ISC Stork with Kea and BIND 9 Workshop
1 Stork Workshop
2 Stork Demo Environment Install Rocky Linux 9
- This instructions install the Stork demo environment on Rocky Linux 9
- The Stork demo environment is a quick way to test drive Stork in a test setup with pre-populated DHCP data. It will install Kea-DHCP, Bind 9, Databases, Stork and it will fill the DHCP server with a large dataset.
- The Stork demo environment is not recommended as a base for a production environment
- These instructions have been tested on a VM with 2GB RAM and 4 CPU cores, 80 GB SSD disk
- Apply a full system update and install the "Extra Packages for Enterprise Linux" (EPEL) repository
dnf -y upgrade dnf -y install epel-release
- Enable the "Code Ready LinuxBuilder" repository (includes developer tools)
/usr/bin/crb enable
- Install
gitandrake, tools that we need to checkout the Stork source code and to build the Stork code and the demo environment
dnf install git rake wget
- Install the Docker repository for the "Docker" container management system that is used to create the Stork demo environment
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
- Install and enable the Docker container system
dnf install docker-ce docker-ce-cli containerd.io systemctl enable --now docker
- Checkout (download) the Stork source code
git clone https://gitlab.isc.org/isc-projects/stork
- Install
docker-composevia Python Packages (pip)
dnf install python3-pip pip install docker-compose
- Install the Stork development dependencies, install and start the Stork demo environment (can take a while - approx 45 minutes)
cd stork rake prepare:deps rake demo:up
- Login to Stork with a web browser on port 8080 on the machine using
username
adminand passwordadmin
3 Hands-On Lab Install Rocky Linux 9
3.1 Prepare Rocky Linux
- In the first step, we prepare our Red Hat/Alma/Rocky/Oracle Linux system by doing a full system upgrade and enabling the EPEL (Extra Packages for Enterprise Linux) repository.
dnf -y upgrade dnf -y install epel-release tmux
3.2 Install BIND 9
- We will install BIND 9 from the ISC copr repositories. In the
first step we enable the repository and install the
isc-bindpackage:
% dnf copr enable isc/bind % dnf -y install isc-bind
- The BIND 9 configuration file will be stored in
/etc/opt/isc/scls/isc-bind/named.conf. The Stork Agent uses therndccontrol channel, and the statistics channel, to read data from the running BIND 9 process. We need to create a control-statement (can be done withrndc-confgen) and the matchingrndc.conf:
key "rndc-key" {
algorithm hmac-sha256;
secret "NjyN7TuwZLSIoo3dNI5yu3B8lhQec6t5fHIK37Z/Zh4=";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
statistics-channels {
inet 127.0.0.1 port 8008 allow { localhost; };
};
options {
directory "/var/opt/isc/scls/isc-bind/named/data";
listen-on { 127.0.0.1; };
listen-on-v6 { ::1; };
dnssec-validation auto;
recursion no;
};
zone "example.com" {
file "example.com";
type primary;
};
- To have some data for the BIND 9 server, we create a simple
zone-file in
/var/opt/isc/scls/isc-bind/named/data/example.com
$TTL 1h
@ IN SOA localhost. . 1001 2h 1h 41d 1h
IN NS localhost.
IN A 192.0.2.1
- On a Red Hat compatible system with SELinux enabled, BIND 9 will
not be able to open the statistics channel port (Port 8008). Using
the SELinux Boolean-Switch
named_tcp_bind_http_portwe allow binding to the statistics-channel port.
% setsebool -P named_tcp_bind_http_port=on
- Before staring BIND 9 we check the configuration for errors:
% /opt/isc/isc-bind/root/usr/bin/named-checkconf -z
- Now we can start the BIND 9 DNS Server
% systemctl enable --now isc-bind-named
3.3 Install Kea DHCP
- For Kea-DHCP, we use the ISC repository containing the open source version of Kea DHCP (without non-free hooks. We will install one non-free hook later in this tutorial, but that hook is optional).
% rpm --import 'https://dl.cloudsmith.io/public/isc/kea-2-3/gpg.DA05D46B7BABA24A.key' % curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-3/config.rpm.txt?distro=el&codename=9' > /tmp/isc-kea-2-3.repo % dnf config-manager --add-repo '/tmp/isc-kea-2-3.repo' % dnf -q makecache -y --disablerepo='*' --enablerepo='isc-kea-2-3' --enablerepo='isc-kea-2-3-source' % dnf -y install isc-kea
- This tutorial is prepared to be used in an cloud environment
virtual Linux machine (DigitalOcean, Vultr, MS Azure
etc). Re-configuring the production network interfaces of a cloud
server with Kea DHCP can be dangerous (it can cut the network
connection to the virtual machine). For this lab environment, we
will create a virtual Ethernet interface pair
veth0andveth1(not permanent, will be gone on reboot):
% ip link add veth0 type veth peer name veth1 % ip link set dev veth0 up % ip add add 192.0.2.1/24 dev veth0
- The Kea-DHCP4 Server will be listening on the
veth0network interface. Below is a working configuration to be stored into/etc/kea/kea-dhcp4.conf:
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "veth0" ],
"dhcp-socket-type": "raw"
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/var/lib/kea/kea-dhcp4.socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"subnet4": [
{
"subnet": "192.0.2.0/24",
"pools": [ { "pool": "192.0.2.100 - 192.0.2.200" } ]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea/kea-dhcp4.log"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
- Next we test the configuration for errors
% kea-dhcp4 -t /etc/kea/kea-dhcp4.conf
- If the test does not report any errors in the configuration, we enable and start the Kea DHCPv4 server:
% systemctl enable --now kea-dhcp4 % systemctl status kea-dhcp4
- We can now test the DHCPv4 server setup with the
dhclienttool (which is part of the base Red Hat Linux installation) and request a new lease on network interfaceveth1(which is connected withveth0):
% dhclient -v -i veth1 Internet Systems Consortium DHCP Client 4.4.2b1 Copyright 2004-2019 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Listening on LPF/veth1/16:18:9c:3b:79:dc Sending on LPF/veth1/16:18:9c:3b:79:dc Sending on Socket/fallback DHCPDISCOVER on veth1 to 255.255.255.255 port 67 interval 5 (xid=0x4c2cb702) DHCPOFFER of 192.0.2.100 from 192.0.2.1 DHCPREQUEST for 192.0.2.100 on veth1 to 255.255.255.255 port 67 (xid=0x4c2cb702) DHCPACK of 192.0.2.100 from 192.0.2.1 (xid=0x4c2cb702)
- Next we create a configuration for the Kea DHCPv6 server in
/etc/kea/kea-dhcp6.conf:
{
"Dhcp6": {
"valid-lifetime": 4000,
"renew-timer": 1000,
"rebind-timer": 2000,
"preferred-lifetime": 3000,
"interfaces-config": {
"interfaces": [
"veth0"
]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/var/lib/kea/kea-dhcp6.socket"
},
"lease-database": {
"type": "memfile",
"persist": true,
"name": "/var/lib/kea/dhcp6.leases"
},
"subnet6": [
{
"subnet": "fd00:100::/64",
"id": 1000,
"pools": [
{
"pool": "fd00:100::1-fd00:100::ffff"
}
]
},
{
"subnet": "fd00:200::/64",
"id": 1001,
"pools": [
{
"pool": "fd00:200::1-fd00:200::ffff"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp6",
"output_options": [
{
"output": "/var/log/kea/kea-dhcp6.log"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
- Test the Kea DHCPv6 Server configuration
% kea-dhcp6 -t /etc/kea/kea-dhcp6.conf 2023-02-21 07:58:02.825 INFO [kea-dhcp6.hosts/1948.139716287020352] HOSTS_BACKENDS_REGISTERED the following host backend types are available: mysql postgresql 2023-02-21 07:58:02.825 INFO [kea-dhcp6.dhcpsrv/1948.139716287020352] DHCPSRV_CFGMGR_ADD_IFACE listening on interface veth0 2023-02-21 07:58:02.826 INFO [kea-dhcp6.dhcpsrv/1948.139716287020352] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd00:100::/64 with params: t1=1000, t2=2000, preferred-lifetime=3000, valid-lifetime=4000, rapid-commit is false 2023-02-21 07:58:02.826 INFO [kea-dhcp6.dhcpsrv/1948.139716287020352] DHCPSRV_CFGMGR_NEW_SUBNET6 a new subnet has been added to configuration: fd00:200::/64 with params: t1=1000, t2=2000, preferred-lifetime=3000, valid-lifetime=4000, rapid-commit is false
- Start Kea-DHCPv6
% systemctl enable --now kea-dhcp6 % systemctl status kea-dhcp6
- Next in line is the configuration for the Kea Control Agent in
/etc/kea/kea-ctrl-agent.conf
{
"Control-agent": {
"http-host": "::1",
"http-port": 9099,
"control-sockets": {
"dhcp4": {
"socket-type": "unix",
"socket-name": "/var/lib/kea/kea-dhcp4.socket"
},
"dhcp6": {
"socket-type": "unix",
"socket-name": "/var/lib/kea/kea-dhcp6.socket"
}
},
"loggers": [
{
"name": "kea-ctrl-agent",
"severity": "INFO",
"output_options": [
{
"output": "/var/log/kea-ctrl-agent.log"
}
]
}
]
}
}
- Again we test the configuration to detect possible errors:
% kea-ctrl-agent -t /etc/kea/kea-ctrl-agent.conf
- If no errors are reported, we can enable and start the Kea Control Agent
% systemctl enable --now kea-ctrl-agent % systemctl status kea-ctrl-agent
- To test the control agent, we use
curlto request the list of available API commands from the Kea Control Agent and pretty-print the JSON output with thejqtool:
% dnf -y install jq
% curl --no-progress-meter -X POST -H "Content-Type: application/json" \
-d '{ "command": "list-commands", "service": [ "dhcp4" ] }' \
http://[::1]:9099/ | jq
[
{
"arguments": [
"build-report",
"config-backend-pull",
"config-get",
"config-reload",
"config-set",
"config-test",
"config-write",
"dhcp-disable",
"dhcp-enable",
"leases-reclaim",
"libreload",
"list-commands",
"server-tag-get",
"shutdown",
"statistic-get",
"statistic-get-all",
"statistic-remove",
"statistic-remove-all",
"statistic-reset",
"statistic-reset-all",
"statistic-sample-age-set",
"statistic-sample-age-set-all",
"statistic-sample-count-set",
"statistic-sample-count-set-all",
"status-get",
"version-get"
],
"result": 0
}
]
3.4 Install PostgreSQL
- While Kea DHCP can store reservations in the main configuration file, and leases in the memfile database, for larger (> 200 clients) installations storing leases and reservations in a PostgreSQL database can be more convenient. The steps below install PostgreSQL, initialize the database and start the database server:
% dnf -y install postgresql postgresql-server glibc-langpack-en % /usr/bin/postgresql-setup --initdb % systemctl enable --now postgresql
- Connect to the database server. This PostgreSQL-Server does not have a password set, use the empty password to log in. For a production installation, configure password authentication for the database server. PostgreSQL authentication configuration is out of scope of the ISC Kea DHCP training.
% su - postgres $ psql postgres psql (14.3) Type "help" for help. postgres=#
- Create a new database,
kea_lease_dbis the name of the database in this example
postgres=# CREATE DATABASE kea_lease_db; CREATE DATABASE
- Create a user for Kea server to access the database
postgres=# CREATE USER kea WITH PASSWORD 'secure-password'; CREATE ROLE
- Set the permissions for the new user on the database
postgres=# GRANT ALL PRIVILEGES ON DATABASE kea_lease_db TO kea; GRANT
- Leave PostgreSQL client
postgres=# \q
- Leave the shell with user
postgresto be userrootagain
% exit % id uid=0(root) gid=0(root) groups=0(root)
- Configure the PostgreSQL Database to use
passwordauthentication for the Kea database. The Kea database entries must appear before thealldatabase entries in the file/var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD local kea_lease_db kea password host kea_lease_db kea 127.0.0.1/32 password host kea_lease_db kea ::1/128 password # "local" is for Unix domain socket connections only local all all peer [...]
- Restart the PostgreSQL database server
% systemctl restart postgresql
- Create the database tables using the
kea-admintool
% kea-admin db-init pgsql -u kea -h 127.0.0.1 -p secure-password -n kea_lease_db
- Adjust the
lease-databaseblock in the Kea server configuration to use a PostgreSQL-type database:
[...]
"lease-database": {
"type": "postgresql",
"host": "localhost",
"name": "kea_lease_db",
"user": "kea",
"password": "secure-password"
},
[...]
- Make sure each subnet definition in the Kea configuration file has an subnet-id number set! Without an ID number being set, Kea will auto-generate numeric IDs which might create collisions in case the subnet configuration will change later
- Test the configuration file and restart the Kea DHCP server
- Test requesting a lease using
dhclient(see above)
% dhclient -v -x % dhclient -v -i veth1
- Dump the lease database using the
kea-admintool to see the content of the lease database:
% kea-admin lease-dump pgsql -u kea -h 127.0.0.1 \
-p secure-password -n kea_lease_db -o leases.csv -4
lease4 successfully dumped to leases.csv
% less leases.csv
address,hwaddr,client_id,valid_lifetime,expire,subnet_id,fqdn_fwd,fqdn_rev,hostname,state
192.0.2.100,fe15e927353b,ffe927353b000400d52b989bf14fbfaeb1f21908f229d9,3600,2018-12-08 21:39:06+00,1,0,0,,default
3.5 Install Premium "host-cmds" Hook
- ISC Stork can manage DHCP reservations from the Stork Web-UI. This feature requires the non-free hosts-cmd hook. The use of this feature is optional. This chapter can be skipped if no subscription token is available.
- In this chapter, we enable the package repository for the ISC subscription hooks. These steps require a customer token to be added in the first command:
% curl -1sLf 'https://dl.cloudsmith.io/<token>/isc/kea-2-3-prv/config.rpm.txt?distro=el&codename=9' > /tmp/isc-kea-2-3-prv.repo % dnf config-manager --add-repo '/tmp/isc-kea-2-3-prv.repo' % dnf -q makecache -y --disablerepo='*' --enablerepo='isc-kea-2-3-prv' --enablerepo='isc-kea-2-3-prv-source' % dnf -y install isc-kea-premium-host-cmds
- Next we enable the hook in the Kea-DHCP4 and Kea-DHCP6
configurations. The hooks-libraries block is identical for both
DHCP servers:
[...] "hooks-libraries": [ { "library": "/usr/lib64/kea/hooks/libdhcp_stat_cmds.so", "parameters": { } }, { "library": "/usr/lib64/kea/hooks/libdhcp_host_cmds.so", "parameters": { } }], [...] - Add the Host-Database to the configuration (both DHCPv4 and DHCPv6)
[...] "hosts-database": { "type": "postgresql", "host": "localhost", "name": "kea_host_db", "user": "kea", "password": "secure-password" }, [...] - Next we create the host database in PostgreSQL. We could re-use the existing lease database, but creating a separate database is more flexible, as it allows to split out the two databases in the future.
% su - postgres $ psql postgres psql (14.3) Type "help" for help. postgres=#
- Create a new database,
kea_host_dbis the name of the database in this example
postgres=# CREATE DATABASE kea_host_db; CREATE DATABASE
- Set the permissions for the
keauser on the database
postgres=# GRANT ALL PRIVILEGES ON DATABASE kea_host_db TO kea; GRANT
- Leave PostgreSQL client
postgres=# \q
- Leave the shell with user
postgresto be userrootagain
$ exit % id uid=0(root) gid=0(root) groups=0(root)
- Configure the PostgreSQL Database to use
passwordauthentication for the Kea database. The Kea database entries must appear before thealldatabase entries in the file/var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD local kea_host_db kea password host kea_host_db kea 127.0.0.1/32 password host kea_host_db kea ::1/128 password # "local" is for Unix domain socket connections only local all all peer [...]
- Restart the PostgreSQL database server
% systemctl restart postgresql
- Create the database tables using the
kea-admintool
% kea-admin db-init pgsql -u kea -h 127.0.0.1 -p secure-password -n kea_host_db
- Test the Kea DHCP Server configurations and restart the DHCP server processes
% kea-dhcp4 -t /etc/kea/kea-dhcp4.conf % kea-dhcp6 -t /etc/kea/kea-dhcp6.conf % systemctl restart kea-dhcp4 % systemctl restart kea-dhcp6 % systemctl status kea-dhcp4 % systemctl status kea-dhcp6
3.6 Install Stork Server
- For the Stork Server, we enable the open source repositories for the ISC Stork packages:
rpm --import 'https://dl.cloudsmith.io/public/isc/stork/gpg.77F64EC28053D1FB.key' curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/config.rpm.txt?distro=el&codename=9' > /tmp/isc-stork.repo yum-config-manager --add-repo '/tmp/isc-stork.repo' dnf -q makecache -y --disablerepo='*' --enablerepo='isc-stork' dnf -y install isc-stork-server postgresql-contrib
- Stork also requires a database inside PostgreSQL. Here we create that database
% su - postgres $ psql postgres postgres=# CREATE EXTENSION pgcrypto; postgres=# CREATE DATABASE stork_db; postgres=# CREATE USER stork WITH PASSWORD 'secure-password'; postgres=# GRANT ALL PRIVILEGES ON DATABASE stork_db TO stork;
- Configure the PostgreSQL Database to use
passwordauthentication for the Stork database. The Stork database entries must appear before thealldatabase entries in the file/var/lib/pgsql/data/pg_hba.conf
# TYPE DATABASE USER ADDRESS METHOD local stork_db stork password host stork_db stork 127.0.0.1/32 password host stork_db stork ::1/128 password # "local" is for Unix domain socket connections only local all all peer [...]
- Restart the PostgreSQL database server
% systemctl restart postgresql
- Stork Server is configured through the file
/etc/stork/server.env
### database settings STORK_DATABASE_HOST=127.0.0.1 STORK_DATABASE_PORT=5432 STORK_DATABASE_NAME=stork_db STORK_DATABASE_USER_NAME=stork STORK_DATABASE_PASSWORD=secure-password ### REST API settings STORK_REST_HOST=127.0.0.1 STORK_REST_PORT=9877 STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www ### enable Prometheus /metrics HTTP endpoint for exporting metrics from ### the server to Prometheus. It is recommended to secure this endpoint ### (e.g. using HTTP proxy). STORK_SERVER_ENABLE_METRICS=true ### Logging parameters STORK_LOG_LEVEL=WARNING CLICOLOR=false
- Now we can start the Stork Server
% systemctl enable --now isc-stork-server % systemctl status isc-stork-server
- It is good practice to not expose the Stork Server directly to the open Internet. Instead, a NGINX web server will act as a reverse-proxy. This reverse proxy can be used to provide TLS encryption, authentication and additional security through HTTP header (e.g. CSP = content security policy). A reverse proxy also allows to merge multiple web-services (Stork, Prometheus and Grafana) behind a single server domain name
- Install NGINX Reverse Proxy
% dnf -y install nginx % systemctl enable --now nginx % systemctl status nginx
- A simple NGINX reverse proxy configuration. Adjust the existing
NGINX configuration in
/etc/nginx/nginx.conf:
[...]
server {
listen 80;
listen [::]:80;
server_name _;
root /usr/share/nginx/html;
location / {
proxy_pass http://127.0.0.1:9877/;
}
error_page 404 /404.html;
location = /404.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
[...]
- Test the configuration and tell NGINX to reload the new configuration
% nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful % nginx -s reload
- Open Firewall Port 80 (http) for the NGINX reverse proxy
% firewall-cmd --zone=public --add-service=http --permanent % firewall-cmd --reload
- Allow NGINX to create outbound HTTP requests to Stork *acting as a Reverse-Proxy) in SELinux
% setsebool -P httpd_can_network_connect=on
- Start a graphical Web-Browser (local on your Laptop/Desktop),
access the Stork Web-UI at http://<ip-of-server>/. Login as
adminwith passwordadmin, change the password to a secure one
3.7 Install Stork Agent
- The Stork Agent is installed from the same ISC Stork repositories already used for the Stork server
% dnf -y install isc-stork-agent
- The configuration is in
/etc/stork/agent.env
STORK_AGENT_HOST=127.0.0.1 STORK_AGENT_PORT=9878 STORK_AGENT_LISTEN_STORK_ONLY=false STORK_AGENT_LISTEN_PROMETHEUS_ONLY=false STORK_AGENT_PROMETHEUS_KEA_EXPORTER_ADDRESS=127.0.0.1 STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PORT=9879 STORK_AGENT_PROMETHEUS_KEA_EXPORTER_INTERVAL=60 STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PER_SUBNET_STATS=true STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_ADDRESS=127.0.0.1 STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_PORT=9119 STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_INTERVAL=60 STORK_AGENT_SERVER_URL=http://127.0.0.1:9877 STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true ### Logging parameters ### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR STORK_LOG_LEVEL=WARN CLICOLOR=false
- The Stork Agent needs to be able to read the BIND 9 configuration
files to find the control and statistics channel ports. Make sure
the BIND 9 configuration is readable from Stork Agent
% chmod 644 /etc/opt/isc/scls/isc-bind/named.conf % find /var/opt -type d -exec chmod 755 {} \+ % chmod -R o+r /var/opt- Now we can start the Stork agent service
% systemctl enable --now isc-stork-agent % systemctl status isc-stork-agent
- Multiple "unauthorized" services (apps) will appear in the Stork Server Web-UI (BIND 9, Kea-DHCP4, Kea-DHCP6). Authorize these services to see the data in the Stork Web-UI.
3.8 Install Prometheus
- Prometheus is available in the EPEL repositories and can be installed from there
% dnf -y install golang-github-prometheus-node-exporter golang-github-prometheus
- The Prometheus Node-Exporter collects vital system metrics from the
operating system (memory, storage, CPU, load …). The
Node-Exporter does not need any special configuration. We start the
node exporter:
% systemctl enable --now prometheus-node-exporter
- The Prometheus configuration can be found in
/etc/prometheus/prometheus.yml. Below is a simple Prometheus configuration that will read the metrics from the Kea-DHCP and BIND 9 agents, as well as from the Node-Exporter and from the Prometheus process itself:
global:
scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
scrape_configs:
- job_name: 'prometheus'
scrape_interval: 5s
scrape_timeout: 5s
static_configs:
- targets: ['localhost:9090']
- job_name: node
static_configs:
- targets: ['localhost:9100']
- job_name: 'stork-kea-agent'
static_configs:
- targets: ['localhost:9879']
- job_name: 'stork-bind9-agent'
static_configs:
- targets: ['localhost:9119']
- Once the configuration is in place we can start Prometheus
% systemctl enable --now prometheus % systemctl status prometheus
3.9 Install Grafana
- Grafana is also available in the EPEL repositories:
% dnf -y install grafana % systemctl enable --now grafana-server
- The Grafana Configuration is in
/etc/grafana/grafana.ini. We change theroot_urlsetting, as we will have Grafana under a different URL path in the NGINX reverse-proxy
# The full public facing url root_url = %(protocol)s://%(domain)s:%(http_port)s/grafana/
- Add the new Grafana URL-Path to the NGINX reverse proxy
configuration in
/etc/nginx/nginx.conf[...] location /grafana/ { proxy_set_header Host $http_host; proxy_pass http://127.0.0.1:3000/; } [...] - We check the new NGINX configuration, and if no errors are reported, we reload the configuration
% nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful % nginx -s reload
- Login to Grafana with user-name
adminand passwordadmin, change the password - Add the local prometheus server as a data-source at http://127.0.0.1:9090
- Import the Kea-DHCP4, Kea-DHCP6 and BIND 9 Dashboards from
/usr/share/stork/examples/grafanainto Grafana - Import the Node-Exporter Dashboard and the Prometheus Dashboard from the Grafana Dashboard Hub at https://grafana.com/grafana