如何获取 MinIO 指标 (/minio/v2/metrics/cluster)?
How to get MinIO metrics (/minio/v2/metrics/cluster)?
基于第 14 页的 MinIO documentation,在 API 之后提到了 /minio/v2/metrics/cluster 和 /minio/v2/metrics/node。
但看起来这些 API 仅适用于“普罗米修斯”。我不知道如何让那些使用 python。
当然,如果我尝试向 http://<host>:<port>/minio/v2/metrics/cluster 发送请求,我会收到 403 错误:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AllAccessDisabled</Code><Message>All access to this bucket has been disabled.</Message><Resource>/minio/v2/metrics/cluster</Resource><RequestId></RequestId><HostId><uuid-here></HostId></Error>
我尝试生成预签名的 URL(就像从存储桶中获取对象一样),但即使签名结果也与上面相同。
也许有人知道要达到那个 API(s)?
以及如何在没有“Prometheus”的情况下对这些端点进行正确的身份验证?
Prometheus 只请求一个 HTTP 资源,它以纯文本格式显示指标。您可以获取普罗米修斯将使用的相同 URL 然后自己解析它。
如果您查看 this document,它描述了如何为指标端点配置身份验证。
- Configure authentication type for Prometheus metrics
MinIO supports two authentication modes for Prometheus either jwt or
public, by default MinIO runs in jwt mode. To allow public access
without authentication for prometheus metrics set environment as
follows.
export MINIO_PROMETHEUS_AUTH_TYPE="public" minio server ~/test
如果你运行它处于jwt模式(默认),下面
部分告诉您如何生成将向您展示的配置
用于身份验证的适当承载令牌:
3.1 Authenticated Prometheus config
If MinIO is configured to expose metrics without authentication, you
don't need to use mc to generate prometheus config. You can skip
reading further and move to 3.2 section.
The Prometheus endpoint in MinIO requires authentication by default.
Prometheus supports a bearer token approach to authenticate
prometheus scrape requests, override the default Prometheus config
with the one generated using mc. To generate a Prometheus config for
an alias, use mc as follows mc admin prometheus generate .
The command will generate the scrape_configs section of the
prometheus.yml as follows:
scrape_configs:
- job_name: minio-job
bearer_token: <secret>
metrics_path: /minio/v2/metrics/cluster
scheme: http
static_configs:
- targets: ['localhost:9000']
您可以只使用不记名令牌和从该配置到
访问您的指标。不记名令牌应该进入
Authorization header (Authorization: Bearer <token>).
解法:
import jwt # pyJWT
import requests
import datetime
expired_at = (datetime.datetime.now() + datetime.timedelta(days=1)).timestamp()
token = jwt.encode(
payload={
"exp": expired_at,
"sub": "<AccessKey>",
"iss": "prometheus",
},
key="<SecretKey>",
algorithm="HS512"
)
headers = {
"Authorization": f"Bearer {token.decode()}"
}
response = requests.get(
url="<schema>://<host>:<port>/minio/prometheus/metrics",
headers=headers
)
我在 https://github.com/minio/mc/blob/master/cmd/admin-prometheus-generate.go
找到的 mc 实用程序如何生成不记名令牌
URL /minio/prometheus/metrics 在调用实用程序 mc admin prometheus generate test-minio
期间被发现
基于第 14 页的 MinIO documentation,在 API 之后提到了 /minio/v2/metrics/cluster 和 /minio/v2/metrics/node。
但看起来这些 API 仅适用于“普罗米修斯”。我不知道如何让那些使用 python。
当然,如果我尝试向 http://<host>:<port>/minio/v2/metrics/cluster 发送请求,我会收到 403 错误:
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AllAccessDisabled</Code><Message>All access to this bucket has been disabled.</Message><Resource>/minio/v2/metrics/cluster</Resource><RequestId></RequestId><HostId><uuid-here></HostId></Error>
我尝试生成预签名的 URL(就像从存储桶中获取对象一样),但即使签名结果也与上面相同。
也许有人知道要达到那个 API(s)?
以及如何在没有“Prometheus”的情况下对这些端点进行正确的身份验证?
Prometheus 只请求一个 HTTP 资源,它以纯文本格式显示指标。您可以获取普罗米修斯将使用的相同 URL 然后自己解析它。
如果您查看 this document,它描述了如何为指标端点配置身份验证。
- Configure authentication type for Prometheus metrics
MinIO supports two authentication modes for Prometheus either jwt or public, by default MinIO runs in jwt mode. To allow public access without authentication for prometheus metrics set environment as follows.
export MINIO_PROMETHEUS_AUTH_TYPE="public" minio server ~/test
如果你运行它处于jwt模式(默认),下面
部分告诉您如何生成将向您展示的配置
用于身份验证的适当承载令牌:
3.1 Authenticated Prometheus config
If MinIO is configured to expose metrics without authentication, you don't need to use mc to generate prometheus config. You can skip reading further and move to 3.2 section.
The Prometheus endpoint in MinIO requires authentication by default. Prometheus supports a bearer token approach to authenticate prometheus scrape requests, override the default Prometheus config with the one generated using mc. To generate a Prometheus config for an alias, use mc as follows mc admin prometheus generate .
The command will generate the scrape_configs section of the prometheus.yml as follows:
scrape_configs: - job_name: minio-job bearer_token: <secret> metrics_path: /minio/v2/metrics/cluster scheme: http static_configs: - targets: ['localhost:9000']
您可以只使用不记名令牌和从该配置到
访问您的指标。不记名令牌应该进入
Authorization header (Authorization: Bearer <token>).
解法:
import jwt # pyJWT
import requests
import datetime
expired_at = (datetime.datetime.now() + datetime.timedelta(days=1)).timestamp()
token = jwt.encode(
payload={
"exp": expired_at,
"sub": "<AccessKey>",
"iss": "prometheus",
},
key="<SecretKey>",
algorithm="HS512"
)
headers = {
"Authorization": f"Bearer {token.decode()}"
}
response = requests.get(
url="<schema>://<host>:<port>/minio/prometheus/metrics",
headers=headers
)
我在 https://github.com/minio/mc/blob/master/cmd/admin-prometheus-generate.go
找到的 mc 实用程序如何生成不记名令牌
URL /minio/prometheus/metrics 在调用实用程序 mc admin prometheus generate test-minio