29-Dec-2022 13:02
Hello,
I want to stream F5 Telemetry to Node_exporter because node exporter is integrated with Oracle cloud. how ever the node_exporter config accepts only HTTP URLs as we know the F5 endpoint is HTTPS and also uses a user/password. the endpoint I have tested working on POSTMAN. any workaround for that?
Solved! Go to Solution.
18-Jan-2023 09:30
Dropped the ball, @raindrop18, sorry about that! So you need to query http://, not https://, because of a limitation in the node_exporter, but you don't want to expose the BIG-IP username/password?
Not sure I can recommend that scenario, but if you wanted to try something (caution: rolling your own crypto is bad) you could send a salted hash in a cookie from a string you choose (not username/password) and then in an iRule on a virtual listening on port 80 with a client-addr requirement of your node_exporter system, have that known string also salted and hashed to compare, and then in the iRule set node as localhost and insert as basic auth your username/password in iRule with your TS endpoint URI...again, this is a bad idea, but it is possible.
04-Jan-2023 14:32
Hey @raindrop18 - I think your question hit the holiday slump, so I've asked one of my teammates to come take a look.
04-Jan-2023 15:57
Hi @raindrop18 , I don't have much exposure to telemetry streaming, but I'll try to point you in the rigth direction.
Are you trying to stream to the Node_exporter or connect to BIG-IP from it?
If the former, can you set the consumer protocol to http?
If that doesn't work, can you use BIG-IP as a proxy and and use a virtual to receive https from TS and then be in the clear on the server side to your collector?
If you can get back to me with more details, I'll ask around internally for help.
11-Jan-2023 15:05
Thanks, JRham
sorry for the late response, so I am trying to pull the metrics from F5 to node_exporter. I want to use HTTPS since I don't want the user/password to be on the clear test while connecting the F5 and pulling the metrics if I have to use HTTP.
do you have any suggestions?
Eli
18-Jan-2023 09:30
Dropped the ball, @raindrop18, sorry about that! So you need to query http://, not https://, because of a limitation in the node_exporter, but you don't want to expose the BIG-IP username/password?
Not sure I can recommend that scenario, but if you wanted to try something (caution: rolling your own crypto is bad) you could send a salted hash in a cookie from a string you choose (not username/password) and then in an iRule on a virtual listening on port 80 with a client-addr requirement of your node_exporter system, have that known string also salted and hashed to compare, and then in the iRule set node as localhost and insert as basic auth your username/password in iRule with your TS endpoint URI...again, this is a bad idea, but it is possible.
16-Feb-2023 15:45
Thanks!