Egutierrez
1c9325104c
Add a dedicated UNIBUS_NATS_MONITOR=1 toggle that opens the embedded nats-server monitoring HTTP endpoint (127.0.0.1:8222, loopback only) so a local metrics scraper can read /varz, /connz and /jsz for server-level metrics (msgs/s, connections, KV bucket msgs, RAFT leader per stream, restarts). Previously the monitoring endpoint was only reachable via UNIBUS_NATS_DEBUG=1, which is coupled to the verbose nats-server debug log: enabling the endpoint also wrote routes/RAFT/room subjects to journald in clear, which regresses the hardened posture (issue 0007). The two concerns are now decoupled. The toggle computation is extracted to a pure function natsLogOpts(debugEnv, monitorEnv) (noLog, debug, trace, monitor): MONITOR=1 opens the endpoint while keeping the log quiet (NoLog true / Debug false). The inverse coupling is preserved for backward compatibility (DEBUG still implies MONITOR). The 127.0.0.1 bind stays hardcoded — the monitoring endpoint has no auth and must never be reachable from the network. Deploy wiring versioned: additive systemd drop-in membershipd-cluster.service.d/nats-monitor.conf (Environment=UNIBUS_NATS_MONITOR=1) plus a "NATS server metrics" section in the cluster README with the rolling activation runbook (magnus -> homer -> datardos) gated on R3 reconvergence (followers 2/2) between nodes. Tests: pure decoupling table (monitor on => log NOT debug; debug => monitor; default closed) + a real embedded server with MONITOR=1 asserting /varz answers 200 on loopback:8222, and a server without the flag with the endpoint closed. 100% additive: behavior is identical without the flag. Bump app.md 0.10.0 -> 0.11.0. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
28 lines
1.5 KiB
Plaintext
28 lines
1.5 KiB
Plaintext
# Drop-in: enable the embedded NATS server monitoring HTTP endpoint so a local
|
|
# metrics scraper can read /varz, /connz and /jsz for server-level metrics
|
|
# (msgs/s, connections, KV bucket msgs, RAFT leader per stream, restarts).
|
|
#
|
|
# ADDITIVE and minimal: it only sets one environment variable; the base unit
|
|
# (membershipd-cluster.service) is otherwise unchanged.
|
|
#
|
|
# UNIBUS_NATS_MONITOR is DECOUPLED from UNIBUS_NATS_DEBUG: it opens the monitoring
|
|
# endpoint WITHOUT enabling the verbose nats-server debug log, so no room subjects
|
|
# or routing metadata are written to journald (keeps the hardened posture, issue
|
|
# 0007). Do NOT use UNIBUS_NATS_DEBUG in production just to get the endpoint.
|
|
#
|
|
# The endpoint binds 127.0.0.1:8222 ONLY — the binary hardcodes the loopback bind,
|
|
# so it is never reachable from the network and needs no auth. The scraper runs on
|
|
# the same host and reads it over loopback.
|
|
#
|
|
# Requires the 0.11.0+ membershipd binary (the one that honors UNIBUS_NATS_MONITOR).
|
|
# Install on a node:
|
|
# sudo mkdir -p /etc/systemd/system/membershipd-cluster.service.d
|
|
# sudo cp nats-monitor.conf /etc/systemd/system/membershipd-cluster.service.d/
|
|
# sudo systemctl daemon-reload && sudo systemctl restart membershipd-cluster
|
|
#
|
|
# Restarting a node restarts its JetStream RAFT member, so roll ONE node at a time
|
|
# and wait for R3 reconvergence (followers 2/2) before touching the next. See the
|
|
# "NATS server metrics" section of this directory's README for the full runbook.
|
|
[Service]
|
|
Environment=UNIBUS_NATS_MONITOR=1
|