Pineapple: Difference between revisions
Wikisailor (talk | contribs) |
Wikisailor (talk | contribs) No edit summary |
||
| Line 2: | Line 2: | ||
Pineapple, at x.x.x.130 on the Infra network, is the host to the Prometheus application to gather metrics from each VM host and from Pear using agents installed on each host. The partner application, Grafana hosted on '''[[Granadilla]]''' is used to view the data collected by Prometheus. | Pineapple, at x.x.x.130 on the Infra network, is the host to the Prometheus application to gather metrics from each VM host and from Pear using agents installed on each host. The partner application, Grafana hosted on '''[[Granadilla]]''' is used to view the data collected by Prometheus. | ||
===Security concerns=== | |||
The purpose of Prometheus is to gather data concerning all of the hosts on the network making it a good source of information to any hostile actor. Keeping it inside Infra and not publishing it's webserver to the Internet would be obvious security measures. Making specific aliases & rules on Pfsense for it to access it's agents would also be required actions (aliases for these obscure ports does make it a lot more secure and readable). | |||
==Prometheus Installation== | |||
The first thing was to create a VM in the Infra network and give it a hostname of Pineapple and IP/gateway (x.x.x.130/24) to match. To set the hostname & IP address just use the script but we must remember to edit the gateway address in /etc/netplan | |||
sudo nano /etc/netplan/some_config_file.yaml | |||
sudo netplan apply | |||
We need to make sure that the host is also listed in dns by logon to ctns1 and using the add_combined_hostadd.sh. Then we do the ubiquitous | |||
sudo apt update && sudo apt upgrade -y | |||
We will need wget and tar if they are not already installed | |||
sudo apt install -y wget tar | |||
Next we have to make a user "prometheus" for the application to run as | |||
sudo useradd --no-create-home --shell /bin/false prometheus | |||
and make some dirs with the user as owner | |||
sudo mkdir /etc/prometheus | |||
sudo mkdir /var/lib/prometheus | |||
sudo chown prometheus:prometheus /var/lib/prometheus | |||
To download the Prometheus application we use wget but we have to locate the up to date file so browse to https://prometheus.io/download/ find the file prometheus-x.x.x.linux-amd64.tar.gz and | |||
Revision as of 14:49, 4 June 2025
Introduction
Pineapple, at x.x.x.130 on the Infra network, is the host to the Prometheus application to gather metrics from each VM host and from Pear using agents installed on each host. The partner application, Grafana hosted on Granadilla is used to view the data collected by Prometheus.
Security concerns
The purpose of Prometheus is to gather data concerning all of the hosts on the network making it a good source of information to any hostile actor. Keeping it inside Infra and not publishing it's webserver to the Internet would be obvious security measures. Making specific aliases & rules on Pfsense for it to access it's agents would also be required actions (aliases for these obscure ports does make it a lot more secure and readable).
Prometheus Installation
The first thing was to create a VM in the Infra network and give it a hostname of Pineapple and IP/gateway (x.x.x.130/24) to match. To set the hostname & IP address just use the script but we must remember to edit the gateway address in /etc/netplan
sudo nano /etc/netplan/some_config_file.yaml sudo netplan apply
We need to make sure that the host is also listed in dns by logon to ctns1 and using the add_combined_hostadd.sh. Then we do the ubiquitous
sudo apt update && sudo apt upgrade -y
We will need wget and tar if they are not already installed
sudo apt install -y wget tar
Next we have to make a user "prometheus" for the application to run as
sudo useradd --no-create-home --shell /bin/false prometheus
and make some dirs with the user as owner
sudo mkdir /etc/prometheus sudo mkdir /var/lib/prometheus sudo chown prometheus:prometheus /var/lib/prometheus
To download the Prometheus application we use wget but we have to locate the up to date file so browse to https://prometheus.io/download/ find the file prometheus-x.x.x.linux-amd64.tar.gz and
