Page MenuHomePhabricator

Setup metrics monitoring for OpenLDAP/corp
Open, NormalPublic

Description

We currently don't run the Prometheus exporter for the OpenLDAP corp replica. (Originally because there was no cn=monitor user for accessing the LDAP sub tree where the metrics are available. This has since been fixed by OIT, so we can now setup the exporter for the corp replica and add a respective Grafana dashboard.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 5 2018, 2:12 PM
Dzahn triaged this task as Normal priority.Oct 12 2018, 4:44 PM

There's now a cn=monitor user in the corp replica.

Some pointers for implementation:

  • The corp replicas are dubnium and pollux, you can do a regular "ldapsearch -x cn=monitor "to see the user
  • The profile profile::prometheus::openldap_exporter will need a few tweaks to be also reused for the corp replica:
    • We need to include a different password for the LDAP bind of the monitoring user
    • The monitoring user is in a different container, for openldap/labs it's below the LDAP base, but apparently with the user management tools for the corp LDAP that's not possible, so it's currently in the ou=people, as such the prometheus.conf.erb needs to be adapted for corp