adding prometheus info to make more self-service (#8312)

This commit is contained in:
Mike Green 2020-03-02 09:21:50 -07:00 committed by GitHub
parent 5b09fc6c43
commit 0e08162cd2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -141,29 +141,46 @@ These `telemetry` parameters apply to
### `prometheus`
~> **Note:** The `/v1/sys/metrics` endpoint is only accessible on active nodes
and automatically disabled on standby nodes. You can enable the `/v1/sys/metrics`
endpoint on standby nodes by [enabling unauthenticated metrics access][telemetry-tcp].
These `telemetry` parameters apply to
[prometheus](https://prometheus.io).
- `prometheus_retention_time` `(string: "24h")` - Specifies the amount of time that
prometheus metrics are retained in memory. It is recommended to also enable the option
`disable_hostname` to avoid having prefixed metrics with hostname. Vault does not use the
default Prometheus path, so Prometheus must be configured as follows. Note that using
`?format=prometheus` in the path won't work as "?" will be escaped, so it must be specified
as a parameter. Additionally a Vault token is required to access /v1/sys/metrics. The prometheus
`bearer_token` or `bearer_token_file` options must be added to the scrape job.
Prometheus metrics are retained in memory.
- `disable_hostname` `(bool: false)` - It is recommended to also enable the option
`disable_hostname` to avoid having prefixed metrics with hostname.
The `/v1/sys/metrics` endpoint is only accessible on active nodes
and automatically disabled on standby nodes. You can enable the `/v1/sys/metrics`
endpoint on standby nodes by [enabling unauthenticated metrics access][telemetry-tcp].
Vault does not use the default Prometheus path, so Prometheus must be configured
with the path below.
Note that using `?format=prometheus` in the path won't work as "?" will be
escaped, so it must be specified as a parameter.
A Vault token is required with `capabilities = ["read", "list"]` to
/v1/sys/metrics. The Prometheus `bearer_token` or `bearer_token_file` options
must be added to the scrape job.
An example job_name stanza required in the [Prometheus config](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config) is provided below.
```
metrics_path: "/v1/sys/metrics"
params:
# prometheus.yml
scrape_configs:
- job_name: 'vault'
metrics_path: "/v1/sys/metrics"
params:
format: ['prometheus']
bearer_token: your_vault_token_here
scheme: https
tls_config:
ca_file: your_ca_here.pem
bearer_token: "your_vault_token_here"
static_configs:
- targets: ['your_vault_server_here:8200']
```
An example telemetry configuration to be added to Vault's configuration file is shown below:
```hcl
telemetry {
prometheus_retention_time = "30s",
@ -212,3 +229,4 @@ telemetry {
```
[telemetry-tcp]: /docs/configuration/listener/tcp#telemetry