Comments (10)
jufey
commented on July 22, 2024
+1
from haproxy_exporter.
brian-brazil
commented on July 22, 2024
As a matter of policy we do not allow configuration via any sources other than command line flags and configuration files. If you wish to protect passwords, it'd have to be via adding a configuration file to this exporter.
from haproxy_exporter.
commented on July 22, 2024
I've created an example, you can download a docker image via omskauz/haproxy-exporter:master.
What's the rationale behind your company's policy?
from haproxy_exporter.
brian-brazil
commented on July 22, 2024
Configuration management is the role of your configuration management system, not Prometheus, and in addition environment variables are not a secure way to work with secrets.
from haproxy_exporter.
commented on July 22, 2024
Environment variables are better than command line flags though.
from haproxy_exporter.
brian-brazil
commented on July 22, 2024
That's your opinion, but it's not the way we decided to go. The fewer ways there are to configure something, the easier it is to operate.
from haproxy_exporter.
commented on July 22, 2024
This is not an opinion but a fact, that the linux kernel handles command line arguments and environment variables differently:
$ ls -l /proc/1/environ /proc/1/cmdline
-r--r--r-- 1 root root 0 Mar 13 16:23 /proc/1/cmdline
-r-------- 1 root root 0 Mar 14 10:40 /proc/1/environ
Every user can read out a username:password supplied via haproxy-scrape-uri command line argument, but only the process owner can read out the environment variables of a process.
from haproxy_exporter.
brian-brazil
commented on July 22, 2024
I did not say that the environment was less secure than command lines, I said that it was less secure than files.
from haproxy_exporter.
commented on July 22, 2024
Great, we're on the same page here! If haproxy_exporter supported setting the scrape URI via an environment variable, you could use docker to secure the value via an envivronment file:
$ docker run --help
[...]
--env-file list Read in a file of environment variables
[...]
https://docs.docker.com/compose/env-file/
from haproxy_exporter.
brian-brazil
commented on July 22, 2024
You misunderstand me, environment variables are not secure and we will not be adding support to allow configuration via them. If you this is to be added it needs to come from a configuration file that the haproxy exporter would read.
May I ask why you want auth here? Stats aren't exactly sensitive.
from haproxy_exporter.
Related Issues (20)
- Error when using docker-compose HOT 1
- Cutting a new release HOT 4
- Haproxy stats page report inaccurate data. HOT 3
- not read stats in haproxy for monitoring HOT 1
- haproxy.scrape-uri parameter format HOT 1
- Can't scrape HAProxy: Requested canceled while waiting for connection. HOT 1
- Metric for frontend status HOT 2
- haproxy_backend_http_responses_total per API? HOT 1
- Multiple remote haproxy HOT 2
- http_responses_total missing exported_service label HOT 1
- crashes on http.ListenAndServe (during accepting new connections) HOT 2
- only one pid's metrics return by exporter HOT 6
- Discard golang / process metrics HOT 4
- dockerhub images have wrong os/architecture tags HOT 2
- The README file in Docker Hub uses the wrong command "-haproxy.scrape-uri" HOT 1
- --help
- haproxy_exporter.exe commited to repo HOT 1
- ts=2022-01-17T08:59:49.183Z caller=haproxy_exporter.go:421 level=error msg="Unexpected error while reading CSV" err="unexpected EOF" HOT 1
- dial tcp 127.0.0.1:8181: connect: connection refused HOT 3
- metric description HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from haproxy_exporter.