tls_config insecure_skip_verify not working on SD file

[andrew...@gmail.com]

Hi Guys,

I'm trying to leverage file_sd_configs for our single hostname target with multiple metric_path. Though I was able to run the Prometheus server w/o any errors but unfortunately the Targets were down with "x509: certificate signed by unknown authority" errors.

Here's my basics config: prometheus.yml

scrape_configs:

  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.

  - job_name: 'prometheus'

    # metrics_path defaults to '/metrics'

    # scheme defaults to 'http'.

    static_configs:

    - targets: ['localhost:9090']

  - job_name: 'Actuators'  # This will be overridden in targets.yml

    file_sd_configs:

      - files:

        - targets.yml

======================================================================================

targets.yml:

- targets: ['host.domain.com:443']

  labels:

    job: Target01

    __metrics_path__: /apps01/actuator/prometheus

    __scheme__: https

    __insecure_skip_verify__: true

- targets: ['host.domain.com:443']

  labels:

    job: Target02

    __metrics_path__: /apps02/actuator/prometheus

    __scheme__: https

    __insecure_skip_verify__: true

==========================================================================================

Any help would be greatly appreciated.

TIA!

Andrew

[Simon Pasquier]

insecure_skip_verify can't be overridden by relabelling. You'd need to
configure it at the scrape configuration's level.

> --
> You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
> To post to this group, send email to promethe...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/6ccef598-813e-4de7-822b-4236c873d32e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[andrew...@gmail.com]

Hi Simon,

Thank you for responding to my question. Is it something like this?

- job_name: 'Actuators'  # This will be overridden in targets.yml 

    scheme: https

    tls_config:

      insecure_skip_verify: true

  file_sd_configs: 
  - files: 
    - targets.yml 

target.yml:

 - targets: ['host.domain.com:443'] 
   labels: 
     job: Target01 
     __metrics_path__: /apps01/actuator/prometheus 
     __scheme__: https 

Regards,

Andrew

> To unsubscribe from this group and stop receiving emails from it, send an email to promethe...@googlegroups.com.

[Christian Hoffmann]

Hi Andrew,

On 3/30/19 3:29 AM, andrew...@gmail.com wrote:
> Thank you for responding to my question. Is it something like this?
>
> - job_name: 'Actuators'  # This will be overridden in targets.yml 
>     scheme: https
>     tls_config:
>       insecure_skip_verify: true
>   file_sd_configs: 
>   - files: 
>     - targets.yml 
>
> target.yml:
>
>  - targets: ['host.domain.com:443'] 
>    labels: 
>      job: Target01 
>      __metrics_path__: /apps01/actuator/prometheus 
>      __scheme__: https 

This looks good. Have you tried it? Are there any problems?

Kind regards,
Christian

[Alejandro Larioza]

Hi Christian,

I just had the chance to validate it today and it works like a charm! Thanks for the help.

Regards,

Andrew

--

Andrew D. Larioza