For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

raindrop18's avatar
raindrop18
Icon for Altocumulus rankAltocumulus
Dec 29, 2022
Solved

F5 Telmeter to Node Exporter

Hello,   I want to stream F5 Telemetry to Node_exporter because node exporter is integrated with Oracle cloud. how ever the node_exporter config accepts only HTTP URLs as we know the F5 endpoint is...
cloud
devops
http
https
node exporter
security
Telemetry
  • JRahm's avatar
    JRahm
    Jan 18, 2023

    Dropped the ball, raindrop18, sorry about that! So you need to query http://, not https://, because of a limitation in the node_exporter, but you don't want to expose the BIG-IP username/password?

    Not sure I can recommend that scenario, but if you wanted to try something (caution: rolling your own crypto is bad) you could send a salted hash in a cookie from a string you choose (not username/password) and then in an iRule on a virtual listening on port 80 with a client-addr requirement of your node_exporter system, have that known string also salted and hashed to compare, and then in the iRule set node as localhost and insert as basic auth your username/password in iRule with your TS endpoint URI...again, this is a bad idea, but it is possible.

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jan 04, 2023

Hi raindrop18 , I don't have much exposure to telemetry streaming, but I'll try to point you in the rigth direction.

Are you trying to stream to the Node_exporter or connect to BIG-IP from it?

If the former, can you set the consumer protocol to http?

If that doesn't work, can you use BIG-IP as a proxy and and use a virtual to receive https from TS and then be in the clear on the server side to your collector?

If you can get back to me with more details, I'll ask around internally for help.

  • raindrop18's avatar
    raindrop18
    Icon for Altocumulus rankAltocumulus
    Jan 11, 2023

    Thanks, JRham

    sorry for the late response, so I am trying to pull the metrics from F5 to  node_exporter. I want to use HTTPS since I don't want the user/password to be on the clear test while connecting the F5 and pulling the metrics if I have to use HTTP. 

      do you have any suggestions? 

     

    Eli

     

    • JRahm's avatar
      JRahm
      Icon for Admin rankAdmin
      Jan 18, 2023

      Dropped the ball, raindrop18, sorry about that! So you need to query http://, not https://, because of a limitation in the node_exporter, but you don't want to expose the BIG-IP username/password?

      Not sure I can recommend that scenario, but if you wanted to try something (caution: rolling your own crypto is bad) you could send a salted hash in a cookie from a string you choose (not username/password) and then in an iRule on a virtual listening on port 80 with a client-addr requirement of your node_exporter system, have that known string also salted and hashed to compare, and then in the iRule set node as localhost and insert as basic auth your username/password in iRule with your TS endpoint URI...again, this is a bad idea, but it is possible.

      • raindrop18's avatar
        raindrop18
        Icon for Altocumulus rankAltocumulus
        Feb 16, 2023

        Thanks!