Terraform

Blog ini merupakan kelanjutan dari bagian sebelumnya. Jika belum membacanya, bisa cek disini. Langkah Implementasi Instalasi dan Konfigurasi Tools Prometheus. Note : Lakukan langkah dibawah ini di monitoring node. Download dan ekstrak file Prometheus. ~$ sudo su - ~# cd /opt /opt# wget https://github.com/prometheus/prometheus/releases/download/v2.48.1/prometheus-2.48.1.linux-amd64.tar.gz /opt# tar xvfz prometheus-2.48.1.linux-amd64.tar.gz Menambahkan file konfigurasi untuk Prometheus. /opt# cd prometheus-2.48.1. linux-amd64 /opt/prometheus-2.48.1. linux-amd64# vim config.yml --- global: scrape_interval: 10s evaluation_interval: 15s scrape_configs: - job_name: 'node' scrape_interval: 5s static_configs: - targets: ['192.168.4.10:9100','192.168.4.20:9100','192.168.4.30:9100'] - job_name: 'nginx' static_configs: - targets: ['192.168.4.20:9113'] - job_name: 'cadvisor' static_configs: - targets: ['192.168.4.30:8080'] - job_name: 'docker' static_configs: - targets: ['192.168.4.30:9323'] alerting: alertmanagers: - static_configs: - targets: - 192.168.4.10:9093 rule_files: - "rules/container.yml" - "rules/node.yml" - "rules/web-server.yml" Membuat SSL Key dan Certificate Signing Request. /opt/prometheus-2.48.1.linux-amd64# sudo openssl genrsa -out /opt/prometheus-2.48.1.linux-amd64/prometheus.key 2048 /opt/prometheus-2.48.1.linux-amd64# sudo openssl req -new -key /opt/prometheus-2.48.1.linux-amd64/prometheus.key -out /opt/prometheus-2.48.1.linux-amd64/prometheus.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]: South Kalimantan Locality Name (eg, city) []:Banjarbaru Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Membuat SSL Self-Signed Certificate. /opt/prometheus-2.48.1.linux-amd64# openssl x509 -req -days 365 -signkey prometheus.key -in prometheus.csr -out prometheus.crt -extfile <(echo "subjectAltName=IP:192.168.4.10" ) Certificate request self-signature ok subject=C = ID, ST = South Kalimantan, L = Banjarbaru, O = Internet Widgits Pty Ltd Instalasi paket yang dibutuhkan untuk basic authentication. ~# sudo apt-get update && sudo apt install apache2-utils -y Membuat password untuk basic authentication. ~# htpasswd -nBC 12 "" | tr -d ':\n' New password: <inputYourPassword> Re-type new password: <inputYourPassword> $2y$12$<saltAndHash> Menambahkan konfigurasi untuk web agar SSL dan basic authentication diterapkan. /opt/prometheus-2.48.1. linux-amd64# vim web.yml basic_auth_users: rifkyards: $2y$12$<saltAndHash> tls_server_config: cert_file: /opt/prometheus-2.48.1.linux-amd64/prometheus.crt key_file: /opt/prometheus-2.48.1.linux-amd64/prometheus.key Menambahkan rules untuk mengirimkan alert node yang mati ke Alert Manager. /opt/prometheus-2.48.1.linux-amd64# vim rules/node.yml # Add this lines groups: - name: NodeStatus rules: - alert: "NodeMonitoringDown" expr: up{instance="192.168.4.10:9100"} == 0 for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: "NodeMonitoringDown" annotations: title: "{{ $labels.instance }} is down" description: "The server with IP {{ $labels.instance }} has been down for more than 5 minutes." - alert: "NodeClient1Down" expr: up{instance="192.168.4.10:9100"} == 0 for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: NodeClient1Down annotations: title: "{{ $labels.name }} is down" description: "The server with IP {{ $labels.instance }} has been down for more than 5 minutes." - alert: "NodeClient2Down" expr: up{instance="192.168.4.30:9100"} == 0 for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: NodeClient2Down annotations: title: "{{ $labels.instance }} is down" description: "The server with IP {{ $labels.instance }} has been down for more than 5 minutes." Menambahkan rules untuk mengirimkan alert Nginx Server yang mati ke Alert Manager. /opt/prometheus-2.48.1.linux-amd64# vim rules/web-server.yml # Add this lines groups: - name: WebNginxStatus rules: - alert: NginxDown expr: nginx_up{instance="192.168.4.20:9113", job="nginx"} == 0 for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: NginxDown annotations: title: "{{ $labels.name }} is down" description: "The {{ $labels.job }} server on {{ $labels.instance }} has been down for more than 5 minutes." Menambahkan rules untuk mengirimkan alert container yang mati ke Alert Manager. /opt/prometheus-2.48.1.linux-amd64# vim rules/container.yml # Add this lines groups: - name: containerMonitoring rules: - alert: "Container2048Down" expr: absent(container_start_time_seconds{name="2048-apps",instance="192.168.4.30:8080"}) for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: Container2048Down annotations: title: "{{ $labels.name }} is down" description: "The {{ $labels.name }} container on {{ $labels.instance }} has been down for more than 5 minutes." - alert: "ContainerTicTacToeDown" expr: absent(container_start_time_seconds{name="tic-tac-toe-apps",instance="192.168.4.30:8080"}) for: 5m labels: severity: critical instance: "{{ $labels.instance }}" alertname: ContainerTicTacToeDown annotations: title: "{{ $labels.name }} is down" description: "The {{ $labels.name }} container on {{ $labels.instance }} has been down for more than 5 minutes." - alert: "GeneralContainerDown" expr: time() - container_last_seen{instance="192.168.4.30:8080", image!="", name!~"2048-apps|tic-tac-toe-apps|cadvisor"} > 220 for: 20s labels: severity: critical instance: "{{ $labels.instance }}" alertname: GeneralContainerDown resolved: 'false' annotations: title: "{{ $labels.name }} is down" description: "A container {{ $labels.name }} on {{ $labels.instance }} has been down for more than 5 minutes." Menambahkan konfigurasi untuk Prometheus berjalan di SystemD. ~# vim /etc/systemd/system/prometheus_server.service # Add this lines [Unit] Description=Prometheus Server [Service] User=root ExecStart=/opt/prometheus-2.48.1.linux-amd64/prometheus --config.file=/opt/prometheus-2.48.1.linux-amd64/config.yml --web.config.file=/opt/prometheus-2.48.1.linux-amd64/web.yml --web.external-url=https://192.168.4.10:9090/ [Install] WantedBy=default.target Menjalankan perintah agar SystemD Prometheus berjalan. ~# systemctl daemon-reload ~# systemctl start prometheus_server ~# systemctl enable prometheus_server Instalasi dan Konfigurasi Tools Alert Manager. Note : Lakukan langkah dibawah ini di monitoring node. ...

Dalam lingkungan TI modern, banyak organisasi menghadapi tantangan dalam mengelola kombinasi aplikasi berbasis SystemD dan container. Kesulitan ini dapat menyebabkan kurangnya visibilitas terhadap performa sistem, meningkatkan risiko downtime yang tidak terdeteksi, dan menyulitkan tim dalam merespons masalah dengan cepat. Untuk mengatasi tantangan ini, pendekatan yang umum diterapkan adalah menetapkan satu server sebagai pusat monitoring dan kontrol otomatisasi. Server ini berperan dalam mengintegrasikan berbagai alat seperti Terraform untuk otomatisasi pembuatan infrastruktur berbasis container, serta Ansible untuk mengelola konfigurasi sistem, termasuk pengumpulan metrik dan pengelolaan aplikasi berbasis SystemD. ...