Saturday, February 23, 2019

Monitoring WSO2 Identity Server with Prometheus

Prometheus can be used to monitor the JVM metrics of WSO2 Identity Server. For this, you need to download,
First of all, we need to configure JMX exporter to expose the Identity Server metrics. This exporter is intended to be run as a Java Agent, exposing an HTTP server and serving metrics of the Identity Server JVM. We start with creating the config file for the agent. Create a file named is.yml in the bin directory of the Identity Server. In the initial phase, we will stick to basic configs. Add below content to the created yml file.

---
lowercaseOutputLabelNames: true
lowercaseOutputName: true

Now open the wso2server.sh and add the Java Agent. Scroll down to the bottom of the file and you will notice the "-D" parameters added. At the end of those parameters add below parameter also.

-javaagent:$CARBON_HOME/bin/jmx_prometheus_javaagent-0.11.0.jar=8080:$CARBON_HOME/bin/is.yml \

After the config, the file would look like below.
...
do
    $JAVACMD \
    ...
    -Dhttpclient.hostnameVerifier="DefaultAndLocalhost" \
    -javaagent:$CARBON_HOME/bin/jmx_prometheus_javaagent-0.11.0.jar=8080:$CARBON_HOME/bin/is.yml \
    org.wso2.carbon.bootstrap.Bootstrap $*
    status=$?
done

We are finished in the Identity Server side and you can start the identity server.

Now we can start configuring Prometheus. Go the downloaded Prometheus directory. Create a file called is.yml there. Add below content.

# my global config
global:
  scrape_interval:     15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
  - static_configs:
    - targets:
      # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:

# A scrape configuration containing exactly one endpoint to scrape:
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'WSO2 Identity Server'

    static_configs:
    - targets: ['localhost:8080']

Now we can start Prometheus. Run below command from the Prometheus directory.

./prometheus --config.file=is.yml

Everything is set. Navigate to the http://localhost:9090/graph to use Prometheus's built-in expression browser. Now you can monitor the JVM metrics. To view memory consumptions of the JVM enter this into the expression console and click "Execute" button.

jvm_memory_pool_bytes_used

You should be able to see the time series graph of the memory usage like below.



We will dig deeper into configurations in a future post.

1 comment:

  1. Hello Maduranga

    I am system administrator of a small school in Germany. How do we use WSO2IS with the Office365 provisioning (https://github.com/wso2-extensions/identity-office365/issues/4) conector that you also worked on. We are concerned that changed group memberships in our LDAP user store or roles in WSO2IS are not updated in the Azure (department attribute).

    I would like to push ahead with the development of the connector's update logic:
    https://github.com/wso2-extensions/identity-office365/issues/4

    Alternatively, a code specially adapted for us would also be possible. Unfortunately I do not have the necessary technical knowledge and cannot estimate the effort.

    Can you help me with this or mediate someone to us? My budget for an update logic of the Azure Department Attribute that works for us is 500 €.

    I would be happy if you could help despite the small budget.

    Best wishes
    Sven Zimmermann
    sven@zimmermanns.cloud

    ReplyDelete