nixos/modules/services/monitoring/prometheus/exporters.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227

<chapter xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="module-services-prometheus-exporters">
 <title>Prometheus exporters</title>
 <para>
  Prometheus exporters provide metrics for the
  <link xlink:href="https://prometheus.io">prometheus monitoring system</link>.
 </para>
 <section xml:id="module-services-prometheus-exporters-configuration">
  <title>Configuration</title>

  <para>
   One of the most common exporters is the
   <link xlink:href="https://github.com/prometheus/node_exporter">node
   exporter</link>, it provides hardware and OS metrics from the host it's
   running on. The exporter could be configured as follows:
<programlisting>
  services.prometheus.exporters.node = {
    enable = true;
    enabledCollectors = [
      "logind"
      "systemd"
    ];
    disabledCollectors = [
      "textfile"
    ];
    openFirewall = true;
    firewallFilter = "-i br0 -p tcp -m tcp --dport 9100";
  };
</programlisting>
   It should now serve all metrics from the collectors that are explicitly
   enabled and the ones that are
   <link xlink:href="https://github.com/prometheus/node_exporter#enabled-by-default">enabled
   by default</link>, via http under <literal>/metrics</literal>. In this
   example the firewall should just allow incoming connections to the
   exporter's port on the bridge interface <literal>br0</literal> (this would
   have to be configured seperately of course). For more information about
   configuration see <literal>man configuration.nix</literal> or search through
   the
   <link xlink:href="https://nixos.org/nixos/options.html#prometheus.exporters">available
   options</link>.
  </para>
 </section>
 <section xml:id="module-services-prometheus-exporters-new-exporter">
  <title>Adding a new exporter</title>

  <para>
   To add a new exporter, it has to be packaged first (see
   <literal>nixpkgs/pkgs/servers/monitoring/prometheus/</literal> for
   examples), then a module can be added. The postfix exporter is used in this
   example:
  </para>

  <itemizedlist>
   <listitem>
    <para>
     Some default options for all exporters are provided by
     <literal>nixpkgs/nixos/modules/services/monitoring/prometheus/exporters.nix</literal>:
    </para>
   </listitem>
   <listitem override='none'>
    <itemizedlist>
     <listitem>
      <para>
       <literal>enable</literal>
      </para>
     </listitem>
     <listitem>
      <para>
       <literal>port</literal>
      </para>
     </listitem>
     <listitem>
      <para>
       <literal>listenAddress</literal>
      </para>
     </listitem>
     <listitem>
      <para>
       <literal>extraFlags</literal>
      </para>
     </listitem>
     <listitem>
      <para>
       <literal>openFirewall</literal>
      </para>
     </listitem>
     <listitem>
      <para>
       <literal>firewallFilter</literal>
      </para>
     </listitem>
     <listitem>
      <para>
       <literal>user</literal>
      </para>
     </listitem>
     <listitem>
      <para>
       <literal>group</literal>
      </para>
     </listitem>
    </itemizedlist>
   </listitem>
   <listitem>
    <para>
     As there is already a package available, the module can now be added. This
     is accomplished by adding a new file to the
     <literal>nixos/modules/services/monitoring/prometheus/exporters/</literal>
     directory, which will be called postfix.nix and contains all exporter
     specific options and configuration:
<programlisting>
# nixpgs/nixos/modules/services/prometheus/exporters/postfix.nix
{ config, lib, pkgs, options }:

with lib;

let
  # for convenience we define cfg here
  cfg = config.services.prometheus.exporters.postfix;
in
{
  port = 9154; # The postfix exporter listens on this port by default

  # `extraOpts` is an attribute set which contains additional options
  # (and optional overrides for default options).
  # Note that this attribute is optional.
  extraOpts = {
    telemetryPath = mkOption {
      type = types.str;
      default = "/metrics";
      description = ''
        Path under which to expose metrics.
      '';
    };
    logfilePath = mkOption {
      type = types.path;
      default = /var/log/postfix_exporter_input.log;
      example = /var/log/mail.log;
      description = ''
        Path where Postfix writes log entries.
        This file will be truncated by this exporter!
      '';
    };
    showqPath = mkOption {
      type = types.path;
      default = /var/spool/postfix/public/showq;
      example = /var/lib/postfix/queue/public/showq;
      description = ''
        Path at which Postfix places its showq socket.
      '';
    };
  };

  # `serviceOpts` is an attribute set which contains configuration
  # for the exporter's systemd service. One of
  # `serviceOpts.script` and `serviceOpts.serviceConfig.ExecStart`
  # has to be specified here. This will be merged with the default
  # service confiuration.
  # Note that by default 'DynamicUser' is 'true'.
  serviceOpts = {
    serviceConfig = {
      DynamicUser = false;
      ExecStart = ''
        ${pkgs.prometheus-postfix-exporter}/bin/postfix_exporter \
          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
          --web.telemetry-path ${cfg.telemetryPath} \
          ${concatStringsSep " \\\n  " cfg.extraFlags}
      '';
    };
  };
}
</programlisting>
    </para>
   </listitem>
   <listitem>
    <para>
     This should already be enough for the postfix exporter. Additionally one
     could now add assertions and conditional default values. This can be done
     in the 'meta-module' that combines all exporter definitions and generates
     the submodules:
     <literal>nixpkgs/nixos/modules/services/prometheus/exporters.nix</literal>
    </para>
   </listitem>
  </itemizedlist>
 </section>
 <section xml:id="module-services-prometheus-exporters-update-exporter-module">
  <title>Updating an exporter module</title>
   <para>
     Should an exporter option change at some point, it is possible to add
     information about the change to the exporter definition similar to
     <literal>nixpkgs/nixos/modules/rename.nix</literal>:
<programlisting>
{ config, lib, pkgs, options }:

with lib;

let
  cfg = config.services.prometheus.exporters.nginx;
in
{
  port = 9113;
  extraOpts = {
    # additional module options
    # ...
  };
  serviceOpts = {
    # service configuration
    # ...
  };
  imports = [
    # 'services.prometheus.exporters.nginx.telemetryEndpoint' -> 'services.prometheus.exporters.nginx.telemetryPath'
    (mkRenamedOptionModule [ "telemetryEndpoint" ] [ "telemetryPath" ])

    # removed option 'services.prometheus.exporters.nginx.insecure'
    (mkRemovedOptionModule [ "insecure" ] ''
      This option was replaced by 'prometheus.exporters.nginx.sslVerify' which defaults to true.
    '')
    ({ options.warnings = options.warnings; })
  ];
}
</programlisting>
    </para>
  </section>
</chapter>