Open DevDorrejo opened 5 months ago
Futher tests:
http://127.0.0.1:9710/probe?target=https://10.0.0.2: Error: API connectivity test failed, Response code was 401, expected 200 (path: "api/v2/monitor/system/status")
Futher tests:
http://127.0.0.1:9710/probe?target=https://10.0.0.2: Error: API connectivity test failed, Response code was 401, expected 200 (path: "api/v2/monitor/system/status")
Prometheus doesn't talk to your Fortigate device, neither does Grafana...
fortigate_exporter talks to the API on Fortigate, and exposes the metrics to be scraped (by Prometheus) on its HTTP server... at port 9710 (default)
Regarding your errors
401 = Unauthorized
Either bad token, or you don't have right permissions for the token, set on your Fortigate device... 10.0.0.2 ?
So follow the bouncing ball... start with making sure you can connect to the API from wherever fortigate_exporter is running run:
curl -X GET -I -k https://< fortigate-device-address >/api/v2/monitor/system/status/?access_token=< auth-token >
Replace < fortigate-device-address >
and <auth-token>
Bad token example:
HTTP/1.1 401 Unauthorized
Date: Fri, 09 Feb 2024 15:35:25 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Content-Length: 503
Content-Type: text/html; charset=iso-8859-1
Good token example:
HTTP/1.1 200 OK
Date: Fri, 09 Feb 2024 15:32:45 GMT
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15552000
Cache-Control: no-cache, must-revalidate
ETag: omitted
Content-Length: 25112
Content-Type: application/json
Once you've fixed that issue, move on to the next - you've got a few :)
You are running containers as per your post above? if thats the case, please understand that you can't use 127.0.0.1 from within one container to talk to the host mapped port on another container... you must use it's container hostname/ip
So in the bottom of your prometheus.yml - where you specify fix it to show the name of the container...
replacement: 'foti_exporter:9710'
Moving on to the next problem:
Below you specify the voume mount: -v prometheus-fortigate:/config
But where is your fortigate-key.yml file ? Make sure it's in the prometheus-fortigate volume root...
podman run -d \
--replace \
--pull=newer \
--label "io.containers.autoupdate=registry" \
--name foti_exporter \
--pid="host" \
--net="monitor" \
-v prometheus-fortigate:/config \
-p 9710:9710 \
quay.io/bluecmd/fortigate_exporter -insecure -auth-file="/config/fortigate-key.yaml"
Anyway i just lost the enthusiasm as you've made a custom script that needs to be debugged and properly tested.... hopefully the clues / hints above help you
Also i don't know podman, i'm assuming most of the switches / parameters match that of docker - if that is the case one more thing you need to look at:
-v prometheus-fortigate:/config
because you're not prepending the prometheus-fortigate with ./
- it means you're trying to mount a volume named prometheus-fortigate
That volume needs to be created which i saw you handling in your script... but usually (on docker) that volume root directory on the host machine is created automatically and stored in the docker service's data directory,
if you wanted to do a simple volume mount of the dir without that extra bit of detail, just do:
-v ./prometheus-fortigate:/config
that way the folder ./prometheus-fortigate
(in your current pwd) is the folder mounted to /config
in the container, so put your fortigate-key.yml
in ./prometheus-fortigate
folder
Anyway, thats it from me
Good luck
Actally seems like you may have the key file mounted correctly because without it you'd get:
probe: no API authentication registered for "https://10.0.0.2"
So skip those checks,
just do the curl check to the fortigate firewall from the fortigate_exporter's host machine, making sure you get a 200 response first,
then fix the issue with your prometheus.yml pointing to 127.0.0.1 - it should be pointing to the container ip/hostname
Hello, i have setup a rootless environment with podman (Share the code if someone need it):
Here is the Fortigate Exporter:
fortigate-key.yaml:
Prometheus:
but when i go to "prometheus:9090/targets?search=FortigateExporter, it said connection refuse to the fortigate:![image](https://github.com/bluecmd/fortigate_exporter/assets/7697566/5ab076b4-1e40-478e-b200-bb3a399c6cc9)
But in the grafana server, where fortigate_exporter container is, I can connect:
curl -I -X GET http://127.0.0.1:9710/probe?target=https://10.0.0.2
return:
HTTP1.1 200 OK
Now, this cause:
So, what can be I missing to fail the implementation?