-
Notifications
You must be signed in to change notification settings - Fork 103
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
adjust monitoring for container host/server container
- Loading branch information
Showing
1 changed file
with
52 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -97,7 +97,7 @@ The Prometheus software is also available for {productname} Proxy and {productna | |
|
|
||
| [IMPORTANT] | ||
| ==== | ||
| * To access a shell inside the Server container run [literal]``mgrctl term`` on the container host. | ||
| * To access a shell inside the Server container run [literal]``mgrctl term`` on the container host, or to execute one command run [literal]``mgrctl exec <options> -- <command>``. | ||
| * To copy files from inside the container use [literal]``mgrctl cp``. | ||
| ==== | ||
|
|
@@ -579,15 +579,58 @@ This section demonstrates how to generate client/server certificates for Prometh | |
|
|
||
| .Procedure: Creating server/client TLS certificate | ||
|
|
||
| . On the {productname} Server, at the command prompt, run following command: | ||
| . At the command prompt of the {productname} container host, as root, run the following commands: | ||
|
|
||
| + | ||
|
|
||
| -- | ||
| .. To generate certificate files, run the following command. | ||
|
|
||
| + | ||
|
|
||
| Ensure that the [systemitem]``set-cname`` parameter is the fully qualified domain name (FQDN) of your Salt client. | ||
| You can use the the [systemitem]``set-cname`` parameter multiple times if you require multiple aliases: | ||
|
|
||
| + | ||
|
|
||
| ---- | ||
| rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \ | ||
| --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \ | ||
| --set-org-unit="ORGANIZATION UNIT" --set-email="[email protected]" \ | ||
| --set-hostname="minion.example.com" --set-cname="minion.example.com" --no-rpm | ||
| mgrctl exec -ti -- mgr-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \ | ||
| --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \ | ||
| --set-org-unit="ORGANIZATION UNIT" --set-email="[email protected]" \ | ||
| --set-hostname="minion.example.com" --set-cname="minion.example.com" --no-rpm | ||
| ---- | ||
| Ensure that the [systemitem]``set-cname`` parameter is the fully qualified domain name (FQDN) of your Salt client. | ||
| You can use the the [systemitem]``set-cname`` parameter multiple times if you require multiple aliases. | ||
|
|
||
| . Copy ``server.crt`` and ``server.key`` files to the Salt minion and provide read access for ``prometheus`` user. | ||
| + | ||
|
|
||
| Resulting in: | ||
|
|
||
| + | ||
|
|
||
| ---- | ||
| Generating the web server's SSL private key: /root/ssl-build/minion/server.key | ||
| Generating web server's SSL certificate request: /root/ssl-build/minion/server.csr | ||
| Generating/signing web server's SSL certificate: server.crt | ||
| ---- | ||
|
|
||
| .. Copy [path]``server.crt`` and [path]``server.key`` files from the server container to the host: | ||
|
|
||
| + | ||
|
|
||
| ---- | ||
| mgrctl cp server:/root/ssl-build/minion/server.key server.key | ||
| mgrctl cp server:/root/ssl-build/minion/server.crt server.crt | ||
| ---- | ||
|
|
||
| .. Copy [path]``server.crt`` and [path]``server.key`` files from the host to the monitoring client: | ||
|
|
||
| + | ||
|
|
||
| ---- | ||
| ssh minion.example.com 'mkdir /etc/ssl/mlm-server-certs' | ||
| scp /root/server.* minion.example.com:/etc/ssl/mlm-server-certs | ||
| ssh minion.example.com 'chmod go+r /etc/ssl/mlm-server-certs/server.*; ls -la /etc/sslmlm-server-certs' | ||
| ---- | ||
|
|
||
| -- | ||
|
|
||
| . While configuring Salt minion formular, use minion.example.com as client and mlm-server-certs as directory. | ||