Prometheus -NodeExporter设置密码

发表于 更新于 分类于 阅读次数: 阅读次数: Artalk: 本文字数: 2k 阅读时长 ≈ 2 分钟

Prometheus(2)–Prometheus监控主机信息-Node-Exporter - 点击领取 (dianjilingqu.com)
Prometheus Node Export 基于用户名密码访问_wx5bcd2f496a1cf的技术博客_51CTO博客

安装NodeExporter

下载地址:https://github.com/prometheus/node_exporter/releases/tag

命令:wget https://github.com/prometheus/node_exporter/releases/download/v1.5.0/node_exporter-1.5.0.linux-amd64.tar.gz
解压:`tar -zxvf node_exporter-1.5.0.linux-amd64.tar.gz -C /usr/local/sofewares/node_exporter

配置密码

`
生成基本认证密码

  • apt install apache2-utils
  • htpasswd -nBC 12 '' | tr -d ':\n'

新建配置文件:

1
2
basic_auth_users:
  prometheus: $2y$12$y4PaNc0UM0Jzi07jJf6zcuRFyp2GlH6F5rUKcE.xk3Aug2khcqa7m

安装到sysntemctl:

  • 编辑service文件:vim /etc/systemd/system/node_exporter.service
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    [Unit]
    Description=node_exporter Monitoring System
    Documentation=node_exporter Monitoring System
    After=network.target 

    [Service]
    Type=simple
    User=root 
    ExecStart=/usr/local/sofewares/node_exporter/node_exporter --web.listen-address=:9100 --web.config.file=/usr/local/sofewares/node_exporter/node-exporterconfig.yml
    Restart=on-failure

    [Install]
    WantedBy=multi-user.target
  • 开启自启
    1
    2
    3
    4
    systemctl daemon-reload
    systemctl start node_exporter.service
    systemctl status node_exporter.service
    systemctl enable node_exporter.service

开启TLS证书

自签名证书

  • 生成证书文件:openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout node_exporter.key -out node_exporter.crt -subj “/C=CN/ST=Beijing/L=Beijing/O=test.cn/CN=localhost”
    加入node-exporterconfig.yml
    1
    2
    3
    tls_server_config: 
     cert_file: node_exporter.crt 
     key_file: node_exporter.key
  • Prometheus配置开启TLS
    1
    2
    3
    4
    5
    6
    7
    8
    9
    - job_name: 'node_exporter'
      scheme: https
      tls_config:
        ca_file: node_exporter.crt(自签名证书)
      basic_auth:
        username: node-exporter 用户名
        password: 密码  
      static_configs:
      - targets: ['xxxx:9100']

CA证书

自行使用acme或域名供应生申请ssl

配置node-exporterconfig.yml

1
2
3
tls_server_config: 
 cert_file: CA证书
 key_file: CA key
  • Prometheus配置开启TLS
    1
    2
    3
    4
    5
    6
    7
    - job_name: 'node_exporter'
      scheme: https
      basic_auth:
        username: node-exporter 用户名
        password: 密码  
      static_configs:
      - targets: ['xxxx:9100']