A best practice CHT Core follows with it's monitoring API is that all metrics are publicly available and do not require authentication to view. This open model breaks a bit when implementing couch2pg backlog monitoring as it requires a password to setup and is intimately tied to your watchdog instance. Instead, it might be loosely coupled to watchdog and more intimately tied to your Postgres server.

We should document the process for how a deployment could easily use the existing Postgres exporter to expose a public endpoint that requires no authentication. The end result is a simple anonymous URL which includes the instance name in the URL/path/query (TBD). We'll use the existing query:

SELECT
  substring(seq for position('-' in seq) - 1) as sequence,
  substring(
    source
    from
      position('/' in source) + 1
  ) as db
FROM
  couchdb_progress
WHERE
  source like '%/%'
  and seq like '%-%'

which returns data like this, but on the postgres exporter URL.

We can optionally use a reverse proxy which terminates TLS to expose the stats.

Here's the current architecture:

This ticket would explore moving the exporter to/closer to the RDBMs