From d82d0ad84bb4cf63bb0bb04fa769d57d0f831eb5 Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Mon, 30 Jan 2023 08:50:57 +0200 Subject: [PATCH] Add _metrics_proxying_enabled variables to mautrix bridges Related to https://github.com/spantaleev/matrix-docker-ansible-deploy/pull/2427 `metrics_enabled` should only expose the metrics locally, on the container network, so that a local Prometheus can consume them. Exposing them publicly should be done via a separate toggle (`metrics_proxying_enabled`). This is how all other roles work, so this makes these mautrix roles consistent with the rest. --- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 46 +++++++++---------- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 44 +++++++++--------- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 44 +++++++++--------- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 44 +++++++++--------- .../defaults/main.yml | 7 +++ .../tasks/inject_into_nginx_proxy.yml | 44 +++++++++--------- 10 files changed, 150 insertions(+), 107 deletions(-) diff --git a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml index 7863270b..8c19139a 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/defaults/main.yml @@ -47,8 +47,15 @@ matrix_mautrix_facebook_homeserver_token: '' matrix_mautrix_facebook_federate_rooms: true # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_facebook_metrics_proxying_enabled`. matrix_mautrix_facebook_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-facebook`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_facebook_metrics_proxying_enabled: false + matrix_mautrix_facebook_bridge_permissions: | {{ {matrix_mautrix_facebook_homeserver_domain: 'user'} diff --git a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml index db4d906f..17e2b138 100644 --- a/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-facebook/tasks/inject_into_nginx_proxy.yml @@ -43,27 +43,27 @@ You can expose the container's port using the `matrix_mautrix_facebook_container_http_host_bind_port` variable. when: "not matrix_nginx_proxy_enabled | default(False) | bool" -- name: Generate mautrix-facebook metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) - ansible.builtin.set_fact: - matrix_mautrix_facebook_nginx_metrics_configuration_block: | - location /metrics/mautrix-facebook { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-facebook:8000"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } - when: matrix_mautrix_facebook_metrics_enabled | bool +- when: matrix_mautrix_facebook_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-facebook metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) + ansible.builtin.set_fact: + matrix_mautrix_facebook_nginx_metrics_configuration_block: | + location /metrics/mautrix-facebook { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-facebook:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-facebook metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_facebook_nginx_metrics_configuration_block] - }} - when: matrix_mautrix_facebook_metrics_enabled | bool + - name: Register mautrix-facebook metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-facebook) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_facebook_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml index e9b6991b..80d59162 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/defaults/main.yml @@ -48,8 +48,15 @@ matrix_mautrix_instagram_homeserver_token: '' matrix_mautrix_instagram_federate_rooms: true # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_instagram_metrics_proxying_enabled`. matrix_mautrix_instagram_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-instagram`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_instagram_metrics_proxying_enabled: false + # Database-related configuration fields. # # To use Postgres: diff --git a/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml index 90d91c6d..99a36c14 100644 --- a/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-instagram/tasks/inject_into_nginx_proxy.yml @@ -9,25 +9,27 @@ so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-instagram role. when: matrix_nginx_proxy_role_executed | default(False) | bool -- name: Generate mautrix-instagram metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) - ansible.builtin.set_fact: - matrix_mautrix_instagram_nginx_metrics_configuration_block: | - location /metrics/mautrix-instagram { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-instagram:8000"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } +- when: matrix_mautrix_instagram_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-instagram metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) + ansible.builtin.set_fact: + matrix_mautrix_instagram_nginx_metrics_configuration_block: | + location /metrics/mautrix-instagram { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-instagram:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-instagram metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_instagram_nginx_metrics_configuration_block] - }} + - name: Register mautrix-instagram metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-instagram) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_instagram_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml index fb5e49b1..8cd285ca 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/defaults/main.yml @@ -71,8 +71,15 @@ matrix_mautrix_signal_logging_level: WARNING matrix_mautrix_signal_federate_rooms: true # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_signal_metrics_proxying_enabled`. matrix_mautrix_signal_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-signal`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_signal_metrics_proxying_enabled: false + # Database-related configuration fields # # This bridge only supports postgres. diff --git a/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml index 4bb6f6bd..fe85254b 100644 --- a/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-signal/tasks/inject_into_nginx_proxy.yml @@ -9,25 +9,27 @@ so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-signal role. when: matrix_nginx_proxy_role_executed | default(False) | bool -- name: Generate mautrix-signal metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) - ansible.builtin.set_fact: - matrix_mautrix_signal_nginx_metrics_configuration_block: | - location /metrics/mautrix-signal { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-signal:8000"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } +- when: matrix_mautrix_signal_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-signal metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) + ansible.builtin.set_fact: + matrix_mautrix_signal_nginx_metrics_configuration_block: | + location /metrics/mautrix-signal { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-signal:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-signal metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_signal_nginx_metrics_configuration_block] - }} + - name: Register mautrix-signal metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-signal) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_signal_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml index 372dd4b6..8f38bb00 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/defaults/main.yml @@ -79,8 +79,15 @@ matrix_mautrix_twitter_appservice_bot_username: twitterbot matrix_mautrix_twitter_logging_level: WARNING # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_twitter_metrics_proxying_enabled`. matrix_mautrix_twitter_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-twitter`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_twitter_metrics_proxying_enabled: false + # Default configuration template which covers the generic use case. # You can customize it by controlling the various variables inside it. # diff --git a/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml index df296dc6..2efad7cd 100644 --- a/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-twitter/tasks/inject_into_nginx_proxy.yml @@ -9,25 +9,27 @@ so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-twitter role. when: matrix_nginx_proxy_role_executed | default(False) | bool -- name: Generate mautrix-twitter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) - ansible.builtin.set_fact: - matrix_mautrix_twitter_nginx_metrics_configuration_block: | - location /metrics/mautrix-twitter { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-twitter:8000"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } +- when: matrix_mautrix_twitter_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-twitter metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) + ansible.builtin.set_fact: + matrix_mautrix_twitter_nginx_metrics_configuration_block: | + location /metrics/mautrix-twitter { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-twitter:8000"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_twitter_nginx_metrics_configuration_block] - }} + - name: Register mautrix-twitter metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-twitter) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_twitter_nginx_metrics_configuration_block] + }} diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml index 6e85599a..dd628162 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/defaults/main.yml @@ -48,8 +48,15 @@ matrix_mautrix_whatsapp_logging_level: 'warn' matrix_mautrix_whatsapp_federate_rooms: true # Whether or not metrics endpoint should be enabled. +# Enabling them is usually enough for a local (in-container) Prometheus to consume them. +# If metrics need to be consumed by another (external) Prometheus server, consider exposing them via `matrix_mautrix_whatsapp_metrics_proxying_enabled`. matrix_mautrix_whatsapp_metrics_enabled: false +# Controls whether metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/mautrix-whatsapp`. +# This will only work take effect if `matrix_nginx_proxy_proxy_matrix_metrics_enabled: true`. +# See the `matrix-nginx-proxy` role for details about enabling `matrix_nginx_proxy_proxy_matrix_metrics_enabled`. +matrix_mautrix_whatsapp_metrics_proxying_enabled: false + # Database-related configuration fields. # # To use SQLite, stick to these defaults. diff --git a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml index e3fc3d16..03113dcc 100644 --- a/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml +++ b/roles/custom/matrix-bridge-mautrix-whatsapp/tasks/inject_into_nginx_proxy.yml @@ -9,25 +9,27 @@ so that the matrix-nginx-proxy role would run after the matrix-bridge-mautrix-whatsapp role. when: matrix_nginx_proxy_role_executed | default(False) | bool -- name: Generate mautrix-whatsapp metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) - ansible.builtin.set_fact: - matrix_mautrix_whatsapp_nginx_metrics_configuration_block: | - location /metrics/mautrix-whatsapp { - {% if matrix_nginx_proxy_enabled | default(False) %} - {# Use the embedded DNS resolver in Docker containers to discover the service #} - resolver 127.0.0.11 valid=5s; - set $backend "matrix-mautrix-whatsapp:8001"; - proxy_pass http://$backend/metrics; - {% else %} - return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; - {% endif %} - } +- when: matrix_mautrix_whatsapp_metrics_proxying_enabled | bool + block: + - name: Generate mautrix-whatsapp metrics proxying configuration for matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) + ansible.builtin.set_fact: + matrix_mautrix_whatsapp_nginx_metrics_configuration_block: | + location /metrics/mautrix-whatsapp { + {% if matrix_nginx_proxy_enabled | default(False) %} + {# Use the embedded DNS resolver in Docker containers to discover the service #} + resolver 127.0.0.11 valid=5s; + set $backend "matrix-mautrix-whatsapp:8001"; + proxy_pass http://$backend/metrics; + {% else %} + return 404 "matrix-nginx-proxy is disabled and no host port was bound to the container, so metrics are unavailable"; + {% endif %} + } -- name: Register mautrix-whatsapp metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) - ansible.builtin.set_fact: - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | - {{ - matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) - + - [matrix_mautrix_whatsapp_nginx_metrics_configuration_block] - }} + - name: Register mautrix-whatsapp metrics proxying configuration with matrix-nginx-proxy (matrix.DOMAIN/metrics/mautrix-whatsapp) + ansible.builtin.set_fact: + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks: | + {{ + matrix_nginx_proxy_proxy_matrix_metrics_additional_system_location_configuration_blocks | default([]) + + + [matrix_mautrix_whatsapp_nginx_metrics_configuration_block] + }}