To monitor Ruby on Rails applications, we have built an agent in pure Ruby. It sends metrics to the servers, which we use to display charts and data tables. Our server infrastructure is composed of the following stack:
- Ruby on Rails
That’s enough. We don’t need more.
Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.
— Antoine de Saint-Exupéry
Collecting & sending metrics
The agent’s role is to measure the response times and all meaningful sections, such as SQL queries. We essentially use Rails instrumentation for that. It’s clean and reliable since it’s a public API. In some cases, we have to monkey patch, as for Net::HTTP.
The agent also detects current deployment revisions and reports server metrics. Server metrics work on Linux only.
The source code of the agent is open source and accessible on GitHub. However, we are not necessarily looking for contributors, given the commercial nature of RoRvsWild. It’s only fair that everyone should be able to read the code before installing it.
Receiving & processing metrics
Our API receives raw data in JSON from the agent. We buffer those data into Redis after some processing. Every minute, we aggregate them into PostgreSQL. Response times are then visible from the interface.
Hosting & security
RorVsWild runs on bare metal servers located in Paris and hosted by Scaleway. Apart from the two of us, no one else has access.
We rely on Ubuntu. We care about security. We use iptables to prevent any outsider from connecting to PostgreSQL and Redis. We use Capistrano to configure, deploy, and update servers. That sounds too simple to be true.
Sensitive payment data, such as credit cards, are stored by Stripe. We are not PCI and don’t want to be.
Privacy & data retention
You may notice there is no cookie banner. Not because we’re outlaws but because we do not track you. We don’t care too much about vanity metrics and personal data. The valuable insights, such as signups and conversions, are already in our database. We are a Swiss company, where privacy is not just a nice word but part of the DNA.
We delete all monitored requests, jobs, and errors after 30 days. We think it becomes useless after that period. It’s a good practice for privacy. It also helps keep the running costs low.