Note
This feature is available starting from the MCP 2019.2.7 maintenance update. Before using the feature, follow the steps described in Apply maintenance updates.
You can configure basic authentication to access Prometheus and Alertmanager web UI through the proxy nodes that are available if external access to cloud resources is enabled in your OpenStack deployment.
This section describes how to configure authentication for Prometheus and Alertmanager by defining new passwords instead of the default ones on the existing MCP deployments updated to 2019.2.7. For new clusters starting from the MCP 2019.2.7 maintenance update, you define custom credentials for Prometheus and Alertmanager during the cluster creation.
To configure authentication for Prometheus and Alertmanager:
Log in to the Salt Master node.
Obtain user names and passwords:
For Alertmanager:
salt -C 'I@horizon:server' pillar.get _param:nginx_proxy_prometheus_alertmanager_password
salt -C 'I@horizon:server' pillar.get _param:nginx_proxy_prometheus_alertmanager_user
For Prometheus:
salt -C 'I@horizon:server' pillar.get _param:nginx_proxy_prometheus_server_user
salt -C 'I@horizon:server' pillar.get _param:nginx_proxy_prometheus_server_password
Change the default credentials for Prometheus and Alertmanager:
Open the classes/cluster/<cluster_name>/stacklight/proxy.yml
file for
editing.
Specify new passwords using the following parameters:
parameters:
_param:
nginx_proxy_prometheus_alertmanager_password: <password>
nginx_proxy_prometheus_server_password: <password>
Optional. Specify new user names using the following parameters:
parameters:
_param:
nginx_proxy_prometheus_alertmanager_user: <user_name>
nginx_proxy_prometheus_server_user: <user_name>
On all proxy nodes, synchronize Salt modules and apply the nginx
state.
For example:
salt 'prxNode01*' saltutil.sync_all
salt 'prxNode01*' state.sls nginx
Verify authentication through the proxy nodes. For example:
salt 'prxNode01*' pillar.get _param:cluster_vip_address
salt 'prxNode01*' pillar.get nginx:server:site:nginx_proxy_prometheus_server:proxy:port
salt 'prxNode01*' pillar.get nginx:server:site:nginx_proxy_prometheus_alertmanager:proxy:port
curl https://<cluster_vip_address>:<prometheus_server_port>
curl -u <username>:<password> https://<cluster_vip_address>:<prometheus_server_port>