ops/tailscalesd
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Service discovery for tailscale. Returns a list of services for Prometheus to scrape, with some extra smarts for Guardian Project Ops.
28 commits 1 branch 0 tags 376 KiB
Find a file
Abel Luck 5486d923bd handle strange input without crashing
2023-11-16 14:33:08 +01:00
docker Fix docker file entrypoint 2023-11-06 10:45:11 +01:00
tailscalesd handle strange input without crashing 2023-11-16 14:33:08 +01:00
tests add required bearer auth token 2023-11-07 10:47:24 +01:00
.envrc make container build work 2023-11-06 09:13:21 +01:00
.flake8 first pass 2023-11-05 20:30:24 +01:00
.gitignore make container build work 2023-11-06 09:13:21 +01:00
.gitlab-ci.yml handle strange input without crashing 2023-11-16 14:33:08 +01:00
LICENSE.md first pass 2023-11-05 20:30:24 +01:00
Makefile Add prometheus metrics to monitor tailscalesd 2023-11-06 11:57:11 +01:00
poetry.lock Add prometheus metrics to monitor tailscalesd 2023-11-06 11:57:11 +01:00
pyproject.toml Add prometheus metrics to monitor tailscalesd 2023-11-06 11:57:11 +01:00
README.md readme: add container use example 2023-11-07 10:59:37 +01:00
requirements.frozen.txt update frozen requirements 2023-11-06 12:56:25 +01:00
shell.nix first pass 2023-11-05 20:30:24 +01:00

README.md

tailscalesd

Service discovery for tailscale

Returns a list of services for Prometheus to scrape, with some extra smarts for Guardian Project Ops.

See the prometheus docs for more information on the HTTP service discovery format.

Example

curl -H "Authorization: Bearer supersecret" http://tailscalesd:9242

[
  {
    "labels": {
      "__meta_tailscale_device_client_version": "1.52.1-t75d3c9385-g3e9627f3b",
      "__meta_tailscale_device_hostname": "gp-ourapp-prod-main",
      "__meta_tailscale_device_authorized": "true",
      "__meta_tailscale_device_id": "1234678910",
      "__meta_tailscale_device_name": "gp-ourapp-prod-main.rocky-rocks.ts.net",
      "__meta_tailscale_device_os": "linux",
      "__meta_tailscale_tailnet": "ourtailnet"
    },
    "targets": [
      "100.100.100.101"
    ]
  },
  {
    "labels": {
      "__meta_tailscale_device_client_version": "1.52.1-t75d3c9385-g3e9627f3b",
      "__meta_tailscale_device_hostname": "ip-10-10-10-10",
      "__meta_tailscale_device_authorized": "true",
      "__meta_tailscale_device_id": "123456789101",
      "__meta_tailscale_device_name": "ip-10-31-0-182.rocky-rocks.ts.net",
      "__meta_tailscale_device_os": "linux",
      "__meta_tailscale_tailnet": "ourtailnet"
    },
    "targets": [
      "100.100.100.102"
    ]
  }
]

Usage

Deploy with a container

  • Container image: registry.gitlab.com/guardianproject-ops/tailscalesd:VERSION
  • See versions at: 5749401
docker run \
--name=tailscalesd \
--rm \
--cap-drop=all \
--user 1000:1000 \
--publish 127.0.0.1:9242:9242 \
--env TAILSCALESD_ENV_FILE=/tailscalesd.env \
--mount type=bind,dst=/tailscalesd.env,ro=true,src=/path/to/tailscalesd.env \
registry.gitlab.com/guardianproject-ops/tailscalesd:latest

Configuration

Configuration values can be set using environment variables, or optionally loaded from an environment file. The settings include:

  • host (TAILSCALESD_HOST): The host address on which the application will bind (designed to be used in a container, BE CAREFUL!). Default is 0.0.0.0.
  • port (TAILSCALESD_PORT): The port number on which the application will be accessible. Default is 9242.
  • interval (TAILSCALESD_INTERVAL): The interval on which the Tailscale API is polled in seconds. Default is 60.
  • bearer_token (TAILSCALESD_BEARER_TOKEN): The authentication token passed in the Authorization header (required).
  • tailnet (TAILSCALESD_TAILNET): The Tailscale tailnet identifier (required).
  • api_key (TAILSCALESD_API_KEY): The Tailscale API key (required).

Environment File

You can also specify an environment file to load configuration values. The path to the environment file should be set in the TAILSCALESD_ENV_FILE environment variable. All of the config values can be provided in the env file.

Example Environment File (env):

TAILSCALESD_TAILNET=my-tailnet
TAILSCALESD_API_KEY=my-api-key
TAILSCALESD_HOST=127.0.0.1
TAILSCALESD_BEARER_TOKEN=supersecret

Monitoring

This service provides the following Prometheus metrics:

  • tailscalesd_unhandled_background_task_crashes
    • Type: Counter
    • Description: The number of unhandled background task crashes. This counter increases every time a background task crashes without being handled by the application.
  • tailscalesd_matrix_sd_down
    • Type: Counter
    • Description: The number times a matrix sd host was unreachable. This counter increments each time a connection attempt to a matrix sd host fails.
    • Labels:
      • device_hostname: The hostname of the device that was unreachable.

It also provides HTTP server metrics from trallnag/prometheus-fastapi-instrumentator

Dev

Running the Application

  1. Install Dependencies: Ensure that all required dependencies are installed.

    poetry install

  2. Set Configuration: Set the necessary environment variables or create an environment file with the configuration values.

  3. Start the Application: Run the application using the following command:

    poetry run tailscalesd

  4. Access the Application: The application will be accessible at http://<host>:<port>.