1
00:00:00,120 --> 00:00:06,720
OK, so now let's install a second node exporter on another server and read the information using the

2
00:00:06,720 --> 00:00:08,039
Prometheus service.

3
00:00:08,070 --> 00:00:13,200
This is the node exporter or Prometheus dashboard has been running for a few days now, and it's very

4
00:00:13,200 --> 00:00:16,250
impressive full of information, but it's only looking at one instance.

5
00:00:16,260 --> 00:00:17,880
That's my local hostname of 100.

6
00:00:17,910 --> 00:00:24,390
What I'll do is configure the Prometheus service here to query and not export on another server.

7
00:00:24,420 --> 00:00:30,030
So in this video will install a node exporter on another server being the Moscow server because we already

8
00:00:30,030 --> 00:00:35,520
have it from early on in the course and then we'll see statistics about that server in this dashboard

9
00:00:35,610 --> 00:00:36,210
as well.

10
00:00:36,300 --> 00:00:39,090
OK, so log on to your other server, your mask.

11
00:00:39,090 --> 00:00:41,470
Your server is a good choice for that.

12
00:00:41,750 --> 00:00:42,710
So I've logged on.

13
00:00:42,720 --> 00:00:48,560
I'm now going to install the Prometheus node exporter, so I don't need to install Prometheus this time.

14
00:00:48,570 --> 00:00:50,130
It's just a node exporter component.

15
00:00:50,130 --> 00:00:54,180
I want so copy that Abe to install Prometheus node exporter.

16
00:00:55,050 --> 00:00:55,620
Yes.

17
00:00:57,310 --> 00:01:02,620
OK, we can check its status because it would have already started it, I got active running.

18
00:01:02,770 --> 00:01:03,220
Excellent.

19
00:01:03,910 --> 00:01:07,540
It's also created a user called Prometheus so we can inspect.

20
00:01:07,720 --> 00:01:08,920
So I'm just going to copy the whole lot.

21
00:01:09,550 --> 00:01:15,730
And the video ID Prometheus Prometheus in the group's Prometheus is using one service called Prometheus

22
00:01:15,730 --> 00:01:20,740
Node, and if I just press into the Prometheus node, is listening on Port 9100.

23
00:01:20,880 --> 00:01:26,170
OK, so right away, that service is accessible via Port 9100 myself.

24
00:01:26,170 --> 00:01:30,190
OK, so that address the IP address of your server.

25
00:01:30,220 --> 00:01:33,450
My My SQL server was that ago matrix?

26
00:01:33,730 --> 00:01:35,890
That's the matrix coming for myself and my master.

27
00:01:35,890 --> 00:01:41,410
Your server doesn't have a dedicated firewall, but I do have IP tables installed on it, and I'm using

28
00:01:41,410 --> 00:01:45,700
that to block the SQL port three three zero six two only microphone a server.

29
00:01:45,760 --> 00:01:52,660
So if you want to continue using IP tables, you can create some rules to only allow your Gravano server

30
00:01:52,660 --> 00:01:55,960
or Prometheus server to access Port nine one hundred and drop everything else.

31
00:01:55,960 --> 00:02:01,000
Or I'm going to set up the dedicated firewall in teacher location this time.

32
00:02:01,090 --> 00:02:07,000
OK, some of my digital ocean networking tab firewalls I encouraged did a kind of firewall yet digitalisation

33
00:02:07,000 --> 00:02:08,520
for my MySchool service, and I do that now.

34
00:02:08,530 --> 00:02:13,000
If you're using I was, you would have had a security group for your server when you created it, but

35
00:02:13,000 --> 00:02:14,290
it's a very similar process.

36
00:02:14,320 --> 00:02:19,210
This is actually much easier to use an IP table, so I recommend using the firewall that your cloud

37
00:02:19,210 --> 00:02:21,470
provider gives you to manage access to your service.

38
00:02:21,490 --> 00:02:24,370
So I want to create a new rule custom for nine 100.

39
00:02:25,550 --> 00:02:33,620
I want to only allow my Prometheus service access to that, and that is running on my Safana server.

40
00:02:33,650 --> 00:02:35,390
He could be running on his own server if you want to.

41
00:02:35,450 --> 00:02:41,510
The Pipefitters of Mega-fauna server is that so I'm going to allow just that IP address to query on

42
00:02:41,510 --> 00:02:46,160
Port nine 100 since I'm running my show on that server as well, I'm going to add another one as well.

43
00:02:46,280 --> 00:02:51,380
My skill three three zero six also only could allow that IP address.

44
00:02:51,440 --> 00:02:52,840
And so OK.

45
00:02:52,850 --> 00:02:56,510
So three, three, zero six and four S.H. all configured that.

46
00:02:56,510 --> 00:03:01,370
Also, I'm only going to allow the IP address of this actual server that I'm making this video from

47
00:03:01,370 --> 00:03:02,900
to access this S-H port.

48
00:03:02,930 --> 00:03:07,340
Twenty two, what is my IP I go into?

49
00:03:07,640 --> 00:03:10,220
I'm going to call this my skill.

50
00:03:10,220 --> 00:03:11,000
That's my rule.

51
00:03:11,920 --> 00:03:16,330
And I'm going to apply it to my my SQL server there.

52
00:03:16,690 --> 00:03:17,190
There we go.

53
00:03:17,270 --> 00:03:18,100
Great Firewall.

54
00:03:18,610 --> 00:03:19,360
OK, so there we go.

55
00:03:19,360 --> 00:03:24,970
I recommend using the firewall option provided by your cloud provider, but you could also use IP tables

56
00:03:24,970 --> 00:03:28,450
to restrict access to ports, a certain IP addresses as well.

57
00:03:28,480 --> 00:03:33,010
If you want to use that method now continuing, I should no longer be able to access that port over

58
00:03:33,010 --> 00:03:33,550
the internet.

59
00:03:33,580 --> 00:03:39,520
So if I just refresh that one, that will eventually timeout, but I should be able to access it from

60
00:03:39,520 --> 00:03:42,070
my grandfather server where my Prometheus service is running.

61
00:03:42,120 --> 00:03:43,900
OK, so upload onto Mega-fauna server.

62
00:03:43,900 --> 00:03:48,380
Now, with the Prometheus services running in, I should be able to access that curl.

63
00:03:48,400 --> 00:03:55,380
That's the IP address of my My SQL Server Port 9100 metrics and its response.

64
00:03:55,390 --> 00:03:56,440
So let me go my pomace.

65
00:03:56,440 --> 00:04:02,530
Your service can access the node exporter on that server once I configured it, but I can see that the

66
00:04:02,530 --> 00:04:06,370
firewall that I've set up in my cloud provider is working as expected.

67
00:04:06,400 --> 00:04:11,830
OK, so now to go on to the Prometheus service and configure a new scrape target that will pull the

68
00:04:11,830 --> 00:04:14,140
metrics from that, you know, export up.

69
00:04:14,170 --> 00:04:18,790
So on microphone, a server with the Prometheus services running, we're going to edit the Prometheus

70
00:04:18,790 --> 00:04:19,329
voicemail.

71
00:04:19,360 --> 00:04:22,270
OK, so down in our ADC, Prometheus, Prometheus, why?

72
00:04:22,600 --> 00:04:29,890
And if I scroll down to the scribe targets or the script config, there is ActionScript conflicts gave

73
00:04:29,920 --> 00:04:30,490
it further.

74
00:04:30,730 --> 00:04:32,680
There's a job name called Node.

75
00:04:32,710 --> 00:04:35,770
So we already have one target their local host, not 100.

76
00:04:35,770 --> 00:04:39,820
I'm going to add another target being this are the server targets.

77
00:04:41,540 --> 00:04:45,470
That was the IP address, Colin, no, I 100 finished it off.

78
00:04:45,590 --> 00:04:51,290
OK, so I have to static conflicts for the job note, and that will rate the metrics from that server

79
00:04:51,290 --> 00:04:51,730
as well.

80
00:04:51,740 --> 00:04:59,690
So Control X to say yes, we need to restart Prometheus two Prometheus restart and we'll check its status.

81
00:05:00,560 --> 00:05:02,120
And so that looks good.

82
00:05:02,240 --> 00:05:08,060
Control C to get out of that, they go back into this not exported dashboard on Bafana for just refresh

83
00:05:08,060 --> 00:05:08,720
the screen.

84
00:05:09,690 --> 00:05:16,140
I now have another server showing up down here, so hostname MySchool, so we got that hostname automatically

85
00:05:16,140 --> 00:05:17,580
and then the statistics about it.

86
00:05:17,760 --> 00:05:20,100
So we'll start to see information about.

87
00:05:21,160 --> 00:05:27,450
My mosque, your server selected there, I can filter by either server by pressing those, these node

88
00:05:27,460 --> 00:05:29,500
graphs are overall down here.

89
00:05:29,500 --> 00:05:35,260
We can have the resources Agraféna I can see I've used 19 per cent disk space on a server.

90
00:05:35,440 --> 00:05:37,600
What changed that to my my SQL server?

91
00:05:37,840 --> 00:05:42,700
I can see I've used 14 per cent disk space and a messy internet traffic.

92
00:05:43,510 --> 00:05:46,990
There will be more data as time goes on by use.

93
00:05:46,990 --> 00:05:52,060
Local host I can see I have much more data for the local node export on that server.

94
00:05:52,150 --> 00:05:54,550
OK, so that's what we have now won Prometheus service.

95
00:05:54,550 --> 00:05:58,150
It's running a Mega-fauna server because that was a good place to put it, and it could be on its own

96
00:05:58,150 --> 00:05:58,870
server if you need it.

97
00:05:58,870 --> 00:06:03,940
And I have to not export us now, you can go and create as many node exporters as you like and just

98
00:06:03,940 --> 00:06:10,030
keep adding the targets in your scrape configs, the job name node so you can have as many of those

99
00:06:10,030 --> 00:06:10,600
as you like.

100
00:06:10,630 --> 00:06:13,720
OK, so also another consideration is Engine X.

101
00:06:13,720 --> 00:06:18,280
When I've added my other scrape config, I just look at it again.

102
00:06:19,360 --> 00:06:25,090
I added the target as the IP address nine 100 now, I could have also set up a firewall rule for the

103
00:06:25,090 --> 00:06:26,650
VPC IP address.

104
00:06:26,690 --> 00:06:34,750
So if I go to VPC here and I look at the service in my Amsterdam, VPC, the members, I could have

105
00:06:34,750 --> 00:06:40,120
allowed this private IP address instead of the external IP address and configured it there as well.

106
00:06:40,150 --> 00:06:44,860
Now that's a better way to do it if you're lucky enough to have service on the same VPC or network.

107
00:06:44,950 --> 00:06:49,150
But I'm just showing you how to do it across the internet anyway if you need to, in case your server

108
00:06:49,150 --> 00:06:51,010
isn't on the same cloud provider, for example.

109
00:06:51,010 --> 00:06:55,870
But also another consideration is that if your servers are not on the same cloud provider and you can't

110
00:06:55,870 --> 00:07:00,370
set up a VPC, you should encrypt that traffic as it's traveling across the internet.

111
00:07:00,370 --> 00:07:04,200
For that, you could set up an internet service proxy on that server.

112
00:07:04,210 --> 00:07:08,830
I could create a new domain name, for example, was killed or a code dot net and send that to that

113
00:07:08,830 --> 00:07:10,400
IP address of a muscular server.

114
00:07:10,420 --> 00:07:15,850
I then get an SSL certificate and sent set up an index reverse proxy, and I'd add a location called

115
00:07:15,850 --> 00:07:19,160
Metrix Proxy passing to local host nominative metrics.

116
00:07:19,180 --> 00:07:21,780
OK, so be aware of your servers are on the internet.

117
00:07:21,790 --> 00:07:25,960
Data should be encrypted and using it and next birth proxy is a good way of doing that.

118
00:07:25,960 --> 00:07:26,380
OK?

119
00:07:26,400 --> 00:07:26,860
Excellent.

120
00:07:27,130 --> 00:07:32,020
So that's what we have a Prometheus data source, Prometheus service and to note exporters, it can

121
00:07:32,020 --> 00:07:32,800
have as many as you like.