Hello @ all,
we have Nabox 4 installed and running for our Ontap and our StorageGrid Metrics.
Is it possible to configure Harvest to send the collected Metrics for StorageGrid to an additional Prometheus that is not our Nabox?
Best Regards
Sandro
#Second Target for Storagegrid Metrics
zinc egret
plain elm
@zinc egret Prometheus is pull model workflow.
So, you could first check on which port harvest would be exporting the Ontap and StorageGrid metrics and then configure your new prometheus with those detail.
Prometheus would pull those metrics from those endpoints as per it's polling interval.
zinc egret
As described here?
https://netapp.github.io/harvest/25.08/prometheus-exporter/
plain elm
Yes, refer to the Prometheus doc link https://prometheus.io/docs/prometheus/latest/getting_started/
plain elm
@torpid lark , Can you add more detail here
torpid lark
Does this help ? You can pull harvest metrics from another prometheus instance https://nabox.org/documentation/proxy_mode/
zinc egret
@torpid lark seemst what i am searching. Thank you for the Link will look into it 🙂
zinc egret
@torpid lark thanks again for the documentation
is it possible to create a dedicated credential for accessing https://<nabox_ip>/havrest/proxy/{port}/metrics ?
We need to make metrics accessible for another team in our company.
torpid lark
That’s a good point, there is no rbac currently so an api key has access to all NAbox configuration.
Is that your concern ?
zinc egret
Yes my concern is that if i open the link i have to login into nabox admin.
I dont want the other team being able to modify things in our nabox admin env
zinc egret
This is on the latest version if i checked right, right?
torpid lark
Yep, 4.1.0 !
zinc egret
@torpid lark if we try to connect to the proxy with a Bearer Token or Basic Auth we get a redirect to the loginpage
https://ournabox.logs/login?redirect=/havrest/proxy/xxxxx/metrics
torpid lark
Can you check /etc/nabox/secrets/api-tokens see what scope is defined for this token ?
Seems to be working here : curl -k -v -H "Authorization: Bearer 33cd784ba2dd42e5ad56c72de879cf9f" https://nabox.fr.netapp.com/havrest/proxy/12001/metrics
zinc egret
I will check.
Important Info: this is still v4.0.11
cat /etc/nabox/secrets/api-tokens
6c80a24228d347ca844c......... _havrest
.....3ef6e95641df9ce52b..... Grafana Alloy Scraper
torpid lark
Oh ok so no scope. Yes it’s possible proxy isn’t under token auth and requires guest access
I can check
torpid lark
Confirmed, that's 4.0.11 behaviour
Once you upgrade to 4.1, all tokens will be granted all scopes by default. You can delete them and generate scoped ones to limit access
zinc egret
@torpid lark
After the Upgrade on my Test System i get this service error state
Welcome to NAbox !
Visit https://nabox.org/ for more informations.
This shell is intended for advanced users or use as instructed by support for troubleshooting purposes.
Failed Units: 1
issuegen.service
sudo journalctl -u issuegen.service
Nov 21 07:49:39 grafanak001 systemd[1]: Starting issuegen.service - Generate /run/issue...
Nov 21 07:49:39 grafanak001 systemd[1]: issuegen.service: Deactivated successfully.
Nov 21 07:49:39 grafanak001 systemd[1]: Finished issuegen.service - Generate /run/issue.
Nov 21 07:52:45 grafanak001 systemd[1]: Starting issuegen.service - Generate /run/issue...
Nov 21 07:52:45 grafanak001 cp[3179]: cp: cannot stat '/usr/share/nabox/issue/webui': No such file or directory
Nov 21 07:52:45 grafanak001 systemd[1]: issuegen.service: Control process exited, code=exited, status=1/FAILURE
Nov 21 07:52:45 grafanak001 systemd[1]: issuegen.service: Failed with result 'exit-code'.
Nov 21 07:52:45 grafanak001 systemd[1]: Failed to start issuegen.service - Generate /run/issue.
-- Boot b8c0cc45dc8145bf812bf4b76303fd23 --