node-exporter https认证

• 官网： https://github.com/prometheus/prometheus

• Prometheus 各模块下载: https://prometheus.io/download/

• Prometheus下载地址: https://github.com/prometheus/prometheus/releases/tag/v2.28.0

• 摸版下载: https://github.com/starsliao/Prometheus/tree/master/node_exporter

• node_exporter官网: https://github.com/prometheus/node_exporter

• Grafana安装下载地址: https://grafana.com/docs/grafana/latest/installation/

• Grafana各系统安装下载: https://grafana.com/docs/grafana/latest/installation/

v1.0.0 版本以下不支持 Basic Auth ,所以需要下载 v.1.0.0 以上

wget https://github.com/prometheus/node_exporter/releases/download/v1.3.1/node_exporter-1.3.1.linux-amd64.tar.gz

添加 Basic Auth

• 1、为 Node Exporter 配置密码

[root@localhost node_exporter]# yum install httpd-tools -y
[root@localhost node_exporter]# htpasswd -nBC 12 '' |tr -d ':\n'
New password:             # 我这里设置密码: Ye5zHuxUQANGj6Bczq
Re-type new password: 
$2y$12$v0NACvxbfJ/3KeyhQOSyjOkdLOXh26qBQEo5VqqTlAvwSDUVcO9yS

# 把生成的秘钥放到 node.yaml
[root@localhost node_exporter]# cat > node.yaml <<EOF
basic_auth_users:
  # 当前设置的用户名为 prometheus ， 可以设置多个
  prometheus: $2y$12$v0NACvxbfJ/3KeyhQOSyjOkdLOXh26qBQEo5VqqTlAvwSDUVcO9yS
<<EOF

• 2、启动测试是否有 Basic Auth 认证

./node_exporter --web.config=config.yaml

• 3、配置 Prometheus 使用 Basic Auth

scrape_configs:
  - job_name: 'node_exporter'
    basic_auth:
      username: prometheus
      password: Ye5zHuxUQANGj6Bczq
    static_configs:
    - targets: ['localhost:9100']

# 重新加载配置文件
killall -HUP prometheus

Node Exporter 使用 TLS

1、生产证书文件

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout node_exporter.key -out node_exporter.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=Beijing/CN=localhost"

# ls
node_exporter.crt  node_exporter.key

2、编写 node.yaml 配置文件

tls_server_config:
  cert_file: node_exporter.crt
  key_file: node_exporter.key

3、启动测试是否有证书

./node_exporter --web.config=config.yaml

4、配置 Prometheus 使用 TLS

scrape_configs:
  - job_name: 'node_exporter'
    scheme: https
    tls_config:
      ca_file: node_exporter.crt
    static_configs:
    - targets: ['localhost:9100']

Basic Auth + TLS

node_exporter 配置文件

tls_server_config:
  cert_file: node_exporter.crt
  key_file: node_exporter.key
basic_auth_users:
  # 当前设置的用户名为 prometheus ， 可以设置多个
  prometheus: $2y$12$v0NACvxbfJ/3KeyhQOSyjOkdLOXh26qBQEo5VqqTlAvwSDUVcO9yS

prometheus 配置文件

global:
  scrape_interval:     15s 
  evaluation_interval: 15s 

scrape_configs:
  - job_name: 'prometheus'
    static_configs:
    - targets: ['localhost:9090']

  - job_name: 'node_exporter'
    scheme: https
    tls_config:
      ca_file: node_exporter.crt
    basic_auth:
      username: prometheus
      password: Ye5zHuxUQANGj6Bczq
    static_configs:
    - targets: ['localhost:9100']