From d9b268ac77c5f7dc1d9ca77aa4f8e87b66646fb1 Mon Sep 17 00:00:00 2001 From: Ruslan Gilfanov Date: Sun, 21 Jun 2026 18:55:45 +0300 Subject: [PATCH] =?UTF-8?q?fr1:=20=D1=81=D1=82=D0=B5=D0=BA=20=D0=BC=D0=BE?= =?UTF-8?q?=D0=BD=D0=B8=D1=82=D0=BE=D1=80=D0=B8=D0=BD=D0=B3=D0=B0=20(prome?= =?UTF-8?q?theus+grafana+node-exporter+cadvisor)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- servers/fr1.md | 9 +++ stacks/monitoring/.env.example | 1 + stacks/monitoring/docker-compose.yml | 74 +++++++++++++++++++ .../provisioning/datasources/datasource.yml | 8 ++ stacks/monitoring/prometheus/prometheus.yml | 28 +++++++ 5 files changed, 120 insertions(+) create mode 100644 stacks/monitoring/.env.example create mode 100644 stacks/monitoring/docker-compose.yml create mode 100644 stacks/monitoring/grafana/provisioning/datasources/datasource.yml create mode 100644 stacks/monitoring/prometheus/prometheus.yml diff --git a/servers/fr1.md b/servers/fr1.md index 77dae2f..8d5086a 100644 --- a/servers/fr1.md +++ b/servers/fr1.md @@ -56,6 +56,15 @@ backend=systemd banaction=ufw - journald: `Storage=persistent`, `SystemMaxUse=500M`. - AppArmor включён; время — systemd-timesyncd. +## Docker +- Docker 29.6 + Compose v5.1 (официальный репозиторий). `rus` в группе docker. + +## Мониторинг (`~/monitoring`, stack в репо `stacks/monitoring/`) +- Стек: **Prometheus + Grafana + node-exporter + cAdvisor** (docker compose). +- Prometheus: retention 90d, слушает `127.0.0.1:9090`. Скрейпит node-exporter + cadvisor (job'ы `node`/`cadvisor`, instance `fr1`). +- Grafana: `127.0.0.1:3000` (наружу не торчит), datasource Prometheus провижится автоматически. Доступ — SSH-туннель. Пароль admin — в `~/monitoring/docker-compose.yml` на сервере (в репо вынесен в `${GF_ADMIN_PASSWORD}`). +- Планируется: VPN-экспортёры (wireguard/openvpn/telemt) + подключение `de1` по туннелю. + ## Telegram-уведомления - Бот @ultimate_log_bot. Конфиг `/etc/tg-notify.conf` (chmod 600, токен+chat_id — секрет на сервере). - `/usr/local/bin/tg-notify.sh "msg"` — универсальная отправка (HTML, префикс hostname). diff --git a/stacks/monitoring/.env.example b/stacks/monitoring/.env.example new file mode 100644 index 0000000..d8a892c --- /dev/null +++ b/stacks/monitoring/.env.example @@ -0,0 +1 @@ +GF_ADMIN_PASSWORD=changeme diff --git a/stacks/monitoring/docker-compose.yml b/stacks/monitoring/docker-compose.yml new file mode 100644 index 0000000..e030c91 --- /dev/null +++ b/stacks/monitoring/docker-compose.yml @@ -0,0 +1,74 @@ +name: monitoring + +services: + prometheus: + image: prom/prometheus:latest + container_name: prometheus + restart: unless-stopped + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--storage.tsdb.retention.time=90d' + - '--web.enable-lifecycle' + volumes: + - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro + - prometheus_data:/prometheus + ports: + - '127.0.0.1:9090:9090' + networks: [monitoring] + + grafana: + image: grafana/grafana:latest + container_name: grafana + restart: unless-stopped + environment: + GF_SECURITY_ADMIN_USER: admin + GF_SECURITY_ADMIN_PASSWORD: ${GF_ADMIN_PASSWORD:-admin} + GF_USERS_ALLOW_SIGN_UP: 'false' + GF_SERVER_ROOT_URL: http://localhost:3000 + volumes: + - grafana_data:/var/lib/grafana + - ./grafana/provisioning:/etc/grafana/provisioning:ro + ports: + - '127.0.0.1:3000:3000' + networks: [monitoring] + depends_on: [prometheus] + + node-exporter: + image: prom/node-exporter:latest + container_name: node-exporter + restart: unless-stopped + command: + - '--path.procfs=/host/proc' + - '--path.sysfs=/host/sys' + - '--path.rootfs=/rootfs' + - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + pid: host + networks: [monitoring] + + cadvisor: + image: gcr.io/cadvisor/cadvisor:latest + container_name: cadvisor + restart: unless-stopped + privileged: true + devices: + - /dev/kmsg + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/lib/docker/:/var/lib/docker:ro + - /dev/disk/:/dev/disk:ro + networks: [monitoring] + +volumes: + prometheus_data: + grafana_data: + +networks: + monitoring: + driver: bridge diff --git a/stacks/monitoring/grafana/provisioning/datasources/datasource.yml b/stacks/monitoring/grafana/provisioning/datasources/datasource.yml new file mode 100644 index 0000000..c9f4f3a --- /dev/null +++ b/stacks/monitoring/grafana/provisioning/datasources/datasource.yml @@ -0,0 +1,8 @@ +apiVersion: 1 +datasources: + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus:9090 + isDefault: true + editable: true diff --git a/stacks/monitoring/prometheus/prometheus.yml b/stacks/monitoring/prometheus/prometheus.yml new file mode 100644 index 0000000..7132766 --- /dev/null +++ b/stacks/monitoring/prometheus/prometheus.yml @@ -0,0 +1,28 @@ +global: + scrape_interval: 15s + evaluation_interval: 15s + external_labels: + monitor: ruzzy-infra + +scrape_configs: + - job_name: prometheus + static_configs: + - targets: ['localhost:9090'] + + - job_name: node + static_configs: + - targets: ['node-exporter:9100'] + labels: + instance: fr1 + + - job_name: cadvisor + static_configs: + - targets: ['cadvisor:8080'] + labels: + instance: fr1 + + # de1 будет добавлен позже (через туннель AmneziaWG): + # - job_name: node-de1 + # static_configs: + # - targets: ['10.8.1.X:9100'] + # labels: { instance: de1 }