흙수저의 엔지니어링

공부하기 위해서 설치해봅니다.

ansible 설치하기

apt install -y ansible

관리할 서버 접속 설정하기 (사전에 ssh-keygen 설정 필요)

# pub 파일이 id_rsa.pub 인지 다른 이름인지 반드시 확인 필요
# 저는 다른 vm이 있어서 접속 테스트 했습니다.
ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.205
ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.206
ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.207

ansible 테스트

root@13500T-ubuntu:~# mkdir /etc/ansible
root@13500T-ubuntu:~# touch /etc/ansible/hosts
root@13500T-ubuntu:~# cat /etc/ansible/hosts
#192.168.0.205 k8s-master
192.168.0.205
#192.168.0.206 k8s-node1
192.168.0.206
#192.168.0.207 k8s-node2
192.168.0.207
root@13500T-ubuntu:~# ansible all -m ping
192.168.0.207 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
192.168.0.206 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
192.168.0.205 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}
root@13500T-ubuntu:~#

일반 유저로 설정을 하니 아래와 같이 권한 문제가 발생하여 ssh로 root 접속할 수 있도록 설정하여 수행하였습니다.

root@13500T-ubuntu:~# ansible all -m ping
192.168.0.205 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: root@192.168.0.205: Permission denied (publickey,password).",
    "unreachable": true
}
192.168.0.206 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: root@192.168.0.206: Permission denied (publickey,password).",
    "unreachable": true
}
192.168.0.207 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: root@192.168.0.207: Permission denied (publickey,password).",
    "unreachable": true
}
root@13500T-ubuntu:~#

/usr/bin/ssh-copy-id: ERROR: No identities found 발생 시

root@13500T-ubuntu:~# ssh-copy-id master@192.168.0.205
/usr/bin/ssh-copy-id: ERROR: No identities found

1단계: 사이사이 물어보면 "엔터"만 치시면 됩니다.

root@13500T-ubuntu:~# ssh-keygen
Generating public/private ed25519 key pair.
Enter file in which to save the key (/root/.ssh/id_ed25519): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_ed25519
Your public key has been saved in /root/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:tXRz---------------------------- root@13500T-ubuntu
The key's randomart image is:
+--[ED25519 256]--+
|             *EBX|
|            o*B^*|
|          o Bo/*B|
|         o = X =*|
|        S .   ..o|
|               . |
|                 |
|                 |
|                 |
+----[SHA256]-----+
root@13500T-ubuntu:~#

2단계: pub 파일이 어떤 이름인지 꼭 확인해보세요. 저는 " id_rsa.pub"가 아닌 " id_ed25519.pub" 였습니다.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.205
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.205's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.0.205'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.206
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.206's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.0.206'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub root@192.168.0.207
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.207's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.0.207'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~#

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub master@192.168.0.205
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
The authenticity of host '192.168.0.205 (192.168.0.205)' can't be established.
ED25519 key fingerprint is SHA256:Rg4V0-------------------------OmwKSq8s.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
master@192.168.0.205's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'master@192.168.0.205'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub node1@192.168.0.206
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
The authenticity of host '192.168.0.206 (192.168.0.206)' can't be established.
ED25519 key fingerprint is SHA256:Rg4V0-------------------------OmwKSq8s.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
node1@192.168.0.206's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node1@192.168.0.206'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~# ssh-copy-id -i ~/.ssh/id_ed25519.pub node2@192.168.0.207
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_ed25519.pub"
The authenticity of host '192.168.0.207 (192.168.0.207)' can't be established.
ED25519 key fingerprint is SHA256:Rg4V0-------------------------OmwKSq8s.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:1: [hashed name]
    ~/.ssh/known_hosts:4: [hashed name]
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
node2@192.168.0.207's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'node2@192.168.0.207'"
and check to make sure that only the key(s) you wanted were added.

root@13500T-ubuntu:~#

3단계: 패스워드 없이 계정 접속하기

root@13500T-ubuntu:~# ssh master@192.168.0.205
Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-48-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

Expanded Security Maintenance for Applications is not enabled.

139 updates can be applied immediately.
24 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

Last login: Mon Nov 18 14:55:57 2024 from 192.168.0.201
master@k8s-master:~$

네이버클라우드에서 Platform의 "Classic" 버전은 outbound 정책 설정이 없네요.

(제가 못 찾는 거라면, 방법 좀 알려주세요~)

대체방안으로 linux의 iptables로 해봤는데, 양방향 설정이 아니라 너무 어렵더라구요.

그래서 ufw 서비스를 활용해 보려고 합니다.

[작업 근거]

인증기준: ISMS 인증 2.6.2 정보시스템 접근

ㅇ 주요 확인사항

서버, 네트워크시스템 등 정보시스템에 접근을 허용하는 사용자, 접근제한 방식, 안전한
접근수단 등을 정의하여 통제하여야 한다.

  - 정보시스템의 사용목적과 관계 없는 서비스를 제거하고 있는가?

설정은 모든 outbound는 차단하고, dns Port만 Open 했습니다.

아래처럼 한다면 inbound 정책은 전부 허용, oubound 정책은 dns 53 제외 전부 차단 됩니다.

root@mydata:~# ufw disable
root@mydata:~# ufw default deny outgoing
root@mydata:~# ufw allow out to any port 53
root@mydata:~# ufw enable

통신 테스트 화면

root@mydata:~# ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), deny (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
53                         ALLOW OUT   Anywhere

root@mydata:~#
root@mydata:~#
root@mydata:~#
root@mydata:~#
root@mydata:~#
root@mydata:~# curl www.naver.com
^C
root@mydata:~# ufw allow out to any port 80
Rule added
Rule added (v6)
root@mydata:~# ufw status verbose
Status: active
Logging: on (low)
Default: allow (incoming), deny (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
53                         ALLOW OUT   Anywhere
80                         ALLOW OUT   Anywhere
80 (v6)                    ALLOW OUT   Anywhere (v6)

root@mydata:~# curl www.naver.com
<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center> NWS </center>
</body>
</html>
root@mydata:~#

사용명령어 예제

[root@mydata ~]# ufw allow out to 1.1.1.1
[root@mydata ~]# ufw status numbered
[root@mydata ~]# ufw status verbose
[root@mydata ~]# ufw delete 2
[root@mydata ~]# ufw delete 2
[root@mydata ~]# ufw allow from 1.1.1.1
[root@mydata ~]# ufw allow 8080
[root@mydata ~]# ufw allow out to any port 80
[root@mydata ~]# ufw default allow incoming
[root@mydata ~]# ufw default deny outgoing

참고하려고 남겨둡니다.

# Meta 데이터 저장할 위치 지정.
[meta]
  # Where the metadata/raft database is stored
  dir = "/var/lib/influxdb/meta"
 
# 실제 데이터를 저장할 디렉토릴 지정.
[data]
  # The directory where the TSM storage engine stores TSM files.
  dir = "/var/lib/influxdb/data"
 
  # The directory where the TSM storage engine stores WAL files.
  wal-dir = "/var/lib/influxdb/wal"
 
# Clustering 서비스 설정 통제
[coordinator]
  write-timeout = "10s"  # write request 가 기다릴시간. 이 시간이 지나면 에러 리턴
  max-concurrent-queries = 0  # 최대 동시 쿼리 개수. 0 은 unlimited.
  query-timeout = "0"  # 시스템이 kill 하기전에 쿼리 수행허용 시간
  log-queries-after = "0s" # slow 쿼리를 기록할 한계시간. 0 은 slow 쿼리 로깅을 하지 않음.
  max-select-point = 0
  max-select-series = 0
  max-select-buckets = 0
 
# 데이터 보관기간 설정.
[retention]
  enabled = true # 설정 사용함.
  check-interval = "30m" # 보관기간 정책 체크할 인터발 시간. 30분에 한번씩 보관기간 정책 체크.
 
# 모니터링 데이터를 위한 내부 데이터베이스 생성 설정.
[monitor]
  store-enabled = true # 내부 데이터베이스 생성 활성화.
  store-database = "_internal" # 저정할 데이터베이스 이름
  store-interval = "10s" # 10마다 통계치를 저장.
 
# Web 기반 관리자 페이지 설정
[admin]
  enabled = true
  bind-address = ":8083"
  https-enabled = false
  https-certificate = "/etc/ssl/influxdb.pem"
 
# HTTP 엔드포인트 설정. 이것은 InfluxDB 에서 데이터를 넣고 빼는데 핵심이 되는 매커니즘이다.
[http]
  enabled = true
  bind-address = ":8086"
  auth-enabled = true
  log-enabled = true
  write-tracing = false
  pprof-enabled = false # 트러블슈팅이나 모니터링에 사용함.
  https-enabled = false
  https-certificate = "/etc/ssl/influxdb.pem"
  ### Use a separate private key location.
  # https-private-key = ""
  max-row-limit = 10000
  realm = "InfluxDB"
 
# 사용하지 않음.
[[graphite]]
  enabled = false
 
# 사용하지 않음.
[[collectd]]
  enabled = false
 
# 사용하지 않음.
[[opentsdb]]
  enabled = false
 
# 사용하지 않음.
[[udp]]
  enabled = false
 
# 지속적인 쿼리. 이 기능은 아주 유용한데, 일단 활성화를 해둔다.
[continuous_queries]
  enabled = true
  log-enabled = true
  run-interval = "5s"

influxdb v2로 설치하니, 그라파나에서 쿼리를 코딩처럼 해야되더군요.

prometheus에 비해 쿼리 작성이 너무 어려워서... 한번 influxdb v1으로 설치해 봅니다.

root@syslogserver:~# apt install influxdb
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
다음 새 패키지를 설치할 것입니다:
  influxdb
0개 업그레이드, 1개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
0 바이트/54.4 M바이트 아카이브를 받아야 합니다.
이 작업 후 153 M바이트의 디스크 공간을 더 사용하게 됩니다.
Selecting previously unselected package influxdb.
(데이터베이스 읽는중 ...현재 329680개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../influxdb_1.8.10-1_amd64.deb ...
Unpacking influxdb (1.8.10-1) ...
influxdb (1.8.10-1) 설정하는 중입니다 ...
Created symlink /etc/systemd/system/influxd.service → /lib/systemd/system/influxdb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/influxdb.service → /lib/systemd/system/influxdb.service.
Processing triggers for man-db (2.10.2-1) ...
root@syslogserver:~#

telegraf -> influxdb -> grafana 연동을 해보려고 작성해 봤습니다.

root@syslogserver:~# influx
Connected to http://localhost:8086 version 1.8.10
InfluxDB shell version: 1.8.10
> show databases
name: databases
name
----
_internal
> create database telegrafdb
> create user telegraf with password 'password0'
>
> grant all on telegrafdb to telegraf
> show databaes
ERR: error parsing query: found databaes, expected CONTINUOUS, DATABASES, DIAGNOSTICS, FIELD, GRANTS, MEASUREMENT, MEASUREMENTS, QUERIES, RETENTION, SERIES, SHARD, SHARDS, STATS, SUBSCRIPTIONS, TAG, USERS at line 1, char 6
Warning: It is possible this error is due to not setting a database.
Please set a database with the command "use <database>".
> show databases
name: databases
name
----
_internal
telegrafdb
> quit
root@syslogserver:~#

root@syslogserver:~# vi /etc/telegraf/telegraf.conf

#[[outputs.influxdb]]
  ## The full HTTP or UDP URL for your InfluxDB instance.
  ##
  ## Multiple URLs can be specified for a single cluster, only ONE of the
  ## urls will be written to each interval.
  # urls = ["unix:///var/run/influxdb.sock"]
  # urls = ["udp://127.0.0.1:8089"]
  urls = ["http://192.168.000.000:8086"]

  ## The target database for metrics; will be created as needed.
  ## For UDP url endpoint database needs to be configured on server side.
  database = "telegrafdb"

  ## The value of this tag will be used to determine the database.  If this
  ## tag is not set the 'database' option is used as the default.
  # database_tag = ""

  ## If true, the 'database_tag' will not be included in the written metric.
  # exclude_database_tag = false

  ## If true, no CREATE DATABASE queries will be sent.  Set to true when using
  ## Telegraf with a user without permissions to create databases or when the
  ## database already exists.
  # skip_database_creation = false

  ## Name of existing retention policy to write to.  Empty string writes to
  ## the default retention policy.  Only takes effect when using HTTP.
  retention_policy = ""

  ## The value of this tag will be used to determine the retention policy.  If this
  ## tag is not set the 'retention_policy' option is used as the default.
  # retention_policy_tag = ""

  ## If true, the 'retention_policy_tag' will not be included in the written metric.
  # exclude_retention_policy_tag = false

  ## Write consistency (clusters only), can be: "any", "one", "quorum", "all".
  ## Only takes effect when using HTTP.
  # write_consistency = "any"

  ## Timeout for HTTP messages.
  timeout = "5s"

  ## HTTP Basic Auth
  username = "telegraf"
  password = "password0"

이후 그라파나의 Data source 추가를 influxdb로 하시면 됩니다.

제목처럼 나온다면 로그인한 계정의 경로 확인

파일 생성 전

root@syslogserver:~/.snmp# ls -al
total 8
drwxr-xr-x  2 root root 4096  3월 15 17:04 .
drwx------ 13 root root 4096  3월 15 16:58 ..
lrwxrwxrwx  1 root root   25  3월 15 16:58 mibs -> /usr/share/snmp/mibs/ietf
root@syslogserver:~# snmpwalk -v2c -c test 192.168.000.000 fgSysCpuUsage
MIB search path: mibs
Cannot find module (SNMPv2-MIB): At line 0 in (none)
Cannot find module (IF-MIB): At line 0 in (none)
Cannot find module (IP-MIB): At line 0 in (none)
Cannot find module (TCP-MIB): At line 0 in (none)
Cannot find module (UDP-MIB): At line 0 in (none)
Cannot find module (HOST-RESOURCES-MIB): At line 0 in (none)
Cannot find module (NOTIFICATION-LOG-MIB): At line 0 in (none)
Cannot find module (DISMAN-EVENT-MIB): At line 0 in (none)
Cannot find module (DISMAN-SCHEDULE-MIB): At line 0 in (none)
Cannot find module (UCD-SNMP-MIB): At line 0 in (none)
Cannot find module (UCD-DEMO-MIB): At line 0 in (none)
Cannot find module (SNMP-TARGET-MIB): At line 0 in (none)
Cannot find module (NET-SNMP-AGENT-MIB): At line 0 in (none)
Cannot find module (HOST-RESOURCES-TYPES): At line 0 in (none)
Cannot find module (SNMP-FRAMEWORK-MIB): At line 0 in (none)
Cannot find module (SNMP-MPD-MIB): At line 0 in (none)
Cannot find module (SNMP-USER-BASED-SM-MIB): At line 0 in (none)
Cannot find module (SNMP-VIEW-BASED-ACM-MIB): At line 0 in (none)
Cannot find module (SNMP-COMMUNITY-MIB): At line 0 in (none)
Cannot find module (IPV6-ICMP-MIB): At line 0 in (none)
Cannot find module (IPV6-MIB): At line 0 in (none)
Cannot find module (IPV6-TCP-MIB): At line 0 in (none)
Cannot find module (IPV6-UDP-MIB): At line 0 in (none)
Cannot find module (IP-FORWARD-MIB): At line 0 in (none)
Cannot find module (NET-SNMP-PASS-MIB): At line 0 in (none)
Cannot find module (NET-SNMP-EXTEND-MIB): At line 0 in (none)
Cannot find module (UCD-DLMOD-MIB): At line 0 in (none)
Cannot find module (SNMP-NOTIFICATION-MIB): At line 0 in (none)
Cannot find module (SNMPv2-TM): At line 0 in (none)
Cannot find module (NET-SNMP-VACM-MIB): At line 0 in (none)
snmpwalk: Unknown host (fgSysCpuUsage) (Resource temporarily unavailable)
root@syslogserver:~#

파일 생성 후

root@syslogserver:~/.snmp# ln -s /etc/snmp/snmp.conf ./snmp.conf
root@syslogserver:~/.snmp# ls -al
total 8
drwxr-xr-x  2 root root 4096  3월 15 17:07 .
drwx------ 13 root root 4096  3월 15 16:58 ..
lrwxrwxrwx  1 root root   25  3월 15 16:58 mibs -> /usr/share/snmp/mibs/ietf
lrwxrwxrwx  1 root root   19  3월 15 17:07 snmp.conf -> /etc/snmp/snmp.conf
root@syslogserver:~/.snmp# snmpwalk -v2c -c test 192.168.000.000 fgSysCpuUsage
 /usr/share/snmp/mibs/ietf: No such file or directory
fgSysCpuUsage: Unknown Object Identifier (Sub-id not found: (top) -> fgSysCpuUsage)
root@syslogserver:~/.snmp#

아래 경로에도 mibs 폴더 추가해주세요.

root@syslogserver:/var/lib/snmp# ln -s /usr/share/snmp/mibs/ietf ./mibs

메시지가 변경 됐어요.

fortigate의 snmp 정보를 prometheus에 불러오려고 하는데, MIBS 값이 먹히지 않아서 몇일 고생했네요.

아직 해결된 건 아닙니다만, 하나의 힌트를 발견하여 기록합니다.

root@syslogserver:~# influx org list
ID                      Name
0abaf03af8aafaa00       test

root@syslogserver:~# vi /etc/telegraf/telegraf.conf

# 아래 outputs.influxdb_v2 항목을 내 환경에 맞게 수정

# # Configuration for sending metrics to InfluxDB
  [[outputs.influxdb_v2]]
#   ## The URLs of the InfluxDB cluster nodes.
#   ##
#   ## Multiple URLs can be specified for a single cluster, only ONE of the
#   ## urls will be written to each interval.
#   ##   ex: urls = ["https://us-west-2-1.aws.cloud2.influxdata.com"]
    urls = ["http://127.0.0.1:8086"]
#
#   ## Token for authentication.
    token = "**********************************=="
#
#   ## Organization is the name of the organization you wish to write to; must exist.
    organization = "test"
#
#   ## Destination bucket to write into.
    bucket = "test-bucket"
#
#   ## The value of this tag will be used to determine the bucket.  If this
#   ## tag is not set the 'bucket' option is used as the default.
#   # bucket_tag = ""
#
#   ## If true, the bucket tag will not be added to the metric.
#   # exclude_bucket_tag = false
#
#   ## Timeout for HTTP messages.
    timeout = "5s"

위의 정보들을 잘 모를 때에는 아래 게시판 참조 하세요.

[token]

https://dirt-spoon.tistory.com/267

[org]

https://dirt-spoon.tistory.com/269

root@syslogserver:~# influx auth list
ID                      Description     Token                                                                                           User Name       User ID                 Permissions
0abaf03af8aafaa00       bpadmin's Token **************************************************************************************==        admin           0abaf03af8aafaa00       [read:/authorizations write:/authorizations read:/buckets write:/buckets read:/dashboards write:/dashboards read:/orgs write:/orgs read:/sources write:/sources read:/tasks write:/tasks read:/telegrafs write:/telegrafs read:/users write:/users read:/variables write:/variables read:/scrapers write:/scrapers read:/secrets write:/secrets read:/labels write:/labels read:/views write:/views read:/documents write:/documents read:/notificationRules write:/notificationRules read:/notificationEndpoints write:/notificationEndpoints read:/checks write:/checks read:/dbrp write:/dbrp read:/notebooks write:/notebooks read:/annotations write:/annotations read:/remotes write:/remotes read:/replications write:/replications]
root@syslogserver:~#

공식 사이트 정보

https://www.influxdata.com/downloads/

설치 방법

# influxdata-archive_compat.key GPG fingerprint:
#     9D53 9D90 D332 8DC7 D6C8 D3B9 D8FF 8E1F 7DF8 B07E
wget -q https://repos.influxdata.com/influxdata-archive_compat.key
echo '393e8779c89ac8d958f81f942f9ad7fb82a25e133faddaf92e15b16e6ac9ce4c influxdata-archive_compat.key' | sha256sum -c && cat influxdata-archive_compat.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg > /dev/null
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/influxdata-archive_compat.gpg] https://repos.influxdata.com/debian stable main' | sudo tee /etc/apt/sources.list.d/influxdata.list

sudo apt-get update && sudo apt-get install telegraf

root@syslogserver:~# apt install telegraf
패키지 목록을 읽는 중입니다... 완료
의존성 트리를 만드는 중입니다... 완료
상태 정보를 읽는 중입니다... 완료
다음 새 패키지를 설치할 것입니다:
  telegraf
0개 업그레이드, 1개 새로 설치, 0개 제거 및 5개 업그레이드 안 함.
60.4 M바이트 아카이브를 받아야 합니다.
이 작업 후 225 M바이트의 디스크 공간을 더 사용하게 됩니다.
받기:1 https://repos.influxdata.com/debian stable/main amd64 telegraf amd64 1.30.0-1 [60.4 MB]
내려받기 60.4 M바이트, 소요시간 7초 (8,265 k바이트/초)
Selecting previously unselected package telegraf.
(데이터베이스 읽는중 ...현재 329648개의 파일과 디렉터리가 설치되어 있습니다.)
Preparing to unpack .../telegraf_1.30.0-1_amd64.deb ...
Unpacking telegraf (1.30.0-1) ...
telegraf (1.30.0-1) 설정하는 중입니다 ...
Created symlink /etc/systemd/system/multi-user.target.wants/telegraf.service → /lib/systemd/system/telegraf.service.
root@syslogserver:~# systemctl enable telegraf.service
root@syslogserver:~#