Apereo CAS - Monitoring Metrics with Prometheus and Grafana

Posted by Misagh Moayyed on October 02, 2020 · 7 mins read ·

Prometheus is an open-source monitoring system designed to pull and scrap metrics data over HTTP periodically at a configured interval. It also presents a simple user interface to visualize, query, and monitor all the metrics. Prometheus is natively supported by Apereo CAS by taking advantage of Spring Boot’s actuator metrics exported and supported by the Micrometer library; a framework that presents metrics data to a variety of external monitoring systems.

In this post, we will take a look at how Apereo CAS can export metrics over to Prometheus using Spring Boot actuators. Our starting position is as follows:

CAS Configuration

First, we should include support for actuators and metrics in the CAS overlay by including the following modules:

implementation "org.apereo.cas:cas-server-support-metrics:${project.'cas.version'}"
implementation "org.apereo.cas:cas-server-support-reports:${project.'cas.version'}"

Furthermore, the Spring Boot metrics actuator endpoint must be turned on and enabled as well as support for Prometheus using the below settings:

management.metrics.export.prometheus.enabled=true

management.endpoint.prometheus.enabled=true
management.endpoints.web.exposure.include=prometheus

cas.monitor.endpoints.endpoint.defaults.access=ANONYMOUS

WATCH OUT!
The above collection of settings MUST only be used for demo purposes and serve as an EXAMPLE. It is not wise to enable and expose all actuator endpoints to the web and certainly, the security of the exposed endpoints should be taken into account very seriously. None of the CAS or Spring Boot actuator endpoints are enabled by default. For production, you should carefully choose which endpoints to expose.

At this point, once you build and run the CAS server you should be able to pull metrics names and data from the Prometheus endpoint:

curl https://sso.example.org:8443/cas/actuator/prometheus

Prometheus Configuration

We can set up a Prometheus instance to pull metrics data from our /prometheus endpoint using Docker and the prometheus.yml configuration file with the following example settings:

global:
  scrape_interval:     15s 
  evaluation_interval: 15s 

scrape_configs:
  - job_name: 'prometheus'
    static_configs:
    - targets: ['127.0.0.1:9090']

  - job_name: 'spring-actuator'
    metrics_path: '/cas/actuator/prometheus'
    scrape_interval: 5s
    scheme: https
    tls_config:
      insecure_skip_verify: true
    static_configs:
    - targets: ['host.docker.internal:8443']

A few things should be pointed out:

  • The target element should point to the hostname and port of the running CAS server using the syntax IP:PORT. We are specifying the scheme as https and should specify our CAS server port that is 8443. Since Prometheus will run as a Docker container, using localhost will certainly not work for the host ip address. Instead, host.docker.internal can be used (for testing and development purposes only) to indicate the IP address of the host machine that runs our CAS server.
  • The insecure_skip_verify is turned on to skip and disable SSL validation errors. This flag should only be used for development and demo purposes.
  • The metrics_path element defines the path to the prometheus actuator endpoint that exposes metrics data.

At this point, you can run the following command to pull down the image and run the Prometheus container:

docker run --name=prometheus -p 9090:9090 \
    -v $PWD/prometheus.yml:/etc/prometheus/prometheus.yml \
    prom/prometheus --config.file=/etc/prometheus/prometheus.yml

Visualizing Metrics

You can now navigate to the Prometheus dashboard http://localhost:9090/new/targets and browse the target environments:

image

Furthermore, you can add graphs based on the metric of choice to visualize metrics data over time:

image

Grafana Configuration

Grafana is an open-source, analytics, and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources. It allows you to bring data from various data sources like Prometheus and visualize them.

A Grafana instance can be downloaded and run via Docker using:

docker run -d --name=grafana -p 3000:3000 grafana/grafana 

You can now navigate to http://localhost:3000 and log in to Grafana with the default username admin and password admin.

Next, navigate to http://localhost:3000/datasources to set up a datasource for Prometheus:

image

Note the URL address of the Prometheus server is http://172.17.0.2:9090, where the host is specified as the IP address of the running Prometheus Docker container. You can obtain this IP address via the following command:

docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' prometheus 

Finally, you can now navigate to the dashboards, create a new dashboard with a Prometheus as the query data source:

image

So…

I hope this review was of some help to you and I am sure that both this post as well as the functionality it attempts to explain can be improved in any number of ways. Please know that all other use cases, scenarios, features, and theories certainly are possible as well. Feel free to engage and contribute as best as you can.

Happy Coding,

Misagh Moayyed