Table of Contents | ||||
---|---|---|---|---|
|
...
Internal Ports (Backend Server 간): Trusted Network 구간
8000 : Salt-API Server - CH Server와 데이터 송수신.
9094 : Kapacitor - InfluxDB와 데이터 송수신.
Intermediate Ports (Agent ↔︎ Backend Server 간): Semi-Trusted Network 구간
Warning |
---|
아래 포트들은 모니터링 대상 호스트들(MO: Managed Objects)과의 통신에 사용됩니다. 아래 설정 예시와 같이 firewalld filter를 사용하거나, 혹은 tcp_wrappers 등을 사용하여 hosts.allow, hosts.deny 등에 ACL을 설정할 수 있습니다. |
4505-4506 : Salt-Master - Salt-Minion과 데이터 송수신.
8086 : InfluxDB - telegraf로부터 데이터 수신.
아래는 firewalld
설정 파일 예시이며,
Status | ||||
---|---|---|---|---|
|
Code Block | ||
---|---|---|
| ||
<!-- /etc/firewalld/zones/public.xml --> <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas.</description> <service name="ssh"/> <service name="dhcpv6-client"/> <port protocol="tcp" port="443"/> <rule family="ipv4"> <source address="xxx.xxx.xxx.0/24"/> <port protocol="tcp" port="4505-4506"/> <accept/> </rule> <rule family="ipv4"> <source address="xxx.xxx.xxx.xxx"/> <port protocol="tcp" port="8000"/> <accept/> </rule> <rule family="ipv4"> <source address="xxx.xxx.xxx.xxx"/> <port protocol="tcp" port="8086"/> <accept/> </rule> <rule family="ipv4"> <source address="xxx.xxx.xxx.xxx"/> <port protocol="tcp" port="9094"/> <accept/> </rule> </zone> |
...
Note |
---|
|
Code Block | ||
---|---|---|
| ||
## log_level ## # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'. log_level: info root_dir: /opt/miniconda3/envs/saltenv ##### Primary configuration settings ##### ########################################## # The address of the interface to bind to: interface: x.x.x.x # The tcp port used by the publisher: publish_port: 4505 # Allow minions to push files to the master. This is disabled by default, for # security purposes. # file_recv: True ##### State System settings ##### ########################################## # The state system uses a "top" file to tell the minions what environment to # use and what modules to use. The state_top file is defined relative to the # root of the base environment as defined in "File Server settings" below. state_top: top.sls ##### File Server settings ##### ########################################## # Salt runs a lightweight file server written in zeromq to deliver files to # minions. This file server is built into the master daemon and does not # require a dedicated port. # The file server works on environments passed to the master, each environment # can have multiple root directories, the subdirectories in the multiple file # roots cannot match, otherwise the downloaded files will not be able to be # reliably ensured. A base environment is required to house the top file. file_roots: base: - /srv/salt/prod # File Server Backend # # Salt supports a modular fileserver backend system, this system allows # the salt master to link directly to third party systems to gather and # manage the files available to minions. Multiple backends can be # configured and will be searched for the requested file in the order in which # they are defined here. The default setting only enables the standard backend # "roots" which uses the "file_roots" option. fileserver_backend: - roots ##### Security settings ##### ########################################## # The external auth system uses the Salt auth modules to authenticate and # validate users to access areas of the Salt system. external_auth: pam: saltdev: - .* - '@runner' - '@wheel' - '@jobs' # Allow eauth users to specify the expiry time of the tokens they generate. # A boolean applies to all users or a dictionary of whitelisted eauth backends # and usernames may be given. token_expire_user_override: pam: - saltdev ##### API Server settings ##### ########################################## rest_cherrypy: port: 8000 disable_ssl: True |
...
Warning |
---|
이 경우, salt-minion을 실행할 경우, |
Note |
---|
|
Config path: $ vim /opt/miniconda3/etc/salt/minion
Code Block | ||
---|---|---|
| ||
## log_level ## # One of 'garbage', 'trace', 'debug', info', 'warning'(default), 'error', 'critical'. log_level: info root_dir: /opt/miniconda3/envs/saltenv master: <master ip address> id: <유일한 minion id 설정해야 하며, 생략 시, hostname = minion id> |
계정 생성 및 패스워드 설정
Note |
---|
아래 추가된 saltdev에 대한 password는 추후 salt-api authentication을 위한 pam_token를 발급 받는데 쓰이므로, 잘 기억해두어야 합니다. |
Code Block | ||
---|---|---|
| ||
$ useradd saltdev $ passwd <password> Changing password for user saltdev. New password: |
...
로그인 창에서 Sign up(가입) 합니다.
로그인 후, 아래와 같이 초기 설정에서 단계 별로 적절한 값으로 설정합니다.
초기 설정으로는 InfluxDB가 설치된 host IP 정도만 맞게 설정하면 됩니다.
Connection Name는 Database(=Group) Name과 동일하면 편리합니다.Add Connection → Next를 반복 클릭하여 마무리 합니다.
아래 메뉴 화면에서 원하는 Group(Organization)을 추가합니다.
“Agent “Agent Configuration > Minions” Minions” 메뉴 화면에서 새로 등록된 minion을 Operation 버튼을 버튼을 통해 “Accept”합니다.
“Agent Configuration > Collector Control”으로 이동 후, 설치하고자 하는 minion host를 선택하고 콤보박스에서 telegraf를 선택 후, INSTALL 합니다.
Group을 지정한 후,
[[outputs.influxdb]]
을 설정한 후, Test -> 후, Apply 합니다.그 외 필요한 설정은 위 그림의 Plugins 리스트에서 참고하거나, https://github.com/snetsystems/telegraf#input-plugins 를 참고하여 추가하도록 합니다.
주의 사항
위 설정까지 끝나고 완료하고 나면, InfluxDB에 동적으로 Database가 생성됩니다.
...