PROMETHEUS & GRAFANA

NODE EXPORTER TLS

Cette branche à pour but de déployer un conteneur node exporter afin d'exposer les metrics du serveur (afin que prometheus puisse les récupérer). Les metrics transférées sont cryptées via TLS.

NODE EXPORTER HOST

• Create certs:

openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -keyout gn-prod.key -out gn-prod.crt -subj "/C=FR/ST=PARIS/L=GarageNum/O=prom/CN=legaragenumerique.fr" -addext "subjectAltName = DNS:gnprod"

remplacer Les infos (C=FR, ST=PARIS, L=GarageNum, ...)

• Create password:

htpasswd -nBC 10 "" | tr -d ':\n'; echo

• Node exporter web.yml (/etc/node-exporter/web.yml):

tls_server_config:
  cert_file: gn-prod.crt
  key_file: gn-prod.key
basic_auth_users:
  prometheus: <the-output-value-of-htpasswd>

• Copy certs to prometheus host

PROMETHEUS HOST

• Config prometheus.yml (/etc/prometheus/prometheus.yml):

scrape_configs:
  - job_name: 'node-exporter-tls'
    scheme: https
    basic_auth:
      username: prometheus
      password: <the-plain-text-password>
    tls_config:
      ca_file: gn-prod.crt
      insecure_skip_verify: true
    static_configs:
    - targets: ['node-exporter-ip:9100']
      labels:
        instance: friendly-instance-name

le scraping des metrics du serveur distant se font désormais via TLS