نصب پرومتئوس و اتصال آن به IP-PBX برای مانیتورینگ SIP

برای نصب پرومتئوس ابتدا یک گروه به اسم prometheus میسازیم.

sudo groupadd --system prometheus

اضافه کردن یک کاربر و اختصاص آن به گروه ایجاد شده بدون دسترسی به ورود

sudo useradd -s /sbin/nologin --system -g prometheus prometheus

ایجاد دایرکتوری برای یوزر prometheus:

sudo mkdir /etc/prometheus
sudo mkdir /var/lib/prometheus

دانلود Prometheus Monitoring

curl -s https://api.github.com/repos/prometheus/prometheus/releases/latest|grep browser_download_url|grep linux-amd64|cut -d '"' -f 4|wget -qi -

اکسترکت فایل فشرده Prometheus

tar -xvf prometheus-2.54.1.linux-amd64.tar.gz

انتقال فایل‌های اکسترکت شده به دایرکتوری‌هایی که قبلاً ایجاد کرده‌ایم

sudo mv prometheus-2.54.1.linux-amd64 /etc/prometheus

اکنون دسترسی های دایرکتوری‌ها را به کاربر Prometheus اختصاص دهید

sudo chown prometheus:prometheus /etc/prometheus
sudo chown prometheus:prometheus /var/lib/prometheus
sudo chown -R prometheus:prometheus /etc/prometheus/consoles
sudo chown -R prometheus:prometheus /etc/prometheus/console_libraries

پیکربندی فایل‌ها و اسکریپت Prometheus

sudo cp /etc/prometheus/prometheus /usr/local/bin/
sudo cp /etc/prometheus/promtool /usr/local/bin/

حالا باید Prometheus را systemd کنیم تا آن را به عنوان یک سرویس داشته باشیم

sudo nano /etc/systemd/system/prometheus.service

محتوای systemd برای prometheus

[Unit]
Description=Prometheus
Documentation=https://prometheus.io/docs/introduction/overview/
Wants=network-online.target
After=network-online.target

[Service]
User=prometheus
Group=prometheus
Type=simple
ExecStart=/usr/local/bin/prometheus \
--config.file /etc/prometheus/prometheus.yml \
--storage.tsdb.path /var/lib/prometheus/ \
--web.console.templates=/etc/prometheus/consoles \
--web.console.libraries=/etc/prometheus/console_libraries

[Install]
WantedBy=multi-user.target

شروع و فعال‌سازی Prometheus

sudo systemctl daemon-reload
sudo systemctl enable --now prometheus

وضعیت سرویس را بررسی کنید

systemctl status prometheus

دسترسی به وب پرومتئوس

http://server-ip-address:9090

حالا باید روی سرور IP-PBX خود Node Exporter را نصب کرده و یک Job روی پرومتئوس برای دریافت دیتای دلخواه بسازیم.
برای نصب Node Exporter اول آن را دانلود میکنیم.

curl -s https://api.github.com/repos/prometheus/node_exporter/releases/latest| grep browser_download_url|grep linux-amd64|cut -d '"' -f 4|wget -qi -

اکسترکت فایل دانلود شده

tar -xvf node_exporter-*.linux-amd64.tar.gz

انتقال فایل سرویس Node Exporter به دایرکتوری bin

sudo mv node_exporter-*.linux-amd64/node_exporter /usr/local/bin/

ایجاد یک یوزر برای اجرای سرویس Node Exporter

sudo useradd -rs /bin/false node_exporter

Node Exporter را systemd میکنیم

sudo nano /etc/systemd/system/node_exporter.service

محتوای systemd برای Node Exporter

[Unit]
Description=Node Exporter
After=network.target

[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter

[Install]
WantedBy=multi-user.target

شروع و فعال‌سازی سرویس

sudo systemctl daemon-reload
sudo systemctl enable --now node_exporter

وضعیت سرویس

systemctl status node_exporter

اضافه کردن آدرس IP ماشین هدف در فایل prometheus.yml
وارد Debian شوید که prometheus روی آن اجرا می‌شود و فایل YML آن را ویرایش کنید

sudo nano /etc/prometheus/prometheus.yml

سپس بخش job prometheus را ویرایش کنید

- job_name: 'node_exporter_metrics'
     static_configs:
      - targets: ["Target-IP:9090"]

چک کردن فایل prometheus.yml

promtool check config /etc/prometheus/prometheus.yml

راه‌اندازی مجدد سرور Prometheus

sudo systemctl restart prometheus

وضعیت سرویس را بررسی کنید

systemctl status prometheus

مانیتورینگ ماشین مد نظر
http://server-ip-address:9090/targets
image

حالا باید 3 فایل را ادیت کنیم
فایل اول prometheus.yml در سرور پرومتئوس می باشد.

# my global config
global:
  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
  # scrape_timeout is set to the global default (10s).

# Alertmanager configuration
alerting:
  alertmanagers:
    - static_configs:
        - targets:
          # - alertmanager:9093

# Load rules once and periodically evaluate them according to the global 'evaluation_interval'.
rule_files:
  # - "first_rules.yml"
  # - "second_rules.yml"

# A scrape configuration containing exactly one endpoint to scrape:
# Here it's Prometheus itself.
scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: "prometheus"
    static_configs:
     - targets:  ["127.0.0.1:9090"]  

  - job_name: "Asterisk Servers"
    static_configs:
     - targets:  ["IPPBX-Server:8088"]
   

فایل دوم در سرور IP-PBX و در مسیر

/etc/asterisk/prometheus.conf

میباشد که محتوای آن را به شکل زیر ادیت میکنیم.

;
; res_prometheus Module configuration for Asterisk
;

;
; This configuration file is consumed by res_prometheus, which
; provides the functionality for serving up Asterisk statistics to a
; Prometheus server.
;
; Because Prometheus scrapes statistics from HTTP servers, this module requires
; Asterisk's built-in HTTP server to be enabled and configured properly.
;
; Module Dependencies:
; only if Asterisk is build with pjproject bundled (default)
; * res_pjsip.so
; * res_pjsip_outbound_registration.so

; Settings that affect all statistic generation
[general]
enabled = yes                      ; Enable/disable all statistic generation.
                                  ; Default is "no", as enabling this without
                                  ; proper securing of your Asterisk system
                                  ; may result in external systems learning
                                  ; a lot about your Asterisk system.
                                  ; Note #1: If Asterisk's HTTP server is
                                  ; disabled, this setting won't matter.
                                  ; Note #2: It is highly recommended that you
                                  ; set up Basic Auth and configure your
                                  ; Prometheus server to authenticate with
                                  ; Asterisk. Failing to do so will make it easy
                                  ; for external systems to scrape your Asterisk
                                  ; instance and learn things about your system
                                  ; that you may not want them to. While the
                                  ; metrics exposed by this module do not
                                  ; necessarily contain information that can
                                  ; lead to an exploit, an ounce of prevention
                                  ; goes a long way. Particularly for those out
                                  ; there who are exceedingly lax in updating
                                  ; your Asterisk system. You are updating on a
                                  ; regular cadence, aren't you???
core_metrics_enabled = yes        ; Enable/disable core metrics. Core metrics
                                  ; include various properties such as the
                                  ; version of Asterisk, uptime, last reload
                                  ; time, and the overall time it takes to
                                  ; scrape metrics. Default is "yes"
uri = metrics                     ; The HTTP route to expose metrics on.
                                  ; Default is "metrics".

 ;auth_username = Asterisk        ; If provided, Basic Auth will be enabled on
                                  ; the metrics route. Failure to provide both
                                  ; auth_username and auth_password will result
                                  ; in a module load error.
 ;auth_password = Rf52Gfg8GspqG                 ; The password to use for Basic Auth. Note
                                  ; that I'm leaving this blank to prevent
                                  ; you from merely uncommenting the line and
                                  ; running with a config provided password.
                                  ; Because yes, people actually *do* that.
                                  ; I mean, if you're going to do that, just
                                  ; run unsecured. Fake security is usually
                                  ; worse than no security.
; auth_realm =                    ; Realm to use for authentication. Defaults
                                  ; to Asterisk Prometheus Metrics

که میتوانیم با تنظیمات مدنظر خود احراز هویت را هم راه اندازی کنیم.

فایل سوم http.conf در استریسک می باشد که در مسیر

/etc/asterisk/prometheus.conf

می باشد.
محتوای آن به شکل زیر ادیت میشود.

;
; Asterisk Built-in mini-HTTP server
;
;
; Note about Asterisk documentation:
;   If Asterisk was installed from a tarball, then the HTML documentation should
;   be installed in the static-http/docs directory which is
;   (/var/lib/asterisk/static-http/docs) on linux by default.  If the Asterisk
;   HTTP server is enabled in this file by setting the "enabled", "bindaddr",
;   and "bindport" options, then you should be able to view the documentation
;   remotely by browsing to:
;       http://<server_ip>:<bindport>/static/docs/index.html
;
[general]
;
; The name of the server, advertised in both the Server field in HTTP
; response message headers, as well as the <address /> element in certain HTTP
; response message bodies. If not furnished here, "Asterisk/{version}" will be
; used as a default value for the Server header field and the <address />
; element. Setting this property to a blank value will result in the omission
; of the Server header field from HTTP response message headers and the
; <address /> element from HTTP response message bodies.
;
servername=Asterisk
;
; Whether HTTP/HTTPS interface is enabled or not.  Default is no.
; This also affects manager/rawman/mxml access (see manager.conf)
;
enabled=yes
;
; Address to bind to, both for HTTP and HTTPS. You MUST specify
; a bindaddr in order for the HTTP server to run. There is no
; default value.
;
bindaddr=0.0.0.0
;
; Port to bind to for HTTP sessions (default is 8088)
;
bindport=8088
;
; Prefix allows you to specify a prefix for all requests
; to the server.  The default is blank.  If uncommented
; all requests must begin with /asterisk
;
;prefix=asterisk
;
; sessionlimit specifies the maximum number of httpsessions that will be
; allowed to exist at any given time. (default: 100)
;
;sessionlimit=100
;
; session_inactivity specifies the number of milliseconds to wait for
; more data over the HTTP connection before closing it.
;
; Default: 30000
;session_inactivity=30000
;
; session_keep_alive specifies the number of milliseconds to wait for
; the next HTTP request over a persistent connection.
;
; Set to 0 to disable persistent HTTP connections.
; Default: 15000
;session_keep_alive=15000
;
; Whether Asterisk should serve static content from static-http
; Default is no.
;
;enable_static=yes
;
; Whether Asterisk should serve a status page showing the running
; configuration of this built-in HTTP server.
; Default is yes.
;
;enable_status=no
;
; Redirect one URI to another.  This is how you would set a
; default page.
;   Syntax: redirect=<from here> <to there>
; For example, if you are using the Asterisk-gui,
; it is convenient to enable the following redirect:
;
;redirect = / /static/config/index.html
;
; HTTPS support. In addition to enabled=yes, you need to
; explicitly enable tls, define the port to use,
; and have a certificate somewhere.
;tlsenable=yes          ; enable tls - default no.
;tlsbindaddr=0.0.0.0:8089    ; address and port to bind to - default is bindaddr and port 8089.
;
;tlscertfile=</path/to/certificate.pem>  ; path to the certificate file (*.pem) only.
;tlsprivatekey=</path/to/private.pem>    ; path to private key file (*.pem) only.
; If no path is given for tlscertfile or tlsprivatekey, default is to look in current
; directory. If no tlsprivatekey is given, default is to search tlscertfile for private key.
;
; To produce a certificate you can e.g. use openssl. This places both the cert and
; private in same .pem file.
; openssl req -new -x509 -days 365 -nodes -out /tmp/foo.pem -keyout /tmp/foo.pem
;
; tlscipher=                             ; The list of allowed ciphers
;                                        ; if none are specified the following cipher
;                                        ; list will be used instead:
; ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:
; ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:
; kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:
; ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
; ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:
; DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
; AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:
; AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:
; !EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
;
; tlsdisablev1=yes                ; Disable TLSv1 support - if not set this defaults to "yes"
; tlsdisablev11=yes               ; Disable TLSv1.1 support - if not set this defaults to "no"
; tlsdisablev12=yes               ; Disable TLSv1.2 support - if not set this defaults to "no"
;
; tlsservercipherorder=yes        ; Use the server preference order instead of the client order
;                                 ; Defaults to "yes"
;
; The post_mappings section maps URLs to real paths on the filesystem.  If a
; POST is done from within an authenticated manager session to one of the
; configured POST mappings, then any files in the POST will be placed in the
; configured directory.
;
;[post_mappings]
;
; NOTE: You need a valid HTTP AMI mansession_id cookie with the manager
; config permission to POST files.
;
; In this example, if the prefix option is set to "asterisk", then using the
; POST URL: /asterisk/uploads will put files in /var/lib/asterisk/uploads/.
;uploads = /var/lib/asterisk/uploads/
;

در آخر ماژول res_prometheus.so را load کرده و در محیط پرومتئوس موارد مورد نیاز خود از استریسک را مانیتور میکنیم.
image

2 پسندیده