CentOS7中安装部署Icinga运维平台
一直想搞一套开源的运维监控平台,逛了一圈最后锁定了Icinga,奈何官方都没有一个像样的step-by-step文档,不过好在居然从vultr上找到一篇参考的(https://www.vultr.com/docs/how-to-install-icinga-2-and-icinga-web-2-on-centos-7),记录一下自己的安装部署过程,下面内容是一边操作一边记录的,中间遇到的坑以及解决过程比较详细
0.系统环境
Minimal安装的CentOS7.5不用多介绍了,系统装好后需要添加一下epel源并(建议)更新一下,更新完成后(建议)重启
# yum install -y epel-release
# yum update -y
# reboot1.安装基础配件
1.1安装Apache
# yum install -y httpd
# sed -i 's/^/#&/g' /etc/httpd/conf.d/welcome.conf //禁用Apache的默认欢迎页面
# sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/httpd/conf/httpd.conf //禁止Apache浏览目录方式访问
# systemctl start httpd.service //启动httpd服务
# systemctl enable httpd.servic //设置httpd服务开机自动启动1.2安装MariaDB
# yum install mariadb mariadb-server -y
# systemctl start mariadb
# systemctl enable mariadb
# mysql_secure_installation //运行安全向导
Enter current password for root (enter for none): Enter
Set root password? [Y/n]: Y
New password: <your-password>
Re-enter new password: <your-password>
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y1.3安装PHP
# yum install php php-gd php-intl php-ldap php-ZendFramework php-ZendFramework-Db-Adapter-Pdo-Mysql -y
# vi /etc/php.ini
取消注释并修改以下行:
date.timezone = Asia/Shanghai
保存并退出
:wq
# systemctl restart httpd //重启httpd服务2.安装Icinga2及相关插件
# rpm --import http://packages.icinga.org/icinga.key
# wget https://packages.icinga.org/epel/7/release/noarch/icinga-rpm-release-7-1.el7.centos.noarch.rpm --no-check-certificate
# rpm -ivh icinga-rpm-release-7-1.el7.centos.noarch.rpm
# yum install icinga2 nagios-plugins-all -y
# systemctl start icinga2
# systemctl enable icinga2
# icinga2 feature list //查看icinga2当前已启用的功能,用来测试icinga2服务是否正常运行了,默认会看到以下输出:
Disabled features: api command compatlog debuglog elasticsearch gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog
Enabled features: checker mainlog notification
3.安装Icinga 2 IDO模块
这个模块用来实现Icinga2使用MariaDB保存数据功能
# yum install icinga2-ido-mysql -y
# mysql -u root -p
执行以下SQL语句创建数据库:
CREATE DATABASE icinga;
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga';
FLUSH PRIVILEGES;
EXIT;
初始化数据库结构:
# mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql
修改数据库连接配置文件
# vi /etc/icinga2/features-available/ido-mysql.conf
去掉以下内容前面的注释:
user = "icinga"
password = "icinga"
host = "localhost"
database = "icinga"
# icinga2 feature enable ido-mysql //开启ido-mysql功能
# systemctl restart icinga2 //重启icinga2服务4.安装Icinga Web2
实现使用web访问与管理功能
# icinga2 feature enable command //开启command功能
# systemctl restart icinga2 //重启icinga2服务
# usermod -a -G icingacmd apache //将apache用户添加到icingacmd组中以实现从web界面向Icinga2发送指令
# id apache //检查上一条命令是否执行成功,正常执行会输出:
uid=48(apache) gid=48(apache) groups=48(apache),993(icingacmd)
# yum install icingaweb2 icingacli -y //安装icingaweb2与icingacli到这里安装icingaweb2和icingacli的时候出现错误:
查了下资料,发现原来是CentOS 7官方的repo库里面带的PHP是5.4,而且已经不再更新了,略坑...所以要手工装PHP 7了
4.1升级安装PHP 7.2
先安装第三方的源
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
# yum install yum-utils
# yum-config-manager --enable remi-php55 //[Install PHP 5.5]
# yum-config-manager --enable remi-php56 //[Install PHP 5.6]
# yum-config-manager --enable remi-php72 //[Install PHP 7.2] ---我们用这个
卸载之前已安装的5.4版本的PHP
# yum remove php php-gd php-intl php-ldap php-ZendFramework php-ZendFramework-Db-Adapter-Pdo-Mysql -y
安装PHP 7.2
# yum-config-manager --enable remi-php72
# yum install php php-gd php-intl php-ldap php-ZendFramework php-ZendFramework-Db-Adapter-Pdo-Mysql -y
//ps:这个第三方的源速度略慢,先忍了,回头再找国内镜像站代替方案吧
# php -v //查看当前php版本
PHP 7.2.11 (cli) (built: Oct 10 2018 10:00:29) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
重新执行刚才出错的那条命令
# yum install icingaweb2 icingacli -y居然还tm出错!跟刚才情况一样,看来得研究一下手工装依赖了,又查了一下,rh-php71-php-cli这种包并不在刚才添加的源里面,而是在SCLO库中才有, 还好网易的镜像站里面居然有(阿里都没有!差评!)
http://mirrors.163.com/centos/7/sclo/x86_64/rh/rh-php71/
手工把这个地址里面的rpm包全下载下来,再安装刚才缺失的依赖包:
4.2安装缺失的依赖
# mkdir -p /root/rpm
# cd /root/rpm
先将原始的html页面内容输出到本地文件list里面
# curl -o list http://mirrors.163.com/centos/7/sclo/x86_64/rh/rh-php71/list文件原始内容:
<html>
<head><title>Index of /centos/7/sclo/x86_64/rh/rh-php71/</title></head>
<body bgcolor="white">
<h1>Index of /centos/7/sclo/x86_64/rh/rh-php71/</h1><hr><pre><a href="../">../</a>
<a href="rh-php71-1-1.el7.x86_64.rpm">rh-php71-1-1.el7.x86_64.rpm</a> 23-Aug-2017 22:25 4204
<a href="rh-php71-build-1-1.el7.x86_64.rpm">rh-php71-build-1-1.el7.x86_64.rpm</a> 23-Aug-2017 22:25 4924
<a href="rh-php71-php-7.1.8-1.el7.x86_64.rpm">rh-php71-php-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 1M
<a href="rh-php71-php-bcmath-7.1.8-1.el7.x86_64.rpm">rh-php71-php-bcmath-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 59K
<a href="rh-php71-php-cli-7.1.8-1.el7.x86_64.rpm">rh-php71-php-cli-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 3M
<a href="rh-php71-php-common-7.1.8-1.el7.x86_64.rpm">rh-php71-php-common-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 648K
<a href="rh-php71-php-dba-7.1.8-1.el7.x86_64.rpm">rh-php71-php-dba-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 58K
<a href="rh-php71-php-dbg-7.1.8-1.el7.x86_64.rpm">rh-php71-php-dbg-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 1M
<a href="rh-php71-php-devel-7.1.8-1.el7.x86_64.rpm">rh-php71-php-devel-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 680K
<a href="rh-php71-php-embedded-7.1.8-1.el7.x86_64.rpm">rh-php71-php-embedded-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 1M
<a href="rh-php71-php-enchant-7.1.8-1.el7.x86_64.rpm">rh-php71-php-enchant-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 44K
<a href="rh-php71-php-fpm-7.1.8-1.el7.x86_64.rpm">rh-php71-php-fpm-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 1M
<a href="rh-php71-php-gd-7.1.8-1.el7.x86_64.rpm">rh-php71-php-gd-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 147K
<a href="rh-php71-php-gmp-7.1.8-1.el7.x86_64.rpm">rh-php71-php-gmp-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 55K
<a href="rh-php71-php-intl-7.1.8-1.el7.x86_64.rpm">rh-php71-php-intl-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 165K
<a href="rh-php71-php-json-7.1.8-1.el7.x86_64.rpm">rh-php71-php-json-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 52K
<a href="rh-php71-php-ldap-7.1.8-1.el7.x86_64.rpm">rh-php71-php-ldap-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 57K
<a href="rh-php71-php-mbstring-7.1.8-1.el7.x86_64.rpm">rh-php71-php-mbstring-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 521K
<a href="rh-php71-php-mysqlnd-7.1.8-1.el7.x86_64.rpm">rh-php71-php-mysqlnd-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 165K
<a href="rh-php71-php-odbc-7.1.8-1.el7.x86_64.rpm">rh-php71-php-odbc-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 67K
<a href="rh-php71-php-opcache-7.1.8-1.el7.x86_64.rpm">rh-php71-php-opcache-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 183K
<a href="rh-php71-php-pdo-7.1.8-1.el7.x86_64.rpm">rh-php71-php-pdo-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 98K
<a href="rh-php71-php-pear-1.10.4-1.el7.noarch.rpm">rh-php71-php-pear-1.10.4-1.el7.noarch.rpm</a> 30-Oct-2017 18:19 356K
<a href="rh-php71-php-pecl-apcu-5.1.8-1.el7.x86_64.rpm">rh-php71-php-pecl-apcu-5.1.8-1.el7.x86_64.rpm</a> 31-Oct-2017 18:53 69K
<a href="rh-php71-php-pecl-apcu-devel-5.1.8-1.el7.x86_64.rpm">rh-php71-php-pecl-apcu-devel-5.1.8-1.el7.x86_64..></a> 31-Oct-2017 18:53 38K
<a href="rh-php71-php-pgsql-7.1.8-1.el7.x86_64.rpm">rh-php71-php-pgsql-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 94K
<a href="rh-php71-php-process-7.1.8-1.el7.x86_64.rpm">rh-php71-php-process-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 61K
<a href="rh-php71-php-pspell-7.1.8-1.el7.x86_64.rpm">rh-php71-php-pspell-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 43K
<a href="rh-php71-php-recode-7.1.8-1.el7.x86_64.rpm">rh-php71-php-recode-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 40K
<a href="rh-php71-php-snmp-7.1.8-1.el7.x86_64.rpm">rh-php71-php-snmp-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 54K
<a href="rh-php71-php-soap-7.1.8-1.el7.x86_64.rpm">rh-php71-php-soap-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 154K
<a href="rh-php71-php-xml-7.1.8-1.el7.x86_64.rpm">rh-php71-php-xml-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 159K
<a href="rh-php71-php-xmlrpc-7.1.8-1.el7.x86_64.rpm">rh-php71-php-xmlrpc-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 69K
<a href="rh-php71-php-zip-7.1.8-1.el7.x86_64.rpm">rh-php71-php-zip-7.1.8-1.el7.x86_64.rpm</a> 30-Oct-2017 18:19 89K
<a href="rh-php71-runtime-1-1.el7.x86_64.rpm">rh-php71-runtime-1-1.el7.x86_64.rpm</a> 23-Aug-2017 22:25 1M
<a href="rh-php71-scldevel-1-1.el7.x86_64.rpm">rh-php71-scldevel-1-1.el7.x86_64.rpm</a> 23-Aug-2017 22:25 4776
</pre><hr></body>
</html>
下面开始表演真正的技术了,使用grep命令+正则表达式来筛选出来所有rpm包名称
# cat list |grep -P '(?<=>).*rh-.*?(\.rpm)' -o
参数详解:
-P 使用perl-regexp正则表达式
-o only-matching只显示匹配正确的内容
正则表达式'(?<=>).*rh-.*?(\.rpm)'具体解释:
因为我们想要获得的rpm包名都是rh-xxxxx.rpm这种格式的,所以开头是rh-,没毛病
(?<=>) 一对小括号表示这是一个子条件,里面的?<=表示以这个表达式后面的字符(也就是大于号>,用来定位<a xxxx>标签的最后那个大于号)开始
.* 匹配任意长度的任意字符串(贪婪模式,如果出现多次命中的匹配位置,会一直都取出,直到最后一次匹配位置停止
rh- 这是我们要固定的字符串
.*? 非贪婪模式,如果不加这个问号的话,匹配结果会一直取到最后一次出现.rpm的地方,中间多出来我们不需要的内容了
\.rpm 给符号点加上反斜杠使用转义字符
这样输出结果就变成了下面:
[[email protected] rpm]# cat list |grep -P '(?<=>).*rh-.*?(\.rpm)' -o
rh-php71-1-1.el7.x86_64.rpm
rh-php71-build-1-1.el7.x86_64.rpm
rh-php71-php-7.1.8-1.el7.x86_64.rpm
rh-php71-php-bcmath-7.1.8-1.el7.x86_64.rpm
rh-php71-php-cli-7.1.8-1.el7.x86_64.rpm
rh-php71-php-common-7.1.8-1.el7.x86_64.rpm
rh-php71-php-dba-7.1.8-1.el7.x86_64.rpm
rh-php71-php-dbg-7.1.8-1.el7.x86_64.rpm
rh-php71-php-devel-7.1.8-1.el7.x86_64.rpm
rh-php71-php-embedded-7.1.8-1.el7.x86_64.rpm
rh-php71-php-enchant-7.1.8-1.el7.x86_64.rpm
rh-php71-php-fpm-7.1.8-1.el7.x86_64.rpm
rh-php71-php-gd-7.1.8-1.el7.x86_64.rpm
rh-php71-php-gmp-7.1.8-1.el7.x86_64.rpm
rh-php71-php-intl-7.1.8-1.el7.x86_64.rpm
rh-php71-php-json-7.1.8-1.el7.x86_64.rpm
rh-php71-php-ldap-7.1.8-1.el7.x86_64.rpm
rh-php71-php-mbstring-7.1.8-1.el7.x86_64.rpm
rh-php71-php-mysqlnd-7.1.8-1.el7.x86_64.rpm
rh-php71-php-odbc-7.1.8-1.el7.x86_64.rpm
rh-php71-php-opcache-7.1.8-1.el7.x86_64.rpm
rh-php71-php-pdo-7.1.8-1.el7.x86_64.rpm
rh-php71-php-pear-1.10.4-1.el7.noarch.rpm
rh-php71-php-pecl-apcu-5.1.8-1.el7.x86_64.rpm
rh-php71-php-pgsql-7.1.8-1.el7.x86_64.rpm
rh-php71-php-process-7.1.8-1.el7.x86_64.rpm
rh-php71-php-pspell-7.1.8-1.el7.x86_64.rpm
rh-php71-php-recode-7.1.8-1.el7.x86_64.rpm
rh-php71-php-snmp-7.1.8-1.el7.x86_64.rpm
rh-php71-php-soap-7.1.8-1.el7.x86_64.rpm
rh-php71-php-xml-7.1.8-1.el7.x86_64.rpm
rh-php71-php-xmlrpc-7.1.8-1.el7.x86_64.rpm
rh-php71-php-zip-7.1.8-1.el7.x86_64.rpm
rh-php71-runtime-1-1.el7.x86_64.rpm
rh-php71-scldevel-1-1.el7.x86_64.rpm
继续处理要下载的文件列表,我们把输出的这一堆内容先写入一个文件,然后再用sed命令为每一行开头都加上完整的http地址,再交给wget去批量下载
# cat list |grep -P '(?<=>).*rh-.*?(\.rpm)' -o >todown
# sed 's/^/http:\/\/mirrors.163.com\/centos\/7\/sclo\/x86_64\/rh\/rh-php71\//' todown >todown.list
sed参数解释:
s/^/ 表示定位到行开头的位置
中间使用了大量的转义字符来替换url中的正斜杠/
末尾还有一个正斜杠/来跟开头的s命令呼应结束
# wget -i todown.list //使用wget批量下载todown.list文件中的所有url地址
# yum install *.rpm //不要使用rpm -ivh,直接用yum命令安装rpm包可以自行查找解决依赖关系
结果还是悲剧了,又tm有依赖不满足,不过略感欣慰的是就俩
Error: Package: rh-php71-php-7.1.8-1.el7.x86_64 (/rh-php71-php-7.1.8-1.el7.x86_64)
Requires: httpd24-httpd-mmn = 20120211x8664
Error: Package: rh-php71-php-7.1.8-1.el7.x86_64 (/rh-php71-php-7.1.8-1.el7.x86_64)
Requires: httpd24-httpd
那就先不安装这个rh-php71-php-7.1.8-1.el7.x86_64试试
# mv rh-php71-php-7.1.8-1.el7.x86_64.rpm rh-php71-php-7.1.8-1.el7.x86_64.rpm.bak
# yum install *.rpm
这回没出问题4.3继续刚才的命令
# yum install icingaweb2 icingacli -y
终于没问题了!泪奔~~~~
配置Apache的web根目录到Icingna
# icingacli setup config webserver apache --document-root /usr/share/icingaweb2/public
# systemctl restart httpd
生成后面要是用的安装令牌
# icingacli setup token create
The newly generated setup token is: 32dedba22f3695e2 //划重点!这串字符复制一下,一会儿要用到的
给防火墙设置增加允许http服务
# firewall-cmd --zone=public --permanent --add-service=http
# firewall-cmd --reload5.访问Icinga Web界面
访问http://服务器地址/icingaweb2/setup
恭喜我~又tm报错:
Backend unavailable
It seems that the PHP FPM service is not running. Make sure to start PHP FPM service in order to access Icinga Web 2. If you upgraded Icinga Web 2 recently, make sure to read the docs regarding PHP FPM, also locally available under
/usr/share/icingaweb2/doc/02-Installation.md.
原来是还tm漏了个服务:PHP FPM,继续补坑~
# yum install -y php72-php-fpm
# systemctl start php72-php-fpm
# systemctl enable php72-php-fpm再访问web,我操!终于出来了
尼玛这里居然要刚才生成的那个安装令牌,扒拉一下终端的历史信息还好找到了,填进去下一步
都勾上~继续
又尼玛来坑~ 按照提示逐个填吧:
# vim /etc/opt/remi/php72/php.ini //修改date.timezone = Asia/Shanghai
# yum install -y php72-php-gd php72-php-intl php72-php-ldap php-ZendFramework-Db-Adapter-Pdo-Mysql妈的~放弃了!装了多个PHP版本现在搞得很混乱,还是研究一下直接docker吧
Docker实现过程
Docker服务安装就不展开了
# docker pull jordan/icinga2
# docker run -p 80:80 -h icinga2 -t jordan/icinga2:latest
docker: Error response from daemon: driver failed programming external connectivity on endpoint boring_lumiere (4f8009bfe98bc62e60c076d3587d8218eaa88c3a723169570029f90b229d7aa5): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 80 -j DNAT --to-destination 172.17.0.2:80 ! -i docker0: iptables: No chain/target/match by that name.
(exit status 1)).
继续坑吧~
原来是docker服务器的防火墙我之前关掉了,导致docker容器没法跟服务器配置防火墙
# systemctl start firewalld
# systemctl enable firewalld
# docker run -p 80:80 -h icinga2 -t jordan/icinga2:latest
开始blabla的一堆初始化过程
到这里就ok了,使用浏览器访问docker服务器的地址,我很欣慰~
默认账号icingaadmin
密码icinga
妈蛋的,害我折腾老半天,还是docker简单粗暴有效!不过话说中间填坑的过程也学了不少东西,正则表达式,sed,grep等等~