vlambda博客
学习文章列表

使用open-falcon监控nginx【lua模块】

0x00 环境准备,nginx安装了lua模块

  • 可先按照以下方式编译安装lua模块

  • Docker源码编译Nginx[可指定模块]:https://conimi.com/archives/109

  • 目录结构遵循上篇博客:Docker源码编译Nginx[可指定模块]

0x01 下载ngx_metric

nginx目录下文件结构应为,只增加了falcon-ngx_metric文件夹

nginx - conf.d - falcon-ngx_metric -- lua --- ngx_metric(还有其它文件,不列出了) *** ngx_metric.lua *** ngx_metric_output.lua ** ngx_metric.conf ** nginx_collect.py - log * Dockerfile * nginx.conf
# 约定:# - 表示目录# * 表示文件

0x02 修改Dockerfile

由于需要python环境,所以安装python

Dockerfile内容如下

FROM debian:10.2-slim
LABEL maintainer="[email protected]"LABEL Author="https://github.com/fabiocicerchia/nginx-lua/blob/master/nginx/1.18.0/debian/10.2-slim"
ARG BUILD_DATEARG BUILD_VERSIONARG VCS_REF
LABEL org.label-schema.schema-version="1.0"LABEL org.label-schema.build-date=$BUILD_DATELABEL org.label-schema.name="fabiocicerchia/nginx-lua"LABEL org.label-schema.description="Nginx 1.18.0 with LUA support based on debian 10.2-slim."LABEL org.label-schema.url="https://github.com/fabiocicerchia/nginx-lua"LABEL org.label-schema.vcs-url="https://github.com/fabiocicerchia/nginx-lua"LABEL org.label-schema.vcs-ref=$VCS_REFLABEL org.label-schema.version=$BUILD_VERSIONLABEL org.label-schema.docker.cmd="docker run -p 80:80 -d fabiocicerchia/nginx-lua:1.18.0-debian10.2-slim"
# https://github.com/openresty/luajit2ENV VER_LUAJIT 2.1-20200102
# https://github.com/openresty/lua-nginx-module# Production ready.ENV VER_LUA_NGINX_MODULE 0.10.15
# https://github.com/openresty/lua-resty-core# This library is production ready.ENV VER_LUA_RESTY_CORE 0.1.17ENV LUA_LIB_DIR /usr/local/share/lua/5.1
# https://github.com/openresty/lua-resty-lrucache# This library is considered production ready.ENV VER_LUA_RESTY_LRUCACHE 0.09
# https://github.com/nginx/nginxENV VER_NGINX 1.18.0
# https://github.com/vision5/ngx_devel_kit# The NDK is now considered to be stable.ENV VER_NGX_DEVEL_KIT 0.3.1
# https://github.com/Yelp/dumb-initENV VER_DUMBINIT 1.2.2
ENV LUAJIT_LIB /usr/local/libENV LUAJIT_INC /usr/local/include/luajit-2.1ENV LD_LIBRARY_PATH /usr/local/lib/:$LD_LIBRARY_PATHENV DEBIAN_FRONTEND noninteractive
RUN set -x \&& apt-get update \&& apt-get install -y --no-install-recommends --no-install-suggests \ ca-certificates \ libgeoip-dev \ libpcre3-dev \ libssl-dev \ zlib1g-dev \&& apt-get install -y --no-install-recommends --no-install-suggests \ curl \ g++ \ gzip \ make \ tar \## 添加的python和pip环境&& apt-get install -y --no-install-recommends --no-install-suggests \ python2.7 \ python-pip \&& pip2 install requests \&& apt-get remove -y python-pip \&& apt-get autoremove -y \&& apt-get autoclean -y \# OpenResty LUAJIT2# ##############################################################################&& curl -Lo /luajit.tar.gz https://github.com/openresty/luajit2/archive/v${VER_LUAJIT}.tar.gz \ && tar xvzf /luajit.tar.gz && rm /luajit.tar.gz \ && cd /luajit2-${VER_LUAJIT} \ && make -j "$(nproc)" \ && make install \ && cd / \# LUA Resty Core# ##############################################################################&& curl -Lo /lua-resty-core.tar.gz https://github.com/openresty/lua-resty-core/archive/v${VER_LUA_RESTY_CORE}.tar.gz \ && tar xvzf /lua-resty-core.tar.gz && rm /lua-resty-core.tar.gz \ && cd /lua-resty-core-${VER_LUA_RESTY_CORE} \ && make -j "$(nproc)" \ && make install \ && cd / \# LUA Resty LRUCache# ##############################################################################&& curl -Lo /lua-resty-lrucache.tar.gz https://github.com/openresty/lua-resty-lrucache/archive/v${VER_LUA_RESTY_LRUCACHE}.tar.gz \ && tar xvzf /lua-resty-lrucache.tar.gz && rm /lua-resty-lrucache.tar.gz \ && cd /lua-resty-lrucache-${VER_LUA_RESTY_LRUCACHE} \ && make -j "$(nproc)" \ && make install \ && cd / \# NGX Devel Kit# ##############################################################################&& curl -Lo /ngx_devel_kit.tar.gz https://github.com/vision5/ngx_devel_kit/archive/v${VER_NGX_DEVEL_KIT}.tar.gz \ && tar xvzf /ngx_devel_kit.tar.gz && rm /ngx_devel_kit.tar.gz \# Lua Nginx Module# ##############################################################################&& curl -Lo /lua-nginx.tar.gz https://github.com/openresty/lua-nginx-module/archive/v${VER_LUA_NGINX_MODULE}.tar.gz \ && tar xvzf /lua-nginx.tar.gz && rm /lua-nginx.tar.gz \# NGINX# ############################################################################### create nginx user/group first, to be consistent throughout docker variants&& addgroup --system --gid 32548 nginx \&& adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 32548 nginx \# we're on an architecture upstream doesn't officially build for# let's build binaries from the published packaging sources && curl -Lo /nginx.tar.gz https://nginx.org/download/nginx-${VER_NGINX}.tar.gz \ && tar xvzf /nginx.tar.gz && rm /nginx.tar.gz \ && cd /nginx-${VER_NGINX} \ && mkdir -p /var/cache/nginx/client_temp \ /var/cache/nginx/proxy_temp \ /var/cache/nginx/fastcgi_temp \ /var/cache/nginx/uwsgi_temp \ /var/cache/nginx/scgi_temp \ && ./configure \ --prefix=/etc/nginx \ --sbin-path=/usr/sbin/nginx \ --modules-path=/usr/lib/nginx/modules \ --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --http-log-path=/var/log/nginx/access.log \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/run/nginx.lock \ --http-client-body-temp-path=/var/cache/nginx/client_temp \ --http-proxy-temp-path=/var/cache/nginx/proxy_temp \ --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \ --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \ --http-scgi-temp-path=/var/cache/nginx/scgi_temp \ --user=nginx \ --group=nginx \ --with-compat \ --with-file-aio \ --with-threads \ --with-http_addition_module \ --with-http_auth_request_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_mp4_module \ --with-http_random_index_module \ --with-http_realip_module \ --with-http_secure_link_module \ --with-http_slice_module \ --with-http_ssl_module \ --with-http_stub_status_module \ --with-http_sub_module \ --with-http_v2_module \ --with-mail \ --with-mail_ssl_module \ --with-stream \ --with-stream_realip_module \ --with-stream_ssl_module \ --with-stream_ssl_preread_module \ --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' \ --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' \ --add-module=/lua-nginx-module-${VER_LUA_NGINX_MODULE} \ --add-module=/ngx_devel_kit-${VER_NGX_DEVEL_KIT} \ --with-http_dav_module \ --with-http_geoip_module \ && make -j "$(nproc)" build \ && make install \# Bring in tzdata so users could set the timezones through the environment# variables&& apt-get install -y --no-install-recommends --no-install-suggests tzdata \# Bring in curl and ca-certificates to make registering on DNS SD easier&& apt-get install -y --no-install-recommends --no-install-suggests curl ca-certificates \# forward request and error logs to docker log collector&& ln -sf /dev/stdout /var/log/nginx/access.log \&& ln -sf /dev/stderr /var/log/nginx/error.log \# dumb-init# ##############################################################################&& curl -Lo /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${VER_DUMBINIT}/dumb-init_${VER_DUMBINIT}_x86_64 \&& chmod +x /usr/bin/dumb-init \# Cleanup# ##############################################################################&& rm -rf /lua-nginx-module-${VER_LUA_NGINX_MODULE} \&& rm -rf /lua-resty-core-${VER_LUA_RESTY_CORE} \&& rm -rf /lua-resty-lrucache-${VER_LUA_RESTY_LRUCACHE} \&& rm -rf /luajit2-${VER_LUAJIT} \&& rm -rf /nginx-${VER_NGINX} \&& rm -rf /ngx_devel_kit-${VER_NGX_DEVEL_KIT} \&& apt-get autoremove -y \&& apt-get remove -y \ curl \ g++ \ make \&& rm -rf /var/lib/apt/lists/*
HEALTHCHECK --interval=30s --timeout=3s CMD curl --fail http://localhost/ || exit 1
EXPOSE 80EXPOSE 443
STOPSIGNAL SIGTERM
ENTRYPOINT ["dumb-init"]
CMD ["nginx", "-g", "daemon off;"]

0x03 编写docker-comopose文件

version: "3.7"
services: nginx: build: context: . dockerfile: compose/nginx/Dockerfile restart: always container_name: nginx volumes: - ./wwwroot/demo:/home/wwwroot - ./compose/nginx/conf.d:/etc/nginx/conf.d - ./compose/nginx/nginx.conf:/etc/nginx/nginx.conf - ./compose/nginx/log:/var/log/nginx # 安装ngx_metric # 这里由于容器内不存在modules文件夹,所以可以直接映射, # 如果容器内存在moduls文件夹且还要其它文件,那么这里就需要将lua文件夹下的内容一个一个文件映射 - ./compose/nginx/falcon-ngx_metric/lua:/etc/nginx/modules - ./compose/nginx/falcon-ngx_metric/ngx_metric.conf:/etc/nginx/conf.d/ngx_metric.conf - ./compose/nginx/falcon-ngx_metric/nginx_collect.py:/opt/nginx_collect.py
# 需要注意:主机文件挂载到容器内存在几种形式 # 1. 用主机内的文件替换容器内的文件,比如容器内存在nginx.conf,主机内也存在nginx.conf, # 这时需要用容器的文件代替主机文件,./compose/nginx/nginx.conf:/etc/nginx/nginx.conf就会覆盖容器内的原有文件 # 2. 将主机文件夹下的文件全部挂载到容器内,比如将主机内的/home/wwwroot/demo下的所有文件映射到容器, # 这时./wwwroot/demo:/home/wwwroot就会在容器内创建一个/home/wwwroot文件夹,主机demo文件夹内的所有文件都会映射到容器/home/wwwroot文件夹下 # 3. 将容器内的文件夹挂载到主机,比如容器内/var/log/nginx文件下的日志文件会全部映射到主机./compose/nginx/log文件夹下 # 4. 将主机内的文件挂载到容器内,即使容器内不存在需要挂载的文件,比如:容器内/etc/nginx/conf.d/文件夹下不存在ngx_metric.conf, # 但也要注意要写出容器内的文件名,./compose/nginx/falcon-ngx_metric/ngx_metric.conf:/etc/nginx/conf.d/ngx_metric.conf, # 两边都有ngx_metric.conf文件名
ports: - "80:80"
# command: # - bash # - -c # - | # sleep 20s # python2.7 /opt/nginx_collect.py --format=falcon --falcon-addr=http://116.62.39.165:1988/v1/push --service=ok_nginx
# --falcon-addr 为agent地址

0x04 添加定时命令,自动推送

运行命令

python2.7 /opt/nginx_collect.py --format=falcon --use-ngx-host --falcon-addr=http://116.62.39.165:1988/v1/push

参数说明

# Github地址:https://github.com/GuyCheung/falcon-ngx_metric
--use-ngx-host: 使用nginx配置里的service_name作为采集项的endpoint
--service: 手动设置endpoint值,当指定--use-ngx-host时,该参数无效
--format: 采集数据输出格式,对接falcon请使用--format=falcon
--falcon-step: falcon step设置,请设置为python脚本调用频率,默认是60
--falcon-addr: falcon push接口设置,设置该参数数据直接推送,不再输出到终端。需要安装requests模块