1. 概要
随着grafana使用人越来越多,单点存在宕机风险,为了提高稳定性,搭建Grafana集群,并预留后期扩容空间,如新增节点则不需要对现有架构做大量修改。
2. 服务器环境
| 类型 | Hostname | IP | 服务 |
|---|---|---|---|
| CVM | grafana01 | 10.5.0.10 | grafana7.3.6 |
| CVM | grafana02 | 10.5.0.5 | grafana7.3.6 |
| CLB | web01-ops | 10.5.0.5 | CLB |
| CDB | web01-ops | 10.5.0.15 | MySQL5.7 |
3. Grafana 安装
grafana01与grafana02 均需安装
sudo apt-get install -y adduser libfontconfig1
wget https://dl.grafana.com/oss/release/grafana_7.3.6_amd64.deb
sudo dpkg -i grafana_7.3.7_amd64.deb4. Grafana 配置
grafana01与grafana02 均需配置
4.1 配置开机自启
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable grafana-server4.2 配置数据与日志存储目录
将数据存储目录/日志目录/插件目录修改到/data 下,编辑 /etc/grafana/grafana.ini 配置,修改如下参数:
[paths]
data = /data/grafana
logs = /data/logs/grafana
plugins = /data/grafana/plugins创建目录
mkdir -p /data/grafana
mkdir -p /data/logs/grafana
mkdir -p /data/grafana/plugins
chown -R grafana:grafana /data/grafana
chown -R grafana:grafana /data/logs4.3 修改默认存储数据源
Grafana默认数据库为Sqlite3,如做grafana机群不适合多个节点读写,并且数据安全存在风险,需要将Sqlite3数据源修改为MySQL,编辑 /etc/grafana/grafana.ini 配置,修改如下参数:
[database]
type = mysql
host = 10.5.0.15:3306
name = grafana
user = grafana
password = "xxxxxxxx"grafana 数据库需要提前在MySQL创建,如无该库启动则会报错。
4.4 修改Session存储配置
grafana 默认session存储到本地,如集群则需要将session存储到MySQL,编辑 /etc/grafana/grafana.ini 配置,修改如下参数:
[remote_cache]
type = database
connstr = grafana:xxxxx@tcp(10.5.0.15:3306)/grafana4.5 开启LDAP
编辑 /etc/grafana/grafana.ini 配置,修改如下参数:
[auth.ldap]
enabled = true
config_file = /etc/grafana/ldap.toml
allow_sign_up = trueLDAP连接信息在 /etc/grafana/ldap.toml 配置文件中4.6 配置LDAP
参考以下/etc/grafana/ldap.toml配置文件信息:
# To troubleshoot and get more log info enable ldap debug logging in grafana.ini
# [log]
# filters = ldap:debug
[[servers]]
# Ldap server host (specify multiple hosts space separated)
host = "xxxxxx"
# Default port is 389 or 636 if use_ssl = true
port = 389
# Set to true if ldap server supports TLS
use_ssl = false
# Set to true if connect ldap server with STARTTLS pattern (create connection in insecure, then upgrade to secure connection with TLS)
start_tls = false
# set to true if you want to skip ssl cert validation
ssl_skip_verify = false
# set to the path to your root CA certificate or leave unset to use system defaults
# root_ca_cert = "/path/to/certificate.crt"
# Authentication against LDAP servers requiring client certificates
# client_cert = "/path/to/client.crt"
# client_key = "/path/to/client.key"
# Search user bind dn
bind_dn = "cn=xxx,dc=xxx,dc=com"
# Search user bind password
# If the password contains # or ; you have to wrap it with triple quotes. Ex """#password;"""
bind_password = 'xxx'
# User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
search_filter = "(uid=%s)"
# An array of base dns to search through
search_base_dns = ["dc=xxx,dc=com"]
## For Posix or LDAP setups that does not support member_of attribute you can define the below settings
## Please check grafana LDAP docs for examples
# group_search_filter = "(&(objectClass=posixGroup)(memberUid=%s))"
# group_search_base_dns = ["ou=groups,dc=grafana,dc=org"]
# group_search_filter_user_attribute = "uid"
# Specify names of the ldap attributes your ldap uses
[servers.attributes]
name = "cn"
username = "uid"
member_of = "memberOf"
email = "mail"4.7 启动 Grafana
systemctl start grafana-server查看日志是否有异常情况,采用本地账号与LDAP账号分别登陆测试。
5. CLB 配置
将域名和SSL证书配置到CLB实例,配置80转443,并将两台Grafana挂载到CLB下即可完成配置。
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。