准备把国内的一些服务外迁,这里正好做个网络监控来监控以下,smokeping部署在aliyun Hong Kong B区
首先需要删除ECS Centos7中自带的一些阿里云监控
卸载安骑士以及监控:
wget http://update.aegis.aliyun.com/download/uninstall.sh
chmod +x uninstall.sh
./uninstall.sh
wget http://update.aegis.aliyun.com/download/quartz_uninstall.sh
chmod +x quartz_uninstall.sh
./quartz_uninstall.sh
可以使用
ps -aux |grep aliyun
来查看是否还有活动的aliyun 服务进程
删除残留服务:
pkill aliyun-service
rm -rf /etc/init.d/agentwatch
rm -rf /usr/sbin/aliyun*
rm -rf /usr/local/aegis*
rm -rf /etc/systemd/system/aliyun*
这样才算基本完成删除的aliyun的残留服务
某些文章上还会写有屏蔽云盾的IP,有时间还是得看看log来查看是不是有必要屏蔽云盾的IP
iptables -I INPUT -s 140.205.201.0/28 -j DROP
iptables -I INPUT -s 140.205.201.16/29 -j DROP
iptables -I INPUT -s 140.205.201.32/28 -j DROP
iptables -I INPUT -s 140.205.225.192/29 -j DROP
iptables -I INPUT -s 140.205.225.200/30 -j DROP
iptables -I INPUT -s 140.205.225.184/29 -j DROP
iptables -I INPUT -s 140.205.225.183/32 -j DROP
iptables -I INPUT -s 140.205.225.206/32 -j DROP
iptables -I INPUT -s 140.205.225.205/32 -j DROP
iptables -I INPUT -s 140.205.225.195/32 -j DROP
iptables -I INPUT -s 140.205.225.204/32 -j DROP
这篇文章到了这里才算是完成了服务器的初始清理工作
在安装之前我们需要关闭selinux, firewall, 同步一下时间
yum -y install ntpdate
ntpdate 0.pool.ntp.org
sestatus
或者从www.ntppool.org中选择一个
下面开始进入安装工作 ,其实在作者的官方网站把过程写的清清楚楚:
https://oss.oetiker.ch/smokeping/doc/smokeping_install.en.html
- 安装epel package
yum install epel-release -y
2. 安装development tools
yum groupinstall "Development tools" -y
3. 安装fping (smokeping 2.7.2以上需要fping4.0以上,因此需要手动编译)
cd ~
wget https://fping.org/dist/fping-4.2.tar.gz
tar -zxvf fping-4.2.tar.gz
cd fping-4.2
./configure
make
make install
安装好的fping位于/usr/local/sbin/fping
4. 安装echoping (预防以后需要做tcp ping)
cd ~
wget https://fossies.org/linux/misc/old/echoping-6.0.2.tar.gz
tar -zxvf echoping-6.0.2.tar.gz
cd echoping-6.0.2
yum install -y popt-devel openssl openssl-devel
./configure --with-ssl --without-libidn
make
make install
安装好的echoping位于/usr/local/bin/echoping
5 安装需要的package
cd ~
yum install rrdtool rrdtool-perl curl bind-utils gcc make vim gcc-c++ -y
yum install perl-core -y
6. 安装apache, 注意smokeping是fcgi程序,因此apache 需要安装mod_fcgid, http的版本是2.4.6,
yum install httpd httpd-devel
yum install mod_fcgid
systemctl enable httpd
7. 安装nginx, nginx的版本是1.12.2
yum install nginx -y
systemctl enable nginx
service nginx start
8 安装smokeping
cd ~
wget https://oss.oetiker.ch/smokeping/pub/smokeping-2.7.3.tar.gz
tar -zxvf smokeping-2.7.3.tar.gz
cd smokeping-2.7.3
./configure --prefix=/opt/smokeping PERL5LIB=/usr/lib64/perl5/
/usr/bin/gmake install
注意,如果我们不加上 ./configure –prefix=/opt/smokeping PERL5LIB=/usr/lib64/perl5/,会提示下面的:
** Ready to install Smokeping ******************************
Settings:
PERL5LIB = not set
PERL = /usr/bin/perl
The Smokeping Makefiles use GNU make functionality.
Continue installation with
/usr/bin/gmake install
如果我们加上PERL5LIB=/usr/lib64/perl5的话,会显示如下:
** Ready to install Smokeping ******************************
Settings:
PERL5LIB = /usr/lib64/perl5/
PERL = /usr/bin/perl
The Smokeping Makefiles use GNU make functionality.
Continue installation with
/usr/bin/gmake install
9 初始化smokeping, 我们需要建立三个文件夹,data用来存放rrd文件,var用来存放smokeping的pid, log用来存放smokeping.log
cd /opt/smokeping
mkdir data var log
chmod 777 data var log
touch log/smokeping.log
rename config file and set permission
cd /opt/smokeping/etc/
for foo in *.dist; do cp $foo `basename $foo .dist`; done
chmod 600 /opt/smokeping/etc/smokeping_secrets.dist
配置config文件
编辑/opt/smokeping/etc/config, 配置从github上download
10 设置apache
把/opt/smokeping/htdoc下面的文件copy到/var/www/html去
同时
mkdir cache
chmod 777 cache
把smokeping.fcgi.dist改名放到cgi-bin下面
11 编辑apache 配置文件
设置Listen 80 为
Listen 8080
设置 /var/www/html
AllowOverride All
设置/var/www/cgi-bin
AllowOverride All
12 配置nginx
配置文件:
server{
listen 80;
server_name www.xxxxxx.com;
index index.html index.htm index.php default.html default.htm default.php;
access_log off;
error_log /var/log/nginx/www.xxxxxx.com.error.log;
location / {
proxy_pass http://127.0.0.1:8080;
#Proxy Settings
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 6 32k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
client_max_body_size 50m;
}
}
13 进入/var/www/html, 设置.htaccess
RewriteEngine On
RewriteRule ^$ /cgi-bin/smokeping.fcgi [NC,L]
14. 写入smokeping自启动文件
编辑/etc/systemd/system/smokeping.service
[Unit]
Description=Latency Logging and Graphing System
After=syslog.target network.target
[Service]
ExecStart=/opt/smokeping/bin/smokeping
ExecReload=/bin/kill -HUP $MAINPID
StandardError=syslog
Type=forking
PIDFile=/opt/smokeping/var/smokeping.pid
[Install]
WantedBy=multi-user.target
设置完整个以后
别忘了重启daemon
systemctl daemon-reload
下面主要是slave的安装设置:
15) 对于slave来说, apache 和nginx 是不需要安装的, 启动文件也需要做一些修改, 编辑/etc/systemd/system/smokeping.service,
[Unit]
Description=Latency Logging and Graphing System
After=syslog.target network.target
[Service]
ExecStart=/opt/smokeping/bin/smokeping --master-url=http://xxx.xxx.xxx/cgi-bin/smokeping.fcgi --cache-dir=/opt/smokeping/cache/ --shared-secret=/opt/smokeping/etc/secret.txt --pid-dir=/opt/smokeping/var --logfile=/opt/smokeping/smokeping.log
ExecReload=/bin/kill -HUP $MAINPID
StandardError=syslog
Type=forking
PIDFile=/opt/smokeping/var/smokeping.pid
[Install]
WantedBy=multi-user.target
设置完systemd以后,我们需要重启daemon
systemctl daemon-reload
16 ) 设置slave 的secret
cd /opt/smokeping/etc
vi secret.txt
chmod 640 secret.txt
注意的是,如果这台slave 的secret是iamhippo的话,secret.txt 里面只需要写iamhippo, 其余的都不需要, 另外别忘了设置这个文件的权限,600
17) 设置slave 的hostname
slave 的hostname 需要和master 的secret.txt相对应
AWS centos7 设置hostname 的话,需要用
hostnamectl set-hostname www.iamhippo
18)
在Master上的设置:
在/opt/smokeping/etc/config 中添加slave 部分:
*** Slaves ***
secrets=/opt/smokeping/etc/smokeping_secrets
+awssg
display_name = AWS_SG
location = SG
color = ff0000
+awsjp
display_name = AWS_JP
location = JP
color = ff0000
在底部target这里,加上
*** Targets ***
slaves = zeus ares
然后reload smokeping和httpd
systemctl reload smokeping
systemctl reload httpd
这个配置简单易懂, smokeping_secrets里面配置secrets,格式是host:secrets
如果按照图上的slave来说,就应该是
awssg:XXXXXX
awsjp:XXXXXX
awssg和awsjp 是 slave 的hostname