Configuration File Reference Guide

Page last updated:

This topic describes the Healthwatch for VMware Tanzu component configuration file properties that you configure through the Healthwatch tile.

Overview of Configuration Files in Healthwatch

The Prometheus, Alertmanager, and Grafana instances rely on configuration files. These configuration files contain lists of properties that define their configuration settings. When you configure certain options in the Healthwatch tile, those options configure their corresponding properties in the configuration files for those Healthwatch components.

Through the Healthwatch tile, you configure properties in the configuration files through the following panes:

Configuring the Prometheus Configuration File

You configure sections of the Prometheus configuration file through the following panes in the Healthwatch tile:

  • Prometheus. For more information, see Prometheus below.

  • Remote Write. For more information, see Remote Write below.

Prometheus

The following table lists which configuration options in the Prometheus pane in the Healthwatch tile configure properties in the Prometheus configuration file:

Healthwatch configuration option Configuration file property Configuration file section
Scrape interval scrape_interval scrape_config
Scrape job configuration parameters See Configure Prometheus in Configuring Healthwatch and the Prometheus documentation. scrape_config
Certificate and private key for TLS cert_file, key_file scrape_config - tls_config
CA certificate for TLS ca_file scrape_config - tls_config
Target server name server_name scrape_config - tls_config
Skip TLS certificate verification insecure_skip_verify scrape_config - tls_config

For more information about configuring these properties, see Configure Prometheus in Configuring Healthwatch and the Prometheus documentation.

Remote Write

The following table lists which configuration options in the Remote Write pane in the Healthwatch tile configure properties in the Prometheus configuration file:

Healthwatch configuration option Configuration file property Configuration file section
Remote storage URL url remote_write
Remote timeout remote_timeout remote_write
Remote storage username username remote_write - basic_auth
Remote storage password password remote_write - basic_auth
Certificate and private key for TLS cert_file, key_file remote_write - tls_config
CA certificate for TLS ca_file remote_write - tls_config
Remote storage server name server_name remote_write - tls_config
Skip TLS certificate verification insecure_skip_verify remote_write - tls_config
Proxy URL proxy_url remote_write
Queue capacity capacity remote_write - queue_config
Minimum shards per queue min_shards remote_write - queue_config
Maximum shards per queue max_shards remote_write - queue_config
Maximum samples per send max_samples_per_send remote_write - queue_config
Maximum batch wait time batch_send_deadline remote_write - queue_config
Minimum backoff time min_backoff remote_write - queue_config
Maximum backoff time max_backoff remote_write - queue_config

For more information about configuring these properties, see Configure Remote Write in Configuring Healthwatch and the Prometheus documentation.

Configuring the Alertmanager Configuration File

The following table lists which configuration options in the Alertmanager pane in the Healthwatch tile configure properties in the Alertmanager configuration file:

Healthwatch configuration option Configuration file property Configuration file section
Routing rules See Configure Alerting in Configuring Alerting and the Prometheus documentation. route
Inhibit rules See Configure Alerting in Configuring Alerting and the Prometheus documentation. inhibit_rules
Email alert receivers
Alert receiver name name receivers
Alert receiver configuration parameters See Configure an Email Alert Receiver in Configuring Alerting and the Prometheus documentation. receivers - email_configs
SMTP server authentication password auth_password receivers - email_configs
SMTP server authentication secret auth_secret receivers - email_configs
Certificate and private key for TLS cert_file, key_file receivers - email_configs - tls_config
CA certificate for TLS ca_file receivers - email_configs - tls_config
SMTP server name server_name receivers - email_configs - tls_config
Skip TLS certificate verification insecure_skip_verify receivers - email_configs - tls_config
PagerDuty alert receivers
Alert receiver name name receivers
Alert receiver configuration parameters See Configure a PagerDuty Alert Receiver in Configuring Alerting and the Prometheus documentation. receivers - pagerduty_configs
Routing key routing_key receivers - pagerduty_configs
Service key service_key receivers - pagerduty_configs
Basic authentication credentials username, password receivers - pagerduty_configs - http_config - basic_auth
Bearer token credentials receivers - pagerduty_configs - http_config - authorization
Certificate and private key for TLS cert_file, key_file receivers - pagerduty_configs - http_config - tls_config
CA certificate for TLS ca_file receivers - pagerduty_configs - http_config - tls_config
PagerDuty server name server_name receivers - pagerduty_configs - http_config - tls_config
Skip TLS certificate verification insecure_skip_verify receivers - pagerduty_configs - http_config - tls_config
Slack alert receivers
Alert receiver name name receivers
Alert receiver configuration parameters See Configure a Slack Alert Receiver in Configuring Alerting and the Prometheus documentation. receivers - slack_configs
Slack API URL api_url receivers - slack_configs
Basic authentication credentials username, password receivers - slack_configs - http_config - basic_auth
Bearer token credentials receivers - slack_configs - http_config - authorization
Certificate and private key for TLS cert_file, key_file receivers - slack_configs - http_config - tls_config
CA certificate for TLS ca_file receivers - slack_configs - http_config - tls_config
Slack server name server_name receivers - slack_configs - http_config - tls_config
Skip TLS certificate verification insecure_skip_verify receivers - slack_configs - http_config - tls_config
Webhook alert receivers
Alert receiver name name receivers
Alert receiver configuration parameters See Configure a Webhook Alert Receiver in Configuring Alerting and the Prometheus documentation. receivers - webhook_configs
Basic authentication credentials username, password receivers - webhook_configs - http_config - basic_auth
Bearer token credentials receivers - webhook_configs - http_config - authorization
Certificate and private key for TLS cert_file, key_file receivers - webhook_configs - http_config - tls_config
CA certificate for TLS ca_file receivers - webhook_configs - http_config - tls_config
Webhook server name server_name receivers - webhook_configs - http_config - tls_config
Skip TLS certificate verification insecure_skip_verify receivers - webhook_configs - http_config - tls_config

For more information about configuring these properties, see Configuring Alerting and the Prometheus documentation.

Configuring the Grafana Configuration File

You configure sections of the Grafana configuration file through the following panes in the Healthwatch tile:

Grafana

The following table lists which configuration options in the Grafana pane in the Healthwatch tile configure properties in the Grafana configuration file:

Healthwatch configuration option Configuration file property Configuration file section
Grafana UI route
Grafana root URL root_url [server]
Email alerts
Configure / Do not configure enabled [smtp]
SMTP server host name host [smtp]
SMTP server port port [smtp]
SMTP server username user [smtp]
SMTP server password password [smtp]
Skip TLS certificate verification skip_verify [smtp]
From address from_address [smtp]
From name from_name [smtp]
EHLO client ID ehlo_identity [smtp]
Certificate and private key for TLS cert_file, key_file [smtp]

For more information about configuring these properties, see Configure Grafana in Configuring Healthwatch and the Grafana documentation.

Grafana Authentication

The following table lists which configuration options in the Grafana Authentication pane in the Healthwatch tile configure properties in the Grafana configuration file:

* Healthwatch automatically configures the fields in this section when you select UAA under Additional authentication methods in the Grafana Authentication pane of the Healthwatch tile.

For more information about configuring these properties, see Configuring Grafana Authentication and the Grafana documentation.

Healthwatch configuration option Configuration file property Configuration file section
Basic authentication
Basic authentication enabled [auth.basic]
Generic OAuth
Provider name name [auth.generic_oauth]
Client ID client_id [auth.generic_oauth]
Client secret client_secret [auth.generic_oauth]
Scopes scopes [auth.generic_oauth]
Authorization URL auth_url [auth.generic_oauth]
Token URL token_url [auth.generic_oauth]
API URL api_url [auth.generic_oauth]
Email attribute email_attribute_name [auth.generic_oauth]
Grafana domain domain [server]
Allow new accounts with existing OAuth credentials allow_sign_up [auth.generic_oauth]
Allowed domains allowed_domains [auth.generic_oauth]
Allowed teams teams_ids [auth.generic_oauth]
Allowed organizations allowed_organization [auth.generic_oauth]
Allowed groups allowed_group [auth.generic_oauth]
Role attribute path role_attribute_path [auth.generic_oauth]
Deny access to users without Grafana roles role_attribute_strict [auth.generic_oauth]
Certificate and private key for TLS tls_client_cert, tls_client_key [auth.generic_oauth]
CA certificate for TLS tls_client_ca [auth.generic_oauth]
Skip TLS certificate verification tls_skip_verify_insecure [auth.generic_oauth]
UAA*
Client ID client_id [auth.generic_oauth]
Client secret client_secret [auth.generic_oauth]
UAA server root URL auth_url, token_url [auth.generic_oauth]
CA certificate for TLS tls_client_ca [auth.generic_oauth]
Skip TLS certificate verification tls_skip_verify_insecure [auth.generic_oauth]
LDAP
Host address host [auth.ldap]
Port port [auth.ldap]
Allow new accounts with existing LDAP credentials allow_sign_up [auth.ldap]
Use SSL use_ssl [auth.ldap]
Use STARTTLS start_tls [auth.ldap]
Skip TLS certificate verification tls_skip_verify_insecure [auth.ldap]
Bind DN bind_dn [auth.ldap]
Bind password bind_password [auth.ldap]
User search filter search_filter [auth.ldap]
Search base DNs search_base_dns [auth.ldap]
Group search filter group_search_filter [auth.ldap]
Group search base DNs group_search_base_dns [auth.ldap]
Group search filter user attribute group_search_filter_user_attribute [auth.ldap]
Server attributes [servers.attributes] [auth.ldap]
Server group mappings [[servers.group_mappings]] [auth.ldap]
Certificate and private key for TLS client_cert, client_key [auth.ldap]
CA certificate for TLS root_ca_cert [auth.ldap]