使用open-falcon监控nginx【lua模块】
0x00 环境准备,nginx安装了lua模块
可先按照以下方式编译安装lua模块
Docker源码编译Nginx[可指定模块]:https://conimi.com/archives/109
目录结构遵循上篇博客:Docker源码编译Nginx[可指定模块]
0x01 下载ngx_metric
nginx目录下文件结构应为,只增加了falcon-ngx_metric
文件夹
nginx
- conf.d
- falcon-ngx_metric
-- lua
--- ngx_metric(还有其它文件,不列出了)
*** ngx_metric.lua
*** ngx_metric_output.lua
** ngx_metric.conf
** nginx_collect.py
- log
* Dockerfile
* nginx.conf
# 约定:
# - 表示目录
# * 表示文件
0x02 修改Dockerfile
由于需要python环境,所以安装python
Dockerfile内容如下
FROM debian:10.2-slim
LABEL maintainer="[email protected]"
LABEL Author="https://github.com/fabiocicerchia/nginx-lua/blob/master/nginx/1.18.0/debian/10.2-slim"
ARG BUILD_DATE
ARG BUILD_VERSION
ARG VCS_REF
LABEL org.label-schema.schema-version="1.0"
LABEL org.label-schema.build-date=$BUILD_DATE
LABEL org.label-schema.name="fabiocicerchia/nginx-lua"
LABEL org.label-schema.description="Nginx 1.18.0 with LUA support based on debian 10.2-slim."
LABEL org.label-schema.url="https://github.com/fabiocicerchia/nginx-lua"
LABEL org.label-schema.vcs-url="https://github.com/fabiocicerchia/nginx-lua"
LABEL org.label-schema.vcs-ref=$VCS_REF
LABEL org.label-schema.version=$BUILD_VERSION
LABEL org.label-schema.docker.cmd="docker run -p 80:80 -d fabiocicerchia/nginx-lua:1.18.0-debian10.2-slim"
# https://github.com/openresty/luajit2
ENV VER_LUAJIT 2.1-20200102
# https://github.com/openresty/lua-nginx-module
# Production ready.
ENV VER_LUA_NGINX_MODULE 0.10.15
# https://github.com/openresty/lua-resty-core
# This library is production ready.
ENV VER_LUA_RESTY_CORE 0.1.17
ENV LUA_LIB_DIR /usr/local/share/lua/5.1
# https://github.com/openresty/lua-resty-lrucache
# This library is considered production ready.
ENV VER_LUA_RESTY_LRUCACHE 0.09
# https://github.com/nginx/nginx
ENV VER_NGINX 1.18.0
# https://github.com/vision5/ngx_devel_kit
# The NDK is now considered to be stable.
ENV VER_NGX_DEVEL_KIT 0.3.1
# https://github.com/Yelp/dumb-init
ENV VER_DUMBINIT 1.2.2
ENV LUAJIT_LIB /usr/local/lib
ENV LUAJIT_INC /usr/local/include/luajit-2.1
ENV LD_LIBRARY_PATH /usr/local/lib/:$LD_LIBRARY_PATH
ENV DEBIAN_FRONTEND noninteractive
RUN set -x \
&& apt-get update \
&& apt-get install -y --no-install-recommends --no-install-suggests \
ca-certificates \
libgeoip-dev \
libpcre3-dev \
libssl-dev \
zlib1g-dev \
&& apt-get install -y --no-install-recommends --no-install-suggests \
curl \
g++ \
gzip \
make \
tar \
## 添加的python和pip环境
apt-get install -y --no-install-recommends --no-install-suggests \
python2.7 \
python-pip \
&& pip2 install requests \
&& apt-get remove -y python-pip \
&& apt-get autoremove -y \
&& apt-get autoclean -y \
# OpenResty LUAJIT2
# ##############################################################################
curl -Lo /luajit.tar.gz https://github.com/openresty/luajit2/archive/v${VER_LUAJIT}.tar.gz \
&& tar xvzf /luajit.tar.gz && rm /luajit.tar.gz \
&& cd /luajit2-${VER_LUAJIT} \
&& make -j "$(nproc)" \
&& make install \
&& cd / \
# LUA Resty Core
# ##############################################################################
curl -Lo /lua-resty-core.tar.gz https://github.com/openresty/lua-resty-core/archive/v${VER_LUA_RESTY_CORE}.tar.gz \
&& tar xvzf /lua-resty-core.tar.gz && rm /lua-resty-core.tar.gz \
&& cd /lua-resty-core-${VER_LUA_RESTY_CORE} \
&& make -j "$(nproc)" \
&& make install \
&& cd / \
# LUA Resty LRUCache
# ##############################################################################
curl -Lo /lua-resty-lrucache.tar.gz https://github.com/openresty/lua-resty-lrucache/archive/v${VER_LUA_RESTY_LRUCACHE}.tar.gz \
&& tar xvzf /lua-resty-lrucache.tar.gz && rm /lua-resty-lrucache.tar.gz \
&& cd /lua-resty-lrucache-${VER_LUA_RESTY_LRUCACHE} \
&& make -j "$(nproc)" \
&& make install \
&& cd / \
# NGX Devel Kit
# ##############################################################################
curl -Lo /ngx_devel_kit.tar.gz https://github.com/vision5/ngx_devel_kit/archive/v${VER_NGX_DEVEL_KIT}.tar.gz \
&& tar xvzf /ngx_devel_kit.tar.gz && rm /ngx_devel_kit.tar.gz \
# Lua Nginx Module
# ##############################################################################
curl -Lo /lua-nginx.tar.gz https://github.com/openresty/lua-nginx-module/archive/v${VER_LUA_NGINX_MODULE}.tar.gz \
&& tar xvzf /lua-nginx.tar.gz && rm /lua-nginx.tar.gz \
# NGINX
# ##############################################################################
# create nginx user/group first, to be consistent throughout docker variants
addgroup --system --gid 32548 nginx \
&& adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 32548 nginx \
# we're on an architecture upstream doesn't officially build for
# let's build binaries from the published packaging sources
curl -Lo /nginx.tar.gz https://nginx.org/download/nginx-${VER_NGINX}.tar.gz \
&& tar xvzf /nginx.tar.gz && rm /nginx.tar.gz \
&& cd /nginx-${VER_NGINX} \
&& mkdir -p /var/cache/nginx/client_temp \
/var/cache/nginx/proxy_temp \
/var/cache/nginx/fastcgi_temp \
/var/cache/nginx/uwsgi_temp \
/var/cache/nginx/scgi_temp \
&& ./configure \
--prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx \
--group=nginx \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module \
--with-mail \
--with-mail_ssl_module \
--with-stream \
--with-stream_realip_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' \
--with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' \
--add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \
--add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \
--with-http_dav_module \
--with-http_geoip_module \
&& make -j "$(nproc)" build \
&& make install \
# Bring in tzdata so users could set the timezones through the environment
# variables
apt-get install -y --no-install-recommends --no-install-suggests tzdata \
# Bring in curl and ca-certificates to make registering on DNS SD easier
apt-get install -y --no-install-recommends --no-install-suggests curl ca-certificates \
# forward request and error logs to docker log collector
ln -sf /dev/stdout /var/log/nginx/access.log \
&& ln -sf /dev/stderr /var/log/nginx/error.log \
# dumb-init
# ##############################################################################
curl -Lo /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${VER_DUMBINIT}/dumb-init_${VER_DUMBINIT}_x86_64 \
&& chmod +x /usr/bin/dumb-init \
# Cleanup
# ##############################################################################
rm -rf /lua-nginx-module-${VER_LUA_NGINX_MODULE} \
&& rm -rf /lua-resty-core-${VER_LUA_RESTY_CORE} \
&& rm -rf /lua-resty-lrucache-${VER_LUA_RESTY_LRUCACHE} \
&& rm -rf /luajit2-${VER_LUAJIT} \
&& rm -rf /nginx-${VER_NGINX} \
&& rm -rf /ngx_devel_kit-${VER_NGX_DEVEL_KIT} \
&& apt-get autoremove -y \
&& apt-get remove -y \
curl \
g++ \
make \
&& rm -rf /var/lib/apt/lists/*
HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1
EXPOSE 80
EXPOSE 443
STOPSIGNAL SIGTERM
ENTRYPOINT ["dumb-init"]
CMD ["nginx", "-g", "daemon off;"]
0x03 编写docker-comopose文件
version: "3.7"
services:
nginx:
build:
context: .
dockerfile: compose/nginx/Dockerfile
restart: always
container_name: nginx
volumes:
./wwwroot/demo:/home/wwwroot
./compose/nginx/conf.d:/etc/nginx/conf.d
./compose/nginx/nginx.conf:/etc/nginx/nginx.conf
./compose/nginx/log:/var/log/nginx
# 安装ngx_metric
# 这里由于容器内不存在modules文件夹,所以可以直接映射,
# 如果容器内存在moduls文件夹且还要其它文件,那么这里就需要将lua文件夹下的内容一个一个文件映射
./compose/nginx/falcon-ngx_metric/lua:/etc/nginx/modules
./compose/nginx/falcon-ngx_metric/ngx_metric.conf:/etc/nginx/conf.d/ngx_metric.conf
./compose/nginx/falcon-ngx_metric/nginx_collect.py:/opt/nginx_collect.py
# 需要注意:主机文件挂载到容器内存在几种形式
# 1. 用主机内的文件替换容器内的文件,比如容器内存在nginx.conf,主机内也存在nginx.conf,
# 这时需要用容器的文件代替主机文件,./compose/nginx/nginx.conf:/etc/nginx/nginx.conf就会覆盖容器内的原有文件
# 2. 将主机文件夹下的文件全部挂载到容器内,比如将主机内的/home/wwwroot/demo下的所有文件映射到容器,
# 这时./wwwroot/demo:/home/wwwroot就会在容器内创建一个/home/wwwroot文件夹,主机demo文件夹内的所有文件都会映射到容器/home/wwwroot文件夹下
# 3. 将容器内的文件夹挂载到主机,比如容器内/var/log/nginx文件下的日志文件会全部映射到主机./compose/nginx/log文件夹下
# 4. 将主机内的文件挂载到容器内,即使容器内不存在需要挂载的文件,比如:容器内/etc/nginx/conf.d/文件夹下不存在ngx_metric.conf,
# 但也要注意要写出容器内的文件名,./compose/nginx/falcon-ngx_metric/ngx_metric.conf:/etc/nginx/conf.d/ngx_metric.conf,
# 两边都有ngx_metric.conf文件名
ports:
"80:80"
# command:
# - bash
# - -c
# - |
# sleep 20s
# python2.7 /opt/nginx_collect.py --format=falcon --falcon-addr=http://116.62.39.165:1988/v1/push --service=ok_nginx
# --falcon-addr 为agent地址
0x04 添加定时命令,自动推送
运行命令
python2.7 /opt/nginx_collect.py --format=falcon --use-ngx-host --falcon-addr=http://116.62.39.165:1988/v1/push
参数说明
# Github地址:https://github.com/GuyCheung/falcon-ngx_metric
--use-ngx-host: 使用nginx配置里的service_name作为采集项的endpoint
--service: 手动设置endpoint值,当指定--use-ngx-host时,该参数无效
--format: 采集数据输出格式,对接falcon请使用--format=falcon
--falcon-step: falcon step设置,请设置为python脚本调用频率,默认是60
--falcon-addr: falcon push接口设置,设置该参数数据直接推送,不再输出到终端。需要安装requests模块