系统环境及tengine,ag亚游娱乐平台:mariadb组件仍使用《Jumpserver高可用集群部署》中己部署的环境及基础组件,tengine重新编译,将prefix更改为/sas/tengine,作为多个服务共享的基础组件。相关部署过程可参考:

Jumpserver高可用集群部署:(一)系统基础环境配置
Jumpserver高可用集群部署:(二)Tengine 代理服务部署
Jumpserver高可用集群部署:(三)MariaDB Galera 集群部署

官方文档:http://www.210.cao872.com/docs/grafana/latest/administration/set-up-for-high-availability/

1、添加Grafana社区版对应的Yum源
vi etc/yum.repos.d/grafana.repo

[grafana]
name=grafana
baseurl=http://ohx.ib911.com/827/oss/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=http://www.225.1440055.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
2、安装Grafana
yum install grafana
3、启动Grafana
systemctl daemon-reload
systemctl start grafana-server
systemctl status grafana-server

# 设置自启动
systemctl enable grafana-server
4、创建mysql数据库,用于保存集群配置
mysql -uroot -p

# 创建grafana数据库
create database grafana;

# xxxxxxxx 表示数据库密码,授权相应的IP地址及hostname访问数据库
grant all on grafana.* to 'grafana'@'10.255.200.%' identified by 'xxxxxxxx';
grant all on grafana.* to 'grafana'@'localhost' identified by 'xxxxxxxx';
grant all on grafana.* to 'grafana'@'devops01' identified by 'xxxxxxxx';
grant all on grafana.* to 'grafana'@'devops02' identified by 'xxxxxxxx';
grant all on grafana.* to 'grafana'@'devops03' identified by 'xxxxxxxx';

# 保存权限
flush privileges;
5、修改Grafana配置,使用mysql数据库
vi /etc/grafana/grafana.ini

#################################### Database ####################################
[database]
# You can configure the database connection by specifying type, host, name, user and password
# as separate properties or as on string using the url properties.

# Either "mysql", "postgres" or "sqlite3", it's your choice
type = mysql
host = 10.255.200.1:3306
name = grafana
user = grafana
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
password = xxxxxxxx
6、修改默认端口为3001,将默认端口3000配置为tengine监听端口,禁用使用情况反馈,因为可能因为联网问题造成反馈时报错
vi /etc/grafana/grafana.ini

#################################### Server ####################################
[server]
# Protocol (http, http, h2, socket)
;protocol = http

# The ip address to bind to, empty will bind to all interfaces
;http_addr =

# The http port  to use
http_port = 3001

#################################### Analytics ####################################
[analytics]
# Server reporting, sends usage counters to stats.grafana.org every 24 hours.
# No ip addresses are being tracked, only simple counters to track
# running instances, dashboard and error counts. It is very helpful to us.
# Change this option to false to disable reporting.
reporting_enabled = false
7、重启Grafana服务
systemctl restart grafana-server
systemctl status grafana-server
8、配置tengine
vi /sas/tengine/conf/conf.d/grafana.conf

upstream grafana {
    server 10.255.200.1:3001;
    server 10.255.200.2:3001;
    server 10.255.200.3:3001;

    session_sticky;
}

server {
    listen 3000 ssl backlog=32768;
    server_name grafana.hbrtv.org;
    ssl_certificate   /sas/tengine/sslkey/devops.crt;
    ssl_certificate_key  /sas/tengine/sslkey/devops.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://grafana;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
9、配置防火墙
firewall-cmd --zone=public --add-port=3000/tcp --permanent
# 如果配置错误,可使用以下格式删相应端口
# firewall-cmd --zone=public --remove-port=3000/tcp --permanent

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.255.200.1/30" port protocol="tcp" port="3001" accept"
# 如果配置错误,可使用以下格式删相应端口
# firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="10.255.200.1/30" port protocol="tcp" port="3001" accept"

# 重新载入防火墙配置,使配置生效
firewall-cmd --reload
10、重启nginx服务

systemctl restart tengine
systemctl status tengine