Merge remote-tracking branch 'origin/topic/awelzel/deprecate-prometheus-script'

* origin/topic/awelzel/deprecate-prometheus-script:
  telemetry: Deprecate prometheus.zeek policy script

CHANGES

@@ -1,3 +1,17 @@
+7.1.0-dev.23 | 2024-07-23 10:02:52 +0200
+
+  * telemetry: Deprecate prometheus.zeek policy script (Arne Welzel, Corelight)
+
+    With Cluster::Node$metrics_port being optional, there's not really
+    a need for the extra script. New rule, if a metrics_port is set, the
+    node will attempt to listen on it.
+
+    Users can still redef Telemetry::metrics_port *after*
+    base/frameworks/telemetry was loaded to change the port defined
+    in cluster-layout.zeek.
+
+  * Update broker submodule [nomail] (Tim Wojtulewicz, Corelight)
+
 7.1.0-dev.20 | 2024-07-19 19:51:12 +0200
 
   * GH-3836: input/Manager: Improve type checks of record fields with type any (Arne Welzel, Corelight)

NEWS

@@ -191,6 +191,11 @@ Deprecated Functionality
 - The ``--disable-archiver`` configure flag no longer does anything and will be
   removed in 7.1. zeek-archiver has moved into the zeek-aux repository.
 
+- The policy/frameworks/telemetry/prometheus.zeek script has been deprecated
+  and will be removed with Zeek 7.1. Setting the ``metrics_port`` field on a
+  ``Cluster::Node`` implies listening on that port and exposing telemetry
+  in Prometheus format.
+
 Zeek 6.2.0
 ==========
 

VERSION

@@ -1 +1 @@
-7.1.0-dev.20
+7.1.0-dev.23

scripts/base/frameworks/telemetry/__load__.zeek

@@ -1,3 +1 @@
 @load ./main
-
-@load base/frameworks/cluster

scripts/base/frameworks/telemetry/main.zeek

@@ -5,10 +5,28 @@
 ##! enabled by setting :zeek:see:`Telemetry::metrics_port`.
 
 @load base/misc/version
+@load base/frameworks/cluster
+
 @load base/frameworks/telemetry/options
 
 module Telemetry;
 
+# In a cluster configuration, open the port number for metrics
+# from the cluster node configuration for exporting data to
+# Prometheus.
+#
+# The manager node will also provide a ``/services.json`` endpoint
+# for the HTTP Service Discovery system in Prometheus to use for
+# configuration. This endpoint will include information for all of
+# the other nodes in the cluster.
+@if ( Cluster::is_enabled() )
+redef Telemetry::metrics_endpoint_name = Cluster::node;
+
+@if ( Cluster::local_node_metrics_port() != 0/unknown )
+redef Telemetry::metrics_port = Cluster::local_node_metrics_port();
+@endif
+@endif
+
 export {
 	## Alias for a vector of label values.
 	type labels_vector: vector of string;

scripts/policy/frameworks/telemetry/prometheus.zeek

@@ -1,19 +1,2 @@
-##! In a cluster configuration, open the port number for metrics
+@deprecated "Remove in v7.1: Cluster nodes now implicitly listen on metrics port if set in cluster-layout."
-##! from the cluster node configuration for exporting data to
+@load base/frameworks/telemetry
-##! Prometheus.
-##!
-##! The manager node will also provide a ``/services.json`` endpoint
-##! for the HTTP Service Discovery system in Prometheus to use for
-##! configuration. This endpoint will include information for all of
-##! the other nodes in the cluster.
-@load base/frameworks/cluster
-
-@if ( Cluster::is_enabled() )
-
-redef Telemetry::metrics_endpoint_name = Cluster::node;
-
-@if ( Cluster::local_node_metrics_port() != 0/unknown )
-redef Telemetry::metrics_port = Cluster::local_node_metrics_port();
-@endif
-
-@endif

scripts/site/local.zeek

@@ -94,10 +94,6 @@ redef digest_salt = "Please change this value.";
 # telemetry_histogram.log.
 @load frameworks/telemetry/log
 
-# Enable Prometheus metrics scraping in the cluster: each Zeek node will listen
-# on the metrics port defined in its Cluster::nodes entry.
-# @load frameworks/telemetry/prometheus
-
 # Uncomment the following line to enable detection of the heartbleed attack. Enabling
 # this might impact performance a bit.
 # @load policy/protocols/ssl/heartbleed

testing/btest/coverage/bare-mode-errors.test

@@ -9,4 +9,4 @@
 #
 # @TEST-EXEC: test -d $DIST/scripts
 # @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do zeek -b --parse-only $script >>errors 2>&1; done
-# @TEST-EXEC: TEST_DIFF_CANONIFIER="grep -v -e 'load-balancing.zeek.*deprecated script loaded' | $SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="grep -v -e 'load-balancing.zeek.*deprecated script loaded' | grep -v -e 'prometheus.zeek.*deprecated script loaded' | $SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors

testing/btest/coverage/test-all-policy-cluster.test

@@ -9,7 +9,7 @@
 # @TEST-EXEC: CLUSTER_NODE=logger-1 zeek %INPUT
 # @TEST-EXEC: CLUSTER_NODE=proxy-1 zeek %INPUT
 # @TEST-EXEC: CLUSTER_NODE=worker-1 zeek %INPUT
-# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v "load-balancing.zeek.*deprecated script" | $SCRIPTS/diff-remove-abspath' btest-diff .stderr
+# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v "load-balancing.zeek.*deprecated script" | grep -v "prometheus.zeek.*deprecated script" | $SCRIPTS/diff-remove-abspath' btest-diff .stderr
 
 @load base/frameworks/cluster
 @load misc/loaded-scripts

testing/btest/scripts/policy/frameworks/telemetry/prometheus.zeek

@@ -55,7 +55,6 @@ done
 @TEST-END-FILE
 
 @load policy/frameworks/cluster/experimental
-@load policy/frameworks/telemetry/prometheus
 @load base/frameworks/telemetry
 
 # So the cluster nodes don't terminate right away.