Prometheus于2.24版本(包括2.24)之后提供Basic Auth功能进行加密访问,在浏览器登录UI的时候需要输入用户密码,访问Prometheus api的时候也需要加上用户密码。
bash
查看版本
prometheus --version
# python脚本生成加密串
import bcrypt
def genPass():
password = input("请输入密码: ")
hashed = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
print(hashed.decode())
if __name__ == "__main__":
genPass()
# 添加配置
# set basic auth
basic_auth_users:
admin: $2b$12$eBDOMdrUnLuzzp7cRy7Kp.0lhQcYi7gy2dSH2xexotT2lMX1n9aly
# 校验配置
./promtool check web-config web-config.yml
# prometheus.yml配置修改
# my global config
global:
scrape_interval: 15s
evaluation_interval: 15s
alerting:
alertmanagers:
- static_configs:
- targets:
rule_files:
scrape_configs:
- job_name: "prometheus"
basic_auth:
username: admin
password: 123456
static_configs:
- targets: ["localhost:9090"]
labels:
app: "prometheus"
- job_name: "node_wlinux01"
static_configs:
- targets: ["192.168.139.131:9100"]
labels:
app: "node_wlinux01"
# 启动脚本参考
[Unit]
Description=prometheus service
After=network.target
[Service]
User=prometheus
ExecStart=/usr/bin/prometheus --config.file=/opt/prometheus/prometheus.yml \
--storage.tsdb.path=/var/lib/prometheus \
--web.config.file=/opt/prometheus/web-config.yml
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -QUIT $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target