Devops monitoring tool for Samourai Dojo
Project description
Prometheus openmetrics for Dojo
A devops component for monitoring your self-hosted Samourai Dojo, which can be integrated with your self-hosted SRE stack. If you don't have one set up already, this won't be useful to you. It's a simple python script that gets the JWT, calls the status endpoint, then transforms the results into prometheus metrics.
Installation and Usage
pip install --upgrade pip
pip install dojo-exporter
Define the connection parameters to your Dojo via environment variables. There are multiple ways you can set it up. One example is to create an .env
file with the following contents:
DOJO_APIKEY=<password> # Required
NET_DMZ_NGINX_IPV4=172.29.1.3 # Optional. Default value shown
DOJO_BASE_URL=http://${NET_DMZ_NGINX_IPV4} # Optional. Default value shown
METRICS_BIND=127.0.0.1 # Optional. Default value shown
METRICS_PORT=9102 # Optional. Default value shown
I would recommend running this as an unprivileged user via systemd (or anything comparable):
useradd -mb /opt -k /dev/null -s $(which nologin) dojo_exporter
Create /etc/systemd/system/dojo_exporter.service
:
[Unit]
Description=Basic openmetrics for Samourai Dojo
[Service]
User=dojo_exporter
Group=dojo_exporter
EnvironmentFile=/opt/dojo_exporter/.env
ExecStart=dojo_exporter
Restart=on-failure
RestartSec=5m
[Install]
WantedBy=multi-user.target
Development
Clone the repo and install dependencies into a local virtual environment:
git clone git@github.com/bleebl33/dojo_exporter
cd dojo_exporter
python -m venv .venv
source .venv/bin/activate
pip install --upgrade pip
pip install --editable .
dojo_exporter
Note that there is a difference between source .env
and systemd EnvironmentFile which is that you'll need to have the export keyword. i.e. export DOJO_APIKEY=<password>
Roadmap
- Include tests
- Change
print()
messages into sensible logging with configuration debug levels. - Review Dojo
/admin/dmt/status/status.js
to possibly discover more metrics. - Dockerfile
Security
This goes without saying for most cases: A number of necessary dependencies are used which causes nominal exposure to supply chain attacks. The risk would be that the Dojo apikey is leaked, which could compromise user privacy. There should be no risk of losing funds as private keys are never transmitted to the dojo. You should never run this software on a machine with a hot wallet.
Furthermore you can harden the installation by keeping it in a virtual environment, rather than installing it globally. Afterwards you can find the path of the command with which dojo_exporter
and then set your systemd service up accordingly. e.g.
ExecStart=/opt/dojo_exporter/.venv/bin/dojo_exporter
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for dojo_exporter-0.1.4-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 13328e5d06ac21f05664dafec426e7a774614623f92238b99ed9c0583655af46 |
|
MD5 | 63090d0f13fd2568bf00bc5a549a66ec |
|
BLAKE2b-256 | 9ab180025767daab900bdd188c098ac8328efdfd654599abd7dc34ffe2931364 |