Monitoring DigitalOcean Droplets with Prometheus

Dec 08, 2019

Create a Private Network

Segmenting traffic gives you more flexibility and security. In most deployments users do not want their monitoring traffic flowing over public facing interfaces.

Full docs on how to setup private networking below. You will need to do this on all the droplets you want to monitor.
https://www.digitalocean.com/docs/networking/private-networking/how-to/enable/

How to Enable Private Networking on Droplets | DigitalOcean Product Documentation
Enable private networking when creating a Droplet, or manually configure private networking on an existing Droplet.

Setup Prometheus

Create a new droplet that will host the Prometheus instance.

Prometheus from the ground up
Prometheus installation and setup

You can also get prometheus running from the DigatalOcean Marketplace

Prometheus Hosting | DigitalOcean Marketplace 1-Click App
The Prometheus monitoring system

Install Node Exporter

Node Exporter gathers OS level metrics and presents them over HTTP for Prometheus to scrape.

Download NodeExporter

Download | Prometheus
An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach.
cd /tmp

wget https://github.com/prometheus/node_exporter/releases/download/v0.18.1/node_exporter-0.18.1.linux-amd64.tar.gz

#check MD5

tar -xf node_exporter-0.18.1.linux-amd64.tar.gz

cd node_exporter-0.18.1.linux-amd64/

cp node_exporter /usr/local/bin/

useradd -r node_exporter

nano /etc/systemd/system/node_exporter.service

systemctl daemon-reload

service node_exporter status
service node_exporter start

Service File
/etc/systemd/system/node_exporter.service

[Unit]
Description=Prometheus Node Exporter
After=network.target

[Service]
Type=simple
User=node_exporter
Group=node_exporter
ExecStart=/usr/local/bin/node_exporter \
    --web.listen-address=private_IP_here:9100

SyslogIdentifier=node_exporter
Restart=always

PrivateTmp=yes
ProtectHome=yes
NoNewPrivileges=yes
ProtectSystem=strict
ProtectControlGroups=true
ProtectKernelModules=true
ProtectKernelTunables=yes

[Install]
WantedBy=multi-user.target

If you have ufw enabled you'll have to allow TCP port 9100

ufw status numbered

# allow port 9100 TCP
ufw allow proto tcp from any to any port 9100

Update the Prometheus Config

nano /etc/prometheus/prometheus.yml
  - job_name: 'node'
    static_configs:
    - targets: ['IP01:9100','IP02:9100','IP03:9100']
Example Prometheus Job
service prometheus reload