uptime-bench/fleet.example.toml at trunk · Automattic/uptime-bench · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
# uptime-bench fleet configuration
#
# Copy to fleet.toml and edit for your environment.
# fleet.toml is NOT committed — it contains hostnames, IPs, and credentials.
# This example file IS committed and serves as the reference format.

# ---------------------------------------------------------------------------
# Control plane
# ---------------------------------------------------------------------------

[control]
# Timeout for control plane requests to any fleet member.
timeout = "10s"

# Shared token for authenticating harness requests to fleet member control APIs.
# All fleet members must be configured with this same token.
# In production, point this at a file with restricted permissions (0600).
# Locally, set CONTROL_TOKEN in .env instead.
auth_token_file = "/etc/uptime-bench/control-token"

# ---------------------------------------------------------------------------
# Adapter call budgets
# ---------------------------------------------------------------------------
# Per-adapter API call limits. The harness aborts a run with
# resolution_reason = "budget_exceeded" if any adapter reaches its limit.
# If an adapter is not listed here, the adapter's own default (MaxCallsPerRun
# in Capabilities) applies. Set to 0 for unlimited (self-hosted services).
#
# How to estimate: (run_duration + grace_period) / check_frequency * 2
# gives a rough upper bound for Retrieve polling calls per run.

[adapters.jetmon-v1]
max_calls_per_run = 0          # self-hosted, no API cost

[adapters.uptimerobot]
max_calls_per_run = 100

[adapters.pingdom]
max_calls_per_run = 100

[adapters.datadog-synthetics]
max_calls_per_run = 200

[adapters.better-uptime]
max_calls_per_run = 100

# ---------------------------------------------------------------------------
# Nameservers
# ---------------------------------------------------------------------------
# The fleet's authoritative DNS nameservers. At least two entries are required
# to use dns_ns_unavailable scenarios. All nameservers in this list serve as
# NS records for every domain listed in their [[nameservers.domains]] array.
#
# The nameserver binary listens on dns_port for DNS traffic and on
# control_port for harness control commands. Both are required.

[[nameservers]]
id           = "ns-01"
address      = "203.0.113.10"
control_port = 9100
dns_port     = 53
domains      = ["bench.example.com", "probe.example.net"]
# Public hostnames the registrar's NS + glue records advertise for
# this member. The DNS server emits authoritative A records for these
# so the child zone matches the parent's glue (RFC 1034 §4.2.2);
# without them, in-bailiwick nameservers return NXDOMAIN for their
# own hostnames and DNSSEC / monitoring-service preflight checks may
# flag the zone as inconsistent.
hosts        = ["ns1.bench.example.com", "ns1.probe.example.net"]

[[nameservers]]
id           = "ns-02"
address      = "203.0.113.11"
control_port = 9100
dns_port     = 53
domains      = ["bench.example.com", "probe.example.net"]
hosts        = ["ns2.bench.example.com", "ns2.probe.example.net"]

# ---------------------------------------------------------------------------
# Target servers
# ---------------------------------------------------------------------------
# Each [[targets]] entry is one server running the uptime-bench target binary.
# A single server hosts multiple virtual hosts (sites). Sites are distinguished
# by Host header (HTTP) and SNI (TLS). Failure state is tracked per
# (host, path) pair — multiple failures can be active simultaneously
# across sites and paths on the same server.
#
# The target binary listens on ports 80 and 443 for monitor traffic and on
# control_port for harness control commands.

[[targets]]
id           = "target-01"
address      = "203.0.113.20"
control_port = 9000

  [[targets.sites]]
  id    = "bench-a"
  host  = "bench-a.bench.example.com"
  paths = ["/", "/api/health", "/shop"]

  [[targets.sites]]
  id    = "bench-b"
  host  = "bench-b.bench.example.com"
  paths = ["/", "/blog"]

  # Optional generated host range for capacity tests. The DNS server resolves
  # matching names without expanding each hostname into fleet.toml, and the
  # target HTTP server serves arbitrary Host headers from the same binary.
  # This example covers site-0000001.load.bench.example.com through
  # site-1000000.load.bench.example.com.
  [[targets.generated_sites]]
  id           = "load"
  host_pattern = "site-%07d.load.bench.example.com"
  start        = 1
  count        = 1000000
  paths        = ["/"]

[[targets]]
id           = "target-02"
address      = "203.0.113.21"
control_port = 9000

  [[targets.sites]]
  id    = "probe-a"
  host  = "probe-a.probe.example.net"
  paths = ["/", "/api"]

  [[targets.sites]]
  id    = "probe-b"
  host  = "probe-b.probe.example.net"
  paths = ["/"]

# ---------------------------------------------------------------------------
# Domains
# ---------------------------------------------------------------------------
# Domain-level configuration. Links each domain to its registered nameservers
# and sets the TTL for all records under the domain. Keep TTL low (≤30s) so
# failure injection and recovery propagate quickly to resolvers.
#
# nameservers must match [[nameservers]] ids defined above.
# nameserver_hosts is optional. Use it when the parent zone delegates to
# out-of-zone NS hostnames, or when one nameserver member has multiple public
# hostnames and a domain should publish only a specific pair.

[[domains]]
name        = "bench.example.com"
registrar   = "Namecheap"
nameservers = ["ns-01", "ns-02"]
nameserver_hosts = ["ns1.bench.example.com", "ns2.bench.example.com"]
ttl         = 30

[[domains]]
name        = "probe.example.net"
registrar   = "Namecheap"
nameservers = ["ns-01", "ns-02"]
nameserver_hosts = ["ns1.probe.example.net", "ns2.probe.example.net"]
ttl         = 30

# ---------------------------------------------------------------------------
# Certmint
# ---------------------------------------------------------------------------
# The certificate-library producer. Optional: a fleet without certmint can
# still run scenarios that don't need real-CA TLS expiration coverage,
# falling back to fleet-CA / generated certs.
#
# When configured, the harness reads this section and forwards the
# library URL to targets at provision time so each target's TLS listener
# polls certmint for new manifest entries. The same shared CONTROL_TOKEN
# used elsewhere in the fleet authenticates the polling.

[certmint]
id           = "certmint-01"
address      = "203.0.113.30"
library_port = 9200