Merge pull request #48 from czephyr/main

TLS and lockstate, fault tolerance metrics

Author: pboros

Dockerfile

@@ -1,10 +1,22 @@
-FROM --platform=amd64 ubuntu:jammy
+FROM golang:1.22 AS download-env
 
-ENV GOPATH /go
+ENV FDB_DOWNLOAD_URL="https://github.com/apple/foundationdb/releases/download"
+ENV CGO_ENABLED=1
+ENV GOOS=linux
+ENV MULTVERSIONS="6.3.23 7.1.31 7.3.59"
+ENV VERSION="7.3.59"
 
-RUN apt update && apt install -y golang wget && apt-get purge -y --auto-remove \
- && wget https://github.com/apple/foundationdb/releases/download/7.1.7/foundationdb-clients_7.1.7-1_amd64.deb \
- && dpkg -i foundationdb*.deb
+RUN for v in $MULTVERSIONS; do \
+        wget -O /tmp/libfdb_c.$v.x86_64.so $FDB_DOWNLOAD_URL/$v/libfdb_c.x86_64.so; \
+    done && \
+    wget -P /tmp/ ${FDB_DOWNLOAD_URL}/${VERSION}/foundationdb-clients_${VERSION}-1_amd64.deb && \
+    dpkg -i /tmp/foundationdb-clients_${VERSION}-1_amd64.deb && \
+    rm /tmp/foundationdb-clients_${VERSION}-1_amd64.deb
+
+FROM golang:1.22 AS build-env
+
+COPY --from=download-env /usr/include/foundationdb/fdb* /usr/include/foundationdb/
+COPY --from=download-env /usr/lib/libfdb_c.so /lib/
 
 RUN mkdir -p /go/src/github.com/tigrisdata/fdb-exporter
 WORKDIR /go/src/github.com/tigrisdata/fdb-exporter
@@ -16,15 +28,13 @@ RUN GO11MODULE=on go mod download
 
 COPY . .
 
-RUN go build -tags=release -buildvcs=false .
-
-FROM --platform=amd64 ubuntu:jammy
-
-COPY --from=0 /go/src/github.com/tigrisdata/fdb-exporter/fdb-exporter /fdb-exporter
-
-RUN apt update && apt install -y wget && apt-get purge -y --auto-remove \
- && wget https://github.com/apple/foundationdb/releases/download/7.1.7/foundationdb-clients_7.1.7-1_amd64.deb \
- && dpkg -i foundationdb*.deb \
- && chmod +x /fdb-exporter
+RUN go build -tags=release -buildvcs=false -o /tmp/fdb-exporter
 
-ENTRYPOINT [ "/fdb-exporter" ]
+FROM debian:trixie-slim
+ENV FDB_NETWORK_OPTION_IGNORE_EXTERNAL_CLIENT_FAILURES=""
+ENV FDB_NETWORK_OPTION_EXTERNAL_CLIENT_DIRECTORY=/usr/lib/
+COPY --from=download-env /tmp/libfdb*.so /usr/lib/
+COPY --from=download-env /usr/bin/fdbcli /usr/bin/
+COPY --from=download-env /usr/lib/libfdb_c.so /lib/
+COPY --from=build-env /tmp/fdb-exporter /usr/local/bin
+ENTRYPOINT ["/usr/local/bin/fdb-exporter"]

README.md

@@ -15,8 +15,10 @@
 package db
 
 import (
+	"bufio"
 	"encoding/json"
 	"os"
+	"regexp"
 	"strconv"
 
 	"github.com/rs/zerolog/log"
@@ -28,6 +30,11 @@ import (
 
 const DefaultApiVersion = "710"
 
+var (
+	tls     = false
+	netopts fdb.NetworkOptions
+)
+
 func getFdb() fdb.Database {
 	clusterFile := os.Getenv("FDB_CLUSTER_FILE")
 	if clusterFile == "" {
@@ -42,8 +49,48 @@ func getFdb() fdb.Database {
 	if err != nil {
 		log.Error().Str("FDB_API_VERSION", apiVersionStr).Msg("Could not convert api version to integer")
 	}
+	tlsCaFile := os.Getenv("FDB_TLS_CA_FILE")
+	tlsCertFile := os.Getenv("FDB_TLS_CERT_FILE")
+	tlsKeyFile := os.Getenv("FDB_TLS_KEY_FILE")
+	tlsCheckValid := os.Getenv("FDB_TLS_VERIFY_PEERS")
 
 	fdb.MustAPIVersion(apiVersion)
+	netopts = fdb.Options()
+
+	// Check TLS in clusterfile
+	tls = isTLSmode(&clusterFile)
+	if tls {
+		// TLS params for fdbclient
+		if len(tlsCaFile) > 0 {
+			err := netopts.SetTLSCaPath(tlsCaFile)
+			if err != nil {
+				log.Error().Err(err).Str("msg", "Error cannot set CA").Msg("TLS CA error")
+			}
+			log.Info().Str("msg", "TLS CA File").Str("fdb.tls-ca-file", tlsCaFile).Msg("TLS CA file set")
+		}
+
+		if len(tlsCertFile) > 0 {
+			err := netopts.SetTLSCertPath(tlsCertFile)
+			if err != nil {
+				log.Error().Err(err).Str("msg", "Error cannot set Cert").Msg("TLS Cert error")
+			}
+			log.Info().Str("msg", "TLS Cert File").Str("fdb.tls-cert-file", tlsCertFile).Msg("TLS cert file set")
+		}
+
+		if len(tlsKeyFile) > 0 {
+			err := netopts.SetTLSKeyPath(tlsKeyFile)
+			if err != nil {
+				log.Error().Err(err).Str("msg", "Error cannot set Key").Msg("TLS Key error")
+			}
+			log.Info().Str("msg", "TLS Private Key").Str("fdb.tls-key-file", tlsKeyFile).Msg("TLS private key set")
+		}
+
+		err := netopts.SetTLSVerifyPeers([]byte(tlsCheckValid))
+		if err != nil {
+			log.Error().Err(err).Str("msg", "Error cannot set VerifyPeers").Msg("TLS VerifyPeers error")
+		}
+		log.Info().Str("msg", "TLS VerifyPeers").Str("fdb.tls-check-valid", tlsCheckValid).Msg("TLS VerifyPeers set")
+	}
 	db, err := fdb.OpenDatabase(clusterFile)
 	if err != nil {
 		log.Error().Str("cluster_file", clusterFile).Msg("failed to open database using cluster file")
@@ -73,3 +120,31 @@ func GetStatus() (*models.FullStatus, error) {
 	}
 	return &status, nil
 }
+
+func isTLSmode(c *string) bool {
+	// Find if must run in TLS mode
+	file, err := os.Open(*c)
+	if err != nil {
+		log.Fatal().Err(err).Msgf("failed to open %s", *c)
+	}
+
+	scanner := bufio.NewScanner(file)
+	scanner.Split(bufio.ScanLines)
+	var text []string
+
+	for scanner.Scan() {
+		text = append(text, scanner.Text())
+	}
+
+	// The method os.File.Close() is called
+	// on the os.File object to close the file
+	file.Close()
+
+	// and then a loop iterates through
+	// and prints each of the slice values.
+	for _, eachLn := range text {
+		//docker:[email protected]:4500:tls
+		tls, err = regexp.Match(`[0-9]+:tls`, []byte(eachLn))
+	}
+	return tls
+}

db/conn.go

@@ -3,7 +3,7 @@ module github.com/tigrisdata/fdb-exporter
 go 1.18
 
 require (
-	github.com/apple/foundationdb/bindings/go v0.0.0-20220521054011-a88e049b28d8
+	github.com/apple/foundationdb/bindings/go v0.0.0-20231025163521-0301045e333a
 	github.com/m3db/prometheus_client_golang v1.12.8
 	github.com/rs/zerolog v1.28.0
 	github.com/stretchr/testify v1.8.1

go.mod

@@ -40,6 +40,10 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/apple/foundationdb/bindings/go v0.0.0-20220521054011-a88e049b28d8 h1:B1KM1sz2bMjLThSQZSg+2kE2OBFMbtGdDcekqj0t2z0=
 github.com/apple/foundationdb/bindings/go v0.0.0-20220521054011-a88e049b28d8/go.mod h1:w63jdZTFCtvdjsUj5yrdKgjxaAD5uXQX6hJ7EaiLFRs=
+github.com/apple/foundationdb/bindings/go v0.0.0-20231025163521-0301045e333a h1:dBykmcZ1/zh36vj9aPC/6FXS4fx0OoPpAkHuqTwDJyw=
+github.com/apple/foundationdb/bindings/go v0.0.0-20231025163521-0301045e333a/go.mod h1:OMVSB21p9+xQUIqlGizHPZfjK+SHws1ht+ZytVDoz9U=
+github.com/apple/foundationdb/bindings/go v0.0.0-20250221231555-5140696da2df h1:XlE/l8moueBRTJr7xt0/9f0HJ1FaLupzguIKoj0a74g=
+github.com/apple/foundationdb/bindings/go v0.0.0-20250221231555-5140696da2df/go.mod h1:OMVSB21p9+xQUIqlGizHPZfjK+SHws1ht+ZytVDoz9U=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=

go.sum

@@ -49,6 +49,7 @@ func (d *DataMetricGroup) GetMetrics(status *models.FullStatus) {
 		"total_disk_used_bytes":                      status.Cluster.Data.TotalDiskUsedBytes,
 		"total_kv_size_bytes":                        status.Cluster.Data.TotalKvSizeBytes,
 		"min_replicas_remaining":                     status.Cluster.Data.State.MinReplicasRemaining,
+		"state_health":                               status.Cluster.Data.State.Healthy,
 		"missing_data":                               missingData,
 	}
 	SetMultipleGauges(scope, metrics, GetBaseTags())

metrics/group_data.go

@@ -0,0 +1,38 @@
+// Copyright 2022-2023 Tigris Data, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metrics
+
+import (
+	"github.com/rs/zerolog/log"
+	"github.com/tigrisdata/fdb-exporter/models"
+)
+
+type DbClusterFaultTolerance struct {
+	metricGroup
+}
+
+func NewDbClusterFaultTolerance(info *MetricReporter) *DbClusterFaultTolerance {
+	return &DbClusterFaultTolerance{*newMetricGroup("fault_tolerance", info.GetScopeOrExit("cluster"), info)}
+}
+
+func (d *DbClusterFaultTolerance) GetMetrics(status *models.FullStatus) {
+	scope := d.GetScopeOrExit("default")
+	if !isValidClusterFaultTolerance(status) {
+		log.Error().Msg("failed to get database fault tolerance")
+		return
+	}
+	SetGauge(scope, "zone_failures_availability", GetBaseTags(), status.Cluster.FaultTolerance.MaxZoneFailuresWithoutLosingAvailability)
+	SetGauge(scope, "zone_failures_data", GetBaseTags(), status.Cluster.FaultTolerance.MaxZoneFailuresWithoutLosingData)
+}

metrics/group_fault_tolerance.go

@@ -0,0 +1,37 @@
+// Copyright 2022-2023 Tigris Data, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package metrics
+
+import (
+	"github.com/rs/zerolog/log"
+	"github.com/tigrisdata/fdb-exporter/models"
+)
+
+type DbClusterLock struct {
+	metricGroup
+}
+
+func NewDbClusterLock(info *MetricReporter) *DbClusterLock {
+	return &DbClusterLock{*newMetricGroup("lockstate", info.GetScopeOrExit("cluster"), info)}
+}
+
+func (d *DbClusterLock) GetMetrics(status *models.FullStatus) {
+	scope := d.GetScopeOrExit("default")
+	if !isValidClusterLockState(status) {
+		log.Error().Msg("failed to get database lock_state")
+		return
+	}
+	SetGauge(scope, "locked", GetBaseTags(), status.Cluster.DatabaseLockState.Locked)
+}

metrics/group_lockstate.go

@@ -75,6 +75,8 @@ func NewMetricReporter() *MetricReporter {
 	m.groups = []Collectable{
 		NewCoordinatorMetricGroup(&m),
 		NewDbStatusMetricGroup(&m),
+		NewDbClusterFaultTolerance(&m),
+		NewDbClusterLock(&m),
 		NewWorkloadOperationsMetricGroup(&m),
 		NewWorkloadTransactionsMetricGroup(&m),
 		NewWorkloadKeysMetricGroup(&m),

metrics/metric_reporter.go

@@ -16,6 +16,20 @@ package metrics
 
 import "github.com/tigrisdata/fdb-exporter/models"
 
+func isValidClusterLockState(status *models.FullStatus) bool {
+	if status == nil || status.Cluster == nil || status.Cluster.DatabaseLockState == nil {
+		return false
+	}
+	return true
+}
+
+func isValidClusterFaultTolerance(status *models.FullStatus) bool {
+	if status == nil || status.Cluster == nil || status.Cluster.FaultTolerance == nil {
+		return false
+	}
+	return true
+}
+
 func isValidClusterData(status *models.FullStatus) bool {
 	if status == nil || status.Cluster == nil || status.Cluster.Data == nil {
 		return false