You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2019/03/18 21:48:48 UTC

[GitHub] [nifi] kevdoran commented on a change in pull request #3257: NIFI-5435 Prometheus /metrics http endpoint for monitoring integration

kevdoran commented on a change in pull request #3257: NIFI-5435 Prometheus /metrics http endpoint for monitoring integration
URL: https://github.com/apache/nifi/pull/3257#discussion_r266655814
 
 

 ##########
 File path: nifi-nar-bundles/nifi-prometheus-bundle/nifi-prometheus-reporting-task/src/main/java/org/apache/nifi/reporting/prometheus/PrometheusServer.java
 ##########
 @@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.reporting.prometheus;
+
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.net.HttpURLConnection;
+import java.net.InetSocketAddress;
+
+import javax.servlet.ServletException;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.nifi.controller.status.ProcessGroupStatus;
+import org.apache.nifi.logging.ComponentLog;
+import org.apache.nifi.reporting.ReportingContext;
+import org.apache.nifi.reporting.prometheus.api.PrometheusMetricsUtil;
+import org.apache.nifi.ssl.SSLContextService;
+import org.eclipse.jetty.server.Connector;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+import com.yammer.metrics.core.VirtualMachineMetrics;
+
+import io.prometheus.client.CollectorRegistry;
+import io.prometheus.client.exporter.common.TextFormat;
+
+public class PrometheusServer {
+    private static ComponentLog logger;
+    private Server server;
+    private ServletContextHandler handler;
+    private ReportingContext context;
+    private boolean sendJvmMetrics;
+    private String applicationId;
+
+    class MetricsServlet extends HttpServlet {
+        private CollectorRegistry nifiRegistry, jvmRegistry;
+        private ProcessGroupStatus rootGroupStatus;
+
+        @Override
+        protected void doGet(final HttpServletRequest req, final HttpServletResponse resp) throws ServletException, IOException {
+            logger.info("PrometheusServer Do get called");
+
+            rootGroupStatus = PrometheusServer.this.context.getEventAccess().getControllerStatus();
+            ServletOutputStream response = resp.getOutputStream();
+            OutputStreamWriter osw = new OutputStreamWriter(response);
+            nifiRegistry = PrometheusMetricsUtil.createNifiMetrics(rootGroupStatus, PrometheusServer.this.applicationId);
+            TextFormat.write004(osw, nifiRegistry.metricFamilySamples());
+
+            if (PrometheusServer.this.sendJvmMetrics == true) {
+                jvmRegistry = PrometheusMetricsUtil.createJvmMetrics(VirtualMachineMetrics.getInstance());
+                TextFormat.write004(osw, jvmRegistry.metricFamilySamples());
+            }
+
+            osw.flush();
+            osw.close();
+            response.flush();
+            response.close();
+            resp.setHeader("Content-Type", TextFormat.CONTENT_TYPE_004);
+            resp.setStatus(HttpURLConnection.HTTP_OK);
+            resp.flushBuffer();
+        }
+    }
+
+    public PrometheusServer(InetSocketAddress addr, ComponentLog logger) throws Exception {
+        PrometheusServer.logger = logger;
+        this.server = new Server(addr);
+
+        this.handler = new ServletContextHandler(server, "/metrics");
+        this.handler.addServlet(new ServletHolder(new MetricsServlet()), "/");
+        this.server.start();
+    }
+
+    public PrometheusServer(int addr, SSLContextService sslContextService, ComponentLog logger) throws Exception {
+        PrometheusServer.logger = logger;
+        this.server = new Server();
+        this.handler = new ServletContextHandler(server, "/metrics");
+        this.handler.addServlet(new ServletHolder(new MetricsServlet()), "/");
+
+        SslContextFactory sslFactory = createSslFactory(sslContextService);
+        HttpConfiguration httpsConfiguration = new HttpConfiguration();
+        httpsConfiguration.setSecureScheme("https");
+        httpsConfiguration.setSecurePort(addr);
+        httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
+
+        ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslFactory, "http/1.1"),
+            new HttpConnectionFactory(httpsConfiguration));
+        https.setPort(addr);
+        this.server.setConnectors(new Connector[]{https});
+        this.server.start();
+    }
+
+    private SslContextFactory createSslFactory(final SSLContextService sslService) {
+        SslContextFactory sslFactory = new SslContextFactory();
+        sslFactory.setNeedClientAuth(true);
+        sslFactory.setWantClientAuth(false);
 
 Review comment:
   `needClientAuth` and `wantClientAuth` cannot be set to hardcoded values. For example, in the case where the user wants the prometheus metrics endpoint to use https in transport, but not verify the client identity, both would be false. 
   
   There is an open JIRA [NIFI-1652](https://issues.apache.org/jira/browse/NIFI-1652) for allowing these values to be set in the SSLContextService. In the meantime, these need to be inferred or user-configurable. 
   
   One option is inferring `needClientAuth` based on if a truststore was configured in the SSLContext as in [ListenHTTP](https://github.com/apache/nifi/blob/0cb15cfb1a5425704a60db2d49415f745df48b1b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenHTTP.java#L244).
   
   An alternative option is to let the user specify this as in [HandleHttpRequest](https://github.com/apache/nifi/blob/0cb15cfb1a5425704a60db2d49415f745df48b1b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/HandleHttpRequest.java#L334).

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services