[Debian] 安裝 Grafana 7.4
#Step 01 – 安裝 influxdb
# Trust the Influx GPG key
wget -qO- https://repos.influxdata.com/influxdb.key | apt-key add -
# Add the Influx repositories to apt
source /etc/lsb-release
echo "deb https://repos.influxdata.com/${DISTRIB_ID,,} ${DISTRIB_CODENAME} stable" | tee /etc/apt/sources.list.d/influxdb.list
OR
echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list
# Update the repositories, and install influx
apt-get update && apt-get install influxdb
# Enable influx, and start it
systemctl unmask influxdb.service
systemctl start influxdb
root@linux:~$ influx
Connected to http://localhost:8086 version 1.7.9
InfluxDB shell version: 1.7.9
> quit
root@linux:~$
CREATE DATABASE telegraf
CREATE DATABASE telegraf_downsampled
CREATE RETENTION POLICY "rp_short" ON "telegraf" DURATION 30d REPLICATION 1 DEFAULT
CREATE CONTINUOUS QUERY cq_all_measurement ON telegraf BEGIN SELECT mean(*) INTO telegraf_downsampled.autogen.:MEASUREMENT FROM telegraf.rp_short./.*/ GROUP BY time(15m), * END
ALTER RETENTION POLICY "autogen" ON "telegraf" DURATION 70d REPLICATION 1 # 更新不會影響資料,只又套用新的policy 會影響資料
#Step 02 – 安裝 Telegraf
# Update the repositories, and install telegraf
apt-get update && apt-get install telegraf
# Generate the telegraf configuration with input from Cisco
# devices, and output to Influxdb
telegraf --output-filter influxdb --input-filter cisco_telemetry_mdt config | tee /etc/telegraf/telegraf.conf
# Enable and start the service
systemctl enable telegraf
systemctl start telegraf
root@linux:/etc/systemd$ ss -plant
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:* users:(("systemd-resolve",pid=737,fd=13))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=983,fd=3))
LISTEN 0 128 127.0.0.1:8088 0.0.0.0:* users:(("influxd",pid=2348,fd=3))
ESTAB 0 0 82.71.240.83:22 212.23.9.213:63810 users:(("sshd",pid=1304,fd=3),("sshd",pid=1166,fd=3))
LISTEN 0 128 *:8086 *:* users:(("influxd",pid=2348,fd=5))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=983,fd=4))
LISTEN 0 128 *:3000 *:* users:(("grafana-server",pid=3861,fd=6))
LISTEN 0 128 *:57000 *:* users:(("telegraf",pid=4794,fd=6))
ESTAB 0 0 [::1]:36856 [::1]:8086 users:(("telegraf",pid=4794,fd=5))
ESTAB 0 0 [::1]:8086 [::1]:36856 users:(("influxd",pid=2348,fd=6))
ESTAB 0 0 [::ffff:10.0.2.1]:57000 [::ffff:192.168.0.2]:60761 users:(("telegraf",pid=4794,fd=7))
root@linux:/etc/systemd$ influx
Connected to http://localhost:8086 version 1.7.9
InfluxDB shell version: 1.7.9
> show databases
name: databases
name
----
_internal
telegraf
> exit
#Step 03 – 安裝 Grafana
apt install software-properties-common -y
sudo apt-get install -y adduser libfontconfig1
wget https://dl.grafana.com/oss/release/grafana_7.4.1_amd64.deb
sudo dpkg -i grafana_7.4.1_amd64.deb
systemctl daemon-reload
systemctl start grafana-server
systemctl enable grafana-server.service
安裝套件
grafana-cli plugins install grafana-piechart-panel
grafana-cli plugins install grafana-worldmap-panel
grafana-cli plugins install natel-discrete-panel
grafana-cli plugins install grafana-image-renderer
grafana-cli plugins install flant-statusmap-panel
grafana-cli plugins install grafana-clock-panel
grafana-cli plugins install cloudflare-app
#Step 03 – 安裝 nginx
#$ echo deb http://nginx.org/packages/debian/ stretch nginx | sudo tee /etc/apt/sources.list.d/nginx.list
$ echo "deb http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
$ wget http://nginx.org/keys/nginx_signing.key && sudo apt-key add nginx_signing.key
$ sudo apt update && apt install nginx -y
需要注意的是,這一步安裝的 Nginx 和系統自帶的 nginx 的配置目錄略有區別,可以用一下幾個簡單的命令修正:
讓設定習慣不用改變
sudo mkdir /etc/nginx/{sites-available,sites-enabled}
sudo mv /etc/nginx/conf.d/* /etc/nginx/sites-available
sudo rmdir -f /etc/nginx/conf.d/
sudo perl -pi -e 's/conf.d/sites-enabled/g' /etc/nginx/nginx.conf
要設定一下設定檔連結
ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/
mkdir -p /var/www/html
chown -R nginx:nginx /var/www/html
檢查 nginx 設定檔是否正確
nginx -t
重新啟動 nginx 並 設定開機啟動
systemctl restart nginx
systemctl enable nginx
#Step 03 – 安裝 SSL
#########################
mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
Country Name (2 letter code) [AU]:TW1
State or Province Name (full name) [Some-State]:Taiwan2
Locality Name (eg, city) []:Taipei3
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company4
Organizational Unit Name (eg, section) []:My Unit5
Common Name (e.g. server FQDN or YOUR name) []:myhost.loacldomain.tw
Email Address []:user@loacldomain.tw
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# 加入 SSL 設定
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# 憑證與金鑰的路徑
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
# ...
}
################
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
#server {
# listen 80 default_server;
# listen [::]:80 default_server;
server {
listen 80 default_server;
listen [::]:80 default_server;
# 導向至 HTTPS
rewrite ^(.*) https://$host$1 permanent;
}
server {
# SSL 設定
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
# 憑證與金鑰的路徑
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
client_max_body_size 100M;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
#
location /grafana/ {
proxy_pass http://localhost:3000/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/run/php/php7.3-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
#Step 03 – Grafana config
# The http port to use
;http_port = 3000
# The public facing domain name used to access grafana from a browser
;domain = localhost
domain = xxx.xxx.xxx.xxx
# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
;enforce_domain = false
# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
;root_url = %(protocol)s://%(domain)s:%(http_port)s/
root_url = %(protocol)s://%(domain)s/grafana/
systemctl start grafana-server
#資料移轉使用
apt-get install sqlite3
安裝 LDAP 認證
# locate ldap.toml
# vi /etc/grafana/ldap.toml
內容如下:
[[servers]]
host = "127.0.0.1"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=admin,dc=grafana,dc=org"
bind_password = 'grafana'
search_filter = "(cn=%s)"
search_base_dns = ["dc=grafana,dc=org"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email = "email"
[[servers.group_mappings]]
group_dn = "cn=admins,dc=grafana,dc=org"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "cn=users,dc=grafana,dc=org"
org_role = "Editor"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"
改正如下
############
[[servers]]
host = "192.168.88.188"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "grafana@oscarlab.local"
bind_password = 'kamisama123@'
search_filter = "(sAMAccountName=%s)"
search_base_dns = ["dc=oscarlab,dc=local"]
[servers.attributes]
name = "givenName"
surname = "sn"
username = "sAMAccountName"
member_of = "memberOf"
email = "mail"
[[servers.group_mappings]]
group_dn = "CN=grafana-admin,CN=Users,DC=oscarlab,DC=LOCAL"
org_role = "Admin"
[[servers.group_mappings]]
group_dn = "CN=grafana-editor,CN=Users,DC=oscarlab,DC=LOCAL"
org_role = "Editor"
[[servers.group_mappings]]
group_dn = "CN=grafana-viewer,CN=Users,DC=oscarlab,DC=LOCAL"
org_role = "Viewer"
[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"
編輯 Grafana ini
# locate grafana.ini
# vi /etc/grafana/grafana.ini
#[auth.ldap]
#;enabled = false
#;config_file = /etc/grafana/ldap.toml
#;allow_sign_up = true
換成如下
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true
#
# /etc/init.d/grafana-server restart
OR
# systemctl restart grafana-server
#Step 03 – 安裝 SSL
Dashboard ID : 11912
https://grafana.com/grafana/dashboards/11912
###############################################################################
# Start #
###############################################################################
# Global Agent Configuration
[global_tags]
# Configuration for telegraf agent
[agent]
interval = "10s"
debug = false
# hostname = "server-hostname"
hostname = ""
round_interval = true
flush_interval = "10s"
flush_jitter = "0s"
collection_jitter = "0s"
metric_batch_size = 1000
metric_buffer_limit = 10000
quiet = false
logfile = ""
omit_hostname = false
precision = ""
###############################################################################
# OUTPUTS #
###############################################################################
# Output Plugin InfluxDB
[[outputs.influxdb]]
database = "telegraf"
urls = [ "http://127.0.0.1:8086" ]
username = "telegraf"
password = "metricsmetricsmetricsmetrics"
retention_policy = ""
###############################################################################
# INPUTS #
###############################################################################
#Read metrics about cpu usage
[[inputs.cpu]]
## Whether to report per-cpu stats or not
percpu = true
## Whether to report total system cpu stats or not
totalcpu = true
## If true, collect raw CPU time metrics.
collect_cpu_time = false
#If true, compute and report the sum of all non-idle CPU states.
report_active = false
fielddrop = ["time_guest","time_guest_nice","time_irq","time_nice","time_softirq","time_steal","usage_guest","usage_guest_nice","usage_irq","usage_nice","usage_softirq","usage_steal"]
#Read metrics about disk usage by mount point
[[inputs.disk]]
#Read metrics about disk IO by device
[[inputs.diskio]]
[[inputs.io]]
#Get kernel statistics from /proc/stat
[[inputs.kernel]]
#Read metrics about memory usage
[[inputs.mem]]
#Get the number of processes and group them by status
[[inputs.processes]]
#Read metrics about swap memory usage
[[inputs.swap]]
#Read metrics about system load & uptime
[[inputs.system]]
#Read stats about given file(s)
[[inputs.filestat]]
#Read formatted metrics from one or more HTTP endpoints
[[inputs.http]]
#Collect statistics about itself
[[inputs.internal]]
#This plugin gathers interrupts data from /proc/interrupts and /proc/softirqs.
[[inputs.interrupts]]
#Collect virtual and real server stats from Linux IPVS
[[inputs.ipvs]]
#Get kernel statistics from /proc/vmstat
[[inputs.kernel_vmstat]]
#Provides Linux sysctl fs metrics
[[inputs.linux_sysctl_fs]]
#Aggregates the contents of multiple files into a single point
[[inputs.multifile]]
#Read metrics about network interface usage
[[inputs.net]]
#Collect response time of a TCP or UDP connection
[[inputs.net_response]]
#Read TCP metrics such as established, time wait and sockets counts.
[[inputs.netstat]]
#Collect kernel snmp counters and network interface statistics
[[inputs.nstat]]
[[inputs.synproxy]]
#Monitor process cpu and memory usage
[[inputs.procstat]]
pattern = "httpd|java|python|telegraf|tomcat8|htop|apache2|www-data"
user = "daemon|root|telegraf|www-data|tomcat8"
#Sysstat metrics collector
[[inputs.sysstat]]
#Gather systemd units state
[[inputs.systemd_units]]
#Read metrics of ZFS from arcstats, zfetchstats, vdev_cache_stats, and pools
[[inputs.zfs]]
#Step 05 – snmp_conf
[[inputs.snmp]]
name_prefix = "exec4_"
agents = [ "xxx.xxx.xxx.xxx", "xxx.xxx.xxx.xx2", "xxx.xxx.xxx.xx3" ]
version = 2
community = "public"
interval = "30s"
timeout = "10s"
retries = 3
name = "F5_system"
[[inputs.snmp.field]]
name = "hostname"
oid = "RFC1213-MIB::sysName.0"
is_tag = true
[[inputs.snmp.field]]
name = "F5_uptime"
oid = "1.3.6.1.4.1.3375.2.1.6.6.0"
[[inputs.snmp.field]]
name = "F5_httpRequests"
oid = "1.3.6.1.4.1.3375.2.1.1.2.1.56.0"
[[inputs.snmp.field]]
name = "F5_client_connections"
oid = "1.3.6.1.4.1.3375.2.1.1.2.1.8.0"
[[inputs.snmp.field]]
name = "F5_client_bytes_in"
oid = "1.3.6.1.4.1.3375.2.1.1.2.1.60.0"
[[inputs.snmp.field]]
name = "F5_Total_Connections"
oid = "1.3.6.1.4.1.3375.2.1.1.2.1.8.0"
[[inputs.snmp.field]]
name = "F5_New_Connects"
oid = "1.3.6.1.4.1.3375.2.1.1.2.12.8.0"
[[inputs.snmp.field]]
name = "F5_New_Accepts"
oid = "1.3.6.1.4.1.3375.2.1.1.2.12.6.0"
[[inputs.snmp.field]]
name = "F5_Temperature"
oid = "1.3.6.1.4.1.3375.2.1.3.2.3.2.1.2.1"
[[inputs.snmp.field]]
name = "F5_Global_HTTP_Responses_2xx"
oid = "F5-BIGIP-SYSTEM-MIB::sysHttpStatResp2xxCnt.0"
[[inputs.snmp.field]]
name = "F5_Global_HTTP_Responses_3xx"
oid = "F5-BIGIP-SYSTEM-MIB::sysHttpStatResp3xxCnt.0"
[[inputs.snmp.field]]
name = "F5_Global_HTTP_Responses_4xx"
oid = "F5-BIGIP-SYSTEM-MIB::sysHttpStatResp4xxCnt.0"
[[inputs.snmp.field]]
name = "F5_Global_HTTP_Responses_5xx"
oid = "F5-BIGIP-SYSTEM-MIB::sysHttpStatResp5xxCnt.0"
[[inputs.snmp.field]]
name = "F5_Device_status"
oid = "F5-BIGIP-SYSTEM-MIB::sysCmFailoverStatusId.0"
[[inputs.snmp.field]]
name = "F5_Synchronization_status_color"
oid = "F5-BIGIP-SYSTEM-MIB::sysCmSyncStatusColor.0"
[[inputs.snmp.table]]
name = "F5_CPU"
oid = "F5-BIGIP-SYSTEM-MIB::sysMultiHostCpuTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_Memory_Usage"
oid = "F5-BIGIP-SYSTEM-MIB::sysMultiHostTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_PoolStatus"
oid = "F5-BIGIP-LOCAL-MIB::ltmPoolStatTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_ClientSSLStatus"
oid = "F5-BIGIP-LOCAL-MIB::ltmClientSslStatTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_Fan"
oid = "F5-BIGIP-SYSTEM-MIB::sysChassisFanTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_Temperature"
oid = "F5-BIGIP-SYSTEM-MIB::sysChassisTempTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_VirtualStatus"
oid = "F5-BIGIP-LOCAL-MIB::ltmVirtualServStatTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_Nodes_Status"
oid = "F5-BIGIP-LOCAL-MIB::ltmNodeAddrStatTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_Vlan_Status"
oid = "F5-BIGIP-SYSTEM-MIB::sysVlanStatTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_DiskTable_Status"
oid = "F5-BIGIP-SYSTEM-MIB:sysHostDiskTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_PoolMembers_Status"
oid = "F5-BIGIP-LOCAL-MIB::ltmPoolMemberStatTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_PoolUpDowm_Status"
oid = "F5-BIGIP-LOCAL-MIB::ltmPoolMemberTable"
inherit_tags = [ "hostname" ]
###############################################################################
# SSLVPN APM module #
###############################################################################
[[inputs.snmp.table]]
name = "F5_APM_IP_List"
oid = "F5-BIGIP-APM-MIB::apmLeasepoolStatTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_APM_Pauser_List"
oid = "F5-BIGIP-APM-MIB::apmPaStatTable"
inherit_tags = [ "hostname" ]
[[inputs.snmp.table]]
name = "F5_APM_ACL_List"
oid = "F5-BIGIP-APM-MIB::apmAclStatTable"
inherit_tags = [ "hostname" ]
###############################################################################
# SSLVPN #
###############################################################################
#####################################################
#
# Gather Interface Statistics via SNMP Start
#
#####################################################
# IF-MIB::ifTable contains counters on input and output traffic as well as errors and discards.
[[inputs.snmp.table]]
name = "F5_interface"
inherit_tags = [ "hostname" ]
oid = "IF-MIB::ifTable"
# Interface tag - used to identify interface in metrics database
[[inputs.snmp.table.field]]
name = "ifDescr"
oid = "IF-MIB::ifDescr"
is_tag = true
# IF-MIB::ifXTable contains newer High Capacity (HC) counters that do not overflow as fast for a few of the ifTable counters
[[inputs.snmp.table]]
name = "F5_interface"
inherit_tags = [ "hostname" ]
oid = "IF-MIB::ifXTable"
# Interface tag - used to identify interface in metrics database
[[inputs.snmp.table.field]]
name = "ifDescr"
oid = "IF-MIB::ifDescr"
is_tag = true
# EtherLike-MIB::dot3StatsTable contains detailed ethernet-level information about what kind of errors have been logged on an interface (such as FCS error, frame too long, etc)
[[inputs.snmp.table]]
name = "F5_interface"
inherit_tags = [ "hostname" ]
oid = "EtherLike-MIB::dot3StatsTable"
# Interface tag - used to identify interface in metrics database
[[inputs.snmp.table.field]]
name = "ifDescr"
oid = "IF-MIB::ifDescr"
is_tag = true
#####################################################
#
# Gather Interface Statistics via SNMP end
#
#####################################################
# Output Plugin InfluxDB
[[outputs.influxdb]]
namepass = ["exec4_*"]
database = "telegraf"
urls = [ "http://127.0.0.1:8086" ]
#username = "telegraf"
#password = "metricsmetricsmetricsmetrics"
retention_policy = ""
沒有留言:
張貼留言