In this quick guide, find out how to set up TLS (transport layer security) and authentication on node exporter. For other DevOps-related queries and information, visit our devops services.
Setting up TLS and Authentication on Node Exporter
To set up TLS and authorization for Node Exporter and Grafana, you will need to follow these general steps:
- Generate TLS certificates
- Configure Node Exporter to use TLS
- Configure Node Exporter to require client authentication
- Configure Grafana to use TLS
- Configure Grafana to require client authentication
- Create user accounts in Grafana
- Assign roles and permissions to users
Here are more detailed instructions for each step:
1. Generate TLS certificates
- You can generate a self-signed certificate or obtain a certificate from a trusted CA.
- For creating a self-signed certificate, use OpenSSL. Here's an example command:
| openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem |
- This command generates a key pair and a self-signed certificate valid for 365 days.
2. Configure Node Exporter to use TLS
- Node Exporter is typically run as a service, so you'll need to modify the service configuration file.
- Edit the service file (/etc/systemd/system/node_exporter.service) to add the following flags:
| --tls.cert-file=/path/to/cert.pem --tls.key-file=/path/to/key.pem |
- Restart the Node Exporter service for the changes to take effect.
3. Configure Node Exporter to require client authentication
- Add the following flag to the Node Exporter service file:
| --tls.client-auth=verify |
- This flag tells Node Exporter to require clients to authenticate with a valid certificate.
4. Configure Grafana to use TLS
- Edit the Grafana configuration file (/etc/grafana/grafana.ini) and set the following values:
[server] protocol = https cert_file = /path/to/cert.pem cert_key = /path/to/key.pem |
- Now, you need to Restart the Grafana service for changes to implement.
5. Configure Grafana to require client authentication
- Edit the Grafana configuration file and add the following values:
| [auth.proxy] enabled = true header_name = X-WEBAUTH-USER header_property = username |
- These values tell Grafana to use proxy authentication and look for the X-WEBAUTH-USER header to get the username.
6. Create user accounts in Grafana
- Open Grafana in your web browser and log in as the default admin user (admin/admin).
- Create user accounts for each user who will access Grafana.
7. Assign roles and permissions to users
- In Grafana, go to the "Users" page and click on a user to edit their permissions.
- Assign the user to one or more organizations and specify their role (e.g. Viewer, Editor, or Admin).
- Grant the user access to one or more dashboards or data sources.
To configure SMTP credentials in the grafana.ini file, you will need to follow these steps:
- Open the grafana.ini file in a text editor. The default location of the file is /etc/grafana/grafana.ini.
- Locate the [smtp] section in the file. If it does not exist, you can add it to the bottom of the file.
- Update the following fields with your SMTP server information:
- enabled: Set this to true to enable SMTP email notifications.
- host: Set this to the hostname or IP address of your SMTP server.
- port: Set this to the port number used by your SMTP server. 25 is the SMPT's default port.
- user: Set this to the username for your SMTP account.
- password: Set this to the password for your SMTP account.
- from_address: Set this to the email address that will be used as the sender for email notifications.
- Save the grafana.ini file.
- Restart the Grafana server for the changes to take effect.
Here's an example of how the [smtp] section in grafana.ini might look:
| [smtp] enabled = true host = smtp.example.com:587 user = your_username password = your_password from_address = [email protected] |
For more information related to DevOps services, connect with our skilled DevOps engineers.
November 21, 2024 at 01:11 pm
Your comment is awaiting moderation.