jmx_exporter icon indicating copy to clipboard operation
jmx_exporter copied to clipboard
verified publisher icon prometheus

What is the exact meaning of username and password?

Open jheinitz opened this issue 3 years ago • 1 comments

Hello,

I just configured my Java App (Kafka) to publish it's metrics through the Prometheus JMX Exporter. I specified the variables username and password in the config file and passed it to the app using

-javaagent:/opt/jmx_prometheus/jmx_prometheus_javaagent.jar=127.0.0.1:7170:/etc/zookeeper/zookeeper_jmx_prometheus.yml

I thought that I would need to retrieve the metrics using this command:

curl -u user:passwd http://127.0.0.1:7170/metrics

However, I can retrieve the metrics using that, but I also get the metrics when omitting the -u user:passwd part.

Do I miss something?

Any help is appreciated!

Kind regards

Jens

Version of javaagent: 0.12.0

jheinitz avatar Feb 17 '22 16:02 jheinitz

The username and password are used when accessing JMX remotely.

Currently, jmx_exporter does not support authentication to the HTTP endpoint. Work is being done to add the functionality, but I don't know if there is timeline.

dhoard avatar Feb 17 '22 22:02 dhoard

Hi, I am currently using the jmx exporter to push the tomcat metrics on prometheus. -javaagent:/opt/tomcat/webapps/jmx_prometheus_javaagent-0.17.2.jar=9409:/opt/tomcat/webapps/config.yaml

I want to enable basic authentication for the same. Is the work still in progress for later versions of 0.12.0 ?

ali786XI avatar Apr 22 '23 13:04 ali786XI

Exporter HTTP authentication still needs to be implemented.

I am targeting the feature into the next release.

dhoard avatar Apr 22 '23 13:04 dhoard

Btw, after a bit of exploration on the issues, I found a workaround of using the jmx_prometheus_javaagent-0.17.3-SNAPSHOT.jar that you have mentioned in which authentication is working. Here is my config.yml file.

httpServer:
  authentication:
    enabled: true
    algorithm: Basic
    username: 
    password:

But I also need to enable SSL for the same. Can you provide that config if it is working in the SNAPSHOT?

ali786XI avatar Apr 22 '23 13:04 ali786XI

This jar was an example of experimental development work and is NOT support.

You should NOT use this in production.

dhoard avatar Apr 22 '23 15:04 dhoard

Understood your point. I am only using this out for testing the metrics I am getting on the Prometheus endpoint. I was just curious to know about the support of basic auth and SSL. This WONT go in production environments.

Just wanted to share that SSL is also working with this minimal config. Thanks for the fix in the SNAPSHOT. Waiting for the released version.

ali786XI avatar Apr 22 '23 15:04 ali786XI

Closing as stale. Please reopen if you would like to continue the discussion.

dhoard avatar Jun 24 '23 02:06 dhoard