软件安装

nagios client

参考 https://lowendbox.com/blog/remote-server-monitoring-with-nagios-centos/ (远程)

yum -y install nagios-plugins-all nrpe
vim  /etc/nrpe.d/op5_commands.cfg

################################################################################
#
# op5-nrpe command configuration file
#
# COMMAND DEFINITIONS
# Syntax:
#       command[<command_name>]=<command_line>
#
command[users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
command[load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
command[swap]=/usr/lib64/nagios/plugins/check_swap -w 20% -c 10%
command[root_disk]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p / -m
command[usr_disk]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /usr -m
command[var_disk]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /var -m
command[zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
command[total_procs]=/usr/lib64/nagios/plugins/check_procs -w 190 -c 200
command[proc_named]=/usr/lib64/nagios/plugins/check_procs -w 1: -c 1:2 -C named
command[proc_crond]=/usr/lib64/nagios/plugins/check_procs -w 1: -c 1:5 -C crond
command[proc_syslogd]=/usr/lib64/nagios/plugins/check_procs -w 1: -c 1:2 -C syslog-ng
command[proc_rsyslogd]=/usr/lib64/nagios/plugins/check_procs -w 1: -c 1:2 -C rsyslogd

vim /etc/nagios/nrpe.cfg
allowed_hosts=127.0.0.1,172.25.4.90

service nrpe restart
chkconfig nrpe on

redis

$ rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

$ rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

$ yum --enablerepo=remi,remi-test install redis

修改配置文件

Uncomment requirepass
Comment bind 127.0.0.1

为支持python发送邮件

$ sudo pip install redis

memcacheq

a. libevent

wget --no-check-certificate https://github.com/downloads/libevent/libevent/libevent-2.0.21-stable.tar.gz
tar zxvf libevent-2.0.21-stable.tar.gz
cd libevent-2.0.21-stable
./configure
make
make install

b. BerkeleyDB

wget http://download.oracle.com/otn/berkeley-db/db-5.3.21.tar.gz
tar zxvf db-5.3.21.tar.gz
cd db-5.3.21
cd build_unix
../dist/configure
make
make install

在/etc/ld.so.conf里加入下面两行

/usr/local/lib
/usr/local/BerkeleyDB.5.3/lib

c. memcacheq

wget http://memcacheq.googlecode.com/files/memcacheq-0.2.0.tar.gz
tar zxvf memcacheq-0.2.0.tar.gz
cd memcacheq-0.2.0
./configure --enable-threads --with-libevent=/usr/local --with-bdb=/usr/local/BerkeleyDB.5.3
make
make install

d. 配置memcacheq和启动

install -d -o nobody -g nobody /data/memcacheq
memcacheq -d -r -u nobody -H /data/memcacheq -N -R -v -L 1024 -B 1024 &> /var/log/mq_error.log

tomcat

$ cd /data/tomcats
$ wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-7/v7.0.69/bin/apache-tomcat-7.0.69.tar.gz
$ tar zxvf apache-tomcat-7.0.69.tar.gz
$ mv apache-tomcat-7.0.69 hazetomcat
$ chmod  -R 775 /data/tomcats/*/*/startup.sh 
$ chmod  -R 775 /data/tomcats/*/*/catalina.sh 
$ chmod  -R 775 /data/tomcats/*/*/shutdown.sh
$ vi ./hazetomcat/conf/server.xml

<Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">

        <!-- SingleSignOn valve, share authentication between web applications
             Documentation at: /docs/config/valve.html -->
        <!--
        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
        -->

        <!-- Access log processes all example.
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log." suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />

            <Context docBase="/data/apps/projectRoot" path=""  debug="0"  />

      </Host>

添加到服务参考haze-shell中脚本 level 345

chkconfig --add hazetomcat

nginx

$ rpm -ivh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
$ yum install nginx -y

添加用户名验证

$ sudo yum -y install httpd-tools
$ sudo htpasswd -c /etc/nginx/htpasswd.users admin

elasticsearch

参考链接 install-elasticsearch-logstash-and-kibana-elk

$ sudo rpm --import http://packages.elastic.co/GPG-KEY-elasticsearch

echo '[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
' | sudo tee /etc/yum.repos.d/elasticsearch.repo

$ sudo yum -y install elasticsearch

修改配置文件

$ sudo vi /etc/elasticsearch/elasticsearch.yml

data /ROOT/data
log /ROOT/log/elasticsearch

kibana

$ sudo vi /etc/yum.repos.d/kibana.repo

[kibana-4.4]
name=Kibana repository for 4.4.x packages
baseurl=http://packages.elastic.co/kibana/4.4/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

$ sudo yum -y install kibana

logstash

$ sudo vi /etc/yum.repos.d/logstash.repo

[logstash-2.2]
name=logstash repository for 2.2 packages
baseurl=http://packages.elasticsearch.org/logstash/2.2/centos
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch
enabled=1

sudo yum -y install logstash

server config

$ sudo vi /etc/logstash/conf.d/logstash-tcp.conf

参考项目haze-shell

client config 参考项目haze-shell

需要添加crontab 参考项目haze-shell

elasticsearch 运行到supervisor中

参考(http://www.alphadevx.com/a/455-Installing-Supervisor-and-Superlance-on-CentOS)

pip install supervisor

echo_supervisord_conf > /etc/supervisord.conf

rsyslog配置

center server 机器

vim /etc/rsyslog.conf

去掉以下前面的注释#

$WorkDirectory /var/lib/rsyslog
$ActionQueueFileName fwdRule1
$ActionQueueMaxDiskSpace 2g
$ActionQueueSaveOnShutdown on
$ActionQueueType LinkedList
$ActionResumeRetryCount -1

$ModLoad imudp
$UDPServerRun 514
$ModLoad imtcp
$InputTCPServerRun 514
添加
$AllowedSender TCP, 127.0.0.1, 172.0.0.0/24, *.haze.com, *.compute.internal
$AllowedSender UDP, 127.0.0.1, 172.0.2.0/24, [::1]/128, *.haze.com, *.compute.internal

client 机器

vim /etc/rsyslog.conf

去掉以下的注释＃ $ModLoad imudp $UDPServerRun 514 $ModLoad imtcp $InputTCPServerRun 514

$WorkDirectory /var/lib/rsyslog # where to place spool files $ActionQueueFileName fwdRule1 # unique name prefix for spool files $ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible) $ActionQueueSaveOnShutdown on # save messages to disk on shutdown $ActionQueueType LinkedList # run asynchronously $ActionResumeRetryCount -1 # infinite retries if host is down

mkdir -p /ROOT/log/syslog
vim /etc/rsyslog.d/log4j.conf

添加如下

local0.*                        /ROOT/log/syslog/local0.log
local1.*                        /ROOT/log/syslog/local1.log
local2.*                        /ROOT/log/syslog/local2.log
local3.*                        /ROOT/log/syslog/local3.log
local4.*                        /ROOT/log/syslog/local4.log
local5.*                        /ROOT/log/syslog/local5.log
local6.*                        /ROOT/log/syslog/local6.log
local7.*                        /ROOT/log/syslog/local7.log
# Provides  forwarding. The IP is the server's IP address
local0.*                       @@log.haze.com:514
local1.*                       @@log.haze.com:514
local2.*                       @@log.haze.com:514
local3.*                       @@log.haze.com:514
local4.*                       @@log.haze.com:514
local5.*                       @@log.haze.com:514
local6.*                       @@log.haze.com:514
local7.*                       @@log.haze.com:514

/etc/init.d/rsyslog restart

日志收集流程

log4j写入本地514端口的syslog中，rsyslog通过log.haze.com 514端口将日志写入中心日志服务器中心服务器运行python 将/ROOT/log/syslog_original 日志写入 /ROOT/log/syslog中 logstash 读取/ROOT/log/syslog文件夹中的日志，导入elasticsearch中按照项目名称创建索引

supervisor重启方法

/etc/init.d/supervisor restart
查看状态
supervisorctl

目前elasticsearch和python tail进程均运行在supervisor中

php install

mkdir /ROOT/src

mkdir /ROOT/bin

mkdir /ROOT/tmp

chmod -R 777 /ROOT/tmp

cd /ROOT/src

wget http://php.net/distributions/php-5.6.23.tar.bz2

tar xvf php-5.6.23.tar.bz2

cd php-5.6.23

yum install libxml2-devel openssl-devl  bzip2-devel openjpeg openjpeg-devel gd libjpeg-devel libpng-devel libXpm-devel  gmp-devel  libc-client-devel openldap-devel unixODBC-devel libxslt-devel net-snmp-devel pcre-devel freetype-devel  libxml2-devel gd-devel libmcrypt-devel libcurl-devel openssl-devel  glibc-devel

./configure --prefix=/ROOT/server/php --bindir=/ROOT/bin --sbindir=/ROOT/bin --sysconfdir=/ROOT/conf/php --with-config-file-path=/ROOT/conf/php --with-config-file-scan-dir=/ROOT/conf/php --with-curl --with-gd --enable-gd-native-ttf --with-bz2 --with-gettext --with-mysql --with-pdo-mysql --with-mysqli --with-mcrypt --with-openssl --with-png-dir --with-jpeg-dir --with-freetype-dir=/usr/local/freetype --with-iconv-dir --with-libxml-dir --enable-fpm --enable-ftp --enable-json --enable-mbstring --enable-sockets --enable-exif --enable-bcmath --enable-pcntl  --enable-sysvmsg --enable-soap --enable-zip --disable-debug --with-openssl-dir --with-zlib-dir --enable-opcache --with-libdir=lib64

make

make install

cp /ROOT/conf/php/php-fpm.conf.default /ROOT/conf/php/php-fpm.conf

修改 /ROOT/conf/php/php-fpm.conf 把usergroup, user都改成www 添加一个没有登录权限的 www

useradd -s /bin/false -r www

拷贝本文档目录的php-fpm到服务器端 /etc/init.d/php-fpm

/etc/init.d/php-fpm start

mysql install

cd mysql-5.6.21
mkdir /ROOT/mysql
mkdir -p /ROOT/data/mysql
ubuntu  aptitude install cmake libncurses5-dev
centos yum install gcc gcc-c++ cmake  ncurses-devel
mkdir build_tmp
cd build_tmp
mac:
     brew install boost --with-python

cmake ../ -DCMAKE_INSTALL_PREFIX=/ROOT/mysql -DMYSQL_DATADIR=/ROOT/data/mysql -DSYSCONFDIR=/etc -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_MEMORY_STORAGE_ENGINE=1 -DWITH_READLINE=1 -DMYSQL_UNIX_ADDR=/tmp/mysql.sock -DMYSQL_TCP_PORT=3306 -DENABLED_LOCAL_INFILE=1 -DWITH_PARTITION_STORAGE_ENGINE=1 -DEXTRA_CHARSETS=all -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci

make
make install
groupadd mysql
useradd -g mysql mysql
chown -R mysql:mysql /ROOT/mysql
chown -R mysql:mysql /ROOT/data/mysql
cd /ROOT/mysql
./scripts/mysql_install_db --basedir=/ROOT/mysql --datadir=/ROOT/data/mysql --user=mysql

cp support-files/mysql.server /etc/init.d/mysql
centos chkconfig mysql on
ubuntu sudo update-rc.d mysql defaults

service mysql start  --启动MySQL

MySQL启动成功后，root默认没有密码，我们需要设置root密码。

设置之前，我们需要先设置PATH，要不不能直接调用mysql

修改/etc/profile文件，在文件末尾添加

PATH=/ROOT/mysql/bin:$PATH
export PATH
关闭文件，运行下面的命令，让配置立即生效

source /etc/profile
现在，我们可以在终端内直接输入mysql进入，mysql的环境了

执行下面的命令修改root密码

mysql -uroot
mysql> SET PASSWORD = PASSWORD('123456');
若要设置root用户可以远程访问，执行

mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'172.16.%' IDENTIFIED BY 'password' WITH GRANT OPTION;
红色的password为远程访问时，root用户的密码，可以和本地不同。

memcacheq

参考 http://www.lmyw.net.cn/?p=729

$yum install libevent libevent-devel
$wget http://ftp.cc.uoc.gr/mirrors/linux/lfs/LFS/conglomeration/db/db-6.1.19.tar.gz
$git clone https://github.com/stvchu/memcacheq.git

安装BerkleyDB 下载地址：http://download.oracle.com/otn/berkeley-db/db-6.1.19.tar.gz 下载页面：http://www.oracle.com/technetwork/cn/database/database-technologies/berkeleydb/downloads/index.html 注意事项：必须通过浏览器下载然后上传到服务器上，不能通过wget下载，wget下载的包大小不对，无法解压。下载时需要登录。

$cd /home/tools/
$tar -zxvf db-6.1.19.gz
$cd db-6.1.19

//需要进入特定操作系统编译环境，跟常规软件的编译有些区别

$cd build_unix

//这个地方一定要这样写，因为在build_unix这个目录下是没有文件的。如果没有指定特殊安装路径，编译完成，需要将Berkeley Db运行库的路径添加到系统配置里面

$../dist/configure –prefix=/usr/local/berkeleydb

//记得改/etc/ld.so.conf文件，添加/usr/local/BerkeleyDB.5.3/lib啊，不然后面的mcq会安装错误。

$echo “/usr/local/BerkeleyDB.5.3/lib/” >> /etc/ld.so.conf

//重新载入系统Ld运行库

$ldconfig  
$make
$make install

安装memcacheq：下载地址：http://code.google.com/p/memcacheq/downloads/list 注意事项：由于国内无法访问谷歌的问题，需要翻墙之后进行下载，然后上传到服务器上。

$cd /home/tools/
$tar -zxvf memcacheq-0.2.0.tar.gz
$cd memcacheq-0.2.0
$./configure –with-bdb=/usr/local/berkeleydb/ –with-libevent=/usr/local/lib -enable-threads
$make
$make install

//不增加环境变量的话，启动的时候会报错，提示找不到libdb-6.1.so

$vim /etc/profile

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib:/usr/local/berkeleydb/lib

//使环境变量立即生效。

$source /etc/profile

启动memcacheq：

$memcacheq -d -uroot -r -p11212 -H /home/mcq/ -N -R -v -L 1024 -B 1024 > /home/mq_error.log 2>&1

maven

下载地址：http://maven.apache.org/download.cgi

$cd /usr/local/src
$wget http://mirrors.cnnic.cn/apache/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz
$tar zxvf apache-maven-3.3.9-bin.tar.gz
$mv apache-maven-3.3.9 /usr/local/maven3
$cd /etc/profile.d
$vi maven.sh

maven.sh中加入一下内容：

export M2_HOME=/usr/local/maven3
export PATH=$PATH:$JAVA_HOME/bin:$M2_HOME/bin

$source /etc/profile
$mvn -v

正确显示maven版本则安装成功。

jenkins

$wget -O /etc/yum.repos.d/jenkins.repo http://pkg.jenkins-ci.org/redhat/jenkins.repo
$rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key
$yum install jenkins

安装成功后,启动jenkins

$service jenkins start

注意jenkins端口占用的问题，jenkins默认端口为8080，与tomcat默认端口相同。修改jenkins端口

$vi /etc/sysconfig/jenkins

将文件中的8080，修改为8091（可自行设置）. 第一次访问jenkins需要输入验证码查看jenkins验证码

$vi /var/lib/jenkins/secrets/initialAdminPassword

进入之后选择左侧的插件安装方式，将会自动集成git plugin。若出现错误或者没有集成git plugin，进入jenkins后->系统管理->管理插件，找到相关插件，进行安装。