接入HertzBeat(赫兹跳动),开源监控平台
前言
监控平台介绍
该监控平台可使用 docker 快速部署,可周期性监控各 API,数据库等状态,并提供比较完整的可视化功能。监控平台已经集成异常通知,方式包括 webhook、企微钉钉飞书通知机器人、邮件。这些功能已经完全满足我们的日常服务监控需求。
本文的目的是让开发者可以极速本地部署自己的监控平台服务,然后最好一次配置完不用再管它。
正文
快速使用
拉取镜像,创建本地目录,进入工作目录
docker pull tancloud/hertzbeat:v1.3.0
mkdir -p /home/service/hertzbeat/data /home/service/hertzbeat/logs
cd /home/service/hertzbeat
若需使用邮件发送告警,需替换application.yml里面的邮件服务器参数(可选,如果不需要邮件报警则不用修改文件内容)
vim application.yml
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
server:
port: 1157
spring:
application:
name: ${HOSTNAME:@hertzbeat@}${PID}
profiles:
active: prod
mvc:
static-path-pattern: /**
jackson:
default-property-inclusion: ALWAYS
web:
resources:
static-locations:
- classpath:/dist/
- classpath:../dist/
thymeleaf:
prefix: classpath:/templates/
check-template-location: true
cache: true
suffix: .html
mode: HTML
management:
health:
mail:
enabled: off
endpoints:
web:
exposure:
include:
- 'metrics'
- 'health'
- 'env'
enabled-by-default: on
sureness:
auths:
- digest
- basic
- jwt
jwt:
secret: 'CyaFv0bwq2Eik0jdrKUtsA6bx3sDJeFV643R
LnfKefTjsIfJLBa2YkhEqEGtcHDTNe4CU6+9
8tVt4bisXQ13rbN0oxhUZR73M6EByXIO+SV5
dKhaX0csgOCTlCxq20yhmUea6H6JIpSE2Rwp'
---
spring:
config:
activate:
on-profile: prod
datasource:
driver-class-name: org.h2.Driver
username: sa
password: 123456
url: jdbc:h2:./data/hertzbeat;MODE=MYSQL
hikari:
max-lifetime: 120000
jpa:
hibernate:
ddl-auto: update
# Not Require, Please config if you need email notify
# 非必填:不使用邮箱作为警告通知可以去掉spring.mail配置
mail:
# Attention: this is mail server address.
# 请注意此为邮件服务器地址:qq邮箱为 smtp.qq.com qq企业邮箱为 smtp.exmail.qq.com
host: smtp.qq.com
username: [email protected]
# Attention: this is not email account password, this requires an email authorization code
# 请注意此非邮箱账户密码 此需填写邮箱授权码
password: example
port: 465
default-encoding: UTF-8
properties:
mail:
smtp:
socketFactoryClass: javax.net.ssl.SSLSocketFactory
ssl:
enable: true
debug: false
warehouse:
store:
# store history metrics data, enable only one below
# 存储历史数据方式, 下方只能enabled启用一种方式
jpa:
enabled: true
expire-time: 1h
td-engine:
enabled: false
driver-class-name: com.taosdata.jdbc.rs.RestfulDriver
url: jdbc:TAOS-RS://localhost:6041/hertzbeat
username: root
password: taosdata
iot-db:
enabled: false
host: 127.0.0.1
rpc-port: 6667
username: root
password: root
# org.dromara.hertzbeat.warehouse.config.IotDbVersion: V_0_13 || V_1_0
version: V_0_13
query-timeout-in-ms: -1
# 数据存储时间:默认'7776000000'(90天,单位为毫秒,-1代表永不过期)
# data expire time, unit:ms, default '7776000000'(90 days, -1:never expire)
expire-time: '7776000000'
# store real-time metrics data, enable only one below
# 存储实时数据方式, 下方只能enabled启用一种方式
memory:
enabled: true
init-size: 1024
redis:
enabled: false
host: 127.0.0.1
port: 6379
password: 123456
alerter:
# custom console url
console-url: https://console.tancloud.cn
配置挂载的HertzBeat用户配置文件,自定义用户密码(可选)
HertzBeat默认内置三个用户账户,分别为 admin/hertzbeat tom/hertzbeat guest/hertzbeat
注意:虽然默认账户是可选,但启动后无法修改密码和创建用户,建议一定是修改密码,一般只用保留一个管理员账号!
vim sureness.yml
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## -- sureness.yml文本数据源 -- ##
# 加载到匹配字典的资源,也就是需要被保护的,设置了所支持角色访问的资源
# 没有配置的资源也默认被认证保护,但不鉴权
# eg: /api/v1/source1===get===[admin] 表示 /api/v2/host===post 这条资源支持 admin 这一种角色访问
# eg: /api/v1/source2===get===[] 表示 /api/v1/source2===get 这条资源不支持任何角色访问
resourceRole:
- /api/account/auth/refresh===post===[admin,user,guest]
- /api/apps/**===get===[admin,user,guest]
- /api/monitor/**===get===[admin,user,guest]
- /api/monitor/**===post===[admin,user]
- /api/monitor/**===put===[admin,user]
- /api/monitor/**===delete==[admin]
- /api/monitors/**===get===[admin,user,guest]
- /api/monitors/**===post===[admin,user]
- /api/monitors/**===put===[admin,user]
- /api/monitors/**===delete===[admin]
- /api/alert/**===get===[admin,user,guest]
- /api/alert/**===post===[admin,user]
- /api/alert/**===put===[admin,user]
- /api/alert/**===delete===[admin]
- /api/alerts/**===get===[admin,user,guest]
- /api/alerts/**===post===[admin,user]
- /api/alerts/**===put===[admin,user]
- /api/alerts/**===delete===[admin]
- /api/notice/**===get===[admin,user,guest]
- /api/notice/**===post===[admin,user]
- /api/notice/**===put===[admin,user]
- /api/notice/**===delete===[admin]
- /api/tag/**===get===[admin,user,guest]
- /api/tag/**===post===[admin,user]
- /api/tag/**===put===[admin,user]
- /api/tag/**===delete===[admin]
- /api/summary/**===get===[admin,user,guest]
- /api/summary/**===post===[admin,user]
- /api/summary/**===put===[admin,user]
- /api/summary/**===delete===[admin]
# 需要被过滤保护的资源,不认证鉴权直接访问
# /api/v1/source3===get 表示 /api/v1/source3===get 可以被任何人访问 无需登录认证鉴权
excludedResource:
- /api/account/auth/**===*
- /api/i18n/**===get
- /api/apps/hierarchy===get
- /actuator/**===get
# web ui 前端静态资源
- /===get
- /dashboard/**===get
- /monitors/**===get
- /alert/**===get
- /account/**===get
- /setting/**===get
- /passport/**===get
- /**/*.html===get
- /**/*.js===get
- /**/*.css===get
- /**/*.ico===get
- /**/*.ttf===get
- /**/*.png===get
- /**/*.gif===get
- /**/*.jpg===get
- /**/*.svg===get
- /**/*.json===get
# swagger ui 资源
- /swagger-resources/**===get
- /v2/api-docs===get
- /v3/api-docs===get
# h2 database
- /h2-console/**===*
# 用户账户信息
# 下面有 admin tom lili 三个账户
# eg: admin 拥有[admin,user]角色,密码为hertzbeat
# eg: tom 拥有[user],密码为hertzbeat
# eg: lili 拥有[guest],明文密码为lili, 加盐密码为1A676730B0C7F54654B0E09184448289
account:
- appId: admin
credential: hertzbeat
role: [admin,user]
- appId: tom
credential: hertzbeat
role: [user]
- appId: guest
credential: hertzbeat
role: [guest]
- appId: lili
# 注意 Digest认证不支持加盐加密的密码账户
# 加盐加密的密码,通过 MD5(password+salt)计算
# 此账户的原始密码为 lili
credential: 1A676730B0C7F54654B0E09184448289
salt: 123
role: [guest]
启动 docker
稍等片刻即可访问 1157 端口查看可视化界面
docker run -d -p 1157:1157 \
-e LANG=zh_CN.UTF-8 \
-e TZ=Asia/Shanghai \
-v /home/service/hertzbeat/data:/opt/hertzbeat/data \
-v /home/service/hertzbeat/logs:/opt/hertzbeat/logs \
-v /home/service/hertzbeat/application.yml:/opt/hertzbeat/config/application.yml \
-v /home/service/hertzbeat/sureness.yml:/opt/hertzbeat/config/sureness.yml \
--restart=always \
--name hertzbeat tancloud/hertzbeat:v1.3.0
后记
监控平台已经集成异常通知,方式包括 webhook、企微钉钉飞书通知机器人、邮件。这些功能已经完全满足我们的日常服务监控需求。服务基于 Spring Boot,实测使用大约占用内存 500M 左右。整体使用体验很不错,部署可以在 10 分钟极速完成,欢迎交流。