Support tls_config section for OpenStack SD

[fedya]

Bug Report

What did you do?
Tryint to collect openstack data with self-signed cert
and i got
could not create OpenStack session: Post https://123.123.123.123:5000/v3/auth/tokens: x509: certificate signed by unknown authority"

Environment
centos7

• System information:

  Linux 4.17.11-desktop-1omv x86_64

• Prometheus version:

  prometheus, version 2.3.2

• Alertmanager version:

  alertmanager, version 0.15.1

• Prometheus configuration file:

global:
  scrape_interval:     1m
  evaluation_interval: 1m

rule_files:
- /var/lib/prometheus/rules/*.rules
- /var/lib/prometheus/alerts/*.rules

alerting:
  alertmanagers:
  - static_configs:
    - targets:
      - localhost:9093

- job_name: 'openstack'
  openstack_sd_configs:
    - identity_endpoint: https://123.123.123.123:5000/v3
      username: user
      project_name: admin
      region: RegionOne
      domain_name: Default
      password: 123
      role: instance

• Logs:

level=info ts=2018-08-23T00:20:47.655770615Z caller=main.go:629 msg="Completed loading of configuration file" filename=/etc/prometheus/prometheus.yml
level=info ts=2018-08-23T00:20:47.655799027Z caller=main.go:502 msg="Server is ready to receive web requests."
level=error ts=2018-08-23T00:20:47.662639049Z caller=instance.go:70 component="discovery manager scrape" discovery=openstack msg="Unable to refresh target groups" err="could not create OpenStack session: Post https://123.123.123.123:5000/v3/auth/tokens: x509: certificate signed by unknown authority"
level=error ts=2018-08-23T00:21:47.663941813Z caller=instance.go:87 component="discovery manager scrape" discovery=openstack msg="Unable to refresh target groups" err="could not create OpenStack session: Post https://123.123.123.123:5000/v3/auth/tokens: x509: certificate signed by unknown authority"```

[simonpasquier]

What you're looking for is a tls_config section that doesn't exist (yet) for the OpenStack SD. I've rephrased the description accordingly.

IIUC it is somehow possible to override the default HTTP client used by gophercloud (see gophercloud/gophercloud#311)

[fedya]

Patch working fine.
Now i need some user guide, hot to connect prometheus and openstack.
At this moment i got

[simonpasquier]

This means that either your endpoint takes too much time to reply or there's some firewall/security group blocking the traffic. What if you do a curl to this URL from the Prometheus server.

[fedya]

@simonpasquier
curl http://192.168.1.12:80/metrics
same, just timeout

# nova list
| 27c4a34d-929b-4f53-8f16-7974542ff0da | Vm1  | ACTIVE | -          | Running     | TestP1=192.168.1.12 |

it is internal ip of virtual machine
there is no 80 port available and it is okay.

My config:

- job_name: 'openstack'
  openstack_sd_configs:
    - identity_endpoint: https://10.37.130.103:5000/v3
      username: user
      project_name: admin
      domain_name: Default
      region: RegionOne
      password: pass
      role: instance
      tls_config:
        insecure_skip_verify: true