please check
Install icinga2 (2)
Install icinga2 (1) - AKAI TSUKI
install mariadb
# yum install -y mariadb mariadb-server
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: mariadb x86_64 1:5.5.56-2.el7 base 8.7 M mariadb-server x86_64 1:5.5.56-2.el7 base 11 M Installing for dependencies: perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k perl-DBD-MySQL x86_64 4.023-5.el7 base 140 k perl-DBI x86_64 1.627-4.el7 base 802 k perl-Data-Dumper x86_64 2.145-3.el7 base 47 k perl-IO-Compress noarch 2.061-2.el7 base 260 k perl-Net-Daemon noarch 0.48-5.el7 base 51 k perl-PlRPC noarch 0.2020-14.el7 base 36 k Updating for dependencies: mariadb-libs x86_64 1:5.5.56-2.el7 base 757 k Transaction Summary ==================================================================================================== Install 2 Packages (+8 Dependent packages) Upgrade ( 1 Dependent package)
start mariadb
# systemctl enable mariadb Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. # systemctl start mariadb #
initial setup for mariadb
# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] Y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! #
icinga2-ido-mysql
# yum install -y icinga2-ido-mysql
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: icinga2-ido-mysql x86_64 2.7.0-1.el7.icinga icinga-stable-release 185 k Transaction Summary ==================================================================================================== Install 1 Package
setup icinga db
# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 5.5.56-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE icinga; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY '(your icinga pass)'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> quit Bye #
# mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql Enter password: #
# icinga2 feature enable ido-mysql warning/cli: Feature 'ido-mysql' already enabled. # icinga2 feature list Disabled features: api command compatlog debuglog gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog Enabled features: checker ido-mysql mainlog notification #
Install icinga2 (1)
check SELinux config
# getenforce Disabled #
# cat /etc/sysconfig/selinux | grep -v "^#" | grep -v "^$" SELINUX=disabled SELINUXTYPE=targeted #
install icinga2 repo
# yum install -y https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: icinga-rpm-release noarch 7-2.el7.centos /icinga-rpm-release-7-latest.noarch 2.1 k Transaction Summary ==================================================================================================== Install 1 Package
install epel-release
# yum install -y epel-release
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: epel-release noarch 7-9 extras 14 k Transaction Summary ==================================================================================================== Install 1 Package
install icinga2 and plugins
# yum install -y icinga2 nagios-plugins-all
==================================================================================================== Package Arch Version Repository Size ==================================================================================================== Installing: icinga2 x86_64 2.7.0-1.el7.icinga icinga-stable-release 9.2 k nagios-plugins-all x86_64 2.2.1-4git.el7 epel 17 k Installing for dependencies: autogen-libopts x86_64 5.18-5.el7 base 66 k avahi-libs x86_64 0.6.31-17.el7 base 61 k bind-libs x86_64 32:9.9.4-51.el7 updates 1.0 M bind-utils x86_64 32:9.9.4-51.el7 updates 203 k boost-program-options x86_64 1.53.0-27.el7 base 156 k boost-regex x86_64 1.53.0-27.el7 base 300 k boost-system x86_64 1.53.0-27.el7 base 40 k boost-thread x86_64 1.53.0-27.el7 base 57 k cups-libs x86_64 1:1.6.3-29.el7 base 356 k fping x86_64 3.10-4.el7 epel 46 k icinga2-bin x86_64 2.7.0-1.el7.icinga icinga-stable-release 149 k icinga2-common x86_64 2.7.0-1.el7.icinga icinga-stable-release 126 k icinga2-libs x86_64 2.7.0-1.el7.icinga icinga-stable-release 2.7 M libarchive x86_64 3.1.2-10.el7_2 base 318 k libicu x86_64 50.1.2-15.el7 base 6.9 M libldb x86_64 1.1.29-1.el7 base 128 k libsmbclient x86_64 4.6.2-10.el7_4 updates 129 k libtalloc x86_64 2.1.9-1.el7 base 33 k libtdb x86_64 1.3.12-2.el7 base 47 k libtevent x86_64 0.9.31-1.el7 base 36 k libtirpc x86_64 0.2.4-0.10.el7 base 88 k libwbclient x86_64 4.6.2-10.el7_4 updates 104 k lm_sensors x86_64 3.4.0-4.20160601gitf9185e5.el7 base 140 k lm_sensors-libs x86_64 3.4.0-4.20160601gitf9185e5.el7 base 41 k nagios-common x86_64 4.3.2-8.el7 epel 23 k nagios-plugins x86_64 2.2.1-4git.el7 epel 251 k nagios-plugins-breeze x86_64 2.2.1-4git.el7 epel 18 k nagios-plugins-by_ssh x86_64 2.2.1-4git.el7 epel 44 k nagios-plugins-cluster x86_64 2.2.1-4git.el7 epel 37 k nagios-plugins-dhcp x86_64 2.2.1-4git.el7 epel 44 k nagios-plugins-dig x86_64 2.2.1-4git.el7 epel 44 k nagios-plugins-disk x86_64 2.2.1-4git.el7 epel 45 k nagios-plugins-disk_smb x86_64 2.2.1-4git.el7 epel 21 k nagios-plugins-dns x86_64 2.2.1-4git.el7 epel 45 k nagios-plugins-dummy x86_64 2.2.1-4git.el7 epel 33 k nagios-plugins-file_age x86_64 2.2.1-4git.el7 epel 19 k nagios-plugins-flexlm x86_64 2.2.1-4git.el7 epel 20 k nagios-plugins-fping x86_64 2.2.1-4git.el7 epel 43 k nagios-plugins-game x86_64 2.2.1-4git.el7 epel 39 k nagios-plugins-hpjd x86_64 2.2.1-4git.el7 epel 42 k nagios-plugins-http x86_64 2.2.1-4git.el7 epel 60 k nagios-plugins-icmp x86_64 2.2.1-4git.el7 epel 46 k nagios-plugins-ide_smart x86_64 2.2.1-4git.el7 epel 38 k nagios-plugins-ircd x86_64 2.2.1-4git.el7 epel 20 k nagios-plugins-ldap x86_64 2.2.1-4git.el7 epel 42 k nagios-plugins-load x86_64 2.2.1-4git.el7 epel 39 k nagios-plugins-log x86_64 2.2.1-4git.el7 epel 19 k nagios-plugins-mailq x86_64 2.2.1-4git.el7 epel 22 k nagios-plugins-mrtg x86_64 2.2.1-4git.el7 epel 39 k nagios-plugins-mrtgtraf x86_64 2.2.1-4git.el7 epel 38 k nagios-plugins-mysql x86_64 2.2.1-4git.el7 epel 50 k nagios-plugins-nagios x86_64 2.2.1-4git.el7 epel 39 k nagios-plugins-nt x86_64 2.2.1-4git.el7 epel 45 k nagios-plugins-ntp x86_64 2.2.1-4git.el7 epel 63 k nagios-plugins-ntp-perl x86_64 2.2.1-4git.el7 epel 22 k nagios-plugins-nwstat x86_64 2.2.1-4git.el7 epel 46 k nagios-plugins-oracle x86_64 2.2.1-4git.el7 epel 20 k nagios-plugins-overcr x86_64 2.2.1-4git.el7 epel 41 k nagios-plugins-perl x86_64 2.2.1-4git.el7 epel 18 k nagios-plugins-pgsql x86_64 2.2.1-4git.el7 epel 43 k nagios-plugins-ping x86_64 2.2.1-4git.el7 epel 45 k nagios-plugins-procs x86_64 2.2.1-4git.el7 epel 44 k nagios-plugins-real x86_64 2.2.1-4git.el7 epel 40 k nagios-plugins-rpc x86_64 2.2.1-4git.el7 epel 20 k nagios-plugins-sensors x86_64 2.2.1-4git.el7 epel 18 k nagios-plugins-smtp x86_64 2.2.1-4git.el7 epel 47 k nagios-plugins-snmp x86_64 2.2.1-4git.el7 epel 49 k nagios-plugins-ssh x86_64 2.2.1-4git.el7 epel 40 k nagios-plugins-swap x86_64 2.2.1-4git.el7 epel 38 k nagios-plugins-tcp x86_64 2.2.1-4git.el7 epel 47 k nagios-plugins-time x86_64 2.2.1-4git.el7 epel 40 k nagios-plugins-ups x86_64 2.2.1-4git.el7 epel 42 k nagios-plugins-users x86_64 2.2.1-4git.el7 epel 36 k nagios-plugins-wave x86_64 2.2.1-4git.el7 epel 18 k net-snmp-libs x86_64 1:5.7.2-28.el7 base 748 k net-snmp-utils x86_64 1:5.7.2-28.el7 base 197 k ntp x86_64 4.2.6p5-25.el7.centos.2 base 547 k ntpdate x86_64 4.2.6p5-25.el7.centos.2 base 86 k perl x86_64 4:5.16.3-292.el7 base 8.0 M perl-Carp noarch 1.26-244.el7 base 19 k perl-Encode x86_64 2.51-7.el7 base 1.5 M perl-Exporter noarch 5.68-3.el7 base 28 k perl-File-Path noarch 2.09-2.el7 base 26 k perl-File-Temp noarch 0.23.01-3.el7 base 56 k perl-Filter x86_64 1.49-3.el7 base 76 k perl-Getopt-Long noarch 2.40-2.el7 base 56 k perl-HTTP-Tiny noarch 0.033-3.el7 base 38 k perl-PathTools x86_64 3.40-5.el7 base 82 k perl-Pod-Escapes noarch 1:1.04-292.el7 base 51 k perl-Pod-Perldoc noarch 3.20-4.el7 base 87 k perl-Pod-Simple noarch 1:3.28-4.el7 base 216 k perl-Pod-Usage noarch 1.63-3.el7 base 27 k perl-Scalar-List-Utils x86_64 1.27-248.el7 base 36 k perl-Socket x86_64 2.010-4.el7 base 49 k perl-Storable x86_64 2.45-3.el7 base 77 k perl-Text-ParseWords noarch 3.29-4.el7 base 14 k perl-Time-HiRes x86_64 4:1.9725-3.el7 base 45 k perl-Time-Local noarch 1.2300-2.el7 base 24 k perl-constant noarch 1.27-2.el7 base 19 k perl-libs x86_64 4:5.16.3-292.el7 base 688 k perl-macros x86_64 4:5.16.3-292.el7 base 43 k perl-parent noarch 1:0.225-244.el7 base 12 k perl-podlators noarch 2.5.1-3.el7 base 112 k perl-threads x86_64 1.87-4.el7 base 49 k perl-threads-shared x86_64 1.43-6.el7 base 39 k postgresql-libs x86_64 9.2.23-1.el7_4 updates 233 k qstat x86_64 2.11-13.20080912svn311.el7 epel 167 k rpcbind x86_64 0.2.0-42.el7 base 59 k samba-client x86_64 4.6.2-10.el7_4 updates 598 k samba-client-libs x86_64 4.6.2-10.el7_4 updates 4.7 M samba-common noarch 4.6.2-10.el7_4 updates 197 k samba-common-libs x86_64 4.6.2-10.el7_4 updates 164 k Updating for dependencies: bind-libs-lite x86_64 32:9.9.4-51.el7 updates 732 k bind-license noarch 32:9.9.4-51.el7 updates 84 k krb5-libs x86_64 1.15.1-8.el7 base 747 k Transaction Summary ==================================================================================================== Install 2 Packages (+112 Dependent packages) Upgrade ( 3 Dependent packages)
start icinga2
# systemctl enable icinga2 Created symlink from /etc/systemd/system/multi-user.target.wants/icinga2.service to /usr/lib/systemd/system/icinga2.service. # systemctl start icinga2 #
check feature list
# icinga2 feature list Disabled features: api command compatlog debuglog gelf graphite influxdb livestatus opentsdb perfdata statusdata syslog Enabled features: checker mainlog notification #
disable Dev Tools menu in Kibana web ui.
configuration for Dev Tools in kibana.
console.enabled
parameter set to false to disable Console.
in the case of true (default)
in the case of false
login web console (OpenShift)
ref. Install OpenShift - AKAI TSUKI
install httpd-tools
ref. Configuring Authentication and User Agent | Installation and Configuration | OpenShift Origin Latest
at master node.
# yum install -y httpd-tools *snip* Installed: httpd-tools.x86_64 0:2.4.6-45.el7.centos.4 Dependency Installed: apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64 0:1.5.2-6.el7 Complete! #
create user with password by htpasswd
at master node.
# htpasswd -c /etc/origin/master/htpasswd user01 New password: Re-type new password: Adding password for user user01 #
setting (HTPasswdPasswordIdentityProvider)
at master node.
# grep -A8 identityProviders /etc/origin/master/master-config.yaml identityProviders: - challenge: true login: true mappingMethod: claim name: htpasswd_auth provider: apiVersion: v1 file: /etc/origin/master/htpasswd kind: HTPasswdPasswordIdentityProvider #
access web console
from my client to https://opshift01:8443/
as below
After I created project in web console
use user01
login
# oc login -u user01 Authentication required for https://opshift01:8443 (openshift) Username: user01 Password: Login successful. You have one project on this server: "testpj01" Using project "testpj01". #
I can not get node infomation by user01.
# oc get node Error from server (Forbidden): User "user01" cannot list all nodes in the cluster #
logout
# oc logout Logged "user01" out on "https://opshift01:8443" #
Install OpenShift
ref. Try to prepare host for installation of OpenShift. - AKAI TSUKI
hosts file
at all node.
# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 172.16.10.111 opshift01 opshift01.example.com 172.16.10.112 opshift02 opshift02.example.com 172.16.10.113 opshift03 opshift03.example.com #
inventory file
at master node.
# cat inventory_file/hosts [OSEv3:children] masters nodes [OSEv3:vars] ansible_ssh_user=root openshift_deployment_type=origin openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}] openshift_disable_check=memory_availability openshift_master_default_subdomain=apps.example.com [masters] opshift01.example.com [nodes] opshift01.example.com openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true opshift02.example.com openshift_node_labels="{'region': 'primary', 'zone': 'west'}" opshift03.example.com openshift_node_labels="{'region': 'primary', 'zone': 'east'}" #
run ansible-playbook
# ansible-playbook -i inventory_file/hosts \ > ~/openshift-ansible/playbooks/byo/config.yml *snip* PLAY RECAP ***************************************************************************************** localhost : ok=9 changed=0 unreachable=0 failed=0 opshift01.example.com : ok=561 changed=136 unreachable=0 failed=0 opshift02.example.com : ok=232 changed=63 unreachable=0 failed=0 opshift03.example.com : ok=232 changed=63 unreachable=0 failed=0 #
after install
# oc login -u system:admin Logged into "https://opshift01:8443" as "system:admin" using existing credentials. You have access to the following projects and can switch between them with 'oc project <projectname>': * default kube-public kube-system logging management-infra openshift openshift-infra Using project "default". # # oc get node NAME STATUS AGE VERSION opshift01 Ready 12m v1.6.1+5115d708d7 opshift02 Ready 12m v1.6.1+5115d708d7 opshift03 Ready 12m v1.6.1+5115d708d7 # # oc get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE docker-registry-1-g8b13 1/1 Running 0 13m 10.128.0.4 opshift01 registry-console-1-dznp7 1/1 Running 0 10m 10.128.0.5 opshift01 router-1-jqj4n 1/1 Running 0 14m 172.16.10.111 opshift01 # # oc get svc -o wide NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR docker-registry 172.30.255.65 <none> 5000/TCP 14m docker-registry=default kubernetes 172.30.0.1 <none> 443/TCP,53/UDP,53/TCP 27m <none> registry-console 172.30.181.217 <none> 9000/TCP 12m name=registry-console router 172.30.122.197 <none> 80/TCP,443/TCP,1936/TCP 16m router=router # # oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD docker-registry docker-registry-default.apps.example.com docker-registry <all> passthrough None registry-console registry-console-default.apps.example.com registry-console <all> passthrough None #
check config file.
# grep -C1 subdomain /etc/origin/master/master-config.yaml routingConfig: subdomain: "apps.example.com" serviceAccountConfig: # # grep -A8 identityProviders /etc/origin/master/master-config.yaml identityProviders: - challenge: true login: true mappingMethod: claim name: htpasswd_auth provider: apiVersion: v1 file: /etc/origin/master/htpasswd kind: HTPasswdPasswordIdentityProvider #
install elasticsearch-head on CentOS 7.3
ref
install eleasticsearch on CentOS 7.3 - AKAI TSUKI
environment
hostname | ip | node |
---|---|---|
cent7no31 | 172.16.10.231 | Coordinating node, elasticsearch-head |
pre install
install bzip2 and lbzip2 for tar command.
# yum install bzip2 # yum install lbzip2
install git and nodejs
# yum install -y git # yum install -y epel-release # yum install -y nodejs
install elasticsearch-head
GitHub - mobz/elasticsearch-head: A web front end for an elastic search cluster
install
# git clone git://github.com/mobz/elasticsearch-head.git # cd elasticsearch-head # npm install > phantomjs-prebuilt@2.1.16 install /root/elasticsearch-head/node_modules/phantomjs-prebuilt > node install.js PhantomJS not found on PATH Download already available at /tmp/phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 Verified checksum of previously downloaded file Extracting tar contents (via spawned process) Removing /root/elasticsearch-head/node_modules/phantomjs-prebuilt/lib/phantom Copying extracted folder /tmp/phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2-extract-1509856016577/phantomjs-2.1.1-linux-x86_64 -> /root/elasticsearch-head/node_modules/phantomjs-prebuilt/lib/phantom Writing location.js file Done. Phantomjs binary available at /root/elasticsearch-head/node_modules/phantomjs-prebuilt/lib/phantom/bin/phantomjs elasticsearch-head@0.0.0 /root/elasticsearch-head *snip* npm WARN optional SKIPPING OPTIONAL DEPENDENCY: fsevents@^1.0.0 (node_modules/chokidar/node_modules/fsevents): npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for fsevents@1.1.2: wanted {"os":"darwin","arch":"any"} (current: {"os":"linux","arch":"x64"}) npm WARN elasticsearch-head@0.0.0 license should be a valid SPDX license expression #
note
When I execute npm install
, error occured as follows:
# npm install npm: relocation error: npm: symbol SSL_set_cert_cb, version libssl.so.10 not defined in file libssl.so.10 with link time reference #
so, I execute command as follows:
# yum update openssl
start elasticsearch-head
[root@cent7no31 ~]# cd elasticsearch-head/ [root@cent7no31 elasticsearch-head]# npm run start > elasticsearch-head@0.0.0 start /root/elasticsearch-head > grunt server Running "connect:server" (connect) task Waiting forever... Started connect web server on http://localhost:9100
configure elasticsearch
add two parameters to elasticsearch.yml
# vi /etc/elasticsearch/elasticsearch.yml http.cors.enabled: true http.cors.allow-origin: "*"
as a result,
# grep -v "^#" /etc/elasticsearch/elasticsearch.yml | grep -v "^$" cluster.name: test-cluster node.name: cent7no31 network.host: 0.0.0.0 discovery.zen.ping.unicast.hosts: ["cent7no11", "cent7no12", "cent7no13", "cent7no31"] node.master: false node.data: false node.ingest: false http.cors.enabled: true http.cors.allow-origin: "*" #
restart elasticsearch
# systemctl restart elasticsearch
open elastic
open http://172.16.10.231:9100/
by browser
change connection url to elasticsearch
change from http://localhost:9200/
to http://172.16.10.231:9200/
,
and push Connect
button.