Prometheus ExporterΒΆ

TNSR includes a Prometheus exporter which supports statistical data from the dataplane (VPP) only. This data is typically fed into Grafana.

See also

Configuring Grafana and its supporting systems is outside the scope of this documentation. Consult its documentation for details.

Note

The Prometheus exporter service currently does not have any configurable options on TNSR.

To start the service, run the following command from config mode:

tnsr(config)# service prometheus start

That command starts the service in the host namespace on port 9482. For additional options, see Service Control.

The URL for metrics is http://<host management IP address>:9482/metrics where <host management IP address> is an IP address of a host OS management interface on TNSR.

Warning

The Prometheus service on TNSR does not perform authentication or encryption. Data exported by Prometheus may be sensitive in nature, so protect access to the service with appropriate host ACLs and only transmit data across trusted network paths.

The default set of host ACLs denies access to the service, but take care when crafting rules to only permit access from authorized hosts or networks. Do not open access to the Prometheus port unilaterally.

This example host ACL permits access to the Prometheus service (TCP port 9482) from one IPv4 host, 198.51.100.244:

tnsr(config)# host acl prometheus
tnsr(config-host-acl)# sequence 10
tnsr(config-host-acl)# rule 10
tnsr(config-host-acl-rule)# action permit
tnsr(config-host-acl-rule)# description Allow Prometheus
tnsr(config-host-acl-rule)# match ip protocol tcp
tnsr(config-host-acl-rule)# match ip port destination 9482
tnsr(config-host-acl-rule)# match ip version 4
tnsr(config-host-acl-rule)# match ip address source 198.51.100.244/32
tnsr(config-host-acl-rule)# exit
tnsr(config-host-acl)# exit
tnsr(config)#