The 3 AM PagerDuty Wake-up Call
Itâs 3:14 AM. Your phone buzzes. Itâs an alert: High CPU Usage on db-primary-01. You groggily open your laptop, SSH in, run htop, and see... nothing. The spike lasted 45 seconds and vanished. You go back to sleep, angry and tired. Two hours later, it happens again.
This is the reality for most sysadmins relying on "out-of-the-box" monitoring solutions provided by legacy hosting companies. They focus on snapshots, not trends. In 2021, with infrastructure complexity exploding via microservices and containerization, static thresholds are dead. If you are managing infrastructure at scaleâwhether it's a Kubernetes cluster or a fleet of high-performance VDS instancesâyou need observability, not just checking if a ping responds.
In this guide, we are going to build a monitoring stack that actually works, compliant with Norwegian data privacy standards, and designed for the low-latency reality of the Nordic market.
The Architecture of Truth: Prometheus & Grafana
Forget Nagios. If you are still parsing XML configuration files, you are wasting billable hours. The industry standard for 2021 is the Prometheus + Grafana stack. It relies on a pull-model, meaning your monitoring server scrapes metrics from your targets. This is crucial for securityâyou don't need to open inbound ports on your monitoring server to the world, only outbound traffic to your known nodes.
1. The Foundation: True Isolation
Before we touch a config file, let's talk about the hardware. You cannot monitor performance accurately if your neighbors are stealing your CPU cycles. This is the "noisy neighbor" effect common in OpenVZ or LXC containers sold as "VPS" by budget providers.
Pro Tip: Always use KVM (Kernel-based Virtual Machine) virtualization for monitoring stacks. You need a dedicated kernel to ensure that IOwait metrics reflect your load, not the host node's load. At CoolVDS, we strictly use KVM with NVMe storage to ensure that when your graph spikes, it's actually your code causing it.
2. Deploying the Exporters
We don't install agents; we install exporters. The node_exporter is the binary that exposes hardware and kernel metrics. Here is how you deploy it on an Ubuntu 20.04 LTS instance securely.
useradd --no-create-home --shell /bin/false node_exporter
wget https://github.com/prometheus/node_exporter/releases/download/v1.1.2/node_exporter-1.1.2.linux-amd64.tar.gz
tar xvf node_exporter-1.1.2.linux-amd64.tar.gz
cp node_exporter-1.1.2.linux-amd64/node_exporter /usr/local/bin/
chown node_exporter:node_exporter /usr/local/bin/node_exporterNext, create a SystemD service unit to ensure persistence. We need to be specific about what collectors we enable to keep overhead low.
[Unit]
Description=Node Exporter
Wants=network-online.target
After=network-online.target
[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter --collector.systemd --collector.processes
[Install]
WantedBy=multi-user.targetStart it up:
systemctl daemon-reload && systemctl start node_exporter
3. Configuring Prometheus for Scrape Efficiency
On your monitoring node (preferably a separate CoolVDS instance to ensure monitoring survives a production outage), you configure prometheus.yml. Do not set your scrape interval too low. 15 seconds is the sweet spot for 99% of use cases. Anything lower and you are just generating storage costs.
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'norway_production'
static_configs:
- targets: ['10.0.0.5:9100', '10.0.0.6:9100']
relabel_configs:
- source_labels: [__address__]
regex: '10\.0\.0\.5.*'
target_label: 'role'
replacement: 'loadbalancer'
The Metric That Matters: Saturation
Most admins alert on CPU percentage. This is wrong. A CPU at 100% is fine if the run queue isn't blocked. You should be alerting on Saturation.
In Prometheus Query Language (PromQL), don't look at node_cpu_seconds_total directly. Use the rate of increase combined with load average. A far better metric for storage healthâvital if you are running databases like PostgreSQL or MariaDBâis the disk I/O time.
rate(node_disk_io_time_seconds_total[1m])If this metric approaches 1.0 (100%), your disk subsystem is saturated. On standard SATA SSDs, this happens quickly during backups. On the NVMe arrays we use at CoolVDS, you have significantly more headroom, but you still need to watch it.
Data Sovereignty: The Post-Schrems II Landscape
We need to address the elephant in the server room: Compliance. Since the Schrems II ruling last year (July 2020), transferring personal data to US-controlled cloud providers has become a legal minefield for Norwegian companies. The EU-US Privacy Shield is invalid.
When you pipe your server logs and metricsâwhich often inadvertently contain IP addresses or user IDsâinto a US-based SaaS monitoring tool (like New Relic or Datadog), you are potentially violating GDPR.
The Solution: Host your monitoring stack in Norway. By running Prometheus on a CoolVDS instance in Oslo, your data never crosses the Atlantic. You keep full custody of your logs. Plus, you benefit from direct peering with NIX (Norwegian Internet Exchange), ensuring that your monitoring probes reflect the latency your local users actually experience.
Advanced Alerting with AlertManager
Grafana is for looking; AlertManager is for acting. We want to route critical alerts to PagerDuty/OpsGenie and warnings to Slack. Here is a robust routing configuration.
route:
group_by: ['alertname']
group_wait: 30s
group_interval: 5m
repeat_interval: 1h
receiver: 'slack-notifications'
routes:
- match:
severity: critical
receiver: 'pagerduty-high-urgency'
receivers:
- name: 'slack-notifications'
slack_configs:
- api_url: 'https://hooks.slack.com/services/T00000/B00000/XXXXXXXX'
channel: '#devops-alerts'Automation via Ansible
You shouldn't be SSH-ing into servers to install exporters manually. Thatâs how configuration drift happens. Here is a snippet for your Ansible playbook to ensure every new node you spin up is monitored from second zero.
- name: Ensure Node Exporter is installed
hosts: all
become: yes
tasks:
- name: Download Node Exporter
get_url:
url: "https://github.com/prometheus/node_exporter/releases/download/v1.1.2/node_exporter-1.1.2.linux-amd64.tar.gz"
dest: "/tmp/node_exporter.tar.gz"
- name: Unarchive Node Exporter
unarchive:
src: "/tmp/node_exporter.tar.gz"
dest: "/opt/"
remote_src: yes
creates: "/opt/node_exporter-1.1.2.linux-amd64/node_exporter"Conclusion
Monitoring is not about pretty graphs; it is about sleep quality and business continuity. By building a self-hosted Prometheus stack on high-performance KVM infrastructure, you eliminate the noise of shared hosting environments and the legal risks of US-cloud data transfers.
Don't let I/O bottlenecks or noisy neighbors ruin your uptime statistics. Deploy your monitoring stack on a platform built for engineers.
Ready to take control? Deploy a high-availability NVMe KVM instance on CoolVDS today and start monitoring with precision.