从ingress-nginx官方代码中的expoter迁移出来 用来监控虚拟机上的nginx的expoter
基于官方 controller-v0.49.3 版本移植的代码
nginx_socket 通过lua模块monitor.lua 将nginx log 以json格式发到 /tmp/prometheus-nginx.socket, nginx_exporter 通过这个socket获得数据并组装成metrics。
nginx_process 通过采集 /proc/PID/ 目录下面的数据,监控cpu、memory、IO ;
nginx_status 通过 http_stub_status_module 模块采集nginx的连接数据,nginx编译时要加上 --with-http_stub_status_module; 配置文件要加上
#监控使用端口 server { listen 8021; location /stub_status{ stub_status on; access_log off; allow 127.0.0.1; # deny all; } } nginx_certificate 证书监控模块,待完成
1) nginx 必须要编译有lua模块
2) lua 必须要有 cjson 模块
yum install gcc -y cd /usr/local/src/ wget --no-check-certificate https://luajit.org/download/LuaJIT-2.0.5.zip unzip LuaJIT-2.0.5.zip cd LuaJIT-2.0.5/ make install PREFIX=/usr/local/luajit cd /usr/local/src/ wget --no-check-certificate https://kyne.com.au/~mark/software/download/lua-cjson-2.1.0.zip unzip lua-cjson-2.1.0.zip cd lua-cjson-2.1.0/ # 这里要修改makefile文件,不然编译报错 sed -i 's#^LUA_INCLUDE_DIR = .*#LUA_INCLUDE_DIR = /usr/local/src/LuaJIT-2.0.5/src#' Makefile make && make install -
将Lua脚本copy到 /data/nginx/lua 目录(这个目录可以自己定义,和nginx配置文件一致就行);
-
修改nginx的http模块配置,新增如下配置
http { # lua脚本的目录路径 lua_package_path "/data/nginx/lua/?.lua;;"; init_by_lua_block { collectgarbage("collect") -- init modules local ok, res ok, res = pcall(require, "monitor") if not ok then error("require failed: " .. tostring(res)) else monitor = res end ok, res = pcall(require, "plugins") if not ok then error("require failed: " .. tostring(res)) else plugins = res end -- load all plugins that'll be used here plugins.init({ }) } init_worker_by_lua_block { monitor.init_worker(10000) plugins.run() } log_by_lua_block { monitor.call() plugins.run() } ...... } - 启动nginx_exproter
# 编译ngx_exporter git clone https://gitee.com/xianglinzeng/nginx_exporter.git cd nginx_exporte go mod tidy go build -o nginx_exporter # nginx_exporter 参数 # -port 指定启动端口,默认9123端口 # -v 指定日志级别 1 2 3 4 5 越高日志越详细,默认是2,不指定也行,调试使用5 # -statuspath string # http_stub_status_module 模块的监听路径,默认/stub_status (default "/stub_status") # -statusport string # http_stub_status_module 模块的监听端口,默认8021 (default "8021") ./nginx_exporter -port=9999 -v=5 # 使用systemd管理 mkdir /opt/nginx_exporter cp nginx_exporter /opt/nginx_exporter cat <<EOF > /usr/lib/systemd/system/nginx_exporter.service [Unit] Description=nginx_exporter After=network.target [Service] User=root Group=root Type=simple ExecStart=/opt/nginx_exporter/nginx_exporter -port=9123 -v=2 Restart=on-failure [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl daemon-reload systemctl restart nginx_exporter systemctl status nginx_exporter.service systemctl enable nginx_exporter curl localhost:9123/metrics- 使用ServiceMonitor添加到prometheus-opertor
--- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: labels: prometheus: k8s k8s-apps: nginx-exporter name: nginx-exporter-sm namespace: monitoring spec: endpoints: - port: metrics interval: 10s Scheme: http path: /metrics jobLabel: k8s-app selector: matchLabels: metrics: nginx-exporter --- apiVersion: v1 kind: Service metadata: labels: # ServiceMonitor 自动发现的关键label metrics: nginx-exporter name: nginx-exporter namespace: monitoring spec: ports: - name: metrics #对应 ServiceMonitor 中spec.endpoints.port port: 9123 targetPort: 9123 --- apiVersion: v1 kind: Endpoints metadata: name: nginx-exporter namespace: monitoring labels: metrics: nginx-exporter subsets: - addresses: - ip: 172.20.4.117 ports: - name: metrics port: 9123 protocol: TCP | 报警名称 | 表达式 | 采集数据时间(分钟) | 报警触发条件 |
|---|---|---|---|
| NginxHighHttp4xxErrorRate | sum(rate(nginx_http_requests_total{status=~"^4.."}[1m])) / sum(rate(nginx_http_requests_total[1m])) * 100 > 5 | 5 | HTTP 4xx错误率过高。 |
| NginxHighHttp5xxErrorRate | sum(rate(nginx_http_requests_total{status=~"^5.."}[1m])) / sum(rate(nginx_http_requests_total[1m])) * 100 > 5 | 5 | HTTP 5xx错误率过高。 |
| NginxLatencyHigh | histogram_quantile(0.99, sum(rate(nginx_http_request_duration_seconds_bucket[10m])) by (host, node)) > 10 | 5 | 延迟过高。 |
grafana的dashboard在grafana目录,预览如下:
