Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Albin_Petersson
Contributor
Jump to solution

Skyline setup - data flow and certificates?

Helloes.

 

I am looking into testing prometheus data collection and i'm following sk178566. Now I have a couple of questions. I don't really understand the data flow described and is anyone using this with certificates?

It says that the gateways send their CPview data to a gaia server (collector) and that will forward the data  to the prometheus server. Is this the management server then? How do you enable this data flow?

Or is each device it's own collector?

 

 

Is anyone using this setup with certificates?

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin

@Albin_Petersson Does each gateway/server send the data directly to the Prometheus database?

Yes, and it is actually explained in the SK 🙂

View solution in original post

0 Kudos
5 Replies
_Val_
Admin
Admin

I believe sk178566 is actually describing this accurately.

All Gaia entities have OpenTelemetry capabilities, and with Skyline, they send OpenTelemetry feeds to the Skyline server.  The feeds are received by Prometheus server, which can use TLS & certificates to authenticate with the agents. 

The mentioned SK has a section about it, quoting:

To secure Prometheus and Open Telemetry Collector connection using TLS Encryption and Basic authentication:

Show / Hide this section

Prometheus and OpenTelemetry Collector support Transport Layer Security (TLS) encryption for their connection. Refer to these Prometheus instructions. Check Point also requires you to enable basic authentication to make the security bi-directional, Refer to these Prometheus instructions.

TLS configurations have two main components:

  • A pair of Key + Certificate, used for the encryption of your communication
  • (Optional) Certificate Authority (CA cert) that you trust, used to verify and trust the certificate of the other endpoint with which you communicate. If the certificate of the other endpoint is unknown to the CA, the communication is dropped.

You can create these certificates:

  • CA-signed certificates: You create a key and a certificate request, which is then signed by the CA.
  • Self-signed certificates: You create a key and a certificate signed by the user.

This section described self-signed certificates.

To configure TLS, you must create two pairs of a key and a certificate on the Prometheus server:

Procedure:

  1. Create a self-signed certificate and a private key:

    Steps:

  2. Use the newly generated key and certificate to configure TLS on the Prometheus Server in the web-config.yaml configuration file (you may need to create this file).

    Example:

    tls_server_config:
     key_file: /home/prometheus/certs/prometheus.key
      cert_file: /home/prometheus/certs/prometheus.crt
    

Also, you can refer to prometheus documentation for details: https://prometheus.io/docs/prometheus/latest/configuration/https

0 Kudos
Albin_Petersson
Contributor

Hmm, well I didn't put much effort into investingating why the TLS didn't work.

 

But the first part I still don't understand really...


@_Val_ wrote:

All Gaia entities have OpenTelemetry capabilities, and with Skyline, they send OpenTelemetry feeds to the Skyline server.  The feeds are received by Prometheus server, which can use TLS & certificates to authenticate with the agents. 


What is a skyline server? I thought skyline was just a name checkpoint stamped on this solution with prometheus+grafana?

Does each gateway/server send the data directly to the prometheus database?

0 Kudos
_Val_
Admin
Admin

Skyline server is a machine you install with Prometheus and Graphana, and apply downloadable config files and ready to use dashboards. 

For FAQs and troubleshooting, please look into sk179870

0 Kudos
_Val_
Admin
Admin

@Albin_Petersson Does each gateway/server send the data directly to the Prometheus database?

Yes, and it is actually explained in the SK 🙂

0 Kudos
Albin_Petersson
Contributor

OK, then I understand better.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events