Solace Exporter For Prometheus
Hi Team
We are currently implementing Solace exporter for monitoring solace brokers through Prometheus. We got the github repo for exporter, however we are not clear whether its mandatory to install this exporter on the Solace appliance as it might be a security risk as per our infosec team. Can we install exporter on Prometheus host and configure the Solace hosts that need to be monitored? Also, will there be any delay when we fetch the metrics with exporter?
Thanks in Advance
Comments
-
++ @GreenRover
How are you guys deploying it if you don't mind sharing?
0 -
Hi we use 2 methodes:
for onPrem broker we have the exporter running as normal docker pod on the same host as the monitoring broker.
But the main setup is a centralized kubernetes based:
0 -
Thank You for reply. We are also having our Prometheus setup in Kubernetes and we will use nginx reverse proxy setup to avoid exposing credentials. At this stage, We are more concerned of installation of exporter on broker appliance. Is there any other way around ?
Thanks in Advance.
0 -
I dont have an appliance. So i can not help you with it.
Solace still refuse to donate me an appliance;-)
2 -
Thank You for your reply. For POC we got a on-prem broker hosted on a VM. In this case, do we still need to install exporter on the VM or installing on Prometheus host willl work?
Thanks in Advance.
0 -
You are free where you like to install the exporter. I prefer a 3rd host, but this is just me
1 -
@nag_devops in general when it comes to monitoring an external host is preferred to isolate the monitoring tool from the software you are trying to monitor. I would use this approach with the agent here and deploy on a separate vm/container/machine.
0 -
Solace still refuse to donate me an appliance;-)
LOL @GreenRover, if you figure out how to get one let me know! It would be pretty useful to heat my house in the winter as well 🤣
0 -
@marc i have a real use case. My home automatisation is currently operated with a mosquito mqtt server on a raspberry pi 4. A solace appliance would be a great replacement ;-)
2 -
Prometheus also adviced to separate prometheus core from exporter
1 -
Hi @GreenRover & @marc
Thanks a lot for your valuable inputs. We are able to implement solace exporter for monitoring solace appliance. Now, the critical part, the credentials of solace appliance that we pass in ini file are in plain text and our solace engg team is asking for a way to pass encrypted credentials. Is there any way to do it?
TIA
0 -
@nag_devops the solace broker needs credentials to authentification.
There for a clear no.
Where do you see the risks when following best practice:
- use a dedicated read only user for monitoring
- keep your configuration .ini file or nginx proxy config secure.
2.) Please discuss those things on github. https://github.com/solacecommunity/solace-prometheus-exporter
1
