service/prometheus.md

@@ -2566,21 +2566,15 @@ details.
 
 ## Monitoring and metrics
 
-The server is monitored for basic system-level metrics by Nagios. It
-also monitors itself for system-level metrics but also
-application-specific metrics.
-
-Actual metrics *may* contain PII, although it's quite unlikely:
-typically, data is anonymized and aggregated at collection time. It
-would still be able to deduce some activity patterns from the metrics
-generated by Prometheus, and use it to leverage side-channel attacks,
-which is why the external Prometheus server access is restricted.
+The server monitors itself for system-level metrics but also
+application-specific metrics. There's a long-term plan for
+high-availability in [TPA-RFC-33-C](https://gitlab.torproject.org/groups/tpo/tpa/-/milestones/15).
 
 Metrics are held for about a year or less, depending on the server,
 see [ticket 29388][] for storage requirements and possible
 alternatives for data retention policies.
 
-Note that [TPA-RFC-33][] discusses alternative metrics retention
+Note that [TPA-RFC-33][] also discusses alternative metrics retention
 policies.
 
 [TPA-RFC-33]: policy/tpa-rfc-33-monitoring
@@ -2602,6 +2596,12 @@ Prometheus servers typically do not generate many logs, except when
 errors and warnings occur. They should hold very little PII. The web
 frontends collect logs in accordance with our regular policy.
 
+Actual metrics *may* contain PII, although it's quite unlikely:
+typically, data is anonymized and aggregated at collection time. It
+would still be able to deduce some activity patterns from the metrics
+generated by Prometheus, and use it to leverage side-channel attacks,
+which is why the external Prometheus server access is restricted.
+
 ## Backups
 
 Prometheus servers should be fully configured through Puppet and