Tinker: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
Line 227: Line 227:
443
443


 
</pre>
 
<pre>




Revision as of 03:36, 28 February 2023

Overview

This machine has put Keres out of service.

TrueNas VM

Hardware

  • Virtual CPUs: 1
  • Cores: 1
  • Threads: 1
  • Memory Size: 1.00 GiB
  • System Clock: LOCAL
  • Com Port: /dev/nmdm1B

Services / Apps

Prometheus

Prometheus mDNS discovery

Reference:

https://github.com/msiebuhr/prometheus-mdns-sd

Compiled, then copied the binary to the prometheus /usr/local/prometheus-X/ dir.

Created service:

file: /etc/systemd/system/prometheus-mdns.service 

[Unit]
Description=mDNS Discovery for Prometheus
Documentation=https://github.com/msiebuhr/prometheus-mdns-sd
After=network-online.target

[Service]
User=prometheus
Group=prometheus
Restart=on-failure
ExecStart=/usr/local/prometheus-2.40.3.linux-amd64/prometheus-mdns-sd -out /usr/local/prometheus-2.40.3.linux-amd64/mdns-sd.json

[Install]
WantedBy=multi-user.target

Grafana

to do https://grafana.com/docs/grafana/latest/installation

Prometheus Setup

by hand in a screen, ghetto style 

/usr/local/prometheus/prometheus-2.14.0.linux-amd64

./prometheus

service file: /etc/systemd/system/prometheus.service 

[Unit]
Description=mDNS Discovery for Prometheus
Documentation=https://github.com/msiebuhr/prometheus-mdns-sd
After=network-online.target

[Service]
User=prometheus
Group=prometheus
Restart=on-failure
ExecStart=/usr/local/prometheus-2.40.3.linux-amd64/prometheus-mdns-sd -out /usr/local/prometheus-2.40.3.linux-amd64/mdns-sd.json

[Install]
WantedBy=multi-user.target

root@tinker:/usr/local# cat /etc/systemd/system/prometheus.service
[Unit]
Description=Prometheus Server
Documentation=https://prometheus.io/docs/introduction/overview/
After=network-online.target

[Service]
User=prometheus
Group=prometheus
Restart=on-failure
ExecStart=/usr/local/prometheus-2.40.3.linux-amd64/prometheus \
  --config.file=/usr/local/prometheus-2.40.3.linux-amd64/prometheus.yml \
  --storage.tsdb.path=/usr/local/prometheus-2.40.3.linux-amd64/data \
  --storage.tsdb.retention.time=3650d

[Install]
WantedBy=multi-user.target

prometheus.yaml 


# my global config
global:
  scrape_interval:     1m # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 1m # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
  - static_configs:
    - targets:
      # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'
    static_configs:
    - targets: ['localhost:9090']
      labels:
        name: keres
  - job_name: 'pi-htu21d'
    static_configs:
    # - targets: ['192.168.1.113:8000']
    - targets: ['10.23.45.6:8000']
      labels:
        name: pi
        device: htu21d
  - job_name: 'pi-node-exporter'
    static_configs:
    - targets: ['10.3.45.6:9100']
      labels:
        name: pi
  - job_name: 'thelaptop'
    static_configs:
    - targets: ['192.168.1.120:9100']
      labels:
        name: thelaptop

MineCraft Setup

manual DL of binary jar

by hand: 

/data/minecraft_server.1.15.2

run.sh 

#!/bin/sh
java -Xmx1024M -Xms1024M -jar minecraft_server.1.15.2.java nogui


Todo

  • nagios
  • prometheus
  • grafana
  • apache
  • certbot


  • Harden
  • firewalld - kicked out , not good logging features, so now have iptables back in and firewalld disabled.
  • Wifi - none - disabled for now.
  • snmp
  • powertop tuning
  • systemd bootchart.conf(5)
  • services
Service Software process status notes
firewall iptables n/a DONE not using firewalld due to lack of default deny log.
web apache httpd DONE
ntp chrony chronyd DONE
monitoring misc n/a PENDING still looking at optins, possibly ganglia / collectd / statsd
sql mariadb mysqld DONE and backups done.
dns isc bind named DONE really need to try something new here.
  • Smokeping

athena -> keres data sync

time /usr/bin/rsync -avzr /etc/ /mnt/keres/data/athena/etc --stats
time /usr/bin/rsync -avzr /var/bind/ /mnt/keres/data/athena/var/bind --stats


Interfaces

ip link set  wlp2s0 down


Firewall

ports and services 

22
80
8080 
8443
443


See Also

Retrieved from "https://wiki.quadratic.net/index.php?title=Tinker&oldid=31577"