root user?

[greg7mdp]

In the prometheus install, you write:

sudo chown root:root /usr/local/bin/promtool /usr/local/bin/prometheus

Any reason why we don't make prometheus the owner?

[metanull-operator]

No particular reason. I see there is some inconsistency in how I applied ownership to the executables in that directory. I probably looked at different examples of installation for these different tools and ended up with a mixture of ways of doing it. If there is a standard I should be aware of for /usr/local/bin, I'd be happy to make that change to the documentation. Otherwise, I wonder which is best for management and/or security.

[greg7mdp]

Sounds more logical since we created a prometheus user to begin with. I just tried and it works fine:

greg:~/Desktop$ sudo systemctl stop prometheus.service
greg:~/Desktop$ sudo chown prometheus:prometheus /usr/local/bin/promtool /usr/local/bin/prometheus
greg:~/Desktop$ sudo systemctl start prometheus.service

and I see the stats fine in grafana.

My validator is running, but not activated yet (still in the queue). Is that why I see 0 validator in Grafana?

[greg7mdp]

Also, is the number of geth peers displayed?

[greg7mdp]

I'm not quite understanding this sentence you wrote:

Note: At this point in the process, any widgets showing details from the validator will show "N/A", because the validator still has no keys configured. As soon as keys are configured for the validator, the validator details should begin to show up.

My keys are configured, but my validator is pending on the beacon network. Should I see the details in the grafana dashboard?

[metanull-operator]

Yes. Everything should work fine with prometheus as the owner of the executable file. As I said, there is no particular reason why I chose root over prometheus. I suppose there is a small theoretical chance that keeping the owner as root will keep a hacked prometheus executable from being replaced by a different executable, but I do not know if there really is any protection by keeping it owned by root.

I will clarify the language in the section you quoted. At that point you won't see specific data for the validator, but you also won't see much of the data until your validators are active as well. Before your validators are active, you should see data for Beacon Uptime, Validator Uptime, and Peer Count. If you see those three data points, then Grafana and Prometheus are correctly configured for the validator and beacon chain.

Note that your validator balances will not show up until your validators have been active for an epoch or two, up to 13 minutes.

The current dashboard does not show geth details, but geth peers is a good candidate for addition.

If you configured node_exporter, blackbox_exporter, and json_exporter, you should also now be seeing data for Server Memory Usage, CPU, CPU Temp, Ping, Network Traffic, Disk Usage, and ETH Price.

[greg7mdp]

Thanks a lot, that is reassuring. I believe I do see everything you mention. This dashboard is really nice, many thanks for creating and sharing it, as well as the thorough instructions. Actually here is a screenshot of what I see right now (I didn't set the blackbox_exporter):

I think I'm all set for my validators to be activated. Hopefully. This is a little bit nerve-racking. I also used the ssh hardening you suggested, sounds like a good precaution!

[greg7mdp]

BTW, I really appreciate you taking the time to answer my questions. Thanks!