2.8 KiB
2.8 KiB
freeipa-health-metrics
A prometheus/influxdb exporter for FreeIPA metrics to provide indication of cluster health.
Requirements:
- FreeIPA 4 or later
- Golang 1.20 or later
- FreeIPA user with admin privileges
Install
You can install either by downloading the latest binary release or by building.
Building
Building should be as simple as running:
go build
Running as a service
You are likely going to want to run the exporter as a service to ensure it runs at boot and restarts in case of failures. Below is an example service config file you can place in /etc/systemd/system/freeipa-health-metrics.service
on a linux system to run as a service if you install the binary in /usr/local/bin/
.
[Unit]
Description=FreeIPA Health Metrics
After=network.target
StartLimitIntervalSec=500
StartLimitBurst=5
[Service]
ExecStart=/usr/local/bin/freeipa-health-metrics
ExecReload=/bin/kill -s HUP $MAINPID
Restart=on-failure
RestartSec=5s
[Install]
WantedBy=multi-user.target
Once the service file is installed, you can run the following to start it:
systemctl daemon-reload
systemctl start freeipa-health-metrics.service
Config
The default configuration paths are:
./config.yaml
- A file in the current working directory.~/.config/freeipa-health-metrics/config.yaml
- A file in your home directory's config path./etc/ipa/freeipa-health-metrics.yaml
- A file in the IPA config folder.
For local monitoring
---
ldap:
insecure_skip_verify: true
connect_method: Secure
base_dn: dc=example,dc=com
bind_dn: uid=freeipa-health-metrics,cn=users,cn=accounts,dc=example,dc=com
bind_password: PASSWORD
freeipa:
krb5_realm: EXAMPLE.COM
insecure_skip_verify: true
username: freeipa-health-metrics
password: PASSWORD
For remote monitoring
---
hostname: ipa1.example.com
ldap:
insecure_skip_verify: true
connect_method: Secure
base_dn: dc=example,dc=com
bind_dn: uid=freeipa-health-metrics,cn=users,cn=accounts,dc=example,dc=com
bind_password: PASSWORD
freeipa:
krb5_realm: EXAMPLE.COM
insecure_skip_verify: true
username: freeipa-health-metrics
password: PASSWORD
# Disable metrics which only work locally.
disabled_metrics:
- krb5_auth
- krb5_workers
- proxy_secret
- group_members
- ipa_cert_auto_renew
- ldap_cert_auto_renew
Output to InfluxDB only
---
ldap:
insecure_skip_verify: true
connect_method: Secure
base_dn: dc=example,dc=com
bind_dn: uid=freeipa-health-metrics,cn=users,cn=accounts,dc=example,dc=com
bind_password: PASSWORD
freeipa:
krb5_realm: EXAMPLE.COM
insecure_skip_verify: true
username: freeipa-health-metrics
password: PASSWORD
influx_output:
frequency: 5m
influx_server: http://example.com:8086
token: INFLUX_TOKEN
org: company
bucket: freeipa
http:
enabled: false