Prometheus¶
Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community. It is now a standalone open source project and maintained independently of any company. To emphasize this, and to clarify the project’s governance structure, Prometheus joined the Cloud Native Computing Foundation in 2016 as the second hosted project, after Kubernetes.
License¶
prometheus is licensed under the Apache License 2.0.
All relevant legal information can be found here
Prerequisites¶
We need to prepare a couple of directories.
The first directory is for storing the timeseries database:
[isabell@stardust ~]$ mkdir -p var/lib/prometheus
[isabell@stardust ~]$
The second directory is for storing the configuration files:
[isabell@stardust ~]$ mkdir etc/prometheus
[isabell@stardust ~]$
Installation¶
Find the latest version of prometheus for the operating system linux
and the architecture amd64
from the download page, download and extract it and enter the extracted directory:
[isabell@stardust ~]$ wget https://github.com/prometheus/prometheus/releases/download/v2.18.1/prometheus-2.18.1.linux-amd64.tar.gz
[isabell@stardust ~]$ tar xvzf prometheus-2.18.1.linux-amd64.tar.gz
[isabell@stardust ~]$ cd prometheus-2.18.1.linux-amd64
[isabell@stardust prometheus-2.18.1.linux-amd64]$
Move the binary to ~/bin
and the configuration file to ~/etc/prometheus
.
[isabell@stardust prometheus-2.18.1.linux-amd64]$ mv prometheus ~/bin/
[isabell@stardust prometheus-2.18.1.linux-amd64]$ mv prometheus.yml ~/etc/prometheus
[isabell@stardust prometheus-2.18.1.linux-amd64]$
Configuration¶
Configure web server¶
Note
prometheus is running on port 9090.
To make the application accessible from the outside, configure a web backend:
[isabell@stardust ~]$ uberspace web backend set / --http --port <port>
Set backend for / to port <port>; please make sure something is listening!
You can always check the status of your backend using "uberspace web backend list".
[isabell@stardust ~]$
Setup daemon¶
Create the file ~/etc/services.d/prometheus.ini
with the following content:
[program:prometheus]
command=prometheus
--web.listen-address=localhost:9090
--config.file=%(ENV_HOME)s/etc/prometheus/prometheus.yml
--storage.tsdb.path=%(ENV_HOME)s/var/lib/prometheus/
--storage.tsdb.retention=15d
--web.external-url=https://isabell.uber.space/
--web.route-prefix=/
autostart=yes
autorestart=yes
In our example this would be:
[program:prometheus]
command=prometheus
--web.listen-address=localhost:9000
--config.file=%(ENV_HOME)s/etc/prometheus/prometheus.yml
--storage.tsdb.path=%(ENV_HOME)s/var/lib/prometheus/
--storage.tsdb.retention=15d
--web.external-url=https://isabell.uber.space/
--web.route-prefix=/
autostart=yes
autorestart=yes
What the arguments for prometheus mean:
--web.listen-address
: The IP address and port prometheus listens on.
--config.file
: The full path to the prometheus configuration file.
--storage.tsdb.path
: The path where prometheus stores the timeseries database.
--storage.tsdb.retention
: The amount of time to keep the datapoints of the timeseries database (in this guide it’s set to 15 days).
--web.external-url
: The URL under which prometheus is reachable.
--web.route-prefix
: The path under which promtheus is reachable.
Note
When using web backends, the address to listen to has to be 0.0.0.0
. In the example above, the corresponding line has to be changed to --web.listen-address=0.0.0.0:9090
.
Finishing installation¶
Start prometheus¶
After creating the configuration, tell supervisord to refresh its configuration and start the service:
[isabell@stardust ~]$ supervisorctl reread
SERVICE: available
[isabell@stardust ~]$ supervisorctl update
SERVICE: added process group
[isabell@stardust ~]$ supervisorctl status
SERVICE RUNNING pid 26020, uptime 0:03:14
[isabell@stardust ~]$
Now point your browser to your uberspace and you should see the prometheus webinterface.
Best practices¶
Security¶
To quote the prometheus security documentation:
It's presumed that untrusted users have access to the prometheus HTTP
endpoint and logs.
It is also presumed that only trusted users have the ability to change
the command line, configuration file, rule files and other aspects of
the runtime environment of Prometheus and other components.
As stated in the security documentation, it is ok to make prometheus reachable for everyone as long as only you are able to change the configuration files and the CLI arguments.
If this is something you do not want to do, you could hide it behind a basic auth.
Tested with Prometheus 2.18.1, Uberspace 7.6.1.2
Written by: Malte Krupa <http://nafn.de>