ai-workspace-infra/observability.svc.plus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
101 Commits 5 Branches 0 Tags 2 MiB
Shell 29%
PLpgSQL 18.3%
TypeScript 17.5%
Jinja 14.7%
Python 7.3%
Other 13.2%
main
Go to file
Haitao Pan 9e7658389f Tighten homepage navigation layout
2026-03-17 19:54:03 +08:00
.agent/skills/security_check Add Caddy and Alloy configuration templates; Update install script and README 2026-02-01 21:08:57 +08:00
app Restore non-sensitive configuration files 2026-02-01 21:01:27 +08:00
bin Remove sensitive files 2026-02-01 20:53:55 +08:00
conf Add lightweight DeepFlow roles and agent modes 2026-03-17 08:16:32 +08:00
docker Remove sensitive files 2026-02-01 20:53:55 +08:00
docs docs: add bilingual docs structure 2026-03-15 23:45:17 +08:00
files Tighten homepage navigation layout 2026-03-17 19:54:03 +08:00
roles Provision Grafana folders with semantic file providers 2026-03-17 19:34:36 +08:00
scripts Add mixed-host observability deploy and ingest auth 2026-03-14 17:15:54 +08:00
templates Remove sensitive files 2026-02-01 20:53:55 +08:00
terraform Remove sensitive files 2026-02-01 20:53:55 +08:00
vagrant Remove sensitive files 2026-02-01 20:53:55 +08:00
workbench feat(workbench): enforce guest sandbox session uuid rotation and rename demo copy 2026-02-05 22:28:42 +08:00
.gitignore Refine homepage filters and switch observability inventory 2026-03-16 22:24:47 +08:00
.gitleaksignore docs: Add a detailed plan for OAuth social login rollout across accounts and console services. 2026-02-06 13:20:26 +08:00
ansible.cfg Refine homepage filters and switch observability inventory 2026-03-16 22:24:47 +08:00
app.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
bootstrap fix: ensure root SSH access is configured during install 2026-02-02 23:34:35 +08:00
cache.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
cert.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
CLAUDE.md Remove sensitive files 2026-02-01 20:53:55 +08:00
configure feat: implement smart IP detection and automated configuration 2026-02-02 23:38:05 +08:00
deepflow.yml Add lightweight DeepFlow roles and agent modes 2026-03-17 08:16:32 +08:00
deploy_observability_service.yml Harden existing-host observability deploy defaults 2026-03-14 19:51:43 +08:00
deploy.yml feat: enable insight workbench deployment 2026-02-03 01:38:24 +08:00
docker.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
etcd-rm.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
etcd.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
infra-rm.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
infra.yml Add mixed-host observability deploy and ingest auth 2026-03-14 17:15:54 +08:00
juice.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
KEYS Remove sensitive files 2026-02-01 20:53:55 +08:00
KNOWN_ISSUES.md fix: use absolute URL for insight Overview link and document known issues 2026-02-03 11:22:10 +08:00
LICENSE Remove agent verification and installation scripts. 2026-02-01 23:39:10 +08:00
Makefile Rebrand and remove Pigsty-specific references from documentation, configuration defaults, and build scripts. 2026-02-02 02:58:47 +08:00
merge_dashboards.py Tighten homepage navigation layout 2026-03-17 19:54:03 +08:00
minio-rm.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
minio.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
mongo.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
node-rm.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
node.yml Disable haproxy by default for observability 2026-03-14 20:40:39 +08:00
NOTICE Remove sensitive files 2026-02-01 20:53:55 +08:00
observability.yml Refine homepage filters and switch observability inventory 2026-03-16 22:24:47 +08:00
pgsql-db.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
pgsql-migration.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
pgsql-monitor.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
pgsql-pitr.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
pgsql-rm.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
pgsql-user.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
pgsql.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
README.md Add lightweight DeepFlow roles and agent modes 2026-03-17 08:16:32 +08:00
redis-rm.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
redis.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
slim.yml Remove sensitive files 2026-02-01 20:53:55 +08:00
vibe.yml Remove sensitive files 2026-02-01 20:53:55 +08:00

README.md

Observability.svc.plus

License: Apache-2.0 Status: Stable

Observability.svc.plus is an observability solution strictly following the Apache 2.0 license.

Focus: Monitoring & Observability (监控/可观测). Integrating OpenTelemetry (OTel), VictoriaMetrics, and DeepFlow-based network observability without long-term raw-flow lock-in.

Website | Public Demo | Blog | Support

banner

1) 概述

Observability.svc.plus provides a monitoring-focused stack for infrastructure and applications, centered on metrics, logs, and traces. It is designed for self-hosted, cloud-neutral operations with minimal vendor lock-in.

2) 架构图

flowchart LR
  A["Client Nodes<br/>node_exporter / process_exporter / vector"] --> B["OTel / Ingest Gateway"]
  B --> C["Metrics Store<br/>VictoriaMetrics"]
  B --> D["Logs Store<br/>Loki-compatible pipeline"]
  B --> E["Traces / OTel pipeline"]
  C --> F["Grafana"]
  D --> F
  E --> F
  F --> G["Dashboard & Alerting"]

3) Start

当前推荐按“混合部署到已有主机”的方式执行。

  1. 先更新 DNSobservability.svc.plus 指到 us-xhttp.svc.plus
  2. us-xhttp.svc.plus 上执行下面的 Server side 示例,部署中心端
  3. 再到其他已有主机执行下面的 Client side 示例,把采集数据回传到 observability.svc.plus

当前接入主机:

  • us-xhttp.svc.plus:继续承载现有服务,同时承载 observability.svc.plus
  • openclaw.svc.plus:部署 agent采集后上报到中心端
  • jp-xhttp.svc.plus:部署 agent采集后上报到中心端

Ansible (Recommended)

Server side

先导出 Cloudflare Token然后在 us-xhttp.svc.plus 上执行服务端部署。deploy_observability_service.yml 会先把 Cloudflare 上的 observability.svc.plus 更新成指向 us-xhttp.svc.plus 的非代理记录,再等待公共 DNS 生效后继续部署,这样更容易保证 Caddy 首次自动签名成功。

export CLOUDFLARE_API_TOKEN=...
ansible-playbook -i <your-inventory> deploy_observability_service.yml -l us-xhttp.svc.plus

如果希望给 /ingest/* 增加一层基础认证,可以在服务端部署时一起打开:

export CLOUDFLARE_API_TOKEN=...
ansible-playbook -i <your-inventory> deploy_observability_service.yml -l us-xhttp.svc.plus \
  -e observability_ingest_basic_auth_enabled=true \
  -e observability_ingest_basic_auth_user=ingest \
  -e observability_ingest_basic_auth_password='<strong-password>'

Client side (agent)

再到采集端主机执行 node.yml 的 push mode

ansible-playbook -i <your-inventory> node.yml \
  -l openclaw.svc.plus,jp-xhttp.svc.plus \
  -e node_monitor_mode=push \
  -e observability_endpoint=https://observability.svc.plus/

如果服务端已开启 ingest 基本认证,采集端也要带上同一组凭据:

ansible-playbook -i <your-inventory> node.yml \
  -l openclaw.svc.plus,jp-xhttp.svc.plus \
  -e node_monitor_mode=push \
  -e observability_endpoint=https://observability.svc.plus/ \
  -e observability_ingest_basic_auth_enabled=true \
  -e observability_ingest_basic_auth_user=ingest \
  -e observability_ingest_basic_auth_password='<strong-password>'

node_monitor_mode=push 会在远端主机上部署 node_exporter + process_exporter + vector,并把 metrics / logs 主动汇总到 observability.svc.plusvector 固定归到采集端任务,服务端 infra.yml 不再默认部署它。

如果采集端与 Victoria 服务端同机playbook 会自动把 metrics / logs 改走本机 127.0.0.1 ingest跨主机时默认走 https://observability.svc.plus/ 并自动补全 /ingest/metrics/api/v1/write/ingest/logs/insert

observability_ingest_basic_auth_* 只保护 /ingest/* 写入入口,不影响 Caddy 暴露的其他站点页面;服务端和采集端必须使用同一组认证信息。

Script Installers

Server side

curl -fsSL "https://raw.githubusercontent.com/cloud-neutral-toolkit/observability.svc.plus/main/scripts/server-install.sh?$(date +%s)" | bash -s -- observability.svc.plus

Client side (agent)

# bash -s -- --endpoint <YOUR_ENDPOINT>
curl -fsSL https://raw.githubusercontent.com/cloud-neutral-toolkit/observability.svc.plus/main/scripts/agent-install.sh \
  | bash -s -- --endpoint https://observability.svc.plus/ingest/otlp

Note

  • --endpoint supports both:
    • https://observability.svc.plus
    • https://observability.svc.plus/ingest/otlp
  • The installer auto-derives:
    • metrics endpoint: /ingest/metrics/api/v1/write
    • logs endpoint: /ingest/logs/insert
  • The script automatically verifies installation after setup.

Optional: DeepFlow Agent on Client

If you have deployed DeepFlow with deepflow.yml, you can install deepflow-agent on client nodes via the same script:

# example: endpoint exposed by caddy grpc ingress (deepflow_grpc_domain:443)
curl -fsSL https://raw.githubusercontent.com/cloud-neutral-toolkit/observability.svc.plus/main/scripts/agent-install.sh \
  | bash -s -- \
    --endpoint https://observability.svc.plus/ingest/otlp \
    --deepflow-agent \
    --deepflow-grpc-endpoint deepflow-agent.svc.plus:443 \
    --deepflow-agent-download-url https://example.com/path/to/deepflow-agent

If deepflow-agent binary already exists on host, replace --deepflow-agent-download-url with --deepflow-agent-bin /path/to/deepflow-agent.

🚀 DeepFlow Deployment (Server Side)

This repo now provides dedicated DeepFlow roles:

  • deepflow_mysql
  • deepflow_clickhouse_s3
  • deepflow_server
  • deepflow_connector
  • deepflow_agent

Quick start:

./configure -c deepflow/deepflow
vi pigsty.yml                  # adjust domain/password/ports
./deploy.yml
./docker.yml
./deepflow.yml
./infra.yml -t caddy           # apply deepflow_grpc_domain ingress

Default inventory template: conf/deepflow/deepflow.yml

Lightweight Topology

  • deepflow-server stays containerized with Docker Compose
  • ClickHouse is kept as short-retention local storage
  • MinIO/S3 is optional in lightweight mode
  • deepflow_connector exports selected DeepFlow L4/L7 metrics to VictoriaMetrics
  • deepflow_agent supports binary/systemd, docker, and rendered k8s manifests
  • default deepflow_agent_profile=lite keeps pcap enabled and disables built-in vector

Remote client example (openclaw.svc.plus)

ssh root@openclaw.svc.plus \
  'curl -fsSL https://raw.githubusercontent.com/cloud-neutral-toolkit/observability.svc.plus/main/scripts/agent-install.sh \
    | bash -s -- --endpoint https://observability.svc.plus/ingest/otlp'

Remote client example (jp-xhttp.svc.plus)

ssh root@jp-xhttp.svc.plus \
  'curl -fsSL https://raw.githubusercontent.com/cloud-neutral-toolkit/observability.svc.plus/main/scripts/agent-install.sh \
    | bash -s -- --endpoint https://observability.svc.plus/ingest/otlp'

Optional SSH manager env example

SSH_SERVER_CLAWBOT_HOST=openclaw.svc.plus
SSH_SERVER_CLAWBOT_USER=root
SSH_SERVER_CLAWBOT_KEYPATH=~/.ssh/id_rsa
SSH_SERVER_CLAWBOT_PORT=22
SSH_SERVER_CLAWBOT_DESCRIPTION=openclaw_server

4) Features

  • Observability First: SOTA monitoring for PG / Infra / Node based on VictoriaMetrics, Grafana, and OpenTelemetry.
  • OTel Integration: Native support for OpenTelemetry, facilitating unified trace, metric, and log ingestion.
  • DeepFlow Ready: Lightweight DeepFlow server/agent deployment with short-lived flow storage and VictoriaMetrics archiving for high-value protocol metrics.
  • Reliable Base: Robust self-healing HA clusters, PITR, and secure infrastructure.
  • Maintainable: One-Cmd Deploy, IaC support, and easy customization.
  • Controllable: Self-sufficient Cloud Neutral FOSS. Run on bare Linux.

5) License & Upstream

6) 致谢

感谢开源社区与所有贡献者,特别是 observability、database、DevOps 相关项目维护者与实践者。