feat: implement monitoring sources

Bulletdev · Bulletdev · commit fe4ae7484316 · 2026-05-03T15:44:01.000-03:00
diff --git a/config/database.yml b/config/database.yml
@@ -20,6 +20,9 @@ default: &default
   # Supabase transaction pooler (port 6543) does not support prepared statements.
   # Disabling here prevents PG::DuplicatePstatement errors across all envs.
   prepared_statements: false
+  # PgBouncer transaction mode doesn't support session-level advisory locks.
+  # Disabling prevents ConcurrentMigrationError on container restarts.
+  advisory_locks: false
   # For details on connection pooling, see Rails configuration guide
   # https://guides.rubyonrails.org/configuring.html#database-pooling
   # DB_POOL lets you set a higher pool for Sidekiq without raising Puma threads.
diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb
@@ -3,7 +3,7 @@
 Rails.application.config.middleware.insert_before 0, Rack::Cors do
   allow do
     # The fallback (second argument) must be a single string separated by commas
-    origins ENV.fetch('CORS_ORIGINS', 'http://localhost:3000,http://localhost:5173,http://localhost:8888,http://localhost:4444,https://prostaff.gg,https://www.prostaff.gg,https://api.prostaff.gg,https://status.prostaff.gg,https://docs.prostaff.gg,https://scrims.lol,https://www.scrims.lol,https://arena-br.vercel.app').split(',')
+    origins ENV.fetch('CORS_ORIGINS', 'http://localhost:3000,http://localhost:5173,http://localhost:5555,http://localhost:8888,http://localhost:4444,https://prostaff.gg,https://www.prostaff.gg,https://api.prostaff.gg,https://status.prostaff.gg,https://docs.prostaff.gg,https://scrims.lol,https://www.scrims.lol,https://arena-br.vercel.app').split(',')
 
     resource '*',
              headers: :any,
diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
@@ -37,11 +37,13 @@ class Attack
     end
 
     # Allow localhost and Docker bridge in development and test environments
+    # Docker uses 172.16.0.0/12 range for bridge networks (172.16–172.31)
     safelist('allow from localhost') do |req|
       next false unless Rails.env.development? || Rails.env.test?
 
       ip = req.ip.to_s
-      ip == '127.0.0.1' || ip == '::1' || ip.start_with?('172.18.', '172.17.')
+      ip == '127.0.0.1' || ip == '::1' ||
+        (ip.start_with?('172.') && (ip.split('.')[1].to_i >= 16 && ip.split('.')[1].to_i <= 31))
     end
 
     # Block known malicious bots and scrapers
diff --git a/docker-compose.monitoring.yml b/docker-compose.monitoring.yml
@@ -0,0 +1,78 @@
+services:
+  node-exporter:
+    image: prom/node-exporter:latest
+    restart: unless-stopped
+    pid: host
+    networks:
+      - monitoring
+    ports:
+      - "127.0.0.1:9100:9100"
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+    command:
+      - '--path.procfs=/host/proc'
+      - '--path.sysfs=/host/sys'
+      - '--path.rootfs=/rootfs'
+      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
+
+  cadvisor:
+    image: gcr.io/cadvisor/cadvisor:latest
+    restart: unless-stopped
+    privileged: true
+    networks:
+      - monitoring
+    ports:
+      - "127.0.0.1:9200:8080"
+    volumes:
+      - /:/rootfs:ro
+      - /var/run:/var/run:ro
+      - /sys:/sys:ro
+      - /var/lib/docker:/var/lib/docker:ro
+      - /dev/disk:/dev/disk:ro
+
+  prometheus:
+    image: prom/prometheus:latest
+    restart: unless-stopped
+    networks:
+      - monitoring
+    ports:
+      - "127.0.0.1:9090:9090"
+    volumes:
+      - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro
+      - prometheus-data:/prometheus
+    command:
+      - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--storage.tsdb.path=/prometheus'
+      - '--storage.tsdb.retention.time=30d'
+      - '--web.enable-lifecycle'
+
+  grafana:
+    image: grafana/grafana:latest
+    restart: unless-stopped
+    networks:
+      - monitoring
+    ports:
+      - "127.0.0.1:3001:3000"
+    volumes:
+      - grafana-data:/var/lib/grafana
+      - ./monitoring/grafana/provisioning:/etc/grafana/provisioning:ro
+    environment:
+      GF_SECURITY_ADMIN_USER: '${GRAFANA_ADMIN_USER:-admin}'
+      GF_SECURITY_ADMIN_PASSWORD: '${GRAFANA_ADMIN_PASSWORD}'
+      GF_PATHS_PROVISIONING: '/etc/grafana/provisioning'
+      GF_USERS_ALLOW_SIGN_UP: 'false'
+      GF_SERVER_ROOT_URL: '${GRAFANA_ROOT_URL:-http://localhost:3001}'
+    depends_on:
+      - prometheus
+
+volumes:
+  prometheus-data:
+    driver: local
+  grafana-data:
+    driver: local
+
+networks:
+  monitoring:
+    driver: bridge
diff --git a/monitoring/README.md b/monitoring/README.md
@@ -0,0 +1,60 @@
+# ProStaff Observability Stack
+
+Node Exporter + cAdvisor + Prometheus + Grafana, isolado do compose principal.
+
+## Setup
+
+```bash
+cp .env.monitoring.example .env.monitoring
+# edite .env.monitoring e defina GRAFANA_ADMIN_PASSWORD
+```
+
+## Subir
+
+```bash
+docker compose -f docker-compose.monitoring.yml --env-file .env.monitoring up -d
+```
+
+## Portas
+
+| Servico      | Porta local    | URL                          |
+|--------------|---------------|------------------------------|
+| Grafana      | 3001          | http://localhost:3001        |
+| Prometheus   | 9090          | http://localhost:9090        |
+| Node Exporter| 9100          | http://localhost:9100/metrics|
+| cAdvisor     | 9200          | http://localhost:9200/metrics|
+
+Todas as portas estão vinculadas a `127.0.0.1` — acesse via SSH tunnel em produção:
+
+```bash
+ssh -L 3001:localhost:3001 -L 9090:localhost:9090 user@seu-servidor
+```
+
+## Importar dashboards prontos
+
+1. Acesse Grafana → Dashboards → Import
+2. Cole o ID e clique em Load:
+
+| Dashboard              | ID    |
+|------------------------|-------|
+| Node Exporter Full     | 1860  |
+| Docker / cAdvisor      | 14282 |
+
+3. Selecione o datasource **Prometheus** e confirme.
+
+## Habilitar métricas da API Rails
+
+Descomente o job `prostaff-api` em `monitoring/prometheus.yml` após adicionar
+a gem `prometheus-client` e expor o endpoint `/metrics` nas rotas.
+
+## Parar
+
+```bash
+docker compose -f docker-compose.monitoring.yml down
+```
+
+Para remover volumes (apaga histórico de métricas):
+
+```bash
+docker compose -f docker-compose.monitoring.yml down -v
+```
diff --git a/monitoring/grafana/provisioning/dashboards/dashboard.yml b/monitoring/grafana/provisioning/dashboards/dashboard.yml
@@ -0,0 +1,11 @@
+apiVersion: 1
+
+providers:
+  - name: 'ProStaff'
+    orgId: 1
+    type: file
+    disableDeletion: false
+    updateIntervalSeconds: 30
+    allowUiUpdates: true
+    options:
+      path: /var/lib/grafana/dashboards
diff --git a/monitoring/grafana/provisioning/datasources/prometheus.yml b/monitoring/grafana/provisioning/datasources/prometheus.yml
@@ -0,0 +1,11 @@
+apiVersion: 1
+
+datasources:
+  - name: Prometheus
+    type: prometheus
+    access: proxy
+    url: http://prometheus:9090
+    isDefault: true
+    editable: false
+    jsonData:
+      timeInterval: '15s'
diff --git a/monitoring/prometheus.yml b/monitoring/prometheus.yml
@@ -0,0 +1,34 @@
+global:
+  scrape_interval: 15s
+  evaluation_interval: 15s
+  external_labels:
+    project: 'prostaff'
+    env: 'production'
+
+scrape_configs:
+  - job_name: 'prometheus'
+    static_configs:
+      - targets: ['localhost:9090']
+
+  - job_name: 'node-exporter'
+    static_configs:
+      - targets: ['node-exporter:9100']
+
+  - job_name: 'cadvisor'
+    static_configs:
+      - targets: ['cadvisor:8080']
+    # cAdvisor expõe métricas em /metrics por padrão
+
+  # Habilitar quando a gem prometheus-client for adicionada à API Rails
+  # e o endpoint /metrics for exposto em config/routes.rb
+  # - job_name: 'prostaff-api'
+  #   static_configs:
+  #     - targets: ['api:3000']
+  #   metrics_path: '/metrics'
+  #   scheme: http
+
+  # Habilitar quando o scraper expor métricas Prometheus
+  # - job_name: 'scraper-api'
+  #   static_configs:
+  #     - targets: ['scraper-api:8000']
+  #   metrics_path: '/metrics'
