Prometheus: Difference between revisions

From Bondix Wiki
(Initial page)
 
(Chatgptized)
Line 1: Line 1:
Prometheus Support must be enabled explicitly by editing /etc/bondixserver.json (/etc/saneserver.json). You can either use the default https port to also serve Prometheus metrics, or use a dedicated listener.


Once enabled, prometheus metrics will be accessible via https://<server-ip>/metrics
= Enabling Prometheus Support =
Prometheus support must be explicitly enabled by modifying the configuration file located at <code>/etc/bondixserver.json</code> or <code>/etc/saneserver.json</code>. You can either:


=== Serving Prometheus over default https port ===
* Serve Prometheus metrics over the default HTTPS port, or
In /etc/bondixserver.json, locate the following line:
* Configure a dedicated listener for Prometheus metrics.
  {"target": "server", "action": "add-https", "host": "0.0.0.0", "port": "443", "allowMonitor": true},
 
Here, we'll add the following properties:
Once enabled, Prometheus metrics will be accessible at:
<code>https://<server-ip>/metrics</code>
 
== Serving Prometheus Over the Default HTTPS Port ==
To enable Prometheus on the default HTTPS port, update your <code>bondixserver.json</code> configuration file.
 
=== Modify the Configuration ===
Locate the following line:
  <code>{"target": "server", "action": "add-https", "host": "0.0.0.0", "port": "443", "allowMonitor": true},</code>
Add the following properties:
{| class="wikitable"
{| class="wikitable"
|+
!Property
!Property
!Value
!Value
!Description
!Description
|-
|-
|allowPrometheus
|<code>allowPrometheus</code>
|true
|<code>true</code>
|enables Prometheus metric reports
|Enables Prometheus metric reporting
|-
|-
|prometheusUser
|<code>prometheusUser</code>
|<username>
|<code><username></code>
|Optional. If provided, the metrics are password protected
|(Optional) If set, metrics require authentication
|-
|-
|prometheusPassword
|<code>prometheusPassword</code>
|<password>
|<code><password></code>
|Optional, If provided, the metrics are password protected. Note that both username and password must be provided. '''Otherwise, metrics are not password protected!'''
|(Optional) Password for authentication. '''Both username and password must be provided, otherwise metrics remain unprotected.'''
|}
|}
Ideally, your modified configuration line would look something like this:
{"target": "server", "action": "add-https", "host": "0.0.0.0", "port": "443", "allowMonitor": true, "allowPrometheus": true, "prometheusUser": "prometheus", "prometheusPassword": "a-good-password"},


=== Serving Prometheus over dedicated port ===
=== Example Configuration ===
To add a dedicated prometheus listener, we'll have to add an additional configuration entry in the json file. Here we'll take some precautions to ensure that only Prometheus metrics are served - you can also choose whether to use https or http. Depending on your configuration you might limit access to the port by other means, making user based authentication optional. This is however completely in your responsbility.
Your modified configuration should look something like this:
  {"target": "server", "action": "add-http", "host": "127.0.0.1", "port": "181818", "allowMonitor": false, "allowTunnel": false, "allowPrometheus": true, "prometheusUser": "prometheus", "prometheusPassword": "a-good-password"},
<code>{"target": "server", "action": "add-https", "host": "0.0.0.0", "port": "443", "allowMonitor": true, "allowPrometheus": true, "prometheusUser": "prometheus", "prometheusPassword": "a-good-password"}</code>
Use action: "add-http" for http, or action: "add-https" for https. Select host and port according to your requirements.
 
== Serving Prometheus Over a Dedicated Port ==
To run Prometheus metrics on a dedicated port, add a new configuration entry to <code>bondixserver.json</code>. This ensures only Prometheus metrics are served. You can choose between HTTP and HTTPS.
 
=== Example Configuration ===
The following configuration allows Prometheus metrics on a dedicated port while restricting other services:
  <code>{"target": "server", "action": "add-http", "host": "127.0.0.1", "port": "181818", "allowMonitor": false, "allowTunnel": false, "allowPrometheus": true, "prometheusUser": "prometheus", "prometheusPassword": "a-good-password"}</code>
 
=== Configuration Notes: ===
 
* Use <code>"action": "add-http"</code> for HTTP or <code>"action": "add-https"</code> for HTTPS.
* Adjust the <code>host</code> and <code>port</code> as per your requirements.
* If other security measures restrict access to the port, authentication (<code>prometheusUser</code> and <code>prometheusPassword</code>) may be optional.


=== Adding bondix server to Prometheus ===
== Adding Bondix Server to Prometheus ==
Here is an example snippet to for scraping Bondix servers using https and basic_auth
To configure Prometheus to scrape metrics from the Bondix server, add the following snippet to your Prometheus configuration file:
  - job_name: 'endpoints'
  <code>- job_name: 'endpoints'
    static_configs:
    static_configs:
      - targets: ['your_endpoint_server.com']
      - targets: ['your_endpoint_server.com']
     scheme: https
     scheme: https
    basic_auth:                                                                                                                                                username: 'prometheus'
    basic_auth:
      password: 'a-good-password'
      username: 'prometheus'
   tls_config:
      password: 'a-good-password'
      insecure_skip_verify: true
    tls_config:
    enable_http2: false
      insecure_skip_verify: true
    enable_http2: false</code>
This configuration enables Prometheus to securely scrape metrics over HTTPS with basic authentication.
----By following these steps, you can successfully integrate Prometheus metrics into your Bondix server setup while ensuring security and accessibility as per your requirements.

Revision as of 18:48, 7 March 2025

Enabling Prometheus Support

Prometheus support must be explicitly enabled by modifying the configuration file located at /etc/bondixserver.json or /etc/saneserver.json. You can either:

  • Serve Prometheus metrics over the default HTTPS port, or
  • Configure a dedicated listener for Prometheus metrics.

Once enabled, Prometheus metrics will be accessible at: 

https://<server-ip>/metrics

Serving Prometheus Over the Default HTTPS Port

To enable Prometheus on the default HTTPS port, update your bondixserver.json configuration file.

Modify the Configuration

Locate the following line: 

{"target": "server", "action": "add-https", "host": "0.0.0.0", "port": "443", "allowMonitor": true},

Add the following properties:

Property Value Description
allowPrometheus true Enables Prometheus metric reporting
prometheusUser <username> (Optional) If set, metrics require authentication
prometheusPassword <password> (Optional) Password for authentication. Both username and password must be provided, otherwise metrics remain unprotected.

Example Configuration

Your modified configuration should look something like this: 

{"target": "server", "action": "add-https", "host": "0.0.0.0", "port": "443", "allowMonitor": true, "allowPrometheus": true, "prometheusUser": "prometheus", "prometheusPassword": "a-good-password"}

Serving Prometheus Over a Dedicated Port

To run Prometheus metrics on a dedicated port, add a new configuration entry to bondixserver.json. This ensures only Prometheus metrics are served. You can choose between HTTP and HTTPS.

Example Configuration

The following configuration allows Prometheus metrics on a dedicated port while restricting other services: 

{"target": "server", "action": "add-http", "host": "127.0.0.1", "port": "181818", "allowMonitor": false, "allowTunnel": false, "allowPrometheus": true, "prometheusUser": "prometheus", "prometheusPassword": "a-good-password"}

Configuration Notes:

  • Use "action": "add-http" for HTTP or "action": "add-https" for HTTPS.
  • Adjust the host and port as per your requirements.
  • If other security measures restrict access to the port, authentication (prometheusUser and prometheusPassword) may be optional.

Adding Bondix Server to Prometheus

To configure Prometheus to scrape metrics from the Bondix server, add the following snippet to your Prometheus configuration file: 

  - job_name: 'endpoints'
    static_configs:
      - targets: ['your_endpoint_server.com']
    scheme: https
    basic_auth:
      username: 'prometheus'
      password: 'a-good-password'
    tls_config:
      insecure_skip_verify: true
    enable_http2: false

This configuration enables Prometheus to securely scrape metrics over HTTPS with basic authentication.

By following these steps, you can successfully integrate Prometheus metrics into your Bondix server setup while ensuring security and accessibility as per your requirements.

Retrieved from "https://wiki.bondix.dev/index.php?title=Prometheus&oldid=750"