search

BruceOuyang / issuelist

用于记录日常碰到的各种问题和经验总结 (请看Issues)
4 stars 2 forks source link

Prometheus 及 Exporter 设置登录用户 #92

Open BruceOuyang opened 2 years ago

BruceOuyang commented 2 years ago

follow https://prometheus.io/docs/guides/basic-auth/#securing-prometheus-api-and-ui-endpoints-using-basic-auth 准备 python3 环境,参考:https://github.com/BruceOuyang/issuelist/issues/91

准备一个 Hash 加密密码

1.创建一个 python 脚本 gen-pass.py

vim gen-pass.py

输入如下内容

import getpass
import bcrypt

password = getpass.getpass("password: ")
hashed_password = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
print(hashed_password.decode())

2.执行脚本,输入密码,获得密码串,示例:

[root@localhost prometheus]# python3 gen-pass.py 
password:
$2b$12$Aee3BpSMPuMJn8rtOUWpz.M8KkqA7UlSiW3ujFaqnuldCJF2aSnWG

我这里输入的密码是 123456

创建 web.yml

1.创建 web.yml

vim web.yml

输入如下内容后保存

basic_auth_users:
    admin: $2b$12$Aee3BpSMPuMJn8rtOUWpz.M8KkqA7UlSiW3ujFaqnuldCJF2aSnWG

注意:这里 admin 后面那一串是前面生成的加密串,意思就是 用户名 admin 密码 123456

2.校验 web.yml,示例:

[root@localhost prometheus]# /usr/local/bin/promtool check web-config web.yml 
web.yml SUCCESS

修改 prometheus 启动脚本并校验

1.修改启动脚本

vim /etc/systemd/system/prometheus.service

ExecStart 追加一句

--web.config.file=/etc/prometheus/web.yml

完整示例:

[Unit]
Description=Prometheus Service
Wants=network-online.target
After=network-online.target

[Service]
User=prometheus
Group=prometheus
Type=simple
Restart=always
ExecStart=/usr/local/bin/prometheus \
--web.config.file=/etc/prometheus/web.yml \
--config.file=/etc/prometheus/prometheus.yml \
--storage.tsdb.path=/var/lib/prometheus \
--web.console.templates=/etc/prometheus/consoles \
--web.console.libraries=/etc/prometheus/console_libraries 

[Install]
WantedBy=multi-user.target

2.重载 systemd Manager

systemctl daemon-reload

3.重启 prometheus

systemctl restart prometheus

4.检查状态

systemctl status prometheus

5.访问管理界面验证
http://10.0.7.208:9090

这篇与前面一篇有所关联 https://github.com/BruceOuyang/issuelist/issues/89

BruceOuyang commented 2 years ago

给 Prometheus 的 Exporter 添加 Auth

1.添加 auth

套路是一样的,都是在启动的时候指定配置文件即可,示例:

1)node_exporter

/usr/local/bin/node_exporter --web.config=/etc/node_exporter/web.yml

2) mysqld_exporter

/usr/local/bin/mysqld_exporter --web.config.file=/etc/mysqld_exporter/web.yml

注意: node_exporter 用 --web.config mysqld_exporter 用 --web.config.file

2.在 prometheus.yml 中添加 basic_auth

1.修改配置,示例:

- job_name: "node"
    basic_auth:
      username: admin
      password: 123456
    static_configs:
      - targets: ["10.0.7.207:9100"]
- job_name: "mysql"
    basic_auth:
      username: admin
      password: 123456
    static_configs:
      - targets: ["10.0.7.206:9101"]

2.重启 prometheus

systemctl restart prometheus

3.打开管理页面进行测试