Open agileshaw opened 1 week ago
Hi,
array_id is a string that if matched when passed by the endpoint query parameter, it will use the parameters set in the token.yaml file. If you are using a matched string you must NOT also pass a auth token.
chrroberts@chrroberts--MacBookPro16 bin % cat token.yaml
foobar:
address: array03
api_token: <GOOD_API_TOKEN>
chrroberts@chrroberts--MacBookPro16 bin % ./pure-fa-om-exporter -t token.yaml
2024/06/19 16:42:48 Start Pure FlashArray exporter v1.0.18 on 0.0.0.0:9490
chrroberts@chrroberts--MacBookPro16 bin % curl 'http://localhost:9490/metrics/array?endpoint=foobar' | grep purefa\_info
# HELP purefa_info FlashArray system information
# TYPE purefa_info gauge
purefa_info{array_name="ARRAY03",os="Purity//FA",subscription_type="",system_id="<sys_id>",version="6.3.15"} 1
If I pass a authorization token as well as provide a match to the tokens.yaml file, the query will fail. eg.
chrroberts@chrroberts--MacBookPro16 bin % curl 'http://localhost:9490/metrics/array?endpoint=foobar' --header 'Authorization: Bearer <GOOD_API_TOKEN>'
Error connecting to FlashArray. Check your management endpoint and/or api token are correct.
HOWEVER - if I provide an endpoint that does NOT match with an array_id match, the Bearer Auth token works as documented (note it matches on the array_id string, only NOT address, so i can use array03 here)
chrroberts@chrroberts--MacBookPro16 bin % curl 'http://localhost:9490/metrics/array?endpoint=array03' --header 'Authorization: Bearer <GOOD_API_TOKEN>'
# HELP purefa_info FlashArray system information
# TYPE purefa_info gauge
purefa_info{array_name="ARRAY03",os="Purity//FA",subscription_type="",system_id="<sys_id>",version="6.3.15"} 1
Should we have an error like Bearer token provided by request when endpoint is defined in tokens file as an array_id
maybe, but maybe just putting in the documents that you must not provide the token may also be enough.
Thanks a lot for the detailed response. It would definitely be helpful to explain this more clearly in the documents.
However, in my test setup, the scrape on array_id
without auth token still doesn't work. I wonder whether this has something to do with the Purity/FA version. The one in my cluster is 6.1.22
, but in your example it is 6.3.15
.
Hi. It may be helpful to setup a Zoom meeting to look over your configurations.
Please email us at pure-observability@purestorage.com to set up a time to meet. Thanks!
Hi, I just noted that in your example you're using HTTPS -- by default the exporter only exposes HTTP, unless ssl certs are provided at run time.
Hi team. I would like to inquire about the effect of running exporter with the token file (with
-t
option).From the examples and my tests, it seems that exporter can be run with our without specifying the token. where in both cases the scraping url should always have api token as bearer header.
And I'm not able to use the
array_id
defined in the token file as endpoint when scraping for metrics (using the actual ip address of the array works):token.yaml
scrape command:
Would it be possible for you to provide some insights on this?