The Node Exporter provides OS and system level metrics for Prometheus. The exporter runs as a DaemonSet to guarantee each node runs at least one copy of the application.
To deploy the node-exporter to OpenShift, complete the following steps.
The easy way to open the firewall ports on all nodes is to run the provided Ansible playbook. It will open port 9100 and then restart the IP tables service.
ansible-playbook -i /etc/ansible/hosts update_firewall.ymlTo manually configure the firewall follow the following steps:
-
Port 9100 needs to be opened on each OpenShift host in order for the Prometheus server to scrape the metrics.
Add the following line to
/etc/sysconfig/iptables:-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 9100 -j ACCEPT
-
Restart iptables and OpenShift services in order to properly rebuild the rules
NoteThe following commands will cause all running containers on the node to stop and restart systemctl reload iptables systemctl restart iptables.service systemctl restart docker systemctl restart atomic-openshift-node.service
Since the node exporter will be accessing resources from each host, the service account being used to run the pod must be granted elevated access. Execute the following command to add the default Service Account in the prometheus project to the privileged SCC:
oc adm policy add-scc-to-user privileged system:serviceaccount:prometheus:defaultIf there is a default project node selector for the OpenShift cluster (e.g. env=users) it is necessary to set en empty node selector for the Prometheus project. Otherwise the Daemon Set for creating the node-exporter pods will fail with a MatchNodeSelector error on nodes that don’t have that particular label.
|
Note
|
If your OpenShift Cluster does not have a default project node selector you can skip this section. |
To set an empty node selector:
oc annotate namespace prometheus openshift.io/node-selector=""