Solace Exporter For Prometheus

Hi Team

We are currently implementing Solace exporter for monitoring solace brokers through Prometheus. We got the github repo for exporter, however we are not clear whether its mandatory to install this exporter on the Solace appliance as it might be a security risk as per our infosec team. Can we install exporter on Prometheus host and configure the Solace hosts that need to be monitored? Also, will there be any delay when we fetch the metrics with exporter?

Thanks in Advance

Tagged:

Comments

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin

    ++ @GreenRover

    How are you guys deploying it if you don't mind sharing?

  • GreenRover
    GreenRover Member Posts: 22 ✭✭

    Hi we use 2 methodes:

    for onPrem broker we have the exporter running as normal docker pod on the same host as the monitoring broker.

    But the main setup is a centralized kubernetes based:

    https://github.com/solacecommunity/solace-prometheus-exporter/tree/issue/43_nginx_example/examples/nginx_reverse_proxy

  • nag_devops
    nag_devops Member Posts: 4

    @GreenRover

    Thank You for reply. We are also having our Prometheus setup in Kubernetes and we will use nginx reverse proxy setup to avoid exposing credentials. At this stage, We are more concerned of installation of exporter on broker appliance. Is there any other way around ?

    Thanks in Advance.

  • GreenRover
    GreenRover Member Posts: 22 ✭✭

    I dont have an appliance. So i can not help you with it.

    Solace still refuse to donate me an appliance;-)

  • nag_devops
    nag_devops Member Posts: 4

    @GreenRover

    Thank You for your reply. For POC we got a on-prem broker hosted on a VM. In this case, do we still need to install exporter on the VM or installing on Prometheus host willl work?


    Thanks in Advance.

  • GreenRover
    GreenRover Member Posts: 22 ✭✭

    You are free where you like to install the exporter. I prefer a 3rd host, but this is just me

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin

    @nag_devops in general when it comes to monitoring an external host is preferred to isolate the monitoring tool from the software you are trying to monitor. I would use this approach with the agent here and deploy on a separate vm/container/machine.

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin

    Solace still refuse to donate me an appliance;-)

    LOL @GreenRover, if you figure out how to get one let me know! It would be pretty useful to heat my house in the winter as well 🤣

  • GreenRover
    GreenRover Member Posts: 22 ✭✭

    @marc i have a real use case. My home automatisation is currently operated with a mosquito mqtt server on a raspberry pi 4. A solace appliance would be a great replacement ;-)

  • GreenRover
    GreenRover Member Posts: 22 ✭✭

    Prometheus also adviced to separate prometheus core from exporter

  • nag_devops
    nag_devops Member Posts: 4

    Hi @GreenRover & @marc

    Thanks a lot for your valuable inputs. We are able to implement solace exporter for monitoring solace appliance. Now, the critical part, the credentials of solace appliance that we pass in ini file are in plain text and our solace engg team is asking for a way to pass encrypted credentials. Is there any way to do it?

    TIA

  • GreenRover
    GreenRover Member Posts: 22 ✭✭

    @nag_devops the solace broker needs credentials to authentification.

    There for a clear no.

    Where do you see the risks when following best practice:

    • use a dedicated read only user for monitoring
    • keep your configuration .ini file or nginx proxy config secure.

    2.) Please discuss those things on github. https://github.com/solacecommunity/solace-prometheus-exporter