From a9435ce3d745bef944e739d672efc9108253a296 Mon Sep 17 00:00:00 2001 From: Lucas Di Pentima Date: Wed, 25 Oct 2023 16:24:01 -0300 Subject: [PATCH] 20953: Properly pass auth data to HTTPS endpoints that need it. This makes all HTTP responses green (200) on the grafana dashboard. Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima --- .../aws/pillars/prometheus_server.sls | 79 ++++++++++++++++--- 1 file changed, 67 insertions(+), 12 deletions(-) diff --git a/tools/salt-install/config_examples/multi_host/aws/pillars/prometheus_server.sls b/tools/salt-install/config_examples/multi_host/aws/pillars/prometheus_server.sls index 143097b4a4..e6714ae8a7 100644 --- a/tools/salt-install/config_examples/multi_host/aws/pillars/prometheus_server.sls +++ b/tools/salt-install/config_examples/multi_host/aws/pillars/prometheus_server.sls @@ -28,9 +28,38 @@ prometheus: timeout: 5s http: valid_http_versions: [HTTP/1.1, HTTP/2] - valid_status_codes: [] # Default is [200] + valid_status_codes: [200] + method: GET + tls_config: + insecure_skip_verify: true # Avoid failures on self-signed certs fail_if_ssl: false - fail_if_not_ssl: false + fail_if_not_ssl: true + http_2xx_mngmt_token: + prober: http + timeout: 5s + http: + valid_http_versions: [HTTP/1.1, HTTP/2] + valid_status_codes: [200] + method: GET + bearer_token: __MANAGEMENT_TOKEN__ + tls_config: + insecure_skip_verify: true # Avoid failures on self-signed certs + fail_if_ssl: false + fail_if_not_ssl: true + http_2xx_basic_auth: + prober: http + timeout: 5s + http: + valid_http_versions: [HTTP/1.1, HTTP/2] + valid_status_codes: [200] + method: GET + basic_auth: + username: "__MONITORING_USERNAME__" + password: "__MONITORING_PASSWORD__" + tls_config: + insecure_skip_verify: true # Avoid failures on self-signed certs + fail_if_ssl: false + fail_if_not_ssl: true prometheus: service: args: @@ -57,30 +86,56 @@ prometheus: params: module: [http_2xx] static_configs: - - targets: ['https://__DOMAIN__'] - labels: - instance: controller.__CLUSTER__ - targets: ['https://workbench.__DOMAIN__'] labels: instance: workbench.__CLUSTER__ - targets: ['https://workbench2.__DOMAIN__'] labels: instance: workbench2.__CLUSTER__ - - targets: ['https://download.__DOMAIN__'] + - targets: ['https://webshell.__DOMAIN__'] + labels: + instance: webshell.__CLUSTER__ + relabel_configs: + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - target_label: __address__ + replacement: 127.0.0.1:9115 # blackbox exporter. + + - job_name: http_probe_mngmt_token + metrics_path: /probe + params: + module: [http_2xx_mngmt_token] + static_configs: + - targets: ['https://__DOMAIN__/_health/ping'] + labels: + instance: controller.__CLUSTER__ + - targets: ['https://download.__DOMAIN__/_health/ping'] labels: instance: download.__CLUSTER__ + - targets: ['https://ws.__DOMAIN__/_health/ping'] + labels: + instance: ws.__CLUSTER__ + relabel_configs: + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - target_label: __address__ + replacement: 127.0.0.1:9115 # blackbox exporter. + + - job_name: http_probe_basic_auth + metrics_path: /probe + params: + module: [http_2xx_basic_auth] + static_configs: - targets: ['https://grafana.__DOMAIN__'] labels: instance: grafana.__CLUSTER__ - targets: ['https://prometheus.__DOMAIN__'] labels: instance: prometheus.__CLUSTER__ - - targets: ['https://webshell.__DOMAIN__'] - labels: - instance: webshell.__CLUSTER__ - - targets: ['https://ws.__DOMAIN__'] - labels: - instance: ws.__CLUSTER__ relabel_configs: - source_labels: [__address__] target_label: __param_target -- 2.30.2