Prometheus is an open-source systems monitoring and alerting toolkit. It implements in-memory and persistent storage model for metrics as well as a query language for accessing the metrics. 

The Prometheus metrics delivery model is a "pull" approach where the Prometheus server connects to HTTP servers running on the nodes being monitored, and pulls the metrics from them.

1.0 Enabling the Prometheus integration

To enable the integration for Managed Service for TimescaleDB you first need to create a new Prometheus configuration. This can be created from the Service Integrations section in the MST UI:

You only need to specify a display name for the configuration and the system will automatically generate username and password for authentication. In most cases there's no need to define more than one Prometheus configuration per project and use the same one for all services.

NOTE: If you have a VPC enabled for this service, the prometheus metrics endpoint is also only available via that VPC.

1.1 Choosing which services to monitor

Creating the configuration doesn't in itself do anything yet.  To enable Prometheus, go to the "Service Overview page" of each service you want to enable it for. Click the "Manage Integrations" button next to Service Integrations and then select Prometheus from the popup:

After finishing the wizard, the system will start an HTTP server on all nodes of the service that provide access to the metrics.

NOTE: There is often a one minute delay until the metrics are available.

Timescale provides the Prometheus client via the Telegraf plugin. You can easily see the full list of metrics by accessing the following address for each service with the Prometheus integration enabled.


2.0 Configuring Prometheus server

To make Prometheus fetch metrics from Timescale servers you will next need to add a new scrape config. This configuration will need a few basic auth parameters found on the the "Service Integrations" page you recently set up:

2.1 IP Resolution for multi-node services

For any services that consist of multiple nodes and each node doesn't have its own unique DNS name, you need to use the dns_sd_configs option for defining the servers with DNS type set to "A"

This causes Prometheus to resolve all the IP addresses associated with the DNS name and query all of those IP addresses directly. A side effect of using this IP resolution is that Prometheus expects the TLS certificate to be bound to the IP address of the hosts, not to the DNS name, so to make the connection work you must enable the insecure_skip_verify setting:

  - job_name: timescaledbmetrics
    scheme: https
      username: prom4g89
      password: vf1q2yijvizrj2ry
      - names:
        type: A
        port: 9273
      insecure_skip_verify: true

For services where a DNS name resolves to only single node, using static_configs instead of dns_sd_configs may be preferable as it allows regular certificate checks.

NOTE: The certificate provided by the Timescale servers is signed by "project CA" instead of a generally trusted CA, so you must set the ca_file setting under tls_config to point to that file. For most services, it can be downloaded from the service overview page in Aiven web console.

Did this answer your question?