From: Mark Wielaard <mark@klomp.org>
To: "Frank Ch. Eigler" <fche@redhat.com>,
elfutils-devel@sourceware.org, amerey@redhat.com
Subject: Re: patch 5 debuginfod: prometheus metrics
Date: Fri, 15 Nov 2019 17:26:00 -0000 [thread overview]
Message-ID: <b29a9c648d32e8459cc086c06cb6f93a35b7bb39.camel@klomp.org> (raw)
In-Reply-To: <20191107090833.GB19337@redhat.com>
Hi,
On Thu, 2019-11-07 at 04:08 -0500, Frank Ch. Eigler wrote:
> This webapi extensions allows admins to hook up debuginfod to a
> prometheus-compatible monitoring system for general situational
> statistics. The metrics are simple enough that local curl requests
> can give a user a sense of what's going on. The metrics are
> documented as unstable with respect to future versions.
> +.SS /metrics
> +
> +This endpoint returns a Prometheus formatted text/plain dump of a
> +variety of statistics about the operation of the debuginfod server.
> +The exact set of metrics and their meanings may change in future
> +versions. Caution: configuration information (path names, versions)
> +may be disclosed.
Could you also add a reference to the Prometheus Exposition format. I
see it is already in a comment in the code. Best to also add it as See
also in the docs.
> .SH DATA MANAGEMENT
>
> debuginfod stores its index in an sqlite database in a densely
> packed
> @@ -291,7 +299,8 @@ a denial-of-service in terms of RAM, CPU, disk
> I/O, or network I/O.
> If this is a problem, users are advised to install debuginfod with a
> HTTPS reverse-proxy front-end that enforces site policies for
> firewalling, authentication, integrity, authorization, and load
> -control.
> +control. The \fI/metrics\fP webapi endpoint is probably not
> +appropriate for disclosure to the public.
So, should there be an option to turn it off?
> When relaying queries to upstream debuginfods, debuginfod \fBdoes not\fP
> include any particular security features. It trusts that the binaries
> diff --git a/debuginfod/debuginfod.cxx b/debuginfod/debuginfod.cxx
> index 7c7a0c5d7ef5..efe8c80fa081 100644
> --- a/debuginfod/debuginfod.cxx
> +++ b/debuginfod/debuginfod.cxx
> @@ -72,6 +72,7 @@ extern "C" {
> #include <cstring>
> #include <vector>
> #include <set>
> +#include <map>
> #include <string>
> #include <iostream>
> #include <iomanip>
> @@ -98,6 +99,14 @@ using namespace std;
> #include <sys/syscall.h>
> #endif
>
> +#ifdef __linux__
> +#define gettid() syscall(SYS_gettid)
> +#else
> +#define gettid() pthread_self()
> +#endif
You might want to rename this since newer glibc might expose gettid().
The rest of the code looks good as far as I can see.
But I would suggest you add a command line option to disable the
metrics, which would not install the metrics handler and make the
metrics update functions noops.
> diff --git a/tests/ChangeLog b/tests/ChangeLog
> index 3d50ee8623ee..156a693f8886 100644
> --- a/tests/ChangeLog
> +++ b/tests/ChangeLog
> @@ -1,3 +1,8 @@
> +2019-11-07 Frank Ch. Eigler <fche@redhat.com>
> +
> + * run-debuginfod-find.sh: Test debuginfod metrics via curl.
> + Fix federated testing, asserted by metrics.
> +
> 2019-11-06 Frank Ch. Eigler <fche@redhat.com>
>
> * run-debuginfod-find.sh: Test debuginfod -L mode. Drop
> diff --git a/tests/run-debuginfod-find.sh b/tests/run-debuginfod-find.sh
> index 644901073d75..4c3e3cb306c2 100755
> --- a/tests/run-debuginfod-find.sh
> +++ b/tests/run-debuginfod-find.sh
> @@ -181,7 +181,8 @@ sleep 3
>
> # have clients contact the new server
> export DEBUGINFOD_URLS=http://localhost:$PORT2
> -testrun ${abs_builddir}/debuginfod_build_id_find -e F/prog 1
> +rm -rf $DEBUGINFOD_CACHE_PATH
> +testrun ${abs_top_builddir}/debuginfod/debuginfod-find debuginfo $BUILDID
>
> # confirm that first server can't resolve symlinked info in L/ but second can
> BUILDID=`env LD_LIBRARY_PATH=$ldpath ${abs_builddir}/../src/readelf \
> @@ -202,6 +203,16 @@ export DEBUGINFOD_URLS="BAD http://localhost:$PORT1 localhost:$PORT1 http://loca
>
> testrun ${abs_builddir}/debuginfod_build_id_find -e F/prog2 1
>
> +########################################################################
> +
> +# Fetch some metrics, if curl program is installed
> +if which curl 2>/dev/null; then
> + curl http://localhost:$PORT1/badapi
> + curl http://localhost:$PORT1/metrics
> + curl http://localhost:$PORT2/metrics
> + curl http://localhost:$PORT1/metrics | grep -q 'http_responses_total.*result.*error'
> + curl http://localhost:$PORT2/metrics | grep -q 'http_responses_total.*result.*upstream'
> +fi
>
> ########################################################################
I think it is better to check with:
if type curl >/dev/null 2>&1; then
Which avoid executing which, which might not be installed...
Cheers,
Mark
next prev parent reply other threads:[~2019-11-15 17:26 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-28 19:04 patch 0/2 debuginfod submission Frank Ch. Eigler
2019-10-28 19:06 ` patch 1/2 debuginfod client Frank Ch. Eigler
2019-10-28 19:09 ` patch 2/2 debuginfod server etc Frank Ch. Eigler
2019-11-04 21:48 ` patch 3/3 debuginfod client interruptability Frank Ch. Eigler
2019-11-07 9:07 ` patch 4 debuginfod: symlink following mode Frank Ch. Eigler
2019-11-07 9:08 ` patch 5 debuginfod: prometheus metrics Frank Ch. Eigler
2019-11-15 17:26 ` Mark Wielaard [this message]
2019-11-15 17:58 ` Frank Ch. Eigler
2019-11-18 16:20 ` Mark Wielaard
2019-11-18 16:48 ` Frank Ch. Eigler
2019-11-19 16:13 ` Mark Wielaard
2019-11-15 16:49 ` patch 4 debuginfod: symlink following mode Mark Wielaard
2019-11-15 18:31 ` Frank Ch. Eigler
2019-11-18 16:27 ` Mark Wielaard
2019-11-15 16:16 ` patch 3/3 debuginfod client interruptability Mark Wielaard
2019-11-15 17:03 ` Aaron Merey
2019-11-15 17:35 ` Mark Wielaard
2019-11-15 18:14 ` Pedro Alves
2019-11-17 23:44 ` Mark Wielaard
2019-11-18 2:50 ` Frank Ch. Eigler
2019-11-18 9:24 ` Pedro Alves
2019-11-19 12:58 ` Mark Wielaard
2019-11-13 17:22 ` patch 2/2 debuginfod server etc Mark Wielaard
2019-11-14 11:54 ` Frank Ch. Eigler
2019-11-16 1:31 ` Mark Wielaard
2019-11-13 23:19 ` Mark Wielaard
2019-11-14 12:30 ` Frank Ch. Eigler
2019-11-18 14:17 ` Mark Wielaard
2019-11-18 18:41 ` Frank Ch. Eigler
2019-11-19 15:41 ` Mark Wielaard
2019-11-19 16:13 ` Frank Ch. Eigler
2019-11-19 20:11 ` Mark Wielaard
2019-11-19 21:15 ` Frank Ch. Eigler
2019-11-20 11:53 ` Mark Wielaard
2019-11-20 12:29 ` Frank Ch. Eigler
2019-11-21 14:16 ` Mark Wielaard
2019-11-21 15:40 ` Mark Wielaard
2019-11-21 16:01 ` Frank Ch. Eigler
2019-11-21 15:58 ` Frank Ch. Eigler
2019-11-21 16:37 ` Mark Wielaard
2019-11-21 17:18 ` Frank Ch. Eigler
2019-11-21 20:42 ` Mark Wielaard
2019-11-22 12:08 ` Mark Wielaard
2019-11-14 20:45 ` Mark Wielaard
2019-11-15 11:03 ` Mark Wielaard
2019-11-15 21:00 ` Frank Ch. Eigler
2019-11-18 15:01 ` Mark Wielaard
2019-11-15 14:40 ` Mark Wielaard
2019-11-15 19:54 ` Frank Ch. Eigler
2019-11-18 15:31 ` Mark Wielaard
2019-11-18 15:49 ` Frank Ch. Eigler
2019-11-12 11:12 ` patch 1/2 debuginfod client Mark Wielaard
2019-11-12 15:14 ` Frank Ch. Eigler
2019-11-12 21:59 ` Mark Wielaard
2019-11-14 0:33 ` Frank Ch. Eigler
2019-11-15 21:33 ` Mark Wielaard
2019-11-12 21:25 ` Mark Wielaard
2019-11-13 23:25 ` Frank Ch. Eigler
2019-11-16 0:46 ` Mark Wielaard
2019-11-16 18:53 ` Frank Ch. Eigler
2019-11-18 17:17 ` Mark Wielaard
2019-11-18 20:33 ` Frank Ch. Eigler
2019-11-19 15:57 ` Mark Wielaard
2019-11-19 16:20 ` Frank Ch. Eigler
2019-11-19 20:16 ` Mark Wielaard
2019-11-19 21:22 ` Frank Ch. Eigler
2019-11-20 12:50 ` Mark Wielaard
2019-11-20 13:30 ` Frank Ch. Eigler
2019-11-21 14:02 ` Mark Wielaard
2019-11-13 13:57 ` Mark Wielaard
2019-11-14 11:24 ` Frank Ch. Eigler
2019-11-16 0:52 ` Mark Wielaard
2019-11-16 2:28 ` Frank Ch. Eigler
2019-10-30 11:04 ` patch 0/2 debuginfod submission Mark Wielaard
2019-10-30 13:40 ` Frank Ch. Eigler
2019-10-30 14:12 ` Mark Wielaard
2019-10-30 18:11 ` Frank Ch. Eigler
2019-10-31 11:18 ` Mark Wielaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b29a9c648d32e8459cc086c06cb6f93a35b7bb39.camel@klomp.org \
--to=mark@klomp.org \
--cc=amerey@redhat.com \
--cc=elfutils-devel@sourceware.org \
--cc=fche@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).