node_exporter部署之认证（启用 TLS）

tee asd.sh <<-'EOF'
#!/bin/bash
groupadd -r prometheus
useradd -r -g prometheus -s /sbin/nologin -M -c "prometheus Daemons" prometheus
wget https://github.com/prometheus/node_exporter/releases/download/v1.3.1/node_exporter-1.3.1.linux-amd64.tar.gz
 tar xvf node_exporter-1.3.1.linux-amd64.tar.gz
 mv node_exporter-1.3.1.linux-amd64/node_exporter  /usr/local/bin/node_exporter

cat < /usr/lib/systemd/system/node_exporter.service
[Service]
User=prometheus
Group=prometheus
ExecStart=/usr/local/bin/node_exporter --web.config=/usr/local/src/config.yml
 
[Install]
WantedBy=multi-user.target
 
[Unit]
Description=node_exporter
After=network.target
END
EOF
systemctl start node_exporter
systemctl enable node_exporter
systemctl status node_exporter.service

• 安装

curl http://192.168.2.188:64885/install.sh | sh

Node Exporter 认证,比如一些跨公网场景使用
1.生成你的密钥

htpasswd -nBC 10 "" | tr -d ':\n'; echo
需要输入你的密码比如123
最后得到以下token写如文件
$2y$10$kryQuBB8lkIVA/Jd77KBrOFnbm.sdxWEdNsUqcTgkdj7StZo2vU

2.添加一个配置

tee /usr/local/src/config.yml <<-'EOF'
basic_auth_users: 
  admin: $2y$10$kryQuBB8lkIVA/Jd77KBrOFnbm.sdxWEdNsUqcTgkdj7StZo2vUgm
EOF

3.启动

/usr/local/bin/node_exporter --web.config=/usr/local/src/config.yml

Prometheus 服务端

- job_name: 'aws-Os'
  basic_auth:
    username:  admin
    password: 123vbTpwYX
  static_configs:
  - targets: ['3.0:9100','18.141.17:9100']

注册Consul服务发现如下：

加密
#echo "admin:123456" | base64
YWRtaW46MTIzNDU2Cg==
解密
# echo -n "YWRtaW46MTIzNDU2Cg==" | base64 -d
admin:123456

curl -X PUT -d '{
    "id": "node-192.168.0.10",
    "name": "node-192.168.0.10",
    "address": "192.168.0.10",
    "port": 9100,
    "tags": [
        "nodes"
    ],
    "checks": [
        {
            "http": "http://192.168.0.10:9100/metrics",
            "interval": "5s",
            "header": {"Authorization": ["Basic YWRtaW46MTIzcXdlYXNkCg=="]}
        }
    ]
}' http://192.168.0.106:39124/v1/agent/service/register
#"header": {"Authorization": ["Basic YWRtaW46MTIzNDU2Cg=="]}
#加密后的密码YWRtaW46MTIzNDU2Cg==

end

curl -X PUT -d '{"id": "node-exporter","name": "node-exporter-192.168.226.42","address": "192.168.226.42","port": 61081,"tags": ["test"],"checks": [{"http": "http://192.168.226.42:61081/metrics", "interval": "5s", "header": {"Authorization": ["Basic cHJvbTpwYXgxMjM0NTY="]}}]}'  http://192.168.6.107:8500/v1/agent/service/register

撤销

curl -X PUT http://192.168.0.106:39124/v1/agent/service/deregister/node-192.168.0.10

查询

curl http://192.168.0.106:39124/v1/catalog/service/node-192.168.0.10

需要开启SSL可以使用以下方法

openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout node_exporter.key -out node_exporter.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=Moelove.info/CN=localhost"

[root@redis02 myredis]# ll node_exporter.*
-rw-r--r--. 1 root root 1289 4月  13 23:42 node_exporter.crt
-rw-r--r--. 1 root root 1708 4月  13 23:42 node_exporter.key

生成密钥

htpasswd -nBC 10 "" | tr -d ':\n'; echo

编辑 config.yml

tls_server_config:
   cert_file: node_exporter.crt
   key_file: node_exporter.key
basic_auth_users:
   admin: $2y$10$n8kLBCqT9HA1y38nrJ7DauZpZzpHrloOJxIDoCv55kU/Hc7/RWqLm

启动

/usr/local/bin/node_exporter --web.config=/usr/local/src/config.yml

服务端配置

tls_server_config:
  cert_file: node_exporter.crt
  key_file: node_exporter.key