Graphite is an open source tool for tracking and graphing the performance of computer systems, which you can use to track the performance of websites, applications, business services, and networked servers. It's flexible and configurable so you can benefit from detailed representations and a broad overview of the performance and health of the metrics you're tracking.
Graphite consists of several components: a web application, a storage backend called Carbon, and a database library called Whisper. In this tutorial, you will learn to install and configure Graphite on an Ubuntu 22.04 server.
prerequisites
-
A server running Ubuntu 22.04.
-
Point to the fully qualified domain name (FQDN) of the server. For our tutorial, we will be using the graphite.example.com domain.
-
A non-root user with sudo privileges.
-
Simple Firewall (UFW) is enabled and running.
-
Make sure everything is updated.
$ sudo apt update && sudo apt upgrade
Install the base utility package. Some of them may already be installed.
$ sudo apt install wget curl nano unzip -y
Step 1 - Configure Firewall
Before installing any packages, the first step is to configure the firewall to allow HTTP and HTTPS connections.
Check the status of the firewall.
$ sudo ufw status
You should see something similar to the following.
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Allow HTTP and HTTPS ports.
$ sudo ufw allow http
$ sudo ufw allow https
Check the status again to confirm.
$ sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
Step 2 - Install required packages
We will install Graphite using the PIP Python package manager, the first step is to install the required packages for the installation.
$ sudo apt install vim python3-dev python3-pip libcairo2-dev libffi-dev build-essential
Step 3 - Install Graphite and Graphite Web
We will install Graphite in the /opt/graphite directory.
$ export PYTHONPATH="/opt/graphite/lib/:/opt/graphite/webapp/"
$ sudo pip install --no-binary=:all: https://github.com/graphite-project/whisper/tarball/master
$ sudo pip install --no-binary=:all: https://github.com/graphite-project/carbon/tarball/master
$ sudo pip install --no-binary=:all: https://github.com/graphite-project/graphite-web/tarball/master
Step 4 - Install and configure PostgreSQL
We will install using PostgreSQL's official APT repository, run the following command to add PostgreSQL GPG key.
$ curl https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor | sudo tee /usr/share/keyrings/postgresql-key.gpg >/dev/null
Add the APT repository to your sources list.
$ sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/postgresql-key.gpg arch=amd64] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
Update system repositories.
$ sudo apt update
You can now install PostgreSQL and helper packages using the following commands.
$ sudo apt install postgresql postgresql-contrib libpq-dev
Check the status of the PostgreSQL service.
$ sudo systemctl status postgresql
? postgresql.service - PostgreSQL RDBMS
Loaded: loaded (/lib/systemd/system/postgresql.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2022-09-27 10:09:35 UTC; 4s ago
Process: 4456 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
Main PID: 4456 (code=exited, status=0/SUCCESS)
CPU: 1ms
Sep 27 10:09:35 matrix systemd[1]: Starting PostgreSQL RDBMS...
Sep 27 10:09:35 matrix systemd[1]: Finished PostgreSQL RDBMS.
You can see that the service is enabled and running by default.
Log in to the PostgreSQL shell.
$ sudo -su postgres psql
Create a database user for Graphite.
postgres=# CREATE USER graphite WITH PASSWORD 'your_password';
Create a database for Graphite and grant ownership to the Graphite user.
postgres=# CREATE DATABASE graphitedb WITH OWNER graphite;
Exit the PostgreSQL shell.
postgres=#\q
Step 5 - Configure Graphite Carbon and Web
The next step is to configure Graphite Carbon and Graphite web.
Configure Carbon
Carbon consists of three services:
-
carbon-cache: accepts metrics and writes them to disk. -
carbon-relay: replicate data. -
carbon-aggregator: Runs before the carbon-cache service to buffer metrics over time before forwarding them to Whisper.
It is necessary to configure carbon-cache, but carbon-relay and carbon-aggregator are optional.
Create a carbon.conf file using the given example files.
$ sudo cp /opt/graphite/conf/carbon.conf.example /opt/graphite/conf/carbon.conf
Next, create a storage mode configuration.
$ sudo cp /opt/graphite/conf/storage-schemas.conf.example /opt/graphite/conf/storage-schemas.conf
Open the storage schema configuration file.
$ sudo nano /opt/graphite/conf/storage-schemas.conf
Inside, you'll find entries like
[carbon]
pattern = ^carbon\.
retentions = 60:90d
This means that the pattern ^carbon that matches the regular expression. Data should be retained using retention policy 60:90d, which means
-
How often to log metrics: 60 seconds -
Length of time to store these values: 90 days
You can add your own entries, let's take an example, test is a monitoring data point, our data point entry will start with the string test. This entry should be added before the default entry mentioned at the bottom of the file.
[test]
pattern = ^test\.
retentions = 10s:10m,1m:1h
This will match any metric starting with test. It will store the data it collects twice with different details. The first definition (1s:10m) will create a data point every ten seconds. It will only store data for ten minutes. The second definition will create a data point every minute. It will collect all the data for the past minute (six points, since the previous definition creates a point every ten seconds) and aggregate it to create points. It stores data at this level of detail for one hour.
Save the file by pressing Ctrl+X and entering Y when prompted.
Start the carbon-cache service.
$ sudo /opt/graphite/bin/carbon-cache.py start
Configure Graphite Web
The next step is to configure the Graphite web application.
Generate a key for the Graphite application. Copy the displayed key for later use.
$ python3 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'
sp%71)6b$%^bc(7xpz1d!)x3(azog01&k^8l02*!y0#)72p07y
Create a web application settings file.
$ sudo cp /opt/graphite/webapp/graphite/local_settings.py.example /opt/graphite/webapp/graphite/local_settings.py
You need to configure your Graphite web application with database settings. Open local_settings.py for editing.
$ sudo nano /opt/graphite/webapp/graphite/local_settings.py
Uncomment the SECRET_KEY variable and enter a random value for it.
SECRET_KEY = 'your-secret-key'
Uncomment the ALLOWED_HOSTS variable.
ALLOWED_HOSTS = ['*']
Uncomment the TIME_ZONE variable and set it to an appropriate value.
TIME_ZONE = 'Asia/Kolkata'
Uncomment the USE_REMOTE_USER_AUTHENTICATION variable and set it to TRUE so that remote users are authenticated before making any database changes.
USE_REMOTE_USER_AUTHENTICATION = True
Change database settings.
DATABASES = {
'default': {
'NAME': 'graphitedb',
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'USER': 'graphite',
'PASSWORD': 'your_password',
'HOST': '127.0.0.1',
'PORT': ''
}
}
Save the file by pressing Ctrl+X and entering Y when prompted.
Install some prerequisites for Python's PostgreSQL wrapper.
$ sudo pip install psycopg2-binary
Run the following command to import the database schema.
$ sudo PYTHONPATH=/opt/graphite/webapp/django-admin.py migrate --settings=graphite.settings
You will get the following output.
Operations to perform:
Apply all migrations: account, admin, auth, contenttypes, dashboard, events, sessions, tagging, tags, url_shortener
Running migrations:
Applying contenttypes.0001_initial... OK
Applying auth.0001_initial... OK
Applying account.0001_initial... OK
Applying admin.0001_initial... OK
Applying admin.0002_logentry_remove_auto_add... OK
Applying admin.0003_logentry_add_action_flag_choices... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying auth.0008_alter_user_username_max_length... OK
Applying auth.0009_alter_user_last_name_max_length... OK
Applying auth.0010_alter_group_name_max_length... OK
Applying auth.0011_update_proxy_permissions... OK
Applying auth.0012_alter_user_first_name_max_length... OK
Applying dashboard.0001_initial... OK
Applying events.0001_initial... OK
Applying sessions.0001_initial... OK
Applying tagging.0001_initial... OK
Applying tagging.0002_on_delete... OK
Applying tags.0001_initial... OK
Applying url_shortener.0001_initial... OK
Next, collect static files.
$ sudo PYTHONPATH=/opt/graphite/webapp/django-admin.py collectstatic --settings=graphite.settings
Set the correct ownership settings.
$ sudo chown -R www-data:www-data /opt/graphite/storage/
$ sudo chown -R www-data:www-data /opt/graphite/static/
$ sudo chown -R www-data:www-data /opt/graphite/webapp/
Create a root user to log in.
$ sudo PYTHONPATH=/opt/graphite/webapp/ django-admin.py createsuperuser --settings=graphite.settings
Username (leave blank to use 'root'): navjot
Email address: [email protected]
Password:
Password (again):
Superuser created successfully.
It will ask you to create a superuser. This user will be used later to connect to the Graphite application.
Step 6 - Configure Apache
Graphite ships with Apache configuration files by default. Install the Apache server.
$ sudo apt install apache2 libapache2-mod-wsgi-py3
Create mod_wsgi file.
$ sudo cp /opt/graphite/conf/graphite.wsgi.example /opt/graphite/conf/graphite.wsgi
Copy the graphite example configuration file to the Apache location.
$ sudo cp /opt/graphite/examples/example-graphite-vhost.conf /etc/apache2/sites-available/graphite.conf
Open the Graphite configuration file for editing.
$ sudo nano /etc/apache2/sites-available/graphite.conf
Change the port number in the first line from 80 to 127.0.0.1:8080. Putting 127.0.0.1 in front of it restricts it from being accessible over the network.
<VirtualHost 127.0.0.1:8080>
Add your domain name.
ServerName graph.example.com #替换为您的域
Add the following line Alias /static/ /opt/graphite/static/ below that line.
#添加以下行
<Directory /opt/graphite/static/>
Require all granted
</Directory>
Save the file by pressing Ctrl+X and entering Y when prompted.
Disable the default virtual host and enable the Graphite virtual host file.
$ sudo a2dissite 000-default
$ sudo a2ensite graphite
We also need to tell Apache to listen on port 8080 and stop listening on port 80 since we will be using Nginx as a proxy server.
Open the file /etc/apache2/ports.conf for editing.
$ sudo nano /etc/apache2/ports.conf
Find the line Listen 80 and replace it with the following.
Listen 127.0.0.1:8080
Save the file by pressing Ctrl+X and entering Y when prompted.
Restart the Apache server.
$ sudo systemctl restart apache2
To verify that Graphite is working and accessible, run the following command.
$ curl 127.0.0.1:8080
You will get the following output.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<!-- Copyright 2008 Orbitz WorldWide
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License. -->
<html>
<head>
<title>Graphite Browser</title>
</head>
<frameset rows="80,*" frameborder="1" border="1">
<frame src="/browser/header" name="Header" id='header' scrolling="no" noresize="true" />
<frame src="/composer?" name="content" id="composerFrame"/>
</frameset>
</html>
This confirms that it works fine.
Step 7 - Install Nginx
We will use Nginx as a proxy server for Apache. In this way, we can gain the benefits of security and obscurity while using the existing configuration provided by Graphite.
Ubuntu 22.04 ships with an older version of Nginx. To install the latest version, you need to download the official Nginx repository.
Import Nginx's signing key.
$ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Add the repository for stable releases of Nginx.
$ echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
Update system repositories.
$ sudo apt update
Install Nginx.
$ sudo apt install nginx
Verify the installation.
$ nginx -v
nginx version: nginx/1.22.0
Start the Nginx server.
$ sudo systemctl start nginx
Step 8 - Install SSL
We need to install Certbot to generate SSL certificates. You can install Certbot using Ubuntu's repository, or use the Snapd tool to get the latest version. We will use the Snapd version.
Ubuntu 22.04 comes with Snapd installed by default. Run the following command to make sure your version of Snapd is up to date.
$ sudo snap install core
$ sudo snap refresh core
Install Certbot.
$ sudo snap install --classic certbot
Use the following command to ensure that Certbot commands can be run by creating a symbolic link to the /usr/bin directory.
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Run the following command to generate an SSL certificate.
$ sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d
graph.example.com
The above command will download the certificate to the /etc/letsencrypt/live/graphite.example.com directory on your server.
Generate a Diffie-Hellman group certificate.
$ sudo openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
Check the Certbot Renewal Scheduler service.
$ sudo systemctl list-timers
You'll find snap.certbot.renew.service as one of the services scheduled to run.
NEXT LEFT LAST PASSED UNIT ACTIVATES
.................................................................................................................................
Wed 2022-09-28 00:00:00 UTC 7h left Tue 2022-09-27 00:00:01 UTC 16h ago logrotate.timer logrotate.service
Wed 2022-09-28 02:39:09 UTC 10h left Tue 2022-09-27 09:42:42 UTC 6h ago apt-daily.timer apt-daily.service
Wed 2022-09-28 06:02:00 UTC 13h left n/a n/a snap.certbot.renew.timer snap.certbot.renew.service
To check that SSL renewal is working, try running the process.
$ sudo certbot renew --dry-run
If you don't see any errors, you're all set. Your certificate will be automatically renewed.
Step 9 - Configure Nginx
Open the file /etc/nginx/nginx.conf for editing.
$ sudo nano /etc/nginx/nginx.conf
Add the following line include /etc/nginx/conf.d/*.conf; before that line.
server_names_hash_bucket_size 64;
Save the file by pressing Ctrl+X and entering Y when prompted.
Create and open the file /etc/nginx/conf.d/uvdesk.conf for editing.
$ sudo nano /etc/nginx/conf.d/graphite.conf
Paste the following code into it.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name graphite.example.com;
access_log /var/log/nginx/graphite.access.log;
error_log /var/log/nginx/graphite.error.log;
# SSL
ssl_certificate /etc/letsencrypt/live/graphite.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/graphite.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/graphite.example.com/chain.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
resolver 8.8.8.8;
location / {
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
}
}
# enforce HTTPS
server {
listen 80;
listen [::]:80;
server_name graphite.example.com;
return 301 https://$host$request_uri;
}
Press Ctrl+X when you're done and enter Y when prompted to save the file.
Validate Nginx configuration file syntax.
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart the Nginx service.
$ sudo systemctl restart nginx
Step 10 - Access and use Graphite
Visit in a browser URL https://graphite.example.comand you will see the following screen.
Click the login link in the upper right corner to open the login page. Enter the superuser credentials you created in step 5 and press the Login button to continue.
There are several ways to provide data to Graphite. We added a pattern matcher to the Storage schema, according to which any schema starting with test will be recorded as our schema. Let's add some random data using the following command.
$ echo "test.count 9 `date +%s`" | nc -q0 127.0.0.1 2003;
This will add a data metric with a value of 9 to the system. Let's add more data by looping through the values.
$ for i in 4 6 8 16 2; do echo "test.count $i `date +%s`" | nc -q0 127.0.0.1 2003; sleep 6; done
Go back to the Graphite dashboard and open Metrics >> test >> count from the left sidebar. You should see something similar to the following.
You can start monitoring with it now. You can also combine it with Grafana for a high level of customization.