Prometheus is an open-source systems monitoring and alerting toolkit that provides a data model for describing and recording metrics over time and also provides a web application to display those metrics. Prometheus can be configured to fetch metrics from a third party system by means of a software entity called a Prometheus exporter. A Prometheus exporter collects metrics from a third party system, converts them to Prometheus metrics and exposes them via a resource path.
VAST Cluster provides a Prometheus exporter resource in the VMS REST API. The VAST Prometheus exporter can fetch pre-defined metrics from the VMS database and return the data as a plain/text key-value format response. You can configure the Prometheus server to scrape the metrics from the exporter at a chosen interval and display the VMS metrics through its display applications.
For information about how to configure the Prometheus server to collect metrics from the VMS Prometheus exporter, read about Prometheus configuration.
The following are guidelines for providing some of the key parameters in the
scrape_configs section of the Prometheus server configuration file:
metrics_path. This is the HTTP resource path from which to fetch metrics from VMS. Set this to
/api/prometheusmetrics/exactly as shown in the snippet below.
static configssection, where
targetsis set to the target IP
<EXPORTER_HOST>in the snippet below, specify the cluster's VMS virtual IP in place of
<EXPORTER_HOST>. This is the IP that you use to browse to the VAST Web UI. Set the port to 443 as shown in the snippet.
To authenticate to the VMS REST API using basic authentication, provide a VMS manager user name and password in the
A VMS manager user granted the minimum read-only role has sufficient permissions for calling the
/api/prometheusmetrics/endpoint. The read-only role is a built in default role that you can assign to a manager user. For information about creating and modifying managers and roles, see Authorizing VMS Access and Permissions.
When viewing a saved configuration on the Prometheus server, the password is hidden and displayed as a secret. For example:
... basic_auth: username: prometheus password: <secret> ...
VMS REST API supports basic authentication and authentication over HTTPS secured by JSON Web Tokens (JWTs).
For information about generating and using JWTs, see Authenticating to the VMS REST API in the VMS REST API documentation, which is available at
https://<VMS_VIP>/docs/index.htmlfrom within your VMS management network (where
<VMS_VIP>is your VMS virtual IP address for accessing the VAST Web UI).
Set the TLS configuration to verify or to skip client side validation of the VMS SSL certificate as needed to ensure that an HTTPS connection with VMS will succeed. This will depend on your VMS TlS configuration, such as whether you have a CA-signed certificate installed in VMS. See Prometheus configuration instructions for configuration options for specifying the TLS client configuration in the
tls_configsection. In the example shown in the snippet below, client side validation of the certificate is skipped.
The following is a snippet of a sample Prometheus server configuration file:
global: scrape_interval: 15s # By default, scrape targets every 15 seconds. # Attach these labels to any time series or alerts when communicating with # external systems (federation, remote storage, Alertmanager). external_labels: monitor: 'codelab-monitor' # A scrape configuration containing exactly one endpoint to scrape: # Here it's Prometheus itself. scrape_configs: - job_name: 'vast' scheme: https scrape_interval: 5s metrics_path: '/api/prometheusmetrics/' static_configs: - targets: ['<EXPORTER_HOST>:443'] basic_auth: username: '<USER_NAME>' password: '<PASSWORD>' tls_config: insecure_skip_verify: true