How to configure zrok metrics

zrok
1

I tried first with -type : fabric.usage as here https://docs.zrok.io/docs/guides/self-hosting/metrics-and-limits/configuring-metrics/

Then with -type: usage. Since it seems that the name is changed https://openziti.io/docs/reference/events/#usagev3

I have ziti v1.5.4

/var/lib/private/ziti-controller/config.yml

events:
  jsonLogger:
    subscriptions:
      - type: router
      - type: usage
        version: 3
    handler:
      type: file
      format: json
      path: /tmp/fabric-usage.json

/var/lib/private/ziti-router/config.yml

metrics:
  reportInterval: 5s
  intervalAgeThreshold: 5s

The file /tmp/fabric-usage.json does not exist.

1 Like
2

Summary: your hand-crafted zrok-controller.service unit needs to read a JSON file written by your upstream ziti-controller.service to consume Ziti metrics events.

/tmp/fabric-usage.json is not in the default filesystem namespace because ziti-controller.service is running in an isolated namespace for security.

Solution: add a writeable, persistent logs directory to your ziti-controller.service unit.

Edit the controller service with:

sudo systemctl edit ziti-controller.service

### Editing /etc/systemd/system/ziti-controller.service.d/override.conf
### Anything between here and the comment below will become the new contents of the file

[Service]

LogsDirectory=ziti-controller

### Lines below this comment will be discarded

Configure the path to which the ziti-controller writes events.

events:
  jsonLogger:
    subscriptions:
      - type: router
      - type: usage
        version: 3
    handler:
      type: file
      format: json
      path: /var/log/ziti-controller/fabric-usage.json

Restart the service.

sudo systemctl restart ziti-controller.service

This is likely to be a common request so I'll consider adding the writeable log directory to the base unit definition and documenting this use case you've outlined.

3

I see that a file is not a perfect solution. Because I don't know how zrok controller will have access to this private file. Is it possible to set amqp://guest:guest@localhost:5672 in the ziti's controller configuration file without using zrok's bridge?

4

I assume that zrok-controller.service is on the same host.

You can set the default filemode of new files written in the ziti-controller.service LogsDirectory with these directives to allow any user to read the file.

[Service]

LogsDirectory=ziti-controller
LogsDirectoryMode=0755
UMask=0022

If a newly created file is still not readable, it is probably because your distribution enforces no-traversal of /var/log/private by requiring mode 0700 on that parent dir of the logs dir. In that scenario, you can bind the directory elsewhere to allow traversal.

sudo mount --bind /var/log/private/ziti-controller /var/log/ziti-controller-access
5

The alternative is to publish ziti controller events directly to the AMQP queue and consume them from that queue in the zrok controller. This has the advantage of eliminating the zrok JSON-file-to-AMQP bridge component, and the disadvantage of potentially losing events if the queue is unavailable when they're emitted by the ziti controller.

6

zrok controller wants messages of type 'fabric.usage'.

Apr 23 17:44:07  zrok[3064560]: {"file":"/__w/zrok/zrok/controller/metrics/usageIngest.go:88","func":"github.com/openziti/zrok/controller/metrics.Ingest","level":"error","msg":"not 'fabric.usage': {\"namespace\":\"usage\",\"event_src_id\":\"NetFoundry Inc. Client ix5ZK6aUr\",\"timestamp\":\"2025-04-23T17:44:07.187662625Z\",\"version\":3,\"source_id\":\"6etoEwsTW\",\"circuit_id\":\"u5cuTXHdA\",\"usage\":{\"fabric.rx\":56,\"fabric.tx\":56},\"interval_start_utc\":1745430240,\"interval_length\":5,\"tags\":null}","time":"2025-04-23T17:44:07.188Z"}
Apr 23 17:44:07  zrok[3064560]: {"file":"/__w/zrok/zrok/controller/metrics/usageIngest.go:88","func":"github.com/openziti/zrok/controller/metrics.Ingest","level":"error","msg":"not 'fabric.usage': {\"namespace\":\"usage\",\"event_src_id\":\"NetFoundry Inc. Client ix5ZK6aUr\",\"timestamp\":\"2025-04-23T17:44:07.187660651Z\",\"version\":3,\"source_id\":\"6etoEwsTW\",\"circuit_id\":\"u5cuTXHdA\",\"usage\":{\"egress.rx\":56,\"egress.tx\":56},\"interval_start_utc\":1745430240,\"interval_length\":5,\"tags\":{\"clientId\":\"oc6KLV4TC\",\"hostId\":\"XDMzfmsTC\",\"serviceId\":\"6Pv3sCsIgAEM8jLST2WE6A\"}}","time":"2025-04-23T17:44:07.188Z"}