Jail: monitor
one time
This is a multi-application jail.

Analytics Pipelines
- Matomo(MySQL)
- Grafana : Prometheus(LevelDB) : Exporters
- Grafana : InfluxDB : Telegraf
create jail
export JAIL=monitor
export JAILHOSTNAME=monitor
export JAILDOMAIN=ahlawat.com
export JAILIP=61
export JAILUSER=X
export JAILUSERID=1000
export JAILUSERVNC=false

/root/FreeBSD/jails/create.sh $JAIL $JAILHOSTNAME $JAILDOMAIN $JAILIP $JAILUSER $JAILUSERID $JAILUSERVNC

iocage exec $JAIL "pkg install -y apache24 php83 php83-pecl-memcache php83-bcmath php83-bz2 php83-ctype php83-curl php83-dom php83-fileinfo php83-filter php83-gd php83-iconv php83-intl php83-mbstring php83-mysqli php83-opcache php83-pdo php83-pdo_mysql php83-pecl-mcrypt php83-pecl-memcache php83-posix php83-readline php83-session php83-simplexml php83-soap php83-sockets php83-sqlite3 php83-tidy php83-tokenizer php83-xml php83-zip php83-zlib"

iocage exec $JAIL "sysrc apache24_enable=YES"
iocage exec $JAIL "cp /mnt/config/httpd.conf /usr/local/etc/apache24/"
iocage exec $JAIL "cp /mnt/config/secret/.htpasswd /usr/local/www/apache24/"
iocage exec $JAIL "cp /mnt/config/.htaccess /usr/local/www/apache24/data/"
iocage exec $JAIL "cp /mnt/config/020_mod_ssl.conf /usr/local/etc/apache24/modules.d/"
iocage exec $JAIL "cp /mnt/config/php.ini /usr/local/etc/php.ini"

iocage exec $JAIL "sysrc php_fpm_enable=YES"
iocage exec $JAIL "cp -f /mnt/config/www.conf /usr/local/etc/php-fpm.d/"
iocage exec $JAIL "service php-fpm start"

iocage exec $JAIL "service apache24 restart"


# direct install so we can update without pkg file metadata consistency issues
iocage exec $JAIL "curl https://builds.matomo.org/matomo.zip -o /usr/local/www/matomo.zip"
iocage exec $JAIL "unzip -d /usr/local/www/ /usr/local/www/matomo.zip"
iocage exec $JAIL "cp /mnt/config/secret/config.ini.php /usr/local/www/matomo/config"
iocage exec $JAIL "cp /mnt/config/matomo-archive /etc/cron.d"
iocage exec $JAIL "cp /mnt/config/dbip-city-lite-2020-06.mmdb  /usr/local/www/matomo/misc/DBIP-City.mmdb"
iocage exec $JAIL "chown -R www:www /usr/local/www/matomo"
iocage exec $JAIL "find /usr/local/www/matomo -type f -exec chmod 644 {} \;"
iocage exec $JAIL "find /usr/local/www/matomo -type d -exec chmod 755 {} \;"
iocage exec $JAIL "chmod 755 /usr/local/www/matomo/console"


iocage exec $JAIL "pkg install prometheus alertmanager grafana9 influxdb telegraf"
iocage exec $JAIL "sysrc prometheus_enable=YES"
iocage exec $JAIL "sysrc alertmanager_enable=YES"
iocage exec $JAIL "sysrc grafana_enable=YES"
iocage exec $JAIL "sysrc influxd_enable=YES"
iocage exec $JAIL "sysrc telegraf_enable=YES"
iocage exec $JAIL "cp /mnt/config/prometheus.yml /usr/local/etc"
iocage exec $JAIL "cp /mnt/config/alertmanager.yml /usr/local/etc/alertmanager"
iocage exec $JAIL "cp /mnt/config/alert_rules.yml /usr/local/etc"
iocage exec $JAIL "cp /mnt/config/grafana.ini /usr/local/etc/grafana"
iocage exec $JAIL "cp /mnt/config/telegraf.conf /usr/local/etc"
iocage exec $JAIL "service prometheus start"
iocage exec $JAIL "service alertmanager start"
iocage exec $JAIL "service grafana start"
iocage exec $JAIL "service influxd start"
iocage exec $JAIL "service telegraf start"
iocage exec $JAIL "/usr/local/bin/grafana-cli plugins install raintank-worldping-app"
iocage exec $JAIL "service grafana restart"

# on nas server
pkg install node_exporter
sysrc node_exporter_enable=YES
sysrc node_exporter_args=--collector.filesystem.ignored-mount-points="/mnt/iocage*"
service node_exporter start

# on web-diyit jail
pkg install blackbox_exporter
cp /mnt/config/blackbox_exporter.yml /usr/local/etc/
sysrc blackbox_exporter_enable=YES
sysrc blackbox_exporter_listen_address=web.diyit.org:9115
service blackbox_exporter start
# on db jail
pkg install mysqld_exporter
sysrc mysqld_exporter_enable=YES
sysrc mysqld_exporter_args="--collect.global_status --collect.info_schema.innodb_metrics --collect.auto_increment.columns --collect.info_schema.processlist --collect.binlog_size --collect.info_schema.tablestats --collect.global_variables --collect.info_schema.query_response_time --collect.info_schema.userstats --collect.info_schema.tables --collect.perf_schema.tablelocks --collect.perf_schema.file_events --collect.perf_schema.eventswaits --collect.perf_schema.indexiowaits --collect.perf_schema.tableiowaits --collect.slave_status"

CREATE USER 'exporter'@'localhost' IDENTIFIED BY 'exporter' WITH MAX_USER_CONNECTIONS 3;
GRANT PROCESS, REPLICATION CLIENT, SELECT ON *.* TO 'exporter'@'localhost';
# 3 connections do not seems to be enough??? - this is because the probe timeouts are too small and intervals are too frequent
ALTER USER 'exporter'@'localhost' IDENTIFIED BY 'exporter' WITH MAX_USER_CONNECTIONS 3;
mysqladmin reload -u root -p

cp -r /mnt/config/mysqld_exporter /usr/local/etc
service mysqld_exporter start

# on nas server
pip install prometheus-client
cp /mnt/config/gstat_exporter /usr/local/etc/rc.d
sysrc gstat_exporter_enable=YES
service gstat_exporter start
Notes:
First time: influxdb
influx
# :~$ influx > CREATE DATABASE pfsense
# > CREATE USER pfsense_user WITH PASSWORD 'pfsense_pass' 
# > GRANT ALL ON "pfsense" TO "pfsense_user" 
# no user and password specified for pfsense


# All Services:
monitor ~ # service apache24 start
monitor ~ # service php-fpm start

monitor ~ # service influxd start
monitor ~ # service telegraf start
monitor ~ # service prometheus start
monitor ~ # service alertmanager start
monitor ~ # service grafana start
Showcased here is a capital and operational cost effective approach, using minimal server and networking hardware with multiple virtualized applications for Home and Business. This solution template can be easily scaled out and adapted for larger Enterprise deployments.
drop by the diyIT Matrix public room at #diyit:matrix.ahlawat.com
if you have any IT questions/feedback or to request pro bono consulting for a nonprofit

message me privately at @sharad:matrix.ahlawat.com
or email me at - sharad@ahlawat.com - pgpkey: 68DD6B89
Networking and Security Technologist.
EngineerĀ andĀ an avid Programmer.

https://sharad.ahlawat.com
strive to learn and pass on the knowledge to the next generation
one day humanity will understand the meaning of life and hopefully it will be more than ASCII 42 = "*" regex for whatever you want it to be,
and destiny is more than just a roll of a pair of dice with 42 dots (Lets nail down Quantum Entanglement)

May you Live Long (Intelligently) and Prosper and work on technology that matters.
© 2024 Sharad Ahlawat

No personal identifying data is collected or any form of analytics/metrics reported to a third-party by this website.