[英]Problems in registering ec2 instances running behind a load balancer as targets in prometheus
My Setup I have setup prometheus and grafana on a machine - M1 I have a AWS Load balancer (LB1) which is forwarding the requests to app instances and handling the ssl part.我的设置我在机器上设置了 prometheus 和 grafana - M1 我有一个 AWS 负载均衡器 (LB1),它将请求转发到应用程序实例并处理 ssl 部分。 Load Balancer has one listener listening on https:443 and is forwarding requests to Target group(TG1) which has 2 EC2 instances (I1, I2).负载均衡器有一个侦听器侦听 https:443 并将请求转发到具有 2 个 EC2 实例(I1、I2)的目标组 (TG1)。 Each EC2 instance is also running nginx.每个 EC2 实例也在运行 nginx。
Request lifecycle : Browser requests -> https://api.example.com请求生命周期:浏览器请求 -> https://api.example.com
The problem is coming when i am trying to fetch metrics from prometheus using node exporter from each of the instances(I1 & I2).当我尝试使用来自每个实例(I1 和 I2)的节点导出器从普罗米修斯获取指标时,问题就来了。 I have installed the node exporter in each of the instances which is running.我已经在每个正在运行的实例中安装了节点导出器。 How do I register Instance I1 & Instance I2 as targets in prometheus.yml file?如何将实例 I1 和实例 I2 注册为 prometheus.yml 文件中的目标?
I have tries 2 approaches:我尝试了两种方法:
Approach 1:方法一:
Using load balancer -使用负载均衡器 -
I simply installed node exporter in each of the instances and running node exporter on port 9100. Incoming requests to the machine from load balancer will be forwarded to localhost:9100/metrics by nginx.我只是在每个实例中安装了节点导出器,并在端口 9100 上运行节点导出器。从负载均衡器到机器的传入请求将通过 nginx 转发到 localhost:9100/metrics。
Example prometheus.yml file:示例 prometheus.yml 文件:
- job_name: "node_exporter"
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
scheme: "https"
metrics_path: "/node-exporter/metrics"
static_configs:
- targets: ["api.example.com:443"]
basic_auth:
username: 'username'
password: 'password'
The problem here is it registers just one host as the target.这里的问题是它只将一台主机注册为目标。 I was expecting to see two hosts on prometheus with the same name.我期待在普罗米修斯上看到两个同名的主机。
Question:问题:
Approach 2:方法二:
Using IP address -使用 IP 地址 -
I registered the IP address as a prometheus target and opened the ports on machines.我将 IP 地址注册为普罗米修斯目标并打开了机器上的端口。
Example prometheus.yml file:示例 prometheus.yml 文件:
- job_name: "node_exporter"
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
scheme: "http"
metrics_path: "/node-exporter/metrics"
static_configs:
- targets: ["162.x.y.1:9100", "162.x.y.2:9100"]
basic_auth:
username: 'username'
password: 'password'
The problem here how do i make it work with https scheme?这里的问题是如何让它与 https 方案一起使用?
Question:问题:
Summary:概括:
What is the best way to set up prometheus to start gathering metrics from machines running behind AWS Load balancer in a single target group and accessible via common domain name?设置 prometheus 以开始从单个目标组中运行在 AWS 负载均衡器后面的机器收集指标并可通过公共域名访问的最佳方法是什么? How do i register the prometheus targets in this case?在这种情况下我如何注册普罗米修斯目标?
I was finally able to figure it out.我终于弄明白了。 As long as things were on the HTTP scheme, everything worked great.只要事情在 HTTP 方案上,一切都很好。 I was facing challenges when I tried to use HTTPS scheme for multiple targets under a job.当我尝试对一个工作下的多个目标使用 HTTPS 方案时,我遇到了挑战。
Since I have 2 EC2 instances running behind a load balancer, so I don't have DNS names for them.因为我有 2 个 EC2 实例在负载均衡器后面运行,所以我没有它们的 DNS 名称。 I had to work with the IP addresses.我必须使用 IP 地址。
Finally, I was able to make it work using self-signed SSL certificates which I used for NGINX and configuring Prometheus to ignore SSL verification .最后,我能够使用我用于 NGINX 的自签名 SSL 证书使其工作,并将Prometheus 配置为忽略 SSL 验证。
Now, the only thing is that I have to do this on each of the instances that I want to monitor.现在,唯一的事情是我必须在我想要监视的每个实例上执行此操作。
My prometheus.yml file looks something like this:我的 prometheus.yml 文件看起来像这样:
- job_name: "node_exporter"
scheme: "https"
static_configs:
- targets: ["192.x.y.z:443"]
tls_config:
insecure_skip_verify: true
basic_auth:
username: 'username'
password: 'password'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.