Support scraping of gitlab-exporter and rails metrics by Prometheus over TLS
What does this MR do?
Support scraping of gitlab-exporter and rails metrics by Prometheus over TLS.
Also disables Puma's HTTP listener if SSL is turned on (we couldn't do that before because Prometheus was hardcoded to listen to the HTTP listener)
Closes: #6811 (closed)
Testing
Follow the steps:
- Create a self signed certificate/key with
localhost
as common name/etc/gitlab/ssl/gitlab-exporter{.crt,.key}
.- If you changed
gitlab-exporter
'slisten_address
tofoobar
, then the certificate's CN should befoobar
. - If not, you can also instruct Prometheus to use a specific string as server name in the certificate verification using
gitlab_exporter['prometheus_scrape_tls_server_name'] = <your string>
setting.
- If you changed
- Make GitLab trust the certificate chain by following https://docs.gitlab.com/omnibus/settings/ssl.html#other-certificate-authorities. Note that each certificate in the chain must be in individual files inside
/etc/gitlab/trusted-certs
. - Edit
/etc/gitlab/gitlab.rb
and add the following# GitLab Exporter gitlab_exporter['tls_enabled'] = true gitlab_exporter['tls_cert_path'] = '/etc/gitlab/ssl/server.crt' gitlab_exporter['tls_key_path'] = '/etc/gitlab/ssl/server.key' # Puma puma['ssl_listen'] = '127.0.0.1' puma['ssl_port'] = 9111 puma['ssl_certificate'] = '/etc/gitlab/ssl/server.crt' puma['ssl_certificate_key'] = '/etc/gitlab/ssl/server.key'
- Run reconfigure and confirm that Prometheus can scrape GitLab Exporter and Rails metrics without any issues.
Related issues
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
Pipeline is green on dev.gitlab.org if the change is touching anything besides documentation or internal cookbooks -
trigger-package
has a green pipeline running against latest commit
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for the GitLab Chart opened
Edited by Balasankar 'Balu' C