Prometheus exporter written in Python, to export SAP HANA database metrics. The project is based in the official prometheus exporter: prometheus_client.
The exporter is able to export the metrics from more than 1 database/tenant if the multi_tenant
option is enabled in the configuration file (enabled by default).
The labels sid
(system identifier), insnr
(instance number), database_name
(database name) and host
(machine hostname) will be exported for all the metrics.
-
A running and reachable SAP HANA database (single or multi container). Running the exporter in the same machine where the HANA database is running is recommended. Ideally each database should be monitored by one exporter.
-
A SAP HANA Connector, for that, you have two options:
The installation of the connector is covered in the Installation section.
- Some metrics are collected on the HANA monitoring views by the SAP Host agent. Make sure to have it installed and running to have access to all the monitoring metrics.
The exporter uses an additional file to know the metrics that are going to be exported. Here more information about the metrics file.
The project can be installed in many ways, including but not limited to:
On openSUSE or SUSE Linux Enterprise use zypper
package manager:
zypper install prometheus-hanadb_exporter
Find the latest development repositories at SUSE's Open Build Service.
The exporter is developed to be used with Python3.
The usage of a virtual environment is recommended.
git clone https://github.com/SUSE/hanadb_exporter
cd hanadb_exporter # project root folder
virtualenv virt
source virt/bin/activate
# uncomment one of the next two options (to use hdbcli, you will need to have the HANA client folder where this python package is available)
# pip install pyhdb
# pip install path-to-hdbcli-N.N.N.tar.gaz
pip install .
# pip install -e . # To install in development mode
# deactivate # to exit from the virtualenv
If you prefer, you can install the PyHDB SAP HANA connector as a RPM package doing (example for Tumbleweed, but available for other versions):
# All the commands must be executed as root user
zypper addrepo https://download.opensuse.org/repositories/network:/ha-clustering:/sap-deployments:/devel/openSUSE_Tumbleweed/network:ha-clustering:sap-deployments:devel.repo
zypper ref
zypper in python3-PyHDB
Create the config.json
configuration file.
An example of config.json
available in config.json.example. Here the most
important items in the configuration file:
listen_address
: Address where the prometheus exporter will be exposed (0.0.0.0 by default).exposition_port
: Port where the prometheus exporter will be exposed (9968 by default).multi_tenant
: Export the metrics from other tenants. To use this the connection must be done with the System Database (port 30013).timeout
: Timeout to connect to the database. After this time the app will fail (even in daemon mode).hana.host
: Address of the SAP HANA database.hana.port
: Port where the SAP HANA database is exposed.hana.userkey
: Stored user key. This is the secure option if you don't want to have the password in the configuration file. Theuserkey
anduser/password
are self exclusive being the first the default if both options are set.hana.user
: An existing user with access right to the SAP HANA database.hana.password
: Password of an existing user.hana.ssl
: Enable SSL connection (False by default). Only available fordbapi
connectorhana.ssl_validate_cert
: Enable SSL certification validation. This field is required by HANA cloud. Only available fordbapi
connectorhana.aws_secret_name
: The secret name containing the username and password. This is a secure option to use AWS secrets manager if SAP HANA database is stored on AWS.aws_secret_name
anduser/password
are self exclusive,aws_secret_name
is the default if both options are set.logging.config_file
: Python logging system configuration file (by default WARN and ERROR level messages will be sent to the syslog)logging.log_file
: Logging file (/var/log/hanadb_exporter.log by default)
The logging configuration file follows the python standard logging system style: Python logging.
Using the default configuration file, it will redirect the logs to the file assigned in the json configuration file and to the syslog (only logging level up to WARNING).
This is the recommended option if we want to keep the database secure (for development environments the user/password
with SYSTEM
user can be used as it's faster to setup).
To use the userkey
option the dbapi
must be installed (usually stored in /hana/shared/PRD/hdbclient/hdbcli-N.N.N.tar.gz
and installable with pip3).
It cannot be used from other different client (the key is stored in the client itself). This will raise the hdbcli.dbapi.Error: (-10104, 'Invalid value for KEY')
error.
For that a new stored user key must be created with the user that is running python. For that (please, notice that the hdbclient
is the same as the dbapi
python package):
/hana/shared/PRD/hdbclient/hdbuserstore set yourkey host:30013@SYSTEMDB hanadb_exporter pass
If SAP HANA database is stored on AWS EC2 instance, this is a secure option to store the user/password
without having them in the configuration file.
To use this option:
- Create a secret in key/value pairs format, specify Key
username
and then for Value enter the database user. Add a second Keypassword
and then for Value enter the password. For the secret name, enter a name for your secret, and pass that name in the configuration file as a value foraws_secret_name
item. Secret json example:
{
"username": "database_user",
"password": "database_password"
}
- Allow read-only access from EC2 IAM role to the secret by attaching a resource-based policy to the secret. Policy Example:
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect": "Allow",
"Principal": {"AWS": "arn:aws:iam::123456789012:role/EC2RoleToAccessSecrets"},
"Action": "secretsmanager:GetSecretValue",
"Resource": "*",
}
]
}
Some tips:
- Set
SYSTEMDB
as default database, this way the exporter will know where to get the tenants data. - Don't use the stored user key created for the backup as this is created using the sidadm user.
- The usage of a user with access only to the monitoring tables is recommended instead of using SYSTEM user.
- If a user with monitoring role is used the user must exist in all the databases (SYSTEMDB+tenants).
Run the next commands to create a user with moniroting roles (the commands must be executed in all the databases):
su - prdadm
hdbsql -u SYSTEM -p pass -d SYSTEMDB #(PRD for the tenant in this example)
CREATE USER HANADB_EXPORTER_USER PASSWORD MyExporterPassword NO FORCE_FIRST_PASSWORD_CHANGE;
CREATE ROLE HANADB_EXPORTER_ROLE;
GRANT MONITORING TO HANADB_EXPORTER_ROLE;
GRANT HANADB_EXPORTER_ROLE TO HANADB_EXPORTER_USER;
Start the exporter by running the following command:
hanadb_exporter -c config.json -m metrics.json
# Or
python3 hanadb_exporter/main.py -c config.json -m metrics.json
If a config.json
configuration file is stored in /etc/hanadb_exporter
the exporter can be started with the next command too:
hanadb_exporter --identifier config # Notice that the identifier matches with the config file without extension
The hanadb_exporter can be executed using systemd
. For that, the best option is to install the project using the rpm package as described in Installation.
After that we need to create the configuration file as /etc/hanadb_exporter/my-exporter.json
(the name of the file is relevant as we will use it to start the daemon).
The config.json.example can be used as example (the example file is stored in /usr/etc/hanadb_exporter
folder too).
The default metrics file is stored in /usr/etc/hanadb_exporter/metrics.json
. If a new metrics.json
is stored in /etc/hanadb_exporter
this will be used.
The logging configuration file can be updated as well to customize changing the new configuration file logging.config_file
entry (default one available in /usr/etc/hanadb_exporter/logging_config.ini
).
Now, the exporter can be started as a daemon. As we can have multiple hanadb_exporter
instances running in one machine, the service is created using a template file, so an extra information must be given to systemd
(this is done adding the @
keyword after the service name together with the name of the configuration file created previously in /etc/hanadb_exporter/{name}.json
):
# All the command must be executed as root user
systemctl start prometheus-hanadb_exporter@my-exporter
# Check the status with
systemctl status prometheus-hanadb_exporter@my-exporter
# Enable the exporter to be started at boot time
systemctl enable prometheus-hanadb_exporter@my-exporter
See the LICENSE file for license rights and limitations.
- Kristoffer Gronlund ([email protected])
- Xabier Arbulu Insausti ([email protected])
- Ayoub Belarbi ([email protected])
- Diego Akechi ([email protected])
Pull request preferred reviewers for this project:
- Kristoffer Gronlund ([email protected])
- Xabier Arbulu Insausti ([email protected])
- Ayoub Belarbi ([email protected])
https://prometheus.io/docs/instrumenting/writing_exporters/
https://prometheus.io/docs/practices/naming/
http://sap.optimieren.de/hana/hana/html/sys_statistics_views.html