github.com/thanos-io/thanos@v0.32.5/docs/components/store.md

github.com/thanos-io/thanos@v0.32.5/docs/components/store.md (about)

1 # Store
2
3 The `thanos store` command (also known as Store Gateway) implements the Store API on top of historical data in an object storage bucket. It acts primarily as an API gateway and therefore does not need significant amounts of local disk space. It joins a Thanos cluster on startup and advertises the data it can access. It keeps a small amount of information about all remote blocks on local disk and keeps it in sync with the bucket. This data is generally safe to delete across restarts at the cost of increased startup times.
4
5 ```bash
6 thanos store \
7 --data-dir "/local/state/data/dir" \
8 --objstore.config-file "bucket.yml"
9 ```
10
11 The content of `bucket.yml`:
12
13 ```yaml mdox-exec="go run scripts/cfggen/main.go --name=gcs.Config"
14 type: GCS
15 config:
16 bucket: ""
17 service_account: ""
18 prefix: ""
19 ```
20
21 In general, an average of 6 MB of local disk space is required per TSDB block stored in the object storage bucket, but for high cardinality blocks with large label set it can even go up to 30MB and more. It is for the pre-computed index, which includes symbols and postings offsets as well as metadata JSON.
22
23 ## Flags
24
25 ```$ mdox-exec="thanos store --help"
26 usage: thanos store [<flags>]
27
28 Store node giving access to blocks in a bucket provider. Now supported GCS, S3,
29 Azure, Swift, Tencent COS and Aliyun OSS.
30
31 Flags:
32 --block-meta-fetch-concurrency=32
33 Number of goroutines to use when fetching block
34 metadata from object storage.
35 --block-sync-concurrency=20
36 Number of goroutines to use when constructing
37 index-cache.json blocks from object storage.
38 Must be equal or greater than 1.
39 --bucket-web-label=BUCKET-WEB-LABEL
40 External block label to use as group title in
41 the bucket web UI
42 --cache-index-header Cache TSDB index-headers on disk to reduce
43 startup time. When set to true, Thanos Store
44 will download index headers from remote object
45 storage on startup and create a header file on
46 disk. Use --data-dir to set the directory in
47 which index headers will be downloaded.
48 --chunk-pool-size=2GB Maximum size of concurrently allocatable
49 bytes reserved strictly to reuse for chunks in
50 memory.
51 --consistency-delay=0s Minimum age of all blocks before they are
52 being read. Set it to safe value (e.g 30m) if
53 your object storage is eventually consistent.
54 GCS and S3 are (roughly) strongly consistent.
55 --data-dir="./data" Local data directory used for caching
56 purposes (index-header, in-mem cache items and
57 meta.jsons). If removed, no data will be lost,
58 just store will have to rebuild the cache.
59 NOTE: Putting raw blocks here will not
60 cause the store to read them. For such use
61 cases use Prometheus + sidecar. Ignored if
62 --no-cache-index-header option is specified.
63 --grpc-address="0.0.0.0:10901"
64 Listen ip:port address for gRPC endpoints
65 (StoreAPI). Make sure this address is routable
66 from other components.
67 --grpc-grace-period=2m Time to wait after an interrupt received for
68 GRPC Server.
69 --grpc-server-max-connection-age=60m
70 The grpc server max connection age. This
71 controls how often to re-establish connections
72 and redo TLS handshakes.
73 --grpc-server-tls-cert="" TLS Certificate for gRPC server, leave blank to
74 disable TLS
75 --grpc-server-tls-client-ca=""
76 TLS CA to verify clients against. If no
77 client CA is specified, there is no client
78 verification on server side. (tls.NoClientCert)
79 --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to
80 disable TLS
81 -h, --help Show context-sensitive help (also try
82 --help-long and --help-man).
83 --http-address="0.0.0.0:10902"
84 Listen host:port for HTTP endpoints.
85 --http-grace-period=2m Time to wait after an interrupt received for
86 HTTP Server.
87 --http.config="" [EXPERIMENTAL] Path to the configuration file
88 that can enable TLS or authentication for all
89 HTTP endpoints.
90 --ignore-deletion-marks-delay=24h
91 Duration after which the blocks marked for
92 deletion will be filtered out while fetching
93 blocks. The idea of ignore-deletion-marks-delay
94 is to ignore blocks that are marked for
95 deletion with some delay. This ensures store
96 can still serve blocks that are meant to be
97 deleted but do not have a replacement yet.
98 If delete-delay duration is provided to
99 compactor or bucket verify component,
100 it will upload deletion-mark.json file to
101 mark after what duration the block should
102 be deleted rather than deleting the block
103 straight away. If delete-delay is non-zero
104 for compactor or bucket verify component,
105 ignore-deletion-marks-delay should be set
106 to (delete-delay)/2 so that blocks marked
107 for deletion are filtered out while fetching
108 blocks before being deleted from bucket.
109 Default is 24h, half of the default value for
110 --delete-delay on compactor.
111 --index-cache-size=250MB Maximum size of items held in the in-memory
112 index cache. Ignored if --index-cache.config or
113 --index-cache.config-file option is specified.
114 --index-cache.config=<content>
115 Alternative to 'index-cache.config-file'
116 flag (mutually exclusive). Content of
117 YAML file that contains index cache
118 configuration. See format details:
119 https://thanos.io/tip/components/store.md/#index-cache
120 --index-cache.config-file=<file-path>
121 Path to YAML file that contains index
122 cache configuration. See format details:
123 https://thanos.io/tip/components/store.md/#index-cache
124 --log.format=logfmt Log format to use. Possible options: logfmt or
125 json.
126 --log.level=info Log filtering level.
127 --max-time=9999-12-31T23:59:59Z
128 End of time range limit to serve. Thanos Store
129 will serve only blocks, which happened earlier
130 than this value. Option can be a constant time
131 in RFC3339 format or time duration relative
132 to current time, such as -1d or 2h45m. Valid
133 duration units are ms, s, m, h, d, w, y.
134 --min-time=0000-01-01T00:00:00Z
135 Start of time range limit to serve. Thanos
136 Store will serve only metrics, which happened
137 later than this value. Option can be a constant
138 time in RFC3339 format or time duration
139 relative to current time, such as -1d or 2h45m.
140 Valid duration units are ms, s, m, h, d, w, y.
141 --objstore.config=<content>
142 Alternative to 'objstore.config-file'
143 flag (mutually exclusive). Content of
144 YAML file that contains object store
145 configuration. See format details:
146 https://thanos.io/tip/thanos/storage.md/#configuration
147 --objstore.config-file=<file-path>
148 Path to YAML file that contains object
149 store configuration. See format details:
150 https://thanos.io/tip/thanos/storage.md/#configuration
151 --request.logging-config=<content>
152 Alternative to 'request.logging-config-file'
153 flag (mutually exclusive). Content
154 of YAML file with request logging
155 configuration. See format details:
156 https://thanos.io/tip/thanos/logging.md/#configuration
157 --request.logging-config-file=<file-path>
158 Path to YAML file with request logging
159 configuration. See format details:
160 https://thanos.io/tip/thanos/logging.md/#configuration
161 --selector.relabel-config=<content>
162 Alternative to 'selector.relabel-config-file'
163 flag (mutually exclusive). Content of
164 YAML file that contains relabeling
165 configuration that allows selecting
166 blocks. It follows native Prometheus
167 relabel-config syntax. See format details:
168 https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
169 --selector.relabel-config-file=<file-path>
170 Path to YAML file that contains relabeling
171 configuration that allows selecting
172 blocks. It follows native Prometheus
173 relabel-config syntax. See format details:
174 https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
175 --store.enable-index-header-lazy-reader
176 If true, Store Gateway will lazy memory map
177 index-header only once the block is required by
178 a query.
179 --store.grpc.downloaded-bytes-limit=0
180 Maximum amount of downloaded (either
181 fetched or touched) bytes in a single
182 Series/LabelNames/LabelValues call. The Series
183 call fails if this limit is exceeded. 0 means
184 no limit.
185 --store.grpc.series-max-concurrency=20
186 Maximum number of concurrent Series calls.
187 --store.grpc.series-sample-limit=0
188 DEPRECATED: use store.limits.request-samples.
189 --store.grpc.touched-series-limit=0
190 DEPRECATED: use store.limits.request-series.
191 --store.limits.request-samples=0
192 The maximum samples allowed for a single
193 Series request, The Series call fails if
194 this limit is exceeded. 0 means no limit.
195 NOTE: For efficiency the limit is internally
196 implemented as 'chunks limit' considering each
197 chunk contains a maximum of 120 samples.
198 --store.limits.request-series=0
199 The maximum series allowed for a single Series
200 request. The Series call fails if this limit is
201 exceeded. 0 means no limit.
202 --sync-block-duration=3m Repeat interval for syncing the blocks between
203 local and remote view.
204 --tracing.config=<content>
205 Alternative to 'tracing.config-file' flag
206 (mutually exclusive). Content of YAML file
207 with tracing configuration. See format details:
208 https://thanos.io/tip/thanos/tracing.md/#configuration
209 --tracing.config-file=<file-path>
210 Path to YAML file with tracing
211 configuration. See format details:
212 https://thanos.io/tip/thanos/tracing.md/#configuration
213 --version Show application version.
214 --web.disable Disable Block Viewer UI.
215 --web.disable-cors Whether to disable CORS headers to be set by
216 Thanos. By default Thanos sets CORS headers to
217 be allowed by all.
218 --web.external-prefix="" Static prefix for all HTML links and redirect
219 URLs in the bucket web UI interface.
220 Actual endpoints are still served on / or the
221 web.route-prefix. This allows thanos bucket
222 web UI to be served behind a reverse proxy that
223 strips a URL sub-path.
224 --web.prefix-header="" Name of HTTP request header used for dynamic
225 prefixing of UI links and redirects.
226 This option is ignored if web.external-prefix
227 argument is set. Security risk: enable
228 this option only if a reverse proxy in
229 front of thanos is resetting the header.
230 The --web.prefix-header=X-Forwarded-Prefix
231 option can be useful, for example, if Thanos
232 UI is served via Traefik reverse proxy with
233 PathPrefixStrip option enabled, which sends the
234 stripped prefix value in X-Forwarded-Prefix
235 header. This allows thanos UI to be served on a
236 sub-path.
237
238 ```
239
240 ## Time based partitioning
241
242 By default Thanos Store Gateway looks at all the data in Object Store and returns it based on query's time range.
243
244 Thanos Store `--min-time`, `--max-time` flags allows you to shard Thanos Store based on constant time or time duration relative to current time.
245
246 For example setting: `--min-time=-6w` & `--max-time=-2w` will make Thanos Store Gateway return metrics that fall within `now - 6 weeks` up to `now - 2 weeks` time range.
247
248 Constant time needs to be set in RFC3339 format. For example `--min-time=2018-01-01T00:00:00Z`, `--max-time=2019-01-01T23:59:59Z`.
249
250 Thanos Store Gateway might not get new blocks immediately, as Time partitioning is partly done in asynchronous block synchronization job, which is by default done every 3 minutes. Additionally some of the Object Store implementations provide eventual read-after-write consistency, which means that Thanos Store might not immediately get newly created & uploaded blocks anyway.
251
252 We recommend having overlapping time ranges with Thanos Sidecar and other Thanos Store gateways as this will improve your resiliency to failures.
253
254 Thanos Querier deals with overlapping time series by merging them together.
255
256 Filtering is done on a [Chunk](../design.md#chunk) level, so Thanos Store might still return Samples which are outside of `--min-time` & `--max-time`.
257
258 ### External Label Partitioning (Sharding)
259
260 Check more [here](../sharding.md).
261
262 ## Probes
263
264 - Thanos Store exposes two endpoints for probing.
265 - `/-/healthy` starts as soon as initial setup is completed.
266 - `/-/ready` starts after all the bootstrapping completed (e.g initial index building) and ready to serve traffic.
267
268 > NOTE: Metric endpoint starts immediately so, make sure you set up readiness probe on designated HTTP `/-/ready` path.
269
270 ## Index cache
271
272 Thanos Store Gateway supports an index cache to speed up postings and series lookups from TSDB blocks indexes. Three types of caches are supported:
273
274 - `in-memory` (*default*)
275 - `memcached`
276 - `redis`
277
278 ### In-memory index cache
279
280 The `in-memory` index cache is enabled by default and its max size can be configured through the flag `--index-cache-size`.
281
282 Alternatively, the `in-memory` index cache can also be configured using `--index-cache.config-file` to reference the configuration file or `--index-cache.config` to put yaml config directly:
283
284 ```yaml mdox-exec="go run scripts/cfggen/main.go --name=storecache.InMemoryIndexCacheConfig"
285 type: IN-MEMORY
286 config:
287 max_size: 0
288 max_item_size: 0
289 ```
290
291 All the settings are **optional**:
292
293 - `max_size`: overall maximum number of bytes cache can contain. The value should be specified with a bytes unit (ie. `250MB`).
294 - `max_item_size`: maximum size of single item, in bytes. The value should be specified with a bytes unit (ie. `125MB`).
295
296 ### Memcached index cache
297
298 The `memcached` index cache allows to use [Memcached](https://memcached.org) as cache backend. This cache type is configured using `--index-cache.config-file` to reference the configuration file or `--index-cache.config` to put yaml config directly:
299
300 ```yaml mdox-exec="go run scripts/cfggen/main.go --name=cacheutil.MemcachedClientConfig"
301 type: MEMCACHED
302 config:
303 addresses: []
304 timeout: 0s
305 max_idle_connections: 0
306 max_async_concurrency: 0
307 max_async_buffer_size: 0
308 max_get_multi_concurrency: 0
309 max_item_size: 0
310 max_get_multi_batch_size: 0
311 dns_provider_update_interval: 0s
312 auto_discovery: false
313 ```
314
315 The **required** settings are:
316
317 - `addresses`: list of memcached addresses, that will get resolved with the [DNS service discovery](../service-discovery.md#dns-service-discovery) provider. If your cluster supports auto-discovery, you should use the flag `auto_discovery` instead and only point to *one of* the memcached servers. This typically means that there should be only one address specified that resolves to any of the alive memcached servers. Use this for Amazon ElastiCache and other similar services.
318
319 While the remaining settings are **optional**:
320
321 - `timeout`: the socket read/write timeout.
322 - `max_idle_connections`: maximum number of idle connections that will be maintained per address.
323 - `max_async_concurrency`: maximum number of concurrent asynchronous operations can occur.
324 - `max_async_buffer_size`: maximum number of enqueued asynchronous operations allowed.
325 - `max_get_multi_concurrency`: maximum number of concurrent connections when fetching keys. If set to `0`, the concurrency is unlimited.
326 - `max_get_multi_batch_size`: maximum number of keys a single underlying operation should fetch. If more keys are specified, internally keys are splitted into multiple batches and fetched concurrently, honoring `max_get_multi_concurrency`. If set to `0`, the batch size is unlimited.
327 - `max_item_size`: maximum size of an item to be stored in memcached. This option should be set to the same value of memcached `-I` flag (defaults to 1MB) in order to avoid wasting network round trips to store items larger than the max item size allowed in memcached. If set to `0`, the item size is unlimited.
328 - `dns_provider_update_interval`: the DNS discovery update interval.
329 - `auto_discovery`: whether to use the auto-discovery mechanism for memcached.
330
331 ### Redis index cache
332
333 The `redis` index cache allows to use [Redis](https://redis.io) as cache backend. This cache type is configured using `--index-cache.config-file` to reference the configuration file or `--index-cache.config` to put yaml config directly:
334
335 ```yaml mdox-exec="go run scripts/cfggen/main.go --name=cacheutil.RedisClientConfig"
336 type: REDIS
337 config:
338 addr: ""
339 username: ""
340 password: ""
341 db: 0
342 dial_timeout: 5s
343 read_timeout: 3s
344 write_timeout: 3s
345 max_get_multi_concurrency: 100
346 get_multi_batch_size: 100
347 max_set_multi_concurrency: 100
348 set_multi_batch_size: 100
349 tls_enabled: false
350 tls_config:
351 ca_file: ""
352 cert_file: ""
353 key_file: ""
354 server_name: ""
355 insecure_skip_verify: false
356 cache_size: 0
357 master_name: ""
358 max_async_buffer_size: 10000
359 max_async_concurrency: 20
360 ```
361
362 The **required** settings are:
363
364 - `addr`: redis server address.
365
366 While the remaining settings are **optional**:
367
368 - `username`: the username to connect to redis, only redis 6.0 and grater need this field.
369 - `password`: the password to connect to redis.
370 - `db`: the database to be selected after connecting to the server.
371 - `dial_timeout`: the redis dial timeout.
372 - `read_timeout`: the redis read timeout.
373 - `write_timeout`: the redis write timeout.
374 - `cache_size` size of the in-memory cache used for client-side caching. Client-side caching is enabled when this value is not zero. See [official documentation](https://redis.io/docs/manual/client-side-caching/) for more. It is highly recommended to enable this so that Thanos Store would not need to continuously retrieve data from Redis for repeated requests of the same key(-s).
375
376 Here is an example of what effect client-side caching could have:
377
378 <img src="../img/rueidis-client-side.png" class="img-fluid" alt="Example of client-side in action - reduced network usage by a lot"/>
379
380 - `pool_size`: maximum number of socket connections.
381 - `min_idle_conns`: specifies the minimum number of idle connections which is useful when establishing new connection is slow.
382 - `idle_timeout`: amount of time after which client closes idle connections. Should be less than server's timeout.
383 - `max_conn_age`: connection age at which client retires (closes) the connection.
384 - `max_get_multi_concurrency`: specifies the maximum number of concurrent GetMulti() operations.
385 - `get_multi_batch_size`: specifies the maximum size per batch for mget.
386 - `max_set_multi_concurrency`: specifies the maximum number of concurrent SetMulti() operations.
387 - `set_multi_batch_size`: specifies the maximum size per batch for pipeline set.
388 - `tls_enabled`: enables the use of TLS to connect to redis
389 - `tls_config`: TLS connection configuration:
390 - `ca_file`: path to Root CA certificate file to use
391 - `cert_file`: path to Client Certificate file to use
392 - `key_file`: path to the Key file for cert_file (NOTE: Both this and `cert_file` must be set if used)
393 - `servername`: Override the server name used to validate the server certificate
394 - `insecure_skip_verify`: Disable certificate verification
395
396 ## Caching Bucket
397
398 Thanos Store Gateway supports a "caching bucket" with [chunks](../design.md#chunk) and metadata caching to speed up loading of [chunks](../design.md#chunk) from TSDB blocks. To configure caching, one needs to use `--store.caching-bucket.config=<yaml content>` or `--store.caching-bucket.config-file=<file.yaml>`.
399
400 memcached/in-memory/redis cache "backend"s are supported:
401
402 ```yaml
403 type: MEMCACHED # Case-insensitive
404 config:
405 addresses: []
406 timeout: 500ms
407 max_idle_connections: 100
408 max_async_concurrency: 20
409 max_async_buffer_size: 10000
410 max_item_size: 1MiB
411 max_get_multi_concurrency: 100
412 max_get_multi_batch_size: 0
413 dns_provider_update_interval: 10s
414 chunk_subrange_size: 16000
415 max_chunks_get_range_requests: 3
416 chunk_object_attrs_ttl: 24h
417 chunk_subrange_ttl: 24h
418 blocks_iter_ttl: 5m
419 metafile_exists_ttl: 2h
420 metafile_doesnt_exist_ttl: 15m
421 metafile_content_ttl: 24h
422 metafile_max_size: 1MiB
423 ```
424
425 - `config` field for memcached supports all the same configuration as memcached for [index cache](#memcached-index-cache). `addresses` in the config field is a **required** setting
426 - `config` field for redis supports all the same configuration as redis for [index cache](#redis-index-cache).
427
428 Additional options to configure various aspects of [chunks](../design.md#chunk) cache are available:
429
430 - `chunk_subrange_size`: size of segment of [chunks](../design.md#chunk) object that is stored to the cache. This is the smallest unit that chunks cache is working with.
431 - `max_chunks_get_range_requests`: how many "get range" sub-requests may cache perform to fetch missing subranges.
432 - `chunk_object_attrs_ttl`: how long to keep information about [chunk file](../design.md#chunk-file) attributes (e.g. size) in the cache.
433 - `chunk_subrange_ttl`: how long to keep individual subranges in the cache.
434
435 Following options are used for metadata caching (meta.json files, deletion mark files, iteration result):
436
437 - `blocks_iter_ttl`: how long to cache result of iterating blocks.
438 - `metafile_exists_ttl`: how long to cache information about whether meta.json or deletion mark file exists.
439 - `metafile_doesnt_exist_ttl`: how long to cache information about whether meta.json or deletion mark file doesn't exist.
440 - `metafile_content_ttl`: how long to cache content of meta.json and deletion mark files.
441 - `metafile_max_size`: maximum size of cached meta.json and deletion mark file. Larger files are not cached.
442
443 The yml structure for setting the in memory cache configs for caching bucket is the same as the [in-memory index cache](#in-memory-index-cache) and all the options to configure Caching Bucket mentioned above can be used.
444
445 In addition to the same cache backends memcached/in-memory/redis, caching bucket supports another type of backend.
446
447 ### *EXPERIMENTAL* Groupcache Caching Bucket Provider
448
449 Groupcache is an experimental cache backend for the caching bucket introduced from version `v0.25` of Thanos.
450
451 With groupcache, you do not need any external components for the caching layer because the caching layer becomes shared between all of the processes of Thanos Store. Another benefit that it provides is that it is a cache filling library meaning that given enough space in memory, the values will only be loaded once. For example, if the same metric is used in multiple concurrent queries then with groupcache Thanos Store would only load the metric's data from remote object storage once.
452
453 All in all, it should be a superior caching solution to all other currently supported solutions. It just needs some battle-testing. So, help is needed with testing in real life scenarios! Please create an issue if you've found any problem. 🤗
454
455 Here is how it looks like:
456
457 <img src="../img/groupcache.png" class="img-fluid" alt="Example of a groupcache group showing that each Thanos Store instance communicates with all others in the group"/>
458
459 Note that with groupcache enabled, new routes are registered on the HTTP server with the prefix `/_groupcache`. Using those routes, anyone can access any kind of data in the configured remote object storage. So, if you are exposing your Thanos Store to the Internet then it is highly recommended to use a reverse proxy in front and disable access to `/_groupcache/...`.
460
461 Currently TLS *is* supported but on the client's side no verification is done of the received certificate. This will be added in the future. HTTP2 over cleartext is also enabled to improve the performance for users that don't use TLS.
462
463 Example configuration that you could provide to the caching bucket configuration flags with the explanation of each configuration key:
464
465 ```yaml
466 type: GROUPCACHE
467 config:
468 self_url: http://10.123.22.3:8080
469 peers:
470 - http://10.123.22.3:8080
471 - http://10.123.22.10:8080
472 - http://10.123.22.100:8080
473 groupcache_group: test_group
474 dns_interval: 1s
475 timeout: 2s
476 ```
477
478 In this case, three Thanos Store nodes are running in the same group meaning that they all point to the same remote object storage.
479
480 - `self_url` - our own URL. On each node this will be different. This should be the external IP through which other nodes could access us;
481 - `groupcache_group` - the groupcache group's name. All nodes using the same remote object storage configuration should use the same name. It is used in the HTTP requests. If it is different then nodes will not be able to load data from each other.
482 - `dns_internal` - how often DNS lookups should be made.
483
484 In the `peers` section it is possible to use the prefix form to automatically look up the peers using DNS. For example, you could use `dns+http://store.thanos.consul.svc:8080` to automatically look up healthy nodes from Consul using its DNS interface.
485
486 Note that there must be no trailing slash in the `peers` configuration i.e. one of the strings must be identical to `self_url` and others should have the same form. Without this, loading data from peers may fail.
487
488 If timeout is set to zero then there is no timeout for fetching and fetching's lifetime is equal to the lifetime to the original request's lifetime. It is recommended to keep it higher than zero. It is generally preferred to keep this value higher because the fetching operation potentially includes loading of data from remote object storage.
489
490 ## Index Header
491
492 In order to query series inside blocks from object storage, Store Gateway has to know certain initial info from each block index. In order to achieve so, on startup the Gateway builds an `index-header` for each block and stores it on local disk; such `index-header` is build by downloading specific pieces of original block's index, stored on local disk and then mmaped and used by Store Gateway.
493
494 For more information, please refer to the [Binary index-header](../operating/binary-index-header.md) operational guide.