
|
|
|
prometheus.wait_for_open_port(${toString queryPort})
|
|
prometheus.succeed("curl -sf http://127.0.0.1:${toString queryPort}/metrics")
|
|
|
|
# Let's test if pushing a metric to the pushgateway succeeds:
|
|
prometheus.wait_for_unit("pushgateway.service")
|
|
prometheus.succeed(
|
|
"echo 'some_metric 3.14' | "
|
|
+ "curl -f --data-binary \@- "
|
|
+ "http://127.0.0.1:${toString pushgwPort}/metrics/job/some_job"
|
|
)
|
|
|
|
# Now check whether that metric gets ingested by prometheus.
|
|
# Since we'll check for the metric several times on different machines
|
|
# we abstract the test using the following function:
|
|
|
|
# Function to check if the metric "some_metric" has been received and returns the correct value.
|
|
def wait_for_metric(machine):
|
|
return machine.wait_until_succeeds(
|
|
"curl -sf 'http://127.0.0.1:${toString queryPort}/api/v1/query?query=some_metric' | "
|
|
+ "jq '.data.result[0].value[1]' | grep '\"3.14\"'"
|
|
)
|
|
|
|
|
|
wait_for_metric(prometheus)
|
|
|
|
# Let's test if the pushgateway persists metrics to the configured location.
|
|
prometheus.wait_until_succeeds("test -e /var/lib/prometheus-pushgateway/metrics")
|
|
|
|
# Test thanos
|
|
prometheus.wait_for_unit("thanos-sidecar.service")
|
|
|
|
# Test if the Thanos query service can correctly retrieve the metric that was send above.
|
|
query.wait_for_unit("thanos-query.service")
|
|
wait_for_metric(query)
|
|
|
|
# Test if the Thanos sidecar has correctly uploaded its TSDB to S3, if the
|
|
# Thanos storage service has correctly downloaded it from S3 and if the Thanos
|
|
# query service running on $store can correctly retrieve the metric:
|
|
store.wait_for_unit("thanos-store.service")
|
|
wait_for_metric(store)
|
|
|
|
store.wait_for_unit("thanos-compact.service")
|
|
|
|
# Test if the Thanos bucket command is able to retrieve blocks from the S3 bucket
|
|
# and check if the blocks have the correct labels:
|
|
store.succeed(
|
|
"thanos tools bucket ls "
|
|
+ "--objstore.config-file=${nodes.store.config.services.thanos.store.objstore.config-file} "
|
|
+ "--output=json | "
|
|
+ "jq .thanos.labels.some_label | "
|
|
+ "grep 'required by thanos'"
|
|
)
|
|
|
|
# Check if switching to a NixOS configuration that changes the prometheus
|
|
# configuration reloads (instead of restarts) prometheus before the switch
|
|
# finishes successfully:
|
|
with subtest("config change reloads prometheus"):
|
|
# We check if prometheus has finished reloading by looking for the message
|
|
# "Completed loading of configuration file" in the journal between the start
|
|
# and finish of switching to the new NixOS configuration.
|
|
#
|
|
# To mark the start we record the journal cursor before starting the switch:
|
|
cursor_before_switching = json.loads(
|
|
prometheus.succeed("journalctl -n1 -o json --output-fields=__CURSOR")
|
|
)["__CURSOR"]
|
|
|
|
# Now we switch:
|
|
prometheus_config_change = prometheus.succeed(
|
|
"readlink /run/current-system/specialisation/prometheus-config-change"
|
|
).strip()
|
|
prometheus.succeed(prometheus_config_change + "/bin/switch-to-configuration test")
|
|
|
|
# Next we retrieve all logs since the start of switching:
|
|
logs_after_starting_switching = prometheus.succeed(
|
|
"""
|
|
journalctl --after-cursor='{cursor_before_switching}' -o json --output-fields=MESSAGE
|
|
""".format(
|
|
cursor_before_switching=cursor_before_switching
|
|
)
|
|
)
|
|
|
|
# Finally we check if the message "Completed loading of configuration file"
|
|
# occurs before the "finished switching to system configuration" message:
|
|
finished_switching_msg = (
|
|
"finished switching to system configuration " + prometheus_config_change
|
|
)
|
|
reloaded_before_switching_finished = False
|
|
finished_switching = False
|
|
for log_line in logs_after_starting_switching.split("\n"):
|
|
msg = json.loads(log_line)["MESSAGE"]
|
|
if "Completed loading of configuration file" in msg:
|
|
reloaded_before_switching_finished = True
|
|
if msg == finished_switching_msg:
|
|
finished_switching = True
|
|
break
|
|
|
|
assert reloaded_before_switching_finished
|
|
assert finished_switching
|
|
|
|
# Check if the reloaded config includes the new s3-node_exporter job:
|
|
prometheus.succeed(
|
|
"""
|
|
curl -sf http://127.0.0.1:${toString queryPort}/api/v1/status/config \
|
|
| jq -r .data.yaml \
|
|
| yq '.scrape_configs | any(.job_name == "s3-node_exporter")' \
|
|
| grep true
|
|
"""
|
|
)
|
|
'';
|
|
}
|