Hardware setup:
-
3x 4TB HDDs in RAID5 configuration (hardware or software, doesn’t matter)
-
1x 256GB SSD for DB cache and swap
-
32GB RAM
Machine has a hardware RAID controller which can be used.
Otherwise, software RAID can be configured during install.
Follow standard setup, install OS to RAID.
Partition the SSD with 32GB for swap, remainder partitioned but setup as cache post install
Database will be stored in /var/lib/influxdb so should be on its on LV with most of the space of the raid
Post install, do the following
(replace <vg> with volume group, likely something like "centos_severname", and <ssd> with SSD cache partition make in
install, and DB LV with <vg>/<data>. Check lsblk.)
vgextend <vg> /dev/<ssd> lvcreate --type cache --cachemode writethrough -L <size>G -n cache <vg>/<data> /dev/<ssd>
Size should be the size of the cache partition, less about 20 MB for metadata.
|
Tip
|
If SSD ever fails, you will need to remove with |
+ lvconvert --uncached <vg>/<data> vgreduce --removedmissing --force <vg>
InfluxDB is the timeseries database
Create /etc/yum.repos.d/influxdb.repo with contents
[influxdb] name = InfluxDB Repository - RHEL $releasever baseurl = https://repos.influxdata.com/rhel/$releasever/$basearch/stable enabled = 1 gpgcheck = 1 gpgkey = https://repos.influxdata.com/influxdb.key EOF
Install
yum install influxdb
Enable at startup and run
systemctl enable influxdb systemctl start influxdb
Next, setup up accounts with the minimum required privileges.
-
Create an admin user. Run the
influxCLI and enter:create user admin with password '<password>' with all privileges
-
Create accounts for Grafana and Telegraf instances
create user "grafana" with password '<pwd>' create user "telegraf" with password '<pwd>'
-
Setup permissions for non-admin accounts
grant read on "ops" to "grafana" grant write on "ops" to "telegraf"
-
Enable enforcing by editing
/etc/influxdb/influxdb.confto setauth-enabledoption totruein the[http]section. Eg:[http] enabled = true bind-address = ":8086" auth-enabled = true # ✨ log-enabled = true write-tracing = false pprof-enabled = false https-enabled = true https-certificate = "/etc/ssl/influxdb.pem"
Restart InfluxDB server with
systemctl restart influxdb
Create /etc/yum.repos.d/grafana.repo with contents
[grafana] name=grafana baseurl=https://packages.grafana.com/oss/rpm repo_gpgcheck=1 enabled=1 gpgcheck=1 gpgkey=https://packages.grafana.com/gpg.key sslverify=1 sslcacert=/etc/pki/tls/certs/ca-bundle.crt
Install
yum install grafana
Set to run on boot
systemctl daemon-reload systemctl start grafana-server systemctl enable grafana-server
Setup server-side image rendering:
yum install fontconfig yum install freetype* yum install urw-fonts
This allows alert emails to have rendered graphics
|
Important
|
Only do this if Grafana is the only HTTP(S) service you run on this machine, otherwise use a web server as a reverse proxy. |
Give the Grafana binary permissions to bind to ports less than 1024
setcap 'cap_net_bind_service=+ep' /usr/sbin/grafana-server
Then edit /etc/grafana/grafana.ini:
-
Set variable
http-portand set to80(or433if you are using HTTPS, see next section) -
Set
root_urltohttp://<mas_address>/(orhttps://…;)
Restart the server with
systemctl restart grafana-server
In [server] section of /etc/grafana/grafana.ini
-
Set
http-port = 433 -
Set
protocol = https -
Set the
cert_fileandcert_keyto the relevant path of your TLS cert and key. -
Set
root_urltohttps://<mas_address>/
firewall-cmd --add-service=http --permanent firewall-cmd --reload
|
Note
|
you may want to specify a subnet here |
From a browser: connect to http://mashost (perhaps localhost if you are running a GUI on your MAS)
Enter username/password admin/admin. You will then be prompted to change
this to something appropriate.
-
Open the side menu by clicking the Grafana icon in the top header.
-
In the side menu under the
Dashboardslink you should find a link namedData Sources. -
Click the
+ Add data sourcebutton in the top header. -
Select InfluxDB from the Type dropdown.
Enter the following fields
| Field | Content |
|---|---|
Name |
|
Default |
yes |
Url |
|
Access |
|
Database |
|
User |
|
Password |
Password entered earlier |
Grafana supports complex user configuration, however since we only need this to be accessible from the local site, it is likely simplest to have a single "operator" user.
|
Note
|
This may might not be accurate as new versions of Grafana have added the ability to directly add a user. |
By default Grafana will assume an account to be linked to an email address. We can bypass this however:
-
Go to menu:Configuration[Users] then press "Invite".
-
Enter "operator" in the "Email or Username" field and unselect "Send invite email".
-
You will be taken back to the users page. Select the "Pending Invites (1)" tab.
-
In the "operator" row, select "Copy Invite".
-
Paste the URL into the address bar
-
Give the operator a suitable password and set the email address to something dummy (eg "operator@localhost")
This is a fork of the open source project Telegraf, which includes some additional VLBI specific utilities.
Since VLBI domain is no longer available, this package must be provided directly.
Install with:
yum install telegraf_vlbi_0.3.x.rpm
Enable at startup and run with:
systemctl enable telegraf systemctl start telegraf
Edit /etc/telegraf/telegraf.conf
This may or may not be needed debending
Grafana runs it’s own production grade web server, however if you wish to expose Grafana and with other web apps, you will need to setup a reverse proxy using Apache or nginx. Here we document Apache
Install with
yum install httpd
and start with
systemctl start httpd
Edit the Apache httpd configuration to include
<VirtualHost *:80>
ServerName server.domain.com
RewriteEngine on
RewriteRule ^/?$ /grafana/ [R=permanent,L]
<Location "/grafana">
ProxyPass http://localhost:3000
</Location>
ProxyPassReverse /grafana http://localhost:3000
</VirtualHost>
Ensure Grafana has the correct root URL by editing /etc/grafana/grafana.ini to
contain
[server] ... root_url = http://server.domain.com/ ...