Merge lp:~mleinartas/graphite/whitelist into lp:~graphite-dev/graphite/main
Status: | Merged |
---|---|
Merged at revision: | 675 |
Proposed branch: | lp:~mleinartas/graphite/whitelist |
Merge into: | lp:~graphite-dev/graphite/main |
Diff against target: |
232 lines (+127/-0) 8 files modified
carbon/conf/blacklist.conf.example (+4/-0) carbon/conf/carbon.conf.example (+15/-0) carbon/conf/whitelist.conf.example (+5/-0) carbon/lib/carbon/conf.py (+19/-0) carbon/lib/carbon/protocols.py (+7/-0) carbon/lib/carbon/regexlist.py (+62/-0) carbon/lib/carbon/service.py (+5/-0) docs/config-carbon.rst (+10/-0) |
To merge this branch: | bzr merge lp:~mleinartas/graphite/whitelist |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
chrismd | Pending | ||
Review via email: mp+85703@code.launchpad.net |
This proposal supersedes a proposal from 2011-01-10.
Description of the change
We would be completely overwhelmed by the volume of metrics flowing into Graphite if we accepted everything that came our way. I can't control what is sent to Graphite, but I can control what is accepted into Graphite. To implement that, we've created whitelist and blacklist functionality that respectively allows or denies metrics entry into Graphite. This code is based on code that has been running in production for months with several thousand metrics per minute after filtering.
Each list is a file with one regular expression per line. If a metric matches a regex in the blacklist it is dropped. Only if a metric matches a regex in the whitelist will it be accepted by carbon.
For example, a whitelist consisting of the line:
^server\.load\.
will allow any metric that starts with "server.load." into carbon, unless it also matches a regex in the blacklist.
To test, uncomment the WHITELIST and/or BLACKLIST lines in carbon.conf and add one or more regular expressions to graphite/
**UPDATE**
I've submitted a branch with trunk merged back in and with some changes from the original patch. This should get another review before merging. This will still be compatible with the patch our friends at Orbitz are running, but will require them to add and enable the global USE_WHITELIST flag.
Some things to validate:
* whitelist and blacklist configs are by default in CONF_DIR/whitelist and CONF_DIR/blacklist. This seems like a good place, but would it make more sense to use a .conf file for consistency with the rest of the files in that directory?
* I moved the RegexList class to it's own file - regexlist.py
* Functionality can be globally enabled/disabled with the USE_WHITELIST flag in carbon.conf. Removing the conf files also effectively disables it, but an additional global flag feels appropriate
Also note that this makes some changes to config - I can merge this in with the megacarbon branch separately after it's merged to trunk, or I could branch it off of megacarbon instead if that's better.
I personally think that this should be done through a separate proxy sitting in front of carbon-cache.py. It seems like by the time carbon accepts the request and parses it, you might as well just record it.