topic Skyline setup - data flow and certificates? in OpenTelemetry/Skyline

Skyline setup - data flow and certificates?

Albin_Petersson — Fri, 10 Mar 2023 07:50:50 GMT

Helloes.

I am looking into testing prometheus data collection and i'm following sk178566. Now I have a couple of questions. I don't really understand the data flow described and is anyone using this with certificates?

It says that the gateways send their CPview data to a gaia server (collector) and that will forward the data to the prometheus server. Is this the management server then? How do you enable this data flow?

Or is each device it's own collector?

Is anyone using this setup with certificates?

Re: Skyline setup - data flow and certificates?

_Val_ — Fri, 10 Mar 2023 08:38:46 GMT

I believe sk178566 is actually describing this accurately.

All Gaia entities have OpenTelemetry capabilities, and with Skyline, they send OpenTelemetry feeds to the Skyline server. The feeds are received by Prometheus server, which can use TLS & certificates to authenticate with the agents.

The mentioned SK has a section about it, quoting:

To secure Prometheus and Open Telemetry Collector connection using TLS Encryption and Basic authentication:
Show / Hide this section
Prometheus and OpenTelemetry Collector support Transport Layer Security (TLS) encryption for their connection. Refer to these Prometheus instructions. Check Point also requires you to enable basic authentication to make the security bi-directional, Refer to these Prometheus instructions.

TLS configurations have two main components:

A pair of Key + Certificate, used for the encryption of your communication

(Optional) Certificate Authority (CA cert) that you trust, used to verify and trust the certificate of the other endpoint with which you communicate. If the certificate of the other endpoint is unknown to the CA, the communication is dropped.

You can create these certificates:

CA-signed certificates: You create a key and a certificate request, which is then signed by the CA.

Self-signed certificates: You create a key and a certificate signed by the user.

This section described self-signed certificates.

To configure TLS, you must create two pairs of a key and a certificate on the Prometheus server:

Procedure:
Create a self-signed certificate and a private key:

Steps:

Show / Hide this section
Use the newly generated key and certificate to configure TLS on the Prometheus Server in the web-config.yaml configuration file (you may need to create this file).

Example:
tls_server_config:
 key_file: /home/prometheus/certs/prometheus.key
  cert_file: /home/prometheus/certs/prometheus.crt

Also, you can refer to prometheus documentation for details: https://prometheus.io/docs/prometheus/latest/configuration/https

Re: Skyline setup - data flow and certificates?

Albin_Petersson — Fri, 10 Mar 2023 09:43:16 GMT

Hmm, well I didn't put much effort into investingating why the TLS didn't work.

But the first part I still don't understand really...

@_Val_ wrote:
All Gaia entities have OpenTelemetry capabilities, and with Skyline, they send OpenTelemetry feeds to the Skyline server. The feeds are received by Prometheus server, which can use TLS & certificates to authenticate with the agents.

What is a skyline server? I thought skyline was just a name checkpoint stamped on this solution with prometheus+grafana?

Does each gateway/server send the data directly to the prometheus database?

Re: Skyline setup - data flow and certificates?

_Val_ — Fri, 10 Mar 2023 10:04:09 GMT

Skyline server is a machine you install with Prometheus and Graphana, and apply downloadable config files and ready to use dashboards.

For FAQs and troubleshooting, please look into sk179870

Re: Skyline setup - data flow and certificates?

_Val_ — Fri, 10 Mar 2023 10:13:06 GMT

@Albin_Petersson Does each gateway/server send the data directly to the Prometheus database?

Yes, and it is actually explained in the SK 🙂

Re: Skyline setup - data flow and certificates?

Albin_Petersson — Fri, 10 Mar 2023 12:57:11 GMT

OK, then I understand better.