DevOps

Ferro's Gitbook
Github Docker Hub
Search…
Introduction
DevOps
​Monitoring​
​InfluxDB Telegraf​
​Grafana Promtail​
​prometheus​
​exporters​
​Zabbix - C/PHP/JAVA​
​server - Docker​
​agent​
​Nagios - C​
​Docker​
​Elastic​
​Beats - Go​
​Cacti - PHP​
​alert​
​TICK stack​
​Pandora FMS - PHP/Perl​
​open-falcon - Go + Python Flask​
​Munin - Perl/Shell​
​netdata - C/Python/JS/Shell​
​Management​
​Fabric - Python library​
​invoke - Python library​
​Ansible - Python​
​Puppet - Ruby​
​Chef - Ruby​
​SaltStack - Python​
​CI​
​Jenkins - JAVA​
​Travis - Ruby/JS​
​SNMP​
Monitoring
​https://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems​
InfluxDB Telegraf
​https://www.influxdata.com/blog/getting-started-with-influxdb-2-0-scraping-metrics-running-telegraf-querying-data-and-writing-data/​
Grafana Promtail
​https://grafana.com/docs/loki/latest/clients/promtail/
loki​
prometheus
​https://github.com/prometheus/prometheus#prometheus​
1
docker run --name prometheus -d -p 127.0.0.1:9090:9090 prom/prometheus
Copied!
exporters
​https://prometheus.io/docs/instrumenting/exporters/​
​https://github.com/prometheus/node_exporter​
1
docker run -d
2
--net="host" \
3
--pid="host" \
4
-v "/:/host:ro,rslave" \
5
quay.io/prometheus/node-exporter \
6
--path.rootfs=/host
Copied!
Zabbix - C/PHP/JAVA
​https://github.com/zabbix/zabbix​
server - Docker
​https://www.zabbix.com/documentation/4.0/manual/installation/containers​
1
docker run --name zabbix-appliance -t \
2
    -p 10051:10051 \
3
    -p 8083:80 \
4
    -d zabbix/zabbix-appliance:latest
5
# Default login: Admin/zabbix
Copied!
agent
1
Active : zabbix_agentd: active checks ->  zabbix_server: trapper  :10051  
2
    ServerActive=
3
​
4
Passive: zabbix_server: poller        ->  zabbix_agentd: listener :10050\
5
    Server=
6
​
7
# Windows agent, run under admininstrator cmd
8
zabbix_agentd.exe --config zabbix_agentd.win.conf --install
9
​
10
# Debian/Ubuntu
11
apt install zabbix-agent
12
service zabbix-agent start
Copied!
Nagios - C
​https://github.com/NagiosEnterprises/nagioscore
https://github.com/centreon/centreon
https://github.com/NagVis/nagvis​
Docker
​https://hub.docker.com/r/jasonrivers/nagios/​
1
docker run --name nagios4 --rm -it -p 0.0.0.0:8082:80 jasonrivers/nagios:latest
2
​
3
docker cp nagios4:/opt/nagios/etc ./nagios/etc
4
docker cp nagios4:/opt/nagios/var ./nagios/var
5
docker cp nagios4:/opt/nagiosgraph/etc ./nagios/graph_etc
6
docker cp nagios4:/opt/nagiosgraph/var ./nagios/graph_var
7
​
8
docker run --name nagios4  \
9
-d --restart unless-stopped \
10
-v $PWD/nagios/etc/:/opt/nagios/etc/ \
11
-v $PWD/nagios/var:/opt/nagios/var/ \
12
-v $PWD/nagios/graph_etc:/opt/nagiosgraph/etc \
13
-v $PWD/nagios/graph_var:/opt/nagiosgraph/var \
14
-v $PWD/nagios/custom-plugins:/opt/Custom-Nagios-Plugins \
15
-p 8082:80 jasonrivers/nagios:latest
16
​
17
docker exec -it nagios4 htpasswd /opt/nagios/etc/htpasswd.users nagiosadmin 
18
docker exec -it nagios4 cat /opt/nagios/etc/objects/contacts.cfg
19
docker exec -it nagios4 grep ^cfg_ /opt/nagios/etc/nagios.cfg
20
docker restart nagios4 && docker logs nagios4
21
​
22
# nrpe
23
NAGIOS_SERVER=1.2.3.4
24
docker run -d --restart unless-stopped \
25
    -v /:/rootfs:ro -v /var/run:/var/run:rw -v /sys:/sys:ro \
26
    -v /var/lib/docker/:/var/lib/docker:ro \
27
    --privileged --net=host --ipc=host --pid=host \
28
    -e NAGIOS_SERVER="$NAGIOS_SERVER" \
29
    --name nagios_nrpe \
30
    mikenowak/nrpe
Copied!
Elastic
Beats - Go
​https://www.elastic.co/products/beats
https://github.com/elastic/beats​
1
Filebeat    Log Files Beats
2
Metricbeat  Metrics Beats
3
Packetbeat  Network Data Beats
4
Winlogbeat  Windows Event Logs Beats
5
Auditbeat   Audit Data Beats
6
Heartbeat   Uptime Monitoring
Copied!
Cacti - PHP
​https://github.com/Cacti/cacti​
​https://hub.docker.com/r/smcline06/cacti​
1
docker pull smcline06/cacti:latest
Copied!
alert
​https://github.com/Yelp/elastalert https://github.com/sirensolutions/sentinl​
​https://sematext.com/blog/x-pack-alternatives/​
TICK stack
​https://gist.github.com/travisjeffery/43f424fbd7ac677adbba304cef6eb58f​
Component
Role
Telegraf
Data collector
InfluxDB
Stores data
Chronograf
Visualizer
Kapacitor
Alerter
Pandora FMS - PHP/Perl
​https://github.com/pandorafms/pandorafms#screenshots​
1
# Auto docker
2
curl -sSL http://pandorafms.org/getpandora  | sh  # Auto, or manually below
3
​
4
# Manually
5
docker run \
6
    --name pandora-mysql \
7
    -e MYSQL_ROOT_PASSWORD=AVeryStrongRootPassword \
8
    -e MYSQL_DATABASE=pandora \
9
    -e MYSQL_USER=pandora \
10
    -e MYSQL_PASSWORD=pandora
11
    -d pandorafms/pandorafms-mysql:6
12
​
13
docker run -p 41121:41121 \
14
    --link pandora-mysql:mysql \
15
    -d pandorafms/pandorafms-server:6
16
​
17
docker run \
18
    -p 80:80 -p 8022:8022 -p 8023:8023 \
19
    --link pandora-mysql:mysql \
20
    -d pandorafms/pandorafms-console:6
21
​
22
apt install -y pandorafms-agent
Copied!
open-falcon - Go + Python Flask
​https://github.com/open-falcon/falcon-plus/tree/master/docker
v0.3: May 30, 2019
​https://github.com/open-falcon/falcon-plus/blob/master/docker/README.md​
Munin - Perl/Shell
networked resource monitoring tool
http://munin-monitoring.org/
http://guide.munin-monitoring.org/en/latest/tutorial/index.html​
netdata - C/Python/JS/Shell
​https://github.com/firehol/netdata (with screenshots)
https://github.com/firehol/netdata/wiki/Installation​
1
bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh) 
Copied!
Management
Fabric - Python library
​https://github.com/fabric/fabric
Fabric is a high level Python (2.7, 3.4+) library designed to execute shell commands remotely over SSH, yielding useful Python objects in return.
Fabric (1.x and earlier) was a hybrid project implementing two feature sets: task execution (organization of task functions, execution of them via CLI, and local shell commands) and high level SSH actions (organization of servers/hosts, remote shell commands, and file transfer).
invoke - Python library
​https://github.com/pyinvoke/invoke
When planning Fabric 2.x, having the “local” feature set as a standalone library made sense, and it seemed plausible to design the SSH component as a separate layer above. Thus, Invoke was created to focus exclusively on local and abstract concerns, leaving Fabric 2.x concerned only with servers and network commands.
Ansible - Python
​https://github.com/fzinfz/ansible​
Puppet - Ruby
​https://hub.docker.com/u/puppet/
https://puppet.com/products/why-puppet/puppet-enterprise-and-open-source-puppet​
Chef - Ruby
​https://hub.docker.com/r/chef/chef/​
SaltStack - Python
​https://github.com/saltstack/salt
https://hub.docker.com/r/saltstack/​
Agentless: https://docs.saltstack.com/en/latest/topics/ssh/index.html​
CI
Jenkins - JAVA
​https://github.com/jenkinsci/jenkins 
​
​https://github.com/jenkinsci/docker/blob/master/README.md#usage​
1
docker run -d -p 8089:8080 -p 50000:50000 jenkins/jenkins:lts
2
docker exec jenkins cat /var/jenkins_home/secrets/initialAdminPassword
3
​
4
docker run jenkins/jnlp-slave -url http://jenkins-server:port <secret> <agent name>
Copied!
​https://wiki.jenkins.io/pages/viewpage.action?pageId=75893612​
1
Open a browser on the slave machine and go to the Jenkins master server url (http://yourjenkinsmaster:8080).
2
Go to Manage Jenkins > Manage Nodes, Click on the newly created slave machine. You will need to login as someone that has the "Connect" Slave permission if you have configured global security.
3
Click on the Launch button to launch agent from browser on slave.
Copied!
run on all nodes: elastic-axis
Travis - Ruby/JS
​https://github.com/travis-ci/travis-ci​
SNMP
​https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol​
v1: Authentication of clients is performed only by a "community string", in effect a type of password, which is transmitted in cleartext.
v2c comprises SNMPv2 without the controversial new SNMP v2 security model, using instead the simple community-based security scheme of SNMPv1. incompatible with SNMPv1 in two key areas: message formats and protocol operations.
v2u: greater security than SNMPv1, but without incurring the high complexity of SNMPv2.
v3 primarily added security and remote configuration enhancements to SNMP.
the agent connects to the server on port 162
port 161 on the agent side is used for queries
Could not load image
Oracle
Multimedia
Last modified 1yr ago