Configure OpenTelemetry
TheIdServer can export OpenTelemetry data.
Traces
Service
The service configuration is used to setup the source name and resource.
{
"OpenTelemetryOptions": {
"Trace": {
"Service": {
"Name": "TheIdServer.Duende",
"Version": "4.6.0"
}
}
}
}
The Service node is deserialized in a ServiceOptions instance used in :
builder.AddSource(serviceOptions.Name)
.SetResourceBuilder(ResourceBuilder.CreateDefault().AddService(serviceOptions.Name,
serviceOptions.Namespace,
serviceOptions.Version,
serviceOptions.AutoGenerateServiceInstanceId,
serviceOptions.InstanceId));
Sources
The sources array can be used to add sources such as Duende.IdentityServer.* sources.
{
"OpenTelemetryOptions": {
"Trace": {
"Sources": [
"Duende.IdentityServer.Stores",
"Duende.IdentityServer.Cache",
"Duende.IdentityServer.Services",
"Duende.IdentityServer.Validation"
]
}
}
}
Instrumentations
TheIdServer enables instrumentation for:
- HttpClient
- Incoming requests
- SqlClient
- Redis
Each part can be configurd using the Instrumentation node.
HttpClient
{
"OpenTelemetryOptions": {
"Trace": {
"Instrumentation": {
"HttpClient": {
"RecordException": true,
"SetHttpFlavor": true
}
}
}
}
}
HttpClient is deserialized into a HttpClientInstrumentationOptions instance.
Incoming requests
{
"OpenTelemetryOptions": {
"Trace": {
"Instrumentation": {
"AspNetCore": {
"RecordException": true,
"EnableGrpcAspNetCoreSupport": true
}
}
}
}
}
AspNetCore is deserialized into a AspNetCoreInstrumentationOptions instance.
SqlClient
{
"OpenTelemetryOptions": {
"Trace": {
"Instrumentation": {
"SqlClient": {
"RecordException": true,
"EnableConnectionLevelAttributes": true,
"SetDbStatementForText": true,
"SetDbStatementForStoredProcedure": true
}
}
}
}
}
SqlClient is deserialized into a SqlClientInstrumentationOptions instance.
Redis
To enable the Redis instumentation you need to define the Redis connection string:
{
"OpenTelemetryOptions": {
"Trace": {
"Instrumentation": {
"Redis": {
"ConnectionString": "localhost",
"FlushInterval": "0:0:10",
"SetVerboseDatabaseStatements": true,
}
}
}
}
}
Redis is deserialized into a RedisOptions instance.
Exporters
Console
To enable the console exporter set ConsoleEnabled:
{
"OpenTelemetryOptions": {
"Trace": {
"ConsoleEnabled": true
}
}
}
OTLP endpoint or Collector
To enable the OTLP endpoint or Collector setup the OpenTelemetryProtocol node:
{
"OpenTelemetryOptions": {
"Trace": {
"OpenTelemetryProtocol": {
"Endpoint": "https://exemple.com", //required
"ExportProcessorType": "Batch",
"Protocol": "HttpProtobuf" ,
"TimeoutMilliseconds": 10000,
"BatchExportProcessorOptions": {
"BatchExportProcessorOptions": 2048,
"ScheduledDelayMilliseconds": 5000,
"ExporterTimeoutMilliseconds": 30000,
"MaxExportBatchSize": 512
}
}
}
}
}
OpenTelemetryProtocol is deserialized into a OtlpExporterOptions instance.
Zipkin
To enable Zipkin exporter setup the Zipkin node:
{
"OpenTelemetryOptions": {
"Trace": {
"Zipkin": {
"Endpoint": "https://exemple.com", //required
"ExportProcessorType": "Batch",
"MaxPayloadSizeInBytes": 4096,
"UseShortTraceIds": true,
"BatchExportProcessorOptions": {
"BatchExportProcessorOptions": 2048,
"ScheduledDelayMilliseconds": 5000,
"ExporterTimeoutMilliseconds": 30000,
"MaxExportBatchSize": 512
}
}
}
}
}
Zipkin is deserialized into a ZipkinExporterOptions instance.
Honeycomb
To enable Honeycomb exporter setup the Honeycomb node:
{
"OpenTelemetryOptions": {
"Trace": {
"Honeycomb": {
"ApiKey": "my-haneycomb-api-key", //required
"Dataset": "TheIdServer", //required,
"TracesApiKey": "my-haneycomb-traces-api-key",
"MetricsApiKey": "my-haneycomb-metrics-api-key",
"TracesDataset": "TheIdServer-traces",
"MetricsDataset": "TheIdServer-metrics",
"Endpoint": "https://api.honeycomb.io:443",
"TracesEndpoint": "https://api.honeycomb.io:443",
"MetricsEndpoint": "https://api.honeycomb.io:443",
"SampleRate": 1,
"ServiceName": "TheIdServer",
"ServiceVersion": "4.6.0",
"InstrumentHttpClient": true,
"InstrumentSqlClient": true,
"InstrumentGrpcClient": true,
"InstrumentStackExchangeRedisClient": true,
"MeterNames": [
"TheIdServer"
]
}
}
}
}
Honeycomb is deserialized into a HoneycombOptions instance.
Metrics
TheIdServer expose incoming requests and HttpClient metrics.
Exporters
Console
To enable the console exporter set Console node:
{
"OpenTelemetryOptions": {
"Metrics": {
"Console": {
"Targets": "Console",
"MetricReaderType": "Cumulative",
"MetricReaderType": "Manual",
"PeriodicExportingMetricReaderOptions": {
"ExportIntervalMilliseconds": 60000,
"ExportTimeoutMilliseconds": 60000
}
}
}
}
}
Console is deserialized into a ConsoleOptions instance.
OTLP endpoint or Collector
To enable the OTLP endpoint or Collector setup the OpenTelemetryProtocol node:
{
"OpenTelemetryOptions": {
"Metrics": {
"OpenTelemetryProtocol": {
"Endpoint": "https://exemple.com", //required
"ExportProcessorType": "Batch",
"Protocol": "HttpProtobuf" ,
"TimeoutMilliseconds": 10000,
"BatchExportProcessorOptions": {
"BatchExportProcessorOptions": 2048,
"ScheduledDelayMilliseconds": 5000,
"ExporterTimeoutMilliseconds": 30000,
"MaxExportBatchSize": 512
}
}
}
}
}
OpenTelemetryProtocol is deserialized into a OtlpExporterOptions instance.
Prometheus
To enable the Prometheus exporter set Prometheus node:
{
"OpenTelemetryOptions": {
"Metrics": {
"Prometheus": {
"Protected": false,
"StartHttpListener": false,
"HttpListenerPrefixes": [
"http://localhost:9090"
],
"ScrapeEndpointPath": "/metrics",
"ScrapeResponseCacheDurationMilliseconds": 10000
}
}
}
}
Prometheus is deserialized into a PrometheusOptions instance.
You can protect the metrics endpoint if you don't want it be accessible to anonimous user.
{
"OpenTelemetryOptions": {
"Metrics": {
"Prometheus": {
"Protected": true,
}
}
}
}
When protected the metirc endpoint can be accessed if the user has the role Is4-Reader. Setup a client_credential client with a claim of type = role and value = Is4-Reader you'll use in the prometheus job's oauth2 configuration.
Your prometheus.yaml can look like :
scrape_configs:
- job_name: "theidserver"
scheme: "https"
oauth2:
client_id: "prometheus"
client_secret: "your.prometheus-client-secret"
token_url: "https://theidserver.myorg.com/connect/token"
scopes:
- "theidservertokenapi"
static_configs:
- targets:
- "theidserver.myorg.com"
Honeycomb
To enable Honeycomb exporter setup the Honeycomb node:
{
"OpenTelemetryOptions": {
"Metrics": {
"Honeycomb": {
"ApiKey": "my-haneycomb-api-key", //required
"Dataset": "TheIdServer", //required,
"TracesApiKey": "my-haneycomb-traces-api-key",
"MetricsApiKey": "my-haneycomb-metrics-api-key",
"TracesDataset": "TheIdServer-traces",
"MetricsDataset": "TheIdServer-metrics",
"Endpoint": "https://api.honeycomb.io:443",
"TracesEndpoint": "https://api.honeycomb.io:443",
"MetricsEndpoint": "https://api.honeycomb.io:443",
"SampleRate": 1,
"ServiceName": "TheIdServer",
"ServiceVersion": "4.6.0",
"InstrumentHttpClient": true,
"InstrumentSqlClient": true,
"InstrumentGrpcClient": true,
"InstrumentStackExchangeRedisClient": true,
"MeterNames": [
"TheIdServer"
]
}
}
}
}