Please clarify how to collect metrics from RabbitMQ with auth about helmchart HOT 20 CLOSED

Thx, it is working, but without single quotes ;)

      - selector: redis
        template: |
          - module: redis
            name: redis-{{.TUID}}
            address: redis://:{{ get .Env "NETDATA_SD_AUTH_PASS" }}@{{.Address}}

But for consistency, better

      - selector: redis
        template: |
          - module: redis
            name: redis-{{.TUID}}
            address: redis://{{ get .Env "NETDATA_SD_AUTH_USER" }}:{{ get .Env "NETDATA_SD_AUTH_PASS" }}@{{.Address}}

from helmchart.

@rerime thanks for help/testing, not really sure why it doesn't work with single quotes 🤔 If you want you can make a PR with Redis btw (after #280 is merged).

from helmchart.

Hi, @rerime. How do you set credentials for RabbitMQ container?

from helmchart.

Via definitions.json
example:

{
 "rabbit_version": "3.6.6",
 "users": [
  {
   "name": "user1",
   "password_hash": "pass1",
   "hashing_algorithm": "rabbit_password_hashing_sha256",
   "tags": ""
  },
  {
   "name": "adminuser",
   "password_hash": "adminpass",
   "hashing_algorithm": "rabbit_password_hashing_sha256",
   "tags": "administrator"
  }
 ],
 "vhosts": [
  {
   "name": "\/vhost1"
  },
  {
   "name": "\/vhost2"
  }
 ],
 "permissions": [
  {
   "user": "user1",
   "vhost": "\/vhost1",
   "configure": ".*",
   "write": ".*",
   "read": ".*"
  }
 ],
 "parameters": [],
 "policies": [],
 "queues": [],
 "exchanges": [],
 "bindings": []
}

from helmchart.

And this file is mounted to the rabbitmq container or do you pass some values via env variables?

from helmchart.

Only as file, I can pass as env also if it helps netdata

from helmchart.

Passing user/pass as env var will do. You can create a secret and set env vars from it. The service discovery thing collects all env vars keys/values and we can use them in netdata-child-sd-config-map.

from helmchart.

So I provide, but it didn't change anything.

      env:
        - name: RABBITMQ_DEFAULT_USER
          valueFrom:
            secretKeyRef:
              name: rabbitmq
              key: RABBITMQ_DEFAULT_USER
        - name: RABBITMQ_DEFAULT_PASS
          valueFrom:
            secretKeyRef:
              name: rabbitmq
              key: RABBITMQ_DEFAULT_PASS

Would be nice, if you add more information about service discovery mechanics
https://github.com/netdata/helmchart#configure-service-discovery

from helmchart.

@rerime yes, it doesn't work right now. We need to agree on env var names and I will update https://github.com/netdata/helmchart/blob/master/charts/netdata/sdconfig/child.yml

We need to agree on env var names

I think we need generic names we could use for all applications that support user/pass auth.

from helmchart.

@ilyam8 Thx for update!
I'm always create user netdata for server monitoring. May be add it and update docs.

from helmchart.

@rerime can you test #280?

• NETDATA_SD_AUTH_USER env var value is used as username for HTTP basic auth.
• NETDATA_SD_AUTH_PASS env var value is used as password for HTTP basic auth.

If it works I will update other jobs that support HTTP basic auth.

from helmchart.

@ilyam8
Works like a charm)
I've added:

        - name: NETDATA_SD_AUTH_USER
          valueFrom:
            secretKeyRef:
              name: rabbitmq
              key: RABBITMQ_DEFAULT_USER
        - name: NETDATA_SD_AUTH_PASS
          valueFrom:
            secretKeyRef:
              name: rabbitmq
              key: RABBITMQ_DEFAULT_PASS

Also tested that it is not broken if auth is not needed.

But still not very happy that netdata grub all secrets.

from helmchart.

But still not very happy that netdata grub all secrets.

Secrets are basically ConfigMaps with encoded values, using them to store sensitive info is not secure in general.

Using this method is an option, I think it is acceptable. If there are better ways we can add them.

from helmchart.

Works like a charm)

Great, I will:

• update other collectors' jobs to use those variables.
• update documentation.

from helmchart.

@ilyam8 Off topic... whats about redis module in sd config? Should I create another issue?

from helmchart.

Ahh, the config has no Redis. Actually nice things you mention the problem, I will add it and you will help with testing 😄

If we go with the current approach of identifying applications that is guessing by the image name... Can you share the image name of your Redis container?

from helmchart.

I've added:

containers:
    - name: redis
      image: artifactory.org/redis:6-alpine
      command:
        - redis-server
        - '--requirepass'
        - $(REDIS_PWD)
      ports:
        - name: redis
          containerPort: 6379
          protocol: TCP
      envFrom:
        - secretRef:
            name: redis
      env:
        - name: NETDATA_SD_AUTH_PASS
          valueFrom:
            secretKeyRef:
              name: redis
              key: REDIS_PWD

and in netdata-child-sd-config-map

      - tags: redis
        expr: '{{ and (eq .Port "6379") (glob .Image "redis*" "**/redis*") }}'
        
# ....

      - selector: redis
        template: |
          - module: redis
            name: redis-{{.TUID}}
            url: http://{{.Address}}
            password: "{{ get .Env "NETDATA_SD_AUTH_PASS" }}"

No success.

Seems, it accept password in url string
https://github.com/netdata/go.d.plugin/blob/master/config/go.d/redis.conf

from helmchart.

Try

          - module: redis
            name: redis-{{.TUID}}
            address: 'redis://:{{ get .Env "NETDATA_SD_AUTH_PASS" }}@{{.Address}}'

• address string format is https://github.com/netdata/go.d.plugin/tree/master/modules/redis#configuration
• service discovery available fields we can use is https://github.com/netdata/agent-service-discovery#pod-role

from helmchart.

@ilyam8 Will wait merge and make PR.
I guess #280 should be expanded to all http basic auth modules.

from helmchart.

I think all that support user/pass authentication - I gave a generic name to those env var on purpose.

from helmchart.