How to monitor MAAS

We aim to make MAAS observable, a system in which the internal state can be estimated using only telemetry data. We now offer easier integration with Prometheus and Loki, which are the data ingestion components of the popular Grafana / Prometheus / Loki / AlarmManager stack. This data should be consumed by a stack composed of off-the-shelf open source software, provided by either Juju (for example with the Canonical Observability Stack) or third-parties (SaaS, self-managed).

In this document, you will learn:

• About MAAS observability
• How to configure and use MAAS observability features

About MAAS observability

Depicted below we have a reference observability stack composed of Prometheus (metrics ingestion and alerting based on metrics), Loki (log ingestion and alerting based on logs), Grafana (visualisation), Alertmanager (notification routing and dispatching) and Grafana Agent (telemetry collector).

This document shows how to configure this stack to consume telemetry and to raise alerts of failures.

MAAS observability requirements

• a Ubuntu host with MAAS 3.2+ running
• a Ubuntu host with enough storage capacity to hold logs and metrics’ time-series

Both hosts require Internet access during the install process. We use LXD to create this setup in a single host, but it’s optional. When configuring the stack for a production environment, we advise you to read the Prometheus and Loki documentation to improve security and performance.

How to use MAAS observability features

Observing MAAS requires three steps: configuring the tool stack, exporting the telemetry, and then verifying that everything is working properly. This section will show you:

• How to configure the observability stack
• How to export MAAS controller telemetry
• How to verify correct operation

How to configure the observability stack

Create a VM with the following script to install all required software.

export LXD_NET=virbr0
export GRAFANA_REPOS=https://packages.grafana.com/oss/deb
export GRAFANA_KEY=https://packages.grafana.com/gpg.key
export LOKI_PKG=https://github.com/grafana/loki/releases/download/v2.4.2/loki-linux-amd64.zip
export PROM_PKG=https://github.com/prometheus/prometheus/releases/download/v2.31.1/prometheus-2.31.1.linux-amd64.tar.gz
export PROM_ALERT_PKG=https://github.com/prometheus/alertmanager/releases/download/v0.23.0/alertmanager-0.23.0.linux-amd64.tar.gz

cat <<EOF | lxc launch ubuntu: o11y
config:
    user.user-data: |
        #cloud-config
        apt:
            sources:
                grafana:
                    source: 'deb ${GRAFANA_REPOS} stable main'
                    key: |
$(wget -qO- ${GRAFANA_KEY} | sed 's/^/                        /')
        packages:
        - unzip
        - grafana
        - make
        - git
        - python3-pip
        runcmd:
        - mkdir -p /opt/prometheus /opt/loki /opt/alertmanager
        - wget -q "${LOKI_PKG}" -O /tmp/loki-linux-amd64.zip
        - unzip /tmp/loki-linux-amd64.zip -d /opt/loki
        - chmod a+x /opt/loki/loki-linux-amd64
        - wget -qO- "${PROM_PKG}" | tar xz --strip-components=1 -C /opt/prometheus
        - wget -qO- "${PROM_ALERT_PKG}" | tar xz --strip-components=1 -C /opt/alertmanager
        - cat /dev/zero | sudo -u ubuntu -- ssh-keygen -q -N ""
        ssh_authorized_keys:
        - $(cat ${HOME}/.ssh/id_rsa.pub | cut -d' ' -f1-2)
description: O11y stack
devices:
    eth0:
        type: nic
        name: eth0
        network: ${LXD_NET}
EOF

# log into the VM
lxc shell 011y

Next, you have to configure and start four services, include Prometheus, Loki, AlertManager, and Grafana. This subsection will teach you:

• How to configure and start the Prometheus service
• How to configure and start the Loki service
• How to start the AlertManager
• How to start Grafana

Once these services are started, you can proceed to export telemetry data and see how your observability tools are working.

How to configure and start the Prometheus service

Create the Prometheus configuration.

cat > /opt/prometheus/prometheus.yaml <<EOF
global:
  evaluation_interval: 1m
rule_files:
  - /var/lib/prometheus/rules/maas/*.yml
alerting:
  alertmanagers:
    - static_configs:
      - targets:
        - localhost:9093
EOF

MAAS has a git repository of curated alert rules for Prometheus. Checkout this repository, compile the rules and copy them to prometheus directory.

git clone https://github.com/canonical/maas-prometheus-alert-rules.git
cd maas-prometheus-alert-rules
make python-deps groups

mkdir -p /var/lib/prometheus/rules/maas
cp group.yml /var/lib/prometheus/rules/maas/

Start the Prometheus service. You should enable the Remote-Write Receiver function.

systemd-run -u prometheus /opt/prometheus/prometheus \
    --config.file=/opt/prometheus/prometheus.yaml \
    --enable-feature=remote-write-receiver

How to configure and start the Loki service

Create the Loki configuration.

cat > /opt/loki/loki.yaml <<EOF
auth_enabled: false
server:
  http_listen_port: 3100
  grpc_listen_port: 9096
common:
  path_prefix: /var/lib/loki/
  storage:
    filesystem:
      chunks_directory: /var/lib/loki/chunks
      rules_directory: /var/lib/loki/rules
  replication_factor: 1
  ring:
    instance_addr: 127.0.0.1
    kvstore:
      store: inmemory
schema_config:
  configs:
    - from: 2020-10-24
      store: boltdb-shipper
      object_store: filesystem
      schema: v11
      index:
        prefix: index_
        period: 24h
ruler:
  alertmanager_url: http://localhost:9093
  evaluation_interval: 15s
  poll_interval: 1m
  storage:
    type: local
    local:
      directory: /var/lib/loki/rules
  enable_api: true
EOF

MAAS has a git repository of curated alert rules for Loki. Checkout this repository, compile the rules and copy them to Loki directory.

git clone https://github.com/canonical/maas-loki-alert-rules.git
cd maas-loki-alert-rules
make groups

mkdir -p /var/lib/loki/rules/fake
cp rules/bundle.yml /var/lib/loki/rules/fake/

Start the Loki service.

systemd-run -u loki /opt/loki/loki-linux-amd64 \
    --config.file=/opt/loki/loki.yaml

How to start the AlertManager

The default configuration is enough for receiving alerts from Prometheus and Loki. You should read the project documentation to change it to forward notifications to somewhere useful.

systemd-run -u alertmanager /opt/alertmanager/alertmanager \
    --config.file=/opt/alertmanager/alertmanager.yml

You can access the AlertManager dashboard at http://<VM_IP>:9093

How to start Grafana

Grafana works out-of-the-box with the default configuration.

systemctl enable grafana-server
systemctl start grafana-server

You can access the dashboard at http://<VM_IP>:3000, the default user/password is “admin”.

How to export MAAS controller telemetry

The Grafana Agent should be installed in the same host as MAAS.

# Set this to the address of the VM running Loki and Prometheus
export O11y_IP=<VM_IP>
export GRAFANA_AGENT_PKG=https://github.com/grafana/agent/releases/download/v0.22.0/agent-linux-amd64.zip

wget -q "${GRAFANA_AGENT_PKG}" -O /tmp/agent.zip
unzip /tmp/agent.zip -d /opt/agent
chmod a+x /opt/agent/agent-linux-amd64

Copy the agent example configuration from MAAS and start the agent. Adapt the environment variable values to your setup. For example, if you’re using a snap, the MAAS_LOGS variable would be as shown (/var/snap/maas/common/log):

mkdir -p /var/lib/grafana-agent/positions \
         /var/lib/grafana-agent/wal
cp /snap/maas/current/usr/share/maas/grafana_agent/agent.yaml.example /opt/agent/agent.yml

systemd-run -u telemetry \
    -E HOSTNAME="$(hostname)" \
    -E AGENT_WAL_DIR="/var/lib/grafana-agent/wal" \
    -E AGENT_POS_DIR="/var/lib/grafana-agent/positions" \
    -E PROMETHEUS_REMOTE_WRITE_URL="http://${O11y_IP}:9090/api/v1/write" \
    -E LOKI_API_URL="http://${O11y_IP}:3100/loki/api/v1/push" \
    -E MAAS_LOGS="/var/snap/maas/common/log/" \
    -E MAAS_IS_REGION="true" \
    -E MAAS_IS_RACK="true" \
    -E MAAS_AZ="default" \
    /opt/agent/agent-linux-amd64 \
        -config.expand-env \
        -config.file=/opt/agent/agent.yml

On the other hand, if you’re using packages, the MAAS_LOGS would be /var/log/maas, as shown below:

    ...
    -E MAAS_LOGS="/var/log/maas" \
    ...

Be sure to adjust the values of the other environment variables to suit your situation, where applicable.

Next, enable log forwarding in MAAS.

# set the TCP port the Grafana Agent is listening for syslog messages
# this port must match the one in /opt/agent/agent.yml
maas $ADMIN maas set-config name=promtail_port value=5238

# enable syslog forwarding
maas $ADMIN maas set-config name=promtail_enabled value=true

How to verify correct operation

You should be able to add Loki and Prometheus as datasources in Grafana and to create dashboards for visualising MAAS metrics, and to receive alerts through Alertmanager.

MAAS services can provide Prometheus↗ endpoints for collecting performance metrics.

How to set up Prometheus for MAAS

MAAS can provide five endpoints of particular interest to MAAS users:

1. TFTP server file transfer latency
2. HTTP requests latency
3. Websocket requests latency
4. RPC calls (between MAAS services) latency
5. Per request DB queries counts

All available metrics are prefixed with maas_, to make it easier to look them up in Prometheus and Grafana UIs.

This article will help you learn:

• How do I enable Prometheus endpoints?
• How do I configure Prometheus endpoints?
• How can I deploy Prometheus and Grafana?

Enabling Prometheus endpoints

Whenever you install the python3-prometheus-client library, Prometheus endpoints are exposed over HTTP by the rackd and regiond processes under the default /metrics path.

sudo apt install python3-prometheus-client
sudo systemctl restart maas-rackd
sudo systemctl restart maas-regiond

maas $PROFILE maas set-config name=prometheus_enabled value=true

Configuring Prometheus

Once the /metrics endpoint is available in MAAS services, Prometheus can be configured to scrape metric values from these. You can configure this by adding a stanza like the following to the prometheus configuration↗:

    - job_name: maas
      static_configs:
        - targets:
          - <maas-host1-IP>:5239  # for regiond
          - <maas-host1-IP>:5249  # for rackd
          - <maas-host2-IP>:5239  # regiond-only
          - <maas-host3-IP>:5249  # rackd-only

If the MAAS installation includes multiple nodes, the targets entries must be adjusted accordingly, to match services deployed on each node.

If you have enabled MAAS stats, you must add an additional Prometheus job to the config:

    - job_name: maas
      metrics_path: /MAAS/metrics
      static_configs:
        - targets:
          - <maas-host-IP>:5240

In case of a multi-host deploy, adding a single IP for any of the MAAS hosts running regiond will suffice.

Deploying Prometheus and Grafana

Grafana↗ and Prometheus can be easily deployed using Juju.

The MAAS performance repo↗ repository provides a sample deploy-stack script that will deploy and configure the stack on LXD containers.

First, you must install juju via:

sudo snap install --classic juju

Then you can run the script from the repo:

grafana/deploy-stack <MAAS-IP>

To follow the progress of the deployment, run the following:

watch -c juju status --color

Once you deploy everything, the Grafana UI is accessible on port 3000 with the credentials admin/grafana. The Prometheus UI will be available on port 9090.

The repository also provides some sample dashboard covering the most common use cases for graphs. These are available under grafana/dashboards. You can import them from the Grafana UI or API.