Hey there!
I’m currently looking into cranking the monitoring to 180, the new monitoring docs are very helpful there! (I’m just trying to achieve something similar with Zabbix instead of PCP)
One thing I noticed there is, that I don’t want to leave the /metrics
endpoint open to everyone,
so have been searching for a foreman-installer parameter to limit access to that, like apache-mod-status-requires
, just for foreman-telemetry-prometheus-enabled
.
I think I found the, for me, missing bits, a new fragment in the puppetlabs-apache vhost config would be needed.
Manually added that so far directly on my system with
<Location /metrics>
Require ip 127.0.0.1 ::1
</Location>
at the end of the ssl vhost config.
I don’t know if this is really already everything needed, so any help there is welcome (if wanted I can also try to send a PR for that afterwards)
Thanks and cheers, lumarel
If the Zabbix monitoring sounds something wanted for the docs, I sure can write that down as well