I'm deploying a spring-boot application and prometheus container through docker, and have exposed the spring-boot /actuator/prometheus endpoint successfully. However, when I enable prometheus debug logs, I can see it fails to scrape the metrics:
ts=2022-02-02T03:54:46.210Z
caller=scrape.go:1292
level=debug
component="scrape manager"
scrape_pool=spring-actuator
target=https://127.0.0.1:8443/actuator/prometheus/
msg="Scrape failed"
err="Get \"https://127.0.0.1:8443/actuator/prometheus/\": dial tcp 127.0.0.1:8443: connect: connection refused"
I'm thinking it's something to do with how I've set up my spring-boot HTTPS. I am generating a self-signed certificate during the building of my spring-boot application, using the command:
keytool
-genkey
-alias <alias>
-dname <dname>
-keyalg RSA
-keysize 4096
-storetype PKCS12
-keystore <path_to_keystore>
-validity 3650
-storepass <keystore_pass>
I then export the cert to a .pem file, and extract the .crt and .key:
openssl pkcs12 -in cert.p12 -out cert.pem -nodes -passin pass:<pass>
This is mounted through a shared volume to my prometheus container, which has a --web.config.file containing:
tls_server_config:
cert_file: /path/to/cert.crt
key_file: /path/to/cert.key
And for good measure I added insecure_skip_verify: true to the prometheus.yml config:
- job_name: 'spring-actuator'
metrics_path: '/actuator/prometheus/'
scrape_interval: 60s
scheme: https
static_configs:
- targets: [ '127.0.0.1:8443' ]
tls_config:
insecure_skip_verify: true
Ok, I think I found my problem. I made two changes:
First, I moved the contents of the web.config.file into the prometheus.yml file under the 'spring-actuator'.
Then I changed the target to use the hostname for my backend container, rather than 127.0.0.1.
The end result was a single prometheus.yml file:
- job_name: 'spring-actuator'
metrics_path: '/actuator/prometheus/'
scrape_interval: 60s
scheme: https
static_configs:
- targets: [ 'backend:8443' ]
tls_config:
cert_file: /path/to/cert.crt
key_file: /path/to/cert.key
insecure_skip_verify: true
So just some silly mistakes, not caused by the certs from what I can see. :)
Below is the critical part to debug the issue
target=https://127.0.0.1:8443/actuator/prometheus/
msg="Scrape failed"
err="Get \"https://127.0.0.1:8443/actuator/prometheus/\": dial tcp 127.0.0.1:8443: connect: connection refused"
It states that scrape has failed as it unable to connect to the target server. As the target server 127.0.0.1:8443 then it is expected to be in the same host where Prometheus is running.
Prometheus retrieval job, also called the scraper, pulls data from target services, aggregates it, and passes it to the database. Prometheus takes a list of scraping targets (IP addresses and ports) from a static list (or a file) called static_configs present in Prometheus YAML-based configuration file. More complex dynamic environments, where new instances might be brought up at any time, use service discovery mechanisms, which provide a list of machines to monitor and presents information of how these machines are organized.
When Prometheus scrapes a target, it attaches some labels automatically to the scraped time series which serve to identify the scraped target.
up{job="<job-name>", instance="<instance-id>"}: 1 if the instance is healthy, i.e. reachable, or 0 if the scrape failed.
job: The configured job name that the target belongs
instance: The : part of the target's URL that was scraped.
Configuring Prometheus instances
When Prometheus is running in localhost or same host.
scrape_configs:
- job_name: node
static_configs:
- targets: ['localhost:9100']
When Prometheus is running in different environment or host
scrape_configs:
- job_name: prometheus
static_configs:
- targets: ["localhost:9090"]
- job_name: eventservice
static_configs:
- targets: ["events:9090"]
- job_name: bookingservice
static_configs:
- targets: ["bookings:9090"]
When running in multiple ports using IPs
static_configs:
- targets: ['192.168.1.117:':8080', '192.168.1.117:8081']
TLS Config
TLS is used for establishing a secure, private transport between the Prometheus instance and scrape targets. By default, the Prometheus instance attempts to verify the certificate exposed by the scrape targets against its trust store, for establishing authenticity of the scrape targets.
scrape_configs:
- job_name: 'node'
scheme: https
tls_config:
# Prometheus will check that the node_exporter presents a certificate
# signed by this ca.
ca_file: 'ca.crt'
# The cert and key are presented to node_exporter to authenticate
# Prometheus as a client.
cert_file: 'client.crt'
key_file: 'client.key'
static_configs:
- targets: ['myserver.net:443']
Related
I am running a Docker bundle with these images on my server
- SpringBoot app : PORT 18081
- Granafa : PORT 3001
- PostgreSQL : PORT 5432
- Prometheus : PORT 9090
and I would like to set up Prometheus to scrape from Springboot with this prometheus.yml configuration:
#My global config
global:
scrape_interval: 15s
evaluation_interval: 15s
alerting:
alertmanagers:
- static_configs:
- targets:
# - alertmanager:9093
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
scrape_configs:
- job_name: prometheus
static_configs:
- targets: ['localhost:9090']
- job_name: spring-actuator
scrape_interval: 5s
scrape_timeout: 5s
metrics_path: /actuator/prometheus
scheme: http
static_configs:
- targets: ['172.30.0.9:18081']
where 172.30.0.9 is the docker internal IP for my SpringBoot application obtained with this command:
docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' <container-id>
I checked the Prometheus Dashboard on ip:9090 and I was able to observe that the prometheus job is succesfully scrapped, but not the endpoint from the Spring application.
However, if I perform a curl on the VM machine curl http://172.30.0.9:18081/actuator/prometheus, I succesfully returns all the prometheus metrics.
I have tried to set as target:
localhost:18081
external_ip:18081
container-name:18081
host.docker.internal:18081
but Prometheus is still not accessing the endpoint as expected.
Did I miss anything to configure?
I see some things you may remove since they are redundant, you can try and use the following for scrape_configs (prometheus self-scrape is not necessary as well as some settings - since you defined global):
scrape_configs:
- job_name: 'spring-actuator'
metrics_path: '/actuator/prometheus'
static_configs:
- targets: ['172.30.0.9:18081']
There might be some layout issue.
Please note: my prometheus is running using ubuntu terminal and my springboot application is running on windows. Seems like my ubuntu is not able to connect with the localhost of windows.
I have created springboot metrics using "actuator" and my metrics are being exposed at "http/localhost:8080/actuator/prometheus".
My application.yml configuration in my springboot application looks like this:
management:
endpoints:
web:
exposure:
include: prometheus
The configuration file of prometheus i.e. prometheus.yml is as below:
scrape_configs:
# The job name is added as a label `job=<job_name>` to any timeseries scraped from
this config.
- job_name: "services"
static_configs:
- targets: ["localhost:8080"]
metrics_path: '/actuator/prometheus'
Despite this configuration, i see "target" as down in prometheus interface. It says Get "http://localhost:8080/actuator/prometheus": dial tcp 127.0.0.1:8080: connect: connection refused . Why is prometheus not able to pick the metrics at localhost?
I have started working on the Prometheus for my microservices. I was able to achieve it initially. Now, it's time to push the actuator endpoint under the spring security. After adding the security actuator is expecting the bearer token from the Prometheus. So, how to configure the username and password in the Prometheus job so that Prometheus will get the bearer token from the login and add it as the 'Authorization' in the header for all the requests.
I'm running the Prometheus in the docker container using the commands below
1. $ docker run --name prometheus -p 9090:9090 -v prometheus.yml:/etc/prometheus/prometheus.yml -d prom/prometheus
2. $ docker run --name grafana -d -p 3000:3000 grafana/grafana
Following is the prometheus.yml file
# my global config
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
# scrape_timeout is set to the global default (10s).
# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
# The job name is added as a label `job=<job_name>` to any time series scraped from this config.
- job_name: 'prometheus'
# metrics_path defaults to '/metrics'
# scheme defaults to 'http'.
static_configs:
- targets: ['127.0.0.1:9090']
- job_name: 'NL-APPLICATION'
metrics_path: '/actuator/prometheus'
scrape_interval: 5s
scheme: http
static_configs:
- targets: ['172.17.0.1:8085']
- job_name: 'NL-ADMIN-API'
metrics_path: '/actuator/prometheus'
scrape_interval: 5s
static_configs:
- targets: ['172.17.0.1:8083']
How to Instruct Prometheus to do as follow
API call to '/login' get the Bearer token using username and password
Add the Bearer token as the 'Authorization' as a header in all actuator API call
You can either specify as a file or add the token to the config
- job_name: 'test'
metrics_path: "/metrics"
scheme: "http"
bearer_token_file: /var/run/secrets/ OR bearer_token: token_here
static_configs:
- targets: ['host.com']
I want to use Prometheus with my spring boot project, I'm new in Prometheus that way i do not know why I get error describe in picture
My prometheus.yml like below
global:
scrape_interval: 10s
scrape_configs:
- job_name: 'spring_micrometer'
metrics_path: '/actuator/prometheus'
scrape_interval: 5s
static_configs:
- targets: ['192.168.43.71:8080/app']
I run prometheus by this command docker run -d -p 9090:9090 -v <path-to-prometheus.yml>:/etc/prometheus/prometheus.yml prom/prometheus
I notice my ip not show in Prometheus targets page :
Normally Endpoint IP must be like 192.168.43.71:8080/app/actuator/prometheus but I get http://localhost:9090/metrics and when I click in it, i get error describe in picture 1
What I do wrong ?!, anyone can help me to resolve this issue and thanks.
You cannot do this - targets: ['192.168.43.71:8080/app']. Try the following:
global:
scrape_interval: 10s
scrape_configs:
- job_name: 'spring_micrometer'
metrics_path: '/app/actuator/prometheus/metrics'
scrape_interval: 5s
static_configs:
- targets: ['192.168.43.71:8080']
Why does your config not work? Take a look at the config docs here: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#host
targets is a collection of host and host must be a "valid string consisting of a hostname or IP followed by an optional port number".
Can't for the life of me figure out why I'm getting this error for one of the applications I'm trying to scrape. I have the following prometheus.yml:
# prometheus.yml
global:
scrape_interval: 5s
external_labels:
monitor: 'my-monitor'
scrape_configs:
- job_name: 'prometheus'
metrics_path: /metrics
static_configs:
- targets: ['localhost:9090']
- job_name: 'app'
metrics_path: /custom_metrics
static_configs:
- targets: ['host.docker.internal:8888']
basic_auth:
username: user
password: pass
- job_name: 'otherapp'
metrics_path: /custom_metrics
static_configs:
- targets: ['host.docker.internal:8081']
basic_auth:
username: admin
password: admin
I'm running prometheus with docker and both applications are running on my local host. 'app' is being scraped fine but I'm seeing the following in the targets section of the Prometheus UI:
I've run the above configuration against promtool check config with no complaints and I've also run the metrics from both of my applications through promtool check metrics with no complaints other than warnings about missing 'help'
I can hit the urls from the screen shot locally just fine and use the basic_auth username and pass from the config to see the metrics.
At this point I'm at a loss as to how to proceed. Is there something wrong with my config? Is there something that might be wrong with my metrics that promtool wouldn't catch?
One of my applications was configuring Spring Security to use basic auth and the other wasn't. The one that wasn't was showing
“INVALID” is not a valid start token
Until I added the following to my security configuration
.httpBasic()
I was surprised an authentication issue would have surfaced this way based on everything I had read about this error so maybe this will help others who are also surprised by this in the future.
If anyone else encounters this issue, check if your app gzip compresses the metrics response. I didn't notice this, since curl does not add the Accept-Encoding header to the request by default.
After adding the encoding header, I realized that the metrics were actually compressed and the promtool check failed:
curl -s -H 'Accept-Encoding: gzip,deflate' http://localhost:8000/metrics | promtool check metrics
I removed the gzip compression from the /metrics endpoint and it worked.