... | ... | @@ -657,6 +657,33 @@ There is no issue tracker specifically for this project, [File][new-ticket] or |
|
|
[new-ticket]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/new
|
|
|
[search]: https://gitlab.torproject.org/tpo/tpa/team/-/issues
|
|
|
|
|
|
## Maintainer, users, and upstream
|
|
|
|
|
|
The Prometheus services have been setup and are managed by anarcat
|
|
|
inside TPA. The internal Prometheus server is mostly used by TPA staff
|
|
|
to diagnose issues. The external Prometheus server is used by various
|
|
|
TPO teams for their own monitoring needs.
|
|
|
|
|
|
The upstream Prometheus projects are diverse and generally active as
|
|
|
of early 2021. Since Prometheus is used as an ad-hoc standard in the
|
|
|
new "cloud native" communities like Kubernetes, it has seen an upsurge
|
|
|
of development and interest from various developers, and
|
|
|
companies. The future of Prometheus should therefore be fairly bright.
|
|
|
|
|
|
The individual exporters, however, can be hit and miss. Some exporters
|
|
|
are "code dumps" from companies and not very well maintained. For
|
|
|
example, [Digital Ocean](https://github.com/digitalocean/) dumped the [bind_exporter](https://github.com/digitalocean/bind_exporter/) on GitHub,
|
|
|
but it was [salvaged](https://github.com/prometheus-community/bind_exporter/issues/55) by the [Prometheus community](https://github.com/prometheus-community/community/issues/15).
|
|
|
|
|
|
Another important layer is the large amount of Puppet code that is
|
|
|
used to deploy Prometheus and its components. This is all part of a
|
|
|
big Puppet module, [puppet-prometheus](https://github.com/voxpupuli/puppet-prometheus/), managed by the [voxpupuli
|
|
|
collective](https://github.com/voxpupuli). Our integration with the module is not yet complete:
|
|
|
we have a lot of glue code on top of it to correctly make it work with
|
|
|
Debian packages. A lot of work has been done to complete that work by
|
|
|
anarcat, but work still remains, see [upstream issue 32](https://github.com/voxpupuli/puppet-prometheus/issues/32) for
|
|
|
details.
|
|
|
|
|
|
## Monitoring and testing
|
|
|
|
|
|
Prometheus doesn't have specific tests, but there *is* a test suite in
|
... | ... | @@ -678,6 +705,13 @@ would still be able to deduce some activity patterns from the metrics |
|
|
generated by Prometheus, and use it to leverage side-channel attacks,
|
|
|
which is why the external Prometheus server access is restricted.
|
|
|
|
|
|
## Backups
|
|
|
|
|
|
Prometheus servers should be fully configured through Puppet and
|
|
|
require little backups. The metrics themselves are kept in
|
|
|
`/var/lib/prometheus2` and should be backed up along with our regular
|
|
|
[backup procedures](howto/backup).
|
|
|
|
|
|
## Other documentation
|
|
|
|
|
|
* [Prometheus home page](https://prometheus.io/)
|
... | ... | |