Prometheus
Prometheus is an open-source systems monitoring and alerting toolkit originally built at SoundCloud. Since its inception in 2012, many companies and organizations have adopted Prometheus, and the project has a very active developer and user community. It is now a standalone open source project and maintained independently of any company. To emphasize this, and to clarify the project’s governance structure, Prometheus joined the Cloud Native Computing Foundation in 2016 as the second hosted project, after Kubernetes.
License
Prometheus is licensed under the Apache License 2.0.
All relevant legal information can be found here
Prerequisites
We need to prepare a couple of directories.
The first directory is for storing the timeseries database:
[isabell@stardust ~]$ mkdir -p ~/var/lib/prometheus
[isabell@stardust ~]$
The second directory is for storing the configuration files:
[isabell@stardust ~]$ mkdir -p ~/etc/prometheus
[isabell@stardust ~]$
Installation
Find the latest version of Prometheus for the operating system linux
and the architecture amd64
from the download page, download and extract it and enter the extracted directory:
[isabell@stardust ~]$ wget https://github.com/prometheus/prometheus/releases/download/v2.45.0/prometheus-2.45.0.linux-amd64.tar.gz
[isabell@stardust ~]$ tar xvzf ~/prometheus-2.45.0.linux-amd64.tar.gz
[isabell@stardust ~]$ cd ~/prometheus-2.45.0.linux-amd64
[isabell@stardust prometheus-2.45.0.linux-amd64]$
Move the binary to ~/bin
and the configuration file to ~/etc/prometheus
.
[isabell@stardust prometheus-2.45.0.linux-amd64]$ mv prometheus ~/bin/
[isabell@stardust prometheus-2.45.0.linux-amd64]$ mv prometheus.yml ~/etc/prometheus
[isabell@stardust prometheus-2.45.0.linux-amd64]$ cd ~
[isabell@stardust ~]$
Cleanup
Since we only need the binary and the configuration file we can safely remove the downloaded archive and the extracted directory.
[isabell@stardust ~]$ rm -r ~/prometheus-2.45.0.linux-amd64
[isabell@stardust ~]$ rm ~/prometheus-2.45.0.linux-amd64.tar.gz
Configuration
Configure web server
Note
Prometheus is running on port 9090.
To make the application accessible from the outside, configure a web backend:
[isabell@stardust ~]$ uberspace web backend set / --http --port <port>
Set backend for / to port <port>; please make sure something is listening!
You can always check the status of your backend using "uberspace web backend list".
[isabell@stardust ~]$
Setup daemon
Create the file ~/etc/services.d/prometheus.ini
with the following content:
[program:prometheus]
command=prometheus
--web.listen-address=0.0.0.0:9090
--config.file=%(ENV_HOME)s/etc/prometheus/prometheus.yml
--storage.tsdb.path=%(ENV_HOME)s/var/lib/prometheus/
--storage.tsdb.retention.time=15d
--web.external-url=https://isabell.uber.space/
--web.route-prefix=/
autostart=yes
autorestart=yes
What the arguments for Prometheus mean:
--web.listen-address
: The IP address and port Prometheus listens on.
--config.file
: The full path to the Prometheus configuration file.
--storage.tsdb.path
: The path where Prometheus stores the timeseries database.
--storage.tsdb.retention.time
: The amount of time to keep the datapoints of the timeseries database (in this guide it’s set to 15 days).
--web.external-url
: The URL under which Prometheus is reachable.
--web.route-prefix
: The path under which Prometheus is reachable.
Note
When using web backends, the address to listen to has to be 0.0.0.0
, not 127.0.0.1, localhost or ::1.
Finishing installation
Start Prometheus
After creating the configuration, tell supervisord to refresh its configuration and start the service:
[isabell@stardust ~]$ supervisorctl reread
SERVICE: available
[isabell@stardust ~]$ supervisorctl update
SERVICE: added process group
[isabell@stardust ~]$ supervisorctl status
SERVICE RUNNING pid 26020, uptime 0:03:14
[isabell@stardust ~]$
Now point your browser to your uberspace and you should see the Prometheus webinterface.
Best practices
Security
To quote the Prometheus security documentation:
It's presumed that untrusted users have access to the Prometheus HTTP
endpoint and logs.
It is also presumed that only trusted users have the ability to change
the command line, configuration file, rule files and other aspects of
the runtime environment of Prometheus and other components.
As stated in the security documentation, it is ok to make Prometheus reachable for everyone as long as only you are able to change the configuration files and the CLI arguments.
If this is something you do not want to do, you could hide it behind a basic auth.
Tested with Prometheus 2.18.1, Uberspace 7.6.1.2
Written by: Malte Krupa <http://nafn.de>