You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Grégory Lebreton 6c6bef9cff | 1 year ago | |
---|---|---|
config | 1 year ago | |
README.md | 1 year ago | |
docker-compose.yml | 1 year ago |
README.md
PROMETHEUS & GRAFANA
NODE EXPORTER TLS
Cette branche à pour but de déployer un conteneur node exporter afin d'exposer les metrics du serveur (afin que prometheus puisse les récupérer). Les metrics transférées sont cryptées via TLS.
NODE EXPORTER HOST
- Create certs:
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod"
remplacer Les infos (C=FR, ST=PARIS, L=GarageNum, ...)
- Create password:
htpasswd -nBC 10 "" | tr -d ':\n'; echo
- Node exporter web.yml (/etc/node-exporter/web.yml):
tls_server_config:
cert_file: gn-prod.crt
key_file: gn-prod.key
basic_auth_users:
prometheus: <the-output-value-of-htpasswd>
- Copy certs to prometheus host
PROMETHEUS HOST
- Config prometheus.yml (/etc/prometheus/prometheus.yml):
scrape_configs:
- job_name: 'node-exporter-tls'
scheme: https
basic_auth:
username: prometheus
password: <the-plain-text-password>
tls_config:
ca_file: gn-prod.crt
insecure_skip_verify: true
static_configs:
- targets: ['node-exporter-ip:9100']
labels:
instance: friendly-instance-name
le scraping des metrics du serveur distant se font désormais via TLS