luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

adding prometheus info to make more self-service (#8312)

Browse source
This commit is contained in:
Mike Green 2020-03-02 09:21:50 -07:00 committed by GitHub
parent 5b09fc6c43
commit 0e08162cd2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 33 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
website/pages/docs/configuration/telemetry.mdx
View file

@ -141,29 +141,46 @@ These `telemetry` parameters apply to
### `prometheus` ### `prometheus`
~> **Note:** The `/v1/sys/metrics` endpoint is only accessible on active nodes
and automatically disabled on standby nodes. You can enable the `/v1/sys/metrics`
endpoint on standby nodes by [enabling unauthenticated metrics access][telemetry-tcp].
These `telemetry` parameters apply to These `telemetry` parameters apply to
[prometheus](https://prometheus.io). [prometheus](https://prometheus.io).
- `prometheus_retention_time` `(string: "24h")` - Specifies the amount of time that - `prometheus_retention_time` `(string: "24h")` - Specifies the amount of time that
prometheus metrics are retained in memory. It is recommended to also enable the option Prometheus metrics are retained in memory.
`disable_hostname` to avoid having prefixed metrics with hostname. Vault does not use the - `disable_hostname` `(bool: false)` - It is recommended to also enable the option
default Prometheus path, so Prometheus must be configured as follows. Note that using `disable_hostname` to avoid having prefixed metrics with hostname.
`?format=prometheus` in the path won't work as "?" will be escaped, so it must be specified
as a parameter. Additionally a Vault token is required to access /v1/sys/metrics. The prometheus The `/v1/sys/metrics` endpoint is only accessible on active nodes
`bearer_token` or `bearer_token_file` options must be added to the scrape job. and automatically disabled on standby nodes. You can enable the `/v1/sys/metrics`
endpoint on standby nodes by [enabling unauthenticated metrics access][telemetry-tcp].
Vault does not use the default Prometheus path, so Prometheus must be configured
with the path below.
Note that using `?format=prometheus` in the path won't work as "?" will be
escaped, so it must be specified as a parameter.
A Vault token is required with `capabilities = ["read", "list"]` to
/v1/sys/metrics. The Prometheus `bearer_token` or `bearer_token_file` options
must be added to the scrape job.
An example job_name stanza required in the [Prometheus config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) is provided below.
``` ```
metrics_path: "/v1/sys/metrics" # prometheus.yml
params: scrape_configs:
format: ['prometheus'] - job_name: 'vault'
bearer_token: your_vault_token_here metrics_path: "/v1/sys/metrics"
params:
format: ['prometheus']
scheme: https
tls_config:
ca_file: your_ca_here.pem
bearer_token: "your_vault_token_here"
static_configs:
- targets: ['your_vault_server_here:8200']
``` ```
An example telemetry configuration to be added to Vault's configuration file is shown below:
```hcl ```hcl
telemetry { telemetry {
prometheus_retention_time = "30s", prometheus_retention_time = "30s",
@ -212,3 +229,4 @@ telemetry {
``` ```
[telemetry-tcp]: /docs/configuration/listener/tcp#telemetry [telemetry-tcp]: /docs/configuration/listener/tcp#telemetry