Prometheus is a free software application used for event monitoring and alerting. It records real-time metrics in a time series database (allowing for high dimensionality) built using a HTTP pull model, with flexible queries and real-time alerting. Prometheus also has node exporters including windows to export OS specific metrics.
Step 1: Install Node Exporter
Install the Prometheus Node Exporter software pacakge
# apt install -y prometheus-node-exporterCode language: PHP (php)Enable and start the node exporter:
# systemctl enable prometheus-node-exporter
# systemctl start prometheus-node-exporterCode language: PHP (php)Step 2: Enable TLS/SSL and Authentication
Generate host certificates for this specific service and place them in the system SSL repository
# mkdir /etc/prometheus/ssl
# cp <service-key> /etc/prometheus/ssl/prometheus-node-exporter.key
# cp <service-cert> /etc/prometheus/ssl/prometheus-node-exporter.pem
# chown root:prometheus /etc/prometheus/ssl/prometheus-node-exporter.key
# chown root:prometheus /etc/prometheus/ssl/prometheus-node-exporter.pem
# chmod 640 /etc/prometheus/ssl/prometheus-node-exporter.key
# chmod 644 /etc/prometheus/ssl/prometheus-node-exporter.pemCode language: PHP (php)Create the following python script to generate an hashed password gen-pass.py
import getpass
import bcrypt
password = getpass.getpass("password: ")
hashed_password = bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
print(hashed_password.decode())Code language: JavaScript (javascript)Run the script and it will prompt for a password:
# python3 gen-pass.py
password:
$2b$12$hNf2lSsxfm0.i4a.1kVpSOVyBCfIB51VRjgBUyv6kdnyTlgWj81AyCode language: PHP (php)Create a web configuration file and define the encrypted service /etc/prometheus/web-config.yml
tls_server_config:
cert_file: /etc/ssl/certs/prometheus-node-exporter.pem
key_file: /etc/ssl/private/prometheus-node-exporter.key
# Minimum TLS version that is acceptable.
min_version: "TLS12"
basic_auth_users:
prometheus: $2b$12$hNf2lSsxfm0.i4a.1kVpSOVyBCfIB51VRjgBUyv6kdnyTlgWj81AyCode language: PHP (php)Edit the Prometheus node exporter system default configuration file and define the web service /etc/default/prometheus-node-exporter
ARGS="--web.config=/etc/prometheus/web-config.yml"Code language: JavaScript (javascript)Restart the node exporter:
# systemctl restart prometheus-node-exporterCode language: PHP (php)Step 3: Enable Extra metrics
Some metrics are disabled by default, but you can force enable them in the system default configuration file /etc/default/prometheus-node-exporter
ARGS="--web.config=/etc/prometheus/web-config.yml --web.max-requests=5 --collector.ntp --collector.tcpstat"Code language: JavaScript (javascript)Restart the node exporter:
# systemctl restart prometheus-node-exporterCode language: PHP (php)Step 4: Collection
From Prometheus server define the new node collection policy by editing /etc/prometheus/prometheus.yml
- job_name: node-prometheus
scrape_interval: 15s
scrape_timeout: 10s
scheme: https
tls_config:
ca_file: '/etc/ssl/certs/ca-certificates.crt'
basic_auth:
username: prometheus
password: $2b$12$hNf2lSsxfm0.i4a.1kVpSOVyBCfIB51VRjgBUyv6kdnyTlgWj81Ay
static_configs:
- targets: ['host-01:9100', 'host-02:9100' ]
relabel_configs:
- source_labels: ['__address__']
separator: ':'
regex: '(.*):.*'
target_label: 'instance'
replacement: '${1}'Code language: PHP (php)Reload Prometheus so it polls the new changes:
# systemctl reload prometheusCode language: PHP (php)