prometheus ssl connection

Signed-off-by: hwassman <[email protected]>

Author: Helene

examples/prometheus_config_file/prometheus.yml

@@ -0,0 +1,126 @@
+# my global config
+global:
+  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
+  # scrape_timeout is set to the global default (10s).
+  query_log_file: /var/log/prometheus/query.log
+
+# Alertmanager configuration
+alerting:
+  alertmanagers:
+    - static_configs:
+        - targets:
+          # - alertmanager:9093
+
+# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
+rule_files:
+  # - "first_rules.yml"
+  # - "second_rules.yml"
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: 'prometheus'
+
+    # metrics_path defaults to '/metrics'
+    # scheme defaults to 'http'.
+
+    static_configs:
+      - targets: ["<prometheus_server_ip>:9090"]
+
+  - job_name: 'CPU'
+    scrape_interval: 1s
+    honor_timestamps: true
+    metrics_path: '/metrics_cpu'
+    scheme: https
+    tls_config:
+      cert_file: /etc/prometheus/certs/cert.pem
+      key_file: /etc/prometheus/certs/privkey.pem
+      insecure_skip_verify: true
+    static_configs:
+    - targets: ['<grafana_bridge_ip>:9250']
+
+  - job_name: 'Load'
+    scrape_interval: 1s
+    honor_timestamps: true
+    metrics_path: '/metrics_load'
+    scheme: https
+    tls_config:
+      cert_file: /etc/prometheus/certs/cert.pem
+      key_file: /etc/prometheus/certs/privkey.pem
+      insecure_skip_verify: true
+    static_configs:
+    - targets: ['<grafana_bridge_ip>:9250'] 
+
+  - job_name: 'Memory'
+    scrape_interval: 1s
+    honor_timestamps: true
+    metrics_path: '/metrics_memory'
+    scheme: https
+    tls_config:
+      cert_file: /etc/prometheus/certs/cert.pem
+      key_file: /etc/prometheus/certs/privkey.pem
+      insecure_skip_verify: true
+    static_configs:
+    - targets: ['<grafana_bridge_ip>:9250']
+
+  - job_name: 'Network'
+    scrape_interval: 1s
+    honor_timestamps: true
+    metrics_path: '/metrics_network'
+    scheme: https
+    tls_config:
+      cert_file: /etc/prometheus/certs/cert.pem
+      key_file: /etc/prometheus/certs/privkey.pem
+      insecure_skip_verify: true
+    static_configs:
+    - targets: ['<grafana_bridge_ip>:9250']
+
+  - job_name: 'Netstat'
+    scrape_interval: 1s
+    honor_timestamps: true
+    metrics_path: '/metrics_netstat'
+    scheme: https
+    tls_config:
+      cert_file: /etc/prometheus/certs/cert.pem
+      key_file: /etc/prometheus/certs/privkey.pem
+      insecure_skip_verify: true
+    static_configs:
+    - targets: ['<grafana_bridge_ip>:9250']
+
+  - job_name: 'DiskFree'
+    scrape_interval: 600s
+    honor_timestamps: true
+    metrics_path: '/metrics_diskfree'
+    scheme: https
+    tls_config:
+      cert_file: /etc/prometheus/certs/cert.pem
+      key_file: /etc/prometheus/certs/privkey.pem
+      insecure_skip_verify: true
+    static_configs:
+    - targets: ['<grafana_bridge_ip>:9250']
+
+  - job_name: 'GPFSFileset'
+    scrape_interval: 300s
+    honor_timestamps: true
+    metrics_path: '/metrics_gpfs_fileset'
+    scheme: https
+    tls_config:
+      cert_file: /etc/prometheus/certs/cert.pem
+      key_file: /etc/prometheus/certs/privkey.pem
+      insecure_skip_verify: true
+    static_configs:
+    - targets: ['<grafana_bridge_ip>:9250']
+
+  - job_name: 'GPFSPool'
+    scrape_interval: 300s
+    honor_timestamps: true
+    metrics_path: '/metrics_gpfs_pool'
+    scheme: https
+    tls_config:
+      cert_file: /etc/prometheus/certs/cert.pem
+      key_file: /etc/prometheus/certs/privkey.pem
+      insecure_skip_verify: true
+    static_configs:
+    - targets: ['<grafana_bridge_ip>:9250']

source/confParser.py

@@ -23,6 +23,7 @@
 import argparse
 import os
 from messages import MSG
+from metaclasses import Singleton
 import configparser
 import getpass
 
@@ -35,12 +36,22 @@ def checkFileExists(path, filename):
 
 
 def checkTLSsettings(args):
-    if args.get('protocol') == "https" and (not args.get('tlsKeyPath') or not args.get('tlsKeyFile') or not args.get('tlsCertFile')):
+    if args.get('prometheus') and (not args.get('tlsKeyPath') or not
+                                   args.get('tlsKeyFile') or not
+                                   args.get('tlsCertFile')):
+        return False, MSG['MissingSSLCert']
+    elif args.get('protocol') == "https" and (not args.get('tlsKeyPath') or not
+                                              args.get('tlsKeyFile') or not
+                                              args.get('tlsCertFile')
+                                              ):
         return False, MSG['MissingParm']
     elif args.get('protocol') == "https" and not os.path.exists(args.get('tlsKeyPath')):
         return False, MSG['KeyPathError']
     elif args.get('protocol') == "https":
-        if (not checkFileExists(args.get('tlsKeyPath'), args.get('tlsCertFile'))) or (not checkFileExists(args.get('tlsKeyPath'), args.get('tlsKeyFile'))):
+        if (not checkFileExists(
+            args.get('tlsKeyPath'), args.get('tlsCertFile'))
+            ) or (not checkFileExists(
+                args.get('tlsKeyPath'), args.get('tlsKeyFile'))):
             return False, MSG['CertError']
     return True, ''
 
@@ -107,13 +118,13 @@ def merge_defaults_and_args(defaults, args):
     return brConfig
 
 
-class Singleton(type):
-    _inst = {}
+#class Singleton(type):
+#   _inst = {}
 
-    def __call__(clazz, *args, **kwargs):
-        if clazz not in clazz._inst:
-            clazz._inst[clazz] = super(Singleton, clazz).__call__(*args, **kwargs)
-        return clazz._inst[clazz]
+#    def __call__(clazz, *args, **kwargs):
+#        if clazz not in clazz._inst:
+#            clazz._inst[clazz] = super(Singleton, clazz).__call__(*args, **kwargs)
+#        return clazz._inst[clazz]
 
 
 class ConfigManager(object, metaclass=Singleton):

source/config.ini

@@ -1,6 +1,8 @@
 ##################### OpenTSDB API Connection Defaults ########################
 [connection]
-# port number the bridge listening on for Grafana data requests
+# Port number the bridge listening on for Grafana data requests over
+# OpentTSDB plugin
+# 
 # 4242 - for HTTP connections 
 # 8443 - for HTTPS connections 
 # (Default: 4242)
@@ -9,7 +11,13 @@ port = 4242
 # Protocol (http, https)
 protocol = http
 
-#################################### OpenTSDB API SSL OAuth ##################
+##################### Prometheus Exporter API Connection Defaults #############
+# Port number the bridge listening on for Prometheus server https requests;
+# ssl cert and key configuration required
+
+# prometheus = 9250
+
+#################################### API SSL OAuth ############################
 [tls]
 # Directory path of tls key and cert file location
 #tlsKeyPath = /etc/bridge_cert/certs
@@ -20,8 +28,7 @@ protocol = http
 # Name of tls certificate file
 #tlsCertFile = cert.pem
 
-##################### Prometheus Connection Defaults ##########################
-# prometheus = 9250
+
 
 #################################### GPFS Server ##############################
 [server]
@@ -62,7 +69,8 @@ includeDiskData = no
 # Directory where the bridge can store logs
 logPath = /var/log/ibm_bridge_for_grafana
 
-# log level 10 (DEBUG), 15 (MOREINFO), 20 (INFO), 30 (WARN), 40 (ERROR) (Default: 15)
+# log level 5 (TRACE) 10 (DEBUG), 15 (MOREINFO), 20 (INFO), 30 (WARN), 
+# 40 (ERROR) (Default: 15)
 logLevel = 15
 
 # Log file name (Default: zserver.log)

source/messages.py

@@ -28,8 +28,9 @@
 MSG = {'IntError': 'Server internal error occurred. Reason: {}',
        'sysStart': 'Initial cherryPy server engine start have been invoked. Python version: {}, cherryPy version: {}.',
        'MissingParm': 'Missing mandatory parameters, quitting',
+       'MissingSSLCert': 'Missing ssl key and certificate configuration, quitting',
        'KeyPathError': 'KeyPath directory not found, quitting',
-       'CertError': 'Missing certificates in tht specified keyPath directory, quitting',
+       'CertError': 'Missing certificates in the specified keyPath directory, quitting',
        'CollectorErr': 'Failed to initialize connection to pmcollector: {}, quitting',
        'MetaError': 'Metadata could not be retrieved. Check log file for more details, quitting',
        'MetaSuccess': 'Successfully retrieved MetaData',

source/zimonGrafanaIntf.py

@@ -109,16 +109,12 @@ def bind_prometheus_server(args):
     prometheus_server = cherrypy._cpserver.Server()
     prometheus_server.socket_port = args.get('prometheus')
     prometheus_server._socket_host = '0.0.0.0'
-    prometheus_server.subscribe()
-
-
-def updateCherrypySslConf(args):
     certPath = os.path.join(args.get('tlsKeyPath'), args.get('tlsCertFile'))
     keyPath = os.path.join(args.get('tlsKeyPath'), args.get('tlsKeyFile'))
-    sslConfig = {'global': {'server.ssl_module': 'builtin',
-                            'server.ssl_certificate': certPath,
-                            'server.ssl_private_key': keyPath}}
-    cherrypy.config.update(sslConfig)
+    prometheus_server.ssl_module = 'builtin'
+    prometheus_server.ssl_certificate = certPath
+    prometheus_server.ssl_private_key = keyPath
+    prometheus_server.subscribe()
 
 
 def resolveAPIKeyValue(storedKey):