From 73358571eec983b9e604368f8536e4ba9aebe84f Mon Sep 17 00:00:00 2001 From: Aliaksandr Valialkin Date: Thu, 9 Feb 2023 17:51:00 -0800 Subject: [PATCH] app/vmalert: follow-up after d3c64aae8768d58781ee7e358bd7f3d8e0eb836d - Document the change at docs/CHANGELOG.md - Add `Reading rules from object storage` section to docs/vmalert.md - Add `s3` prefix to command-line flags related to the configuration of s3 and gcs clients - Explicitly mention that reading rules from object storage is supported only in enterprise version --- app/vmalert/README.md | 61 ++++++++++++++++++++++++++++++++++++++----- app/vmalert/main.go | 17 ++++++------ docs/CHANGELOG.md | 2 ++ docs/enterprise.md | 3 ++- docs/vmalert.md | 61 ++++++++++++++++++++++++++++++++++++++----- 5 files changed, 123 insertions(+), 21 deletions(-) diff --git a/app/vmalert/README.md b/app/vmalert/README.md index 5bd4335a6..b2db420f9 100644 --- a/app/vmalert/README.md +++ b/app/vmalert/README.md @@ -99,6 +99,26 @@ groups: [ - ] ``` +### Reading rules from object storage + +[Enterprise version](https://docs.victoriametrics.com/enterprise.html) of `vmalert` may read alerting and recording rules +from object storage: + +- `./bin/vmalert -rule=s3://bucket/dir/alert.rules` would read rules from the given path at S3 bucket +- `./bin/vmalert -rule=gs://bucket/bir/alert.rules` would read rules from the given path at GCS bucket + +S3 and GCS paths support only matching by prefix, e.g. `s3://bucket/dir/rule_` matches +all files with prefix `rule_` in the folder `dir`. + +The following [command-line flags](#flags) can be used for fine-tuning access to S3 and GCS: + +- `-s3.credsFilePath` - path to file with GCS or S3 credentials. Credentials are loaded from default locations if not set. +- `-s3.configFilePath` - path to file with S3 configs. Configs are loaded from default location if not set. +- `-s3.configProfile` - profile name for S3 configs. If no set, the value of the environment variable will be loaded (`AWS_PROFILE` or `AWS_DEFAULT_PROFILE`). +- `-s3.customEndpoint` - custom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set. +- `-s3.forcePathStyle` - prefixing endpoint with bucket name when set false, true by default. + + ### Groups Each group has the following attributes: @@ -907,6 +927,10 @@ The shortlist of configuration flags is the following: Address to listen for http connections. See also -httpListenAddr.useProxyProtocol (default ":8880") -httpListenAddr.useProxyProtocol Whether to use proxy protocol for connections accepted at -httpListenAddr . See https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt + -insert.maxQueueDuration duration + The maximum duration to wait in the queue when -maxConcurrentInserts concurrent insert requests are executed (default 1m0s) + -internStringMaxLen int + The maximum length for strings to intern. Lower limit may save memory at the cost of higher CPU usage. See https://en.wikipedia.org/wiki/String_interning (default 500) -loggerDisableTimestamps Whether to disable writing timestamps in logs -loggerErrorsPerSecondLimit int @@ -923,6 +947,13 @@ The shortlist of configuration flags is the following: Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC") -loggerWarnsPerSecondLimit int Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero values disable the rate limit + -maxConcurrentInserts int + The maximum number of concurrent insert requests. Default value should work for most cases, since it minimizes the memory usage. The default value can be increased when clients send data over slow networks. See also -insert.maxQueueDuration (default 8) + -memory.allowedBytes size + Allowed size of system memory VictoriaMetrics caches may occupy. This option overrides -memory.allowedPercent if set to a non-zero value. Too low a value may increase the cache miss rate usually resulting in higher CPU and disk IO usage. Too high a value may evict too much data from OS page cache resulting in higher disk IO usage + Supports the following optional suffixes for size values: KB, MB, GB, TB, KiB, MiB, GiB, TiB (default 0) + -memory.allowedPercent float + Allowed percent of system memory VictoriaMetrics caches may occupy. See also -memory.allowedBytes. Too low a value may increase cache miss rate usually resulting in higher CPU and disk IO usage. Too high a value may evict too much data from OS page cache which will result in higher disk IO usage (default 60) -metricsAuthKey string Auth key for /metrics endpoint. It must be passed via authKey query arg. It overrides httpAuth.* settings -notifier.basicAuth.password array @@ -1089,8 +1120,8 @@ The shortlist of configuration flags is the following: Optional URL to VictoriaMetrics or vminsert where to persist alerts state and recording rules results in form of timeseries. For example, if -remoteWrite.url=http://127.0.0.1:8428 is specified, then the alerts state will be written to http://127.0.0.1:8428/api/v1/write . See also -remoteWrite.disablePathAppend, '-remoteWrite.showURL'. -replay.disableProgressBar Whether to disable rendering progress bars during the replay. Progress bar rendering might be verbose or break the logs parsing, so it is recommended to be disabled when not used in interactive mode. - -replay.maxDatapointsPerQuery int - Max number of data points expected in one request. It affects the max time range for every `/query_range` request during the replay. The higher the value, the less requests will be made during replay. (default 1000) + -replay.maxDatapointsPerQuery /query_range + Max number of data points expected in one request. It affects the max time range for every /query_range request during the replay. The higher the value, the less requests will be made during replay. (default 1000) -replay.ruleRetryAttempts int Defines how many retries to make before giving up on rule if request for it returns an error. (default 5) -replay.rulesDelay duration @@ -1100,13 +1131,19 @@ The shortlist of configuration flags is the following: -replay.timeTo string The time filter in RFC3339 format to select timeseries with timestamp equal or lower than provided value. E.g. '2020-01-01T20:07:00Z' -rule array - Path to the file with alert rules. - Supports patterns. Flag can be specified multiple times. + Path to the files with alerting and/or recording rules. + Supports hierarchical patterns and regexpes. Examples: -rule="/path/to/file". Path to a single file with alerting rules - -rule="dir/*.yaml" -rule="/*.yaml". Relative path to all .yaml files in "dir" folder, - absolute path to all .yaml files in root. + -rule="dir/*.yaml" -rule="/*.yaml" -rule="gcs://vmalert-rules/tenant_%{TENANT_ID}/prod". Rule files may contain %{ENV_VAR} placeholders, which are substituted by the corresponding env vars. + + Enterprise version of vmalert supports S3 and GCS paths to rules. + For example: gs://bucket/path/to/rules, s3://bucket/path/to/rules + S3 and GCS paths support only matching by prefix, e.g. s3://bucket/dir/rule_ matches + all files with prefix rule_ in folder dir. + See https://docs.victoriametrics.com/vmalert.html#reading-rules-from-object-storage + Supports an array of values separated by comma or specified via multiple flags. -rule.configCheckInterval duration Interval for checking for changes in '-rule' files. By default the checking is disabled. Send SIGHUP signal in order to force config check for changes. DEPRECATED - see '-configCheckInterval' instead @@ -1128,6 +1165,18 @@ The shortlist of configuration flags is the following: Whether to validate rules expressions via MetricsQL engine (default true) -rule.validateTemplates Whether to validate annotation and label templates (default true) + -s3.configFilePath string + Path to file with S3 configs. Configs are loaded from default location if not set. + See https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html + -s3.configProfile string + Profile name for S3 configs. If no set, the value of the environment variable will be loaded (AWS_PROFILE or AWS_DEFAULT_PROFILE), or if both not set, DefaultSharedConfigProfile is used. This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html + -s3.credsFilePath string + Path to file with GCS or S3 credentials. Credentials are loaded from default locations if not set. + See https://cloud.google.com/iam/docs/creating-managing-service-account-keys and https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html + -s3.customEndpoint string + Custom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set. This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html + -s3.forcePathStyle + Prefixing endpoint with bucket name when set false, true by default. This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html (default true) -tls Whether to enable TLS for incoming HTTP requests at -httpListenAddr (aka https). -tlsCertFile and -tlsKeyFile must be set if -tls is set -tlsCertFile string diff --git a/app/vmalert/main.go b/app/vmalert/main.go index f669027e3..b8203d71a 100644 --- a/app/vmalert/main.go +++ b/app/vmalert/main.go @@ -28,17 +28,18 @@ import ( ) var ( - rulePath = flagutil.NewArrayString("rule", `Path to the files with alert rules. -Example: gs://bucket/path/to/rules, s3://bucket/path/to/rules, or fs:///path/to/local/rules/dir -If scheme remote storage scheme is omitted, local file system is used. -Local file system supports hierarchical patterns and regexes. -Remote file system supports only matching by prefix, e.g. s3://bucket/dir/rule_ will match all files with prefix -rule_ in folder dir. -This flag can be specified multiple times. + rulePath = flagutil.NewArrayString("rule", `Path to the files with alerting and/or recording rules. +Supports hierarchical patterns and regexpes. Examples: -rule="/path/to/file". Path to a single file with alerting rules -rule="dir/*.yaml" -rule="/*.yaml" -rule="gcs://vmalert-rules/tenant_%{TENANT_ID}/prod". -Rule files may contain %{ENV_VAR} placeholders, which are substituted by the corresponding env vars +Rule files may contain %{ENV_VAR} placeholders, which are substituted by the corresponding env vars. + +Enterprise version of vmalert supports S3 and GCS paths to rules. +For example: gs://bucket/path/to/rules, s3://bucket/path/to/rules +S3 and GCS paths support only matching by prefix, e.g. s3://bucket/dir/rule_ matches +all files with prefix rule_ in folder dir. +See https://docs.victoriametrics.com/vmalert.html#reading-rules-from-object-storage `) ruleTemplatesPath = flagutil.NewArrayString("rule.templates", `Path or glob pattern to location with go template definitions diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index e25129f16..2b61499ce 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -15,6 +15,8 @@ The following tip changes can be tested by building VictoriaMetrics components f ## tip +* FEATURE: [vmalert enterprise](https://docs.victoriametrics.com/vmalert.html): add ability to read alerting and recording rules from S3, GCS or S3-compatible object storage. See [these docs](https://docs.victoriametrics.com/vmalert.html#reading-rules-from-object-storage). + ## [v1.87.1](https://github.com/VictoriaMetrics/VictoriaMetrics/releases/tag/v1.87.1) Released at 2023-02-09 diff --git a/docs/enterprise.md b/docs/enterprise.md index 85892de5e..fb63b3b75 100644 --- a/docs/enterprise.md +++ b/docs/enterprise.md @@ -44,7 +44,8 @@ plus the following additional features: - [mTLS for cluster components](https://docs.victoriametrics.com/Cluster-VictoriaMetrics.html#mtls-protection). - [Kafka integration](https://docs.victoriametrics.com/vmagent.html#kafka-integration). - [Multitenant support in vmalert](https://docs.victoriametrics.com/vmalert.html#multitenancy). -- [Anomaly Detection Service](https://docs.victoriametrics.com/vmanomaly.html) +- [Ability to read alerting and recording rules from object storage](https://docs.victoriametrics.com/vmalert.html#reading-rules-from-object-storage). +- [Anomaly Detection Service](https://docs.victoriametrics.com/vmanomaly.html). On top of this, enterprise package of VictoriaMetrics includes the following important Enterprise features: diff --git a/docs/vmalert.md b/docs/vmalert.md index 50b2f10f9..7f2ba38ff 100644 --- a/docs/vmalert.md +++ b/docs/vmalert.md @@ -103,6 +103,26 @@ groups: [ - ] ``` +### Reading rules from object storage + +[Enterprise version](https://docs.victoriametrics.com/enterprise.html) of `vmalert` may read alerting and recording rules +from object storage: + +- `./bin/vmalert -rule=s3://bucket/dir/alert.rules` would read rules from the given path at S3 bucket +- `./bin/vmalert -rule=gs://bucket/bir/alert.rules` would read rules from the given path at GCS bucket + +S3 and GCS paths support only matching by prefix, e.g. `s3://bucket/dir/rule_` matches +all files with prefix `rule_` in the folder `dir`. + +The following [command-line flags](#flags) can be used for fine-tuning access to S3 and GCS: + +- `-s3.credsFilePath` - path to file with GCS or S3 credentials. Credentials are loaded from default locations if not set. +- `-s3.configFilePath` - path to file with S3 configs. Configs are loaded from default location if not set. +- `-s3.configProfile` - profile name for S3 configs. If no set, the value of the environment variable will be loaded (`AWS_PROFILE` or `AWS_DEFAULT_PROFILE`). +- `-s3.customEndpoint` - custom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set. +- `-s3.forcePathStyle` - prefixing endpoint with bucket name when set false, true by default. + + ### Groups Each group has the following attributes: @@ -911,6 +931,10 @@ The shortlist of configuration flags is the following: Address to listen for http connections. See also -httpListenAddr.useProxyProtocol (default ":8880") -httpListenAddr.useProxyProtocol Whether to use proxy protocol for connections accepted at -httpListenAddr . See https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt + -insert.maxQueueDuration duration + The maximum duration to wait in the queue when -maxConcurrentInserts concurrent insert requests are executed (default 1m0s) + -internStringMaxLen int + The maximum length for strings to intern. Lower limit may save memory at the cost of higher CPU usage. See https://en.wikipedia.org/wiki/String_interning (default 500) -loggerDisableTimestamps Whether to disable writing timestamps in logs -loggerErrorsPerSecondLimit int @@ -927,6 +951,13 @@ The shortlist of configuration flags is the following: Timezone to use for timestamps in logs. Timezone must be a valid IANA Time Zone. For example: America/New_York, Europe/Berlin, Etc/GMT+3 or Local (default "UTC") -loggerWarnsPerSecondLimit int Per-second limit on the number of WARN messages. If more than the given number of warns are emitted per second, then the remaining warns are suppressed. Zero values disable the rate limit + -maxConcurrentInserts int + The maximum number of concurrent insert requests. Default value should work for most cases, since it minimizes the memory usage. The default value can be increased when clients send data over slow networks. See also -insert.maxQueueDuration (default 8) + -memory.allowedBytes size + Allowed size of system memory VictoriaMetrics caches may occupy. This option overrides -memory.allowedPercent if set to a non-zero value. Too low a value may increase the cache miss rate usually resulting in higher CPU and disk IO usage. Too high a value may evict too much data from OS page cache resulting in higher disk IO usage + Supports the following optional suffixes for size values: KB, MB, GB, TB, KiB, MiB, GiB, TiB (default 0) + -memory.allowedPercent float + Allowed percent of system memory VictoriaMetrics caches may occupy. See also -memory.allowedBytes. Too low a value may increase cache miss rate usually resulting in higher CPU and disk IO usage. Too high a value may evict too much data from OS page cache which will result in higher disk IO usage (default 60) -metricsAuthKey string Auth key for /metrics endpoint. It must be passed via authKey query arg. It overrides httpAuth.* settings -notifier.basicAuth.password array @@ -1093,8 +1124,8 @@ The shortlist of configuration flags is the following: Optional URL to VictoriaMetrics or vminsert where to persist alerts state and recording rules results in form of timeseries. For example, if -remoteWrite.url=http://127.0.0.1:8428 is specified, then the alerts state will be written to http://127.0.0.1:8428/api/v1/write . See also -remoteWrite.disablePathAppend, '-remoteWrite.showURL'. -replay.disableProgressBar Whether to disable rendering progress bars during the replay. Progress bar rendering might be verbose or break the logs parsing, so it is recommended to be disabled when not used in interactive mode. - -replay.maxDatapointsPerQuery int - Max number of data points expected in one request. It affects the max time range for every `/query_range` request during the replay. The higher the value, the less requests will be made during replay. (default 1000) + -replay.maxDatapointsPerQuery /query_range + Max number of data points expected in one request. It affects the max time range for every /query_range request during the replay. The higher the value, the less requests will be made during replay. (default 1000) -replay.ruleRetryAttempts int Defines how many retries to make before giving up on rule if request for it returns an error. (default 5) -replay.rulesDelay duration @@ -1104,13 +1135,19 @@ The shortlist of configuration flags is the following: -replay.timeTo string The time filter in RFC3339 format to select timeseries with timestamp equal or lower than provided value. E.g. '2020-01-01T20:07:00Z' -rule array - Path to the file with alert rules. - Supports patterns. Flag can be specified multiple times. + Path to the files with alerting and/or recording rules. + Supports hierarchical patterns and regexpes. Examples: -rule="/path/to/file". Path to a single file with alerting rules - -rule="dir/*.yaml" -rule="/*.yaml". Relative path to all .yaml files in "dir" folder, - absolute path to all .yaml files in root. + -rule="dir/*.yaml" -rule="/*.yaml" -rule="gcs://vmalert-rules/tenant_%{TENANT_ID}/prod". Rule files may contain %{ENV_VAR} placeholders, which are substituted by the corresponding env vars. + + Enterprise version of vmalert supports S3 and GCS paths to rules. + For example: gs://bucket/path/to/rules, s3://bucket/path/to/rules + S3 and GCS paths support only matching by prefix, e.g. s3://bucket/dir/rule_ matches + all files with prefix rule_ in folder dir. + See https://docs.victoriametrics.com/vmalert.html#reading-rules-from-object-storage + Supports an array of values separated by comma or specified via multiple flags. -rule.configCheckInterval duration Interval for checking for changes in '-rule' files. By default the checking is disabled. Send SIGHUP signal in order to force config check for changes. DEPRECATED - see '-configCheckInterval' instead @@ -1132,6 +1169,18 @@ The shortlist of configuration flags is the following: Whether to validate rules expressions via MetricsQL engine (default true) -rule.validateTemplates Whether to validate annotation and label templates (default true) + -s3.configFilePath string + Path to file with S3 configs. Configs are loaded from default location if not set. + See https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html + -s3.configProfile string + Profile name for S3 configs. If no set, the value of the environment variable will be loaded (AWS_PROFILE or AWS_DEFAULT_PROFILE), or if both not set, DefaultSharedConfigProfile is used. This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html + -s3.credsFilePath string + Path to file with GCS or S3 credentials. Credentials are loaded from default locations if not set. + See https://cloud.google.com/iam/docs/creating-managing-service-account-keys and https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html . This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html + -s3.customEndpoint string + Custom S3 endpoint for use with S3-compatible storages (e.g. MinIO). S3 is used if not set. This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html + -s3.forcePathStyle + Prefixing endpoint with bucket name when set false, true by default. This flag is available only in VictoriaMetrics enterprise. See https://docs.victoriametrics.com/enterprise.html (default true) -tls Whether to enable TLS for incoming HTTP requests at -httpListenAddr (aka https). -tlsCertFile and -tlsKeyFile must be set if -tls is set -tlsCertFile string