下記URLを参考にVirtualBoxのVM(CentOS7)に CloudWatchAgent をインストールしてみます。
https://docs.aws.amazon.com/ja_jp/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-first-onprem.html
1.IAMユーザ作成
グループを作成します。
[root@centos701]# aws iam create-group --group-name WatchGroup
{
"Group": {
"Path": "/",
"CreateDate": "2018-08-22T23:12:11Z",
"GroupId": "AGPAJ4JOAVM6OWOBHN6NS",
"Arn": "arn:aws:iam::0123456789:group/WatchGroup",
"GroupName": "WatchGroup"
}
}
ユーザを作成します。
[root@centos701]# aws iam create-user --user-name WatchUser
{
"User": {
"UserName": "WatchUser",
"Path": "/",
"CreateDate": "2018-08-22T23:12:13Z",
"UserId": "AIDAJ3RIMXJMFJLANLUHG",
"Arn": "arn:aws:iam::0123456789:user/WatchUser"
}
}
ユーザをグループに追加します。
[root@centos701]# aws iam add-user-to-group --user-name WatchUser --group-name WatchGroup
グループを確認します。
[root@centos701]# aws iam get-group --group-name WatchGroup
{
"Group": {
"Path": "/",
"CreateDate": "2018-08-22T23:12:11Z",
"GroupId": "AGPAJ4JOAVM6OWOBHN6NS",
"Arn": "arn:aws:iam::0123456789:group/WatchGroup",
"GroupName": "WatchGroup"
},
"Users": [
{
"UserName": "WatchUser",
"Path": "/",
"CreateDate": "2018-08-22T23:12:13Z",
"UserId": "AIDAJ3RIMXJMFJLANLUHG",
"Arn": "arn:aws:iam::0123456789:user/WatchUser"
}
]
}
グループにポリシーを設定します。
CloudWatchAgentの設定ファイルをSSMのパラメータストアに保存したいので、AmazonSSMFullAccess を設定しています。
[root@centos701]# aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy --group-name WatchGroup [root@centos701]# aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonSSMFullAccess --group-name WatchGroup
グループに設定したポリシーを確認します。
[root@centos701]# aws iam list-attached-group-policies --group-name WatchGroup
{
"AttachedPolicies": [
{
"PolicyName": "CloudWatchAgentAdminPolicy",
"PolicyArn": "arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy"
},
{
"PolicyName": "AmazonSSMFullAccess",
"PolicyArn": "arn:aws:iam::aws:policy/AmazonSSMFullAccess"
}
]
}
ユーザのアクセスキーを作成します。
[root@centos701]# aws iam create-access-key --user-name WatchUser
{
"AccessKey": {
"UserName": "WatchUser",
"Status": "Active",
"CreateDate": "2018-08-22T23:12:33Z",
"SecretAccessKey": "xxxxxxxxxxxxxxxxxxxxx",
"AccessKeyId": "AKIXXXXXXXXXXXXX"
}
}
2.CloudWatchAgentのインストール
作業用のディレクトリを作成してCloudWatchAgentのパッケージをダウンロードします。
[root@centos701]# mkdir cw [root@centos701]# cd cw [root@centos701 cw]# curl -OL https://s3.amazonaws.com/amazoncloudwatch-agent/linux/amd64/latest/AmazonCloudWatchAgent.zip
アーカイブを解凍します。
[root@centos701 cw]# unzip AmazonCloudWatchAgent.zip
インストールスクリプトを実行します。
[root@centos701 cw]# ./install.sh Created symlink from /etc/systemd/system/multi-user.target.wants/amazon-cloudwatch-agent.service to /etc/systemd/system/amazon-cloudwatch-agent.service. Redirecting to /bin/systemctl restart amazon-cloudwatch-agent.service
3.aws-cli の設定
aws-cli のプロファイル(AmazonCloudWatchAgent)を作成します。
"aws configure --profile AmazonCloudWatchAgent" を実行するか、直接設定ファイルを修正します。
~/.aws/credentials に以下を追加します。上記1で作成したユーザのアクセスキーを設定します。
[AmazonCloudWatchAgent] aws_access_key_id=AKIXXXXXXXXXXXXX aws_secret_access_key=xxxxxxxxxxxxxxxxxxxxx
~/.aws/config に以下を追加します。
[profile AmazonCloudWatchAgent] region = us-east-1
4.CludWatchAgentの設定ファイル作成
CloudWatchAgentの設定ファイルを作成します。
今回は、設定ファイルをサーバには保存しないで、SSMのパラメータストアに保存します。
また、収集するメトリックスは 「BASIC」、ログは、「/var/log/messages」とします。
[root@centos701]# /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard
=============================================================
= Welcome to the AWS CloudWatch Agent Configuration Manager =
=============================================================
On which OS are you planning to use the agent?
1. linux
2. windows
default choice: [1]:
Trying to fetch the default region based on ec2 metadata...
Are you using EC2 or On-Premises hosts?
1. EC2
2. On-Premises
default choice: [2]:
Please make sure the credentials and region set correctly on your hosts.
Refer to http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html
Do you want to monitor any host metrics? e.g. CPU, memory, etc.
1. yes
2. no
default choice: [1]:
Do you want to monitor cpu metrics per core? Additional CloudWatch charges may apply.
1. yes
2. no
default choice: [1]:
Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file.
1. 1s
2. 10s
3. 30s
4. 60s
default choice: [4]:
Which default metrics config do you want?
1. Basic
2. Standard
3. Advanced
4. None
default choice: [1]:
Current config as follows:
{
"metrics": {
"metrics_collected": {
"cpu": {
"measurement": [
"cpu_usage_idle"
],
"metrics_collection_interval": 60,
"resources": [
"*"
],
"totalcpu": true
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"diskio": {
"measurement": [
"write_bytes",
"read_bytes",
"writes",
"reads"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"net": {
"measurement": [
"bytes_sent",
"bytes_recv",
"packets_sent",
"packets_recv"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"swap": {
"measurement": [
"swap_used_percent"
],
"metrics_collection_interval": 60
}
}
}
}
Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items.
1. yes
2. no
default choice: [1]:
Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration?
1. yes
2. no
default choice: [2]:
Do you want to monitor any log files?
1. yes
2. no
default choice: [1]:
Log file path:
/var/log/messages
Log group name:
default choice: [messages]
Do you want to specify any additional log files to monitor?
1. yes
2. no
default choice: [1]:
2
Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully.
Current config as follows:
{
"logs": {
"logs_collected": {
"files": {
"collect_list": [
{
"file_path": "/var/log/messages",
"log_group_name": "messages"
}
]
}
}
},
"metrics": {
"metrics_collected": {
"cpu": {
"measurement": [
"cpu_usage_idle"
],
"metrics_collection_interval": 60,
"resources": [
"*"
],
"totalcpu": true
},
"disk": {
"measurement": [
"used_percent"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"diskio": {
"measurement": [
"write_bytes",
"read_bytes",
"writes",
"reads"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"mem": {
"measurement": [
"mem_used_percent"
],
"metrics_collection_interval": 60
},
"net": {
"measurement": [
"bytes_sent",
"bytes_recv",
"packets_sent",
"packets_recv"
],
"metrics_collection_interval": 60,
"resources": [
"*"
]
},
"swap": {
"measurement": [
"swap_used_percent"
],
"metrics_collection_interval": 60
}
}
}
}
Please check the above content of the config.
The config file is also located at /opt/aws/amazon-cloudwatch-agent/bin/config.json.
Edit it manually if needed.
Do you want to store the config in the SSM parameter store?
1. yes
2. no
default choice: [1]:
What parameter store name do you want to use to store your config? (Use 'AmazonCloudWatch-' prefix if you use our managed AWS policy)
default choice: [AmazonCloudWatch-linux]
Which region do you want to store the config in the parameter store?
default choice: [us-east-1]
Which AWS credential should be used to send json config to parameter store?
1. AKIAIUPXXXXXXXX(From SDK)
2. AKIAJROXXXXXXXX(From Profile: AmazonCloudWatchAgent)
3. Other
default choice: [1]:
2
Successfully put config to parameter store AmazonCloudWatch-linux.
Program exits now.
パラメータストアに保存された内容を確認します。
[root@centos701 ~]# aws ssm get-parameter --name AmazonCloudWatch-linux
{
"Parameter": {
"Version": 1,
"Type": "String",
"Name": "AmazonCloudWatch-linux",
"Value": "{\n\t\"logs\": {\n\t\t\"logs_collected\": {\n\t\t\t\"files\": {\n\t\t\t\t\"collect_list\": [\n\t\t\t\t\t{\n\t\t\t\t\t\t\"file_path\": \"/var/log/messages\",\n\t\t\t\t\t\t\"log_group_name\": \"messages\"\n\t\t\t\t\t}\n\t\t\t\t]\n\t\t\t}\n\t\t}\n\t},\n\t\"metrics\": {\n\t\t\"metrics_collected\": {\n\t\t\t\"cpu\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"cpu_usage_idle\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60,\n\t\t\t\t\"resources\": [\n\t\t\t\t\t\"*\"\n\t\t\t\t],\n\t\t\t\t\"totalcpu\": true\n\t\t\t},\n\t\t\t\"disk\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"used_percent\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60,\n\t\t\t\t\"resources\": [\n\t\t\t\t\t\"*\"\n\t\t\t\t]\n\t\t\t},\n\t\t\t\"diskio\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"write_bytes\",\n\t\t\t\t\t\"read_bytes\",\n\t\t\t\t\t\"writes\",\n\t\t\t\t\t\"reads\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60,\n\t\t\t\t\"resources\": [\n\t\t\t\t\t\"*\"\n\t\t\t\t]\n\t\t\t},\n\t\t\t\"mem\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"mem_used_percent\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60\n\t\t\t},\n\t\t\t\"net\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"bytes_sent\",\n\t\t\t\t\t\"bytes_recv\",\n\t\t\t\t\t\"packets_sent\",\n\t\t\t\t\t\"packets_recv\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60,\n\t\t\t\t\"resources\": [\n\t\t\t\t\t\"*\"\n\t\t\t\t]\n\t\t\t},\n\t\t\t\"swap\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"swap_used_percent\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60\n\t\t\t}\n\t\t}\n\t}\n}"
}
}
5.CloudWatchAgent を開始する
上記4でパラメータストアに保存した設定を変数で指定し、CloudWatchAgentを開始します。
[root@centos701]# /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -c ssm:AmazonCloudWatch-linux -s /opt/aws/amazon-cloudwatch-agent/bin/config-downloader --output-file /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json --download-source ssm:AmazonCloudWatch-linux --mode onPrem --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml Got Home directory: /root Set home dir Linux: /root Start configuration validation... /opt/aws/amazon-cloudwatch-agent/bin/config-translator --input /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json --output /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml --mode onPrem --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml Valid Json input schema. Got Home directory: /root Got Home directory: /root Set home dir Linux: /root 2018/08/23 08:28:07 E! ec2metadata is not available 2018/08/23 08:28:07 E! ec2metadata is not available Under path : /logs/ | Info : Using centos701 as log_stream_name Configuration validation first phase succeeded /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -schematest -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml Configuration validation second phase succeeded Configuration validation succeeded Redirecting to /bin/systemctl stop amazon-cloudwatch-agent.service Redirecting to /bin/systemctl restart amazon-cloudwatch-agent.service
CloudWatchAgent が起動したことを確認します。
[root@centos701 cw]# systemctl status amazon-cloudwatch-agent
● amazon-cloudwatch-agent.service - Amazon CloudWatch Agent
Loaded: loaded (/etc/systemd/system/amazon-cloudwatch-agent.service; enabled; vendor preset: disabled)
Active: active (running) since 木 2018-08-23 08:28:07 JST; 4min 5s ago
Main PID: 2361 (amazon-cloudwat)
Memory: 12.1M
CGroup: /system.slice/amazon-cloudwatch-agent.service
└─2361 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -pidfile /opt/aws/amazon-cloudwa ..
8月 23 08:28:10 centos701 start-amazon-cloudwatch-agent[2361]: Valid Json input schema.
8月 23 08:28:10 centos701 start-amazon-cloudwatch-agent[2361]: Got Home directory: /root
8月 23 08:28:10 centos701 start-amazon-cloudwatch-agent[2361]: Set home dir Linux: /root
8月 23 08:28:10 centos701 start-amazon-cloudwatch-agent[2361]: Got Home directory: /root
8月 23 08:28:11 centos701 start-amazon-cloudwatch-agent[2361]: 2018/08/23 08:28:11 E! ec2metadata is not availab
8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: 2018/08/23 08:28:12 E! ec2metadata is not availab
8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: Under path : /logs/ | Info : Using centos701 as l
8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: Configuration validation first phase succeeded
8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: 2018/08/23 08:28:12 I! AmazonCloudWatchAgent Vers
8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: 2018/08/23 08:28:12 Seeked /var/log/messages - &{
Hint: Some lines were ellipsized, use -l to show in full.
CloudWatch に収集されているかメトリックスを確認します。
CloudWatchAgentで収集したメトリックスは、namespace が "CWAgent" になるようです。
[root@centos701 cw]# aws cloudwatch list-metrics --namespace CWAgent --output text | head METRICS diskio_reads CWAgent DIMENSIONS host centos701 DIMENSIONS name sda METRICS diskio_writes CWAgent DIMENSIONS host centos701 DIMENSIONS name sda METRICS diskio_writes CWAgent DIMENSIONS host centos701 DIMENSIONS name sda2 METRICS diskio_reads CWAgent
CloudWatchLogs に収集されているか確認します。
[root@centos701 cw]# aws logs describe-log-streams --log-group-name messages
{
"logStreams": [
{
"firstEventTimestamp": 1534935120318,
"lastEventTimestamp": 1534935680678,
"creationTime": 1534935128402,
"uploadSequenceToken": "49585417476964286413865313731794451232034865543907549378",
"logStreamName": "centos701",
"lastIngestionTime": 1534980791209,
"arn": "arn:aws:logs:us-east-1:0123456789:log-group:messages:log-stream:centos701",
"storedBytes": 0
}
]
}
[root@centos701 cw]# aws logs get-log-events --log-group-name messages --log-stream-name centos701 | head
{
"nextForwardToken": "f/34231215160138873141677890916998199662103777254773620736",
"events": [
{
"ingestionTime": 1534935129103,
"timestamp": 1534935120318,
"message": "Aug 22 16:21:42 [localhost] systemd: Time has been changed"
},
{
"ingestionTime": 1534935129103,
