Chef使わずに入れる方法探してと言われたので、色々探してやった時のメモ(Server側)
■証明書作成
$ which openssl
$ openssl versi
$ cd /tmp
$ wget http://sensuapp.org/docs/0.12/tools/ssl_certs.tar
$ tar xvf ssl_certs.tar
$ cd ssl_certs
$ ./ssl_certs.sh generate
■epel追加
32bit
$ rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
$ wget -O /etc/yum.repos.d/epel-erlang.repo http://repos.fedorapeople.org/repos/peter/erlang/epel-erlang.repo
$ rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
$ yum install erlang
64bit
$ rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
$ wget -O /etc/yum.repos.d/epel-erlang.repo http://repos.fedorapeople.org/repos/peter/erlang/epel-erlang.repo
$ rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
$ yum install erlang
■rabbitmqの導入
1.インストール
$ rpm —import http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
$ rpm -Uvh http://www.rabbitmq.com/releases/rabbitmq-server/v3.2.1/rabbitmq-server-3.2.1-1.noarch.rpm
$ chkcfig rabbitmq-server on
$ /etc/init.d/rabbitmq-server start
2.設定
$ mkdir -p /etc/rabbitmq/ssl
$ ls /etc/rabbitmq/ssl
$ cp /tmp/ssl_certs/sensu_ca/cacert.pem /etc/rabbitmq/ssl/
$ cp /tmp/ssl_certs/server/cert.pem /etc/rabbitmq/ssl/
$ cp /tmp/ssl_certs/server/key.pem /etc/rabbitmq/ssl/
$ ls /etc/rabbitmq/ssl
rabbitmq.cfg
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_optis, [{cacertfile,”/etc/rabbitmq/ssl/cacert.pem”},
{certfile,”/etc/rabbitmq/ssl/cert.pem”},
{keyfile,”/etc/rabbitmq/ssl/key.pem”},
{verify,verify_peer},
{fail_if_no_peer_cert,true}]}
]}
].
$ /etc/init.d/rabbitmq-server restart
$ rabbitmqctl add_vhost /sensu
$ rabbitmqctl add_user sensu sensu
$ rabbitmqctl set_permissis -p /sensu sensu “.*” “.*” “.*”
$ rabbitmq-plugins enable rabbitmq_management
■redis
$ yum -y install redis
$ chkcfig —list redis
$ chkcfig redis on
$ /etc/init.d/redis start
■sensu
1.インストール
/etc/yum.repos.d/sensu.repo
[sensu]
name=sensu-main
baseurl=http://repos.sensuapp.org/yum/el/6/\$basearch/
gpgcheck=0
enabled=1
$ yum -y install sensu
$ yum -y install uchiwa
2.設定
◆証明書コピー
$ mkdir -p /etc/sensu/ssl
$ cp -p /tmp/ssl_certs/client/cert.pem /etc/sensu/ssl/
$ cp -p /tmp/ssl_certs/client/key.pem /etc/sensu/ssl/
◆設定ファイルの作成
設定を一つのファイルに収めることもできるけど、何故かrabbitmqに繋がらないので全部別々に作成する
/etc/sensu/conf.d/rabbitmq.json
{
”rabbitmq”: {
“ssl”: {
“cert_chain_file”: “/etc/sensu/ssl/cert.pem”,
“private_key_file”: “/etc/sensu/ssl/key.pem”
},
“host”: “localhost”,
“port”: 5671,
“user”: “sensu”,
“password”: “sensu”,
“vhost”: “/sensu”
}
}
/etc/sensu/conf.d/rabbitmq.json
{
”redis”: {
“host”: “localhost”,
“port”: 6379
}
}
/etc/sensu/conf.d/api.json
{
”api”: {
“host”: “localhost”,
“port”: 4567
}
}
/etc/sensu/conf.d/handlers.json
{
”handlers”: {
“default”: {
“type”: “set”,
“handlers”: [
“stdout”
]
},
“stdout”: {
“type”: “pipe”,
“command”: “cat”
}
}
}
/etc/sensu/conf.d/checks.json
{
”checks”: {
“test”: {
“command”: “echo -n OK”,
“subscribers”: [
“test”
],
“interval”: 60
}
}
}
/etc/sensu/conf.d/client.json
{
“client”: {
“name”: “localhost”,
“address”: “127.0.0.1”,
“subscriptions”: [
“test”
]
}
}
/etc/sensu/uchiwa.json
{
“sensu”: [
{
“name”: “Sensu”,
“host”: “127.0.0.1”,
“ssl”: false,
“port”: 4567,
“user”: “”,
“pass”: “”,
“path”: “”,
“timeout”: 5000
}
],
“uchiwa”: {
“user”: “”,
“pass”: “”,
“port”: 3000,
“stats”: 10,
“refresh”: 10000
}
}
■ファイアーウォール設定
別に開けなくてもいいかもしれないけど、自分の環境では開けておかないと動かなかったので
$ iptables-save > iptables_rule
$ cp -p iptables_rule iptables_rule_yyyymmdd
/home/hoge/iptables_rule
以下を追記
-A INPUT -p tcp -m state —state NEW -m tcp —dport 3000 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 4567 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 5671 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 5672 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 6379 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 15672 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 55672 -j ACCEPT
$ iptables-restore < iptables_rule
$ service iptables save
$ service iptables restart
$ iptables -L
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:hbci
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:tram
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:amqps
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:amqp
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:6379
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:15672
ACCEPT tcp — anywhere anywhere state NEW tcp dpt:55672
■サービス起動
$ chkcfig —list
sensu-api 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sensu-client 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sensu-server 0:off 1:off 2:off 3:off 4:off 5:off 6:off
uchiwa 0:off 1:off 2:off 3:off 4:off 5:off 6:off
$ chkcfig sensu-server on
$ chkcfig sensu-api on
$ chkcfig sensu-client on
$ chkcfig uchiwa on
$ chkcfig —list
sensu-api 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sensu-client 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sensu-server 0:off 1:off 2:on 3:on 4:on 5:on 6:off
uchiwa 0:off 1:off 2:on 3:on 4:on 5:on 6:off
$ /etc/init.d/sensu-client start
$ /etc/init.d/sensu-api start
$ /etc/init.d/sensu-server start
$ /etc/init.d/uchiwa start
Uchiwaへのアクセスはwebブラウザで以下のURLを入力(パスワードなどは特に無し)
http://IP or hostname:3000/
またrabbitmqにアクセスしたい場合は以下のURLを入力(ユーザ、パスワードともに「guest」でログイン可能)
http://IP or hostname:15672/