ForgeRock, Prometheus & Grafana integration (Part 2)
In the previous part, I presented how ForgeRock, Prometheus and Grafana are integrated. In this post I’ll explain how to configure Prometheus and how to use Grafana dashboards examples provided by ForgeRock for each components.
In the previous episode
At the end of my previous note, all ForgeRock components were exposing prometheus metrics. The schema below resume how ForgeRock, Prometheus and Grafana are integrated.
Now, let’s configure Prometheus to pull these informations and Grafana to show it in dashboards.
Configuring Prometheus and Grafana
Note: I assume you have Prometheus and Grafana instances running.
Configuring Prometheus
Prometheus configuration is done in a yml file (default name: prometheus.yml, default location: the root folder of your prometheus setup). In this file you define the polling frequency, the alerting system, the various datasources to poll, etc…
For a detailed documentation concerning prometheus yml file structure go to Prometheus’ configuration documentation page.
To configure Prometheus to poll for ForgeRock’s prometheus endpoints, we will add a few line in the scrape_configs section of the file. These lines contain:
- job_name- This is used to start a subsection dedicated to the configuration of a datasource (target) you want to connect to with Prometheus. It is also equal to the name of the datasource you will see in your Prometheus web interface.scrape_intervalandscrape_timeout- These parameters are used respectively to define how frequently Prometheus will poll the datasource and the polling’s timeout.static_configs- Creates a subsection that we use to define the datasource hostname and port.targets- Parameter used in thestatic_configssubsection to define the datasource hostname and port to use to connect to the datasource.metrics_path- This is the absolute URL path where Prometheus will get the metrics from the datasource.scheme- This is the protocol used to connect to the endpoint (for ForgeRock it is eitherhttporhttps).tls_config- This is used to start a subsection to define certificates to trust and use forhttpsconnections with the datasource. See Prometheus documentation to get more information how to use this parameter.basic_auth- Creates a subsection that we use to configure Basic auth parameters to be used by Prometheus to connect to the datasource .usernameandpassword- Parameters used in thebasic_authsubsection to define basic auth login and password.
See below an example of static_configs section for Forgerock components.
- job_name: '<DataSourceName>'
scrape_interval: 5s
scrape_timeout: 5s static_configs:
- targets: [<ServerName>:<PortNumber>] metrics_path: '<EndpointURL>' scheme: <Scheme>
tls_config:
insecure_skip_verify: true
basic_auth:
username: '<PromLogin>'
password: '<PromPassword>'
In this example <DatasourceName> is equald to the name you want to give to the datasource (for instance “AM 65”), <ServerName> is equals to the hostname of the Forgerock component you want to monitor (ex: am65.forgerock), <PortNumber> is equal to the port number where the ForgeRock component is publishing the Prometheus Metrics (it may be 8080 for HTTP or 8443 for HTTPS) and <EndpointURL> is equal to the URL path where the metrics are exposed by ForgeRock (default are : /openam/json/metrics/prometheus for AM, /openidm/metrics/prometheus for IDM, /opendj/metrics/prometheus for DS and /openig/json/metrics/prometheus for IG). <Scheme> can be either http or https. If you choose https, then you will have to configure tls_config parameter. Note: in this example, it is configured to skip certificate verification; it shouldn’t be done in production enviroment.
Finally, you have to configure Basic auth to authenticate Prometheus to you various ForgeRock’s prometheus endpoints (these credentials have been defined during Part 1).
Now you just have to start Prometheus, connect to the Prometheus user interface and browse to Targets menu. The figure below shows the screen you should see.
Configuring Grafana
To configure Grafana, you just have to add the data source corresponding to Prometheus.
- Login to Grafana as an administrator,
- Browse to Configuration>Data Sources menu,
- Clic Add Data Source,
- Select Prometheus and complete the creation form with the informations concerning your Prometheus server (at least the URL of the server).
The figure below shows my Prometheus data Source configuration in Grafana.
That’s it, now Prometheus is collecting information from ForgeRock components and Grafana polls Prometheus for data. The next step is to use these data to create dashboards.
Using ForgeRock’s Grafana dashboard example
For all forgeRock component, you can find on the backstage’s download page a zip archive containing Grafana dashboard example.
Just download and unzip it, you will get a directory containing:
- json files - these are the dashboards you will import in Grafana
- README.md file - this file contains a step by step setup and configuration procedure
To import the dashboards in Grafana:
- Login to Grafana as an administrator,
- Browse to Create>Import,
- Click on Upload .json File,
- Select your promeheus Data Source and click Import,
- Et Voila ! Your dashboard is imported and you are redirected to it.
The figure below shows an example of Directory Service Dashboard.
Note: don’t forget to import all the Json files to get all the dashboard (a json file = a dashboard).
Conclusion (Part 2)
This part, concludes my serie of articles explaining how to integrate ForgeRock, Prometheus and Grafana. If you want to read more concerning the content of the dashboards Forgerock provides, I suggest you to read Craig McDonnell’s article on the ForgeRock Forum.
Finally, if you plan to deploy the solution in the cloud, note that ForgeRock Cloud Deployment Model provides a single script to deploy Prometheus, Grafana and a number of sample dashboards.
