这是坚持技术写作计划(含翻译)的第15篇,定个小目标999,每周最少2篇。
使用elastic beats进行拨测,metric采集,主机监控,但是批量化安装仍是个问题,好在elastic官方有开源的 ansible-beats 但是只支持Linux,而我们在某些业务场景下,还有WinServer的存在。故而在官方基础上fork并增加了windows的支持(已提交PR,但是官方不一定给合并 [捂脸] )。关于Ansible管理windows可以参考我之前写的一篇文章 Ansible2.7批量管理Windows。
实验环境
类型 | 系统 | ip |
---|---|---|
Server(主控) | Ubuntu Server 16.04.5 LTS X64 | 192.168.0.22 |
Client(受控) | Windows Server 2008 R2 SP1 | 192.168.0.23 |
Clinet(受控) | Ubuntu Server 16.04.5 LTS X64 | 192.168.0.24 |
Clinet(受控) | CentOS 7.6.1810 (Core) | 192.168.0.25 |
注意: 主控端需要安装Ansible 2.7.12 可参考
步骤
此处已假设主控端已安装Ansible 2.7+,被控端的Windows的WinRM已配置完成
安装anjia0532.ansible_beats
在主控端(192.168.0.22)执行以下命令
root@ubuntu:/root/# ansible-galaxy install anjia0532.ansible_beats
- downloading role 'ansible_beats', owned by anjia0532
- downloading role from https://github.com/anjia0532/ansible-beats/archive/master.tar.gz
- extracting anjia0532.ansible_beats to /root/.ansible/roles/anjia0532.ansible_beats
- anjia0532.ansible_beats (master) was installed successfully
创建inventorys
创建 inventorys/hosts.yml
beats:
hosts:
192.168.0.23:
ansible_user: Administrator
ansible_password: password
ansible_connection: winrm
ansible_winrm_transport: basic
ansible_port: 5985
192.168.0.24:
ansible_user: root
ansible_ssh_private_key_file: /root/.ssh/id_rsa
192.168.0.25:
ansible_user: root
ansible_ssh_private_key_file: /root/.ssh/id_rsa
创建 task
创建 beats.yml
- name: Example playbook for installing packetbeat
hosts: beats
roles:
- { role: anjia0532.ansible_beats,
beat: "packetbeat",
beat_conf: {
"interfaces": {"device":"any"},
"protocols": {
"dns": {
"ports": [53],
"include_authorities":true
},
"http": {
"ports": [80, 8080, 8000, 5000, 8002]
},
"memcache": {
"ports": [11211]
},
"mysql": {
"ports": [3306]
},
"pgsql": {
"ports": [5432]
},
"redis": {
"ports": [6379]
},
"thrift": {
"ports": [9090]
},
"mongodb": {
"ports": [27017]
}
}
},
output_conf : {
"elasticsearch": {
"hosts": ["localhost:9200"]
}
}
}
vars:
use_repository: true
安装beats
# ansible-playbook -i inventorys/hosts.yml ./beats.yml
// 忽略输出
PLAY RECAP *******************************************************************************************************************************************************************************************************************************************************************
192.168.0.23 : ok=17 changed=17 unreachable=0 failed=0
192.168.0.24 : ok=19 changed=19 unreachable=0 failed=0
192.168.0.25 : ok=19 changed=19 unreachable=0 failed=0
表明都成功了
查看配置文件和日志
ssh root@192.168.0.24
cat /etc/packetbeat/packetbeat.yml
################### packetbeat Configuration #########################
############################# packetbeat ######################################
interfaces:
device: any
protocols:
dns:
include_authorities: true
ports:
- 53
http:
ports:
- 80
- 8080
- 8000
- 5000
- 8002
memcache:
ports:
- 11211
mongodb:
ports:
- 27017
mysql:
ports:
- 3306
pgsql:
ports:
- 5432
redis:
ports:
- 6379
thrift:
ports:
- 9090
###############################################################################
############################# Libbeat Config ##################################
# Base config file used by all other beats for using libbeat features
############################# Output ##########################################
output:
elasticsearch:
hosts:
- localhost:9200
############################# Logging #########################################
logging:
files:
rotateeverybytes: 10485760
# less /var/log/packetbeat/packetbeat
2019-04-13T09:38:44.865+0800 INFO instance/beat.go:611 Home path: [/usr/share/packetbeat] Config path: [/etc/packetbeat] Data path: [/var/lib/packetbeat] Logs path: [/var/log/packetbeat]
2019-04-13T09:38:44.868+0800 INFO instance/beat.go:618 Beat UUID: 8fbd86a8-0bbc-4349-8aca-d4dc8c897ba2
2019-04-13T09:38:44.868+0800 INFO [seccomp] seccomp/seccomp.go:116 Syscall filter successfully installed
2019-04-13T09:38:44.868+0800 INFO [beat] instance/beat.go:931 Beat info {"system_info": {"beat": {"path": {"config": "/etc/packetbeat", "data": "/var/lib/packetbeat", "home": "/usr/share/packetbeat", "logs": "/var/log/packetbeat"}, "type": "packetbeat", "uuid": "8fbd86a8-0bbc-4349-8aca-d4dc8c897ba2"}}}
2019-04-13T09:38:44.868+0800 INFO [beat] instance/beat.go:940 Build info {"system_info": {"build": {"commit": "1d55b4bd9dbf106a4ad4bc34fe9ee425d922363b", "libbeat": "6.7.1", "time": "2019-04-02T15:15:12.000Z", "version": "6.7.1"}}}
2019-04-13T09:38:44.868+0800 INFO [beat] instance/beat.go:943 Go runtime info {"system_info": {"go": {"os":"linux","arch":"amd64","max_procs":4,"version":"go1.10.8"}}}
2019-04-13T09:38:44.872+0800 INFO [beat] instance/beat.go:947 Host info {"system_info": {"host": {"architecture":"x86_64","boot_time":"2019-04-12T20:58:45+08:00","containerized":true,"name":"localhost.localdomain","ip":["127.0.0.1/8","::1/128","172.60.20.116/24","fe80::536d:17d0:e9f6:57c/64"],"kernel_version":"3.10.0-957.el7.x86_64","mac":["00:50:56:9f:8b:b7"],"os":{"family":"redhat","platform":"centos","name":"CentOS Linux","version":"7 (Core)","major":7,"minor":6,"patch":1810,"codename":"Core"},"timezone":"CST","timezone_offset_sec":28800,"id":"cd7bb2d0c80a41c89bb5b596c22fc85e"}}}
2019-04-13T09:38:44.873+0800 INFO [beat] instance/beat.go:976 Process info {"system_info": {"process": {"capabilities": {"inheritable":null,"permitted":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"effective":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"bounding":["chown","dac_override","dac_read_search","fowner","fsetid","kill","setgid","setuid","setpcap","linux_immutable","net_bind_service","net_broadcast","net_admin","net_raw","ipc_lock","ipc_owner","sys_module","sys_rawio","sys_chroot","sys_ptrace","sys_pacct","sys_admin","sys_boot","sys_nice","sys_resource","sys_time","sys_tty_config","mknod","lease","audit_write","audit_control","setfcap","mac_override","mac_admin","syslog","wake_alarm","block_suspend"],"ambient":null}, "cwd": "/", "exe": "/usr/share/packetbeat/bin/packetbeat", "name": "packetbeat", "pid": 9683, "ppid": 1, "seccomp": {"mode":"filter"}, "start_time": "2019-04-13T09:38:44.350+0800"}}}
2019-04-13T09:38:44.874+0800 INFO instance/beat.go:280 Setup Beat: packetbeat; Version: 6.7.1
2019-04-13T09:38:44.874+0800 INFO elasticsearch/client.go:164 Elasticsearch url: http://localhost:9200
2019-04-13T09:38:44.875+0800 INFO [publisher] pipeline/module.go:110 Beat name: localhost.localdomain
2019-04-13T09:38:44.875+0800 INFO procs/procs.go:101 Process watcher disabled
2019-04-13T09:38:44.877+0800 INFO instance/beat.go:402 packetbeat start running.
2019-04-13T09:38:44.877+0800 INFO [monitoring] log/log.go:117 Starting metrics logging every 30s
2019-04-13T09:39:14.887+0800 INFO [monitoring] log/log.go:144 Non-zero metrics in the last 30s {"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":160,"time":{"ms":162}},"total":{"ticks":610,"time":{"ms":614},"value":0},"user":{"ticks":450,"time":{"ms":452}}},"handles":{"limit":{"hard":4096,"soft":1024},"open":7},"info":{"ephemeral_id":"691a2203-1433-44d4-b173-938a52dbea22","uptime":{"ms":30042}},"memstats":{"gc_next":36201104,"memory_alloc":18724416,"memory_total":23093208,"rss":45715456}},"libbeat":{"config":{"module":{"running":0}},"output":{"type":"elasticsearch"},"pipeline":{"clients":0,"events":{"active":0}}},"system":{"cpu":{"cores":4},"load":{"1":0.1,"15":0.06,"5":0.05,"norm":{"1":0.025,"15":0.015,"5":0.0125}}}}}}
参考资料
招聘小广告
山东济南的小伙伴欢迎投简历啊 加入我们 , 一起搞事情。
长期招聘,Java程序员,大数据工程师,运维工程师,前端工程师。