From abde681b56a455685b5fdeed69b85c8c04c686bf Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Thu, 4 Jan 2024 12:49:00 +0200 Subject: [PATCH] Clean up some matrix_nginx_proxy_proxy_matrix_metrics_* references --- docs/configuring-playbook-bridge-hookshot.md | 10 ++-- ...configuring-playbook-prometheus-grafana.md | 36 ++++------- ...onfiguring-playbook-prometheus-nginxlog.md | 9 --- ...onfiguring-playbook-prometheus-postgres.md | 2 +- group_vars/matrix_servers | 12 ++-- .../defaults/main.yml | 5 +- .../tasks/inject_into_nginx_proxy.yml | 9 +-- .../defaults/main.yml | 5 +- .../defaults/main.yml | 5 +- .../tasks/inject_into_nginx_proxy.yml | 9 +-- .../matrix-nginx-proxy/defaults/main.yml | 53 ---------------- .../tasks/nginx-proxy/setup_metrics_auth.yml | 60 ------------------- .../tasks/setup_nginx_proxy.yml | 15 ----- .../tasks/validate_config.yml | 8 --- .../nginx/conf.d/matrix-domain.conf.j2 | 13 ---- .../defaults/main.yml | 5 +- .../tasks/inject_into_nginx_proxy.yml | 10 +--- .../tasks/validate_config.yml | 7 --- .../defaults/main.yml | 4 -- .../inject_into_nginx_proxy.yml | 9 +-- .../inject_into_nginx_proxy.yml | 9 +-- roles/custom/matrix-synapse/defaults/main.yml | 4 +- roles/custom/matrix-synapse/tasks/init.yml | 19 +----- .../tasks/validate_config.yml | 4 ++ 24 files changed, 42 insertions(+), 280 deletions(-) delete mode 100644 roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml diff --git a/docs/configuring-playbook-bridge-hookshot.md b/docs/configuring-playbook-bridge-hookshot.md index e3f04c5cc..17dd7c9ea 100644 --- a/docs/configuring-playbook-bridge-hookshot.md +++ b/docs/configuring-playbook-bridge-hookshot.md @@ -57,7 +57,7 @@ Unless indicated otherwise, the following endpoints are reachable on your `matri | provisioning | `/hookshot/v1/` | `matrix_hookshot_provisioning_endpoint` | Dimension [provisioning](#provisioning-api) | | appservice | `/hookshot/_matrix/app/` | `matrix_hookshot_appservice_endpoint` | Matrix server | | widgets | `/hookshot/widgetapi/` | `matrix_hookshot_widgets_endpoint` | Widgets | -| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and `matrix_hookshot_metrics_proxying_enabled`. Requires `/metrics/*` endpoints to also be enabled via `matrix_nginx_proxy_proxy_matrix_metrics_enabled` (see the `matrix-nginx-proxy` role). Read more in the [Metrics section](#metrics) below. | Prometheus | +| metrics | `/metrics/hookshot` | `matrix_hookshot_metrics_enabled` and exposure enabled via `matrix_hookshot_metrics_proxying_enabled` or `matrix_metrics_exposure_enabled`. Read more in the [Metrics section](#metrics) below. | Prometheus | See also `matrix_hookshot_matrix_nginx_proxy_configuration` in [init.yml](/roles/custom/matrix-bridge-hookshot/tasks/inject_into_nginx_proxy.yml). @@ -91,10 +91,12 @@ Metrics are **only enabled by default** if the builtin [Prometheus](configuring- To explicitly enable metrics, use `matrix_hookshot_metrics_enabled: true`. This only exposes metrics over the container network, however. -**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to: +**To collect metrics from an external Prometheus server**, besides enabling metrics as described above, you will also need to enable metrics exposure on `https://matrix.DOMAIN/metrics/hookshot` by: -- enable the `https://matrix.DOMAIN/metrics/*` endpoints on `matrix.DOMAIN` using `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see the `matrix-nginx-role` or [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for enabling this feature) -- expose the Hookshot metrics under `https://matrix.DOMAIN/metrics/hookshot` by setting `matrix_hookshot_metrics_proxying_enabled: true` +- either enabling metrics exposure for Hookshot via `matrix_hookshot_metrics_proxying_enabled: true` +- or enabling metrics exposure for all services via `matrix_metrics_exposure_enabled: true` + +Whichever one you go with, by default metrics are exposed publicly **without** password-protection. See [the Prometheus and Grafana docs](configuring-playbook-prometheus-grafana.md) for details about password-protection for metrics. ### Collision with matrix-appservice-webhooks diff --git a/docs/configuring-playbook-prometheus-grafana.md b/docs/configuring-playbook-prometheus-grafana.md index 49a47f1a5..8c5bc0094 100644 --- a/docs/configuring-playbook-prometheus-grafana.md +++ b/docs/configuring-playbook-prometheus-grafana.md @@ -61,43 +61,29 @@ Most of our docker containers run with limited system access, but the `prometheu When you'd like **to collect metrics from an external Prometheus server**, you need to expose service metrics outside of the container network. -The playbook provides a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/hookshot`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` below. +The playbook provides a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/hookshot`, etc). To expose all services on this `/metrics/*` feature, use `matrix_metrics_exposure_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_metrics_exposure_http_basic_auth_enabled` and `matrix_metrics_exposure_http_basic_auth_users` below. + +When using `matrix_metrics_exposure_enabled`, you don't need to expose metrics for individual services one by one. The following variables may be of interest: Name | Description -----|---------- -`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service. -`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.DOMAIN/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials -`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username`|Set this to the Basic Authentication username you'd like to protect `/metrics/*` with. You also need to set `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`. If one username/password pair is not enough, you can leave the `username` and `password` variables unset and use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead -`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`|Set this to the Basic Authentication password you'd like to protect `/metrics/*` with -`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. If you only need one credential, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` instead. +`matrix_metrics_exposure_enabled`|Set this to `true` to **enable metrics exposure for all services** on `https://matrix.DOMAIN/metrics/*`. If you think this is too much, refer to the helpful (but nonexhaustive) list of individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics on a per-service basis. +`matrix_metrics_exposure_http_basic_auth_enabled`|Set this to `true` to protect all `https://matrix.DOMAIN/metrics/*` endpoints with [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) (see the other variables below for supplying the actual credentials). When enabled, all endpoints beneath `/metrics` will be protected with the same credentials +`matrix_metrics_exposure_http_basic_auth_users`|Set this to the Basic Authentication credentials (raw `htpasswd` file content) used to protect `/metrics/*`. This htpasswd-file needs to be generated with the `htpasswd` tool and can include multiple username/password pairs. `matrix_synapse_metrics_enabled`|Set this to `true` to make Synapse expose metrics (locally, on the container network) -`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`). Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). +`matrix_synapse_metrics_proxying_enabled`|Set this to `true` to expose Synapse's metrics on `https://matrix.DOMAIN/metrics/synapse/main-process` and `https://matrix.DOMAIN/metrics/synapse/worker/TYPE-ID`. Read [below](#collecting-synapse-worker-metrics-to-an-external-prometheus-server) if you're running a Synapse worker setup (`matrix_synapse_workers_enabled: true`). To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above. `prometheus_node_exporter_enabled`|Set this to `true` to enable the node (general system stats) exporter (locally, on the container network) -`matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled`|Set this to `true` to expose the node (general system stats) metrics on `https://matrix.DOMAIN/metrics/node-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above. `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network) `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network) -`matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above. `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network) -`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot` (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) -`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. Only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` -`matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`|Add nginx `location` blocks to this list if you'd like to expose additional exporters manually (see below) +`matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above. +`matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above or `matrix_SERVICE_container_labels_metrics_middleware_basic_auth_enabled`/`matrix_SERVICE_container_labels_metrics_middleware_basic_auth_users` variables provided by each role. `matrix_media_repo_metrics_enabled`|Set this to `true` to make media-repo expose metrics (locally, on the container network) -Example for how to make use of `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` for exposing additional metrics locations: -```nginx -matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: - - 'location /metrics/another-service { - resolver 127.0.0.11 valid=5s; - proxy_pass http://matrix-another-service:9100/metrics; - }' -``` - -Using `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks` only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true` (see above). - -Note : The playbook will hash the basic_auth password for you on setup. Thus, you need to give the plain-text version of the password as a variable. - ### Collecting Synapse worker metrics to an external Prometheus server If you are using workers (`matrix_synapse_workers_enabled: true`) and have enabled `matrix_synapse_metrics_proxying_enabled` as described above, the playbook will also automatically expose all Synapse worker threads' metrics to `https://matrix.DOMAIN/metrics/synapse/worker/ID`, where `ID` corresponds to the worker `id` as exemplified in `matrix_synapse_workers_enabled_list`. diff --git a/docs/configuring-playbook-prometheus-nginxlog.md b/docs/configuring-playbook-prometheus-nginxlog.md index 55272de40..7d54e4182 100644 --- a/docs/configuring-playbook-prometheus-nginxlog.md +++ b/docs/configuring-playbook-prometheus-nginxlog.md @@ -46,14 +46,5 @@ The playbook will automatically integrate the metrics into the Prometheus server The metrics of this role will be exposed on `https://matrix.DOMAIN/metrics/nginxlog` when setting ```yaml matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled: true - -# required dependency -matrix_nginx_proxy_proxy_matrix_metrics_enabled: true ``` -The playbook can provide a single endpoint (`https://matrix.DOMAIN/metrics/*`), under which various services may expose their metrics (e.g. `/metrics/node-exporter`, `/metrics/postgres-exporter`, `/metrics/nginxlog`, etc). To enable this `/metrics/*` feature, use `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. To protect access using [Basic Authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`. -The following variables may be of interest: - -Name | Description ------|---------- -`matrix_nginx_proxy_proxy_matrix_metrics_enabled`|Set this to `true` to enable metrics exposure for various services on `https://matrix.DOMAIN/metrics/*`. Refer to the individual `matrix_SERVICE_metrics_proxying_enabled` variables below for exposing metrics for each individual service. diff --git a/docs/configuring-playbook-prometheus-postgres.md b/docs/configuring-playbook-prometheus-postgres.md index c3c8e0bfb..c9cd852af 100644 --- a/docs/configuring-playbook-prometheus-postgres.md +++ b/docs/configuring-playbook-prometheus-postgres.md @@ -16,7 +16,7 @@ Name | Description `prometheus_postgres_exporter_enabled`|Enable the postgres prometheus exporter. This sets up the docker container, connects it to the database and adds a 'job' to the prometheus config which tells prometheus about this new exporter. The default is 'false' `prometheus_postgres_exporter_database_username`| The 'username' for the user that the exporter uses to connect to the database. The default is 'matrix_prometheus_postgres_exporter' `prometheus_postgres_exporter_database_password`| The 'password' for the user that the exporter uses to connect to the database. By default, this is auto-generated by the playbook -`matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server) (only takes effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`) +`matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled`|If set to `true`, exposes the Postgres exporter metrics on `https://matrix.DOMAIN/metrics/postgres-exporter` for usage with an [external Prometheus server](configuring-playbook-prometheus-grafana.md#collecting-metrics-to-an-external-prometheus-server). ## More information diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index b4fd573e3..7f406813c 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -1144,12 +1144,10 @@ matrix_mautrix_signal_appservice_token: "{{ '%s' | format(matrix_homeserver_gene matrix_mautrix_signal_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: -# - `matrix_mautrix_signal_metrics_enabled` -# - `matrix_mautrix_signal_proxying_metrics_enabled` -# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` matrix_mautrix_signal_metrics_enabled: "{{ prometheus_enabled }}" +# TODO - add support for exposing metrics + matrix_mautrix_signal_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" matrix_mautrix_signal_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" matrix_mautrix_signal_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'mau.signal.db', rounds=655555) | to_uuid }}" @@ -1271,12 +1269,10 @@ matrix_mautrix_gmessages_homeserver_token: "{{ '%s' | format(matrix_homeserver_g matrix_mautrix_gmessages_login_shared_secret: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret if matrix_synapse_ext_password_provider_shared_secret_auth_enabled else '' }}" -# People using an external Prometheus server will need to toggle all of these to be able to consume metrics remotely: -# - `matrix_mautrix_gmessages_metrics_enabled` -# - `matrix_mautrix_gmessages_proxying_metrics_enabled` -# - `matrix_nginx_proxy_proxy_matrix_metrics_enabled` matrix_mautrix_gmessages_metrics_enabled: "{{ prometheus_enabled }}" +# TODO - add support for exposing metrics + # Postgres is the default, except if not using internal Postgres server matrix_mautrix_gmessages_database_engine: "{{ 'postgres' if devture_postgres_enabled else 'sqlite' }}" matrix_mautrix_gmessages_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}" diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml index 5578fa3ef..4a279e31c 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/defaults/main.yml @@ -54,10 +54,9 @@ matrix_mautrix_gmessages_federate_rooms: true # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_gmessages_metrics_proxying_enabled`. matrix_mautrix_gmessages_metrics_enabled: false -# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-gmessages`. -# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. -# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +# Controls whether metrics should be proxied (exposed) on a public URL. matrix_mautrix_gmessages_metrics_proxying_enabled: false +# TODO - add more variables for controlling the hostname and prefix, etc. # Database-related configuration fields. # diff --git a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml index c5cb1ba8a..7e4a528f2 100644 --- a/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-gmessages/tasks/inject_into_nginx_proxy.yml @@ -25,11 +25,4 @@ {% endif %} } - - name: Register mautrix-gmessages metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-gmessages) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_gmessages_nginx_metrics_configuration_block] - }} +# Injection code was here diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index 1a34284f9..0d0a19259 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -67,10 +67,9 @@ matrix_mautrix_signal_federate_rooms: true # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`. matrix_mautrix_signal_metrics_enabled: false -# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-signal`. -# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. -# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +# Controls whether metrics should be proxied (exposed) on a public URL. matrix_mautrix_signal_metrics_proxying_enabled: false +# TODO - add more variables for controlling the hostname, path prefix, etc. # Database-related configuration fields. # diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 6b2d8bc84..dee3952ec 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -84,10 +84,9 @@ matrix_mautrix_twitter_logging_level: WARNING # If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_twitter_metrics_proxying_enabled`. matrix_mautrix_twitter_metrics_enabled: false -# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-twitter`. -# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. -# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +# Controls whether metrics should be proxied (exposed) on a public URL matrix_mautrix_twitter_metrics_proxying_enabled: false +# TODO - add more variables for controlling the hostname, path prefix, etc. # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml index 2efad7cdf..e4d431283 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml @@ -25,11 +25,4 @@ {% endif %} } - - name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_twitter_nginx_metrics_configuration_block] - }} +# Injection code was here diff --git a/roles/custom/matrix-nginx-proxy/defaults/main.yml b/roles/custom/matrix-nginx-proxy/defaults/main.yml index 116ed3058..def6c6360 100644 --- a/roles/custom/matrix-nginx-proxy/defaults/main.yml +++ b/roles/custom/matrix-nginx-proxy/defaults/main.yml @@ -223,59 +223,6 @@ matrix_nginx_proxy_proxy_mautrix_wsproxy_hostname: "{{ matrix_server_fqn_mautrix matrix_nginx_proxy_proxy_ntfy_enabled: false matrix_nginx_proxy_proxy_ntfy_hostname: "{{ matrix_server_fqn_ntfy }}" -# Controls whether proxying for (Prometheus) metrics (`/metrics/*`) for the various services should be done (on the matrix domain) -# If the internal Prometheus server (`matrix-prometheus` role) is used, proxying is not necessary, since Prometheus can access each container directly. -# This is only useful when an external Prometheus will be collecting metrics. -# -# To control what kind of metrics are exposed under `/metrics/` (e.g `/metrics/node-exporter`, `/metrics/postgres-exporter`, etc.), -# use `matrix_SERVICE_metrics_proxying_enabled` variables in each respective role. -# Roles inject themselves into the matrix-nginx-proxy configuration. -# -# To protect the metrics endpoints, see `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled` -matrix_nginx_proxy_proxy_matrix_metrics_enabled: false - -# Controls whether Basic Auth is enabled for all `/metrics/*` endpoints. -# -# You can provide the Basic Auth credentials in 2 ways: -# 1. A single username/password pair using `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` -# 2. Using raw content (`htpasswd`-generated file) provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` -matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled: false - -# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` specify -# the Basic Auth username/password for protecting `/metrics/*` endpoints. -# Alternatively, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`. -matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username: "" -matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password: "" - -# `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` value will be written verbatim to the htpasswd file protecting `/metrics/*` endpoints. -# Use this when a single username/password is not enough and you'd like to get more control over credentials. -# -# Read the manpage at `man 1 htpasswd` to learn more, then encrypt your password, and paste the encrypted value here. -# e.g. `htpasswd -c mypass.htpasswd prometheus` and enter `mysecurepw` when prompted yields `prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/` -# The whole thing is needed here. matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "prometheus:$apr1$wZhqsn.U$7LC3kMmjUbjNAZjyMyvYv/" -matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content: "" - -# Specifies the path to the htpasswd file holding the htpasswd credentials for protecting `/metrics/*` endpoints -# This is not meant to be modified. -matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path: "{{ matrix_nginx_proxy_data_path_in_container if matrix_nginx_proxy_enabled else matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" - -# Specifies the Apache container image to use -# when `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password` are provided. -# This image provides the `htpasswd` tool which we use for generating the htpasswd file protecting `/metrics/*`. -# To avoid using this, use `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content` instead of supplying username/password. -# Learn more in: `roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml`. -matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image: "{{ matrix_container_global_registry_prefix }}httpd:{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag }}" -# renovate: datasource=docker depName=httpd -matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag: "2.4.54-alpine3.16" -matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image_tag.endswith(':latest') }}" - -# A list of strings containing additional configuration blocks to add to the `location /metrics` configuration (matrix-domain.conf). -# Do not modify `matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks` and `matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks`. -# If you'd like to inject your own configuration blocks, use `matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks`. -matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks: "{{ matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks + matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks }}" -matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: [] -matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks: [] - # Controls whether proxying for the matrix-corporal API (`/_matrix/corporal`) should be done (on the matrix domain) matrix_nginx_proxy_proxy_matrix_corporal_api_enabled: false matrix_nginx_proxy_proxy_matrix_corporal_api_addr_with_container: "matrix-corporal:41081" diff --git a/roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml b/roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml deleted file mode 100644 index a72d26f68..000000000 --- a/roles/custom/matrix-nginx-proxy/tasks/nginx-proxy/setup_metrics_auth.yml +++ /dev/null @@ -1,60 +0,0 @@ ---- - -# When we're dealing with raw htpasswd content, we just store it in the file directly. -- name: Ensure matrix-metrics-htpasswd is present when generated from raw content (protecting /metrics/* URIs) - ansible.builtin.copy: - content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content }}" - dest: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" - owner: "{{ matrix_user_username }}" - group: "{{ matrix_user_groupname }}" - mode: 0600 - when: not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username - -# Alternatively, we need to use the `htpasswd` tool to generate the htpasswd file. -# There's an Ansible module that helps with that, but it requires passlib (a Python module) to be installed on the server. -# See: https://docs.ansible.com/ansible/2.3/htpasswd_module.html#requirements-on-host-that-executes-module -# We support various distros, with various versions of Python. Installing additional Python modules can be a hassle. -# As a workaround, we run `htpasswd` from an Apache container image. -- when: matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username != '' - block: - - name: Ensure Apache Docker image is pulled for generating matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - community.docker.docker_image: - name: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }}" - source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" - force_source: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" - force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_force_pull }}" - register: result - retries: "{{ devture_playbook_help_container_retries_count }}" - delay: "{{ devture_playbook_help_container_retries_delay }}" - until: result is not failed - - # We store the password in a file and make the `htpasswd` tool read it from there, - # as opposed to passing it directly on stdin (which will expose it to other processes on the server). - - name: Store metrics password in a temporary file - ansible.builtin.copy: - content: "{{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password }}" - dest: "/tmp/matrix-nginx-proxy-metrics-password" - mode: 0400 - owner: "{{ matrix_user_uid }}" - group: "{{ matrix_user_gid }}" - - - name: Generate matrix-metrics-htpasswd from username/password (protecting /metrics/* URIs) - ansible.builtin.command: - cmd: >- - {{ devture_systemd_docker_base_host_command_docker }} run - --rm - --user={{ matrix_user_uid }}:{{ matrix_user_gid }} - --cap-drop=ALL - --network=none - --mount type=bind,src={{ matrix_nginx_proxy_data_path }},dst=/data - --mount type=bind,src=/tmp/matrix-nginx-proxy-metrics-password,dst=/password,ro - --entrypoint=/bin/sh - {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_apache_container_image }} - -c - 'cat /password | htpasswd -i -c /data/matrix-metrics-htpasswd {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username }} && chmod 600 /data/matrix-metrics-htpasswd' - changed_when: true - - - name: Delete temporary metrics password file - ansible.builtin.file: - path: /tmp/matrix-nginx-proxy-metrics-password - state: absent diff --git a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml index 3ac058945..bea962fd1 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/setup_nginx_proxy.yml @@ -37,10 +37,6 @@ mode: 0644 when: matrix_nginx_proxy_enabled | bool -- name: Setup metrics - ansible.builtin.include_tasks: "{{ role_path }}/tasks/nginx-proxy/setup_metrics_auth.yml" - when: matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool and matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool - - name: Ensure Matrix nginx-proxy configured (generic) ansible.builtin.template: src: "{{ role_path }}/templates/nginx/conf.d/nginx-http.conf.j2" @@ -334,19 +330,8 @@ state: absent when: "not matrix_nginx_proxy_enabled | bool" -- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /_synapse/metrics URI) - ansible.builtin.file: - path: "{{ matrix_nginx_proxy_data_path }}/matrix-synapse-metrics-htpasswd" - state: absent - # This file is now generated by the matrix-synapse role and saved in the Synapse directory - name: (Cleanup) Ensure old sample prometheus.yml for external scraping is deleted ansible.builtin.file: path: "{{ matrix_base_data_path }}/external_prometheus.yml.example" state: absent - -- name: Ensure Matrix nginx-proxy htpasswd is deleted (protecting /metrics/* URIs) - ansible.builtin.file: - path: "{{ matrix_nginx_proxy_data_path }}/matrix-metrics-htpasswd" - state: absent - when: "not matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool or not matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool" diff --git a/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml index 6f96ec786..bea661183 100644 --- a/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml +++ b/roles/custom/matrix-nginx-proxy/tasks/validate_config.yml @@ -30,14 +30,6 @@ `matrix_nginx_proxy_ssl_preset` needs to be set to a known value. when: "matrix_nginx_proxy_ssl_preset not in ['modern', 'intermediate', 'old']" -- name: Fail if Basic Auth enabled for metrics, but no credentials supplied - ansible.builtin.fail: - msg: | - Enabling Basic Auth for metrics (`matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled`) requires: - - either a username/password (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username` and `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password`) - - or raw htpasswd content (provided in `matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content`) - when: "matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled | bool and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content == '' and (matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username == '' or matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password == ''))" - - when: "matrix_ssl_retrieval_method == 'lets-encrypt'" block: - name: (Deprecation) Catch and report renamed settings diff --git a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 index 9ab540746..7158708c3 100644 --- a/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 +++ b/roles/custom/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2 @@ -33,19 +33,6 @@ {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} {% endif %} - {% if matrix_nginx_proxy_proxy_matrix_metrics_enabled %} - location /metrics { - {% if matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled %} - auth_basic "protected"; - auth_basic_user_file {{ matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_path }}; - {% endif %} - - {% for configuration_block in matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks %} - {{- configuration_block }} - {% endfor %} - } - {% endif %} - {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location ^~ /_matrix/corporal { {% if matrix_nginx_proxy_enabled %} diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml index 5f83a6bff..5b6a9b87c 100644 --- a/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/defaults/main.yml @@ -17,10 +17,9 @@ matrix_prometheus_nginxlog_exporter_docker_image: "{{ matrix_prometheus_nginxlog matrix_prometheus_nginxlog_exporter_docker_image_force_pull: "{{ matrix_prometheus_nginxlog_exporter_docker_image.endswith(':latest') }}" matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled: true -# Controls whether prometheus-nginxlog-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/nginxlog`. -# This will only take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. -# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +# Controls whether prometheus-nginxlog-exporter metrics should be proxied (exposed) on a public URL matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled: false +# TODO - add more variables for controlling the hostname, path prefix, etc. # matrix_prometheus_nginxlog_exporter_dashboard_urls contains a list of URLs with Grafana dashboard definitions. # If the Grafana role is enabled, these dashboards will be downloaded. diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml index 15317de09..cbd3f9175 100644 --- a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/inject_into_nginx_proxy.yml @@ -20,12 +20,4 @@ } when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool and matrix_nginx_proxy_enabled | bool -- name: Register prometheus-nginxlog-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/nginxlog) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_prometheus_nginxlog_exporter_matrix_nginx_proxy_metrics_configuration_matrix_domain] - }} - when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool +# Injection code was here diff --git a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml index 2e308736b..009af0b9c 100644 --- a/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml +++ b/roles/custom/matrix-prometheus-nginxlog-exporter/tasks/validate_config.yml @@ -23,10 +23,3 @@ in vars.yml when: matrix_prometheus_nginxlog_exporter_docker_image_arch_check_enabled and matrix_architecture not in matrix_prometheus_nginxlog_exporter_docker_image_arch - - -- name: Fail if nginx-proxy is not set to proxy metrics while prometheus-nginxlog-exporter is - ansible.builtin.fail: - msg: > - 'matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled' is set but 'matrix_nginx_proxy_proxy_matrix_metrics_enabled' is not - when: matrix_prometheus_nginxlog_exporter_metrics_proxying_enabled | bool and not matrix_nginx_proxy_proxy_matrix_metrics_enabled | bool diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml b/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml index 30ef2c130..2b5505938 100644 --- a/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml +++ b/roles/custom/matrix-prometheus-services-proxy-connect/defaults/main.yml @@ -4,8 +4,6 @@ # Controls whether node-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/node-exporter`. -# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. -# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. matrix_prometheus_services_proxy_connect_prometheus_node_exporter_metrics_proxying_enabled: false # If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. @@ -16,8 +14,6 @@ matrix_prometheus_services_proxy_connect_prometheus_node_exporter_matrix_nginx_p # Controls whether postgres-exporter metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/postgres-exporter`. -# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. -# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. matrix_prometheus_services_proxy_connect_prometheus_postgres_exporter_metrics_proxying_enabled: false # If you are supplying your own NGINX proxy but want to use the provided exporters you will have to supply an ":" value for the containers to bind to on your host. diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml index 4c86e8aab..fbd418fc9 100644 --- a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-node-exporter/inject_into_nginx_proxy.yml @@ -16,11 +16,4 @@ {% endif %} } -- name: Register node-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/node-exporter) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_prometheus_services_proxy_connect_node_exporter_nginx_metrics_configuration_block] - }} +# Injection code was here diff --git a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml index 347960818..f8143cac1 100644 --- a/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-prometheus-services-proxy-connect/tasks/prometheus-postgres-exporter/inject_into_nginx_proxy.yml @@ -16,11 +16,4 @@ {% endif %} } -- name: Register postgres-exporter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/postgres-exporter) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_prometheus_services_proxy_connect_postgres_exporter_nginx_metrics_configuration_block] - }} +# Injection code was here diff --git a/roles/custom/matrix-synapse/defaults/main.yml b/roles/custom/matrix-synapse/defaults/main.yml index 5b8b5d3f7..b08980033 100644 --- a/roles/custom/matrix-synapse/defaults/main.yml +++ b/roles/custom/matrix-synapse/defaults/main.yml @@ -513,10 +513,8 @@ matrix_synapse_grafana_dashboard_urls: # Controls whether Synapse metrics should be proxied (exposed) on: # - `matrix.DOMAIN/metrics/synapse/main-process` for the main process # - `matrix.DOMAIN/metrics/synapse/worker/{type}-{id}` for each worker process -# -# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. -# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. matrix_synapse_metrics_proxying_enabled: false +# TODO - add variables for controlling the hostname, path prefix, etc. # Enable the Synapse manhole # See https://github.com/matrix-org/synapse/blob/master/docs/manhole.md diff --git a/roles/custom/matrix-synapse/tasks/init.yml b/roles/custom/matrix-synapse/tasks/init.yml index 0b1273c16..66539d0da 100644 --- a/roles/custom/matrix-synapse/tasks/init.yml +++ b/roles/custom/matrix-synapse/tasks/init.yml @@ -38,14 +38,7 @@ {% endif %} } - - name: Register synapse metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/main-process) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_synapse_nginx_metrics_configuration_block] - }} +# Injection code was here - name: Generate synapse worker metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) ansible.builtin.set_fact: @@ -62,12 +55,4 @@ {% endfor %} when: matrix_synapse_workers_enabled_list | length > 0 - - name: Register synapse worker metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/synapse/worker) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_synapse_worker_nginx_metrics_configuration_block] - }} - when: matrix_synapse_workers_enabled_list | length > 0 +# Injection code was here diff --git a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml index 1e2331ca8..2590664f1 100644 --- a/roles/custom/matrix_playbook_migration/tasks/validate_config.yml +++ b/roles/custom/matrix_playbook_migration/tasks/validate_config.yml @@ -64,6 +64,10 @@ - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_enabled', 'new': 'matrix_metrics_exposure_http_basic_auth_enabled'} - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_username', 'new': ''} - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_password', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_basic_auth_raw_content', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_additional_location_configuration_blocks', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks', 'new': ''} + - {'old': 'matrix_nginx_proxy_proxy_matrix_metrics_additional_user_location_configuration_blocks', 'new': ''} - {'old': 'matrix_well_known_matrix_server_enabled', 'new': 'matrix_static_files_file_matrix_server_enabled'} - {'old': 'matrix_well_known_matrix_support_enabled', 'new': 'matrix_static_files_file_matrix_support_enabled'}