You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

200 lines
6.5 KiB

##############################################################################
# Prometheus Server
# To Install Server
#
# Stretch:
apt install -t stretch-backports prometheus
# Buster:
apt install prometheus
# On main prom1 server, running buster:
apt install prometheus-alertmanager prometheus prometheus-node-exporter
# Open up ports on firewall:
# Prometheus
-A INPUT -p tcp --dport 9090 -j ACCEPT
-A INPUT -p tcp --dport 9093 -j ACCEPT
-A INPUT -p tcp --dport 9094 -j ACCEPT
-A INPUT -p tcp --dport 9100 -j ACCEPT
##############################################################################
# Prometheus Clients
# Install exporter on all nodes
#
# Stretch:
apt install -t stretch-backports prometheus-node-exporter
# Buster:
apt install prometheus-node-exporter
# To enable various collectors on a node, edit:
#vim /etc/default/prometheus-node-exporter
# Ones of note:
#-collector.netstat.fields=(.*) --collector.vmstat.fields=(.*) --collector.interrupts
# Add to all: XXX not done
################
--collector.netstat.fields="^(.*_(InErrors|InErrs)|Ip_Forwarding|Ip(6|Ext)_(InOctets|OutOctets)|Icmp6?_(InMsgs|OutMsgs)|TcpExt_(Listen.*|Syncookies.*)|Tcp_(ActiveOpens|PassiveOpens|RetransSegs|CurrEstab)|Udp6?_(InDatagrams|OutDatagrams|NoPorts))$"
--collector.vmstat.fields="^(oom_kill|pgpg|pswp|pg.*fault).*"
--collector.interrupts
--collector.ntp
--collector.systemd
################
# Just copy over an existing one:
# XXX not really.
#scp -p testo4:/etc/default/prometheus-node-exporter /etc/default/prometheus-node-exporter
# Start on boot:
systemctl enable prometheus-node-exporter
# Firewall open port for prometheus-node-exporter
-A INPUT -p tcp --dport 9100 -j ACCEPT
##############################################################################
# For MySQL servers, on all servers:
apt install prometheus-mysqld-exporter
# On sql1, log into database:
CREATE USER 'prometheus-mysqld-exporter'@'10.42.1.0/255.255.255.0' IDENTIFIED BY 'password' WITH MAX_USER_CONNECTIONS 3;
GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO 'prometheus-mysqld-exporter'@'10.42.1.0/255.255.255.0';
FLUSH PRIVILEGES;
# On sql1 sql2 sql3 sql4 servers:
# Edit
vim /etc/default/prometheus-mysqld-exporter
# Set this line (setting correct local IP):
export DATA_SOURCE_NAME="prometheus-mysqld-exporter:password@(10.42.1.171:3306)/"
# on prom1 /etc/prometheus/prometheus.yml
- job_name: 'mysql-monitor'# Job name
static_configs:
- targets: ['10.42.1.171:9104']
labels:
alias: db1# alias name given to this instance
# Add firewall rule to sql1 sql2 sql3 sql4
#-A INPUT -s 10.22.22.0/24 -p tcp --dport 9104 -j ACCEPT
-A INPUT -s 10.42.1.0/24 -p tcp --dport 9104 -j ACCEPT
##############################################################################
# Borg exporter:
https://github.com/teemow/prometheus-borg-exporter
https://grafana.com/dashboards/1573
##############################################################################
# Email
# graylog:
##############################################################################
# Apache:
https://grafana.com/dashboards/4859
https://grafana.com/dashboards/4865
##############################################################################
# nginx
https://grafana.com/dashboards/6482
https://grafana.com/dashboards/4368
https://grafana.com/dashboards/6787
##############################################################################
# postgres
https://grafana.com/dashboards/3300
https://grafana.com/dashboards/455
https://grafana.com/dashboards/3742
https://grafana.com/dashboards/6742
# on pg1 pg2 pg3 pg4
apt install prometheus-postgres-exporter daemon
# See /usr/share/doc/prometheus-postgres-exporter/README.Debian
vim /etc/default/prometheus-postgres-exporter
DATA_SOURCE_NAME='user=prometheus host=/run/postgresql dbname=postgres'
# The run:
sudo -u postgres psql
# In database add:
------------------------------------------------------
CREATE USER prometheus;
ALTER USER prometheus SET SEARCH_PATH TO prometheus,pg_catalog;
CREATE SCHEMA prometheus AUTHORIZATION prometheus;
CREATE FUNCTION prometheus.f_select_pg_stat_activity()
RETURNS setof pg_catalog.pg_stat_activity
LANGUAGE sql
SECURITY DEFINER
AS $$
SELECT * from pg_catalog.pg_stat_activity;
$$;
CREATE FUNCTION prometheus.f_select_pg_stat_replication()
RETURNS setof pg_catalog.pg_stat_replication
LANGUAGE sql
SECURITY DEFINER
AS $$
SELECT * from pg_catalog.pg_stat_replication;
$$;
CREATE VIEW prometheus.pg_stat_replication
AS
SELECT * FROM prometheus.f_select_pg_stat_replication();
CREATE VIEW prometheus.pg_stat_activity
AS
SELECT * FROM prometheus.f_select_pg_stat_activity();
GRANT SELECT ON prometheus.pg_stat_replication TO prometheus;
GRANT SELECT ON prometheus.pg_stat_activity TO prometheus;
------------------------------------------------------
------------------------------------------------------
# Restart
# Add firewall rule
-A INPUT -s 10.52.1.0/24 -p tcp --dport 9187 -j ACCEPT
# prometheus.yml
# Some dashboards work with this
- job_name: 'postgres'
honor_labels: true
static_configs:
- targets: ['10.52.1.91:9187', '10.52.1.92:9187', '10.52.1.93:9187', '10.52.1.94:9187']
# Other dashboards work with this
- job_name: 'postgresql'
honor_labels: true
static_configs:
- targets: ['10.52.1.91:9187', '10.52.1.92:9187', '10.52.1.93:9187', '10.52.1.94:9187']
##############################################################################
# Unbound DNS
https://grafana.com/dashboards/3930
##############################################################################
# libvirt_exporter
# FAIL
go get github.com/kumina/libvirt_exporter
go build github.com/kumina/libvirt_exporter
# Then copy this binary to targets sf-001 sf-002 sf-003 sf-004
~/go/bin/libvirt_exporter
apt install libvirt-daemon
##############################################################################
# Dovecot Exporter
# https://github.com/kumina/dovecot_exporter.git
#
# On a go build server: XXX
go get github.com/kumina/dovecot_exporter
go build github.com/kumina/dovecot_exporter
scp -p go/bin/dovecot_exporter mx1:
# On mail server mx1
# Set up user to run as. XXX
# Open up firewall port 9166
# Dovecot Prometheus
-A INPUT -s 10.22.22.0/24 -p tcp --dport 9166 -j ACCEPT
# Run thusly, XXX set up user, chown path
./dovecot_exporter --dovecot.socket-path="/var/run/dovecot/stats-reader"
# Or?
./dovecot_exporter --dovecot.socket-path="/var/run/dovecot/stats-reader" --dovecot.scopes="jebba@forksand.com"
##############################################################################