docker+splunk+haproxy实践
#!/bin/shmax=30 #max containes
echo > haproxy.cfg
uri="https://yoursearchip:8089" #search server
ip="`/usr/bin/hostname -I |awk '{print $1}'`" # local ipaddress
id="_`/usr/bin/hostname -I |awk '{print $1}'|awk -F '.' '{print $4}'`_" # id
echo id:$id
echo ip:$ip
maxwarn=4 # max wan
group=10
maxonline=2 # max online
online=0
password="123456"
user="admin"
vname="vsplunk"
name="splunk"
webport=7000
searchport=7100
listenport=7200
lport=7020
udpport=7300
wait=10
function createvsplunk(){
i=$1
if [ `dockerps -a |grep -w $vname$i|wc -l` -ne 1 ];then
echo not exsist $vname$i
docker run --name $vname$i -v /opt/splunk/etc -v /opt/splunk/var busybox
fi
}
function createsplunk(){
i=$1
if [ `dockerps -a |grep -w $name$i|wc -l` -ne 1 ]; then
echo notexsist $name$i
docker run --hostname $name$id$i --name $name$i --volumes-from=$vname$i -p $((webport+i)):8000-p $((searchport+i)):8089 -p $((listenport+i)):$lport -p $((udpport+i)):7030/udp -d outcoldman/splunk
echo server splunk$id$i $ip:$((listenport+i))check>> haproxy.cfg
sleep $wait
docker exec $name$i/opt/splunk/bin/splunk edit user admin-password $password -auth admin:changeme
docker exec $name$i/opt/splunk/bin/splunk adduser user -password user -role user -auth $user:$password
docker exec $name$i/opt/splunk/bin/splunk addtcp$listenport -sourcetype nginx -auth $user:$password
docker exec $name$i/opt/splunk/bin/splunk addudp6030 -sourcetype applog -auth $user:$password
/opt/splunk/bin/splunk add search-server$ip:$((searchport+i)) -remoteUsername admin -remotePassword $password -auth admin:$password -uri $uri
fi
}
function removemonitor(){
i=$1
if [ `docker exec $name$i/opt/splunk/bin/splunk list tcp -auth $user:$password|grep $lport |wc -l` -gt 0 ];then
docker exec $name$i/opt/splunk/bin/splunk removetcp$lport-sourcetype nginx -auth $user:$password
fi
}
function addmonitor(){
i=$1
if [ `docker exec $name$i/opt/splunk/bin/splunk list tcp -auth $user:$password|grep $lport |wc -l` -le 0 ];then
docker exec $name$i/opt/splunk/bin/splunk addtcp$lport -sourcetype nginx -auth $user:$password
fi
}
function deletesplunk(){
i=$1
docker stop$name$i
docker rm -v $name$i
docker rm -v $vname$i
/opt/splunk/bin/splunk remove search-server$ip:$((searchport+i)) -remoteUsername admin -remotePassword $password -auth admin:$password -uri $uri
}
function reinstallsplunk(){
i=$1
deletesplunk $i
createvsplunk $i
createsplunk$i
}
function rollsplunk(){
for (( i=1; i<=max; i++)); do
{
createvsplunk $i
createsplunk $i
warn=`/opt/splunk/bin/splunklist licenser-messages-uri https://$ip:$((searchport+i)) -auth admin:$password |grep WARN|wc -l`
if [ $warn -gt 4 ];then
reinstallsplunk $i
elif [ $warn -gt $maxwarn ];then
reinstallsplunk$i
fi
# set listen port for grouptoday
if [ $i -gt $((3*(groupnum-1))) ] && [ $i -le $((3*groupnum)) ] ;then
addmonitor $i
else
removemonitor$i
fi
# install new for next group
if [ $i -gt $((3*(groupnum))) ] && [ $i -le $((3*(groupnum+1))) ] && [ $warn -gt 0 ];then
reinstallsplunk $i
fi
}
done
}
groupnum=$((`/bin/date +%j`%(maxwarn*group)%group))
rollsplunk
echo all threads done
页:
[1]