Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

adjust monitoring for container host/server container #3750

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

adjust monitoring for container host/server container #3750

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 52 additions & 9 deletions modules/administration/pages/monitoring.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ The Prometheus software is also available for {productname} Proxy and {productna

[IMPORTANT]
====
* To access a shell inside the Server container run [literal]``mgrctl term`` on the container host.
* To access a shell inside the Server container run [literal]``mgrctl term`` on the container host, or to execute one command run [literal]``mgrctl exec <options> -- <command>``.

* To copy files from inside the container use [literal]``mgrctl cp``.
====
Expand Down Expand Up @@ -579,15 +579,58 @@ This section demonstrates how to generate client/server certificates for Prometh

.Procedure: Creating server/client TLS certificate

. On the {productname} Server, at the command prompt, run following command:
. At the command prompt of the {productname} container host, as root, run the following commands:

+

--
.. To generate certificate files, run the following command.

+

Ensure that the [systemitem]``set-cname`` parameter is the fully qualified domain name (FQDN) of your Salt client.
You can use the the [systemitem]``set-cname`` parameter multiple times if you require multiple aliases:

+

----
rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \
--set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \
--set-org-unit="ORGANIZATION UNIT" --set-email="[email protected]" \
--set-hostname="minion.example.com" --set-cname="minion.example.com" --no-rpm
mgrctl exec -ti -- mgr-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \
--set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \
--set-org-unit="ORGANIZATION UNIT" --set-email="[email protected]" \
--set-hostname="minion.example.com" --set-cname="minion.example.com" --no-rpm
----
Ensure that the [systemitem]``set-cname`` parameter is the fully qualified domain name (FQDN) of your Salt client.
You can use the the [systemitem]``set-cname`` parameter multiple times if you require multiple aliases.

. Copy ``server.crt`` and ``server.key`` files to the Salt minion and provide read access for ``prometheus`` user.
+

Resulting in:

+

----
Generating the web server's SSL private key: /root/ssl-build/minion/server.key
Generating web server's SSL certificate request: /root/ssl-build/minion/server.csr
Generating/signing web server's SSL certificate: server.crt
----

.. Copy [path]``server.crt`` and [path]``server.key`` files from the server container to the host:

+

----
mgrctl cp server:/root/ssl-build/minion/server.key server.key
mgrctl cp server:/root/ssl-build/minion/server.crt server.crt
----

.. Copy [path]``server.crt`` and [path]``server.key`` files from the host to the monitoring client:

+

----
ssh minion.example.com 'mkdir /etc/ssl/mlm-server-certs'
scp /root/server.* minion.example.com:/etc/ssl/mlm-server-certs
ssh minion.example.com 'chmod go+r /etc/ssl/mlm-server-certs/server.*; ls -la /etc/sslmlm-server-certs'
----

--

. While configuring Salt minion formular, use minion.example.com as client and mlm-server-certs as directory.
Loading