前言:
看到这个标题的人一定会很疑惑,进程监控和报警,不都是用zabbix,nagios么? 对于管理的话,自己写crontab脚本不就行了。 当然这肯定是可以的。 标题说了,规范和扩展! 所谓的进程监控就是 在进程不可用,或者是被kill掉,也有外因,比如进程吃内存大,需要重启进程,让他初始化程序的实例,简单说,就是进程pid是在,只是进程是假死的,不可用的。
对于这些进程管理和监控的需求,说下圈子里面解决这类问题的办法:
大家一定知道supervisord这个东西,现在很多人都喜欢用他,我个人的nginx tornado的方案,就是用supervisord来管理进程的, 话说他也是支持进程监控的,但是比较粗糙。他的方法就是检测pid,pid死了,他会重启进程 。 他的这种方法,不太适用于我们上面说的这个场景。
百度在用这个supervisord做进程状态监控,但是百度已经对这个做了二次开发,他们扩展了不少东西,比如监控检测的规则,报警的接口化,对外的探测通知socket接口,别的进程也可以通过标准,拿到服务器进程的一些情况。 这已经实现supervisord扩展效果,我想大家也可以开发出来,只是耗时耗力。 supervisord的源码,我也顺了下源码,难度不太大 ! 有时间我会出一个supervisord二次开发的文档。
还有一个叫god,是ruby写的。 现在小米在用,本人对于ruby有些不感冒,这里就简单讲讲他的有点。 其实god在一定程度上来说,要比supervisord健全的。 我最欣赏他的地方就是,他的通知相当强大,他只是webkook回调,email,jabber。他的进程监测也不错。 有兴趣的朋友可以试试。
下面是god的一个例子。
1
2
3
4
|
w.name =
"hello"
w.start =
"ruby xiaorui.rb"
w.keepalive(:memory_max => 333.megabytes,
:cpu_max => 50.percent)
|
还有一个蓝汛叫amr的东西,听了介绍,感觉功能很是饱满,很牛叉的样子。 只是没有开源,不明白他的实现细节。 现在各大公司都有一套类似进程监控的东西。
好了,这里说下我推荐的monit的用法。
大家可以先看看monit的介绍 http://mmonit.com/monit
Monit 是一款功能非常丰富的进程、文件、目录和设备的监测软件,用于Unix平台。它可以自动修复那些已经停止运作的程序,特使适合处理那些由于多种原因导致的软件错误。
Monit 对管理员来说可谓神器也。话说 Nagios 也就是在监控牛,而 Monit 不但本地监控牛,远程服务监控也牛。更牛的是,只要你花点功夫,你的服务就永远都能“死而复生”。
安装
yum -y install monit
monit主配置,30s检测一次
1
2
3
4
5
6
7
|
vi
/etc/monit
.conf
#检测的时间,默认是120s
set
daemon 30
set
mailserver localhost
set
mail-
format
{ from: monit@
dd
.com }
set
alert example@
dd
.com
#原文:http://rfyiamcool.blog.51cto.com/1030776/1437572
|
具体的配置
1
2
3
4
5
|
[root@66 ~]
# cat /etc/monit.d/nginx.monit.conf
check process nginx with pidfile
/var/run/nginx
.pid
start program =
"/etc/init.d/nginx start"
stop program =
"/etc/init.d/nginx stop"
if
failed port 9000
type
TCP
then
start
|
语法的检测:
1
2
3
4
|
[root@xiaorui ~]
# monit -t
Control
file
syntax OK
[root@xiaorui ~]
#
原文:http:
//rfyiamcool
.blog.51cto.com
/1030776/1437572
|
monit也是支持web数据展现的,虽然功能比较的简单,而且没有操作的功能:
他可以像supervisord那样,直接启动、关闭、重启某个时间。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[root@xiaorui ~]
# monit -h
Usage: monit [options] {arguments}
Options are as follows:
-c
file
Use this control
file
-d n Run as a daemon once per n seconds
-g name Set group name
for
start, stop, restart, monitor and unmonitor
-l logfile Print log information to this
file
-p pidfile Use this lock
file
in
daemon mode
-s statefile Set the
file
monit should write state information to
-I Do not run
in
background (needed
for
run from init)
-t Run syntax check
for
the control
file
-
v
Verbose mode, work noisy (diagnostic output)
-H [filename] Print SHA1 and MD5 hashes of the
file
or of stdin
if
the
filename is omited; monit will
exit
afterwards
-V Print version number and patchlevel
-h Print this text
Optional action arguments
for
non-daemon mode are as follows:
start all - Start all services
start name - Only start the named service
stop all - Stop all services
stop name - Only stop the named service
restart all - Stop and start all services
restart name - Only restart the named service
monitor all - Enable monitoring of all services
monitor name - Only
enable
monitoring of the named service
unmonitor all - Disable monitoring of all services
unmonitor name - Only disable monitoring of the named service
reload - Reinitialize monit
status - Print full status information
for
each service
summary - Print short status information
for
each service
quit - Kill monit daemon process
validate - Check all services and start
if
not running
(Action arguments operate on services defined
in
the control
file
)
#原文:http://rfyiamcool.blog.51cto.com/1030776/1437572
|
咱们经常用的saltstack也是有monit的一个模块,当然有些简单吧。没有添加的模块,当时这些咱们可以自己写模块实现添加。 有时间写个saltstack的monit添加删除模块,提交给官方 。 (没提交也别打我)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
salt.modules.monit
Monit service module. This module will create a monit
type
service watcher.
salt.modules.monit.monitor(name)
monitor service via monit
CLI Example:
salt
'*'
monit.monitor <service name>
salt.modules.monit.restart(name)
Restart service via monit
CLI Example:
salt
'*'
monit.restart <service name>
salt.modules.monit.start(name)
CLI Example:
salt
'*'
monit.start <service name>
salt.modules.monit.stop(name)
Stops service via monit
CLI Example:
salt
'*'
monit.stop <service name>
salt.modules.monit.summary(svc_name=
''
)
Display a summary from monit
CLI Example:
salt
'*'
monit.summary
salt
'*'
monit.summary <service name>
salt.modules.monit.unmonitor(name)
Unmonitor service via monit
CLI Example:
salt
'*'
monit.unmonitor <service name>
|
这一段配置的意思是说,当9000不通的时候,启动下进程 触发的是 start program !!!
他的检测语法:
IF <TEST> THEN ACTION [ELSE IF SUCCEEDED THEN ACTION]
action包括 altert,start,stop.restart,exec
alert 不用说了,就是报警的邮件
start、stop、restart 就是触发start、stop、restart program
exec 可以自定一定脚本
这里就写点例子,给大家看看。
1
2
3
4
5
6
7
|
check process tomcat with pidfile
/var/run/tomcat
.pid
start program =
"/etc/init.d/tomcat start"
as uid nobody and gid nobody
stop program =
"/etc/init.d/tomcat stop"
# You can also use id numbers instead and write:
as uid 99 and with gid 99
if
failed port 8080
then
alert
|
如果8080端口不同的话,报警 !
check process named with pidfile /var/run/named.pid
start program = "/etc/init.d/named start"
stop program = "/etc/init.d/named stop"
if failed port 53 use type udp protocol dns then restart
if 3 restarts within 5 cycles then timeout
如果53的udp端口不通,就重启。
check process apache with pidfile /var/run/httpd.pid
start "/etc/init.d/httpd start"
stop "/etc/init.d/httpd stop"
if failed host www.sol.no port 80 then alert
if failed host shop.sol.no port 443 then alert
if failed host chat.sol.no port 80 then alert
if failed host www.tildeslash.com port 80 then alert
如果主机不通的话,alert。 host 填写域名和ip port 端口 !
1
2
3
4
5
6
|
check process apache with pidfile
/var/run/httpd
.pid
start
"/etc/init.d/httpd start"
stop
"/etc/init.d/httpd stop"
if
failed
host www.sol.no port 80 protocol http
then
alert
|
这里还可以指明是http 协议 !
1
2
3
4
5
6
7
8
|
check process apache with pidfile
/var/run/httpd
.pid
start
"/etc/init.d/httpd start"
stop
"/etc/init.d/httpd stop"
if
failed
host www.sol.no port 80 and
send
"GET / HTTP/1.1\r\nHost: www.sol.no\r\n\r\n"
expect
"HTTP/[0-9\.]{3} 200.*"
then
alert
|
还可以用expect做数据的推送。
1
2
3
4
|
check host www.tildeslash.com with address www.tildeslash.com
if
failed
icmp
type
echo
count 5 with timeout 15 seconds
then
alert
|
icmp检测,指定count的数目,不至于一直没完没了的ping。
1
2
3
4
5
6
|
check host tildeslash with address www.tildeslash.com
if
failed
port 80 protocol http and
request
"/monit/dist/monit-5.7.tar.gz"
with checksum f9d26b8393736b5dfad837bb13780786
then
alert
|
这里还可以计算文件的md5,request支持get 和 post !
1
2
3
4
5
|
if
failed
port 80
protocol http
request
"/data/show?a=b&c=d"
then
restart
|
monit check 状态检测的时间,是可以定义的。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Name: | Allowed values: | Special characters:
---------------------------------------------------------------
Minutes | 0-59 | * - ,
Hours | 0-23 | * - ,
Day of month | 1-31 | * - ,
Month | 1-12 (1=jan, 12=dec) | * - ,
Day of week | 0-6 (0=sunday, 6=saturday) | * - ,
check process nginx with pidfile
/var/run/nginx
.pid
every 2 cycles
Example 2: Check every workday 8AM-7PM
check program checkOracleDatabase with
path
/var/monit/programs/checkoracle
.pl
every
"* 8-19 * * 1-5"
Example 3: 在这个时间端,就不要检测 Sunday 0AM-3AM
check process mysqld with pidfile
/var/run/mysqld
.pid
not every
"* 0-3 * * 0"
|
各种的判断,内存和cpu的判断。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
#xiaorui.cc
check process freeswitch
with pidfile
/usr/local/freeswitch/log/freeswitch
.pid
start program =
"/usr/local/freeswitch/bin/freeswitch -nc -hp"
stop program =
"/usr/local/freeswitch/bin/freeswitch -stop"
if
total memory > 1000.0 MB
for
5 cycles
then
alert
if
total memory > 1500.0 MB
for
5 cycles
then
alert
if
total memory > 2000.0 MB
for
5 cycles
then
restart
if
cpu > 60%
for
5 cycles
then
alert
if
failed
port 5060
type
udp protocol SIP
target me@foo.bar and maxforward 10
then
restart
check process asterisk
with pidfile
/var/run/asterisk/asterisk
.pid
start program =
"/usr/sbin/asterisk"
stop program =
"/usr/sbin/asterisk -r -x 'shutdown now'"
if
total memory > 1000.0 MB
for
5 cycles
then
alert
if
total memory > 1500.0 MB
for
5 cycles
then
alert
if
total memory > 2000.0 MB
for
5 cycles
then
restart
if
cpu > 60%
for
5 cycles
then
alert
if
failed
port 5060
type
udp protocol SIP
and target me@foo.bar maxforward 10
then
restart
|
邮件也是可以定制,如果你想发送短信和语音的话,大家可以自定义报警的脚本。这样控制性更好。如果监控用的是zabbix的话,可以配合monit一块搞起。 比如的时候,咱们就不用email报警了,直接用zabbix sender主动触发 trigger action。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
#xiaorui.cc
check process apache with pidfile
/var/run/httpd
.pid
start program =
"/etc/init.d/httpd start"
stop program =
"/etc/init.d/httpd stop"
if
cpu > 40%
for
2 cycles
then
alert
if
total cpu > 60%
for
2 cycles
then
alert
if
total cpu > 80%
for
5 cycles
then
restart
if
mem > 100 MB
for
5 cycles
then
stop
if
loadavg(5min) greater than 10.0
for
8 cycles
then
stop
check process apache with pidfile
/var/run/httpd
.pid
start =
"/etc/init.d/httpd start"
stop =
"/etc/init.d/httpd stop"
alert admin@bar on {nonexist, timeout}
with mail-
format
{
from: bofh@$HOST
subject: apache $EVENT - $ACTION
message: This event occurred on $HOST at $DATE.
Your faithful employee,
monit
}
if
failed host www.tildeslash.com port 80
then
restart
if
3 restarts within 5 cycles
then
timeout
depend httpd_bin
group apache
check
file
httpd_bin with path
/usr/local/apache/bin/httpd
alert security@bar on {checksum, timestamp,
permission, uid, gid}
with mail-
format
{subject: Alaaarrm! on $HOST}
if
failed checksum
and expect 8f7f419955cefa0b33a2ba316cba3659
then
unmonitor
if
failed permission 755
then
unmonitor
if
failed uid root
then
unmonitor
if
failed gid root
then
unmonitor
if
changed timestamp
then
alert
group apache
|
我这里有些服务flask开发的,利用uwsgi来***能。uwsgi有时因为程序的prefork的数目的限制和程序本身逻辑的bug,造成把uwsgi的进程堵塞掉。 这个时候需要monit重启下uwsgi的服务。
1
2
3
4
5
6
7
8
9
10
11
12
13
|
check process nginx with pidfile
/var/run/nginx
.pid
start program =
"/etc/init.d/nginx start"
stop program =
"/etc/init.d/nginx stop"
if
failed port 443
type
tcpssl protocol http
request
"/lvs_vip/status_code"
hostheader
"xiaorui.cc"
with timeout 5 seconds
then
alert
if
failed port 443
type
tcpssl protocol http
request
"/lvs_vip/status_code"
"xiaorui.cc"
with timeout 10 seconds
3
times
within 4 cycles
then
restart
depends on uwsgi
|
总结:
在某种程度上来说,这类的工具有些单机,咱们可以利用puppet,saltstack这类配置管理工具,使这类的配置中心统一化。 咱们可以在中心节点,直接下发monit的配置。monit这东西的扩展性很不错,大家可以好好的试试!
本文转自 rfyiamcool 51CTO博客,原文链接:http://blog.51cto.com/rfyiamcool/1437572,如需转载请自行联系原作者