[tor-bugs] #30023 [Internal Services/Tor Sysadmin Team]: improve grafana authentication

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 22 18:22:46 UTC 2019 

#30023: improve grafana authentication
-------------------------------------------------+---------------------
 Reporter:  anarcat                              |          Owner:  tpa
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------

Comment (by cohosh):

 Replying to [comment:5 anarcat]:
 > i am not familiar with configuring prometheus to fetch metrics from
 proxy. if I understand you correctly, there's a `proxy_url` setting that
 can be added to do that? I cannot confirm that, in any case.
 >
 > but sure, that could be possible. i am not sure how that relates to this
 ticket, however, which is specifically about Grafana authentication, not
 really about how Prometheus talks with its exporters, for which there is
 no ticket right now - I thought we had resolved that by selecting only a
 subset of metrics, but I haven't followed the entire conversation in
 #29863. What I saw on IRC was specifically that question:
 >
 > >  In IRC it also sounded like there was little-to-no authentication on
 the server that displays these metrics after scraping. Is that the case?
 >
 > So I thought we were talking about the "server that displays the
 metrics", ie. Grafana (or the Prometheus frontend), which is why I pointed
 you here.
 >
 > But yes, we have a similar problem with the exporters: in theory,
 someone could do IP spoofing and bypass those firewalls to scrape the
 metrics off. In practice, those stunts are actually quite hard to pull
 because you need to do pretty hardcore stuff like BGP hijacking, because
 of TCP negociations (at least, as far as I understand it, correct me if
 I'm wrong). But I'm not sure the prize (metrics) would be worth the
 trouble (upsetting the internet's routing table).
 >
 Ah, you're right. I was conflating these two separate issues. We can leave
 this ticket for the grafana access issue only.
 > As for the specific solution proposed here, I'd be tempted to simply add
 HTTPS and username/password authentication, as it's something I understand
 better and it doesn't require the Tor network to be operational. I always
 feel a little ackward using Tor to monitor internal infrastructure - I'm
 all for eating our own dogfood, but when it comes to monitoring, I feel a
 little less comfortable and prefer redundancy. ;)
 >
 > That said, the idea of setting up a secondary server would be that other
 kind of tricks could be tried by other teams, so I don't want to be
 blocking nice initiatives like this. This is just my grain of salt which I
 hope will be useful!
 Okay, HTTPS + a stronger password to access the graphs sounds fine to me
 right now. I think especially with our current policy of only exporting a
 small amount of metrics we don't have much to risk at the moment.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30023#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list