1 ‐ Deployment - CPNV-ES-MON1/Prometheus GitHub Wiki

Prometheus

Version used: 2.51.2

Prerequisites

wget https://github.com/prometheus/prometheus/releases/download/v2.51.2/prometheus-2.51.2.linux-amd64.tar.gz
---
--2024-05-02 12:33:24--  https://github.com/prometheus/prometheus/releases/download/v2.51.2/prometheus-2.51.2.linux-amd64.tar.gz
Resolving github.com (github.com)... 140.82.121.4
Connecting to github.com (github.com)|140.82.121.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
---

1 - Setup Prometheus files and directory

#Add a system user for Prometheus
sudo useradd -s /sbin/nologin --system -g prometheus prometheus

#Create the data directory and set permissions
sudo mkdir /var/lib/prometheus
chown -R prometheus:prometheus /var/lib/prometheus/

tar xzvf prometheus-2.51.2.linux-amd64.tar.gz

#Create necessary directories for Prometheus

for i in rules rules.d files_sd; do \
sudo mkdir -p /app/prometheus2.51.2/${i} && \
sudo chown -R prometheus:prometheus /app/prometheus2.51.2/${i} && \
sudo chmod -R 775 /app/prometheus2.51.2/${i} \
; done

#Move binaries and configuration files
cd prometheus*/
sudo mv prometheus promtool /usr/local/bin/
sudo mv consoles console_libraries prometheus.yml /app/prometheus2.51.2/
#Install Apache utilities and set up the password file
sudo apt install apache2-utils

htpasswd -nB prom
---
prom:$2y$05<...>8zq
nano /app/prometheus2.51.2/web.yml

# Add the user & password
---
basic_auth_users:
  prom: $2y$05<...>8zq
sudo chown prometheus: /app/prometheus2.51.2/web.yml

2 - Setup Prometheus Service and start it

Configuration to work without the reverse proxy, base configuration To work with the Nginx Reverse Proxy, see here

#Create a systemd service file for Prometheus
cat <<EOM | sudo tee -a "/etc/systemd/system/prometheus.service"
[Unit]
Description=Prometheus
Documentation=https://prometheus.io/docs/introduction/overview/
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
User=prometheus
Group=prometheus
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/local/bin/prometheus \
  --config.file=/app/prometheus2.51.2/prometheus.yml \
  --storage.tsdb.path=/var/lib/prometheus \
  --web.console.templates=/app/prometheus2.51.2/consoles \
  --web.console.libraries=/app/prometheus2.51.2/console_libraries \
  --web.listen-address=0.0.0.0:9090 \
  --web.config.file=/app/prometheus2.51.2/web.yml \

SyslogIdentifier=prometheus
Restart=always

[Install]
WantedBy=multi-user.target

EOM
sudo systemctl daemon-reload
#Enable the Prometheus service to start on boot
sudo systemctl enable prometheus
---
Created symlink /etc/systemd/system/multi-user.target.wants/prometheus.service → /etc/systemd/system/prometheus.service.***
sudo systemctl start prometheus
sudo systemctl status prometheus
● prometheus.service - Prometheus
     Loaded: loaded (/etc/systemd/system/prometheus.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-05-14 09:58:24 UTC; 1h 36min ago
       Docs: https://prometheus.io/docs/introduction/overview/
   Main PID: 3534 (prometheus)
      Tasks: 10 (limit: 4515)
     Memory: 17.3M
        CPU: 1.142s
     CGroup: /system.slice/prometheus.service

Grafana

Version used: 11.0.0

Prerequisites

sudo apt install gnupg2 apt-transport-https software-properties-common wget

wget -q -O - https://packages.grafana.com/gpg.key > grafana.key
cat grafana.key
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGTnhmkBDADUE+SzjRRyitIm1siGxiHlIlnn6KO4C4GfEuV+PNzqxvwYO+1r
...
9O/0qAIU+YW7ojbKv8fr+NB31TGhGYWASjYlN1NvPotRAK6339O0/Rqr9xGgy3AY
SR+ic2Y610IM7xccKuTVAW9UofKQwJZChqae9VVZ
=J9CI
-----END PGP PUBLIC KEY BLOCK-----

En résumé, cette commande prend la clé GPG du fichier grafana.key, la décode, l'ajoute au trousseau de clés de confiance du système pour permettre la vérification des paquets Grafana, et jette toute sortie non nécessaire. C'est souvent utilisé lors de l'installation de nouveaux dépôts de paquets pour s'assurer que les paquets téléchargés sont authentiques et sécurisés.

cat grafana.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/grafana.gpg >/dev/null

ll /etc/apt/trusted.gpg.d/grafana.gpg
-rw-r--r-- 1 root root 1758 May 14 07:20 /etc/apt/trusted.gpg.d/grafana.gpg
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/grafana.gpg] https://packages.grafana.com/oss/deb stable main' | sudo tee /etc/apt/sources.list.d/grafana.list

sudo apt update

1 - Install Grafana

sudo apt install grafana -y

sudo systemctl daemon-reload
sudo systemctl start grafana-server.service
sudo systemctl enable grafana-server.service
sudo systemctl status grafana-server.service
---
● grafana-server.service - Grafana instance
     Loaded: loaded (/lib/systemd/system/grafana-server.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-05-14 07:26:37 UTC; 3s ago
       Docs: http://docs.grafana.org
   Main PID: 2950 (grafana)
      Tasks: 14 (limit: 4515)
     Memory: 47.5M
        CPU: 1.866s
     CGroup: /system.slice/grafana-server.service
---

2 - Grafana configuration

#Modify the Grafana configuration file to set 'http_addr' and 'http_port'
sudo awk 'BEGIN { FS = " = " } ; /^;http_addr/ { print "http_addr = localhost"; next } ; /^;http_port/ { print "http_port = 3000"; next } ; { print }' /etc/grafana/grafana.ini > graf.ini.new
sudo cp graf.ini.new /etc/grafana/grafana.ini

sudo cat /etc/grafana/grafana.ini | grep http_
---
http_addr = localhost
http_port = 3000
;root_url = %(protocol)s://%(domain)s:%(http_port)s/
sudo systemctl restart grafana-server.service
sudo systemctl status grafana-server.service
● grafana-server.service - Grafana instance
     Loaded: loaded (/lib/systemd/system/grafana-server.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2024-05-14 13:48:34 UTC; 9min ago
       Docs: http://docs.grafana.org
   Main PID: 904 (grafana)
      Tasks: 11 (limit: 4515)
     Memory: 160.8M
        CPU: 1.711s
     CGroup: /system.slice/grafana-server.service

Nginx Reverse Proxy

Version used: Nginx/1.24.0 (ubuntu) Context: The grafana web interface should be accessible by 8080 port.

Prerequisites

sudo apt update
sudo apt install nginx -y

1 - Setup the virtual host

sudo wget https://raw.githubusercontent.com/CPNV-ES-MON1/Prometheus/main/nginx_rproxy_config -O /etc/nginx/sites-available/grafana
read -p "Enter the DNS name: " dns_name && sudo sed -i "s/server_name <DNS_NAME>/server_name $dns_name/" /etc/nginx/sites-available/grafana

Enable de vHost & disable default

sudo ln -s /etc/nginx/sites-available/grafana /etc/nginx/sites-enabled/
sudo rm  /etc/nginx/sites-enabled/default
sudo systemctl restart nginx

2- Update Prometheus service file

If not done in 2 - Setup Prometheus Service and start it Adapt the configuration file to work with the reverse proxy (new route-prefix). Specify the new route-prefix and the external url (change with the DNS name in AWS). The route prefix have to match with the location in the nginx virtual host.

sudo nano /etc/systemd/system/prometheus.service
--web.external-url="http://<DNS NAME or IP/prometheus/" 
--web.route-prefix="/prometheus/"

Update Grafana configuration

After adding the route-prefix, it is mandatory to update the connection in grafana by adding the correct prefix.

Updated file

The updated file can be downloaded here. WARNING: Any modification made on prometheus.service will be lost. It will rewrite the whole file. This file is a template, modification have to be made before reloading the daemon (sudo systemctl reload-daemon).

sudo wget https://raw.githubusercontent.com/CPNV-ES-MON1/Prometheus/main/prometheus.service.template -O /etc/systemd/system/prometheus.service

And then update the DNS name with the DNS name of your server (reverse proxy).

read -p "Enter the DNS name or IP: " dns_name && sudo sed -i "s|<DNS_NAME or IP>|$dns_name|" /etc/systemd/system/prometheus.service

Node_exporter

Version used: 1.8.0 Exporter for machine metrics - Debian

1 - On client (managed server)

sudo useradd --no-create-home --system --shell /bin/false node_exporter

wget https://github.com/prometheus/node_exporter/releases/download/v1.8.0/node_exporter-1.8.0.linux-amd64.tar.gz

tar xvfz node_exporter-1.8.0.linux-amd64.tar.gz
---
node_exporter-1.8.0.linux-amd64/
node_exporter-1.8.0.linux-amd64/NOTICE
node_exporter-1.8.0.linux-amd64/node_exporter
node_exporter-1.8.0.linux-amd64/LICENSE
sudo cp node_exporter-1.8.0.linux-amd64/node_exporter /usr/local/bin/
sudo chown node_exporter: /usr/local/bin/node_exporter
ls -l /usr/local/bin/
---
-rwxr-xr-x  1 node_exporter node_exporter  20494416 May 16 11:53 node_exporter*
cat <<EOM | sudo tee -a /etc/systemd/system/node_exporter.service
[Unit]
Description=Prometheus Node Exporter
Wants=network-online.target
After=network-online.target

[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter

[Install]
WantedBy=multi-user.target
EOM

cat /etc/systemd/system/node_exporter.service && ls -l /etc/systemd/system/ | grep node_
---
[Unit]
Description=Prometheus Node Exporter
Wants=network-online.target
After=network-online.target

[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter

[Install]
WantedBy=multi-user.target
**-rw-r--r-- 1 root root  239 May 16 11:58 node_exporter.service**
sudo systemctl daemon-reload
sudo systemctl start node_exporter
sudo systemctl status node_exporter
---
● node_exporter.service - Prometheus Node Exporter
     Loaded: loaded (/etc/systemd/system/node_exporter.service; disabled; vendor preset: enabled)
     Active: active (running) since Thu 2024-05-16 12:00:08 UTC; 20s ago
   Main PID: 1511 (node_exporter)
      Tasks: 8 (limit: 4515)
     Memory: 2.8M
        CPU: 7ms
     CGroup: /system.slice/node_exporter.service
             └─1511 /usr/local/bin/node_exporter
sudo systemctl enable node_exporter
Created symlink /etc/systemd/system/multi-user.target.wants/node_exporter.service → /etc/systemd/system/node_exporter.service.
curl localhost:9100/metrics
promhttp_metric_handler_errors_total{cause="gathering"} 0
# HELP promhttp_metric_handler_requests_in_flight Current number of scrapes being served.
# TYPE promhttp_metric_handler_requests_in_flight gauge
promhttp_metric_handler_requests_in_flight 1
# HELP promhttp_metric_handler_requests_total Total number of scrapes by HTTP status code.
# TYPE promhttp_metric_handler_requests_total counter
promhttp_metric_handler_requests_total{code="200"} 0
promhttp_metric_handler_requests_total{code="500"} 0
promhttp_metric_handler_requests_total{code="503"} 0

2 - On manager server

sudo nano /app/prometheus2.51.2/prometheus.yml

Add under "scrape_configs" section

- job_name: "<JOB_NAME>"
    static_configs:
      - targets: ["<CLIENT_IP>:9100"]
        labels:
          machinename: "<MACHINE_NAME>"
sudo systemctl restart prometheus.service

Windows_exporter

Version used: 0.25.1 Exporter for machine metrics - Windows Server 2022

1 - On client (managed server)

On PowerShell, download the last version of windows_exporter

Invoke-WebRequest -Uri https://github.com/prometheus-community/windows_exporter/releases/download/v0.25.1/windows_exporter-0.25.1-amd64.msi -OutFile "windows_exporter.msi"

Install windows_exporter with desired collectors

Start-Process -FilePath .\windows_exporter.msi -ArgumentList 'ENABLE_COLLECTORS="cpu,cs,logical_disk,net,os,system,tcp,time,service,memory"' -Wait

2 - On manager server

sudo nano /app/prometheus2.51.2/prometheus.yml

Add under "scrape_configs" section

- job_name: "<JOB_NAME>"
    static_configs:
      - targets: ["<CLIENT_IP>:9182"]
        labels:
          machinename: "<MACHINE_NAME>"
sudo systemctl restart prometheus.service
⚠️ **GitHub.com Fallback** ⚠️