Environment
- YugabyteDB Anywhere
Overview
- Often times, Users want to enable authentication for prometheus. This knowledge-base article describes the steps to enable the basic authentication for Prometheus.
NOTE: It is advisable to enable TLS (HTTPS) first before turning on User Authentication in Prometheus to prevent sending the username and password in plain text over the network.
Steps to Enable HTTPS and Authentication for Prometheus
-
Connect to Yugabyte Anywhere Server:
- Use SSH to connect to your Yugabyte Anywhere server.
-
Check Current Status:
- As the root user, run the following command to check the current status of your services:
The output should look similar to this:$ yba-ctl status
YBA Url | Install Root | yba-ctl config | yba-ctl Logs | https://10.9.x.x | /opt/yugabyte | /opt/yba-ctl/yba-ctl.yml | /opt/yba-ctl/yba-ctl.log | Services: Systemd service | Version | Port | Log File Locations | Running Status | postgres | 14.11 | 5432 | /opt/yugabyte/data/logs/postgres.log | Running | prometheus | 2.47.1 | 9090 | /opt/yugabyte/data/prometheus/prometheus.log | Running | yb-platform | 2024.1.0.0-b129 | 443 | /opt/yugabyte/data/logs/application.log | Running |
- As the root user, run the following command to check the current status of your services:
-
Locate Configuration File:
- Identify the location of the
yba-ctl
configuration file. In this example, it is located at/opt/yba-ctl/yba-ctl.yml
.
- Identify the location of the
-
Edit Configuration File:
- Open the configuration file in your preferred text editor and locate the
prometheus
section. The configuration should look like this:prometheus: port: 9090 restartSeconds: 10 # time (in seconds) to sleep before restarting prometheus service scrapeInterval: 10s # time between prometheus data scrapes scrapeTimeout: 10s # time before a scrape request times out maxConcurrency: 20 # max number of queries to execute concurrently maxSamples: 5000000 # max number of samples prometheus can load to process single query timeout: 30s # time before a query times out retentionTime: 15d # time to retain metrics enableHttps: false # enable HTTPS for prometheus web UI enableAuth: false # enable authentication for prometheus authUsername: prometheus # username to authenticate to prometheus (if enableAuth) authPassword: "" # password to authenticate to prometheus (if enableAuth) oomScoreAdjust: 500 # OOMScoreAdjust value for the prometheus systemd service
- Open the configuration file in your preferred text editor and locate the
-
Update Configuration:
- Modify the
prometheus
section to enable HTTPS and authentication. SetenableHttps
andenableAuth
totrue
, and specify the desiredauthUsername
andauthPassword
. Here is an example:enableHttps: true # enable HTTPS for prometheus web UI enableAuth: true # enable authentication for prometheus authUsername: prometheus # username to authenticate to prometheus (if enableAuth) authPassword: password # password to authenticate to prometheus (if enableAuth)
- Modify the
-
Apply Changes:
- Save the configuration file and run the following command to apply the changes. Please not that this will restart all associated services:
$ yba-ctl reconfigure
- Save the configuration file and run the following command to apply the changes. Please not that this will restart all associated services:
Comments
0 comments
Please sign in to leave a comment.