Configuring Aerospike Prometheus Exporter
You configure Aerospike Prometheus Exporter by setting values for parameters in the configuration file /etc/aerospike-prometheus-exporter/ape.toml
. The file has two sections, [Agent]
and [Aerospike]
.
Procedure
In the [Agent]
section, configure access between Prometheus and the Aerospike Prometheus Exporter agent.
Optional: Provide TLS certificate information to enable HTTPS communication between Prometheus and the exporter agent.
Corresponding parameters in the ape.toml
file
# TLS certificates.
# Supports the following formats:
# 1. Certificate file path - "file:<file-path>"
# 2. Environment variable containing base64 encoded certificate - "env-b64:<environment-variable-that-contains-base64-encoded-certificate>"
# 3. Base64 encoded certificate - "b64:<base64-encoded-certificate>"
# Applicable to 'root_ca', 'cert_file' and 'key_file' configurations.
#
# Server certificate
cert_file = ""
#
# Private key associated with server certificate
key_file = ""
#
# Root CA to validate client certificates (for mutual TLS)
root_ca = ""
#
# Passphrase for encrypted key_file. Supports the following formats:
# 1. Passphrase directly - "<passphrase>"
# 2. Passphrase using a file - "file:<file-that-contains-passphrase>"
# 3. Passphrase using an environment variable - "env:<environment-variable-that-holds-passphrase>"
# 4. Passphrase using an environment variable containing base64 encoded passphrase - "env-b64:<environment-variable-that-contains-base64-encoded-passphrase>"
# 5. Passphrase in base64 encoded form - "b64:<base64-encoded-passphrase>"
key_file_passphrase = ""
Optional: Add additional labels to metrics.
Corresponding parameter in the ape.toml
file
# labels to add to the prometheus metrics. For example, labels={zone="asia-south1-a", platform="google compute engine"}
labels = {type='development',source='aerospike'}
Optional: Specify a non-default listen_address
and port for Prometheus.
By default, the address and port are 0.0.0.0:9145
.
Corresponding parameter in the ape.toml
file
bind = ":9145"
Optional: Specify a non-default timeout for connections.
Corresponding parameter in the ape.toml
file
# metrics server timeout in seconds
timeout = 10
Optional: Specify a path for the log file and a non-default logging level.
Corresponding parameters in the ape.toml
file
# Exporter logging configuration
# Log file path (optional, logs to console by default)
# Level can be info|warning,warn|error,err|debug|trace ('info' by default)
log_file = ""
log_level = ""
Optional: Specify a username and password for access to the exporter agent.
Corresponding parameters in the ape.toml
file
# Basic HTTP authentication for '/metrics'.
# Supports the following formats:
# 1. Credential directly - "<credential>"
# 2. Credential using a file - "file:<file-that-contains-credential>"
# 3. Credential using an environment variable - "env:<environment-variable-that-contains-credential>"
# 4. Credential using an environment variable containing base64 encoded credential - "env-b64:<environment-variable-that-contains-base64-encoded-credential>"
# 5. Credential in base64 encoded form - "b64:<base64-encoded-credential>"
basic_auth_username=""
basic_auth_password=""
In the [Aerospike]
section, configure connections between Aerospike Prometheus Exporter and your Aerospike cluster.
Optional: Set a non-default IP address and port for the seed node of your Aerospike cluster.
Corresponding parameters in the ape.toml
file
db_host="aerospike"
db_port=3000
Optional: Provide TLS certificate information to enable HTTPS communication between the exporter agent and the Aerospike cluster.
Corresponding parameters in the ape.toml
file
# TLS certificates.
# Supports the following formats:
# 1. Certificate file path - "file:<file-path>"
# 2. Environment variable containing base64 encoded certificate - "env-b64:<environment-variable-that-contains-base64-encoded-certificate>"
# 3. Base64 encoded certificate - "b64:<base64-encoded-certificate>"
# Applicable to 'root_ca', 'cert_file' and 'key_file' configurations.
#
# root certificate file
root_ca=""
#
# certificate file
cert_file=""
#
# key file
key_file=""
#
# Passphrase for encrypted key_file. Supports the following formats:
# 1. Passphrase directly - "<passphrase>"
# 2. Passphrase using an file - "file:<file-that-contains-passphrase>"
# 3. Passphrase using an environment variable - "env:<environment-variable-that-holds-passphrase>"
# 4. Passphrase using an environment variable containing base64 encoded passphrase - "env-b64:<environment-variable-that-contains-base64-encoded-passphrase>"
# 5. Passphrase in base64 encoded form - "b64:<base64-encoded-passphrase>"
key_file_passphrase=""
#
# node_tls_name is the TLS Name to verify against the certificate (Common Name or SAN (Subject Alternative Name)) presented by the Aerospike node during TLS authentication.
node_tls_name=""
Optional: The exporter agent supports password-based authentication. If access control is enabled in the cluster, you must provide a username and password.
Corresponding parameters in the ape.toml
file
# Aerospike cluster security credentials.
# Supports the following formats:
# 1. Credential directly - "<credential>"
# 2. Credential using an file - "file:<file-that-contains-credential>"
# 3. Credential using an environment variable - "env:<environment-variable-that-contains-credential>"
# 4. Credential using an environment variable containing base64 encoded credential - "env-b64:<environment-variable-that-contains-base64-encoded-credential>"
# 5. Credential in base64 encoded form - "b64:<base64-encoded-credential>"
# Applicable to 'user' and 'password' configurations.
#
# database user
user=""
#
# database password
password=""
#
# authentication mode: internal (for credentials stored in Aerospike), external (for credentials stored LDAP or other external systems)
auth_mode=""
Optional: Specify a non-default timeout for connections.
Corresponding parameter in the ape.toml
file
# timeout for sending commands to the server node in seconds
timeout=5
Optional: Apply filters to metrics.
Aerospike includes many metrics, some of which you might not need or want to monitor. For instance, you might want to monitor only the Aerospike-recommended Key Metrics.
You can optionally use allowlist
and blocklist
configurations to filter the metrics you want to monitor. The allowlist
and blocklist
configuration options support standard Linux regular expressions.
Here is an example configuration of allowlist
and blocklist
.
# Allowlist:
# If specified, only these metrics will be scraped.
# An empty list excludes all metrics.
# Commenting out the following allowlist configs disables metrics filtering so that all metrics are scraped.
#
# Namespace metrics allowlist
namespace_metrics_allowlist=[
"client_read_[a-z]*",
"stop_writes",
"storage-engine.file.defrag_q",
"client_write_success",
"memory_*_bytes",
"objects",
"*_available_pct"
]
#
# Set metrics allowlist
set_metrics_allowlist=[
"objects",
"tombstones"
]
#
# Node metrics allowlist
node_metrics_allowlist=[
"uptime",
"cluster_size",
"batch_index_*",
"xdr_ship_*"
]
#
# XDR metrics allowlist (only for Aerospike versions 5.0 and above)
xdr_metrics_allowlist=[
"success",
"latency_ms",
"throughput",
"lap_us"
]
#
# Job (scans/queries) metrics allowlist
job_metrics_allowlist = [
"rps",
"active-threads",
"job-progress",
"run-time",
"recs-throttled",
"recs-succeeded",
"recs-failed",
"net-io-bytes"
]
#
# Secondary index metrics allowlist
sindex_metrics_allowlist = [
"entries",
"ibtr_memory_used",
"nbtr_memory_used",
"query_basic_complete",
"query_basic_error",
"query_basic_abort",
"query_basic_avg_rec_count"
]
#
# Blocklist: If specified, these metrics will be NOT be scraped.
#
# Namespace metrics blocklist
namespace_metrics_blocklist=[
"memory_used_sindex_bytes",
"client_read_success"
]
#
# Set metrics blocklist
# set_metrics_blocklist=[]
#
# Node metrics blocklist
node_metrics_blocklist=[
"batch_index_*_buffers"
]
#
# XDR metrics blocklist (only for Aerospike versions 5.0 and above)
# xdr_metrics_blocklist=[]
#
# Job (scans/queries) metrics blocklist
# job_metrics_blocklist = []
#
# Secondary index metrics blocklist
# sindex_metrics_blocklist = []
Optional: Allow or block the fetching of metrics about the usage of Aerospike by individual users.
Add usernames of Aerospike users to user_metrics_users_allowlist
to allow Prometheus to fetch metrics about those users. Add usernames of Aerospike users to user_metrics_users_blocklist
to prevent Prometheus from fetching metrics about those users.
Metrics about Aerospike usage by individual users are available in version 5.6 and later. To fetch these metrics, the user
defined in the [Aerospike]
section must have a user-admin
privilege in the Aerospike cluster.
Here is an example configuration of user_metrics_users_allowlist
and user_metrics_users_blocklist
:
# Users Statistics (user statistics are available in 5.6 and later)
# Allowlist and blocklist control which users statistics are collected.
# Note globbing patterns are not supported for this configuration.
user_metrics_users_allowlist=[
"admin",
"superuser",
"aerospikeUser1",
"aerospikeUser2"
]
user_metrics_users_blocklist=[
"admin",
"superuser"
]
Different users can be added to both the allowlist and the blocklist. Since the blocklist takes precedence over the allowlist, if a user is in both lists, the statistics for that user cannot be fetched.