WEBVTT 00:00.120 --> 00:06.720 OK, so now let's install a second node exporter on another server and read the information using the 00:06.720 --> 00:08.040 Prometheus service. 00:08.070 --> 00:13.200 This is the node exporter or Prometheus dashboard has been running for a few days now, and it's very 00:13.200 --> 00:16.250 impressive full of information, but it's only looking at one instance. 00:16.260 --> 00:17.880 That's my local hostname of 100. 00:17.910 --> 00:24.390 What I'll do is configure the Prometheus service here to query and not export on another server. 00:24.420 --> 00:30.030 So in this video will install a node exporter on another server being the Moscow server because we already 00:30.030 --> 00:35.520 have it from early on in the course and then we'll see statistics about that server in this dashboard 00:35.610 --> 00:36.210 as well. 00:36.300 --> 00:39.090 OK, so log on to your other server, your mask. 00:39.090 --> 00:41.470 Your server is a good choice for that. 00:41.750 --> 00:42.710 So I've logged on. 00:42.720 --> 00:48.560 I'm now going to install the Prometheus node exporter, so I don't need to install Prometheus this time. 00:48.570 --> 00:50.130 It's just a node exporter component. 00:50.130 --> 00:54.180 I want so copy that Abe to install Prometheus node exporter. 00:55.050 --> 00:55.620 Yes. 00:57.310 --> 01:02.620 OK, we can check its status because it would have already started it, I got active running. 01:02.770 --> 01:03.220 Excellent. 01:03.910 --> 01:07.540 It's also created a user called Prometheus so we can inspect. 01:07.720 --> 01:08.920 So I'm just going to copy the whole lot. 01:09.550 --> 01:15.730 And the video ID Prometheus Prometheus in the group's Prometheus is using one service called Prometheus 01:15.730 --> 01:20.740 Node, and if I just press into the Prometheus node, is listening on Port 9100. 01:20.880 --> 01:26.170 OK, so right away, that service is accessible via Port 9100 myself. 01:26.170 --> 01:30.190 OK, so that address the IP address of your server. 01:30.220 --> 01:33.450 My My SQL server was that ago matrix? 01:33.730 --> 01:35.890 That's the matrix coming for myself and my master. 01:35.890 --> 01:41.410 Your server doesn't have a dedicated firewall, but I do have IP tables installed on it, and I'm using 01:41.410 --> 01:45.700 that to block the SQL port three three zero six two only microphone a server. 01:45.760 --> 01:52.660 So if you want to continue using IP tables, you can create some rules to only allow your Gravano server 01:52.660 --> 01:55.960 or Prometheus server to access Port nine one hundred and drop everything else. 01:55.960 --> 02:01.000 Or I'm going to set up the dedicated firewall in teacher location this time. 02:01.090 --> 02:07.000 OK, some of my digital ocean networking tab firewalls I encouraged did a kind of firewall yet digitalisation 02:07.000 --> 02:08.520 for my MySchool service, and I do that now. 02:08.530 --> 02:13.000 If you're using I was, you would have had a security group for your server when you created it, but 02:13.000 --> 02:14.290 it's a very similar process. 02:14.320 --> 02:19.210 This is actually much easier to use an IP table, so I recommend using the firewall that your cloud 02:19.210 --> 02:21.470 provider gives you to manage access to your service. 02:21.490 --> 02:24.370 So I want to create a new rule custom for nine 100. 02:25.550 --> 02:33.620 I want to only allow my Prometheus service access to that, and that is running on my Safana server. 02:33.650 --> 02:35.390 He could be running on his own server if you want to. 02:35.450 --> 02:41.510 The Pipefitters of Mega-fauna server is that so I'm going to allow just that IP address to query on 02:41.510 --> 02:46.160 Port nine 100 since I'm running my show on that server as well, I'm going to add another one as well. 02:46.280 --> 02:51.380 My skill three three zero six also only could allow that IP address. 02:51.440 --> 02:52.840 And so OK. 02:52.850 --> 02:56.510 So three, three, zero six and four S.H. all configured that. 02:56.510 --> 03:01.370 Also, I'm only going to allow the IP address of this actual server that I'm making this video from 03:01.370 --> 03:02.900 to access this S-H port. 03:02.930 --> 03:07.340 Twenty two, what is my IP I go into? 03:07.640 --> 03:10.220 I'm going to call this my skill. 03:10.220 --> 03:11.000 That's my rule. 03:11.920 --> 03:16.330 And I'm going to apply it to my my SQL server there. 03:16.690 --> 03:17.190 There we go. 03:17.270 --> 03:18.100 Great Firewall. 03:18.610 --> 03:19.360 OK, so there we go. 03:19.360 --> 03:24.970 I recommend using the firewall option provided by your cloud provider, but you could also use IP tables 03:24.970 --> 03:28.450 to restrict access to ports, a certain IP addresses as well. 03:28.480 --> 03:33.010 If you want to use that method now continuing, I should no longer be able to access that port over 03:33.010 --> 03:33.550 the internet. 03:33.580 --> 03:39.520 So if I just refresh that one, that will eventually timeout, but I should be able to access it from 03:39.520 --> 03:42.070 my grandfather server where my Prometheus service is running. 03:42.120 --> 03:43.900 OK, so upload onto Mega-fauna server. 03:43.900 --> 03:48.380 Now, with the Prometheus services running in, I should be able to access that curl. 03:48.400 --> 03:55.380 That's the IP address of my My SQL Server Port 9100 metrics and its response. 03:55.390 --> 03:56.440 So let me go my pomace. 03:56.440 --> 04:02.530 Your service can access the node exporter on that server once I configured it, but I can see that the 04:02.530 --> 04:06.370 firewall that I've set up in my cloud provider is working as expected. 04:06.400 --> 04:11.830 OK, so now to go on to the Prometheus service and configure a new scrape target that will pull the 04:11.830 --> 04:14.140 metrics from that, you know, export up. 04:14.170 --> 04:18.790 So on microphone, a server with the Prometheus services running, we're going to edit the Prometheus 04:18.790 --> 04:19.330 voicemail. 04:19.360 --> 04:22.270 OK, so down in our ADC, Prometheus, Prometheus, why? 04:22.600 --> 04:29.890 And if I scroll down to the scribe targets or the script config, there is ActionScript conflicts gave 04:29.920 --> 04:30.490 it further. 04:30.730 --> 04:32.680 There's a job name called Node. 04:32.710 --> 04:35.770 So we already have one target their local host, not 100. 04:35.770 --> 04:39.820 I'm going to add another target being this are the server targets. 04:41.540 --> 04:45.470 That was the IP address, Colin, no, I 100 finished it off. 04:45.590 --> 04:51.290 OK, so I have to static conflicts for the job note, and that will rate the metrics from that server 04:51.290 --> 04:51.730 as well. 04:51.740 --> 04:59.690 So Control X to say yes, we need to restart Prometheus two Prometheus restart and we'll check its status. 05:00.560 --> 05:02.120 And so that looks good. 05:02.240 --> 05:08.060 Control C to get out of that, they go back into this not exported dashboard on Bafana for just refresh 05:08.060 --> 05:08.720 the screen. 05:09.690 --> 05:16.140 I now have another server showing up down here, so hostname MySchool, so we got that hostname automatically 05:16.140 --> 05:17.580 and then the statistics about it. 05:17.760 --> 05:20.100 So we'll start to see information about. 05:21.160 --> 05:27.450 My mosque, your server selected there, I can filter by either server by pressing those, these node 05:27.460 --> 05:29.500 graphs are overall down here. 05:29.500 --> 05:35.260 We can have the resources Agraféna I can see I've used 19 per cent disk space on a server. 05:35.440 --> 05:37.600 What changed that to my my SQL server? 05:37.840 --> 05:42.700 I can see I've used 14 per cent disk space and a messy internet traffic. 05:43.510 --> 05:46.990 There will be more data as time goes on by use. 05:46.990 --> 05:52.060 Local host I can see I have much more data for the local node export on that server. 05:52.150 --> 05:54.550 OK, so that's what we have now won Prometheus service. 05:54.550 --> 05:58.150 It's running a Mega-fauna server because that was a good place to put it, and it could be on its own 05:58.150 --> 05:58.870 server if you need it. 05:58.870 --> 06:03.940 And I have to not export us now, you can go and create as many node exporters as you like and just 06:03.940 --> 06:10.030 keep adding the targets in your scrape configs, the job name node so you can have as many of those 06:10.030 --> 06:10.600 as you like. 06:10.630 --> 06:13.720 OK, so also another consideration is Engine X. 06:13.720 --> 06:18.280 When I've added my other scrape config, I just look at it again. 06:19.360 --> 06:25.090 I added the target as the IP address nine 100 now, I could have also set up a firewall rule for the 06:25.090 --> 06:26.650 VPC IP address. 06:26.690 --> 06:34.750 So if I go to VPC here and I look at the service in my Amsterdam, VPC, the members, I could have 06:34.750 --> 06:40.120 allowed this private IP address instead of the external IP address and configured it there as well. 06:40.150 --> 06:44.860 Now that's a better way to do it if you're lucky enough to have service on the same VPC or network. 06:44.950 --> 06:49.150 But I'm just showing you how to do it across the internet anyway if you need to, in case your server 06:49.150 --> 06:51.010 isn't on the same cloud provider, for example. 06:51.010 --> 06:55.870 But also another consideration is that if your servers are not on the same cloud provider and you can't 06:55.870 --> 07:00.370 set up a VPC, you should encrypt that traffic as it's traveling across the internet. 07:00.370 --> 07:04.200 For that, you could set up an internet service proxy on that server. 07:04.210 --> 07:08.830 I could create a new domain name, for example, was killed or a code dot net and send that to that 07:08.830 --> 07:10.400 IP address of a muscular server. 07:10.420 --> 07:15.850 I then get an SSL certificate and sent set up an index reverse proxy, and I'd add a location called 07:15.850 --> 07:19.160 Metrix Proxy passing to local host nominative metrics. 07:19.180 --> 07:21.780 OK, so be aware of your servers are on the internet. 07:21.790 --> 07:25.960 Data should be encrypted and using it and next birth proxy is a good way of doing that. 07:25.960 --> 07:26.380 OK? 07:26.400 --> 07:26.860 Excellent. 07:27.130 --> 07:32.020 So that's what we have a Prometheus data source, Prometheus service and to note exporters, it can 07:32.020 --> 07:32.800 have as many as you like.