This topic describes how to configure direct scraping for your multi-foundation Healthwatch™ for VMware Tanzu^® (Healthwatch) deployment.

Overview of Direct Scraping

When you configure direct scraping for your multi-foundation Healthwatch deployment, the Prometheus instance in the Healthwatch tile on a monitoring VMware Tanzu^® Operations Manager™ (Ops Manager) foundation scrapes metrics directly from the metric exporter VMs deployed by the Healthwatch Exporter tiles installed on the Ops Manager foundation you monitor.

Direct scraping allows you to easily scrape the metrics you want to monitor from the Healthwatch Exporter tiles on the Ops Manager foundations you monitor. If you want to monitor component metrics and SLIs related to the health of your VMware Tanzu^® Application Service™ (TAS for VMs) or VMware Tanzu^® Kubernetes Grid™ Integrated Edition (TKGI) deployments, and you do not want to monitor metrics for Kubernetes clusters for any TKGI deployments, VMware recommends configuring direct scraping for your multi-foundation Healthwatch deployment.

However, the Prometheus instance in the Healthwatch deployment on your monitoring Ops Manager foundation cannot directly scrape metrics for Kubernetes clusters created through TKGI deployments on other Ops Manager foundations. If you want to also scrape metrics Kubernetes clusters for TKGI deployments on the Ops Manager foundations you monitor, you must monitor your multi-foundation Healthwatch deployment through federation instead. For more information, see Configure Federation for TKGI in Configuring Multi-Foundation Monitoring.

To configure direct scraping for your multi-foundation Healthwatch deployment, you must install the Healthwatch tile on your monitoring Ops Manager foundation and only the Healthwatch Exporter for TAS for VMs tile or Healthwatch Exporter for TKGI tile on the Ops Manager foundations you want to monitor.

Configure Direct Scraping

To configure direct scraping for your multi-foundation Healthwatch deployment:

1. Install and configure the Healthwatch tile on your monitoring Ops Manager foundation. To install and configure the Healthwatch tile, see the following topics:

   • Installing a Tile Manually or Installing, Configuring, and Deploying a Tile Through an Automated Pipeline
   • Configuring Healthwatch

2. Install and configure either Healthwatch Exporter for TAS for VMs or Healthwatch Exporter for TKGI on each Ops Manager foundation you want to monitor. To install and configure a Healthwatch Exporter tile, see the following topics:

   • Installing a Tile Manually or Installing, Configuring, and Deploying a Tile Through an Automated Pipeline
   • Configuring Healthwatch Exporter for TAS for VMs
   • Configuring Healthwatch Exporter for TKGI

3. For each Healthwatch Exporter tile you installed and configured, open the ports for the metric exporter VMs that the Healthwatch Exporter tile deploys in the user console for your IaaS. For more information about the ports you must open for each metric exporter VM, see either Networking Rules for Healthwatch Exporter for TAS for VMs or Networking Rules for Healthwatch Exporter for TKGI in Healthwatch Architecture.

4. Add a scrape job for each Healthwatch Exporter tile in the Prometheus pane of the Healthwatch tile that you installed on your monitoring Ops Manager foundation. To add a scrape job for a Healthwatch Exporter tile:

   1. Retrieve the Ops Manager root certificate authority (CA) for the Ops Manager foundation you want to monitor. For more information, see the Ops Manager documentation.
   2. Navigate to the Ops Manager Installation Dashboard for the Ops Manager foundation you want to monitor.
   3. Click the Healthwatch Exporter for Tanzu Application Service or Healthwatch Exporter for Tanzu Kubernetes Grid - Integrated tile, depending on which Healthwatch Exporter tile you installed on the Ops Manager foundation you want to monitor.
   4. Select the Credentials tab.
   5. In the row for Healthwatch Exporter Client Mtls, click Link to Credential.
   6. Record the credentials for Healthwatch Exporter Client Mtls.
   7. In a browser window, navigate to the user console for your Ops Manager deployment’s IaaS.
   8. In the user console for your IaaS, record the public IP addresses of the metric exporter VMs deployed by the Healthwatch Exporter tile you installed on the Ops Manager foundation you want to monitor, depending on which metrics you want to monitor for that foundation:
      • For Healthwatch Exporter for TAS for VMs, record the public IP addresses of any or all of the following metric exporter VMs:
        • pas-exporter-counter, the counter metric exporter VM
        • pas-exporter-gauge, the gauge metric exporter VM
        • pas-sli-exporter, the TAS for VMs SLI exporter VM
        • cert-expiration-exporter, the certificate expiration metric exporter VM
        • bosh-health-exporter, the BOSH health metric exporter VM
        • bosh-deployments-exporter, the BOSH deployment metric exporter VM
      • For Healthwatch Exporter for TKGI, record the public IP addresses of any or all of the following metric exporter VMs:
        • pks-exporter, the TKGI metric exporter VM
        • cert-expiration-exporter, the certificate expiration metric exporter VM
        • pks-sli-exporter, the TKGI SLI exporter VM
        • bosh-health-exporter, the BOSH health metric exporter VM
        • bosh-deployments-exporter, the BOSH deployment metric exporter VM

          Note: Storing all metrics from multiple Ops Manager foundations in a single Prometheus instance on your monitoring Ops Manager foundation negatively affects the performance of that Prometheus instance. If you want to monitor a large number of Ops Manager foundations, or if some of the foundations you want to monitor have particularly large TAS for VMs or TKGI deployments, VMware recommends configuring the Prometheus instance in the Healthwatch deployment on your monitoring foundation to scrape only from the metric exporter VMs that you need to monitor the most. For more information about the metrics that each metric exporter VM collects, see Healthwatch Metrics.

          To find the public IP addresses of deployed VMs in the user console for your IaaS, see the documentation for your IaaS:
      • AWS: To find the public IP address of a Linux instance, see the AWS documentation for Linux instances of Amazon EC2. To find the public IP address for a Windows instance, see the AWS documentation for Windows instances of Amazon EC2.
      • Azure: To create or view the public IP address for an Azure VM, see the Azure documentation.
      • GCP: To find the public IP address for a GCP VM, see the GCP documentation.
      • OpenStack: To associate a floating IP address to an OpenStack VM, see the OpenStack documentation.
      • vSphere: To find the public IP address of a vSphere VM, see the vSphere documentation.

        Note: VMs deployed on one Ops Manager foundation typically cannot send or receive traffic from other Ops Manager foundations using their public IP addresses by default. You must configure the firewall for your IaaS to allow ingress traffic to port 9090 on your monitoring Ops Manager foundation.

   9. Navigate to the Ops Manager Installation Dashboard for your monitoring Ops Manager foundation.
   10. Click the Healthwatch tile.
   11. Select Prometheus.
   12. Under Additional scrape jobs, click Add.

   13. For Scrape job configuration parameters, provide configuration parameters in YAML format for the scrape job for the Healthwatch Exporter tile you installed on the Ops Manager foundation you want to monitor:

       • For Healthwatch Exporter for TAS for VMs, provide configuration parameters similar to the following example:

         job_name: FOUNDATION-NAME
         metrics_path: /metrics
         scheme: https
         static_configs:
         - targets:
           - "COUNTER-EXPORTER-VM-IP-ADDRESS:9090"
           - "GAUGE-EXPORTER-VM-IP-ADDRESS:9090"
           - "SLI-EXPORTER-VM-IP-ADDRESS:9090"
           - "CERT-EXPIRATION-EXPORTER-VM-IP-ADDRESS:9090"
           - "BOSH-HEALTH-EXPORTER-VM-IP-ADDRESS:9090"
           - "BOSH-DEPLOYMENTS-EXPORTER-VM-IP-ADDRESS:9090"
         

         Where:

         • FOUNDATION-NAME is the name of the Ops Manager foundation you want to monitor.
         • (Optional) COUNTER-EXPORTER-VM-IP-ADDRESS is the IP address of the counter metric exporter VM that you recorded in a previous step.
         • (Optional) GAUGE-EXPORTER-VM-IP-ADDRESS is the IP address of the gauge metric exporter VM that you recorded in a previous step.
         • (Optional) SLI-EXPORTER-VM-IP-ADDRESS is the IP address of the TAS for VMs SLI exporter VM that you recorded in a previous step.
         • (Optional) CERT-EXPIRATION-EXPORTER-VM-IP-ADDRESS is the IP address of the certificate expiration exporter VM that you recorded in a previous step.
         • (Optional) BOSH-HEALTH-EXPORTER-VM-IP-ADDRESS is the IP address of the BOSH health metric exporter VM that you recorded in a previous step.
         • (Optional) BOSH-DEPLOYMENTS-EXPORTER-VM-IP-ADDRESS is the IP address of the BOSH deployment metric exporter VM that you recorded in a previous step.

       • For Healthwatch Exporter for TKGI, provide configuration parameters similar to the following example:

         job_name: FOUNDATION-NAME
         metrics_path: /metrics
         scheme: https
         static_configs:
         - targets:
           - "TKGI-EXPORTER-VM-IP-ADDRESS:9090"
           - "CERT-EXPIRATION-EXPORTER-VM-IP-ADDRESS:9090"
           - "SLI-EXPORTER-VM-IP-ADDRESS:9090"
           - "BOSH-HEALTH-EXPORTER-VM-IP-ADDRESS:9090"
           - "BOSH-DEPLOYMENTS-EXPORTER-VM-IP-ADDRESS:9090"
         

         Where:

         • FOUNDATION-NAME is the name of the Ops Manager foundation you want to monitor.
         • (Optional) TKGI-EXPORTER-VM-IP-ADDRESS is the IP address of the TKGI metric exporter VM that you recorded in a previous step.
         • (Optional) CERT-EXPIRATION-EXPORTER-VM-IP-ADDRESS is the IP address of the certificate expiration exporter VM that you recorded in a previous step.
         • (Optional) SLI-EXPORTER-VM-IP-ADDRESS is the IP address of the TKGI SLI exporter VM that you recorded in a previous step.
         • (Optional) BOSH-HEALTH-EXPORTER-VM-IP-ADDRESS is the IP address of the BOSH health metric exporter VM that you recorded in a previous step.
         • (Optional) BOSH-DEPLOYMENTS-EXPORTER-VM-IP-ADDRESS is the IP address of the BOSH deployment metric exporter VM that you recorded in a previous step.

   14. For Certificate and private key for TLS, enter the certificate and private key from Healthwatch Exporter Client Mtls that you recorded from the Credentials tab in the Healthwatch Exporter for TAS for VMs tile in a previous step.

   15. For CA certificate for TLS, enter the Ops Manager root CA that you retrieved in a previous step.
   16. For Target server name, enter the custom hostname resolver to use when verifying the TLS certificates. Enter the name of the server that facilitates TLS communication between the Prometheus instance in the Healthwatch tile and the metric exporter VMs that the Healthwatch Exporter tile deploys. If the CN or SAN on the TLS certificate does not match the URL or IP of the target server, enter what is on the TLS certificate.