blob: fc305ceec2832dda1e93518986050312e8368842 [file] [log] [blame]
= Geronimo Microprofile Metrics Implementation
== Artifact
[source,xml]
----
<parent>
<groupId>org.apache.geronimo</groupId>
<artifactId>geronimo-metrics</artifactId>
<version>${metrics.version}</version>
</parent>
----
== Renaming Prometheus keys
Prometheus exporter can rename metrics keys providing
a properties file in the classpath as resource `META-INF/geronimo-metrics/prometheus-mapping.properties`
or using system properties (with the prefix `geronimo.metrics.prometheus.mapping.`).
The key is the metric key (with the registry type as prefix) and the value the replacement key:
[source]
----
base\:my_metric = app:metric
----
TIP: since it is a properties format the `:` must be escaped.
The specific key `geronimo.metrics.filter.prefix` can take
a list (comma separated values) of metrics prefixes to filter (whitelist)
exported metrics.
== Controlling the metrics endpoints exposure
To activate the metrics endpoints you have to set the system property `geronimo.metrics.jaxrs.activated` to true
or configure either a role or host supported for the endpoint.
The role validation will use the JAX-RS `SecurityContext`.
It relies on the system property `geronimo.metrics.jaxrs.acceptedRoles` and it takes a comma separated list of roles.
At least one must match to let the request pass, if none is set this validation is ignored.
Note that a request without a principal will lead to a HTTP 401 whereas a request with a principal but not the right role will issue a HTTP 403.
The host validation will use the JAX-RS `UriInfo#getRequestUri`.
It relies on the system property `geronimo.metrics.jaxrs.acceptedHosts` and it takes a comma separated list of roles.
At least one must match to let the request pass, if none is set this validation is ignored.
The `<local>` value is an alias for `127.x.y.z` or `1::x` IP or `localhost`.
Configuration example:
[source]
----
-Dgeronimo.metrics.jaxrs.acceptedRoles=ops \
-Dgeronimo.metrics.jaxrs.acceptedHosts=my.remote.host
----
IMPORTANT: the default is `geronimo.metrics.jaxrs.acceptedHosts=<local>` but you can disable the endpoints using `geronimo.metrics.jaxrs.activated=false`.
=== Security
IMPORTANT: default will allow all local calls, this means that if you are behind a proxy which does not propagate the request URI properly
your `/metrics` endpoints will be public.