tsungtwu

global:
  scrape_timeout:  10s
  scrape_interval: 15s
  external_labels:
    cluster: 'MY CLUSTER NAME'

# alternatively can be found via consul -- for details see
# https://prometheus.io/docs/prometheus/latest/migration/#alertmanager-service-discovery
alerting:
  alertmanagers:

tsungtwu

###################################################
##
## Alertmanager YAML configuration for routing.
##
## Will route alerts with a code_owner label to the slack-code-owners receiver 
## configured above, but will continue processing them to send to both a
## central Slack channel (slack-monitoring) and PagerDuty receivers
## (pd-warning and pd-critical)
##

tsungtwu

-- Get Max ID from table
SELECT MAX(id) FROM table;

-- Get Next ID from table
SELECT nextval('table_id_seq');

-- Set Next ID Value to MAX ID
SELECT setval('table_id_seq', (SELECT MAX(id) FROM table));

tsungtwu

"""
## Install the Django reverse proxy package: `pip install django-revproxy`

## Enable auth.proxy authentication in Grafana like the following

```
[auth.proxy]
enabled = true
header_name = X-WEBAUTH-USER
header_property = username

tsungtwu

-- show running queries (pre 9.2)
SELECT procpid, age(clock_timestamp(), query_start), usename, current_query 
FROM pg_stat_activity 
WHERE current_query != '<IDLE>' AND current_query NOT ILIKE '%pg_stat_activity%' 
ORDER BY query_start desc;

-- show running queries (9.2)
SELECT pid, age(clock_timestamp(), query_start), usename, query 
FROM pg_stat_activity 
WHERE query != '<IDLE>' AND query NOT ILIKE '%pg_stat_activity%' 

tsungtwu

README

Create a template service file at /etc/systemd/system/secure-tunnel@.service. The template parameter will correspond to the name of target host:

[Unit]
Description=Setup a secure tunnel to %I
After=network.target

tsungtwu

/**

Example of how to configure Nginx for signed urls. Make sure to replace YOUR_URL_SECRET_KEY_HERE with your url signing key

location /secrets/ {
    # Headers for debugging
    add_header X-Secure-Uri "$uri";
    add_header X-Secure-Ip "$remote_addr";
    add_header X-Secure-Expires "$arg_expires";

tsungtwu

Configure Nginx Reverse Proxy as failover

In this exemple of configuration, if the first server fail (proxy_connect_timeout) one time (max_fails), the second server will be used for 60s (fail_timeout).

The SSL certificate need to be configure on the ReverseProxy server AND the proxyied servers. You can use the same certificate and configurations on all servers.

To test the configuration you can change your host file to simulate the correct domain name.

Use the following tool to configure SSL with optimal configuration.

tsungtwu

sudo useradd --no-create-home --shell /bin/false node_exporter

curl -fsSL https://github.com/prometheus/node_exporter/releases/download/v0.17.0/node_exporter-0.17.0.linux-amd64.tar.gz \
  | sudo tar -zxvf - -C /usr/local/bin --strip-components=1 node_exporter-0.17.0.linux-amd64/node_exporter \
  && sudo chown node_exporter:node_exporter /usr/local/bin/node_exporter

tsungtwu

• What do Etcd, Consul, and Zookeeper do?
  • Service Registration:
    • Host, port number, and sometimes authentication credentials, protocols, versions numbers, and/or environment details.
  • Service Discovery:
    • Ability for client application to query the central registry to learn of service location.
  • Consistent and durable general-purpose K/V store across distributed system.
    • Some solutions support this better than others.
    • Based on Paxos or some derivative (i.e. Raft) algorithm to quickly converge to a consistent state.
• Centralized locking can be based on this K/V store.