Changes for page Configuring a VPS machine from scratch
Last modified by Alexandru Pentilescu on 2024/07/22 21:37
From version 10.1
edited by Alexandru Pentilescu
on 2024/07/22 21:05
on 2024/07/22 21:05
Change comment:
There is no comment for this version
To version 12.1
edited by Alexandru Pentilescu
on 2024/07/22 21:37
on 2024/07/22 21:37
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -163,6 +163,182 @@ 163 163 wget https://github.com/prometheus/node_exporter/releases/download/v0.15.2/node_exporter-0.15.2.linux-amd64.tar.gz 164 164 {{/code}} 165 165 166 +Once this is done, extract the contents of the archive: 167 + 168 +{{code language="bash"}} 169 +tar -xf node_exporter-0.15.2.linux-amd64.tar.gz 170 +{{/code}} 171 + 172 +We will be running this as its own user. In order to avoid having to create a home directory for that user, it's best if we move the utilities that just got extracted to the root directories: 173 + 174 +{{code language="bash"}} 175 +mv node_exporter-0.15.2.linux-amd64/node_exporter /usr/local/bin 176 +{{/code}} 177 + 178 +Create the new user: 179 + 180 +{{code language="bash"}} 181 +useradd -rs /bin/false node_exporter 182 +{{/code}} 183 + 184 +Create a new systemd service file, that will start the node_exporter automatically, after each boot: 185 + 186 +{{code language="systemd"}} 187 +[Unit] 188 +Description=Node Exporter 189 +After=network.target 190 + 191 +[Service] 192 +User=node_exporter 193 +Group=node_exporter 194 +Type=simple 195 +ExecStart=/usr/local/bin/node_exporter 196 + 197 +[Install] 198 +WantedBy=multi-user.target 199 +{{/code}} 200 + 201 +Once this has been done, reload the service files, enable the newly created service and start it: 202 + 203 +{{code language="bash"}} 204 +systemctl daemon-reload 205 +systemctl enable node_exporter 206 +systemctl start node_exporter 207 +{{/code}} 208 + 209 +== Installing Prometheus == 210 +Prometheus will be aggregating all the data that is collected by the node_exporter and allowing for it to be queried with a standardized syntax. 211 + 212 +To install Prometheus, we must first download it: 213 + 214 +{{code language="bash"}} 215 +wget https://github.com/prometheus/prometheus/releases/download/v2.1.0/prometheus-2.1.0.linux-amd64.tar.gz 216 +tar -xf prometheus-2.1.0.linux-amd64.tar.gz 217 +{{/code}} 218 + 219 +Much like with node_exporer above, we will force Prometheus to run as its own user, for security reasons. As such, we should isolate its files to the root filesystem: 220 + 221 +{{code language="bash"}} 222 +mv prometheus-2.1.0.linux-amd64/prometheus prometheus-2.1.0.linux-amd64/promtool /usr/local/bin 223 +{{/code}} 224 + 225 +We should also create new directories to store the relevant data for Prometheus: 226 + 227 +{{code language="bash"}} 228 +mkdir /etc/prometheus /var/lib/prometheus 229 +{{/code}} 230 + 231 +Then move the current directories to the appropriate system-level locations: 232 + 233 +{{code language="bash"}} 234 +mv prometheus-2.1.0.linux-amd64/consoles prometheus-2.1.0.linux-amd64/console_libraries /etc/prometheus 235 +{{/code}} 236 + 237 +== Configuring Prometheus == 238 +Create a new /etc/prometheus/prometheus.yml with the following contents: 239 + 240 +{{code language="yml"}} 241 +global: 242 + scrape_interval: 10s 243 +scrape_configs: 244 + - job_name: 'node' 245 + static_configs: 246 + - targets: ['localhost:9100'] 247 +{{/code}} 248 + 249 +Once the above is done, we should create the new prometheus user: 250 + 251 +{{code language="bash"}} 252 +useradd -rs /bin/false prometheussudo chown -R prometheus: /etc/prometheus /var/lib/prometheus 253 +chown -R prometheus: /etc/prometheus /var/lib/prometheus 254 +{{/code}} 255 + 256 +Then, please create an /etc/systemd/system/prometheus.service file with the following contents: 257 + 258 +{{code language="systemd"}} 259 +[Unit] 260 +Description=Prometheus 261 +After=network.target 262 + 263 +[Service] 264 +User=prometheus 265 +Group=prometheus 266 +Type=simple 267 +ExecStart=/usr/local/bin/prometheus \ 268 + --config.file /etc/prometheus/prometheus.yml \ 269 + --storage.tsdb.path /var/lib/prometheus/ \ 270 + --web.console.templates=/etc/prometheus/consoles \ 271 + --web.console.libraries=/etc/prometheus/console_libraries 272 + 273 +[Install] 274 +WantedBy=multi-user.target 275 +{{/code}} 276 + 277 +Then reload: 278 + 279 +{{code language="bash"}} 280 +systemctl daemon-reload 281 +systemctl enable prometheus 282 +systemctl start prometheus 283 +{{/code}} 284 + 285 +After everything has been done, we can proceed with Grafana itself. 286 + 287 +== Installing Grafana == 288 +Ideally Grafana should be installed from its own APT repository, as this will keep it updated constantly. To do so: 289 + 290 +{{code language="bash"}} 291 +apt-get install -y apt-transport-https software-properties-common wget 292 +mkdir -p /etc/apt/keyrings/ 293 +wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg > /dev/null 294 +echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee -a /etc/apt/sources.list.d/grafana.list 295 +apt-get update 296 +apt-get install grafana 297 +{{/code}} 298 + 299 +== Configuring Grafana == 300 +After Grafana has been installed, we should make sure that it works properly by changing its default port from port 3000 to 4000 (as port 3000 is normally used by Gitea on our instance). 301 + 302 +To do so, please edit /etc/grafana/grafana.ini by uncommenting the following line and changing the port number to: 303 + 304 +{{code language="ini"}} 305 +http_port = 4000 306 +{{/code}} 307 + 308 +Once this is done, enable the grafana-server service and start it: 309 + 310 +{{code language="bash"}} 311 +systemctl daemon-reload && systemctl enable grafana-server && systemctl start grafana-server.service 312 +{{/code}} 313 + 314 +== Expose the newly created port as an nginx subdomain == 315 + 316 +Finally, configure an nginx service file for it. Create an /etc/nginx/sites-available/grafana.conf file with the following contents: 317 + 318 +{{code language="nxinx"}} 319 +server { 320 + server_name stats.transistor.one; 321 + 322 + listen [::]:443 ssl http2; # managed by Certbot 323 + listen 443 ssl http2; # managed by Certbot 324 + 325 + include /etc/nginx/snippets/ssl.conf; 326 + 327 + location / { 328 + proxy_set_header Host $http_host; 329 + proxy_pass http://localhost:4000; 330 + } 331 +} 332 +{{/code}} 333 + 334 +Apparently the proxy_set_header directive is necessary to avoid some weird error when trying to set a new password. 335 + 336 +== Set up the environment == 337 +From this point on, all that's left is to login to stats.transistor.one and set up a new account. The default credentials to do so are username: admin and password: admin. You should change those immediately so that they will not get abused. 338 + 339 +Once that's done, configure your own dashboard and make it work. Personally, I like to import a public dashboard called Node Exporter Full, which looks very cool. 340 + 341 +Happy coding! 166 166 ))) 167 167 168 168