132 lines
2.8 KiB
Markdown
132 lines
2.8 KiB
Markdown
# freeipa-health-metrics
|
|
|
|
A prometheus/influxdb exporter for FreeIPA metrics to provide indication of cluster health.
|
|
|
|
Requirements:
|
|
|
|
- FreeIPA 4 or later
|
|
- Golang 1.20 or later
|
|
- FreeIPA user with admin privileges
|
|
|
|
## Install
|
|
|
|
You can install either by downloading the latest binary release or by building.
|
|
|
|
### Building
|
|
|
|
Building should be as simple as running:
|
|
|
|
```bash
|
|
go build
|
|
```
|
|
|
|
### Running as a service
|
|
|
|
You are likely going to want to run the exporter as a service to ensure it runs at boot and restarts in case of failures. Below is an example service config file you can place in `/etc/systemd/system/freeipa-health-metrics.service` on a linux system to run as a service if you install the binary in `/usr/local/bin/`.
|
|
|
|
```systemd
|
|
[Unit]
|
|
Description=FreeIPA Health Metrics
|
|
After=network.target
|
|
StartLimitIntervalSec=500
|
|
StartLimitBurst=5
|
|
|
|
[Service]
|
|
ExecStart=/usr/local/bin/freeipa-health-metrics
|
|
ExecReload=/bin/kill -s HUP $MAINPID
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
```
|
|
|
|
Once the service file is installed, you can run the following to start it:
|
|
|
|
```bash
|
|
systemctl daemon-reload
|
|
systemctl start freeipa-health-metrics.service
|
|
```
|
|
|
|
## Config
|
|
|
|
The default configuration paths are:
|
|
|
|
- `./config.yaml` - A file in the current working directory.
|
|
- `~/.config/freeipa-health-metrics/config.yaml` - A file in your home directory's config path.
|
|
- `/etc/ipa/freeipa-health-metrics.yaml` - A file in the IPA config folder.
|
|
|
|
### For local monitoring
|
|
|
|
```yaml
|
|
---
|
|
ldap:
|
|
insecure_skip_verify: true
|
|
connect_method: Secure
|
|
base_dn: dc=example,dc=com
|
|
bind_dn: uid=freeipa-health-metrics,cn=users,cn=accounts,dc=example,dc=com
|
|
bind_password: PASSWORD
|
|
|
|
freeipa:
|
|
krb5_realm: EXAMPLE.COM
|
|
insecure_skip_verify: true
|
|
username: freeipa-health-metrics
|
|
password: PASSWORD
|
|
```
|
|
|
|
### For remote monitoring
|
|
|
|
```yaml
|
|
---
|
|
hostname: ipa1.example.com
|
|
ldap:
|
|
insecure_skip_verify: true
|
|
connect_method: Secure
|
|
base_dn: dc=example,dc=com
|
|
bind_dn: uid=freeipa-health-metrics,cn=users,cn=accounts,dc=example,dc=com
|
|
bind_password: PASSWORD
|
|
|
|
freeipa:
|
|
krb5_realm: EXAMPLE.COM
|
|
insecure_skip_verify: true
|
|
username: freeipa-health-metrics
|
|
password: PASSWORD
|
|
|
|
# Disable metrics which only work locally.
|
|
disabled_metrics:
|
|
- krb5_auth
|
|
- krb5_workers
|
|
- proxy_secret
|
|
- group_members
|
|
- ipa_cert_auto_renew
|
|
- ldap_cert_auto_renew
|
|
```
|
|
|
|
### Output to InfluxDB only
|
|
|
|
```yaml
|
|
---
|
|
ldap:
|
|
insecure_skip_verify: true
|
|
connect_method: Secure
|
|
base_dn: dc=example,dc=com
|
|
bind_dn: uid=freeipa-health-metrics,cn=users,cn=accounts,dc=example,dc=com
|
|
bind_password: PASSWORD
|
|
|
|
freeipa:
|
|
krb5_realm: EXAMPLE.COM
|
|
insecure_skip_verify: true
|
|
username: freeipa-health-metrics
|
|
password: PASSWORD
|
|
|
|
influx_output:
|
|
frequency: 5m
|
|
influx_server: http://example.com:8086
|
|
token: INFLUX_TOKEN
|
|
org: company
|
|
bucket: freeipa
|
|
|
|
http:
|
|
enabled: false
|
|
```
|