Forum Discussion
F5 Telmeter to Node Exporter
- Jan 18, 2023
Dropped the ball, raindrop18, sorry about that! So you need to query http://, not https://, because of a limitation in the node_exporter, but you don't want to expose the BIG-IP username/password?
Not sure I can recommend that scenario, but if you wanted to try something (caution: rolling your own crypto is bad) you could send a salted hash in a cookie from a string you choose (not username/password) and then in an iRule on a virtual listening on port 80 with a client-addr requirement of your node_exporter system, have that known string also salted and hashed to compare, and then in the iRule set node as localhost and insert as basic auth your username/password in iRule with your TS endpoint URI...again, this is a bad idea, but it is possible.
Hi raindrop18 , I don't have much exposure to telemetry streaming, but I'll try to point you in the rigth direction.
Are you trying to stream to the Node_exporter or connect to BIG-IP from it?
If the former, can you set the consumer protocol to http?
If that doesn't work, can you use BIG-IP as a proxy and and use a virtual to receive https from TS and then be in the clear on the server side to your collector?
If you can get back to me with more details, I'll ask around internally for help.
- raindrop18Jan 11, 2023Altocumulus
Thanks, JRham
sorry for the late response, so I am trying to pull the metrics from F5 to node_exporter. I want to use HTTPS since I don't want the user/password to be on the clear test while connecting the F5 and pulling the metrics if I have to use HTTP.
do you have any suggestions?
Eli
- JRahmJan 18, 2023Admin
Dropped the ball, raindrop18, sorry about that! So you need to query http://, not https://, because of a limitation in the node_exporter, but you don't want to expose the BIG-IP username/password?
Not sure I can recommend that scenario, but if you wanted to try something (caution: rolling your own crypto is bad) you could send a salted hash in a cookie from a string you choose (not username/password) and then in an iRule on a virtual listening on port 80 with a client-addr requirement of your node_exporter system, have that known string also salted and hashed to compare, and then in the iRule set node as localhost and insert as basic auth your username/password in iRule with your TS endpoint URI...again, this is a bad idea, but it is possible.- raindrop18Feb 16, 2023Altocumulus
Thanks!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com