[Up]常用資訊

[重點文章] 重點文章 [重點文章] 重點文章

2021年6月14日 星期一

[Debian] 安裝 Grafana 8.0

[Debian] 安裝 Grafana 8.0

 
#Step 01 – 安裝 influxdb

# Trust the Influx GPG key
wget -qO- https://repos.influxdata.com/influxdb.key | apt-key add -
#
apt install software-properties-common -y
#
# Add the Influx repositories to apt
# source /etc/lsb-release
# echo "deb https://repos.influxdata.com/${DISTRIB_ID,,} ${DISTRIB_CODENAME} stable" | tee /etc/apt/sources.list.d/influxdb.list

OR

echo "deb https://repos.influxdata.com/debian buster stable" | sudo tee /etc/apt/sources.list.d/influxdb.list

# Update the repositories, and install influx
apt-get update && apt-get install influxdb

# Enable influx, and start it
systemctl unmask influxdb.service
systemctl start influxdb


root@linux:~$ influx
Connected to http://localhost:8086 version 1.8.6
InfluxDB shell version: 1.8.6
> quit
root@linux:~$

CREATE DATABASE telegraf
CREATE DATABASE telegraf_downsampled
CREATE RETENTION POLICY "rp_short" ON "telegraf" DURATION 30d REPLICATION 1 DEFAULT
CREATE CONTINUOUS QUERY cq_all_measurement ON telegraf BEGIN SELECT mean(*) INTO telegraf_downsampled.autogen.:MEASUREMENT FROM telegraf.rp_short./.*/ GROUP BY time(15m), * END


ALTER RETENTION POLICY "autogen" ON "telegraf" DURATION 70d REPLICATION 1  # 更新不會影響資料,只又套用新的policy 會影響資料

 
#Step 02 – 安裝 Telegraf



# Update the repositories, and install telegraf
apt-get update && apt-get install telegraf

# Generate the telegraf configuration with input from Cisco
# devices, and output to Influxdb
telegraf --output-filter influxdb --input-filter cisco_telemetry_mdt config | tee /etc/telegraf/telegraf.conf

# Enable and start the service
systemctl enable telegraf
systemctl start telegraf

root@linux:/etc/systemd$ ss -plant
State  Recv-Q  Send-Q        Local Address:Port            Peer Address:Port
LISTEN 0       128           127.0.0.53%lo:53                   0.0.0.0:*       users:(("systemd-resolve",pid=737,fd=13))
LISTEN 0       128                 0.0.0.0:22                   0.0.0.0:*       users:(("sshd",pid=983,fd=3))
LISTEN 0       128               127.0.0.1:8088                 0.0.0.0:*       users:(("influxd",pid=2348,fd=3))
ESTAB  0       0              82.71.240.83:22              212.23.9.213:63810   users:(("sshd",pid=1304,fd=3),("sshd",pid=1166,fd=3))
LISTEN 0       128                       *:8086                       *:*       users:(("influxd",pid=2348,fd=5))
LISTEN 0       128                    [::]:22                      [::]:*       users:(("sshd",pid=983,fd=4))
LISTEN 0       128                       *:3000                       *:*       users:(("grafana-server",pid=3861,fd=6))
LISTEN 0       128                       *:57000                      *:*       users:(("telegraf",pid=4794,fd=6))
ESTAB  0       0                     [::1]:36856                  [::1]:8086    users:(("telegraf",pid=4794,fd=5))
ESTAB  0       0                     [::1]:8086                   [::1]:36856   users:(("influxd",pid=2348,fd=6))
ESTAB  0       0         [::ffff:10.0.2.1]:57000   [::ffff:192.168.0.2]:60761   users:(("telegraf",pid=4794,fd=7))

root@linux:/etc/systemd$ influx
Connected to http://localhost:8086 version 1.8.6
InfluxDB shell version: 1.8.6
> show databases
name: databases
name
----
_internal
telegraf
> exit
 
#Step 03 – 安裝 Grafana


apt install software-properties-common -y

sudo apt-get install -y adduser libfontconfig1
wget https://dl.grafana.com/oss/release/grafana_8.0.2_amd64.deb
sudo dpkg -i grafana_8.0.2_amd64.deb

systemctl daemon-reload
systemctl start grafana-server
systemctl enable grafana-server.service

安裝套件
grafana-cli plugins install grafana-piechart-panel

grafana-cli plugins install grafana-worldmap-panel

grafana-cli plugins install natel-discrete-panel

grafana-cli plugins install grafana-image-renderer

grafana-cli plugins install flant-statusmap-panel

grafana-cli plugins install grafana-clock-panel

grafana-cli plugins install cloudflare-app

 
#Step 03 – 安裝 nginx

#$ echo deb http://nginx.org/packages/debian/ stretch nginx | sudo tee /etc/apt/sources.list.d/nginx.list
$ echo "deb http://nginx.org/packages/mainline/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
$ wget http://nginx.org/keys/nginx_signing.key && sudo apt-key add nginx_signing.key 
$ sudo apt update && apt install nginx -y

需要注意的是,這一步安裝的 Nginx 和系統自帶的 nginx 的配置目錄略有區別,可以用一下幾個簡單的命令修正:
讓設定習慣不用改變
sudo mkdir /etc/nginx/{sites-available,sites-enabled}
sudo mv /etc/nginx/conf.d/* /etc/nginx/sites-available
sudo rmdir -f /etc/nginx/conf.d/
sudo perl -pi -e 's/conf.d/sites-enabled/g' /etc/nginx/nginx.conf

要設定一下設定檔連結
ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/

mkdir -p /var/www/html

chown -R nginx:nginx /var/www/html

檢查 nginx 設定檔是否正確

nginx -t

重新啟動 nginx 並 設定開機啟動

systemctl restart nginx 
systemctl enable nginx 



 
#Step 03 – 安裝 SSL


#########################

mkdir /etc/nginx/ssl

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Country Name (2 letter code) [AU]:TW1
State or Province Name (full name) [Some-State]:Taiwan2
Locality Name (eg, city) []:Taipei3
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company4
Organizational Unit Name (eg, section) []:My Unit5
Common Name (e.g. server FQDN or YOUR name) []:myhost.loacldomain.tw
Email Address []:user@loacldomain.tw

#
server {
  listen 80 default_server;
  listen [::]:80 default_server;

  # 加入 SSL 設定
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;

  # 憑證與金鑰的路徑
  ssl_certificate /etc/nginx/ssl/nginx.crt;
  ssl_certificate_key /etc/nginx/ssl/nginx.key;

  # ...
}

################
# 完整 defautl-sit.conf 檔案
##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# https://www.nginx.com/resources/wiki/start/
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# https://wiki.debian.org/Nginx/DirectoryStructure
#
# In most cases, administrators will remove this file from sites-enabled/ and
# leave it as reference inside of sites-available where it will continue to be
# updated by the nginx packaging team.
#
# This file will automatically load configuration files provided by other
# applications, such as Drupal or Wordpress. These applications will be made
# available underneath a path with that package name, such as /drupal8.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Default server configuration
#
#server {
#       listen 80 default_server;
#       listen [::]:80 default_server;
server {
        listen 80 default_server;
        listen [::]:80 default_server;

  # 導向至 HTTPS
  rewrite ^(.*) https://$host$1 permanent;
}
server {
  # SSL 設定
  listen 443 ssl default_server;
  listen [::]:443 ssl default_server;

  # 憑證與金鑰的路徑
  ssl_certificate /etc/nginx/ssl/nginx.crt;
  ssl_certificate_key /etc/nginx/ssl/nginx.key;
  client_max_body_size 100M;
        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

#
    location /grafana/ {
        proxy_pass http://localhost:3000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

 
#Step 03 – Grafana config

#  修改
# The http port  to use
;http_port = 3000

# The public facing domain name used to access grafana from a browser
;domain = localhost
domain = xxx.xxx.xxx.xxx

# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
;enforce_domain = false

# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
;root_url = %(protocol)s://%(domain)s:%(http_port)s/
root_url = %(protocol)s://%(domain)s/grafana/

systemctl start grafana-server

#資料移轉使用
apt-get install sqlite3

安裝 LDAP 認證

# locate ldap.toml
# vi /etc/grafana/ldap.toml

內容如下:

[[servers]]
host = "127.0.0.1"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "cn=admin,dc=grafana,dc=org"
bind_password = 'grafana'
search_filter = "(cn=%s)"
search_base_dns = ["dc=grafana,dc=org"]

[servers.attributes]
name = "givenName"
surname = "sn"
username = "cn"
member_of = "memberOf"
email =  "email"

[[servers.group_mappings]]
group_dn = "cn=admins,dc=grafana,dc=org"
org_role = "Admin"

[[servers.group_mappings]]
group_dn = "cn=users,dc=grafana,dc=org"
org_role = "Editor"

[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"

改正如下
############
[[servers]]
host = "192.168.88.188"
port = 389
use_ssl = false
start_tls = false
ssl_skip_verify = false
bind_dn = "grafana@oscarlab.local"
bind_password = 'kamisama123@'
search_filter = "(sAMAccountName=%s)"
search_base_dns = ["dc=oscarlab,dc=local"]

[servers.attributes]
name = "givenName"
surname = "sn"
username = "sAMAccountName"
member_of = "memberOf"
email =  "mail"

[[servers.group_mappings]]
group_dn = "CN=grafana-admin,CN=Users,DC=oscarlab,DC=LOCAL"
org_role = "Admin"

[[servers.group_mappings]]
group_dn = "CN=grafana-editor,CN=Users,DC=oscarlab,DC=LOCAL"
org_role = "Editor"

[[servers.group_mappings]]
group_dn = "CN=grafana-viewer,CN=Users,DC=oscarlab,DC=LOCAL"
org_role = "Viewer"

[[servers.group_mappings]]
group_dn = "*"
org_role = "Viewer"

編輯 Grafana ini

# locate grafana.ini
# vi /etc/grafana/grafana.ini

#[auth.ldap]
#;enabled = false
#;config_file = /etc/grafana/ldap.toml
#;allow_sign_up = true
換成如下
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = true

#
# /etc/init.d/grafana-server restart
OR

# systemctl restart grafana-server
 
#Step 03 – 安裝 SSL


Dashboard ID : 11912

https://grafana.com/grafana/dashboards/11912

###############################################################################
#                                  Start                                      #
###############################################################################
# Global Agent Configuration
[global_tags]

# Configuration for telegraf agent
[agent]
    interval = "10s"
    debug = false
#    hostname = "server-hostname"
    hostname = ""
    round_interval = true
    flush_interval = "10s"
    flush_jitter = "0s"
    collection_jitter = "0s"
    metric_batch_size = 1000
    metric_buffer_limit = 10000
    quiet = false
    logfile = ""
    omit_hostname = false
        precision = ""

###############################################################################
#                                  OUTPUTS                                    #
###############################################################################

# Output Plugin InfluxDB
[[outputs.influxdb]]
    database = "telegraf"
    urls = [ "http://127.0.0.1:8086" ]
    username = "telegraf"
    password = "metricsmetricsmetricsmetrics"
    retention_policy = ""

###############################################################################
#                                  INPUTS                                     #
###############################################################################
#Read metrics about cpu usage
[[inputs.cpu]]
  ## Whether to report per-cpu stats or not
 percpu = true
  ## Whether to report total system cpu stats or not
 totalcpu = true
  ## If true, collect raw CPU time metrics.
 collect_cpu_time = false
#If true, compute and report the sum of all non-idle CPU states.
  report_active = false
  fielddrop = ["time_guest","time_guest_nice","time_irq","time_nice","time_softirq","time_steal","usage_guest","usage_guest_nice","usage_irq","usage_nice","usage_softirq","usage_steal"]
#Read metrics about disk usage by mount point
[[inputs.disk]]
#Read metrics about disk IO by device
[[inputs.diskio]]
[[inputs.io]]
#Get kernel statistics from /proc/stat
[[inputs.kernel]]
#Read metrics about memory usage
[[inputs.mem]]
#Get the number of processes and group them by status
[[inputs.processes]]
#Read metrics about swap memory usage
[[inputs.swap]]
#Read metrics about system load & uptime
[[inputs.system]]
#Read stats about given file(s)
[[inputs.filestat]]
#Read formatted metrics from one or more HTTP endpoints
[[inputs.http]]
#Collect statistics about itself
[[inputs.internal]]
#This plugin gathers interrupts data from /proc/interrupts and /proc/softirqs.
[[inputs.interrupts]]
#Collect virtual and real server stats from Linux IPVS
[[inputs.ipvs]]
#Get kernel statistics from /proc/vmstat
[[inputs.kernel_vmstat]]
#Provides Linux sysctl fs metrics
[[inputs.linux_sysctl_fs]]
#Aggregates the contents of multiple files into a single point
[[inputs.multifile]]
#Read metrics about network interface usage
[[inputs.net]]
#Collect response time of a TCP or UDP connection
[[inputs.net_response]]
#Read TCP metrics such as established, time wait and sockets counts.
[[inputs.netstat]]
#Collect kernel snmp counters and network interface statistics
[[inputs.nstat]]
[[inputs.synproxy]]
#Monitor process cpu and memory usage
[[inputs.procstat]]
pattern = "httpd|java|python|telegraf|tomcat8|htop|apache2|www-data"
user = "daemon|root|telegraf|www-data|tomcat8"
#Sysstat metrics collector
[[inputs.sysstat]]
#Gather systemd units state
[[inputs.systemd_units]]
#Read metrics of ZFS from arcstats, zfetchstats, vdev_cache_stats, and pools
[[inputs.zfs]]


 
#Step 05 – snmp_conf


[[inputs.snmp]]
  name_prefix = "exec4_"
  agents = [ "xxx.xxx.xxx.xxx", "xxx.xxx.xxx.xx2", "xxx.xxx.xxx.xx3" ]
  version = 2
  community = "public"
  interval = "30s"
  timeout = "10s"
  retries = 3
  name = "F5_system"

  [[inputs.snmp.field]]
    name = "hostname"
    oid = "RFC1213-MIB::sysName.0"
    is_tag = true
  [[inputs.snmp.field]]
    name = "F5_uptime"
    oid = "1.3.6.1.4.1.3375.2.1.6.6.0"
  [[inputs.snmp.field]]
    name = "F5_httpRequests"
    oid = "1.3.6.1.4.1.3375.2.1.1.2.1.56.0"
  [[inputs.snmp.field]]
    name = "F5_client_connections"
    oid = "1.3.6.1.4.1.3375.2.1.1.2.1.8.0"
  [[inputs.snmp.field]]
    name = "F5_client_bytes_in"
    oid = "1.3.6.1.4.1.3375.2.1.1.2.1.60.0"
  [[inputs.snmp.field]]
    name = "F5_Total_Connections"
    oid = "1.3.6.1.4.1.3375.2.1.1.2.1.8.0"
  [[inputs.snmp.field]]
    name = "F5_New_Connects"
    oid = "1.3.6.1.4.1.3375.2.1.1.2.12.8.0"
  [[inputs.snmp.field]]
    name = "F5_New_Accepts"
    oid = "1.3.6.1.4.1.3375.2.1.1.2.12.6.0"
  [[inputs.snmp.field]]
    name = "F5_Temperature"
    oid = "1.3.6.1.4.1.3375.2.1.3.2.3.2.1.2.1"
  [[inputs.snmp.field]]
    name = "F5_Global_HTTP_Responses_2xx"
    oid = "F5-BIGIP-SYSTEM-MIB::sysHttpStatResp2xxCnt.0"
  [[inputs.snmp.field]]
    name = "F5_Global_HTTP_Responses_3xx"
    oid = "F5-BIGIP-SYSTEM-MIB::sysHttpStatResp3xxCnt.0"
  [[inputs.snmp.field]]
    name = "F5_Global_HTTP_Responses_4xx"
    oid = "F5-BIGIP-SYSTEM-MIB::sysHttpStatResp4xxCnt.0"
  [[inputs.snmp.field]]
    name = "F5_Global_HTTP_Responses_5xx"
    oid = "F5-BIGIP-SYSTEM-MIB::sysHttpStatResp5xxCnt.0"

  [[inputs.snmp.field]]
    name = "F5_Device_status"
    oid = "F5-BIGIP-SYSTEM-MIB::sysCmFailoverStatusId.0"

 [[inputs.snmp.field]]
    name = "F5_Synchronization_status_color"
    oid = "F5-BIGIP-SYSTEM-MIB::sysCmSyncStatusColor.0"

 [[inputs.snmp.table]]
    name = "F5_CPU"
    oid = "F5-BIGIP-SYSTEM-MIB::sysMultiHostCpuTable"
    inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
    name = "F5_Memory_Usage"
    oid = "F5-BIGIP-SYSTEM-MIB::sysMultiHostTable"
    inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
   name = "F5_PoolStatus"
   oid = "F5-BIGIP-LOCAL-MIB::ltmPoolStatTable"
   inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
   name = "F5_ClientSSLStatus"
   oid = "F5-BIGIP-LOCAL-MIB::ltmClientSslStatTable"
   inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
   name = "F5_Fan"
   oid = "F5-BIGIP-SYSTEM-MIB::sysChassisFanTable"
   inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
   name = "F5_Temperature"
   oid = "F5-BIGIP-SYSTEM-MIB::sysChassisTempTable"
   inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
   name = "F5_VirtualStatus"
   oid = "F5-BIGIP-LOCAL-MIB::ltmVirtualServStatTable"
   inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
    name = "F5_Nodes_Status"
    oid =  "F5-BIGIP-LOCAL-MIB::ltmNodeAddrStatTable"
    inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
    name = "F5_Vlan_Status"
    oid =  "F5-BIGIP-SYSTEM-MIB::sysVlanStatTable"
    inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
    name = "F5_DiskTable_Status"
    oid =  "F5-BIGIP-SYSTEM-MIB:sysHostDiskTable"
    inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
    name = "F5_PoolMembers_Status"
    oid =  "F5-BIGIP-LOCAL-MIB::ltmPoolMemberStatTable"
    inherit_tags = [ "hostname" ]

 [[inputs.snmp.table]]
    name = "F5_PoolUpDowm_Status"
    oid =  "F5-BIGIP-LOCAL-MIB::ltmPoolMemberTable"
    inherit_tags = [ "hostname" ]
###############################################################################
# SSLVPN APM module #
###############################################################################

[[inputs.snmp.table]]
name = "F5_APM_IP_List"
oid = "F5-BIGIP-APM-MIB::apmLeasepoolStatTable"
inherit_tags = [ "hostname" ]

[[inputs.snmp.table]]
name = "F5_APM_Pauser_List"
oid = "F5-BIGIP-APM-MIB::apmPaStatTable"
inherit_tags = [ "hostname" ]

[[inputs.snmp.table]]
name = "F5_APM_ACL_List"
oid = "F5-BIGIP-APM-MIB::apmAclStatTable"
inherit_tags = [ "hostname" ]

###############################################################################
# SSLVPN #
###############################################################################
  #####################################################
  #
  # Gather Interface Statistics via SNMP Start
  #
  #####################################################

  # IF-MIB::ifTable contains counters on input and output traffic as well as errors and discards.
  [[inputs.snmp.table]]
    name = "F5_interface"
    inherit_tags = [ "hostname" ]
    oid = "IF-MIB::ifTable"

    # Interface tag - used to identify interface in metrics database
    [[inputs.snmp.table.field]]
      name = "ifDescr"
      oid = "IF-MIB::ifDescr"
      is_tag = true

  # IF-MIB::ifXTable contains newer High Capacity (HC) counters that do not overflow as fast for a few of the ifTable counters
  [[inputs.snmp.table]]
    name = "F5_interface"
    inherit_tags = [ "hostname" ]
    oid = "IF-MIB::ifXTable"

    # Interface tag - used to identify interface in metrics database
    [[inputs.snmp.table.field]]
      name = "ifDescr"
      oid = "IF-MIB::ifDescr"
      is_tag = true

  # EtherLike-MIB::dot3StatsTable contains detailed ethernet-level information about what kind of errors have been logged on an interface (such as FCS error, frame too long, etc)
  [[inputs.snmp.table]]
    name = "F5_interface"
    inherit_tags = [ "hostname" ]
    oid = "EtherLike-MIB::dot3StatsTable"

    # Interface tag - used to identify interface in metrics database
    [[inputs.snmp.table.field]]
      name = "ifDescr"
      oid = "IF-MIB::ifDescr"
      is_tag = true

  #####################################################
  #
  # Gather Interface Statistics via SNMP end
  #
  #####################################################
# Output Plugin InfluxDB
[[outputs.influxdb]]
    namepass = ["exec4_*"]
    database = "telegraf"
    urls = [ "http://127.0.0.1:8086" ]
    #username = "telegraf"
    #password = "metricsmetricsmetricsmetrics"
    retention_policy = ""

沒有留言:

張貼留言