github-mirrors/VictoriaMetrics
1
0
Fork 0
mirror of https://github.com/VictoriaMetrics/VictoriaMetrics.git synced 2025-03-11 15:34:56 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add files via upload

Browse source
This commit is contained in:
Brensted 2021-03-10 10:16:59 +02:00 committed by GitHub
parent 314f28fb38
commit e02265cfa7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docs/BestPractices.md
View file

@ -20,19 +20,23 @@ mkfs.ext4 ... -O 64bit,huge_file,extent -T huge
It is safe to upgrade VictoriaMetrics to new versions unless the release notes say otherwise. It is safe to skip multiple versions during the upgrade unless release notes say otherwise. It is recommended to perform regular upgrades to the latest version, since it may contain important bug fixes, performance optimizations or new features.
It is also safe to downgrade to the previous version unless release notes say otherwise.
The following steps must be performed during the upgrade / downgrade process:
-Send SIGINT signal to VictoriaMetrics process so that it is stopped gracefully.
-Wait until the process stops. This can take a few seconds.
-Start the upgraded VictoriaMetrics.
Prometheus doesn't drop data during theVictoriaMetrics restart. See this article for details.
## Security
Do not forget to protect sensitive endpoints in VictoriaMetrics when exposing them to untrusted networks such as the internet. Please consider setting the following command-line flags:
-tls, -tlsCertFile and -tlsKeyFile for switching from HTTP to HTTPS.
-httpAuth.username and -httpAuth.password for protecting all the HTTP endpoints with HTTP Basic Authentication.
-deleteAuthKey for protecting /api/v1/admin/tsdb/delete_series endpoint. See how to delete time series.
-snapshotAuthKey for protecting /snapshot* endpoints. See how to work with snapshots.
-forceMergeAuthKey for protecting /internal/force_merge endpoint. See force merge docs.
-search.resetCacheAuthKey for protecting /internal/resetRollupResultCache endpoint. See backfilling for more details.
Explicitly set internal network interface to TCP and UDP ports for data ingestion with Graphite and OpenTSDB formats. For example, substitute -graphiteListenAddr=:2003 with -graphiteListenAddr=<internal_iface_ip>:2003.
It is preferable to authorize all incoming requests from untrusted networks with vmauth or a similar auth proxy.