diff --git a/README.md b/README.md index cebb8e7e..110a8fd6 100644 --- a/README.md +++ b/README.md @@ -140,6 +140,9 @@ Prometheus uses file watches and all changes to the json file are applied immedi | Name | Environment Variable Name | Description | |-------------------------|----------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| config | - | Path to configuration file in json format, defaults to `/etc/redis_exporter/config.json` | +| basic-auth.user | BASIC_AUTH_USER | Basic username for accessing Exporter(If either basic-auth.user or basic-auth.password is not empty, enable basic authentication) | +| basic-auth.password | BASIC_AUTH_PASSWORD | Basic password for accessing Exporter,Please ensure that these two values(basic-auth.user, basic-auth.password) are used together. | | redis.addr | REDIS_ADDR | Address of the Redis instance, defaults to `redis://localhost:6379`. If TLS is enabled, the address must be like the following `rediss://localhost:6379` | | redis.user | REDIS_USER | User name to use for authentication (Redis ACL for Redis 6.0 and newer). | | redis.password | REDIS_PASSWORD | Password of the Redis instance, defaults to `""` (no password). | diff --git a/config.json b/config.json new file mode 100644 index 00000000..98bca956 --- /dev/null +++ b/config.json @@ -0,0 +1,44 @@ +{ + "BasicAuthUser": "", + "BasicAuthPwd": "", + "RedisAddr": "redis://localhost:6379", + "RedisUser": "", + "RedisPwd": "", + "RedisPwdFile": "", + "Namespace": "redis", + "CheckKeys": "", + "CheckSingleKeys": "", + "CheckKeyGroups": "", + "CheckStreams": "", + "CheckSingleStreams": "", + "CountKeys": "", + "CheckKeysBatchSize": 1000, + "ScriptPath": "", + "ListenAddress": ":9121", + "MetricPath": "/metrics", + "LogFormat": "txt", + "ConfigCommand": "CONFIG", + "ConnectionTimeout": "15s", + "TlsClientKeyFile": "", + "TlsClientCertFile": "", + "TlsCaCertFile": "", + "TlsServerKeyFile": "", + "TlsServerCertFile": "", + "TlsServerCaCertFile": "", + "TlsServerMinVersion": "TLS1.2", + "MaxDistinctKeyGroups": 100, + "IsDebug": false, + "SetClientName": true, + "IsTile38": false, + "IsCluster": false, + "ExportClientList": false, + "ExportClientPort": false, + "ShowVersion": false, + "RedisMetricsOnly": false, + "PingOnConnect": true, + "InclConfigMetrics": false, + "DisableExportingKeyValues": false, + "RedactConfigMetrics": false, + "InclSystemMetrics": false, + "SkipTLSVerification": false +} \ No newline at end of file diff --git a/exporter/exporter.go b/exporter/exporter.go index 7c436efc..8be8da59 100644 --- a/exporter/exporter.go +++ b/exporter/exporter.go @@ -22,6 +22,11 @@ type BuildInfo struct { Date string } +type BasicAuth struct { + ExporterUser string + ExporterPwd string +} + // Exporter implements the prometheus.Exporter interface, and exports Redis metrics. type Exporter struct { sync.Mutex @@ -80,6 +85,7 @@ type Options struct { RedisPwdFile string Registry *prometheus.Registry BuildInfo BuildInfo + BasicAuth BasicAuth } // NewRedisExporter returns a new exporter of Redis metrics. @@ -420,14 +426,22 @@ func NewRedisExporter(redisURI string, opts Options) (*Exporter, error) { if e.options.MetricsPath == "" { e.options.MetricsPath = "/metrics" } + // If one of the username and password is not the default value + openBasicAuth := e.options.BasicAuth.ExporterPwd != "" || e.options.BasicAuth.ExporterUser != "" e.mux = http.NewServeMux() if e.options.Registry != nil { e.options.Registry.MustRegister(e) - e.mux.Handle(e.options.MetricsPath, promhttp.HandlerFor( - e.options.Registry, promhttp.HandlerOpts{ErrorHandling: promhttp.ContinueOnError}, - )) + if openBasicAuth { + log.Infof("Detected that the probe has initiated Basic authentication with username: %s", e.options.BasicAuth.ExporterUser) + // add basic auth + e.mux.HandleFunc(e.options.MetricsPath, e.basicAuth(e.metricHandler)) + } else { + e.mux.Handle(e.options.MetricsPath, promhttp.HandlerFor( + e.options.Registry, promhttp.HandlerOpts{ErrorHandling: promhttp.ContinueOnError}, + )) + } if !e.options.RedisMetricsOnly { buildInfoCollector := prometheus.NewGaugeVec(prometheus.GaugeOpts{ @@ -440,10 +454,19 @@ func NewRedisExporter(redisURI string, opts Options) (*Exporter, error) { } } - e.mux.HandleFunc("/", e.indexHandler) - e.mux.HandleFunc("/scrape", e.scrapeHandler) - e.mux.HandleFunc("/health", e.healthHandler) - e.mux.HandleFunc("/-/reload", e.reloadPwdFile) + if openBasicAuth { + log.Infof("Detected that the probe has initiated Basic authentication with username: %s", e.options.BasicAuth.ExporterUser) + // add basic auth + e.mux.HandleFunc("/", e.basicAuth(e.indexHandler)) + e.mux.HandleFunc("/scrape", e.basicAuth(e.scrapeHandler)) + e.mux.HandleFunc("/health", e.basicAuth(e.healthHandler)) + e.mux.HandleFunc("/-/reload", e.basicAuth(e.reloadPwdFile)) + } else { + e.mux.HandleFunc("/", e.indexHandler) + e.mux.HandleFunc("/scrape", e.scrapeHandler) + e.mux.HandleFunc("/health", e.healthHandler) + e.mux.HandleFunc("/-/reload", e.reloadPwdFile) + } return e, nil } diff --git a/exporter/http.go b/exporter/http.go index 266c8ff5..4b67b467 100644 --- a/exporter/http.go +++ b/exporter/http.go @@ -1,6 +1,8 @@ package exporter import ( + "crypto/sha256" + "crypto/subtle" "fmt" "net/http" "net/url" @@ -30,6 +32,12 @@ func (e *Exporter) indexHandler(w http.ResponseWriter, r *http.Request) { `)) } +func (e *Exporter) metricHandler(w http.ResponseWriter, r *http.Request) { + promhttp.HandlerFor( + e.options.Registry, promhttp.HandlerOpts{ErrorHandling: promhttp.ContinueOnError}, + ).ServeHTTP(w, r) +} + func (e *Exporter) scrapeHandler(w http.ResponseWriter, r *http.Request) { target := r.URL.Query().Get("target") if target == "" { @@ -107,3 +115,31 @@ func (e *Exporter) reloadPwdFile(w http.ResponseWriter, r *http.Request) { e.Unlock() _, _ = w.Write([]byte(`ok`)) } + +/* +basic auth handler +*/ +func (e *Exporter) basicAuth(next http.HandlerFunc) http.HandlerFunc { + exporterUser := e.options.BasicAuth.ExporterUser + exporterPwd := e.options.BasicAuth.ExporterPwd + return func(w http.ResponseWriter, r *http.Request) { + username, password, ok := r.BasicAuth() + if ok { + // Calculate SHA-256 hashes for the provided and expected usernames and passwords. + usernameHash := sha256.Sum256([]byte(username)) + passwordHash := sha256.Sum256([]byte(password)) + expectedUsernameHash := sha256.Sum256([]byte(exporterUser)) + expectedPasswordHash := sha256.Sum256([]byte(exporterPwd)) + + usernameMatch := subtle.ConstantTimeCompare(usernameHash[:], expectedUsernameHash[:]) == 1 + passwordMatch := subtle.ConstantTimeCompare(passwordHash[:], expectedPasswordHash[:]) == 1 + + if usernameMatch && passwordMatch { + next.ServeHTTP(w, r) + return + } + } + w.Header().Set("WWW-Authenticate", `Basic realm="restricted", charset="UTF-8"`) + http.Error(w, "Unauthorized", http.StatusUnauthorized) + } +} diff --git a/main.go b/main.go index 390cc54a..d5d291b7 100644 --- a/main.go +++ b/main.go @@ -12,6 +12,8 @@ import ( "strings" "syscall" "time" + "encoding/json" + "io/ioutil" "github.com/prometheus/client_golang/prometheus" log "github.com/sirupsen/logrus" @@ -28,6 +30,61 @@ var ( BuildCommitSha = "<<< filled in by build >>>" ) +type Config struct { + BasicAuthUser string `json:"basicAuthUser"` + BasicAuthPwd string `json:"basicAuthPwd"` + RedisAddr string `json:"redisAddr"` + RedisUser string `json:"redisUser"` + RedisPwd string `json:"redisPwd"` + RedisPwdFile string `json:"redisPwdFile"` + Namespace string `json:"namespace"` + CheckKeys string `json:"checkKeys"` + CheckSingleKeys string `json:"checkSingleKeys"` + CheckKeyGroups string `json:"checkKeyGroups"` + CheckStreams string `json:"checkStreams"` + CheckSingleStreams string `json:"checkSingleStreams"` + CountKeys string `json:"countKeys"` + CheckKeysBatchSize int64 `json:"checkKeysBatchSize"` + ScriptPath string `json:"scriptPath"` + ListenAddress string `json:"listenAddress"` + MetricPath string `json:"metricPath"` + LogFormat string `json:"logFormat"` + ConfigCommand string `json:"configCommand"` + ConnectionTimeout string `json:"connectionTimeout"` + TlsClientKeyFile string `json:"tlsClientKeyFile"` + TlsClientCertFile string `json:"tlsClientCertFile"` + TlsCaCertFile string `json:"tlsCaCertFile"` + TlsServerKeyFile string `json:"tlsServerKeyFile"` + TlsServerCertFile string `json:"tlsServerCertFile"` + TlsServerCaCertFile string `json:"tlsServerCaCertFile"` + TlsServerMinVersion string `json:"tlsServerMinVersion"` + MaxDistinctKeyGroups int64 `json:"maxDistinctKeyGroups"` + IsDebug bool `json:"isDebug"` + SetClientName bool `json:"setClientName"` + IsTile38 bool `json:"isTile38"` + IsCluster bool `json:"isCluster"` + ExportClientList bool `json:"exportClientList"` + ExportClientPort bool `json:"exportClientPort"` + ShowVersion bool `json:"showVersion"` + RedisMetricsOnly bool `json:"redisMetricsOnly"` + PingOnConnect bool `json:"pingOnConnect"` + InclConfigMetrics bool `json:"inclConfigMetrics"` + DisableExportingKeyValues bool `json:"disableExportingKeyValues"` + RedactConfigMetrics bool `json:"redactConfigMetrics"` + InclSystemMetrics bool `json:"inclSystemMetrics"` + SkipTLSVerification bool `json:"skipTLSVerification"` +} + +func loadConfig(filename string) (*Config, error) { + bytes, err := ioutil.ReadFile(filename) + if err != nil { + return nil, err + } + var config Config + err = json.Unmarshal(bytes, &config) + return &config, err +} + func getEnv(key string, defaultVal string) string { if envVal, ok := os.LookupEnv(key); ok { return envVal @@ -56,47 +113,58 @@ func getEnvInt64(key string, defaultVal int64) int64 { } func main() { + + configFile := flag.String("config", getEnv("REDIS_EXPORTER_CONFIG", "/etc/redis_exporter/config.json"), "Path to the config file") + flag.Parse() + + config, err := loadConfig(*configFile) + if err != nil { + log.Fatalf("Error loading config file: %s", err) + } + var ( - redisAddr = flag.String("redis.addr", getEnv("REDIS_ADDR", "redis://localhost:6379"), "Address of the Redis instance to scrape") - redisUser = flag.String("redis.user", getEnv("REDIS_USER", ""), "User name to use for authentication (Redis ACL for Redis 6.0 and newer)") - redisPwd = flag.String("redis.password", getEnv("REDIS_PASSWORD", ""), "Password of the Redis instance to scrape") - redisPwdFile = flag.String("redis.password-file", getEnv("REDIS_PASSWORD_FILE", ""), "Password file of the Redis instance to scrape") - namespace = flag.String("namespace", getEnv("REDIS_EXPORTER_NAMESPACE", "redis"), "Namespace for metrics") - checkKeys = flag.String("check-keys", getEnv("REDIS_EXPORTER_CHECK_KEYS", ""), "Comma separated list of key-patterns to export value and length/size, searched for with SCAN") - checkSingleKeys = flag.String("check-single-keys", getEnv("REDIS_EXPORTER_CHECK_SINGLE_KEYS", ""), "Comma separated list of single keys to export value and length/size") - checkKeyGroups = flag.String("check-key-groups", getEnv("REDIS_EXPORTER_CHECK_KEY_GROUPS", ""), "Comma separated list of lua regex for grouping keys") - checkStreams = flag.String("check-streams", getEnv("REDIS_EXPORTER_CHECK_STREAMS", ""), "Comma separated list of stream-patterns to export info about streams, groups and consumers, searched for with SCAN") - checkSingleStreams = flag.String("check-single-streams", getEnv("REDIS_EXPORTER_CHECK_SINGLE_STREAMS", ""), "Comma separated list of single streams to export info about streams, groups and consumers") - countKeys = flag.String("count-keys", getEnv("REDIS_EXPORTER_COUNT_KEYS", ""), "Comma separated list of patterns to count (eg: 'db0=production_*,db3=sessions:*'), searched for with SCAN") - checkKeysBatchSize = flag.Int64("check-keys-batch-size", getEnvInt64("REDIS_EXPORTER_CHECK_KEYS_BATCH_SIZE", 1000), "Approximate number of keys to process in each execution, larger value speeds up scanning.\nWARNING: Still Redis is a single-threaded app, huge COUNT can affect production environment.") - scriptPath = flag.String("script", getEnv("REDIS_EXPORTER_SCRIPT", ""), "Comma separated list of path(s) to Redis Lua script(s) for gathering extra metrics") - listenAddress = flag.String("web.listen-address", getEnv("REDIS_EXPORTER_WEB_LISTEN_ADDRESS", ":9121"), "Address to listen on for web interface and telemetry.") - metricPath = flag.String("web.telemetry-path", getEnv("REDIS_EXPORTER_WEB_TELEMETRY_PATH", "/metrics"), "Path under which to expose metrics.") - logFormat = flag.String("log-format", getEnv("REDIS_EXPORTER_LOG_FORMAT", "txt"), "Log format, valid options are txt and json") - configCommand = flag.String("config-command", getEnv("REDIS_EXPORTER_CONFIG_COMMAND", "CONFIG"), "What to use for the CONFIG command") - connectionTimeout = flag.String("connection-timeout", getEnv("REDIS_EXPORTER_CONNECTION_TIMEOUT", "15s"), "Timeout for connection to Redis instance") - tlsClientKeyFile = flag.String("tls-client-key-file", getEnv("REDIS_EXPORTER_TLS_CLIENT_KEY_FILE", ""), "Name of the client key file (including full path) if the server requires TLS client authentication") - tlsClientCertFile = flag.String("tls-client-cert-file", getEnv("REDIS_EXPORTER_TLS_CLIENT_CERT_FILE", ""), "Name of the client certificate file (including full path) if the server requires TLS client authentication") - tlsCaCertFile = flag.String("tls-ca-cert-file", getEnv("REDIS_EXPORTER_TLS_CA_CERT_FILE", ""), "Name of the CA certificate file (including full path) if the server requires TLS client authentication") - tlsServerKeyFile = flag.String("tls-server-key-file", getEnv("REDIS_EXPORTER_TLS_SERVER_KEY_FILE", ""), "Name of the server key file (including full path) if the web interface and telemetry should use TLS") - tlsServerCertFile = flag.String("tls-server-cert-file", getEnv("REDIS_EXPORTER_TLS_SERVER_CERT_FILE", ""), "Name of the server certificate file (including full path) if the web interface and telemetry should use TLS") - tlsServerCaCertFile = flag.String("tls-server-ca-cert-file", getEnv("REDIS_EXPORTER_TLS_SERVER_CA_CERT_FILE", ""), "Name of the CA certificate file (including full path) if the web interface and telemetry should require TLS client authentication") - tlsServerMinVersion = flag.String("tls-server-min-version", getEnv("REDIS_EXPORTER_TLS_SERVER_MIN_VERSION", "TLS1.2"), "Minimum TLS version that is acceptable by the web interface and telemetry when using TLS") - maxDistinctKeyGroups = flag.Int64("max-distinct-key-groups", getEnvInt64("REDIS_EXPORTER_MAX_DISTINCT_KEY_GROUPS", 100), "The maximum number of distinct key groups with the most memory utilization to present as distinct metrics per database, the leftover key groups will be aggregated in the 'overflow' bucket") - isDebug = flag.Bool("debug", getEnvBool("REDIS_EXPORTER_DEBUG", false), "Output verbose debug information") - setClientName = flag.Bool("set-client-name", getEnvBool("REDIS_EXPORTER_SET_CLIENT_NAME", true), "Whether to set client name to redis_exporter") - isTile38 = flag.Bool("is-tile38", getEnvBool("REDIS_EXPORTER_IS_TILE38", false), "Whether to scrape Tile38 specific metrics") - isCluster = flag.Bool("is-cluster", getEnvBool("REDIS_EXPORTER_IS_CLUSTER", false), "Whether this is a redis cluster (Enable this if you need to fetch key level data on a Redis Cluster).") - exportClientList = flag.Bool("export-client-list", getEnvBool("REDIS_EXPORTER_EXPORT_CLIENT_LIST", false), "Whether to scrape Client List specific metrics") - exportClientPort = flag.Bool("export-client-port", getEnvBool("REDIS_EXPORTER_EXPORT_CLIENT_PORT", false), "Whether to include the client's port when exporting the client list. Warning: including the port increases the number of metrics generated and will make your Prometheus server take up more memory") - showVersion = flag.Bool("version", false, "Show version information and exit") - redisMetricsOnly = flag.Bool("redis-only-metrics", getEnvBool("REDIS_EXPORTER_REDIS_ONLY_METRICS", false), "Whether to also export go runtime metrics") - pingOnConnect = flag.Bool("ping-on-connect", getEnvBool("REDIS_EXPORTER_PING_ON_CONNECT", false), "Whether to ping the redis instance after connecting") - inclConfigMetrics = flag.Bool("include-config-metrics", getEnvBool("REDIS_EXPORTER_INCL_CONFIG_METRICS", false), "Whether to include all config settings as metrics") - disableExportingKeyValues = flag.Bool("disable-exporting-key-values", getEnvBool("REDIS_EXPORTER_DISABLE_EXPORTING_KEY_VALUES", false), "Whether to disable values of keys stored in redis as labels or not when using check-keys/check-single-key") - redactConfigMetrics = flag.Bool("redact-config-metrics", getEnvBool("REDIS_EXPORTER_REDACT_CONFIG_METRICS", true), "Whether to redact config settings that include potentially sensitive information like passwords") - inclSystemMetrics = flag.Bool("include-system-metrics", getEnvBool("REDIS_EXPORTER_INCL_SYSTEM_METRICS", false), "Whether to include system metrics like e.g. redis_total_system_memory_bytes") - skipTLSVerification = flag.Bool("skip-tls-verification", getEnvBool("REDIS_EXPORTER_SKIP_TLS_VERIFICATION", false), "Whether to to skip TLS verification") + basicAuthUser = flag.String("basic-auth.user", getEnv("BASIC_AUTH_USER", config.BasicAuthUser), "Basic username for accessing Exporter") + basicAuthPwd = flag.String("basic-auth.password", getEnv("BASIC_AUTH_PASSWORD", config.BasicAuthPwd), "Basic password for accessing Exporter") + redisAddr = flag.String("redis.addr", getEnv("REDIS_ADDR", config.RedisAddr), "Address of the Redis instance to scrape") + redisUser = flag.String("redis.user", getEnv("REDIS_USER", config.RedisUser), "User name to use for authentication (Redis ACL for Redis 6.0 and newer)") + redisPwd = flag.String("redis.password", getEnv("REDIS_PASSWORD", config.RedisPwd), "Password of the Redis instance to scrape") + redisPwdFile = flag.String("redis.password-file", getEnv("REDIS_PASSWORD_FILE", config.RedisPwdFile), "Password file of the Redis instance to scrape") + namespace = flag.String("namespace", getEnv("REDIS_EXPORTER_NAMESPACE", config.Namespace), "Namespace for metrics") + checkKeys = flag.String("check-keys", getEnv("REDIS_EXPORTER_CHECK_KEYS", config.CheckKeys), "Comma separated list of key-patterns to export value and length/size, searched for with SCAN") + checkSingleKeys = flag.String("check-single-keys", getEnv("REDIS_EXPORTER_CHECK_SINGLE_KEYS", config.CheckSingleKeys), "Comma separated list of single keys to export value and length/size") + checkKeyGroups = flag.String("check-key-groups", getEnv("REDIS_EXPORTER_CHECK_KEY_GROUPS", config.CheckKeyGroups), "Comma separated list of lua regex for grouping keys") + checkStreams = flag.String("check-streams", getEnv("REDIS_EXPORTER_CHECK_STREAMS", config.CheckStreams), "Comma separated list of stream-patterns to export info about streams, groups and consumers, searched for with SCAN") + checkSingleStreams = flag.String("check-single-streams", getEnv("REDIS_EXPORTER_CHECK_SINGLE_STREAMS", config.CheckSingleStreams), "Comma separated list of single streams to export info about streams, groups and consumers") + countKeys = flag.String("count-keys", getEnv("REDIS_EXPORTER_COUNT_KEYS", config.CountKeys), "Comma separated list of patterns to count (eg: 'db0=production_*,db3=sessions:*'), searched for with SCAN") + checkKeysBatchSize = flag.Int64("check-keys-batch-size", getEnvInt64("REDIS_EXPORTER_CHECK_KEYS_BATCH_SIZE", config.CheckKeysBatchSize), "Approximate number of keys to process in each execution, larger value speeds up scanning.\nWARNING: Still Redis is a single-threaded app, huge COUNT can affect production environment.") + scriptPath = flag.String("script", getEnv("REDIS_EXPORTER_SCRIPT", config.ScriptPath), "Comma separated list of path(s) to Redis Lua script(s) for gathering extra metrics") + listenAddress = flag.String("web.listen-address", getEnv("REDIS_EXPORTER_WEB_LISTEN_ADDRESS", config.ListenAddress), "Address to listen on for web interface and telemetry.") + metricPath = flag.String("web.telemetry-path", getEnv("REDIS_EXPORTER_WEB_TELEMETRY_PATH", config.MetricPath), "Path under which to expose metrics.") + logFormat = flag.String("log-format", getEnv("REDIS_EXPORTER_LOG_FORMAT", config.LogFormat), "Log format, valid options are txt and json") + configCommand = flag.String("config-command", getEnv("REDIS_EXPORTER_CONFIG_COMMAND", config.ConfigCommand), "What to use for the CONFIG command") + connectionTimeout = flag.String("connection-timeout", getEnv("REDIS_EXPORTER_CONNECTION_TIMEOUT", config.ConnectionTimeout), "Timeout for connection to Redis instance") + tlsClientKeyFile = flag.String("tls-client-key-file", getEnv("REDIS_EXPORTER_TLS_CLIENT_KEY_FILE", config.TlsClientKeyFile), "Name of the client key file (including full path) if the server requires TLS client authentication") + tlsClientCertFile = flag.String("tls-client-cert-file", getEnv("REDIS_EXPORTER_TLS_CLIENT_CERT_FILE", config.TlsCaCertFile), "Name of the client certificate file (including full path) if the server requires TLS client authentication") + tlsCaCertFile = flag.String("tls-ca-cert-file", getEnv("REDIS_EXPORTER_TLS_CA_CERT_FILE", config.TlsClientCertFile), "Name of the CA certificate file (including full path) if the server requires TLS client authentication") + tlsServerKeyFile = flag.String("tls-server-key-file", getEnv("REDIS_EXPORTER_TLS_SERVER_KEY_FILE", config.TlsServerKeyFile), "Name of the server key file (including full path) if the web interface and telemetry should use TLS") + tlsServerCertFile = flag.String("tls-server-cert-file", getEnv("REDIS_EXPORTER_TLS_SERVER_CERT_FILE", config.TlsServerCertFile), "Name of the server certificate file (including full path) if the web interface and telemetry should use TLS") + tlsServerCaCertFile = flag.String("tls-server-ca-cert-file", getEnv("REDIS_EXPORTER_TLS_SERVER_CA_CERT_FILE", config.TlsServerCaCertFile), "Name of the CA certificate file (including full path) if the web interface and telemetry should require TLS client authentication") + tlsServerMinVersion = flag.String("tls-server-min-version", getEnv("REDIS_EXPORTER_TLS_SERVER_MIN_VERSION", config.TlsServerMinVersion), "Minimum TLS version that is acceptable by the web interface and telemetry when using TLS") + maxDistinctKeyGroups = flag.Int64("max-distinct-key-groups", getEnvInt64("REDIS_EXPORTER_MAX_DISTINCT_KEY_GROUPS", config.MaxDistinctKeyGroups), "The maximum number of distinct key groups with the most memory utilization to present as distinct metrics per database, the leftover key groups will be aggregated in the 'overflow' bucket") + isDebug = flag.Bool("debug", getEnvBool("REDIS_EXPORTER_DEBUG", config.IsDebug), "Output verbose debug information") + setClientName = flag.Bool("set-client-name", getEnvBool("REDIS_EXPORTER_SET_CLIENT_NAME", config.SetClientName), "Whether to set client name to redis_exporter") + isTile38 = flag.Bool("is-tile38", getEnvBool("REDIS_EXPORTER_IS_TILE38", config.IsTile38), "Whether to scrape Tile38 specific metrics") + isCluster = flag.Bool("is-cluster", getEnvBool("REDIS_EXPORTER_IS_CLUSTER", config.IsCluster), "Whether this is a redis cluster (Enable this if you need to fetch key level data on a Redis Cluster).") + exportClientList = flag.Bool("export-client-list", getEnvBool("REDIS_EXPORTER_EXPORT_CLIENT_LIST", config.ExportClientList), "Whether to scrape Client List specific metrics") + exportClientPort = flag.Bool("export-client-port", getEnvBool("REDIS_EXPORTER_EXPORT_CLIENT_PORT", config.ExportClientPort), "Whether to include the client's port when exporting the client list. Warning: including the port increases the number of metrics generated and will make your Prometheus server take up more memory") + showVersion = flag.Bool("version", getEnvBool("REDIS_EXPORTER_SHOW_VERSION", config.ShowVersion), "Show version information and exit") + redisMetricsOnly = flag.Bool("redis-only-metrics", getEnvBool("REDIS_EXPORTER_REDIS_ONLY_METRICS", config.RedisMetricsOnly), "Whether to also export go runtime metrics") + pingOnConnect = flag.Bool("ping-on-connect", getEnvBool("REDIS_EXPORTER_PING_ON_CONNECT", config.PingOnConnect), "Whether to ping the redis instance after connecting") + inclConfigMetrics = flag.Bool("include-config-metrics", getEnvBool("REDIS_EXPORTER_INCL_CONFIG_METRICS", config.InclConfigMetrics), "Whether to include all config settings as metrics") + disableExportingKeyValues = flag.Bool("disable-exporting-key-values", getEnvBool("REDIS_EXPORTER_DISABLE_EXPORTING_KEY_VALUES", config.DisableExportingKeyValues), "Whether to disable values of keys stored in redis as labels or not when using check-keys/check-single-key") + redactConfigMetrics = flag.Bool("redact-config-metrics", getEnvBool("REDIS_EXPORTER_REDACT_CONFIG_METRICS", config.RedactConfigMetrics), "Whether to redact config settings that include potentially sensitive information like passwords") + inclSystemMetrics = flag.Bool("include-system-metrics", getEnvBool("REDIS_EXPORTER_INCL_SYSTEM_METRICS", config.InclSystemMetrics), "Whether to include system metrics like e.g. redis_total_system_memory_bytes") + skipTLSVerification = flag.Bool("skip-tls-verification", getEnvBool("REDIS_EXPORTER_SKIP_TLS_VERIFICATION", config.SkipTLSVerification), "Whether to to skip TLS verification") ) flag.Parse() @@ -195,6 +263,10 @@ func main() { CommitSha: BuildCommitSha, Date: BuildDate, }, + BasicAuth: exporter.BasicAuth{ + ExporterUser: *basicAuthUser, + ExporterPwd: *basicAuthPwd, + }, }, ) if err != nil {