PROMETHEUS & GRAFANA

NODE EXPORTER TLS

voir branche node-exporter

• Créer un enregistrement DNS pointant vers votre serveur
• Créer une configuration serveur pointant le DNS vers 127.0.0.1:9100 (port exposé par node exporter) exemple pour nginx

NODE EXPORTER HOST

• Create certs:

openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod"

• Create password:

htpasswd -nBC 10 "" | tr -d ':\n'; echo

• Node exporter web.yml (/etc/node-exporter/web.yml):

tls_server_config:
  cert_file: gn-prod.crt
  key_file: gn-prod.key
basic_auth_users:
  prometheus: <the-output-value-of-htpasswd>

• Copy certs to prometheus host

PROMETHEUS HOST

• Config prometheus.yml (/etc/prometheus/prometheus.yml):

scrape_configs:
  - job_name: 'node-exporter-tls'
    scheme: https
    basic_auth:
      username: prometheus
      password: <the-plain-text-password>
    tls_config:
      ca_file: gn-prod.crt
      insecure_skip_verify: true
    static_configs:
    - targets: ['node-exporter-ip:9100']
      labels:
        instance: friendly-instance-name

le scraping des metrics du serveur distant se font désormais via TLS