Difference between revisions of "JDunphy-Grafana"

m (WARNING)
m (WARNING)
 
(No difference)

Latest revision as of 17:42, 7 July 2019



template

Grafana - Monitoring your Zimbra Server

   KB 23866        Last updated on 2019-07-7  




0.00
(0 votes)


WARNING

This is a work in progress. It probably will not work as presented here as I am still creating this wiki entry from my notes

Introduction

My extended process for creating a central grafana server by using telegraf with input.logparser and input.tail vs input.exec to parse zimbra statistics. The communication is done via https with a letsencrypt certificate. The grafana page contains pull-downs for each server. The benefit of parsing the data via a tail or via logparser in contrast to input.exec is that you don't re-read the entire log file during your sampling period which reduces the overhead substantially for large log files. Sample screenshot:


Screenshot-grafana-2019.07.07-09-43-46.png Original Idea from: https://forums.zimbra.org/viewtopic.php?f=15&t=62521

Configuration

Each zimbra host runs telegraf which parses the local logs and sends that data to an influxdb at a central server over an encrypted http session. Grafana also running on that central server is the user interface and uses that influxdb as an input source. In addition to encryption, the influxdb is user/password protected.

  • telegraf.conf on each zimbra host
[[outputs.influxdb]]
  urls = ["https://grafana.example.com:8086]
  ## HTTP Basic Auth
  username = "AddName"
  password = "AddPassword"
  • influxdb on central server /etc/influxdb/influxdb.conf
[http]
https-enabled = true
auth-enabled = true
https-certificate = /etc/grafana/certs/fullchain.cer
https-private-key = /etc/grafana/certs/certkey.key

From the command line, set password, username

% influx -username 'AddName' -password 'AddPassword'
  • grafana on central server /etc/grafana/grafana.ini
[server]
protocol = https
cert_file = /etc/grafana/certs/fullchain.cer
cert_key =  /etc/grafana/certs/certkey.key
  • generate and install the certs
% ./acme.sh --issue --dns dns_cf  -d grafana.example.com -d influxdb.example.com 
% ./acme.sh --deploy --deploy-hook grafana -d grafana.example.com

where the deploy hook called grafana.sh is:

#!/bin/bash

#Here is a script to deploy cert to grafana server. RHEL 6 specific

#returns 0 means success, otherwise error.

########  Public functions #####################

#domain keyfile certfile cafile fullchain
grafana_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"

  _debug _cdomain "$_cdomain"
  _debug _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"

  logger -p local2.info NETWORK "Certificate has been Renewed for $_cdomain"
  cp -f "$_ckey" /etc/grafana/certs/certkey.key
  cp -f "$_ccert" /etc/grafana/certs/fullchain.cer
  # needs entry /etc/sudoers.d/
  # %thisuser ALL=NOPASSWD:/etc/init.d/grafana-server
  sudo /etc/init.d/grafana-server restart

  return 0

}


Notes

  • TCP port 8086 used for client-server communication over InfluxDB's HTTP API
  • TCP port 8088 used for RPC service for backup and restore

References

Jump to: navigation, search