uyuni-project · keichwa · Mar 3, 2025 · Mar 5, 2025
diff --git a/modules/administration/pages/monitoring.adoc b/modules/administration/pages/monitoring.adoc
@@ -97,9 +97,9 @@ The Prometheus software is also available for {productname} Proxy and {productna
 
 [IMPORTANT]
 ====
-* To access a shell inside the Server container run [literal]``mgrctl term`` on the container host.
+* To access a shell inside the {productname} Server container run [literal]``mgrctl term`` on the container host, or to execute one command run [literal]``mgrctl exec <options> -- <command>``.
 
-* To copy files from inside the container use [literal]``mgrctl cp``.
+* To copy files from inside the container to the container host use [literal]``mgrctl cp``.
 ====
 
 [NOTE]
@@ -126,20 +126,31 @@ For more information about the monitoring formulas, see xref:specialized-guides:
 
 .Procedure: Manually Installing and Configuring Prometheus
 . On the monitoring server, install the [package]``golang-github-prometheus-prometheus`` package:
+
 +
+
+[source,shell]
 ----
 zypper in golang-github-prometheus-prometheus
 ----
+
 . Enable the Prometheus service:
+
 +
+
+[source,shell]
 ----
 systemctl enable --now prometheus
 ----
+
 . Check that the Prometheus interface loads correctly.
-    In your browser, navigate to the URL of the server where Prometheus is installed, on port 9090 (for example, [literal]``http://example.com:9090``).
+  In your browser, navigate to the URL of the server where Prometheus is installed, on port 9090 (for example, [literal]``http://example.com:9090``).
+
 . Open the configuration file at [path]``/etc/prometheus/prometheus.yml`` and add this configuration information.
-    Replace `server.url` with your {productname} server URL and adjust `username` and `password` fields to match your {productname} credentials.
+  Replace `server.url` with your {productname} server URL and adjust `username` and `password` fields to match your {productname} credentials.
+
 +
+
 ----
 # {productname} self-health metrics
 scrape_configs:
@@ -188,9 +199,14 @@ scrape_configs:
    - source_labels: [__meta_uyuni_scheme]
      target_label: __scheme__
 ----
+
 . Save the configuration file.
+
 . Restart the Prometheus service:
+
 +
+
+[source,shell]
 ----
 systemctl restart prometheus
 ----
@@ -230,15 +246,23 @@ You can choose which dashboards to provision in the formula configuration page.
 .Procedure: Manually Installing Grafana
 
 . Install the [package]``grafana`` package:
+
 +
+
+[source,shell]
 ----
 zypper in grafana
 ----
+
 . Enable the Grafana service:
+
 +
+
+[source,shell]
 ----
 systemctl enable --now grafana-server
 ----
+
 . In your browser, navigate to the URL of the server where Grafana is installed, on port 3000 (for example, [literal]``http://example.com:3000``).
 . On the login page, enter ``admin`` for username and password.
 . Click btn:[Log in]. 
@@ -253,7 +277,9 @@ systemctl enable --now grafana-server
 . To import a dashboard click the btn:[+] icon in the side menu, and then click btn:[Import].
 . For {productname} server overview load the dashboard ID: ``17569``.
 . For {productname} clients overview load the dashboard ID: ``17570``.
+
 +
+
 image::monitoring_grafana_example.png[scaledwidth=80%]
 
 [NOTE]
@@ -579,15 +605,72 @@ This section demonstrates how to generate client/server certificates for Prometh
 
 .Procedure: Creating server/client TLS certificate
 
-. On the {productname} Server, at the command prompt, run following command:
+. At the command prompt of the {productname} container host, as root, run the following commands:
+
++
+
+--
+
+.. To generate certificate files, run the following command.
+
++
+
+Ensure that the [systemitem]``set-cname`` parameter is the fully qualified domain name (FQDN) of your Salt client.
+You can use the the [systemitem]``set-cname`` parameter multiple times if you require multiple aliases:
+
 +
+
 ----
-rhn-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \
---set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \
---set-org-unit="ORGANIZATION UNIT" --set-email="[email protected]" \
---set-hostname="minion.example.com" --set-cname="minion.example.com" --no-rpm
+mgrctl exec -ti -- mgr-ssl-tool --gen-server --dir="/root/ssl-build" --set-country="COUNTRY" \
+  --set-state="STATE" --set-city="CITY" --set-org="ORGANIZATION" \
+  --set-org-unit="ORGANIZATION UNIT" --set-email="[email protected]" \
+  --set-hostname="minion.example.com" --set-cname="minion.example.com" --no-rpm
 ----
-Ensure that the [systemitem]``set-cname`` parameter is the fully qualified domain name (FQDN) of your Salt client.
-You can use the the [systemitem]``set-cname`` parameter multiple times if you require multiple aliases.
 
-. Copy ``server.crt`` and ``server.key`` files to the Salt minion and provide read access for ``prometheus`` user.
++
+
+Resulting in:
+
++
+
+----
+Generating the web server's SSL private key: /root/ssl-build/minion/server.key
+Generating web server's SSL certificate request: /root/ssl-build/minion/server.csr
+Generating/signing web server's SSL certificate: server.crt
+----
+
+.. Copy [path]``server.crt`` and [path]``server.key`` files from the server container to the host:
+
++
+
+----
+mgrctl cp server:/root/ssl-build/minion/server.key server.key
+mgrctl cp server:/root/ssl-build/minion/server.crt server.crt
+----
+
+.. Copy [path]``server.crt`` and [path]``server.key`` files from the host to the monitoring client:
+
++
+
+----
+ssh minion.example.com 'mkdir /etc/ssl/mlm-server-certs'
+scp /root/server.* minion.example.com:/etc/ssl/mlm-server-certs
+ssh minion.example.com 'chmod go+r /etc/ssl/mlm-server-certs/server.*; ls -la /etc/ssl/mlm-server-certs'
+----
+
+--
+
+. To configure {salt} formulars, enter the directory names specified in the previous steps.
+
++
+
+--
+
+.. formular server
+Server Certificate /etc/ssl/mlm-server-certs/server.crt
+Server Key /etc/ssl/mlm-server-certs/server.key
+
+
+.. formular minion
+
+--