如何使用rabbitmq配置sensu服务器?

tag-icon tag-icon ubuntu rabbitmq sensu
如何使用rabbitmq配置sensu服务器?

出于实用目的,我想将两者安装sensu-server在单个节点(ubuntu 14.04)上。sensu-client当我用作redis交通工具时,它工作正常。但是当我尝试配置rabbitmq为传输时,它给了我错误。我的配置结构是:

├── conf.d
│   ├── api.json
│   ├── check_apache.json
│   ├── client.json
│   ├── default_handler.json
│   ├── rabbitmq.json
│   ├── redis.json
│   └── transport.json
├── config.json.example
├── dashboard.d
├── extensions
├── plugins
│   └── check-apache.rb
├── ssl
│   ├── cert.pem
│   └── key.pem
└── uchiwa.json

/etc/sensu/uchiwa.json

{
    "sensu": [
        {
            "name": "Sensu",
            "host": "localhost",
            "ssl": false,
            "port": 4567,
            "path": "",
            "timeout": 5000
        }
    ],
    "uchiwa": {
        "port": 3000,
        "stats": 10,
        "refresh": 10000
    }
}

/etc/sensu/conf.d/api.json

{
    "api": {
        "host": "localhost",
        "port": 4567
    }
}

/etc/sensu/conf.d/client.json

{
    "client": {
        "name": "server",
        "address": "localhost",
        "subscriptions": [ "ALL" ]
    }
}

/etc/sensu/conf.d/rabbitmq.json

{
    "rabbitmq": {
        "host": "127.0.0.1",
        "port": 5671,
        "vhost": "/sensu",
        "user": "sensu",
        "password": "pass",
        "heartbeat": 30,
        "prefetch": 50,
        "ssl": {
            "cert_chain_file": "/etc/sensu/ssl/cert.pem",
            "private_key_file": "/etc/sensu/ssl/key.pem"
        }
    }
}

/etc/sensu/conf.d/redis.json

{
    "redis": {
        "host": "localhost",
        "port": 6379
    }
}

/etc/sensu/conf.d/transport.json

{
    "transport": {
        "name": "rabbitmq",
        "reconnect_on_error": true
    }
}

当我replcerabbitmq到文件redis中时transport.json,我的设置工作正常,但在rabbitmq的情况下它不起作用。在日志中我们收到此错误,但配置文件中提供的用户名和密码是正确的。

{"timestamp":"2017-03-21T18:44:28.167638+0000","level":"warn","message":"transport connection error","reason":"possible authentication failure. wrong credentials?","user":"sensu"}

答案1

我遇到了同样的问题,并且花了早上的大部分时间来解决它。使用 RabbitMQ 的 SSL 证书作为传输时会出现此问题。

1)没有SSL:可以通过以下配置文件config.json(/etc/sensu)通过RabbitMQ实现传输

{
  "rabbitmq": {
    "host": "172.19.4.81",
    "port": 5671,
    "vhost": "/sensu",
    "user": "sensu",
    "password": "secret"
  },
 "transport": {
    "name": "rabbitmq",
    "reconnect_on_error": true
  },
  "api": {
    "host": "localhost",
    "bind": "0.0.0.0",
    "port": 4567
  },
"checks": {
    "check_http": {
      "type": "metric",
      "command": "/usr/lib64/nagios/plugins/check_http -I 127.0.0.1",
      "interval": 40,
      "standalone": true,
    }
  },
  "client": {
    "subscriptions": [
      "production"
    ]
  }
}

这可以分为不同的文件并存储在/etc/sensu/conf.d中。 Sensu 加载conf.d 和config.json 中存在的所有文件。所以位置并不重要。它非常适合我,因为所有配置都集中在一处。

2) 使用 SSL:问题的确切原因可能位于 /var/log/rabbitmq。然而,对于我的情况来说,它表明

RABBITMQ ERROR LOG :
** Reason for termination =
** {function_clause,[{tls_v1,enum_to_oid,
[28],
[{file,"tls_v1.erl"},{line,404}]},
{ssl_handshake,'-dec_hello_extensions/2-blc$^1/1-0-',1,
[{file,"ssl_handshake.erl"},{line,1653}]},
{ssl_handshake,'-dec_hello_extensions/2-blc$^1/1-0-',1,
[{file,"ssl_handshake.erl"},{line,1653}]},
{ssl_handshake,dec_hello_extensions,2,
[{file,"ssl_handshake.erl"},{line,1653}]},
{tls_handshake,decode_handshake,3,
[{file,"tls_handshake.erl"},{line,182}]},
{tls_handshake,get_tls_handshake_aux,3,
[{file,"tls_handshake.erl"},{line,153}]},
{tls_connection,next_state,4,
[{file,"tls_connection.erl"},{line,454}]},
{gen_fsm,handle_msg,7,
[{file,"gen_fsm.erl"},{line,505}]}]}

解决方案升级到 Erlang >= 17.5。如上所述这里以及 DevOps 门户中。

epel存储库提供的erlang版本是R16B03,最好删除并升级它。由于由于某种原因没有安装 Erlang 解决方案存储库中的 Erlang,因此我采用了 Rabbitmq 提供的用于 RabbitMQ 的零依赖 Erlang RPM。二郎回购协议并按照sensu所述配置ssl。(下载ssl证书,在rabbitmq和sensu配置文件中提供准确的路径)

A。 SSL 证书 下载地址

wget http://sensuapp.org/docs/1.0/files/sensu_ssl_tool.tar
tar -xvf sensu_ssl_tool.tar

使用 Sensu SSL 工具生成 OpenSSL 证书颁发机构和自签名证书:

cd sensu_ssl_tool
./ssl_certs.sh generate

b.将这些证书放入 Rabbitmq 可以找到的目录中。

mkdir /etc/rabbitmq/ssl
cp server_key.pem /etc/rabbitmq/ssl/
cp server_cert.pem /etc/rabbitmq/ssl/
cp testca/cacert.pem /etc/rabbitmq/ssl/

RabbitMQ 配置文件(如果不存在)可以在 /etc/rabbitmq 中创建为

/etc/rabbitmq/rabbitmq.conf
[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/cacert.pem"},
                    {certfile,"/etc/rabbitmq/ssl/cert.pem"},
                    {keyfile,"/etc/rabbitmq/ssl/key.pem"},
                    {versions, ['tlsv1.2']},
                    {ciphers,  [{rsa,aes_256_cbc,sha256}]},
                    {verify,verify_peer},   
                    {fail_if_no_peer_cert,false}]}
   ]}
].

现在,无论安装 sensu 组件(客户端、api、服务器),/etc/sensu/ssl 文件夹都应该包含 client/key.pem 和 client/cert.pem

cp client/key.pem client/cert.pem  /etc/sensu/ssl/

现在,这些文件夹应该在 sensu 配置文件中提及。

/etc/sensu/config.json
{
  "rabbitmq": {
    "host": "172.19.4.81",
    "port": 5672,
    "vhost": "/sensu",
    "user": "sensu",
    "password": "secret",
    "ssl": {
       "cert_chain_file": "/etc/sensu/ssl/cert.pem",
       "private_key_file": "/etc/sensu/ssl/key.pem"
     }
  },
  "transport": {
    "name": "rabbitmq",
    "reconnect_on_error": true
  },
  "api": {
    "host": "localhost",
    "bind": "0.0.0.0",
    "port": 4567
  },
"client": {
    "subscriptions": [
      "production"
    ]
  }
}

rabbitmq 的默认端口是 5671,而 ssl 的默认端口是 5672。

相关内容