node-exporter https认证

官网： https://github.com/prometheus/prometheus
Prometheus 各模块下载: https://prometheus.io/download/
Prometheus下载地址: https://github.com/prometheus/prometheus/releases/tag/v2.28.0
摸版下载: https://github.com/starsliao/Prometheus/tree/master/node_exporter
node_exporter官网: https://github.com/prometheus/node_exporter
Grafana安装下载地址: https://grafana.com/docs/grafana/latest/installation/
Grafana各系统安装下载: https://grafana.com/docs/grafana/latest/installation/

v1.0.0 版本以下不支持 Basic Auth ,所以需要下载 v.1.0.0 以上

wget https://github.com/prometheus/node_exporter/releases/download/v1.3.1/node_exporter-1.3.1.linux-amd64.tar.gz

添加 Basic Auth

1、为 Node Exporter 配置密码

[root@localhost node_exporter]# yum install httpd-tools -y
[root@localhost node_exporter]# htpasswd -nBC 12 '' |tr -d ':\n'
New password:             # 我这里设置密码: Ye5zHuxUQANGj6Bczq
Re-type new password: 
$2y$12$v0NACvxbfJ/3KeyhQOSyjOkdLOXh26qBQEo5VqqTlAvwSDUVcO9yS

# 把生成的秘钥放到 node.yaml
[root@localhost node_exporter]# cat > node.yaml <<EOF
basic_auth_users:
  # 当前设置的用户名为 prometheus ， 可以设置多个
  prometheus: $2y$12$v0NACvxbfJ/3KeyhQOSyjOkdLOXh26qBQEo5VqqTlAvwSDUVcO9yS
<<EOF

2、启动测试是否有 Basic Auth 认证

./node_exporter --web.config=config.yaml

3、配置 Prometheus 使用 Basic Auth

scrape_configs:
  - job_name: 'node_exporter'
    basic_auth:
      username: prometheus
      password: Ye5zHuxUQANGj6Bczq
    static_configs:
    - targets: ['localhost:9100']

# 重新加载配置文件
killall -HUP prometheus

Node Exporter 使用 TLS

1、生产证书文件

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout node_exporter.key -out node_exporter.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=Beijing/CN=localhost"

# ls
node_exporter.crt  node_exporter.key

2、编写 node.yaml 配置文件

tls_server_config:
  cert_file: node_exporter.crt
  key_file: node_exporter.key

3、启动测试是否有证书

./node_exporter --web.config=config.yaml

4、配置 Prometheus 使用 TLS

scrape_configs:
  - job_name: 'node_exporter'
    scheme: https
    tls_config:
      ca_file: node_exporter.crt
    static_configs:
    - targets: ['localhost:9100']

Basic Auth + TLS

node_exporter 配置文件

tls_server_config:
  cert_file: node_exporter.crt
  key_file: node_exporter.key
basic_auth_users:
  # 当前设置的用户名为 prometheus ， 可以设置多个
  prometheus: $2y$12$v0NACvxbfJ/3KeyhQOSyjOkdLOXh26qBQEo5VqqTlAvwSDUVcO9yS

prometheus 配置文件

global:
  scrape_interval:     15s 
  evaluation_interval: 15s 

scrape_configs:
  - job_name: 'prometheus'
    static_configs:
    - targets: ['localhost:9090']

  - job_name: 'node_exporter'
    scheme: https
    tls_config:
      ca_file: node_exporter.crt
    basic_auth:
      username: prometheus
      password: Ye5zHuxUQANGj6Bczq
    static_configs:
    - targets: ['localhost:9100']

Previousprometheus Next中文资料地址

Last updated 2 years ago

[root@localhost node_exporter]# yum install httpd-tools -y [root@localhost node_exporter]# htpasswd -nBC 12 '' |tr -d ':\n' New password: # 我这里设置密码: Ye5zHuxUQANGj6Bczq Re-type new password: $2y$12$v0NACvxbfJ/3KeyhQOSyjOkdLOXh26qBQEo5VqqTlAvwSDUVcO9yS # 把生成的秘钥放到 node.yaml [root@localhost node_exporter]# cat > node.yaml <<EOF basic_auth_users: # 当前设置的用户名为 prometheus ，可以设置多个 prometheus: $2y$12$v0NACvxbfJ/3KeyhQOSyjOkdLOXh26qBQEo5VqqTlAvwSDUVcO9yS <<EOF

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout node_exporter.key -out node_exporter.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=Beijing/CN=localhost" # ls node_exporter.crt node_exporter.key

tls_server_config: cert_file: node_exporter.crt key_file: node_exporter.key basic_auth_users: # 当前设置的用户名为 prometheus ，可以设置多个 prometheus: $2y$12$v0NACvxbfJ/3KeyhQOSyjOkdLOXh26qBQEo5VqqTlAvwSDUVcO9yS

global: scrape_interval: 15s evaluation_interval: 15s scrape_configs: - job_name: 'prometheus' static_configs: - targets: ['localhost:9090'] - job_name: 'node_exporter' scheme: https tls_config: ca_file: node_exporter.crt basic_auth: username: prometheus password: Ye5zHuxUQANGj6Bczq static_configs: - targets: ['localhost:9100']