How to configure zrok metrics

zrok
1

I tried first with -type : fabric.usage as here https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/

Then with -type: usage. Since it seems that the name is changed https://openziti.io/docs/reference/events/#usagev3

I have ziti v1.5.4

/var/lib/private/ziti-controller/config.yml

events:
  jsonLogger:
    subscriptions:
      - type: router
      - type: usage
        version: 3
    handler:
      type: file
      format: json
      path: /tmp/fabric-usage.json

/var/lib/private/ziti-router/config.yml

metrics:
  reportInterval: 5s
  intervalAgeThreshold: 5s

The file /tmp/fabric-usage.json does not exist.

1 Like
2

Summary: your hand-crafted zrok-controller.service unit needs to read a JSON file written by your upstream ziti-controller.service to consume Ziti metrics events.

/tmp/fabric-usage.json is not in the default filesystem namespace because ziti-controller.service is running in an isolated namespace for security.

Solution: add a writeable, persistent logs directory to your ziti-controller.service unit.

Edit the controller service with:

sudo systemctl edit ziti-controller.service

### Editing /etc/systemd/system/ziti-controller.service.d/override.conf
### Anything between here and the comment below will become the new contents of the file

[Service]

LogsDirectory=ziti-controller

### Lines below this comment will be discarded

Configure the path to which the ziti-controller writes events.

events:
  jsonLogger:
    subscriptions:
      - type: router
      - type: usage
        version: 3
    handler:
      type: file
      format: json
      path: /var/log/ziti-controller/fabric-usage.json

Restart the service.

sudo systemctl restart ziti-controller.service

This is likely to be a common request so I'll consider adding the writeable log directory to the base unit definition and documenting this use case you've outlined.

3

I see that a file is not a perfect solution. Because I don't know how zrok controller will have access to this private file. Is it possible to set amqp://guest:guest@localhost:5672 in the ziti's controller configuration file without using zrok's bridge?

4

I assume that zrok-controller.service is on the same host.

You can set the default filemode of new files written in the ziti-controller.service LogsDirectory with these directives to allow any user to read the file.

[Service]

LogsDirectory=ziti-controller
LogsDirectoryMode=0755
UMask=0022

If a newly created file is still not readable, it is probably because your distribution enforces no-traversal of /var/log/private by requiring mode 0700 on that parent dir of the logs dir. In that scenario, you can bind the directory elsewhere to allow traversal.

sudo mount --bind /var/log/private/ziti-controller /var/log/ziti-controller-access
5

The alternative is to publish ziti controller events directly to the AMQP queue and consume them from that queue in the zrok controller. This has the advantage of eliminating the zrok JSON-file-to-AMQP bridge component, and the disadvantage of potentially losing events if the queue is unavailable when they're emitted by the ziti controller.

6

zrok controller wants messages of type 'fabric.usage'.

Apr 23 17:44:07  zrok[3064560]: {"file":"/__w/zrok/zrok/controller/metrics/usageIngest.go:88","func":"github.com/openziti/zrok/controller/metrics.Ingest","level":"error","msg":"not 'fabric.usage': {\"namespace\":\"usage\",\"event_src_id\":\"NetFoundry Inc. Client ix5ZK6aUr\",\"timestamp\":\"2025-04-23T17:44:07.187662625Z\",\"version\":3,\"source_id\":\"6etoEwsTW\",\"circuit_id\":\"u5cuTXHdA\",\"usage\":{\"fabric.rx\":56,\"fabric.tx\":56},\"interval_start_utc\":1745430240,\"interval_length\":5,\"tags\":null}","time":"2025-04-23T17:44:07.188Z"}
Apr 23 17:44:07  zrok[3064560]: {"file":"/__w/zrok/zrok/controller/metrics/usageIngest.go:88","func":"github.com/openziti/zrok/controller/metrics.Ingest","level":"error","msg":"not 'fabric.usage': {\"namespace\":\"usage\",\"event_src_id\":\"NetFoundry Inc. Client ix5ZK6aUr\",\"timestamp\":\"2025-04-23T17:44:07.187660651Z\",\"version\":3,\"source_id\":\"6etoEwsTW\",\"circuit_id\":\"u5cuTXHdA\",\"usage\":{\"egress.rx\":56,\"egress.tx\":56},\"interval_start_utc\":1745430240,\"interval_length\":5,\"tags\":{\"clientId\":\"oc6KLV4TC\",\"hostId\":\"XDMzfmsTC\",\"serviceId\":\"6Pv3sCsIgAEM8jLST2WE6A\"}}","time":"2025-04-23T17:44:07.188Z"}
7

Regardless the note " In version prior to 1.4.0, the namespace was fabric.usage" https://openziti.io/docs/reference/events/#usagev3 we need to use the old name space to allow the zrok controller consumes the events as explained in zrok's documentation https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/

ziti-controller/config.yml:

events:
  jsonLogger:
    subscriptions:
      - type: fabric.usage
        version: 3
    handler:
      format: json
      type: amqp
      url: amqp://guest:guest@localhost:5672
      queue: events
8

Were you able to get this working? I'm unfamiliar with the specifics here, so the problem isn't apparent to me. I will ask for assistance if it's not yet working for you, and to help me understand what's required.

9

It works pretty well! Thank you. I don't see the cumulative data (totals for a period). Might be I need to configure it somehow. Firstly, I will let the system run for a while.
The problem was the file transfer.