Configure Thanos Receiver to handle high-volume remote write traffic from multiple Prometheus instances. This tutorial covers installation, multi-tenancy setup, and performance optimization for large-scale metrics ingestion.
Prerequisites
- Prometheus server running
- At least 4GB RAM available
- 50GB+ disk space for metrics storage
- Network access to object storage (optional)
What this solves
Thanos Receiver provides scalable remote write capabilities for Prometheus deployments, allowing you to centralize metrics from multiple Prometheus instances. It solves the problem of limited storage capacity and write throughput when dealing with high-volume metrics ingestion across distributed environments.
Step-by-step installation
Update system packages
Start by updating your package manager to ensure you have the latest versions.
sudo apt update && sudo apt upgrade -yCreate Thanos user and directories
Create a dedicated system user for running Thanos components and set up necessary directories.
sudo useradd --system --no-create-home --shell /bin/false thanos
sudo mkdir -p /opt/thanos/{bin,data,config}
sudo mkdir -p /var/log/thanos
sudo chown -R thanos:thanos /opt/thanos /var/log/thanosDownload and install Thanos
Download the latest Thanos binary and install it to the appropriate location.
cd /tmp
wget https://github.com/thanos-io/thanos/releases/download/v0.34.1/thanos-0.34.1.linux-amd64.tar.gz
tar -xzf thanos-0.34.1.linux-amd64.tar.gz
sudo cp thanos-0.34.1.linux-amd64/thanos /opt/thanos/bin/
sudo chown thanos:thanos /opt/thanos/bin/thanos
sudo chmod +x /opt/thanos/bin/thanosCreate Thanos Receiver configuration
Set up the main configuration file for Thanos Receiver with multi-tenancy and resource limits.
remote_write:
# Enable multi-tenancy
tenant_header: "X-Thanos-Tenant"
default_tenant_id: "default"
# Resource limits
request_logging_config:
decision:
log_start: false
log_end: false
# Ingestion limits
limits:
write_timeout: 30s
request_samples: 10000
request_series: 1000
tenant_samples_per_second: 10000
tenant_series_per_second: 1000
# Storage configuration
storage:
tsdb:
path: "/opt/thanos/data/receive"
retention: "15d"
min_block_duration: "2h"
max_block_duration: "2h"
Object storage configuration (optional)
object_store:
type: S3
config:
bucket: "thanos-storage"
endpoint: "s3.amazonaws.com"
region: "us-east-1"
access_key: "your-access-key"
secret_key: "your-secret-key"Configure object storage for long-term retention
Create a storage configuration file for object storage backend integration.
type: S3
config:
bucket: "thanos-metrics-storage"
endpoint: "s3.amazonaws.com"
region: "us-east-1"
access_key: "AKIA..."
secret_key: "your-secret-key"
insecure: false
signature_version2: false
encrypt_sse: false
put_user_metadata: {}
http_config:
idle_conn_timeout: 90s
response_header_timeout: 2m
insecure_skip_verify: false
trace:
enable: false
part_size: 67108864Set correct file permissions
Apply secure permissions to configuration files and data directories.
sudo chown thanos:thanos /opt/thanos/config/*.yml
sudo chmod 640 /opt/thanos/config/*.yml
sudo chmod 750 /opt/thanos/dataNever use chmod 777. It gives every user on the system full access to your files. Instead, fix ownership with chown and use minimal permissions.
Create systemd service file
Set up a systemd service for managing the Thanos Receiver process.
[Unit]
Description=Thanos Receiver
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=thanos
Group=thanos
ExecStart=/opt/thanos/bin/thanos receive \
--grpc-address=0.0.0.0:10907 \
--http-address=0.0.0.0:10909 \
--remote-write.address=0.0.0.0:19291 \
--tsdb.path=/opt/thanos/data/receive \
--tsdb.retention=15d \
--objstore.config-file=/opt/thanos/config/bucket.yml \
--label=receive="true" \
--label=replica="receiver-1" \
--receive.replication-factor=1 \
--receive.hashrings-file=/opt/thanos/config/hashring.json \
--receive.local-endpoint=127.0.0.1:10907 \
--receive.tenant-header=X-Thanos-Tenant \
--receive.default-tenant-id=default \
--log.level=info \
--log.format=logfmt
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
SyslogIdentifier=thanos-receiver
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.targetCreate hashring configuration for multi-tenancy
Configure hashring for distributing tenants across receiver instances.
[
{
"hashring": "default",
"tenants": ["default", "tenant-a", "tenant-b"],
"endpoints": [
"127.0.0.1:10907"
],
"algorithm": "ketama"
}
]Configure firewall rules
Open necessary ports for Thanos Receiver communication.
sudo ufw allow 10907/tcp comment "Thanos Receiver gRPC"
sudo ufw allow 10909/tcp comment "Thanos Receiver HTTP"
sudo ufw allow 19291/tcp comment "Thanos Receiver Remote Write"
sudo ufw reloadEnable and start Thanos Receiver
Start the Thanos Receiver service and enable it to start on boot.
sudo systemctl daemon-reload
sudo systemctl enable thanos-receiver
sudo systemctl start thanos-receiver
sudo systemctl status thanos-receiverConfigure Prometheus remote write integration
Configure Prometheus for remote write
Update your Prometheus configuration to send metrics to Thanos Receiver with tenant identification.
global:
scrape_interval: 15s
evaluation_interval: 15s
external_labels:
cluster: 'production'
replica: 'prometheus-1'
remote_write:
- url: "http://localhost:19291/api/v1/receive"
headers:
X-Thanos-Tenant: "production"
queue_config:
capacity: 10000
max_shards: 200
min_shards: 1
max_samples_per_send: 5000
batch_send_deadline: 5s
min_backoff: 30ms
max_backoff: 100ms
retry_on_http_429: true
write_relabel_configs:
- source_labels: [__name__]
regex: 'up|process_.|go_.'
action: drop
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
- job_name: 'node-exporter'
static_configs:
- targets: ['localhost:9100']Restart Prometheus to apply configuration
Reload Prometheus configuration to start sending metrics to Thanos Receiver.
sudo systemctl reload prometheus
sudo systemctl status prometheusSet up monitoring and alerting
Configure Grafana dashboard for Thanos Receiver
Create a monitoring dashboard to track receiver performance and ingestion rates.
{
"dashboard": {
"title": "Thanos Receiver Monitoring",
"panels": [
{
"title": "Ingestion Rate",
"type": "graph",
"targets": [
{
"expr": "rate(prometheus_remote_storage_samples_total[5m])",
"legendFormat": "Samples/sec"
}
]
},
{
"title": "Active Tenants",
"type": "stat",
"targets": [
{
"expr": "thanos_receive_tenants",
"legendFormat": "Tenants"
}
]
}
]
}
}Create alerting rules for receiver health
Set up Prometheus alerting rules to monitor receiver performance and availability.
groups:
- name: thanos.receiver
rules:
- alert: ThanosReceiverDown
expr: up{job="thanos-receiver"} == 0
for: 5m
labels:
severity: critical
annotations:
summary: "Thanos Receiver is down"
description: "Thanos Receiver has been down for more than 5 minutes."
- alert: ThanosReceiverHighIngestionRate
expr: rate(prometheus_remote_storage_samples_total[5m]) > 50000
for: 2m
labels:
severity: warning
annotations:
summary: "High ingestion rate detected"
description: "Thanos Receiver is ingesting {{ $value }} samples/sec, which is above the threshold."
- alert: ThanosReceiverDiskSpaceHigh
expr: (1 - (node_filesystem_free_bytes{mountpoint="/opt/thanos/data"} / node_filesystem_size_bytes{mountpoint="/opt/thanos/data"})) * 100 > 85
for: 5m
labels:
severity: warning
annotations:
summary: "Thanos Receiver disk space usage high"
description: "Disk space usage is above 85% on Thanos Receiver data directory."Optimize performance and troubleshooting
Configure resource limits and optimization
Fine-tune Thanos Receiver for high-throughput environments by adjusting resource limits.
# Receiver-specific limits
receive:
limits:
# Per-tenant limits
tenant_limits:
default:
request_rate: 10000 # requests per second
request_burst: 20000 # burst capacity
ingestion_rate: 50000 # samples per second
ingestion_burst: 100000 # burst samples
production:
request_rate: 20000
request_burst: 40000
ingestion_rate: 100000
ingestion_burst: 200000
# Global limits
global:
max_concurrent_requests: 1000
timeout: 30s
TSDB optimization
tsdb:
wal_compression: true
head_chunks_write_buffer_size: 4194304
max_exemplars: 100000Set up log rotation
Configure log rotation to prevent disk space issues with receiver logs.
/var/log/thanos/*.log {
daily
missingok
rotate 30
compress
delaycompress
notifempty
create 0644 thanos thanos
postrotate
systemctl reload thanos-receiver
endscript
}Verify your setup
Check that Thanos Receiver is running correctly and ingesting metrics from Prometheus.
# Check service status
sudo systemctl status thanos-receiver
Verify receiver is listening on ports
sudo netstat -tlnp | grep -E '(10907|10909|19291)'
Check receiver metrics endpoint
curl http://localhost:10909/metrics | grep thanos_receive
Verify remote write is working
curl http://localhost:10909/api/v1/query?query=up
Check logs for any errors
sudo journalctl -u thanos-receiver -f --since "10 minutes ago"Common issues
| Symptom | Cause | Fix |
|---|---|---|
| Receiver fails to start | Configuration syntax errors | Check config with /opt/thanos/bin/thanos receive --help and validate YAML syntax |
| Remote write timeout errors | High ingestion load or network issues | Increase write_timeout in receiver config and optimize Prometheus queue_config |
| Disk space fills up quickly | Retention policy too long or high ingestion rate | Reduce tsdb.retention or configure object storage for long-term storage |
| Multi-tenancy not working | Missing tenant header configuration | Verify X-Thanos-Tenant header is set in Prometheus remote_write config |
| High memory usage | Large number of active series | Implement series limiting in receiver config and optimize Prometheus scraping |
| Connection refused errors | Firewall blocking ports | Verify firewall rules allow ports 10907, 10909, and 19291 |
Next steps
- Configure Prometheus long-term storage with Thanos for unlimited data retention
- Monitor HAProxy and Consul with Prometheus and Grafana dashboards
- Set up Thanos Query and Compactor for distributed metrics querying
- Implement Thanos Ruler for distributed alerting and recording rules
- Configure Thanos Receiver clustering for high availability and load distribution
Automated install script
Run this to automate the entire setup
install.sh
#!/usr/bin/env bash
set -euo pipefail
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Default configuration
THANOS_VERSION="0.34.1"
THANOS_USER="thanos"
INSTALL_DIR="/opt/thanos"
DATA_DIR="/opt/thanos/data"
CONFIG_DIR="/opt/thanos/config"
LOG_DIR="/var/log/thanos"
GRPC_PORT="10907"
HTTP_PORT="10909"
REMOTE_WRITE_PORT="19291"
# Usage message
usage() {
echo "Usage: $0 [OPTIONS]"
echo "Options:"
echo " -v VERSION Thanos version to install (default: $THANOS_VERSION)"
echo " -u USER System user for Thanos (default: $THANOS_USER)"
echo " -h Show this help message"
exit 1
}
# Parse command line arguments
while getopts "v:u:h" opt; do
case $opt in
v) THANOS_VERSION="$OPTARG" ;;
u) THANOS_USER="$OPTARG" ;;
h) usage ;;
*) usage ;;
esac
done
# Cleanup function
cleanup() {
echo -e "${RED}[ERROR] Installation failed. Cleaning up...${NC}"
systemctl stop thanos-receiver 2>/dev/null || true
systemctl disable thanos-receiver 2>/dev/null || true
rm -f /etc/systemd/system/thanos-receiver.service
userdel "$THANOS_USER" 2>/dev/null || true
rm -rf "$INSTALL_DIR" "$LOG_DIR"
exit 1
}
# Set up error handling
trap cleanup ERR
# Check if running as root
if [[ $EUID -ne 0 ]]; then
echo -e "${RED}This script must be run as root${NC}"
exit 1
fi
# Auto-detect distribution
if [ -f /etc/os-release ]; then
. /etc/os-release
case "$ID" in
ubuntu|debian)
PKG_MGR="apt"
PKG_INSTALL="apt install -y"
PKG_UPDATE="apt update && apt upgrade -y"
;;
almalinux|rocky|centos|rhel|ol|fedora)
PKG_MGR="dnf"
PKG_INSTALL="dnf install -y"
PKG_UPDATE="dnf update -y"
;;
amzn)
PKG_MGR="yum"
PKG_INSTALL="yum install -y"
PKG_UPDATE="yum update -y"
;;
*)
echo -e "${RED}Unsupported distribution: $ID${NC}"
exit 1
;;
esac
else
echo -e "${RED}Cannot detect distribution. /etc/os-release not found.${NC}"
exit 1
fi
echo -e "${GREEN}Installing Thanos Receiver v$THANOS_VERSION${NC}"
echo -e "${YELLOW}Detected OS: $ID${NC}"
# Step 1: Update system packages
echo -e "${GREEN}[1/8] Updating system packages...${NC}"
eval "$PKG_UPDATE"
# Step 2: Install required packages
echo -e "${GREEN}[2/8] Installing required packages...${NC}"
$PKG_INSTALL wget tar curl
# Step 3: Create Thanos user and directories
echo -e "${GREEN}[3/8] Creating Thanos user and directories...${NC}"
if ! id "$THANOS_USER" &>/dev/null; then
useradd --system --no-create-home --shell /bin/false "$THANOS_USER"
fi
mkdir -p "$INSTALL_DIR"/{bin,data,config}
mkdir -p "$LOG_DIR"
mkdir -p "$DATA_DIR/receive"
# Step 4: Download and install Thanos
echo -e "${GREEN}[4/8] Downloading and installing Thanos v$THANOS_VERSION...${NC}"
cd /tmp
THANOS_ARCHIVE="thanos-${THANOS_VERSION}.linux-amd64.tar.gz"
THANOS_URL="https://github.com/thanos-io/thanos/releases/download/v${THANOS_VERSION}/${THANOS_ARCHIVE}"
wget -q "$THANOS_URL"
tar -xzf "$THANOS_ARCHIVE"
cp "thanos-${THANOS_VERSION}.linux-amd64/thanos" "$INSTALL_DIR/bin/"
rm -rf "thanos-${THANOS_VERSION}.linux-amd64" "$THANOS_ARCHIVE"
# Step 5: Create configuration files
echo -e "${GREEN}[5/8] Creating configuration files...${NC}"
# Create hashring configuration
cat > "$CONFIG_DIR/hashring.json" << 'EOF'
[
{
"hashring": "default",
"endpoints": ["127.0.0.1:10907"]
}
]
EOF
# Create bucket configuration (template)
cat > "$CONFIG_DIR/bucket.yml" << 'EOF'
type: FILESYSTEM
config:
directory: "/opt/thanos/data/bucket"
EOF
# Create bucket data directory
mkdir -p "$DATA_DIR/bucket"
# Step 6: Set correct permissions
echo -e "${GREEN}[6/8] Setting file permissions...${NC}"
chown -R "$THANOS_USER:$THANOS_USER" "$INSTALL_DIR" "$LOG_DIR"
chmod 755 "$INSTALL_DIR/bin/thanos"
chmod 750 "$DATA_DIR" "$LOG_DIR"
chmod 644 "$CONFIG_DIR"/*.yml "$CONFIG_DIR"/*.json
# Step 7: Create systemd service
echo -e "${GREEN}[7/8] Creating systemd service...${NC}"
cat > /etc/systemd/system/thanos-receiver.service << EOF
[Unit]
Description=Thanos Receiver
Documentation=https://thanos.io/
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
User=$THANOS_USER
Group=$THANOS_USER
ExecStart=$INSTALL_DIR/bin/thanos receive \\
--grpc-address=0.0.0.0:$GRPC_PORT \\
--http-address=0.0.0.0:$HTTP_PORT \\
--remote-write.address=0.0.0.0:$REMOTE_WRITE_PORT \\
--tsdb.path=$DATA_DIR/receive \\
--tsdb.retention=15d \\
--objstore.config-file=$CONFIG_DIR/bucket.yml \\
--label=receive="true" \\
--label=replica="receiver-1" \\
--receive.replication-factor=1 \\
--receive.hashrings-file=$CONFIG_DIR/hashring.json \\
--receive.local-endpoint=127.0.0.1:$GRPC_PORT \\
--receive.tenant-header=X-Thanos-Tenant \\
--receive.default-tenant-id=default \\
--log.level=info \\
--log.format=logfmt
ExecReload=/bin/kill -HUP \$MAINPID
KillMode=mixed
Restart=always
RestartSec=5
TimeoutStopSec=20
LimitNOFILE=65536
StandardOutput=append:$LOG_DIR/thanos-receiver.log
StandardError=append:$LOG_DIR/thanos-receiver.log
SyslogIdentifier=thanos-receiver
[Install]
WantedBy=multi-user.target
EOF
# Step 8: Configure firewall (if active)
echo -e "${GREEN}[8/8] Configuring firewall and starting services...${NC}"
# Configure firewall based on distribution
if systemctl is-active --quiet firewalld 2>/dev/null; then
firewall-cmd --permanent --add-port="$GRPC_PORT/tcp" --quiet || true
firewall-cmd --permanent --add-port="$HTTP_PORT/tcp" --quiet || true
firewall-cmd --permanent --add-port="$REMOTE_WRITE_PORT/tcp" --quiet || true
firewall-cmd --reload --quiet || true
echo -e "${YELLOW}Firewalld configured for Thanos ports${NC}"
elif systemctl is-active --quiet ufw 2>/dev/null; then
ufw allow "$GRPC_PORT/tcp" --quiet || true
ufw allow "$HTTP_PORT/tcp" --quiet || true
ufw allow "$REMOTE_WRITE_PORT/tcp" --quiet || true
echo -e "${YELLOW}UFW configured for Thanos ports${NC}"
fi
# Enable and start service
systemctl daemon-reload
systemctl enable thanos-receiver
systemctl start thanos-receiver
# Verification
echo -e "${GREEN}Verifying installation...${NC}"
sleep 5
if systemctl is-active --quiet thanos-receiver; then
echo -e "${GREEN}✓ Thanos Receiver is running${NC}"
else
echo -e "${RED}✗ Thanos Receiver failed to start${NC}"
systemctl status thanos-receiver
exit 1
fi
# Check if ports are listening
for port in "$GRPC_PORT" "$HTTP_PORT" "$REMOTE_WRITE_PORT"; do
if ss -tlnp | grep -q ":$port "; then
echo -e "${GREEN}✓ Port $port is listening${NC}"
else
echo -e "${YELLOW}⚠ Port $port may not be accessible${NC}"
fi
done
echo -e "${GREEN}"
echo "=========================================="
echo "Thanos Receiver installation completed!"
echo "=========================================="
echo -e "${NC}"
echo "Service status: systemctl status thanos-receiver"
echo "Logs: journalctl -u thanos-receiver -f"
echo "Configuration: $CONFIG_DIR/"
echo "Data directory: $DATA_DIR/"
echo ""
echo "Endpoints:"
echo " gRPC: :$GRPC_PORT"
echo " HTTP: :$HTTP_PORT"
echo " Remote Write: :$REMOTE_WRITE_PORT"
echo ""
echo "Configure your Prometheus instances to use remote write:"
echo "remote_write:"
echo " - url: http://$(hostname -I | awk '{print $1}'):$REMOTE_WRITE_PORT/api/v1/receive"
echo " headers:"
echo " X-Thanos-Tenant: default"Review the script before running. Execute with: bash install.sh