#!/bin/bash
echo "=== 开始配置 Prometheus ==="
# 生成随机端口的函数
generate_random_port() {
while true; do
port=$((RANDOM % 55535 + 10000)) # 生成10000-65535之间的端口
if ! netstat -tuln 2>/dev/null | grep -q ":$port "; then
echo $port
break
fi
done
}
# 检查本地配置
if [ -d "prometheus-data" ]; then
echo "警告:检测到本地已存在 Prometheus 配置"
read -p "是否清除现有配置并重新初始化?(y/N) " answer
if [ "$answer" = "y" ] || [ "$answer" = "Y" ]; then
echo "清理现有配置..."
rm -rf prometheus-data prometheus.yml webconfig.yml .env
echo "现有配置已清理"
else
echo "保留现有配置,退出脚本"
exit 0
fi
fi
# 检查 docker-compose-prometheus.yml
if [ -f "docker-compose-prometheus.yml" ]; then
echo "发现现有的 docker-compose-prometheus.yml"
read -p "是否覆盖现有的 docker-compose-prometheus.yml?(y/N) " answer
if [ "$answer" != "y" ] && [ "$answer" != "Y" ]; then
echo "保留现有 docker-compose-prometheus.yml,退出脚本"
exit 0
fi
fi
echo -e "\n1. 生成随机端口..."
PROMETHEUS_PORT=$(generate_random_port)
echo "Prometheus 端口: $PROMETHEUS_PORT"
echo -e "\n2. 创建环境变量文件..."
cat > .env << EOL
PROMETHEUS_PORT=$PROMETHEUS_PORT
EOL
echo "环境变量文件创建完成"
echo -e "\n3. 创建本地配置目录..."
mkdir -p prometheus-data
echo "目录创建完成"
echo -e "\n4. 创建 Prometheus 配置文件..."
cat > prometheus.yml << EOL
global:
scrape_interval: 15s
evaluation_interval: 15s
rule_files:
# - "first_rules.yml"
# - "second_rules.yml"
scrape_configs:
- job_name: 'prometheus'
static_configs:
- targets: ['localhost:9090']
# 添加其他监控目标
# - job_name: 'node-exporter'
# static_configs:
# - targets: ['node-exporter:9100']
# - job_name: 'grafana'
# static_configs:
# - targets: ['grafana:3000']
EOL
echo "Prometheus 配置文件创建完成"
echo -e "\n5. 创建 Prometheus Web 配置文件..."
cat > webconfig.yml << EOL
# Prometheus Web 配置文件
# 用于配置 TLS、身份验证等安全设置
# TLS 配置(可选,如需 HTTPS 请取消注释并配置证书)
# tls_server_config:
# cert_file: "server.crt"
# key_file: "server.key"
# # 可选:指定 TLS 版本
# min_version: TLS12
# # 可选:指定密码套件
# cipher_suites:
# - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
# - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
# 基本身份验证配置(可选)
# 密码使用 bcrypt 哈希,可使用以下命令生成:
# htpasswd -nBC 10 "" | tr -d ':\n'
# 或在线生成:https://bcrypt.online/
basic_auth_users:
# admin: \$2y\$10\$example.hash.for.admin.password
# user: \$2y\$10\$example.hash.for.user.password
# HTTP/2 配置(可选)
# http_server_config:
# http2: true
# 其他安全配置
# Prometheus Web UI 和 API 的访问控制
# 注意:在生产环境中建议启用身份验证
EOL
echo "Prometheus Web 配置文件创建完成"
echo -e "\n6. 创建 docker-compose-prometheus.yml..."
cat > docker-compose-prometheus.yml << EOL
version: "3.8"
services:
prometheus:
image: prom/prometheus:latest
container_name: prometheus-\${PROMETHEUS_PORT}
restart: unless-stopped
ports:
- "\${PROMETHEUS_PORT}:9090"
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
- ./webconfig.yml:/etc/prometheus/webconfig.yml
- ./prometheus-data:/prometheus
command:
- '--config.file=/etc/prometheus/prometheus.yml'
- '--web.config.file=/etc/prometheus/webconfig.yml'
- '--storage.tsdb.path=/prometheus'
- '--web.console.libraries=/etc/prometheus/console_libraries'
- '--web.console.templates=/etc/prometheus/consoles'
- '--storage.tsdb.retention.time=200h'
- '--web.enable-lifecycle'
networks:
- monitoring
networks:
monitoring:
driver: bridge
external: false
EOL
echo "配置文件创建完成"
echo -e "\n7. 设置目录权限..."
# Prometheus 需要可写权限
sudo chown -R 65534:65534 prometheus-data 2>/dev/null || chown -R 65534:65534 prometheus-data 2>/dev/null || echo "权限设置可能需要sudo"
echo "权限设置完成"
echo -e "\n8. 创建管理脚本..."
cat > manage-prometheus.sh << EOL
#!/bin/bash
source .env
case \$1 in
start)
echo "启动 Prometheus..."
docker compose -f docker-compose-prometheus.yml up -d
echo "Prometheus 已启动!"
echo "访问地址: http://localhost:\$PROMETHEUS_PORT"
;;
stop)
echo "停止 Prometheus..."
docker compose -f docker-compose-prometheus.yml down
;;
restart)
echo "重启 Prometheus..."
docker compose -f docker-compose-prometheus.yml restart
;;
status)
docker compose -f docker-compose-prometheus.yml ps
;;
logs)
docker compose -f docker-compose-prometheus.yml logs -f
;;
info)
echo "Prometheus 信息:"
echo "访问地址: http://localhost:\$PROMETHEUS_PORT"
echo "配置文件: ./prometheus.yml"
echo "Web配置文件: ./webconfig.yml"
echo "数据目录: ./prometheus-data"
;;
reload)
echo "重载 Prometheus 配置..."
curl -X POST http://localhost:\$PROMETHEUS_PORT/-/reload
;;
security)
echo "配置安全设置..."
echo "1. 要启用 HTTPS,请配置 webconfig.yml 中的 tls_server_config"
echo "2. 要启用身份验证,请配置 webconfig.yml 中的 basic_auth_users"
echo "3. 密码哈希生成命令: htpasswd -nBC 10 \"\" | tr -d ':\\n'"
echo "4. 在线密码哈希:https://bcrypt.online/"
;;
*)
echo "用法: \$0 {start|stop|restart|status|logs|info|reload|security}"
;;
esac
EOL
chmod +x manage-prometheus.sh
echo "管理脚本创建完成"
echo -e "\n9. 创建安全配置示例文件..."
cat > webconfig-examples.yml << EOL
# Prometheus Web 配置示例文件
# 复制相关配置到 webconfig.yml 中使用
# ===============================
# 示例 1: 基本身份验证配置
# ===============================
basic_auth_users:
# 用户名: admin, 密码: admin123
admin: \$2y\$10\$7yTp3c2Q6h.L8V5K9rF.6OeF2Y1X3.Z8w9Q1c2V6h5L8K9rF6OeF2Y
# 用户名: user, 密码: user123
user: \$2y\$10\$8zTq4d3R7i.M9W6L0sG.7PfG3Z2Y4.A9x0R2d3W7i6M9L0sG7PfG3Z
# ===============================
# 示例 2: TLS/HTTPS 配置
# ===============================
tls_server_config:
cert_file: "/etc/prometheus/certs/server.crt"
key_file: "/etc/prometheus/certs/server.key"
min_version: TLS12
max_version: TLS13
cipher_suites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
# ===============================
# 示例 3: 完整安全配置
# ===============================
tls_server_config:
cert_file: "/etc/prometheus/certs/server.crt"
key_file: "/etc/prometheus/certs/server.key"
min_version: TLS12
basic_auth_users:
admin: \$2y\$10\$7yTp3c2Q6h.L8V5K9rF.6OeF2Y1X3.Z8w9Q1c2V6h5L8K9rF6OeF2Y
user: \$2y\$10\$8zTq4d3R7i.M9W6L0sG.7PfG3Z2Y4.A9x0R2d3W7i6M9L0sG7PfG3Z
http_server_config:
http2: true
# ===============================
# 密码哈希生成方法:
# ===============================
# 方法1: 使用 htpasswd
# htpasswd -nBC 10 "" | tr -d ':\n'
#
# 方法2: 使用 Python
# python3 -c "import bcrypt; print(bcrypt.hashpw(b'your_password', bcrypt.gensalt()).decode())"
#
# 方法3: 在线生成
# https://bcrypt.online/
EOL
echo "安全配置示例文件创建完成"
echo -e "\n=== Prometheus 配置完成! ==="
echo "随机分配的端口: $PROMETHEUS_PORT"
echo -e "\n你可以:"
echo "1. 编辑 prometheus.yml 添加更多监控目标"
echo "2. 编辑 webconfig.yml 配置安全设置(TLS、身份验证)"
echo "3. 参考 webconfig-examples.yml 查看配置示例"
echo "4. 编辑 docker-compose-prometheus.yml 修改其他设置"
echo "5. 使用 './manage-prometheus.sh start' 启动服务"
echo "6. 使用 './manage-prometheus.sh info' 查看信息"
echo "7. 访问 http://localhost:$PROMETHEUS_PORT 使用 Prometheus"
echo -e "\n管理命令:"
echo "- ./manage-prometheus.sh start # 启动服务"
echo "- ./manage-prometheus.sh stop # 停止服务"
echo "- ./manage-prometheus.sh restart # 重启服务"
echo "- ./manage-prometheus.sh status # 查看状态"
echo "- ./manage-prometheus.sh logs # 查看日志"
echo "- ./manage-prometheus.sh info # 查看信息"
echo "- ./manage-prometheus.sh reload # 重载配置"
echo "- ./manage-prometheus.sh security # 查看安全配置帮助"
echo -e "\n安全配置:"
echo "- webconfig.yml: Web 服务器安全配置"
echo "- webconfig-examples.yml: 配置示例参考"
echo "- 默认无身份验证,生产环境建议启用"
echo "- 支持 TLS/HTTPS、基本身份验证、HTTP/2"
echo -e "\n注意:"
echo "- 配置文件修改后可使用 reload 命令重载"
echo "- 端口信息保存在 .env 文件中"
echo "- 数据持久化保存在 prometheus-data 目录中"
echo "- Web 配置文件 webconfig.yml 用于安全设置"
# 询问是否立即启动服务
read -p "是否立即启动 Prometheus?(y/N) " answer
if [ "$answer" = "y" ] || [ "$answer" = "Y" ]; then
echo "启动 Prometheus..."
docker compose -f docker-compose-prometheus.yml up -d
echo -e "\nPrometheus 已启动!"
echo "访问地址: http://localhost:$PROMETHEUS_PORT"
echo -e "\n等待服务完全启动后再访问..."
echo -e "\n如需配置安全设置,请:"
echo "1. 编辑 webconfig.yml 文件"
echo "2. 重启服务: ./manage-prometheus.sh restart"
echo "3. 查看安全配置帮助: ./manage-prometheus.sh security"
fi 上一篇
【教程】Grafana 部署【教程】Grafana 部署
2025-09-05
下一篇
DELL R640 添加硬盘DELL R640 添加硬盘
2025-08-28