sliding sync metrics support

docs/configuring-playbook-prometheus-grafana.md

@@ -79,6 +79,8 @@ Name | Description
 `prometheus_postgres_exporter_enabled`|Set this to `true` to enable the [Postgres exporter](configuring-playbook-prometheus-postgres.md) (locally, on the container network)
 `prometheus_postgres_exporter_container_labels_traefik_enabled`|Set this to `true` to expose the [Postgres exporter](configuring-playbook-prometheus-postgres.md) metrics on `https://matrix.DOMAIN/metrics/postgres-exporter`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `matrix_prometheus_nginxlog_exporter_enabled`|Set this to `true` to enable the [NGINX Log exporter](configuring-playbook-prometheus-nginxlog.md) (locally, on the container network)
+`matrix_sliding_sync_metrics_enabled`|Set this to `true` to make [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) expose metrics (locally, on the container network)
+`matrix_sliding_sync_metrics_proxying_enabled`|Set this to `true` to expose the [Sliding Sync](configuring-playbook-sliding-sync-proxy.md) metrics on `https://matrix.DOMAIN/metrics/sliding-sync`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `matrix_bridge_hookshot_metrics_enabled`|Set this to `true` to make [Hookshot](configuring-playbook-bridge-hookshot.md) expose metrics (locally, on the container network)
 `matrix_bridge_hookshot_metrics_proxying_enabled`|Set this to `true` to expose the [Hookshot](configuring-playbook-bridge-hookshot.md) metrics on `https://matrix.DOMAIN/metrics/hookshot`. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above.
 `matrix_SERVICE_metrics_proxying_enabled`|Various other services/roles may provide similar `_metrics_enabled` and `_metrics_proxying_enabled` variables for exposing their metrics. Refer to each role for details. To password-protect the metrics, see `matrix_metrics_exposure_http_basic_auth_users` above or `matrix_SERVICE_container_labels_metrics_middleware_basic_auth_enabled`/`matrix_SERVICE_container_labels_metrics_middleware_basic_auth_users` variables provided by each role.

group_vars/matrix_servers

@@ -4941,6 +4941,9 @@ matrix_sliding_sync_container_labels_traefik_docker_network: "{{ matrix_playbook
 matrix_sliding_sync_container_labels_traefik_entrypoints: "{{ devture_traefik_entrypoint_primary }}"
 matrix_sliding_sync_container_labels_traefik_tls_certResolver: "{{ devture_traefik_certResolver_primary }}"
 
+matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: "{{ matrix_metrics_exposure_http_basic_auth_enabled }}"
+matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: "{{ matrix_metrics_exposure_http_basic_auth_users }}"
+
 matrix_sliding_sync_systemd_required_services_list_auto: |
   {{
     matrix_homeserver_systemd_services_list
@@ -4954,7 +4957,13 @@ matrix_sliding_sync_environment_variable_syncv3_secret: "{{ '%s' | format(matrix
 matrix_sliding_sync_database_hostname: "{{ devture_postgres_connection_hostname if devture_postgres_enabled else '' }}"
 matrix_sliding_sync_database_password: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'ss.db', rounds=655555) | to_uuid }}"
 
-######################################################################
+matrix_sliding_sync_metrics_enabled: "{{ prometheus_enabled or matrix_metrics_exposure_enabled }}"
+
+matrix_sliding_sync_metrics_proxying_enabled: "{{ matrix_sliding_sync_metrics_enabled and matrix_metrics_exposure_enabled }}"
+matrix_sliding_sync_metrics_proxying_hostname: "{{ matrix_metrics_exposure_hostname }}"
+matrix_sliding_sync_metrics_proxying_path_prefix: "{{ matrix_metrics_exposure_path_prefix }}/sliding-sync"
+
+#####################################################################
 #
 # /matrix-sliding-sync
 #

roles/custom/matrix-sliding-sync/defaults/main.yml

@@ -38,6 +38,16 @@ matrix_sliding_sync_container_network: ''
 # Use this to expose this container to another reverse proxy, which runs in a different container network.
 matrix_sliding_sync_container_additional_networks: []
 
+# Enable the exposure of metrics to Prometheus
+# See https://github.com/matrix-org/sliding-sync/tree/main/grafana
+matrix_sliding_sync_metrics_enabled: false
+matrix_sliding_sync_metrics_port: 2112
+
+# Controls whether Sliding Sync metrics should be proxied (exposed) on `matrix.DOMAIN/metrics/sliding-sync`
+matrix_sliding_sync_metrics_proxying_enabled: false
+matrix_sliding_sync_metrics_proxying_hostname: ''
+matrix_sliding_sync_metrics_proxying_path: /metrics/sliding-sync
+
 # matrix_sliding_sync_container_labels_traefik_enabled controls whether labels to assist a Traefik reverse-proxy will be attached to the container.
 # See `../templates/labels.j2` for details.
 #
@@ -53,6 +63,18 @@ matrix_sliding_sync_container_labels_traefik_entrypoints: web-secure
 matrix_sliding_sync_container_labels_traefik_tls: "{{ matrix_sliding_sync_container_labels_traefik_entrypoints != 'web' }}"
 matrix_sliding_sync_container_labels_traefik_tls_certResolver: default  # noqa var-naming
 
+# Controls whether labels will be added that expose metrics (see `matrix_sliding_sync_metrics_proxying_enabled`) for Sliding Sync
+matrix_sliding_sync_container_labels_public_metrics_enabled: "{{ matrix_sliding_sync_metrics_enabled and matrix_sliding_sync_metrics_proxying_enabled }}"
+matrix_sliding_sync_container_labels_public_metrics_traefik_path: "{{ matrix_sliding_sync_metrics_proxying_path }}"
+matrix_sliding_sync_container_labels_public_metrics_traefik_rule: "Host(`{{ matrix_sliding_sync_metrics_proxying_hostname }}`) && Path(`{{ matrix_sliding_sync_container_labels_public_metrics_traefik_path }}`)"
+matrix_sliding_sync_container_labels_public_metrics_traefik_priority: 0
+matrix_sliding_sync_container_labels_public_metrics_traefik_entrypoints: "{{ matrix_sliding_sync_container_labels_traefik_entrypoints }}"
+matrix_sliding_sync_container_labels_public_metrics_traefik_tls: "{{ matrix_sliding_sync_container_labels_public_metrics_traefik_entrypoints != 'web' }}"
+matrix_sliding_sync_container_labels_public_metrics_traefik_tls_certResolver: "{{ matrix_sliding_sync_container_labels_traefik_tls_certResolver }}"  # noqa var-naming
+matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled: false
+# See: https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
+matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users: ''
+
 # Controls which additional headers to attach to all HTTP responses.
 # To add your own headers, use `matrix_sliding_sync_container_labels_traefik_additional_response_headers_custom`
 matrix_sliding_sync_container_labels_traefik_additional_response_headers: "{{ matrix_sliding_sync_container_labels_traefik_additional_response_headers_auto | combine(matrix_sliding_sync_container_labels_traefik_additional_response_headers_custom) }}"
@@ -89,6 +111,9 @@ matrix_sliding_sync_environment_variable_syncv3_secret: ''
 # Controls the SYNCV3_DB environment variable
 matrix_sliding_sync_environment_variable_syncv3_db: 'user={{ matrix_sliding_sync_database_username }} password={{ matrix_sliding_sync_database_password }} host={{ matrix_sliding_sync_database_hostname }} port={{ matrix_sliding_sync_database_port }} dbname={{ matrix_sliding_sync_database_name }} sslmode={{ matrix_sliding_sync_database_sslmode }}'
 
+# Controls the SYNCV3_PROM environment variable
+matrix_sliding_sync_environment_variable_syncv3_prom: ':{{ matrix_sliding_sync_metrics_port }}'
+
 # Additional environment variables.
 matrix_sliding_sync_environment_variables_additional_variables: ''
 

roles/custom/matrix-sliding-sync/tasks/validate_config.yml

@@ -3,11 +3,13 @@
   ansible.builtin.fail:
     msg: >
       You need to define a required configuration setting (`{{ item.name }}`).
-  when: "vars[item] == ''"
+  when: "item.when | bool and vars[item.name] == ''"
   with_items:
-    - matrix_sliding_sync_hostname
-    - matrix_sliding_sync_path_prefix
-    - matrix_sliding_sync_database_hostname
-    - matrix_sliding_sync_environment_variable_syncv3_server
-    - matrix_sliding_sync_environment_variable_syncv3_secret
-    - matrix_sliding_sync_container_network
+    - {'name': 'matrix_sliding_sync_hostname', when: true}
+    - {'name': 'matrix_sliding_sync_path_prefix', when: true}
+    - {'name': 'matrix_sliding_sync_database_hostname', when: true}
+    - {'name': 'matrix_sliding_sync_environment_variable_syncv3_server', when: true}
+    - {'name': 'matrix_sliding_sync_environment_variable_syncv3_secret', when: true}
+    - {'name': 'matrix_sliding_sync_container_network', when: true}
+    - {'name': 'matrix_sliding_sync_metrics_proxying_hostname', when: "{{ matrix_sliding_sync_metrics_proxying_enabled }}"}
+    - {'name': 'matrix_sliding_sync_metrics_proxying_path_prefix', when: "{{ matrix_sliding_sync_metrics_proxying_enabled }}"}

roles/custom/matrix-sliding-sync/templates/env.j2

@@ -3,4 +3,8 @@ SYNCV3_SECRET={{ matrix_sliding_sync_environment_variable_syncv3_secret }}
 SYNCV3_BINDADDR=:8008
 SYNCV3_DB={{ matrix_sliding_sync_environment_variable_syncv3_db }}
 
+{% if matrix_sliding_sync_metrics_enabled %}
+SYNCV3_PROM={{ matrix_sliding_sync_environment_variable_syncv3_prom }}
+{% endif %}
+
 {{ matrix_sliding_sync_environment_variables_additional_variables }}

roles/custom/matrix-sliding-sync/templates/labels.j2

@@ -6,6 +6,7 @@ traefik.docker.network={{ matrix_sliding_sync_container_labels_traefik_docker_ne
 {% endif %}
 
 traefik.http.services.matrix-sliding-sync.loadbalancer.server.port=8008
+traefik.http.services.matrix-sliding-sync-metrics.loadbalancer.server.port={{ matrix_sliding_sync_metrics_port }}
 
 {% set middlewares = [] %}
 
@@ -41,6 +42,36 @@ traefik.http.routers.matrix-sliding-sync.tls={{ matrix_sliding_sync_container_la
 traefik.http.routers.matrix-sliding-sync.tls.certResolver={{ matrix_sliding_sync_container_labels_traefik_tls_certResolver }}
 {% endif %}
 
+{% if matrix_sliding_sync_container_labels_public_metrics_enabled %}
+{% set metrics_middlewares = [] %}
+
+{% if matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_enabled %}
+{% set metrics_middlewares = metrics_middlewares + ['matrix-sliding-sync-metrics-basic-auth'] %}
+traefik.http.middlewares.matrix-sliding-sync-metrics-basic-auth.basicauth.users={{ matrix_sliding_sync_container_labels_public_metrics_middleware_basic_auth_users }}
+{% endif %}
+
+{% set metrics_middlewares = metrics_middlewares + ['matrix-sliding-sync-metrics-replacepath'] %}
+traefik.http.middlewares.matrix-sliding-sync-metrics-replacepath.replacepath.path=/metrics
+
+traefik.http.routers.matrix-sliding-sync-metrics.rule={{ matrix_sliding_sync_container_labels_public_metrics_traefik_rule }}
+
+{% if metrics_middlewares | length > 0 %}
+traefik.http.routers.matrix-sliding-sync-metrics.middlewares={{ metrics_middlewares | join(',') }}
+{% endif %}
+
+{% if matrix_sliding_sync_container_labels_public_metrics_traefik_priority | int > 0 %}
+traefik.http.routers.matrix-sliding-sync-metrics.priority={{ matrix_sliding_sync_container_labels_public_metrics_traefik_priority }}
+{% endif %}
+
+traefik.http.routers.matrix-sliding-sync-metrics.service=matrix-sliding-sync-metrics
+traefik.http.routers.matrix-sliding-sync-metrics.entrypoints={{ matrix_sliding_sync_container_labels_public_metrics_traefik_entrypoints }}
+
+traefik.http.routers.matrix-sliding-sync-metrics.tls={{ matrix_sliding_sync_container_labels_public_metrics_traefik_tls | to_json }}
+{% if matrix_sliding_sync_container_labels_public_metrics_traefik_tls %}
+traefik.http.routers.matrix-sliding-sync-metrics.tls.certResolver={{ matrix_sliding_sync_container_labels_public_metrics_traefik_tls_certResolver }}
+{% endif %}
+{% endif %}
+
 {% endif %}
 
 {{ matrix_sliding_sync_container_labels_additional_labels }}