clerie/nixos-exporter
1
0
Fork 0
Code Releases Activity

Compare commits

...

7 Commits
delte ... main

Author SHA1 Message Date
clerie
d3d2f6bf5e Build for aarch64-linux 2024-08-25 14:37:20 +02:00
clerie
5e86139ee4 Bump version and add modules 2023-05-09 11:45:33 +02:00
clerie
e27202d63b Split in multiple binaries 2023-05-09 08:40:39 +02:00
clerie
1ff90d9bcc Do not build default in hydraJobs 2023-04-17 06:38:58 +02:00
clerie
7e019abec4 Add kernel changed metric 2023-03-25 16:18:36 +01:00
clerie
f3ea6ee9d5 Refactor, add NixStorePath class 2023-03-25 13:42:58 +01:00
clerie
0c468b4953 Export booted system and kernel hash as well 2023-03-23 20:55:02 +01:00
8 changed files with 375 additions and 154 deletions

1
.gitignore vendored

@ -1 +1,2 @@
/target
result

2
Cargo.lock generated

@ -450,7 +450,7 @@ dependencies = [
[[package]]
name = "nixos-exporter"
version = "0.2.0"
version = "0.6.0"
dependencies = [
"axum",
"reqwest",

2
Cargo.toml

@ -1,6 +1,6 @@
[package]
name = "nixos-exporter"
version = "0.2.0"
version = "0.6.0"
edition = "2021"
[dependencies]

154
flake.nix

@ -2,15 +2,15 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { self, nixpkgs, ... }: {
packages.x86_64-linux = let
pkgs = import nixpkgs {
system = "x86_64-linux";
};
in {
outputs = { self, nixpkgs, ... }: let
forAllSystems = f: (nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: let
pkgs = import nixpkgs { inherit system; };
in f { inherit pkgs system; } ));
in {
packages = forAllSystems ({ pkgs, system, ... }: {
nixos-exporter = pkgs.rustPlatform.buildRustPackage rec {
pname = "nixos-exporter";
version = "0.1.0";
version = "0.6.0";
src = ./.;
@ -25,15 +25,144 @@
cargoLock.lockFile = ./Cargo.lock;
};
default = self.packages.x86_64-linux.nixos-exporter;
};
default = self.packages."${system}".nixos-exporter;
});
apps.x86_64-linux = {
apps = forAllSystems ({ pkgs, system, ... }: {
nixos-exporter = {
type = "app";
program = self.packages.x86_64-linux.nixos-exporter + "/bin/nixos-exporter";
program = self.packages."${system}".nixos-exporter + "/bin/nixos-exporter";
};
nixos-validator = {
type = "app";
program = self.packages."${system}".nixos-exporter + "/bin/nixos-validator";
};
default = self.apps."${system}".nixos-exporter;
});
nixosModules = {
nixos-exporter = { config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.nixos-exporter;
in {
options = {
services.nixos-exporter = {
enable = mkEnableOption "Export NixOS status metrics";
listen = mkOption {
type = with types; nullOr str;
default = null;
description = "Interface for metrics";
example = "[::]:2345";
};
};
};
config = mkIf cfg.enable {
users.users."nixos-exporter" = {
isSystemUser = true;
group = "nixos-exporter";
};
users.groups."nixos-exporter" = {};
systemd.services."nixos-exporter" = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Restart = "always";
PrivateTmp = true;
WorkingDirectory = "/tmp";
RuntimeDirectory = "nixos-exporter";
User = "nixos-exporter";
Group = "nixos-exporter";
ExecStart = ''
${self.packages."${config.nixpkgs.system}".nixos-exporter}/bin/nixos-exporter ${optionalString (cfg.listen != null) "--listen ${escapeShellArg cfg.listen}"}
'';
};
};
};
};
nixos-validator = { config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.nixos-validator;
in {
options = {
services.nixos-validator = {
enable = mkEnableOption "Validate NixOS metrics";
listen = mkOption {
type = with types; nullOr str;
default = null;
description = "Interface for metrics";
example = "[::]:2345";
};
prometheusUrl = mkOption {
type = types.str;
description = "Url for Prometheus";
example = "https://prometheus.monitoring.clerie.de";
};
prometheusQueryTagTemplate = mkOption {
type = with types; nullOr str;
default = null;
description = "Template for Prometheus Query";
example = "instance=\"{}\"";
};
hydraUrl = mkOption {
type = types.str;
description = "Url for Hydra";
example = "https://hydra.clerie.de";
};
hydraJobTemplate = mkOption {
type = with types; nullOr str;
default = null;
description = "Template for Hydra Job Url";
example = "nixfiles/nixfiles/nixosConfigurations.{}";
};
};
};
config = mkIf cfg.enable {
users.users."nixos-validator" = {
isSystemUser = true;
group = "nixos-validator";
};
users.groups."nixos-validator" = {};
systemd.services."nixos-validator" = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
Restart = "always";
PrivateTmp = true;
WorkingDirectory = "/tmp";
RuntimeDirectory = "nixos-validator";
User = "nixos-validator";
Group = "nixos-validator";
ExecStart = ''
${self.packages."${config.nixpkgs.system}".nixos-exporter}/bin/nixos-validator ${concatStringsSep " " [
(optionalString (cfg.listen != null) "--listen ${escapeShellArg cfg.listen}")
"--prometheus-url ${escapeShellArg cfg.prometheusUrl}"
(optionalString (cfg.prometheusQueryTagTemplate != null) "--prometheus-query-tag-template ${escapeShellArg cfg.prometheusQueryTagTemplate}")
"--hydra-url ${escapeShellArg cfg.hydraUrl}"
(optionalString (cfg.hydraJobTemplate != null) "--hydra-job-template ${escapeShellArg cfg.hydraJobTemplate}")
]}
'';
};
};
};
};
default = { ... }:
{
imports = [
self.nixosModules.nixos-exporter
self.nixosModules.nixos-validator
];
};
default = self.apps.x86_64-linux.nixos-exporter;
};
hydraJobs = {
@ -42,4 +171,3 @@
};
};
}

162
src/bin/nixos-validator.rs Normal file

@ -0,0 +1,162 @@
use axum::{
extract::{State, Query},
http::StatusCode,
response::IntoResponse,
routing::get,
Router,
};
use std::collections::HashMap;
use std::net::SocketAddr;
use std::str::FromStr;
use nixos_exporter::nixos::NixStorePath;
#[derive(Clone)]
struct AppState {
listen: String,
prometheus_url: String,
prometheus_query_tag_template: String,
hydra_url: String,
hydra_job_template: String,
}
impl AppState{
pub fn new() -> Self {
Self {
listen: String::from("[::]:9152"),
prometheus_url: String::from(""),
prometheus_query_tag_template: String::from("instance=\"{}\""),
hydra_url: String::from(""),
hydra_job_template: String::from("nixfiles/nixfiles/nixosConfigurations.{}"),
}
}
pub fn is_valid(self) -> bool {
let mut valid = true;
if self.prometheus_url == String::from("") {
println!("Prometheus url is not specified");
valid = false;
}
if self.hydra_url == String::from("") {
println!("Hydra url is not specified");
valid = false;
}
return valid;
}
}
#[tokio::main]
async fn main() {
let mut app_state = AppState::new();
let mut args = std::env::args();
let _name = args.next().unwrap();
loop {
let arg = if let Some(arg) = args.next() {
arg
} else {
break;
};
match arg.as_str() {
"--help" | "-h" => {
println!("Prometheus exporter for NixOS systems");
println!("Use --listen <addr:port> bind the web service.");
println!("Output will be on /metrics endpoint. HTTP 500 if something broke while scraping.");
std::process::exit(0);
}
"--listen" => {
app_state.listen = args.next().unwrap();
}
"--prometheus-url" => {
app_state.prometheus_url = args.next().unwrap();
}
"--prometheus-query-tag-template" => {
app_state.prometheus_query_tag_template = args.next().unwrap();
}
"--hydra-url" => {
app_state.hydra_url = args.next().unwrap();
}
"--hydra-job-template" => {
app_state.hydra_job_template = args.next().unwrap();
}
unknown => {
println!("unknown option: {}", unknown);
std::process::exit(1)
}
}
}
if !app_state.clone().is_valid() {
std::process::exit(1);
}
let app = Router::new();
let app = app.route("/metrics", get(check));
let app = app.with_state(app_state.clone());
let addr = SocketAddr::from_str(&app_state.listen.clone()).unwrap();
println!("listening on http://{}", addr);
axum::Server::bind(&addr)
.serve(app.into_make_service())
.await
.unwrap();
}
async fn check(State(app_state): State<AppState>, Query(params): Query<HashMap<String, String>>) -> Result<(StatusCode, impl IntoResponse), (StatusCode, impl IntoResponse)> {
let target = params.get("target")
.ok_or_else(|| (StatusCode::NOT_FOUND, "specify target"))?;
if target.contains("\"") {
return Err((StatusCode::INTERNAL_SERVER_ERROR, "Invalid target name"));
}
let client = reqwest::Client::new();
let prometheus_req = client.get(format!("{}/api/v1/query?query=nixos_current_system_hash{{{}}}", app_state.prometheus_url, app_state.prometheus_query_tag_template.clone().replace("{}", target)))
.header("Accept", "application/json")
.send().await
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Promehteus can't get reached"))?;
if prometheus_req.status() != reqwest::StatusCode::OK {
return Err((StatusCode::NOT_FOUND, "Target does not exist in Hydra"));
}
let prometheus_body = prometheus_req.json::<serde_json::Value>().await
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Invalid response from Prometheus"))?;
let current_system_hash = prometheus_body["data"]["result"][0]["metric"]["hash"].as_str()
.ok_or_else(|| (StatusCode::INTERNAL_SERVER_ERROR, "No current metric found in Prometheus"))?;
let hydra_req = client.get(format!("{}/job/{}/latest", app_state.hydra_url, app_state.hydra_job_template.clone().replace("{}", target)))
.header("Accept", "application/json")
.send().await
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Hydra can't get reached"))?;
if hydra_req.status() != reqwest::StatusCode::OK {
return Err((StatusCode::NOT_FOUND, "Target does not exist in Hydra"));
}
let hydra_body = hydra_req.json::<serde_json::Value>().await
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Invalid response from Hydra"))?;
let nix_store_path = hydra_body["buildoutputs"]["out"]["path"].as_str()
.ok_or_else(|| (StatusCode::INTERNAL_SERVER_ERROR, "No buildoutput found in Hydra"))?;
let hydra_system_hash = NixStorePath::from_path_buf(std::path::PathBuf::from(nix_store_path))
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Invalid store path returned by Hydra"))?
.hash;
let mut status = "0";
if current_system_hash == hydra_system_hash {
status = "1";
}
return Ok((
StatusCode::OK,
format!("nixos_current_system_is_sync{{}} {}\n", status)
));
}

1
src/lib.rs Normal file

@ -0,0 +1 @@
pub mod nixos;

167
src/main.rs

@ -1,5 +1,4 @@
use axum::{
extract::{State, Query},
http::StatusCode,
response::IntoResponse,
routing::get,
@ -10,71 +9,31 @@ use std::collections::HashMap;
use std::net::SocketAddr;
use std::str::FromStr;
#[derive(Clone, PartialEq)]
enum OperationMode {
None,
Exporter,
Validator,
}
use nixos_exporter::nixos::NixStorePath;
#[derive(Clone)]
struct AppState {
listen: String,
operationmode: OperationMode,
prometheus_url: String,
prometheus_query_tag_template: String,
hydra_url: String,
hydra_job_template: String,
}
impl AppState{
pub fn new() -> Self {
Self {
listen: String::from("[::]:9152"),
operationmode: OperationMode::None,
prometheus_url: String::from(""),
prometheus_query_tag_template: String::from("instance=\"{}\""),
hydra_url: String::from(""),
hydra_job_template: String::from("nixfiles/nixfiles/nixosConfigurations.{}"),
}
}
pub fn is_valid(self) -> bool {
let mut valid = true;
if self.operationmode == OperationMode::None {
println!("operationmode is not set");
valid = false;
}
if self.prometheus_url == String::from("") && self.operationmode == OperationMode::Validator {
println!("Prometheus url is not specified");
valid = false;
}
if self.hydra_url == String::from("") && self.operationmode == OperationMode::Validator {
println!("Hydra url is not specified");
valid = false;
}
return valid;
return true;
}
}
fn parse_nix_store_path(path: std::path::PathBuf) -> Result<(String, String), String> {
let (hash, name) = path.file_name()
.ok_or_else(String::default)?
.to_str()
.ok_or_else(String::default)?
.split_once("-")
.ok_or_else(String::default)?;
return Ok((hash.to_string(), name.to_string()));
}
#[tokio::main]
async fn main() {
let mut app_state = AppState::new();
let mut args = std::env::args();
let name = args.next().unwrap();
let _name = args.next().unwrap();
loop {
let arg = if let Some(arg) = args.next() {
arg
@ -92,24 +51,6 @@ async fn main() {
"--listen" => {
app_state.listen = args.next().unwrap();
}
"--prometheus-url" => {
app_state.prometheus_url = args.next().unwrap();
}
"--prometheus-query-tag-template" => {
app_state.prometheus_query_tag_template = args.next().unwrap();
}
"--hydra-url" => {
app_state.hydra_url = args.next().unwrap();
}
"--hydra-job-template" => {
app_state.hydra_job_template = args.next().unwrap();
}
"exporter" => {
app_state.operationmode = OperationMode::Exporter;
}
"validator" => {
app_state.operationmode = OperationMode::Validator;
}
unknown => {
println!("unknown option: {}", unknown);
std::process::exit(1)
@ -121,18 +62,8 @@ async fn main() {
std::process::exit(1);
}
let mut app = Router::new();
if app_state.operationmode == OperationMode::Exporter {
println!("Running NixOS Exporter in Exporter mode");
app = app.route("/metrics", get(metrics));
} else if app_state.operationmode == OperationMode::Validator {
println!("Running NixOS Exporter in Validator mode");
app = app.route("/metrics", get(check));
} else {
println!("Run mode not specified, do {} --help", name);
std::process::exit(1);
};
let app = Router::new();
let app = app.route("/metrics", get(metrics));
let app = app.with_state(app_state.clone());
let addr = SocketAddr::from_str(&app_state.listen.clone()).unwrap();
@ -143,74 +74,32 @@ async fn main() {
.unwrap();
}
fn get_current_system() -> Result<(String, String), String> {
let symlink = std::fs::read_link("/run/current-system").map_err(|err| err.to_string())?;
let (hash, name) = parse_nix_store_path(symlink)?;
Ok((String::from(hash), String::from(name)))
}
async fn metrics() -> Result<(StatusCode, impl IntoResponse), (StatusCode, impl IntoResponse)> {
let (hash, name) = get_current_system().map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, ""))?;
let nix_store_paths = HashMap::from([
("current_system", NixStorePath::from_str_symlink("/run/current-system")
.map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err))?),
("current_system_kernel", NixStorePath::from_str_symlink("/run/current-system/kernel")
.map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err))?),
("booted_system", NixStorePath::from_str_symlink("/run/booted-system")
.map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err))?),
("booted_system_kernel", NixStorePath::from_str_symlink("/run/booted-system/kernel")
.map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err))?),
]);
let mut out = String::new();
for (infix, nix_store_path) in nix_store_paths.iter() {
out.push_str(nix_store_path.clone().to_prometheus_metric(infix.to_string())
.map_err(|err| (StatusCode::INTERNAL_SERVER_ERROR, err))?.as_str());
}
out.push_str(format!("nixos_current_system_kernel_is_booted_system_kernel{{}} {}", (
nix_store_paths.get("current_system_kernel").ok_or_else(|| (StatusCode::INTERNAL_SERVER_ERROR, String::from("")))?.hash
== nix_store_paths.get("booted_system_kernel").ok_or_else(|| (StatusCode::INTERNAL_SERVER_ERROR, String::from("")))?.hash
) as i32).as_str()
);
return Ok((
StatusCode::OK,
format!("nixos_current_system_hash{{hash=\"{}\"}} 1\nnixos_current_system_name{{name=\"{}\"}} 1\n", hash, name)
));
}
async fn check(State(app_state): State<AppState>, Query(params): Query<HashMap<String, String>>) -> Result<(StatusCode, impl IntoResponse), (StatusCode, impl IntoResponse)> {
let target = params.get("target")
.ok_or_else(|| (StatusCode::NOT_FOUND, "specify target"))?;
if target.contains("\"") {
return Err((StatusCode::INTERNAL_SERVER_ERROR, "Invalid target name"));
}
let client = reqwest::Client::new();
let prometheus_req = client.get(format!("{}/api/v1/query?query=nixos_current_system_hash{{{}}}", app_state.prometheus_url, app_state.prometheus_query_tag_template.clone().replace("{}", target)))
.header("Accept", "application/json")
.send().await
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Promehteus can't get reached"))?;
if prometheus_req.status() != reqwest::StatusCode::OK {
return Err((StatusCode::NOT_FOUND, "Target does not exist in Hydra"));
}
let prometheus_body = prometheus_req.json::<serde_json::Value>().await
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Invalid response from Hydra"))?;
let current_system_hash = prometheus_body["data"]["result"][0]["metric"]["hash"].as_str()
.ok_or_else(|| (StatusCode::INTERNAL_SERVER_ERROR, "No buildoutput found in Hydra"))?;
let hydra_req = client.get(format!("{}/job/{}/latest", app_state.hydra_url, app_state.hydra_job_template.clone().replace("{}", target)))
.header("Accept", "application/json")
.send().await
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Hydra can't get reached"))?;
if hydra_req.status() != reqwest::StatusCode::OK {
return Err((StatusCode::NOT_FOUND, "Target does not exist in Hydra"));
}
let hydra_body = hydra_req.json::<serde_json::Value>().await
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Invalid response from Hydra"))?;
let nix_store_path = hydra_body["buildoutputs"]["out"]["path"].as_str()
.ok_or_else(|| (StatusCode::INTERNAL_SERVER_ERROR, "No buildoutput found in Hydra"))?;
let (hydra_system_hash, _) = parse_nix_store_path(std::path::PathBuf::from(nix_store_path))
.map_err(|_err| (StatusCode::INTERNAL_SERVER_ERROR, "Invalid store path returned by Hydra"))?;
let mut status = "0";
if current_system_hash == hydra_system_hash {
status = "1";
}
return Ok((
StatusCode::OK,
format!("nixos_current_system_is_sync{{}} {}\n", status)
out,
));
}

40
src/nixos.rs Normal file

@ -0,0 +1,40 @@
use std::path::PathBuf;
#[derive(Clone)]
pub struct NixStorePath {
pub hash: String,
pub name: String,
}
impl NixStorePath {
pub fn from_str_symlink(path: &str) -> Result<Self, String> {
Ok(Self::from_path_buf_symlink(PathBuf::from(path))?)
}
pub fn from_path_buf_symlink(path: PathBuf) -> Result<Self, String> {
Ok(Self::from_path_buf(path.read_link().map_err(|err| err.to_string())?)?)
}
pub fn from_path_buf(path: PathBuf) -> Result<Self, String> {
let store_path_name = path.iter().nth(3)
.ok_or_else(|| String::from("Can't read store path name"))?
.to_str()
.ok_or_else(|| String::from("Failed converting store path name to string"))?
.to_string();
Ok(Self::from_store_path_name(store_path_name)?)
}
pub fn from_store_path_name(store_path_name: String) -> Result<Self, String> {
let (hash, name) = store_path_name
.split_once("-")
.ok_or_else(|| String::from("Failed splitting store path name for hash and name"))?;
Ok(Self {
hash: hash.to_string(),
name: name.to_string(),
})
}
pub fn to_prometheus_metric(self, infix: String) -> Result<String, String> {
return Ok(format!("nixos_{}_hash{{hash=\"{}\"}} 1\nnixos_{}_name{{name=\"{}\"}} 1\n", infix, self.hash, infix, self.name));
}
}