Allow binding Prometheus listener to specific address and port#2
Merged
Allow binding Prometheus listener to specific address and port#2
Conversation
We have some feature patches to prometheus-client-c which are not in upstream.
This uses an API extension in the wireapp/prometheus-client-c fork to pass a bind address into libmicrohttpd when an address is given on the command line.
…ons. This removes the processing of an optional argument to --prometheus in favour of separate --prometheus-ip and --prometheus-port options, which is more consistent with the existing code.
supersven
requested changes
Mar 28, 2022
Collaborator
supersven
left a comment
supersven
left a comment
There was a problem hiding this comment.
This is looking great! 👍
Just one comment and a question.
supersven
approved these changes
Mar 28, 2022
sysvinit
added a commit
that referenced
this pull request
Mar 29, 2022
* Update docker files to use wireapp/prometheus-client-c fork. * Add support for setting Prometheus bind address. * Refactor Prometheus bind address support to separate IP and port options. * Fix typo in Alpine Dockerfile. * Replace magic numbers with preprocessor defines in prometheus flags
sysvinit
pushed a commit
that referenced
this pull request
Nov 8, 2022
```
==6418==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x4e7530 in bcmp /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:906:10
#1 0x55463d in stun_check_message_integrity_by_key_str coturn/src/client/ns_turn_msg.c:1989:5
#2 0x554acc in stun_check_message_integrity_str coturn/src/client/ns_turn_msg.c:2008:9
#3 0x5358c0 in LLVMFuzzerTestOneInput coturn/fuzz/FuzzStun.c:37:5
#4 0x43ede3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#5 0x42a542 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#6 0x42fdec in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
#7 0x459322 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#8 0x7f4cb21790b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
#9 0x42070d in _start
Uninitialized value was created by an allocation of 'new_hmac' in the stack frame of function 'stun_check_message_integrity_by_key_str'
#0 0x5538c0 in stun_check_message_integrity_by_key_str coturn/src/client/ns_turn_msg.c:1927
```
sysvinit
added a commit
that referenced
this pull request
Nov 8, 2022
* Update docker files to use wireapp/prometheus-client-c fork. * Add support for setting Prometheus bind address. * Fix typo in Alpine Dockerfile. * Replace magic numbers with preprocessor defines in prometheus flags
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR expands coturn's Prometheus functionality to allow the IP and port the metrics listener should bind to to be explicitly specified on the command line or in the configuration file. Prior to this change, the metrics listener was hardcoded to listen on port 9641 on the wildcard address. This means the metrics endpoint might be exposed to the public internet in some configurations, which is probably not wanted, and it may not be possible to use a firewall for enforcing network policy in every environment. The ability to bind the listener to a specific IP address and port affords some granularity in setting policy to the operator.
The Dockerfiles in the repo have also been updated to use Wire's fork of
prometheus-client-c, as upstream does not provide an API for specifying a specific address to bind to at the time of writing, while our fork has a feature patch to add this functionality.