下記URLを参考にVirtualBoxのVM(CentOS7)に CloudWatchAgent をインストールしてみます。
https://docs.aws.amazon.com/ja_jp/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-on-first-onprem.html
1.IAMユーザ作成
グループを作成します。
[root@centos701]# aws iam create-group --group-name WatchGroup { "Group": { "Path": "/", "CreateDate": "2018-08-22T23:12:11Z", "GroupId": "AGPAJ4JOAVM6OWOBHN6NS", "Arn": "arn:aws:iam::0123456789:group/WatchGroup", "GroupName": "WatchGroup" } }
ユーザを作成します。
[root@centos701]# aws iam create-user --user-name WatchUser { "User": { "UserName": "WatchUser", "Path": "/", "CreateDate": "2018-08-22T23:12:13Z", "UserId": "AIDAJ3RIMXJMFJLANLUHG", "Arn": "arn:aws:iam::0123456789:user/WatchUser" } }
ユーザをグループに追加します。
[root@centos701]# aws iam add-user-to-group --user-name WatchUser --group-name WatchGroup
グループを確認します。
[root@centos701]# aws iam get-group --group-name WatchGroup { "Group": { "Path": "/", "CreateDate": "2018-08-22T23:12:11Z", "GroupId": "AGPAJ4JOAVM6OWOBHN6NS", "Arn": "arn:aws:iam::0123456789:group/WatchGroup", "GroupName": "WatchGroup" }, "Users": [ { "UserName": "WatchUser", "Path": "/", "CreateDate": "2018-08-22T23:12:13Z", "UserId": "AIDAJ3RIMXJMFJLANLUHG", "Arn": "arn:aws:iam::0123456789:user/WatchUser" } ] }
グループにポリシーを設定します。
CloudWatchAgentの設定ファイルをSSMのパラメータストアに保存したいので、AmazonSSMFullAccess を設定しています。
[root@centos701]# aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy --group-name WatchGroup [root@centos701]# aws iam attach-group-policy --policy-arn arn:aws:iam::aws:policy/AmazonSSMFullAccess --group-name WatchGroup
グループに設定したポリシーを確認します。
[root@centos701]# aws iam list-attached-group-policies --group-name WatchGroup { "AttachedPolicies": [ { "PolicyName": "CloudWatchAgentAdminPolicy", "PolicyArn": "arn:aws:iam::aws:policy/CloudWatchAgentAdminPolicy" }, { "PolicyName": "AmazonSSMFullAccess", "PolicyArn": "arn:aws:iam::aws:policy/AmazonSSMFullAccess" } ] }
ユーザのアクセスキーを作成します。
[root@centos701]# aws iam create-access-key --user-name WatchUser { "AccessKey": { "UserName": "WatchUser", "Status": "Active", "CreateDate": "2018-08-22T23:12:33Z", "SecretAccessKey": "xxxxxxxxxxxxxxxxxxxxx", "AccessKeyId": "AKIXXXXXXXXXXXXX" } }
2.CloudWatchAgentのインストール
作業用のディレクトリを作成してCloudWatchAgentのパッケージをダウンロードします。
[root@centos701]# mkdir cw [root@centos701]# cd cw [root@centos701 cw]# curl -OL https://s3.amazonaws.com/amazoncloudwatch-agent/linux/amd64/latest/AmazonCloudWatchAgent.zip
アーカイブを解凍します。
[root@centos701 cw]# unzip AmazonCloudWatchAgent.zip
インストールスクリプトを実行します。
[root@centos701 cw]# ./install.sh Created symlink from /etc/systemd/system/multi-user.target.wants/amazon-cloudwatch-agent.service to /etc/systemd/system/amazon-cloudwatch-agent.service. Redirecting to /bin/systemctl restart amazon-cloudwatch-agent.service
3.aws-cli の設定
aws-cli のプロファイル(AmazonCloudWatchAgent)を作成します。
"aws configure --profile AmazonCloudWatchAgent" を実行するか、直接設定ファイルを修正します。
~/.aws/credentials に以下を追加します。上記1で作成したユーザのアクセスキーを設定します。
[AmazonCloudWatchAgent] aws_access_key_id=AKIXXXXXXXXXXXXX aws_secret_access_key=xxxxxxxxxxxxxxxxxxxxx
~/.aws/config に以下を追加します。
[profile AmazonCloudWatchAgent] region = us-east-1
4.CludWatchAgentの設定ファイル作成
CloudWatchAgentの設定ファイルを作成します。
今回は、設定ファイルをサーバには保存しないで、SSMのパラメータストアに保存します。
また、収集するメトリックスは 「BASIC」、ログは、「/var/log/messages」とします。
[root@centos701]# /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-config-wizard ============================================================= = Welcome to the AWS CloudWatch Agent Configuration Manager = ============================================================= On which OS are you planning to use the agent? 1. linux 2. windows default choice: [1]: Trying to fetch the default region based on ec2 metadata... Are you using EC2 or On-Premises hosts? 1. EC2 2. On-Premises default choice: [2]: Please make sure the credentials and region set correctly on your hosts. Refer to http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html Do you want to monitor any host metrics? e.g. CPU, memory, etc. 1. yes 2. no default choice: [1]: Do you want to monitor cpu metrics per core? Additional CloudWatch charges may apply. 1. yes 2. no default choice: [1]: Would you like to collect your metrics at high resolution (sub-minute resolution)? This enables sub-minute resolution for all metrics, but you can customize for specific metrics in the output json file. 1. 1s 2. 10s 3. 30s 4. 60s default choice: [4]: Which default metrics config do you want? 1. Basic 2. Standard 3. Advanced 4. None default choice: [1]: Current config as follows: { "metrics": { "metrics_collected": { "cpu": { "measurement": [ "cpu_usage_idle" ], "metrics_collection_interval": 60, "resources": [ "*" ], "totalcpu": true }, "disk": { "measurement": [ "used_percent" ], "metrics_collection_interval": 60, "resources": [ "*" ] }, "diskio": { "measurement": [ "write_bytes", "read_bytes", "writes", "reads" ], "metrics_collection_interval": 60, "resources": [ "*" ] }, "mem": { "measurement": [ "mem_used_percent" ], "metrics_collection_interval": 60 }, "net": { "measurement": [ "bytes_sent", "bytes_recv", "packets_sent", "packets_recv" ], "metrics_collection_interval": 60, "resources": [ "*" ] }, "swap": { "measurement": [ "swap_used_percent" ], "metrics_collection_interval": 60 } } } } Are you satisfied with the above config? Note: it can be manually customized after the wizard completes to add additional items. 1. yes 2. no default choice: [1]: Do you have any existing CloudWatch Log Agent (http://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AgentReference.html) configuration file to import for migration? 1. yes 2. no default choice: [2]: Do you want to monitor any log files? 1. yes 2. no default choice: [1]: Log file path: /var/log/messages Log group name: default choice: [messages] Do you want to specify any additional log files to monitor? 1. yes 2. no default choice: [1]: 2 Saved config file to /opt/aws/amazon-cloudwatch-agent/bin/config.json successfully. Current config as follows: { "logs": { "logs_collected": { "files": { "collect_list": [ { "file_path": "/var/log/messages", "log_group_name": "messages" } ] } } }, "metrics": { "metrics_collected": { "cpu": { "measurement": [ "cpu_usage_idle" ], "metrics_collection_interval": 60, "resources": [ "*" ], "totalcpu": true }, "disk": { "measurement": [ "used_percent" ], "metrics_collection_interval": 60, "resources": [ "*" ] }, "diskio": { "measurement": [ "write_bytes", "read_bytes", "writes", "reads" ], "metrics_collection_interval": 60, "resources": [ "*" ] }, "mem": { "measurement": [ "mem_used_percent" ], "metrics_collection_interval": 60 }, "net": { "measurement": [ "bytes_sent", "bytes_recv", "packets_sent", "packets_recv" ], "metrics_collection_interval": 60, "resources": [ "*" ] }, "swap": { "measurement": [ "swap_used_percent" ], "metrics_collection_interval": 60 } } } } Please check the above content of the config. The config file is also located at /opt/aws/amazon-cloudwatch-agent/bin/config.json. Edit it manually if needed. Do you want to store the config in the SSM parameter store? 1. yes 2. no default choice: [1]: What parameter store name do you want to use to store your config? (Use 'AmazonCloudWatch-' prefix if you use our managed AWS policy) default choice: [AmazonCloudWatch-linux] Which region do you want to store the config in the parameter store? default choice: [us-east-1] Which AWS credential should be used to send json config to parameter store? 1. AKIAIUPXXXXXXXX(From SDK) 2. AKIAJROXXXXXXXX(From Profile: AmazonCloudWatchAgent) 3. Other default choice: [1]: 2 Successfully put config to parameter store AmazonCloudWatch-linux. Program exits now.
パラメータストアに保存された内容を確認します。
[root@centos701 ~]# aws ssm get-parameter --name AmazonCloudWatch-linux { "Parameter": { "Version": 1, "Type": "String", "Name": "AmazonCloudWatch-linux", "Value": "{\n\t\"logs\": {\n\t\t\"logs_collected\": {\n\t\t\t\"files\": {\n\t\t\t\t\"collect_list\": [\n\t\t\t\t\t{\n\t\t\t\t\t\t\"file_path\": \"/var/log/messages\",\n\t\t\t\t\t\t\"log_group_name\": \"messages\"\n\t\t\t\t\t}\n\t\t\t\t]\n\t\t\t}\n\t\t}\n\t},\n\t\"metrics\": {\n\t\t\"metrics_collected\": {\n\t\t\t\"cpu\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"cpu_usage_idle\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60,\n\t\t\t\t\"resources\": [\n\t\t\t\t\t\"*\"\n\t\t\t\t],\n\t\t\t\t\"totalcpu\": true\n\t\t\t},\n\t\t\t\"disk\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"used_percent\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60,\n\t\t\t\t\"resources\": [\n\t\t\t\t\t\"*\"\n\t\t\t\t]\n\t\t\t},\n\t\t\t\"diskio\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"write_bytes\",\n\t\t\t\t\t\"read_bytes\",\n\t\t\t\t\t\"writes\",\n\t\t\t\t\t\"reads\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60,\n\t\t\t\t\"resources\": [\n\t\t\t\t\t\"*\"\n\t\t\t\t]\n\t\t\t},\n\t\t\t\"mem\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"mem_used_percent\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60\n\t\t\t},\n\t\t\t\"net\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"bytes_sent\",\n\t\t\t\t\t\"bytes_recv\",\n\t\t\t\t\t\"packets_sent\",\n\t\t\t\t\t\"packets_recv\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60,\n\t\t\t\t\"resources\": [\n\t\t\t\t\t\"*\"\n\t\t\t\t]\n\t\t\t},\n\t\t\t\"swap\": {\n\t\t\t\t\"measurement\": [\n\t\t\t\t\t\"swap_used_percent\"\n\t\t\t\t],\n\t\t\t\t\"metrics_collection_interval\": 60\n\t\t\t}\n\t\t}\n\t}\n}" } }
5.CloudWatchAgent を開始する
上記4でパラメータストアに保存した設定を変数で指定し、CloudWatchAgentを開始します。
[root@centos701]# /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m onPremise -c ssm:AmazonCloudWatch-linux -s /opt/aws/amazon-cloudwatch-agent/bin/config-downloader --output-file /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json --download-source ssm:AmazonCloudWatch-linux --mode onPrem --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml Got Home directory: /root Set home dir Linux: /root Start configuration validation... /opt/aws/amazon-cloudwatch-agent/bin/config-translator --input /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json --output /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml --mode onPrem --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml Valid Json input schema. Got Home directory: /root Got Home directory: /root Set home dir Linux: /root 2018/08/23 08:28:07 E! ec2metadata is not available 2018/08/23 08:28:07 E! ec2metadata is not available Under path : /logs/ | Info : Using centos701 as log_stream_name Configuration validation first phase succeeded /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -schematest -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml Configuration validation second phase succeeded Configuration validation succeeded Redirecting to /bin/systemctl stop amazon-cloudwatch-agent.service Redirecting to /bin/systemctl restart amazon-cloudwatch-agent.service
CloudWatchAgent が起動したことを確認します。
[root@centos701 cw]# systemctl status amazon-cloudwatch-agent ● amazon-cloudwatch-agent.service - Amazon CloudWatch Agent Loaded: loaded (/etc/systemd/system/amazon-cloudwatch-agent.service; enabled; vendor preset: disabled) Active: active (running) since 木 2018-08-23 08:28:07 JST; 4min 5s ago Main PID: 2361 (amazon-cloudwat) Memory: 12.1M CGroup: /system.slice/amazon-cloudwatch-agent.service └─2361 /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -pidfile /opt/aws/amazon-cloudwa .. 8月 23 08:28:10 centos701 start-amazon-cloudwatch-agent[2361]: Valid Json input schema. 8月 23 08:28:10 centos701 start-amazon-cloudwatch-agent[2361]: Got Home directory: /root 8月 23 08:28:10 centos701 start-amazon-cloudwatch-agent[2361]: Set home dir Linux: /root 8月 23 08:28:10 centos701 start-amazon-cloudwatch-agent[2361]: Got Home directory: /root 8月 23 08:28:11 centos701 start-amazon-cloudwatch-agent[2361]: 2018/08/23 08:28:11 E! ec2metadata is not availab 8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: 2018/08/23 08:28:12 E! ec2metadata is not availab 8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: Under path : /logs/ | Info : Using centos701 as l 8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: Configuration validation first phase succeeded 8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: 2018/08/23 08:28:12 I! AmazonCloudWatchAgent Vers 8月 23 08:28:12 centos701 start-amazon-cloudwatch-agent[2361]: 2018/08/23 08:28:12 Seeked /var/log/messages - &{ Hint: Some lines were ellipsized, use -l to show in full.
CloudWatch に収集されているかメトリックスを確認します。
CloudWatchAgentで収集したメトリックスは、namespace が "CWAgent" になるようです。
[root@centos701 cw]# aws cloudwatch list-metrics --namespace CWAgent --output text | head METRICS diskio_reads CWAgent DIMENSIONS host centos701 DIMENSIONS name sda METRICS diskio_writes CWAgent DIMENSIONS host centos701 DIMENSIONS name sda METRICS diskio_writes CWAgent DIMENSIONS host centos701 DIMENSIONS name sda2 METRICS diskio_reads CWAgent
CloudWatchLogs に収集されているか確認します。
[root@centos701 cw]# aws logs describe-log-streams --log-group-name messages { "logStreams": [ { "firstEventTimestamp": 1534935120318, "lastEventTimestamp": 1534935680678, "creationTime": 1534935128402, "uploadSequenceToken": "49585417476964286413865313731794451232034865543907549378", "logStreamName": "centos701", "lastIngestionTime": 1534980791209, "arn": "arn:aws:logs:us-east-1:0123456789:log-group:messages:log-stream:centos701", "storedBytes": 0 } ] }
[root@centos701 cw]# aws logs get-log-events --log-group-name messages --log-stream-name centos701 | head { "nextForwardToken": "f/34231215160138873141677890916998199662103777254773620736", "events": [ { "ingestionTime": 1534935129103, "timestamp": 1534935120318, "message": "Aug 22 16:21:42 [localhost] systemd: Time has been changed" }, { "ingestionTime": 1534935129103,