# Configure Aerospike Prometheus Exporter You configure Aerospike Prometheus Exporter by setting values for parameters in the configuration file `/etc/aerospike-prometheus-exporter/ape.toml`. The file has two sections, `[Agent]` and `[Aerospike]`. ## Procedure In the `[Agent]` section, configure access between Prometheus and the Aerospike Prometheus Exporter agent. Optional: Provide TLS certificate information to enable HTTPS communication between Prometheus and the exporter agent. **Corresponding parameters in the `ape.toml` file** ```toml # TLS certificates. # Supports the following formats: # 1. Certificate file path - "file:" # 2. Environment variable containing base64 encoded certificate - "env-b64:" # 3. Base64 encoded certificate - "b64:" # Applicable to 'root_ca', 'cert_file' and 'key_file' configurations. # # Server certificate cert_file = "" # # Private key associated with server certificate key_file = "" # # Root CA to validate client certificates (for mutual TLS) root_ca = "" # # Passphrase for encrypted key_file. Supports the following formats: # 1. Passphrase directly - "" # 2. Passphrase using a file - "file:" # 3. Passphrase using an environment variable - "env:" # 4. Passphrase using an environment variable containing base64 encoded passphrase - "env-b64:" # 5. Passphrase in base64 encoded form - "b64:" key_file_passphrase = "" ``` Optional: Add additional labels to metrics. **Corresponding parameter in the `ape.toml` file** ```toml # labels to add to the prometheus metrics. For example, labels={zone="asia-south1-a", platform="google compute engine"} labels = {type='development',source='aerospike'} ``` Optional: Specify a non-default `listen_address` and port for Prometheus. By default, the address and port are `0.0.0.0:9145`. **Corresponding parameter in the `ape.toml` file** ```toml bind = ":9145" ``` Optional: Specify a non-default timeout for connections. **Corresponding parameter in the `ape.toml` file** ```toml # metrics server timeout in seconds timeout = 10 ``` Optional: Specify a path for the log file and a non-default logging level. **Corresponding parameters in the `ape.toml` file** ```toml # Exporter logging configuration # Log file path (optional, logs to console by default) # Level can be info|warning,warn|error,err|debug|trace ('info' by default) log_file = "" log_level = "" ``` Optional: Specify a username and password for access to the exporter agent. **Corresponding parameters in the `ape.toml` file** ```toml # Basic HTTP authentication for '/metrics'. # Supports the following formats: # 1. Credential directly - "" # 2. Credential using a file - "file:" # 3. Credential using an environment variable - "env:" # 4. Credential using an environment variable containing base64 encoded credential - "env-b64:" # 5. Credential in base64 encoded form - "b64:" basic_auth_username="" basic_auth_password="" ``` In the `[Aerospike]` section, configure connections between Aerospike Prometheus Exporter and your Aerospike cluster. Optional: Set a non-default IP address and port for the seed node of your Aerospike cluster. **Corresponding parameters in the `ape.toml` file** ```toml db_host="aerospike" db_port=3000 ``` Optional: Provide TLS certificate information to enable HTTPS communication between the exporter agent and the Aerospike cluster. **Corresponding parameters in the `ape.toml` file** ```toml # TLS certificates. # Supports the following formats: # 1. Certificate file path - "file:" # 2. Environment variable containing base64 encoded certificate - "env-b64:" # 3. Base64 encoded certificate - "b64:" # Applicable to 'root_ca', 'cert_file' and 'key_file' configurations. # # root certificate file root_ca="" # # certificate file cert_file="" # # key file key_file="" # # Passphrase for encrypted key_file. Supports the following formats: # 1. Passphrase directly - "" # 2. Passphrase using an file - "file:" # 3. Passphrase using an environment variable - "env:" # 4. Passphrase using an environment variable containing base64 encoded passphrase - "env-b64:" # 5. Passphrase in base64 encoded form - "b64:" key_file_passphrase="" # # node_tls_name is the TLS Name to verify against the certificate (Common Name or SAN (Subject Alternative Name)) presented by the Aerospike node during TLS authentication. node_tls_name="" ``` Optional: The exporter agent supports password-based authentication. If access control is enabled in the cluster, you must provide a username and password. **Corresponding parameters in the `ape.toml` file** ```toml # Aerospike cluster security credentials. # Supports the following formats: # 1. Credential directly - "" # 2. Credential using an file - "file:" # 3. Credential using an environment variable - "env:" # 4. Credential using an environment variable containing base64 encoded credential - "env-b64:" # 5. Credential in base64 encoded form - "b64:" # Applicable to 'user' and 'password' configurations. # # database user user="" # # database password password="" # # authentication mode: internal (for credentials stored in Aerospike), external (for credentials stored LDAP or other external systems) auth_mode="" ``` Optional: Specify a non-default timeout for connections. **Corresponding parameter in the `ape.toml` file** ```toml # timeout for sending commands to the server node in seconds timeout=5 ``` Optional: Apply filters to metrics. [Aerospike includes many metrics](https://aerospike.com/docs/database/reference/metrics), some of which you might not need or want to monitor. For instance, you might want to monitor only the Aerospike-recommended [Key Metrics](https://aerospike.com/docs/database/observe/key-metrics). You can optionally use `allowlist` and `blocklist` configurations to filter the metrics you want to monitor. The `allowlist` and `blocklist` configuration options support standard Linux regular expressions. Here is an example configuration of `allowlist` and `blocklist`. ```toml # Allowlist: # If specified, only these metrics will be scraped. # An empty list excludes all metrics. # Commenting out the following allowlist configs disables metrics filtering so that all metrics are scraped. # # Namespace metrics allowlist namespace_metrics_allowlist=[ "client_read_[a-z]*", "stop_writes", "storage-engine.file.defrag_q", "client_write_success", "memory_*_bytes", "objects", "*_available_pct" ] # # Set metrics allowlist set_metrics_allowlist=[ "objects", "tombstones" ] # # Node metrics allowlist node_metrics_allowlist=[ "uptime", "cluster_size", "batch_index_*", "xdr_ship_*" ] # # XDR metrics allowlist (only for Aerospike versions 5.0.0 and above) xdr_metrics_allowlist=[ "success", "latency_ms", "throughput", "lap_us" ] # # Job (scans/queries) metrics allowlist job_metrics_allowlist = [ "rps", "active-threads", "job-progress", "run-time", "recs-throttled", "recs-succeeded", "recs-failed", "net-io-bytes" ] # # Secondary index metrics allowlist sindex_metrics_allowlist = [ "entries", "ibtr_memory_used", "nbtr_memory_used", "query_basic_complete", "query_basic_error", "query_basic_abort", "query_basic_avg_rec_count" ] # # Blocklist: If specified, these metrics will be NOT be scraped. # # Namespace metrics blocklist namespace_metrics_blocklist=[ "memory_used_sindex_bytes", "client_read_success" ] # # Set metrics blocklist # set_metrics_blocklist=[] # # Node metrics blocklist node_metrics_blocklist=[ "batch_index_*_buffers" ] # # XDR metrics blocklist (only for Aerospike versions 5.0.0 and above) # xdr_metrics_blocklist=[] # # Job (scans/queries) metrics blocklist # job_metrics_blocklist = [] # # Secondary index metrics blocklist # sindex_metrics_blocklist = [] ``` Optional: Allow or block the fetching of metrics about the usage of Aerospike by individual users. Add usernames of Aerospike users to `user_metrics_users_allowlist` to allow Prometheus to fetch metrics about those users. Add usernames of Aerospike users to `user_metrics_users_blocklist` to prevent Prometheus from fetching metrics about those users. Metrics about Aerospike usage by individual users are available in version 5.6.0 and later. To fetch these metrics, the `user` defined in the `[Aerospike]` section must have a `user-admin` privilege in the Aerospike cluster. Here is an example configuration of `user_metrics_users_allowlist` and `user_metrics_users_blocklist`: ```toml # Users Statistics (user statistics are available in 5.6.0 and later) # Allowlist and blocklist control which users statistics are collected. # Note globbing patterns are not supported for this configuration. user_metrics_users_allowlist=[ "admin", "superuser", "aerospikeUser1", "aerospikeUser2" ] user_metrics_users_blocklist=[ "admin", "superuser" ] ``` ::: note Different users can be added to both the allowlist and the blocklist. Since the blocklist takes precedence over the allowlist, if a user is in both lists, the statistics for that user cannot be fetched. :::