部署监控步骤流程
部署监控涉及到如下模块:
1、keycloak的安装
1)、建库:CREATE DATABASE IF NOT EXISTS keycloak DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
2)、导入初始表:mysql -uroot -proot keycloak </root/tielu/oneaa/keycliak_3.sql
3)、装keycloak,并启动:rpm -ivh keycloak-1.5.1-6.noarch.rpm
修改配置文件/opt/server/keycloak/standalone/configuration/standalone.xml中的数据库连接的用户名和密码。
启动keycloak:/etc/init.d/keycloakd start
4)、java -jar oneaa_sh.jar
用户名:admin,密码:123456,端口默认的是8081
运行完后拷贝keycloak.json
{auth-server-url=http://172.16.65.31:8081/auth, realm=master, resource=One-AA, credentials={secret=9e948a33-64dd-4074-a62e-849cfa01123e}, ssl-required=external, realm-public-key=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkioaUltvle0772GY17a1TCDfjgB0jmvGYYbaM3YYBK+27C1wOGfvOk/gBW2b8cn9RC0+Aw5z6M8hJAypfUKuuLj1nL5seLmH/hS/anBMIc2jfiNVZ3WsyMWGIeLkti0yUc5/pqe6qe8xEuvwRUA83wkZq3879N5l3JzrN7KCLAhw4qHWx5NEEGUlnGlmrz80s1RJ+DjUIZpGTNmLTSDNACnYukfmt4UYtAStoh9Jfy4zTzJ94W9rSIbCLEFYo6CONqNTOUpqoL+Ie30qBMf135HOh80dp2S2yGn7EmLlIlMg/PZ+XRLW2lPOUmRnxwvEE0PzCBkZmLJO0l9+IG+9XwIDAQAB}
这文件拷贝到oneaa前端ui的keycloak.json中去,去掉auth-server-url中的端口号
2、one-aa的安装
1)拷贝one-aa.war拷贝到/opt/server/tomcat/webapps/下,手动解压然后改配置文件
2)创建数据库:CREATE DATABASE IF NOT EXISTS oneaa DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
然后导表
3)创建oneaa权限表,导入:one_aa_sdk_schema.sql
2)identity.conf
keycloak.endpoint=http://172.16.64.139/auth keycloak.admin.name=admin keycloak.admin.password=123456 keycloak.admin.clientId=security-admin-console jdbc.driver=com.mysql.jdbc.Driver jdbc.url=jdbc:mysql://172.16.64.139:3306/oneaa?useUnicode=true&characterEncoding=utf-8 jdbc.username=root jdbc.password=root #connection pool settings jdbc.pool.maxIdle=10 jdbc.pool.maxActive=50 ONE_AA_CLIENT=e350cb0c-8f8e-4502-9d1e-39c4165d1e00 ONE_AA_SECRET=63c947b3-d082-4a0c-a8bb-ed93b71913bc ONE_AA_CLIENT_ID=7459b39a-d0a2-4112-8fe4-db21b8638681 other.endpoints= COLLECTION_TIME_OUT=2000 COLLECTION_SOCKET_TIME_OUT=8000 mir.sdk.jdbc.driver=com.mysql.jdbc.Driver mir.sdk.jdbc.url=jdbc:mysql://172.16.64.139:3306/oneaa?useUnicode=true&characterEncoding=utf-8 mir.sdk.jdbc.username=root mir.sdk.jdbc.password=root #connection pool settings mir.sdk.jdbc.pool.maxIdle=10 mir.sdk.jdbc.pool.maxActive=50 #项目地址前缀,可选 #mir.sdk.prefix=/api mir.sdk.oneaa.endpoint=http://172.16.64.139:8080/one-aa-api #打印审计日志时指定的log输出目录 mir.sdk.log.space=auditlogger #是否认证token。true:不需认证;false:需要认证 mir.sdk.auth.bypass=false #unit:second mir.sdk.cached.duration=30 #配置policy.xml的路径,可以是classpath下,webapp下或任何一个绝对路径下 mir.sdk.policyFile.path=""
3)、log4j.properties文件中去掉systemlogstash,auditlogstash和所有连接远程日志的配置
4)webapps/one-aa-api/WEB-INF/classes下的datasource.properties是否用到了?
5)、建oneaa库:CREATE DATABASE IF NOT EXISTS oneaa DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
执行schema.sql中语句。
3、influxdb
直接运行influxdb目录下的install_influxdb.sh文件。
sh install_influxdb.sh
4、nginx的安装
直接运行nginx目录中的文件nginx-1.8.0-1.el6.ngx.x86_64.rpm
rpm -ivh nginx-1.8.0-1.el6.ngx.x86_64.rpm
配置nginx
文件/etc/nginx/conf.d/mir-ui.conf
server { listen 80; server_name localhost; #charset koi8-r; access_log /var/log/nginx/mir-plus.access.log main; #try_files $uri $uri/ /index.html =404; location / { root /opt/server/mir-ui/www/html; index index.html index.htm; try_files $uri $uri/ /index.html =404; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location /auth {
#端口号是keycloak的端口 proxy_pass http://172.16.64.139:8190/auth; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host:$server_port; proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; } location /one-aa-api { proxy_pass http://172.16.64.139:8080/one-aa-api; } location /mir-monitoring-api { proxy_pass http://172.16.64.139:8080/mir-monitoring-api; } }
5、rabbitmq的安装
直接运行rabbitmq目录下的install_rabbitmq.sh
sh install_rabbitmq.sh
6、sensu服务器端的安装
直接运行sensu目录下的install_sensu_server.sh
sh install_sensu_server.sh
7、mysql的安装
mysql目录下有如下文件:
perl-DBD-MySQL-4.013-3.el6.x86_64.rpm
mysql-libs-5.1.73-5.el6_6.x86_64.rpm
mysql-5.1.73-5.el6_6.x86_64.rpm
mysql-server-5.1.73-5.el6_6.x86_64.rpm
安装顺序就按上面的顺序
默认的root用户没有密码,给root用户设置密码:
mysqladmin -u root password 'root'
默认的是远程主机不能访问mysql,设置远程主机也能访问mysql,登录mysql后执行:
grant all privileges on *.* to 'root'@'%' identified by 'root' with grant option;
8、redis的安装
直接运行 sh install_redis.sh
9、tomcat的安装
rpm -ivh apache-tomcat-8.0.24-4.noarch.rpm
10、mir-monitoring-api的安装
rpm -ivh mir-monitoring-api-1.0-8328.noarch.rpm
实际上是把mir-monitoring-api.war拷贝到tomcat的webapps目录下,手动把war包解压缩。
先在webapps目录下建文件夹:mir-monitoring-api,然后把mir-monitoring-api.war拷贝到该文件夹下,运行如下命令解压:
jar -xf mir-monitoring-api.war
创建库:CREATE DATABASE IF NOT EXISTS mirmon DEFAULT CHARSET utf8 COLLATE utf8_general_ci;
修改mir-monitoring-api下的配置文件:
mir-monitoring-api.conf:
全局替换:%s/172.16.64.158/127.0.0.1/g,然后把红线部分换成真实ip地址。
# redis redis.master.name=mir-mon-redis-master redis.sentinels=127.0.0.1:26379 # sensu sensu.api.endpoint=http://127.0.0.1:4567 sensu.api.user=admin sensu.api.password=secret sensu.client.host=127.0.0.1 # influxdb influxdb.api.endpoint=http://127.0.0.1:8086 influxdb.api.user=root influxdb.api.password=root influxdb.db.name=dev_test influxdb.customized.db.name=customized_test # rabbitmq rabbitmq.host=172.16.64.139 rabbitmq.port=5672 rabbitmq.user=sensu rabbitmq.password=sensu # repo monitor.repo.path={catalina.home}/webapps/mir-monitoring-api/public # EDIT ALWAYS monitor.repo.endpoint=http://172.16.64.139:8080/mir-monitoring-api/public
identity.conf
mir.sdk.jdbc.driver=com.mysql.jdbc.Driver mir.sdk.jdbc.url=jdbc:mysql://172.16.64.139:3306/mirmon?useUnicode=true&characterEncoding=utf-8 mir.sdk.jdbc.username=root mir.sdk.jdbc.password=root #connection pool settings mir.sdk.jdbc.pool.maxIdle=10 mir.sdk.jdbc.pool.maxActive=50 mir.sdk.prefix=/api mir.sdk.oneaa.endpoint=http://172.16.64.139:8080/one-aa-api #下面两个值是在one-aa界面中创建mir-mon的子系统后才能获取到 mir.sdk.oneaa.clientid=035afe44-9850-48d8-ae45-aaf8b8ee40ab mir.sdk.oneaa.secret=ce03ed1d-ffa9-43c4-b3c5-dcb6f224dba6 mir.sdk.log.space=auditlogger mir.sdk.auth.bypass=false #unit:second mir.sdk.cached.duration=30 mir.sdk.policyFile.path=/WEB-INF/policy.yml
log4j.properties,去掉上报logstash的连接
# Default log level log4j.rootCategory=WARN, console, file # Log level log4j.logger.com.chinacloud=DEBUG #Audit log log4j.logger.auditlogger=DEBUG,auditlogger,console # Console appender log4j.appender.console=org.apache.log4j.ConsoleAppender log4j.appender.console.layout=org.apache.log4j.PatternLayout log4j.appender.console.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,S} [%t] %p %c:%L - %m%n # Rolling file appender log4j.appender.file=org.apache.log4j.RollingFileAppender log4j.appender.file.append=true log4j.appender.file.file=/var/log/mir-monitoring-api/api.log log4j.appender.file.Encoding=UTF-8 log4j.appender.file.MaxFileSize=10MB log4j.appender.file.MaxBackupIndex=4 log4j.appender.file.layout=org.apache.log4j.PatternLayout log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,S} [%t] %p %c:%L - %m%n # audio log local log4j.appender.auditlogger=org.apache.log4j.RollingFileAppender log4j.appender.auditlogger.append=true log4j.appender.auditlogger.file=/var/log/mir-monitoring-api/audit.log log4j.appender.auditlogger.MaxFileSize=10MB log4j.appender.auditlogger.MaxBackupIndex=4 log4j.appender.auditlogger.layout=org.apache.log4j.PatternLayout log4j.appender.auditlogger.layout.ConversionPattern=%d{yyyy-MM-dd'T'HH:mm:ss.SSS} [%t] %p %c:%L - %m%n log4j.additivity.auditlogger = false
在one-aa平台中配置子系统url时输入:http://172.16.64.139:8080/mir-monitoring-api/api
测试安装是否成功
curl -X GET "http://localhost:8080/mir-monitoring-api/api/v1/health"
11、远程监控oracle功能的配置
1. 界面配置weblgoic机器的ip,weblogic端口,weblogic用户名,weblogic密码
1. 界面配置weblgoic机器的ip,weblogic端口,weblogic用户名,weblogic密码
2. 界面配置weblogic机器的ip,oracle端口,oracle用户名,oracle密码
3. 运行界面的命令行安装
4. 修改配置
/etc/sensu/conf.d/oracle_monitor.conf
app_id=3951d7fdfd854ef0b6919989beef06a3
host=10.111.131.60 # 修改为oralce的ip
oracle.username=system
oracle.password=123qweQWE
oracle.port=1521
oracle.sid=xe
下面这个配置应该不用改,检查对比下
/etc/sensu/conf.d/oracle_monitor.json
{
"checks": {
"oracle_monitor": {
"interval": 60,
"command": "/bin/bash /etc/sensu/plugins/monitor.oracle-1.0-SNAPSHOT/bin/monitor.sh /etc/sensu/conf.d/oracle_monitor.conf",
"type": "metric",
"handlers": [
"influxdb"
],
"standalone": true
}
}
}
重启sensu-client
12、mir-ui的安装
rpm -ivh mir-ui.rpm
安装到/opt/server/mir-ui中。目录/opt/server/mir-ui/www/html下文件:keycloak.json
红色部分的ip地址要与nginx中的地址对应,注意没有端口
{
"realm": "master",
"realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyu+8QNRAk4fd/CfRPXqbRlHNjRHXySFBw9ys/1ozJufp9yKyopnXSsdftub/O+At9tirbd4SOWmEPHEVDzs0ywsHmS1DhWs5mTAYNesLSn6lm+oocPGrdMlG/xN0rUEgX27O7VZz6FpVP5HEDzp1Klp3ui+ZvUyGXGdX3TesNdFSSefJZF3ze1miv2/c6y2nSSJ8yDqR5BVyG+igbfl2A6jvZSTyC8sKH5HOyBSSFBTY124o1weCVN6GEuCXwdTIbiSNHA0XDjTymHFwGCw14Bm4yzIuaXsXo3qG3tRR7DPHTxaILfWfx8DPaQnNSne0B/xlIylcZZubWRIY9mjvUQIDAQAB",
"auth-server-url": "http://172.16.64.139/auth",
"ssl-required": "external",
"resource": "One-AA",
"credentials": {
"secret": "8f9e3d07-a608-4c3b-9b43-ef3d88ffce97"
}
}
13、其他:
查看hostname:hostname
将hostname加到/etc/hosts里面
rpm -e sensu
rm -rf /etc/sensu
rm -rf /var/log/sensu/
rm -rf /var/run/sensu/
启动weblogic的监控端口:
root -c "/usr/java/latest/bin/jcmd 1579 ManagementAgent.start jmxremote.ssl=false jmxremote.port=9000 jmxremote.rmi.port=9000 jmxremote.authenticate=false jmxremote.autodiscovery=true"
/usr/local/jdk1.7/bin/jcmd 1579 ManagementAgent.start jmxremote.ssl=false jmxremote.port=9000 jmxremote.rmi.port=9000 jmxremote.authenticate=false jmxremote.autodiscovery=true
查看influxdb的界面:http://172.16.65.31:8083/ root/root
list series
select * from oracle.time_ratio.cpu_time_ratio limit 100
时间格式化:date -d@1456132606