Https issue when using prometheus federation
296 views
Skip to first unread message
Shi Yan
Jul 19, 2022, 1:13:38 AM7/19/22
to Prometheus Users
I am trying to configure the prometheus federation, but the target is not up and the only error I can see is `read: connection reset by peer`
The scrape_config I've added is as follows:
- job_name: federate
scrape_interval: 30s
scrape_timeout: 15s
scheme: https
honor_labels: true
metrics_path: "/federate"
params:
match[]:
- '{job="jobname"}'
static_configs:
- targets:
- another_prom_server
scrape_interval: 30s
scrape_timeout: 15s
scheme: https
honor_labels: true
metrics_path: "/federate"
params:
match[]:
- '{job="jobname"}'
static_configs:
- targets:
- another_prom_server
But if I use `curl` command from this central prometheus server, it works and can return the metrics correctly.
another_prom_server is the one deployed by kube-prometheus-stack helm chart. Not sure what is the issue here? Could anyone help advise, thanks!
Brian Candler
Jul 19, 2022, 4:25:00 AM7/19/22
to Prometheus Users
Can you show the exact curl command line, with just the hostname replaced with "example.com" ?
- targets:
- another_prom_server:9090
- another_prom_server:9090
or
- targets:
- another_prom_server:443
- another_prom_server:443
or whatever is appropriate. (I note you set "scheme: https" - is that correct? Is this prometheus running behind a reverse proxy or ingress proxy, or configured with web.config to serve TLS?)
Shi Yan
Jul 19, 2022, 9:51:50 AM7/19/22
to Prometheus Users
Thanks, Brian for helping look into it.
Yes, in our setup, `another_prom_server` is deployed on the k8s cluster and it is behind an F5 ingress proxy, which terminates the TLS protocol. So we use HTTPS here.
And I've tried to add port 443 explicitly in the targets config, but the error is still the same.
msg="Scrape failed" err="Get \"https://example.com:443/federate?match%5B%5D=%7Bjob%3D%22jobname%22%7D\": read tcp x.x.x.x:58342->y.y.y.y:443: read: connection reset by peer"
While I can manually curl it with either
> curl https://example.com
<a href="/graph">Found</a>
<a href="/graph">Found</a>
or the one with the exact URL parameters from the error msg.
> curl 'https://example.com:443/federate?match%5B%5D=%7Bjob%3D%22jobname%22%7D'
.....# can get all the metrics correctly
.....# can get all the metrics correctly
Cheers
Julien Pivotto
Jul 19, 2022, 10:20:50 AM7/19/22
to Shi Yan, Prometheus Users
Could you try adding http2_enable: false and see if there is an improvement?
--
You received this message because you are subscribed to the Google Groups "Prometheus Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to prometheus-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/9304c742-68a9-427d-8449-ec6cf83e0f9an%40googlegroups.com.
Stuart Clark
Jul 19, 2022, 11:03:36 AM7/19/22
to Shi Yan, Prometheus Users
On 19/07/2022 14:51, Shi Yan wrote:
> Thanks, Brian for helping look into it.
>
> Yes, in our setup, `another_prom_server` is deployed on the k8s
> cluster and it is behind an F5 ingress proxy, which terminates the TLS
> protocol. So we use HTTPS here.
> And I've tried to add port 443 explicitly in the targets config, but
> the error is still the same.
>
> msg="Scrape failed" err="Get
> \"https://example.com:443/federate?match%5B%5D=%7Bjob%3D%22jobname%22%7D\":
> read tcp x.x.x.x:58342->y.y.y.y:443: read: connection reset by peer"
>
> While I can manually curl it with either
> > curl https://example.com
> <a href="/graph">Found</a>
>
> or the one with the exact URL parameters from the error msg.
> > curl
> 'https://example.com:443/federate?match%5B%5D=%7Bjob%3D%22jobname%22%7D'
> .....# can get all the metrics correctly
>
How long does it take curl to respond with all the metrics?
> Thanks, Brian for helping look into it.
>
> Yes, in our setup, `another_prom_server` is deployed on the k8s
> cluster and it is behind an F5 ingress proxy, which terminates the TLS
> protocol. So we use HTTPS here.
> And I've tried to add port 443 explicitly in the targets config, but
> the error is still the same.
>
> msg="Scrape failed" err="Get
> \"https://example.com:443/federate?match%5B%5D=%7Bjob%3D%22jobname%22%7D\":
> read tcp x.x.x.x:58342->y.y.y.y:443: read: connection reset by peer"
>
> While I can manually curl it with either
> > curl https://example.com
> <a href="/graph">Found</a>
>
> or the one with the exact URL parameters from the error msg.
> > curl
> 'https://example.com:443/federate?match%5B%5D=%7Bjob%3D%22jobname%22%7D'
> .....# can get all the metrics correctly
>
Could it be that it takes a while and your load balancer is configured
with a shorter timeout?
--
Stuart Clark
Shi Yan
Jul 19, 2022, 11:25:38 AM7/19/22
to Prometheus Users
Thanks Julien, but adding enable_http2: false doesn't help. Still same error.
Shi Yan
Jul 19, 2022, 11:27:00 AM7/19/22
to Prometheus Users
Hi Stuart
The curl actually gets a response immediately, as we only need to get a small set of metrics.
The curl command time is as follows
real 0m0.077s
user 0m0.016s
sys 0m0.018s
user 0m0.016s
sys 0m0.018s
Shi Yan
Jul 19, 2022, 11:37:50 AM7/19/22
to Prometheus Users
oh, sorry, you mean all the metrics. It's about several seconds
real 0m7.361s
user 0m0.130s
sys 0m0.999s
user 0m0.130s
sys 0m0.999s
On Wednesday, July 20, 2022 at 1:03:36 AM UTC+10 Stuart Clark wrote:
Reply all
Reply to author
Forward
0 new messages