fluent-plugin-prometheus 1.7.0 → 1.8.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 95008f0031db355e5a5bbf4ed21f8f9f0a07839480e40bf44e974046b04f562f
-  data.tar.gz: 994a30da7b1ff0ad77f12e5b47d9218a2deb97effc31a36fa83175077cc6ed69
+  metadata.gz: f48e673585638a68fa128172db768d7f35035a04f4d55bb98737e7cfd5d7cdf2
+  data.tar.gz: 1030ddd92d55c5e6603e49933760eadac266f5081cbb54169b0ebc237bcfe933
 SHA512:
-  metadata.gz: e0dc26e78e242e51e0fa87257b85c68af2ae32c11f7dabd1b4245e3ad7e1b1a7182b1b8432578f98af8a5a22d14c14e664285a238f74ebc40df0c0461026f323
-  data.tar.gz: fb31a79f327ce31e8203fa1fa9a5b9d9166410d71f9b62d4fd5411d246c768dfde5c9c076ff6e72f0d9f5bd4c7657c9180eb91ba4ee383729856da0704930404
+  metadata.gz: adb129f3a83c6be98247e2180d6cb26037a1e8e32e10c555232cf9d267867b4b5b6d5168adebbb9b8ed16b1193c9ff7e8879b379ccb92406b66cb2abc67075e1
+  data.tar.gz: 2e7a8eecf131d31d08266507620939f7f9b73613d39009d6c2349bbb166b778dae82baa6ea84021793b5374c1372b5cd0673b126ec5b6981c9dfd368c8da0922

data/ChangeLog

@@ -0,0 +1,11 @@
+Release 1.8.1 - 2020/07/06
+
+	* Fix aggregate bug with async-http
+
+Release 1.8.0 - 2020/04/17
+
+	* Use http_server helper
+	* Require fluentd v1.9.1 or later
+
+
+For older releases, see commits on github repository.

data/README.md

@@ -8,9 +8,13 @@ A fluent plugin that instruments metrics from records and exposes them via web i
 
 | fluent-plugin-prometheus | fluentd    | ruby   |
 |--------------------------|------------|--------|
-| 1.x.y                    | >= v0.14.8 | >= 2.1 |
+| 1.x.y                    | >= v1.9.1  | >= 2.4 |
+| 1.[0-7].y                | >= v0.14.8 | >= 2.1 |
 | 0.x.y                    | >= v0.12.0 | >= 1.9 |
 
+Since v1.8.0, fluent-plugin-prometheus uses [http_server helper](https://docs.fluentd.org/plugin-helper-overview/api-plugin-helper-http_server) to launch HTTP server.
+If you want to handle lots of connections, install `async-http` gem.
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -63,6 +67,19 @@ More configuration parameters:
 When using multiple workers, each worker binds to port + `fluent_worker_id`.
 To scrape metrics from all workers at once, you can access http://localhost:24231/aggregated_metrics.
 
+#### TLS setting
+
+Use `<trasnport tls>`. See [transport config article](https://docs.fluentd.org/configuration/transport-section) for more details.
+
+```
+<source>
+  @type prometheus
+  <transport tls>
+    # TLS parameters...
+  </transport
+</source>
+```
+
 ### prometheus_monitor input plugin
 
 This plugin collects internal metrics in Fluentd. The metrics are similar to/part of [monitor_agent](https://docs.fluentd.org/input/monitor_agent).
@@ -71,7 +88,7 @@ This plugin collects internal metrics in Fluentd. The metrics are similar to/par
 #### Exposed metrics
 
 - `fluentd_status_buffer_queue_length`
-- `fluentd_status_buffer_total_queued_size`
+- `fluentd_status_buffer_total_bytes`
 - `fluentd_status_retry_count`
 - `fluentd_status_buffer_newest_timekey` from fluentd v1.4.2
 - `fluentd_status_buffer_oldest_timekey` from fluentd v1.4.2
@@ -107,7 +124,7 @@ Metrics for output
 - `fluentd_output_status_emit_records`
 - `fluentd_output_status_write_count`
 - `fluentd_output_status_rollback_count`
-- `fluentd_output_status_flush_time_count` from fluentd v1.6.0
+- `fluentd_output_status_flush_time_count` in milliseconds from fluentd v1.6.0
 - `fluentd_output_status_slow_flush_count` from fluentd v1.6.0
 
 Metrics for buffer
@@ -369,7 +386,13 @@ Reserved placeholders are:
 - `${worker_id}`: fluent worker id
 - `${tag}`: tag name
   - only available in Prometheus output/filter plugin
-
+- `${tag_parts[N]}` refers to the Nth part of the tag.
+  - only available in Prometheus output/filter plugin
+- `${tag_prefix[N]}` refers to the [0..N] part of the tag.
+  - only available in Prometheus output/filter plugin
+- `${tag_suffix[N]}` refers to the [`tagsize`-1-N..] part of the tag.
+  - where `tagsize` is the size of tag which is splitted with `.` (when tag is `1.2.3`, then `tagsize` is 3)
+  - only available in Prometheus output/filter plugin
 
 ### top-level labels and labels inside metric
 

data/fluent-plugin-prometheus.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-prometheus"
-  spec.version       = "1.7.0"
+  spec.version       = "1.8.1"
   spec.authors       = ["Masahiro Sano"]
   spec.email         = ["sabottenda@gmail.com"]
   spec.summary       = %q{A fluent plugin that collects metrics and exposes for Prometheus.}
@@ -13,7 +13,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "fluentd", ">= 0.14.20", "< 2"
+  spec.add_dependency "fluentd", ">= 1.9.1", "< 2"
   spec.add_dependency "prometheus-client", "< 0.10"
   spec.add_development_dependency "bundler"
   spec.add_development_dependency "rake"

data/lib/fluent/plugin/in_prometheus.rb

@@ -2,13 +2,13 @@ require 'fluent/plugin/input'
 require 'fluent/plugin/prometheus'
 require 'fluent/plugin/prometheus_metrics'
 require 'net/http'
-require 'webrick'
+require 'openssl'
 
 module Fluent::Plugin
   class PrometheusInput < Fluent::Plugin::Input
     Fluent::Plugin.register_input('prometheus', self)
 
-    helpers :thread
+    helpers :thread, :http_server
 
     config_param :bind, :string, default: '0.0.0.0'
     config_param :port, :integer, default: 24231
@@ -17,30 +17,25 @@ module Fluent::Plugin
 
     desc 'Enable ssl configuration for the server'
     config_section :ssl, required: false, multi: false do
-      config_param :enable, :bool, default: false
+      config_param :enable, :bool, default: false, deprecated: 'Use <transport tls> section'
 
       desc 'Path to the ssl certificate in PEM format.  Read from file and added to conf as "SSLCertificate"'
-      config_param :certificate_path, :string, default: nil
+      config_param :certificate_path, :string, default: nil, deprecated: 'Use cert_path in <transport tls> section'
 
       desc 'Path to the ssl private key in PEM format.  Read from file and added to conf as "SSLPrivateKey"'
-      config_param :private_key_path, :string, default: nil
+      config_param :private_key_path, :string, default: nil, deprecated: 'Use private_key_path in <transport tls> section'
 
       desc 'Path to CA in PEM format.  Read from file and added to conf as "SSLCACertificateFile"'
-      config_param :ca_path, :string, default: nil
+      config_param :ca_path, :string, default: nil, deprecated: 'Use ca_path in <transport tls> section'
 
       desc 'Additional ssl conf for the server.  Ref: https://github.com/ruby/webrick/blob/master/lib/webrick/ssl.rb'
-      config_param :extra_conf, :hash, default: {:SSLCertName => [['CN','nobody'],['DC','example']]}, symbolize_keys: true
+      config_param :extra_conf, :hash, default: nil, symbolize_keys: true, deprecated: 'See http helper config'
     end
 
-    attr_reader :registry
-
-    attr_reader :num_workers
-    attr_reader :base_port
-    attr_reader :metrics_path
-
     def initialize
       super
       @registry = ::Prometheus::Client.registry
+      @secure = nil
     end
 
     def configure(conf)
@@ -55,6 +50,7 @@ module Fluent::Plugin
                   nil
                 end
       @num_workers = sysconf && sysconf.workers ? sysconf.workers : 1
+      @secure = @transport_config.protocol == :tls || (@ssl && @ssl['enable'])
 
       @base_port = @port
       @port += fluentd_worker_id
@@ -66,7 +62,71 @@ module Fluent::Plugin
 
     def start
       super
-      log.debug "listening prometheus http server on http://#{@bind}:#{@port}/#{@metrics_path} for worker#{fluentd_worker_id}"
+
+      scheme = @secure ? 'https' : 'http'
+      log.debug "listening prometheus http server on #{scheme}:://#{@bind}:#{@port}/#{@metrics_path} for worker#{fluentd_worker_id}"
+
+      proto = @secure ? :tls : :tcp
+
+      if @ssl && @ssl['enable'] && @ssl['extra_conf']
+        start_webrick
+        return
+      end
+
+      begin
+        require 'async'
+        require 'fluent/plugin/in_prometheus/async_wrapper'
+        extend AsyncWrapper
+      rescue LoadError => _
+        # ignore
+      end
+
+      tls_opt = if @ssl && @ssl['enable']
+                  ssl_config = {}
+
+                  if (@ssl['certificate_path'] && @ssl['private_key_path'].nil?) || (@ssl['certificate_path'].nil? && @ssl['private_key_path'])
+                    raise Fluent::ConfigError.new('both certificate_path and private_key_path must be defined')
+                  end
+
+                  if @ssl['certificate_path']
+                    ssl_config['cert_path'] = @ssl['certificate_path']
+                  end
+
+                  if @ssl['private_key_path']
+                    ssl_config['private_key_path'] = @ssl['private_key_path']
+                  end
+
+                  if @ssl['ca_path']
+                    ssl_config['ca_path'] = @ssl['ca_path']
+                    # Only ca_path is insecure in fluentd
+                    # https://github.com/fluent/fluentd/blob/2236ad45197ba336fd9faf56f442252c8b226f25/lib/fluent/plugin_helper/cert_option.rb#L68
+                    ssl_config['insecure'] = true
+                  end
+
+                  ssl_config
+                end
+
+      http_server_create_http_server(:in_prometheus_server, addr: @bind, port: @port, logger: log, proto: proto, tls_opts: tls_opt) do |server|
+        server.get(@metrics_path) { |_req| all_metrics }
+        server.get(@aggregated_metrics_path) { |_req| all_workers_metrics }
+      end
+    end
+
+    def shutdown
+      if @webrick_server
+        @webrick_server.shutdown
+        @webrick_server = nil
+      end
+      super
+    end
+
+    private
+
+    # For compatiblity because http helper can't support extra_conf option
+    def start_webrick
+      require 'webrick/https'
+      require 'webrick'
+
       config = {
         BindAddress: @bind,
         Port: @port,
@@ -74,90 +134,96 @@ module Fluent::Plugin
         Logger: WEBrick::Log.new(STDERR, WEBrick::Log::FATAL),
         AccessLog: [],
       }
-      unless @ssl.nil? || !@ssl['enable']
-        require 'webrick/https'
-        require 'openssl'
-        if (@ssl['certificate_path'] && @ssl['private_key_path'].nil?) || (@ssl['certificate_path'].nil? && @ssl['private_key_path'])
-            raise RuntimeError.new("certificate_path and private_key_path most both be defined")
-        end
-        ssl_config = {
-            SSLEnable: true
-        }
-        if @ssl['certificate_path']
-          cert = OpenSSL::X509::Certificate.new(File.read(@ssl['certificate_path']))
-          ssl_config[:SSLCertificate] = cert
-        end
-        if @ssl['private_key_path']
-          key = OpenSSL::PKey::RSA.new(File.read(@ssl['private_key_path']))
-          ssl_config[:SSLPrivateKey] = key
-        end
-        ssl_config[:SSLCACertificateFile] = @ssl['ca_path'] if @ssl['ca_path']
-        ssl_config = ssl_config.merge(@ssl['extra_conf'])
-        config = ssl_config.merge(config)
+      if (@ssl['certificate_path'] && @ssl['private_key_path'].nil?) || (@ssl['certificate_path'].nil? && @ssl['private_key_path'])
+        raise RuntimeError.new("certificate_path and private_key_path most both be defined")
+      end
+
+      ssl_config = {
+        SSLEnable: true,
+        SSLCertName: [['CN', 'nobody'], ['DC', 'example']]
+      }
+
+      if @ssl['certificate_path']
+        cert = OpenSSL::X509::Certificate.new(File.read(@ssl['certificate_path']))
+        ssl_config[:SSLCertificate] = cert
       end
+
+      if @ssl['private_key_path']
+        key = OpenSSL::PKey.read(@ssl['private_key_path'])
+        ssl_config[:SSLPrivateKey] = key
+      end
+
+      ssl_config[:SSLCACertificateFile] = @ssl['ca_path'] if @ssl['ca_path']
+      ssl_config = ssl_config.merge(@ssl['extra_conf']) if @ssl['extra_conf']
+      config = ssl_config.merge(config)
+
       @log.on_debug do
         @log.debug("WEBrick conf: #{config}")
       end
 
-      @server = WEBrick::HTTPServer.new(config)
-      @server.mount(@metrics_path, MonitorServlet, self)
-      @server.mount(@aggregated_metrics_path, MonitorServletAll, self)
-      thread_create(:in_prometheus) do
-        @server.start
+      @webrick_server = WEBrick::HTTPServer.new(config)
+      @webrick_server.mount_proc(@metrics_path) do |_req, res|
+        status, header, body = all_metrics
+        res.status = status
+        res['Content-Type'] = header['Content-Type']
+        res.body = body
+        res
       end
-    end
 
-    def shutdown
-      if @server
-        @server.shutdown
-        @server = nil
+      @webrick_server.mount_proc(@aggregated_metrics_path) do |_req, res|
+        status, header, body = all_workers_metrics
+        res.status = status
+        res['Content-Type'] = header['Content-Type']
+        res.body = body
+        res
+      end
+
+      thread_create(:in_prometheus_webrick) do
+        @webrick_server.start
       end
-      super
     end
 
-    class MonitorServlet < WEBrick::HTTPServlet::AbstractServlet
-      def initialize(server, prometheus)
-        @prometheus = prometheus
+    def all_metrics
+      [200, { 'Content-Type' => ::Prometheus::Client::Formats::Text::CONTENT_TYPE }, ::Prometheus::Client::Formats::Text.marshal(@registry)]
+    rescue => e
+      [500, { 'Content-Type' => 'text/plain' }, e.to_s]
+    end
+
+    def all_workers_metrics
+      full_result = PromMetricsAggregator.new
+
+      send_request_to_each_worker do |resp|
+        if resp.code.to_s == '200'
+          full_result.add_metrics(resp.body)
+        end
       end
 
-      def do_GET(req, res)
-        res.status = 200
-        res['Content-Type'] = ::Prometheus::Client::Formats::Text::CONTENT_TYPE
-        res.body = ::Prometheus::Client::Formats::Text.marshal(@prometheus.registry)
-      rescue
-        res.status = 500
-        res['Content-Type'] = 'text/plain'
-        res.body = $!.to_s
+      [200, { 'Content-Type' => ::Prometheus::Client::Formats::Text::CONTENT_TYPE }, full_result.get_metrics]
+    rescue => e
+      [500, { 'Content-Type' => 'text/plain' }, e.to_s]
+    end
+
+    def send_request_to_each_worker
+      bind = (@bind == '0.0.0.0') ? '127.0.0.1' : @bind
+      [*(@base_port...(@base_port + @num_workers))].each do |worker_port|
+        do_request(host: bind, port: worker_port, secure: @secure) do |http|
+          yield(http.get(@metrics_path))
+        end
       end
     end
 
-    class MonitorServletAll < WEBrick::HTTPServlet::AbstractServlet
-      def initialize(server, prometheus)
-        @prometheus = prometheus
+    # might be replaced by AsyncWrapper if async gem is installed
+    def do_request(host:, port:, secure:)
+      http = Net::HTTP.new(host, port)
+
+      if secure
+        http.use_ssl = true
+        # target is our child process. so it's secure.
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE
       end
 
-      def do_GET(req, res)
-        res.status = 200
-        res['Content-Type'] = ::Prometheus::Client::Formats::Text::CONTENT_TYPE
-
-        full_result = PromMetricsAggregator.new
-        fluent_server_ip = @prometheus.bind == '0.0.0.0' ? '127.0.0.1' : @prometheus.bind
-        current_worker = 0
-        while current_worker < @prometheus.num_workers
-          Net::HTTP.start(fluent_server_ip, @prometheus.base_port + current_worker) do |http|
-            req = Net::HTTP::Get.new(@prometheus.metrics_path)
-            result = http.request(req)
-            if result.is_a?(Net::HTTPSuccess)
-              full_result.add_metrics(result.body)
-            end
-          end
-          current_worker += 1
-        end
-        res.body = full_result.get_metrics
-      rescue
-        res.status = 500
-        res['Content-Type'] = 'text/plain'
-        res.body = $!.to_s
+      http.start do
+        yield(http)
       end
     end
   end

data/lib/fluent/plugin/in_prometheus/async_wrapper.rb

@@ -0,0 +1,46 @@
+require 'async'
+
+module Fluent::Plugin
+  class PrometheusInput
+    module AsyncWrapper
+      def do_request(host:, port:, secure:)
+        endpoint =
+          if secure
+            context = OpenSSL::SSL::SSLContext.new
+            context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+            Async::HTTP::Endpoint.parse("https://#{host}:#{port}", ssl_context: context)
+          else
+            Async::HTTP::Endpoint.parse("http://#{host}:#{port}")
+          end
+
+        client = Async::HTTP::Client.new(endpoint)
+        yield(AsyncHttpWrapper.new(client))
+      end
+
+      Response = Struct.new(:code, :body, :headers)
+
+      class AsyncHttpWrapper
+        def initialize(http)
+          @http = http
+        end
+
+        def get(path)
+          error = nil
+          response = Async::Task.current.async {
+            begin
+              @http.get(path)
+            rescue => e               # Async::Reactor rescue all error. handle it by itself
+              error = e
+            end
+          }.wait
+
+          if error
+            raise error
+          end
+
+          Response.new(response.status.to_s, response.body.read, response.headers)
+        end
+      end
+    end
+  end
+end