diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml
index 832abb9e..aa0d9264 100644
--- a/.github/workflows/contributors.yml
+++ b/.github/workflows/contributors.yml
@@ -17,6 +17,10 @@ jobs:
run: git push origin --delete update-contributors
- name: Create up-to-date contributors branch
run: git checkout -B update-contributors
+ - name: Push empty contributors branch
+ run: git push origin update-contributors
+ - name: Switch back to main
+ run: git checkout main
- uses: BobAnkh/add-contributors@v0.2.2
with:
CONTRIBUTOR: "## Contributors"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4445444a..1186bad8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,6 +8,10 @@
- Boundaries between Namespaces has been removed and all nodes can communicate by default [#357](https://github.com/juanfont/headscale/pull/357)
- To limit access between nodes, use [ACLs](./docs/acls.md).
+- `/metrics` is now a configurable host:port endpoint: [#344](https://github.com/juanfont/headscale/pull/344). You must update your `config.yaml` file to include:
+ ```yaml
+ metrics_listen_addr: 127.0.0.1:9090
+ ```
### Features
diff --git a/README.md b/README.md
index fb5d9692..d9d050f6 100644
--- a/README.md
+++ b/README.md
@@ -161,6 +161,13 @@ make build
Juan Font
+
+
+ 
+
+ Adrien Raffin-Caboisse
+
+ |
@@ -176,12 +183,14 @@ make build
|
-
-
+
+ 
- Adrien Raffin-Caboisse
+ Justin Angel
|
+
+
@@ -189,8 +198,6 @@ make build
Alessandro (Ale) Segala
|
-
-
@@ -198,6 +205,13 @@ make build
unreality
|
+
+
+ 
+
+ e-zk
+
+ |
@@ -219,6 +233,8 @@ make build
Fernando De Lucchi
|
+
+
@@ -233,8 +249,6 @@ make build
Michael G.
|
-
-
@@ -263,11 +277,13 @@ make build
Stefan Majer
|
+
+
-
- 
+
+
- lachy-2849
+ fincac
|
@@ -277,8 +293,6 @@ make build
thomas
|
-
-
@@ -307,6 +321,8 @@ make build
Bryan Stenson
|
+
+
@@ -321,8 +337,6 @@ make build
Felix Yan
|
-
-
@@ -351,6 +365,8 @@ make build
Pierre Carru
|
+
+
@@ -365,8 +381,6 @@ make build
Ryan Fowler
|
-
-
@@ -395,6 +409,8 @@ make build
The Gitter Badger
|
+
+
@@ -409,8 +425,6 @@ make build
Tjerk Woudsma
|
-
-
@@ -432,13 +446,6 @@ make build
derelm
|
-
-
-
-
- e-zk
-
- |
@@ -446,6 +453,8 @@ make build
ignoramous
|
+
+
@@ -453,8 +462,6 @@ make build
lion24
|
-
-
diff --git a/acls.go b/acls.go
index 84063a17..24aadf5b 100644
--- a/acls.go
+++ b/acls.go
@@ -230,6 +230,10 @@ func expandAlias(
return []string{"*"}, nil
}
+ log.Debug().
+ Str("alias", alias).
+ Msg("Expanding")
+
if strings.HasPrefix(alias, "group:") {
namespaces, err := expandGroup(aclPolicy, alias, stripEmailDomain)
if err != nil {
@@ -293,7 +297,9 @@ func expandAlias(
return []string{cidr.String()}, nil
}
- return ips, errInvalidUserSection
+ log.Warn().Msgf("No IPs found with the alias %v", alias)
+
+ return ips, nil
}
// excludeCorrectlyTaggedNodes will remove from the list of input nodes the ones
diff --git a/app.go b/app.go
index ee38ed93..3115b994 100644
--- a/app.go
+++ b/app.go
@@ -72,6 +72,7 @@ const (
type Config struct {
ServerURL string
Addr string
+ MetricsAddr string
GRPCAddr string
GRPCAllowInsecure bool
EphemeralNodeInactivityTimeout time.Duration
@@ -467,11 +468,17 @@ func (h *Headscale) ensureUnixSocketIsAbsent() error {
return os.Remove(h.cfg.UnixSocket)
}
-func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *gin.Engine {
- router := gin.Default()
+func (h *Headscale) createPrometheusRouter() *gin.Engine {
+ promRouter := gin.Default()
prometheus := ginprometheus.NewPrometheus("gin")
- prometheus.Use(router)
+ prometheus.Use(promRouter)
+
+ return promRouter
+}
+
+func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *gin.Engine {
+ router := gin.Default()
router.GET(
"/health",
@@ -693,6 +700,27 @@ func (h *Headscale) Serve() error {
log.Info().
Msgf("listening and serving HTTP on: %s", h.cfg.Addr)
+ promRouter := h.createPrometheusRouter()
+
+ promHTTPServer := &http.Server{
+ Addr: h.cfg.MetricsAddr,
+ Handler: promRouter,
+ ReadTimeout: HTTPReadTimeout,
+ WriteTimeout: 0,
+ }
+
+ var promHTTPListener net.Listener
+ promHTTPListener, err = net.Listen("tcp", h.cfg.MetricsAddr)
+
+ if err != nil {
+ return fmt.Errorf("failed to bind to TCP address: %w", err)
+ }
+
+ errorGroup.Go(func() error { return promHTTPServer.Serve(promHTTPListener) })
+
+ log.Info().
+ Msgf("listening and serving metrics on: %s", h.cfg.MetricsAddr)
+
return errorGroup.Wait()
}
diff --git a/cmd/headscale/cli/utils.go b/cmd/headscale/cli/utils.go
index cff31f32..98ffe2ec 100644
--- a/cmd/headscale/cli/utils.go
+++ b/cmd/headscale/cli/utils.go
@@ -310,6 +310,7 @@ func getHeadscaleConfig() headscale.Config {
return headscale.Config{
ServerURL: viper.GetString("server_url"),
Addr: viper.GetString("listen_addr"),
+ MetricsAddr: viper.GetString("metrics_listen_addr"),
GRPCAddr: viper.GetString("grpc_listen_addr"),
GRPCAllowInsecure: viper.GetBool("grpc_allow_insecure"),
diff --git a/cmd/headscale/headscale_test.go b/cmd/headscale/headscale_test.go
index 5ab46e00..c971220b 100644
--- a/cmd/headscale/headscale_test.go
+++ b/cmd/headscale/headscale_test.go
@@ -55,6 +55,7 @@ func (*Suite) TestConfigLoading(c *check.C) {
// Test that config file was interpreted correctly
c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
c.Assert(viper.GetString("listen_addr"), check.Equals, "0.0.0.0:8080")
+ c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
c.Assert(viper.GetString("db_type"), check.Equals, "sqlite3")
c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite")
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
diff --git a/config-example.yaml b/config-example.yaml
index e14d1a15..c28b6089 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -16,6 +16,12 @@ server_url: http://127.0.0.1:8080
#
listen_addr: 0.0.0.0:8080
+# Address to listen to /metrics, you may want
+# to keep this endpoint private to your internal
+# network
+#
+metrics_listen_addr: 127.0.0.1:9090
+
# Address to listen for gRPC.
# gRPC is used for controlling a headscale server
# remotely with the CLI
diff --git a/docs/examples/kustomize/base/configmap.yaml b/docs/examples/kustomize/base/configmap.yaml
index 2e25e5f9..0ac2d563 100644
--- a/docs/examples/kustomize/base/configmap.yaml
+++ b/docs/examples/kustomize/base/configmap.yaml
@@ -5,4 +5,5 @@ metadata:
data:
server_url: $(PUBLIC_PROTO)://$(PUBLIC_HOSTNAME)
listen_addr: "0.0.0.0:8080"
+ metrics_listen_addr: "127.0.0.1:9090"
ephemeral_node_inactivity_timeout: "30m"
diff --git a/docs/examples/kustomize/postgres/deployment.yaml b/docs/examples/kustomize/postgres/deployment.yaml
index 75e64446..1dd88b41 100644
--- a/docs/examples/kustomize/postgres/deployment.yaml
+++ b/docs/examples/kustomize/postgres/deployment.yaml
@@ -25,6 +25,11 @@ spec:
configMapKeyRef:
name: headscale-config
key: listen_addr
+ - name: METRICS_LISTEN_ADDR
+ valueFrom:
+ configMapKeyRef:
+ name: headscale-config
+ key: metrics_listen_addr
- name: DERP_MAP_PATH
value: /vol/config/derp.yaml
- name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT
diff --git a/docs/examples/kustomize/sqlite/statefulset.yaml b/docs/examples/kustomize/sqlite/statefulset.yaml
index 050bf766..2321d39d 100644
--- a/docs/examples/kustomize/sqlite/statefulset.yaml
+++ b/docs/examples/kustomize/sqlite/statefulset.yaml
@@ -26,6 +26,11 @@ spec:
configMapKeyRef:
name: headscale-config
key: listen_addr
+ - name: METRICS_LISTEN_ADDR
+ valueFrom:
+ configMapKeyRef:
+ name: headscale-config
+ key: metrics_listen_addr
- name: DERP_MAP_PATH
value: /vol/config/derp.yaml
- name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT
diff --git a/integration_test/etc/config.yaml b/integration_test/etc/config.yaml
index 63af7ebb..f055b4ca 100644
--- a/integration_test/etc/config.yaml
+++ b/integration_test/etc/config.yaml
@@ -14,6 +14,7 @@ dns_config:
db_path: /tmp/integration_test_db.sqlite3
private_key_path: private.key
listen_addr: 0.0.0.0:8080
+metrics_listen_addr: 127.0.0.1:9090
server_url: http://headscale:8080
derp:
|