diff --git a/CHANGELOG.md b/CHANGELOG.md index 4445444..1186bad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,10 @@ - Boundaries between Namespaces has been removed and all nodes can communicate by default [#357](https://github.com/juanfont/headscale/pull/357) - To limit access between nodes, use [ACLs](./docs/acls.md). +- `/metrics` is now a configurable host:port endpoint: [#344](https://github.com/juanfont/headscale/pull/344). You must update your `config.yaml` file to include: + ```yaml + metrics_listen_addr: 127.0.0.1:9090 + ``` ### Features diff --git a/app.go b/app.go index 5818509..763fdfe 100644 --- a/app.go +++ b/app.go @@ -72,6 +72,7 @@ const ( type Config struct { ServerURL string Addr string + MetricsAddr string GRPCAddr string GRPCAllowInsecure bool EphemeralNodeInactivityTimeout time.Duration @@ -433,11 +434,17 @@ func (h *Headscale) ensureUnixSocketIsAbsent() error { return os.Remove(h.cfg.UnixSocket) } -func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *gin.Engine { - router := gin.Default() +func (h *Headscale) createPrometheusRouter() *gin.Engine { + promRouter := gin.Default() prometheus := ginprometheus.NewPrometheus("gin") - prometheus.Use(router) + prometheus.Use(promRouter) + + return promRouter +} + +func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *gin.Engine { + router := gin.Default() router.GET( "/health", @@ -649,6 +656,27 @@ func (h *Headscale) Serve() error { log.Info(). Msgf("listening and serving HTTP on: %s", h.cfg.Addr) + promRouter := h.createPrometheusRouter() + + promHTTPServer := &http.Server{ + Addr: h.cfg.MetricsAddr, + Handler: promRouter, + ReadTimeout: HTTPReadTimeout, + WriteTimeout: 0, + } + + var promHTTPListener net.Listener + promHTTPListener, err = net.Listen("tcp", h.cfg.MetricsAddr) + + if err != nil { + return fmt.Errorf("failed to bind to TCP address: %w", err) + } + + errorGroup.Go(func() error { return promHTTPServer.Serve(promHTTPListener) }) + + log.Info(). + Msgf("listening and serving metrics on: %s", h.cfg.MetricsAddr) + return errorGroup.Wait() } diff --git a/cmd/headscale/cli/utils.go b/cmd/headscale/cli/utils.go index 97c2440..49fc23c 100644 --- a/cmd/headscale/cli/utils.go +++ b/cmd/headscale/cli/utils.go @@ -304,6 +304,7 @@ func getHeadscaleConfig() headscale.Config { return headscale.Config{ ServerURL: viper.GetString("server_url"), Addr: viper.GetString("listen_addr"), + MetricsAddr: viper.GetString("metrics_listen_addr"), GRPCAddr: viper.GetString("grpc_listen_addr"), GRPCAllowInsecure: viper.GetBool("grpc_allow_insecure"), diff --git a/cmd/headscale/headscale_test.go b/cmd/headscale/headscale_test.go index 5ab46e0..c971220 100644 --- a/cmd/headscale/headscale_test.go +++ b/cmd/headscale/headscale_test.go @@ -55,6 +55,7 @@ func (*Suite) TestConfigLoading(c *check.C) { // Test that config file was interpreted correctly c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080") c.Assert(viper.GetString("listen_addr"), check.Equals, "0.0.0.0:8080") + c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090") c.Assert(viper.GetString("db_type"), check.Equals, "sqlite3") c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite") c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "") diff --git a/config-example.yaml b/config-example.yaml index e14d1a1..c28b608 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -16,6 +16,12 @@ server_url: http://127.0.0.1:8080 # listen_addr: 0.0.0.0:8080 +# Address to listen to /metrics, you may want +# to keep this endpoint private to your internal +# network +# +metrics_listen_addr: 127.0.0.1:9090 + # Address to listen for gRPC. # gRPC is used for controlling a headscale server # remotely with the CLI diff --git a/docs/examples/kustomize/base/configmap.yaml b/docs/examples/kustomize/base/configmap.yaml index 2e25e5f..0ac2d56 100644 --- a/docs/examples/kustomize/base/configmap.yaml +++ b/docs/examples/kustomize/base/configmap.yaml @@ -5,4 +5,5 @@ metadata: data: server_url: $(PUBLIC_PROTO)://$(PUBLIC_HOSTNAME) listen_addr: "0.0.0.0:8080" + metrics_listen_addr: "127.0.0.1:9090" ephemeral_node_inactivity_timeout: "30m" diff --git a/docs/examples/kustomize/postgres/deployment.yaml b/docs/examples/kustomize/postgres/deployment.yaml index 75e6444..1dd88b4 100644 --- a/docs/examples/kustomize/postgres/deployment.yaml +++ b/docs/examples/kustomize/postgres/deployment.yaml @@ -25,6 +25,11 @@ spec: configMapKeyRef: name: headscale-config key: listen_addr + - name: METRICS_LISTEN_ADDR + valueFrom: + configMapKeyRef: + name: headscale-config + key: metrics_listen_addr - name: DERP_MAP_PATH value: /vol/config/derp.yaml - name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT diff --git a/docs/examples/kustomize/sqlite/statefulset.yaml b/docs/examples/kustomize/sqlite/statefulset.yaml index 050bf76..2321d39 100644 --- a/docs/examples/kustomize/sqlite/statefulset.yaml +++ b/docs/examples/kustomize/sqlite/statefulset.yaml @@ -26,6 +26,11 @@ spec: configMapKeyRef: name: headscale-config key: listen_addr + - name: METRICS_LISTEN_ADDR + valueFrom: + configMapKeyRef: + name: headscale-config + key: metrics_listen_addr - name: DERP_MAP_PATH value: /vol/config/derp.yaml - name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT diff --git a/integration_test/etc/config.yaml b/integration_test/etc/config.yaml index 63af7eb..f055b4c 100644 --- a/integration_test/etc/config.yaml +++ b/integration_test/etc/config.yaml @@ -14,6 +14,7 @@ dns_config: db_path: /tmp/integration_test_db.sqlite3 private_key_path: private.key listen_addr: 0.0.0.0:8080 +metrics_listen_addr: 127.0.0.1:9090 server_url: http://headscale:8080 derp: