NimbostratusPrometheus and basic auth
Dear all
I have setup telemetry streaming so that a remote prometheus server can scrape metrics.
I used this advice to use a guest account for "basic auth" done on prometheus :
https://devcentral.f5.com/s/articles/icontrol-rest-fine-grained-role-based-access-control-30773
Here is the prometheus scrape_configs entry :
- job_name: bigip
honor_timestamps: true
scrape_interval: 10s
scrape_timeout: 10s
metrics_path: /mgmt/shared/telemetry/pullconsumer/My_Prometheus
scheme: https
basic_auth:
username: prometheus
password: <secret>
tls_config:
ca_file: /etc/ssl/certs/ca.crt
cert_file: /etc/ssl/certs/prometheus.crt
key_file: /etc/ssl/certs/prometheus.key
insecure_skip_verify: false
static_configs:
- targets:
- lb5
My problem is excessive warning messages in the logs :
Dec 13 16:33:37 lb5 warning httpd[13888]: [warn] [client XXXX] AUTHCACHE Error processing cookie 7BA470C4F1E2F722E1685046756D1F1A70621E38 - Cookie user mismatch
The problem is clearly identified (K11140735) but changing pam idle timeout is not a solution as promtheus scrapes every 10s which is too low for an usual webui idle timeout.
I was wondering if there is a fix or other way to do it ?
Using a F5 token is not a solution as prometheus does not seam to support it in its scrape_config section (https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config).
Thanks for your help ;-))