Compare commits
1 Commits
fea#ssl
...
fix#TD-con
| Author | SHA1 | Date | |
|---|---|---|---|
|
d59f38003d |
@@ -138,8 +138,7 @@ HertzBeat赫兹跳动为 [Dromara开源社区](https://dromara.org/) 孵化项
|
||||
|
||||
##### 赞助
|
||||
|
||||
感谢[吉实信息(构建全新的微波+光交易网络)](https://www.flarespeed.com) 赞助服务器采集节点
|
||||
感谢[天上云计算(全新智慧上云)](https://www.tsyvps.com/aff/BZBEGYLX) 赞助服务器采集节点
|
||||
感谢[吉实信息(构建全新的微波+光交易网络)](https://www.flarespeed.com)赞助服务器采集节点
|
||||
|
||||
## 🛡️ License
|
||||
[`Apache License, Version 2.0`](https://www.apache.org/licenses/LICENSE-2.0.html)
|
||||
|
||||
@@ -17,9 +17,7 @@ import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateExpiredException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Date;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
/**
|
||||
@@ -77,18 +75,7 @@ public class CommonHttpClient {
|
||||
@Override
|
||||
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }
|
||||
@Override
|
||||
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
|
||||
// 判断服务器证书有效期时间
|
||||
Date now = new Date();
|
||||
if (x509Certificates != null && x509Certificates.length > 0) {
|
||||
for (X509Certificate certificate : x509Certificates) {
|
||||
Date deadline = certificate.getNotAfter();
|
||||
if (deadline != null && now.after(deadline)) {
|
||||
throw new CertificateExpiredException();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { }
|
||||
@Override
|
||||
public X509Certificate[] getAcceptedIssuers() { return null; }
|
||||
};
|
||||
|
||||
@@ -2,9 +2,6 @@ package com.usthe.collector.collect.common.ssh;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.sshd.client.SshClient;
|
||||
import org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier;
|
||||
import org.apache.sshd.common.PropertyResolverUtils;
|
||||
import org.apache.sshd.core.CoreModuleProperties;
|
||||
|
||||
/**
|
||||
* ssh公共client
|
||||
@@ -19,14 +16,6 @@ public class CommonSshClient {
|
||||
|
||||
static {
|
||||
sshClient = SshClient.setUpDefaultClient();
|
||||
// 接受所有服务端公钥校验,会打印warn日志 Server at {} presented unverified {} key: {}
|
||||
AcceptAllServerKeyVerifier verifier = AcceptAllServerKeyVerifier.INSTANCE;
|
||||
sshClient.setServerKeyVerifier(verifier);
|
||||
// 设置链接保活心跳10000毫秒一次, 客户端等待保活心跳超时响应时间3000毫秒
|
||||
PropertyResolverUtils.updateProperty(
|
||||
sshClient, CoreModuleProperties.HEARTBEAT_INTERVAL.getName(), 10000);
|
||||
PropertyResolverUtils.updateProperty(
|
||||
sshClient, CoreModuleProperties.HEARTBEAT_REPLY_WAIT.getName(), 3000);
|
||||
sshClient.start();
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,6 @@ import com.usthe.collector.collect.common.cache.CacheIdentifier;
|
||||
import com.usthe.collector.collect.common.cache.CommonCache;
|
||||
import com.usthe.collector.collect.common.ssh.CommonSshClient;
|
||||
import com.usthe.collector.util.CollectorConstants;
|
||||
import com.usthe.collector.util.KeyPairUtil;
|
||||
import com.usthe.common.entity.job.Metrics;
|
||||
import com.usthe.common.entity.job.protocol.SshProtocol;
|
||||
import com.usthe.common.entity.message.CollectRep;
|
||||
@@ -20,7 +19,6 @@ import org.springframework.util.StringUtils;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.net.ConnectException;
|
||||
import java.security.KeyPair;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
@@ -58,8 +56,8 @@ public class SshCollectImpl extends AbstractCollect {
|
||||
return;
|
||||
}
|
||||
SshProtocol sshProtocol = metrics.getSsh();
|
||||
// 超时时间默认6000毫秒
|
||||
int timeout = 6000;
|
||||
// 超时时间默认300毫秒
|
||||
int timeout = 3000;
|
||||
try {
|
||||
timeout = Integer.parseInt(sshProtocol.getTimeout());
|
||||
} catch (Exception e) {
|
||||
@@ -183,13 +181,6 @@ public class SshCollectImpl extends AbstractCollect {
|
||||
.verify(timeout, TimeUnit.MILLISECONDS).getSession();
|
||||
if (StringUtils.hasText(sshProtocol.getPassword())) {
|
||||
clientSession.addPasswordIdentity(sshProtocol.getPassword());
|
||||
} else if (StringUtils.hasText(sshProtocol.getPublicKey())) {
|
||||
KeyPair keyPair = KeyPairUtil.getKeyPairFromPublicKey(sshProtocol.getPublicKey());
|
||||
if (keyPair != null) {
|
||||
clientSession.addPublicKeyIdentity(keyPair);
|
||||
}
|
||||
} else {
|
||||
throw new IllegalArgumentException("需填写账户登陆密码或公钥");
|
||||
}
|
||||
// 进行认证
|
||||
if (!clientSession.auth().verify(timeout, TimeUnit.MILLISECONDS).isSuccess()) {
|
||||
|
||||
@@ -1,48 +0,0 @@
|
||||
package com.usthe.collector.util;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import sun.misc.BASE64Decoder;
|
||||
|
||||
import java.security.KeyFactory;
|
||||
import java.security.KeyPair;
|
||||
import java.security.PublicKey;
|
||||
import java.security.spec.X509EncodedKeySpec;
|
||||
|
||||
/**
|
||||
* 密钥工具类
|
||||
* @author tom
|
||||
* @date 2022/4/2 17:04
|
||||
*/
|
||||
@Slf4j
|
||||
public class KeyPairUtil {
|
||||
|
||||
private static KeyFactory keyFactory;
|
||||
|
||||
static {
|
||||
try {
|
||||
keyFactory = KeyFactory.getInstance("RSA");
|
||||
} catch (Exception e) {
|
||||
log.error(e.getMessage(), e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取密钥对
|
||||
*/
|
||||
public static KeyPair getKeyPairFromPublicKey(String publicKeyStr) {
|
||||
try {
|
||||
if (publicKeyStr == null || "".equals(publicKeyStr)) {
|
||||
return null;
|
||||
}
|
||||
// todo fix 公钥解析
|
||||
byte[] publicKeyBytes = (new BASE64Decoder()).decodeBuffer(publicKeyStr);
|
||||
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyBytes);
|
||||
PublicKey publicKey = keyFactory.generatePublic(keySpec);
|
||||
return new KeyPair(publicKey, null);
|
||||
} catch (Exception e) {
|
||||
log.info("[keyPair] parse failed, {}." + e.getMessage());
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@@ -29,7 +29,7 @@ public class SshProtocol {
|
||||
/**
|
||||
* 超时时间
|
||||
*/
|
||||
private String timeout = "6000";
|
||||
private String timeout = "3000";
|
||||
|
||||
/**
|
||||
* 用户名
|
||||
|
||||
@@ -59,7 +59,7 @@ public class Param {
|
||||
* 参数值
|
||||
*/
|
||||
@ApiModelProperty(value = "参数值", example = "8080", accessMode = READ_WRITE, position = 3)
|
||||
@Length(max = 8126)
|
||||
@Length(max = 255)
|
||||
private String value;
|
||||
|
||||
/**
|
||||
|
||||
@@ -18,7 +18,7 @@ sidebar_label: 帮助入门
|
||||
|
||||
### 数据库监控
|
||||
|
||||
[MYSQL数据库监控](mysql)      [MariaDB数据库监控](mariadb)      [PostgreSQL数据库监控](postgresql)      [SqlServer数据库监控](sqlserver)      [Oracle数据库监控](oracle)
|
||||
[MYSQL数据库监控](mysql)      [MariaDB数据库监控](mariadb)      [PostgreSQL数据库监控](postgresql)      [SqlServer数据库监控](sqlserver)
|
||||
|
||||
### 操作系统监控
|
||||
|
||||
|
||||
@@ -1,62 +0,0 @@
|
||||
---
|
||||
id: oracle
|
||||
title: 监控:ORACLE数据库监控
|
||||
sidebar_label: ORACLE数据库
|
||||
---
|
||||
|
||||
> 对ORACLE数据库的通用性能指标进行采集监控。
|
||||
|
||||
### 配置参数
|
||||
|
||||
| 参数名称 | 参数帮助描述 |
|
||||
| ----------- | ----------- |
|
||||
| 监控Host | 被监控的对端IPV4,IPV6或域名。注意⚠️不带协议头(eg: https://, http://)。 |
|
||||
| 监控名称 | 标识此监控的名称,名称需要保证唯一性。 |
|
||||
| 端口 | 数据库对外提供的端口,默认为1521。 |
|
||||
| 查询超时时间 | 设置SQL查询未响应数据时的超时时间,单位ms毫秒,默认3000毫秒。 |
|
||||
| 数据库名称 | 数据库实例名称,可选。 |
|
||||
| 用户名 | 数据库连接用户名,可选 |
|
||||
| 密码 | 数据库连接密码,可选 |
|
||||
| URL | 数据库连接URL,可选,若配置,则URL里面的数据库名称,用户名密码等参数会覆盖上面配置的参数 |
|
||||
| 采集间隔 | 监控周期性采集数据间隔时间,单位秒,可设置的最小间隔为10秒 |
|
||||
| 是否探测 | 新增监控前是否先探测检查监控可用性,探测成功才会继续新增修改操作 |
|
||||
| 描述备注 | 更多标识和描述此监控的备注信息,用户可以在这里备注信息 |
|
||||
|
||||
### 采集指标
|
||||
|
||||
#### 指标集合:basic
|
||||
|
||||
| 指标名称 | 指标单位 | 指标帮助描述 |
|
||||
| ----------- | ----------- | ----------- |
|
||||
| database_version | 无 | 数据库版本 |
|
||||
| database_type | 无 | 数据库类型 |
|
||||
| hostname | 无 | 主机名称 |
|
||||
| instance_name | 无 | 数据库实例名称 |
|
||||
| startup_time | 无 | 数据库启动时间 |
|
||||
| status | 无 | 数据库状态 |
|
||||
|
||||
#### 指标集合:tablespace
|
||||
|
||||
| 指标名称 | 指标单位 | 指标帮助描述 |
|
||||
| ----------- | ----------- | ----------- |
|
||||
| file_id | 无 | 文件ID |
|
||||
| file_name | 无 | 文件名称 |
|
||||
| tablespace_name | 无 | 所属表空间名称 |
|
||||
| status | 无 | 状态 |
|
||||
| bytes | MB | 大小 |
|
||||
| blocks | 无 | 区块数量 |
|
||||
|
||||
#### 指标集合:user_connect
|
||||
|
||||
| 指标名称 | 指标单位 | 指标帮助描述 |
|
||||
| ----------- | ----------- | ----------- |
|
||||
| username | 无 | 用户名 |
|
||||
| counts | 个数 | 当前连接数量 |
|
||||
|
||||
#### 指标集合:performance
|
||||
|
||||
| 指标名称 | 指标单位 | 指标帮助描述 |
|
||||
| ----------- | ----------- | ----------- |
|
||||
| qps | QPS | I/O Requests per Second 每秒IO请求数量 |
|
||||
| tps | TPS | User Transaction Per Sec 每秒用户事物处理数量 |
|
||||
| mbps | MBPS | I/O Megabytes per Second 每秒 I/O 兆字节数量 |
|
||||
@@ -43,56 +43,10 @@ sidebar_label: Docker方式部署
|
||||
HertzBeat默认内置三个用户账户,分别为 admin/admin tom/tom@123 lili/lili
|
||||
若需要新增删除修改账户或密码,可以通过配置 `sureness.yml` 实现,若无此需求可忽略此步骤
|
||||
在主机目录下创建sureness.yml,eg:/opt/sureness.yml
|
||||
配置文件内容参考 项目仓库[/script/sureness.yml](https://gitee.com/dromara/hertzbeat/blob/master/script/sureness.yml)
|
||||
配置文件内容参考 项目仓库[/script/sureness.yml](https://gitee.com/dromara/hertzbeat/blob/master/script/sureness.yml)
|
||||
修改sureness.yml的如下部分参数:[注意⚠️sureness配置的其它默认参数需保留]
|
||||
|
||||
```yaml
|
||||
|
||||
resourceRole:
|
||||
- /account/auth/refresh===post===[role1,role2,role3,role4]
|
||||
|
||||
excludedResource:
|
||||
- /account/auth/**===*
|
||||
- /===get
|
||||
- /i18n/**===get
|
||||
- /apps/hierarchy===get
|
||||
- /console/**===get
|
||||
- /**/*.html===get
|
||||
- /**/*.js===get
|
||||
- /**/*.css===get
|
||||
- /**/*.ico===get
|
||||
- /**/*.ttf===get
|
||||
- /**/*.png===get
|
||||
- /**/*.gif===get
|
||||
- /**/*.png===*
|
||||
- /swagger-resources/**===get
|
||||
- /v2/api-docs===get
|
||||
- /v3/api-docs===get
|
||||
|
||||
# 用户账户信息
|
||||
# 下面有 admin tom lili 三个账户
|
||||
# eg: admin 拥有[role1,role2]角色,密码为admin
|
||||
# eg: tom 拥有[role1,role2,role3],密码为tom@123
|
||||
# eg: lili 拥有[role1,role2],明文密码为lili, 加盐密码为1A676730B0C7F54654B0E09184448289
|
||||
account:
|
||||
- appId: admin
|
||||
credential: admin
|
||||
role: [role1,role2]
|
||||
- appId: tom
|
||||
credential: tom@123
|
||||
role: [role1,role2,role3]
|
||||
- appId: lili
|
||||
# 注意 Digest认证不支持加盐加密的密码账户
|
||||
# 加盐加密的密码,通过 MD5(password+salt)计算
|
||||
# 此账户的原始密码为 lili
|
||||
credential: 1A676730B0C7F54654B0E09184448289
|
||||
salt: 123
|
||||
role: [role1,role2]
|
||||
```
|
||||
|
||||
修改sureness.yml的如下**部分参数**:**[注意⚠️sureness配置的其它默认参数需保留]**
|
||||
|
||||
```yaml
|
||||
|
||||
# 用户账户信息
|
||||
# 下面有 admin tom lili 三个账户
|
||||
# eg: admin 拥有[role1,role2]角色,密码为admin
|
||||
|
||||
@@ -46,7 +46,7 @@ sidebar_label: 安装包方式部署
|
||||
4. 配置用户配置文件(非必须,配置账户需要)
|
||||
HertzBeat默认内置三个用户账户,分别为 admin/admin tom/tom@123 lili/lili
|
||||
若需要新增删除修改账户或密码,可以通过修改位于 `hertzbeat/config/sureness.yml` 的配置文件实现,若无此需求可忽略此步骤
|
||||
修改sureness.yml的如下**部分参数**:**[注意⚠️sureness配置的其它默认参数需保留]**
|
||||
修改sureness.yml的如下部分参数:[注意⚠️sureness配置的其它默认参数需保留]
|
||||
|
||||
```yaml
|
||||
# 用户账户信息
|
||||
|
||||
@@ -65,8 +65,7 @@
|
||||
"help/mysql",
|
||||
"help/mariadb",
|
||||
"help/postgresql",
|
||||
"help/sqlserver",
|
||||
"help/oracle"
|
||||
"help/sqlserver"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
||||
@@ -16,8 +16,6 @@ configmap:
|
||||
type: 1
|
||||
- key: password
|
||||
type: 2
|
||||
- key: timeout
|
||||
type: 0
|
||||
# 指标组列表
|
||||
metrics:
|
||||
# 第一个监控指标组 basic
|
||||
@@ -46,7 +44,6 @@ metrics:
|
||||
port: ^_^port^_^
|
||||
username: ^_^username^_^
|
||||
password: ^_^password^_^
|
||||
timeout: ^_^timeout^_^
|
||||
script: (uname -r ; hostname ; uptime | awk -F "," '{print $1}' | sed "s/ //g") | sed ":a;N;s/\n/^/g;ta" | awk -F '^' 'BEGIN{print "version hostname uptime"} {print $1, $2, $3}'
|
||||
# 响应数据解析方式:oneRow, multiRow
|
||||
parseType: multiRow
|
||||
@@ -78,7 +75,6 @@ metrics:
|
||||
port: ^_^port^_^
|
||||
username: ^_^username^_^
|
||||
password: ^_^password^_^
|
||||
timeout: ^_^timeout^_^
|
||||
script: "LANG=C lscpu | awk -F: '/Model name/ {print $2}';awk '/processor/{core++} END{print core}' /proc/cpuinfo;uptime | sed 's/,/ /g' | awk '{for(i=NF-2;i<=NF;i++)print $i }' | xargs;vmstat 1 1 | awk 'NR==3{print $11}';vmstat 1 1 | awk 'NR==3{print $12}'"
|
||||
parseType: oneRow
|
||||
|
||||
@@ -111,7 +107,6 @@ metrics:
|
||||
port: ^_^port^_^
|
||||
username: ^_^username^_^
|
||||
password: ^_^password^_^
|
||||
timeout: ^_^timeout^_^
|
||||
script: free -m | grep Mem | awk 'BEGIN{print "total used free buff_cache available"} {print $2,$3,$4,$6,$7}'
|
||||
parseType: multiRow
|
||||
|
||||
@@ -144,7 +139,6 @@ metrics:
|
||||
port: ^_^port^_^
|
||||
username: ^_^username^_^
|
||||
password: ^_^password^_^
|
||||
timeout: ^_^timeout^_^
|
||||
script: vmstat -D | awk 'NR==1{print $1}';vmstat -D | awk 'NR==2{print $1}';vmstat 1 1 | awk 'NR==3{print $10}';vmstat 1 1 | awk 'NR==3{print $9}';vmstat 1 1 | awk 'NR==3{print $16}'
|
||||
parseType: oneRow
|
||||
|
||||
@@ -170,6 +164,5 @@ metrics:
|
||||
port: ^_^port^_^
|
||||
username: ^_^username^_^
|
||||
password: ^_^password^_^
|
||||
timeout: ^_^timeout^_^
|
||||
script: cat /proc/net/dev | tail -n +3 | awk 'BEGIN{ print "interface_name receive_bytes transmit_bytes"} {print $1,$2,$10}'
|
||||
parseType: multiRow
|
||||
@@ -140,7 +140,7 @@ metrics:
|
||||
sql: SELECT username, count( username ) as counts FROM v$session WHERE username IS NOT NULL GROUP BY username
|
||||
url: ^_^url^_^
|
||||
|
||||
- name: performance
|
||||
- name: performace
|
||||
priority: 1
|
||||
fields:
|
||||
# 指标信息 包括 field名称 type字段类型:0-number数字,1-string字符串 instance是否为实例主键 unit:指标单位
|
||||
|
||||
@@ -11,12 +11,6 @@ param:
|
||||
required: true
|
||||
defaultValue: 22
|
||||
placeholder: '请输入端口'
|
||||
- field: timeout
|
||||
name: 超时时间
|
||||
type: number
|
||||
required: false
|
||||
defaultValue: 6000
|
||||
placeholder: '超时时间'
|
||||
- field: username
|
||||
name: 用户名
|
||||
type: text
|
||||
@@ -25,4 +19,4 @@ param:
|
||||
- field: password
|
||||
name: 密码
|
||||
type: password
|
||||
required: false
|
||||
required: true
|
||||
@@ -34,7 +34,7 @@ CREATE TABLE param
|
||||
id bigint not null auto_increment comment '参数ID',
|
||||
monitor_id bigint not null comment '监控ID',
|
||||
field varchar(100) not null comment '参数标识符',
|
||||
value varchar(8126) comment '参数值,最大字符长度8126',
|
||||
value varchar(255) comment '参数值,最大字符长度255',
|
||||
type tinyint not null default 0 comment '参数类型 0:数字 1:字符串 2:加密串',
|
||||
gmt_create timestamp default current_timestamp comment 'create time',
|
||||
gmt_update datetime default current_timestamp on update current_timestamp comment 'update time',
|
||||
|
||||
@@ -36,10 +36,10 @@ excludedResource:
|
||||
# eg: lili 拥有[role1,role2],明文密码为lili, 加盐密码为1A676730B0C7F54654B0E09184448289
|
||||
account:
|
||||
- appId: admin
|
||||
credential: admin
|
||||
credential: admin@123.
|
||||
role: [role1,role2]
|
||||
- appId: tom
|
||||
credential: tom
|
||||
credential: tom@123.
|
||||
role: [role1,role2,role3]
|
||||
- appId: lili
|
||||
# 注意 Digest认证不支持加盐加密的密码账户
|
||||
|
||||
@@ -34,7 +34,7 @@ CREATE TABLE param
|
||||
id bigint not null auto_increment comment '参数ID',
|
||||
monitor_id bigint not null comment '监控ID',
|
||||
field varchar(100) not null comment '参数标识符',
|
||||
value varchar(8126) comment '参数值,最大字符长度8126',
|
||||
value varchar(255) comment '参数值,最大字符长度255',
|
||||
type tinyint not null default 0 comment '参数类型 0:数字 1:字符串 2:加密串',
|
||||
gmt_create timestamp default current_timestamp comment 'create time',
|
||||
gmt_update datetime default current_timestamp on update current_timestamp comment 'update time',
|
||||
|
||||
@@ -23,7 +23,7 @@ excludedResource:
|
||||
- /**/*.ttf===get
|
||||
- /**/*.png===get
|
||||
- /**/*.gif===get
|
||||
- /**/*.png===*
|
||||
- /**/*.png===*
|
||||
# swagger ui 资源
|
||||
- /swagger-resources/**===get
|
||||
- /v2/api-docs===get
|
||||
|
||||
Reference in New Issue
Block a user