diff --git a/.gitignore b/.gitignore index 1e6aea4..4912f57 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,8 @@ central-server/data/ central-server/.env +central-server/config/vmauth/vmauth.yml +central-server/config/vmauth/tenants.csv +central-server/config/grafana/provisioning/datasources/victoriametrics.yml edge-agent/.env diff --git a/README.md b/README.md index b925e32..d32d376 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,9 @@ 中央 Prometheus 抓取本地 + 查 VictoriaMetrics → 告警 + Grafana ``` -边缘将指标推送到中央 VictoriaMetrics(8428);Grafana 查询边缘数据选 **VictoriaMetrics**,中央自抓选 **Prometheus**。 +边缘将指标推送到中央 vmauth(18428,带鉴权)再转发到 VictoriaMetrics;如果启用严格多租户(`central-server/config/vmauth/tenants.csv`),每个边缘节点用独立账号并写入各自 tenant,实现数据与查询隔离。 + +管理员要看所有租户:在 `central-server/.env` 配置 `VMAUTH_ADMIN_USER/VMAUTH_ADMIN_PASSWORD`。该账号可跨租户读取(通过 `/select//prometheus/...`),Grafana 建议用“数据源变量”在多租户数据源之间切换查看。 --- @@ -59,7 +61,7 @@ bash deploy.sh |------|------|-----| | Grafana | 3000 | http://localhost:3000 | | Prometheus | 9091 | http://localhost:9091 | -| VictoriaMetrics | 8428 | http://localhost:8428 | +| vmauth(VictoriaMetrics 入口) | 18428 | http://localhost:18428 | | Alertmanager | 9093 | http://localhost:9093 | | GPS 标注助手 | 4080 | http://localhost:4080 | | 边缘 vmagent | 9092 | http://localhost:9092 | diff --git a/central-server/CONFIGURATION.md b/central-server/CONFIGURATION.md index 29aa6bb..742ce7a 100644 --- a/central-server/CONFIGURATION.md +++ b/central-server/CONFIGURATION.md @@ -46,7 +46,7 @@ | `PROMETHEUS_PORT` | 9091 | Prometheus Web UI 端口(避免与 cockpit 冲突) | | `GRAFANA_PORT` | 3000 | Grafana Web UI 端口 | | `ALERTMANAGER_PORT` | 9093 | Alertmanager Web UI 端口 | -| `VICTORIAMETRICS_PORT` | 8428 | VictoriaMetrics 端口(边缘节点推送数据到此端口) | +| `VICTORIAMETRICS_PORT` | 18428 | vmauth 对外端口(边缘节点推送数据/查询都走此端口) | **注意**: - 如果端口被占用,修改 `.env` 文件中对应的端口号 diff --git a/central-server/config/grafana/provisioning/datasources/victoriametrics.yml b/central-server/config/grafana/provisioning/datasources/victoriametrics.yml index 5c4cf5e..0c51cc5 100644 --- a/central-server/config/grafana/provisioning/datasources/victoriametrics.yml +++ b/central-server/config/grafana/provisioning/datasources/victoriametrics.yml @@ -1,16 +1,20 @@ # VictoriaMetrics 数据源(边缘节点上报的数据存储在此) # 边缘节点通过 remote_write 推送到中央 VictoriaMetrics,本数据源用于在 Grafana 中查询这些数据 -# 使用前需在边缘节点配置:remote_write 指向中央服务器 VictoriaMetrics 地址(如 http://中央IP:8428/api/v1/write) +# 使用前需在边缘节点配置:remote_write 指向中央服务器 VictoriaMetrics 地址(如 http://中央IP:18428/api/v1/write) apiVersion: 1 datasources: - name: VictoriaMetrics type: prometheus access: proxy - url: http://victoria-metrics:8428 + url: http://vmauth:8427 isDefault: false editable: true + basicAuth: true + basicAuthUser: ${VMAUTH_READ_USER} jsonData: httpMethod: POST queryTimeout: 60s timeInterval: 15s + secureJsonData: + basicAuthPassword: ${VMAUTH_READ_PASSWORD} diff --git a/central-server/config/grafana/provisioning/datasources/victoriametrics.yml.template b/central-server/config/grafana/provisioning/datasources/victoriametrics.yml.template new file mode 100644 index 0000000..cf52ecf --- /dev/null +++ b/central-server/config/grafana/provisioning/datasources/victoriametrics.yml.template @@ -0,0 +1,18 @@ +# VictoriaMetrics 数据源(通过 vmauth 进行鉴权访问) +apiVersion: 1 + +datasources: + - name: VictoriaMetrics + type: prometheus + access: proxy + url: http://vmauth:8427 + isDefault: false + editable: true + basicAuth: true + basicAuthUser: "${VMAUTH_READ_USER}" + jsonData: + httpMethod: POST + queryTimeout: 60s + timeInterval: 15s + secureJsonData: + basicAuthPassword: "${VMAUTH_READ_PASSWORD}" diff --git a/central-server/config/prometheus/prometheus.yml b/central-server/config/prometheus/prometheus.yml index 10e54d5..ed89313 100644 --- a/central-server/config/prometheus/prometheus.yml +++ b/central-server/config/prometheus/prometheus.yml @@ -21,7 +21,10 @@ global: # 远程写入:将中央 Prometheus 抓取到的本地服务指标推送到 VictoriaMetrics # (边缘节点由 vmagent 直接 remote_write 到 VictoriaMetrics) remote_write: - - url: http://victoria-metrics:8428/api/v1/write + - url: http://vmauth:8427/api/v1/write + basic_auth: + username: ${VMAUTH_WRITE_USER} + password: ${VMAUTH_WRITE_PASSWORD} queue_config: max_samples_per_send: 10000 capacity: 20000 diff --git a/central-server/config/prometheus/prometheus.yml.template b/central-server/config/prometheus/prometheus.yml.template index 4873590..d99c40f 100644 --- a/central-server/config/prometheus/prometheus.yml.template +++ b/central-server/config/prometheus/prometheus.yml.template @@ -21,7 +21,10 @@ global: # 远程写入:将中央 Prometheus 抓取到的本地服务指标推送到 VictoriaMetrics # (边缘节点由 vmagent 直接 remote_write 到 VictoriaMetrics) remote_write: - - url: http://victoria-metrics:${VICTORIAMETRICS_PORT}/api/v1/write + - url: http://vmauth:8427/api/v1/write + basic_auth: + username: ${VMAUTH_WRITE_USER} + password: ${VMAUTH_WRITE_PASSWORD} queue_config: max_samples_per_send: ${PROMETHEUS_REMOTE_WRITE_MAX_SAMPLES} capacity: ${PROMETHEUS_REMOTE_WRITE_CAPACITY} @@ -40,7 +43,7 @@ scrape_configs: scrape_interval: ${PROMETHEUS_SCRAPE_INTERVAL}s metrics_path: '/metrics' static_configs: - - targets: ['victoria-metrics:${VICTORIAMETRICS_PORT}'] + - targets: ['victoria-metrics:8428'] # 抓取Alertmanager - job_name: 'alertmanager' diff --git a/central-server/config/vmauth/tenants.csv.example b/central-server/config/vmauth/tenants.csv.example new file mode 100644 index 0000000..559c9bb --- /dev/null +++ b/central-server/config/vmauth/tenants.csv.example @@ -0,0 +1,3 @@ +tenant_id,edge_node_id,write_user,write_password,read_user,read_password +1001,edge_a,edge_a_write,CHANGE_ME,edge_a_read,CHANGE_ME +1002,edge_b,edge_b_write,CHANGE_ME,edge_b_read,CHANGE_ME diff --git a/central-server/config/vmauth/vmauth.yml.template b/central-server/config/vmauth/vmauth.yml.template new file mode 100644 index 0000000..203c487 --- /dev/null +++ b/central-server/config/vmauth/vmauth.yml.template @@ -0,0 +1,6 @@ +unauthorized_user: + # 未认证请求默认拒绝 + url_map: [] + +# 注意:本文件将由 deploy.sh 根据 config/vmauth/tenants.csv 自动生成。 +users: [] diff --git a/central-server/deploy.sh b/central-server/deploy.sh index 2414363..32bfbc1 100644 --- a/central-server/deploy.sh +++ b/central-server/deploy.sh @@ -30,7 +30,7 @@ fi PROMETHEUS_PORT=${PROMETHEUS_PORT:-9091} GRAFANA_PORT=${GRAFANA_PORT:-3000} ALERTMANAGER_PORT=${ALERTMANAGER_PORT:-9093} -VICTORIAMETRICS_PORT=${VICTORIAMETRICS_PORT:-8428} +VICTORIAMETRICS_PORT=${VICTORIAMETRICS_PORT:-18428} PROMETHEUS_DATA_DIR=${PROMETHEUS_DATA_DIR:-./data/prometheus-data} GRAFANA_DATA_DIR=${GRAFANA_DATA_DIR:-./data/grafana-data} VICTORIAMETRICS_DATA_DIR=${VICTORIAMETRICS_DATA_DIR:-./data/victoria-metrics-data} @@ -46,6 +46,12 @@ PROMETHEUS_REMOTE_WRITE_MAX_SHARDS=${PROMETHEUS_REMOTE_WRITE_MAX_SHARDS:-10} GRAFANA_DEFAULT_LANGUAGE=${GRAFANA_DEFAULT_LANGUAGE:-zh-Hans} GRAFANA_DEFAULT_THEME=${GRAFANA_DEFAULT_THEME:-light} TRAEFIK_PROVIDER=${TRAEFIK_PROVIDER:-external} +VMAUTH_WRITE_USER=${VMAUTH_WRITE_USER:-vm_write} +VMAUTH_WRITE_PASSWORD=${VMAUTH_WRITE_PASSWORD:-change-me-strong-write} +VMAUTH_READ_USER=${VMAUTH_READ_USER:-vm_read} +VMAUTH_READ_PASSWORD=${VMAUTH_READ_PASSWORD:-change-me-strong-read} +VMAUTH_ADMIN_USER=${VMAUTH_ADMIN_USER:-vm_admin} +VMAUTH_ADMIN_PASSWORD=${VMAUTH_ADMIN_PASSWORD:-change-me-strong-admin} # 根据 TRAEFIK_ENABLED 与 TRAEFIK_PROVIDER 设置网络 if [ "${TRAEFIK_ENABLED:-false}" = "true" ]; then @@ -194,6 +200,147 @@ elif [ ! -f "config/prometheus/prometheus.yml" ]; then exit 1 fi +generate_vmauth_and_grafana_datasources() { + mkdir -p config/vmauth config/grafana/provisioning/datasources + + local tenants_file="config/vmauth/tenants.csv" + local vmauth_out="config/vmauth/vmauth.yml" + local grafana_out="config/grafana/provisioning/datasources/victoriametrics.yml" + + echo "📝 生成 vmauth 配置与 Grafana 数据源..." + + # vmauth header + cat > "$vmauth_out" <<'EOF' +unauthorized_user: + url_map: [] + +users: +EOF + + # grafana header + cat > "$grafana_out" <<'EOF' +apiVersion: 1 + +datasources: +EOF + + if [ -f "$tenants_file" ]; then + # CSV: tenant_id,edge_node_id,write_user,write_password,read_user,read_password + # Skip header line + tail -n +2 "$tenants_file" | while IFS=',' read -r tenant_id edge_node_id wuser wpass ruser rpass; do + # Skip empty lines + [ -z "$tenant_id" ] && continue + + # vmauth write user (route to per-tenant insert) + cat >> "$vmauth_out" <> "$vmauth_out" <> "$grafana_out" <> "$vmauth_out" <> "$grafana_out" </prometheus/...) + cat >> "$vmauth_out" </prometheus/... 查询接口(只读)。 +# 用途:管理员在同一套 Grafana 下查看所有租户(可在仪表盘用“数据源变量”切换租户)。 +VMAUTH_ADMIN_USER=vm_admin +VMAUTH_ADMIN_PASSWORD=change-me-strong-admin + # ============================================ # 数据存储路径 # ============================================ diff --git a/doc/ARCHITECTURE.md b/doc/ARCHITECTURE.md index 2e03677..eb0ee1c 100644 --- a/doc/ARCHITECTURE.md +++ b/doc/ARCHITECTURE.md @@ -9,7 +9,7 @@ │ remote_write (HTTP POST) ▼ ┌─ 中央服务器 ───────────────────────────────────┐ -│ VictoriaMetrics (8428) 接收边缘推送、存储 │ +│ vmauth (18428) 鉴权入口;后端 VictoriaMetrics 存储 │ │ │ 数据查询 │ │ ▼ │ │ Prometheus (9091) 抓取本地、告警评估 │ @@ -38,7 +38,7 @@ │ │ remote_write (HTTP POST) ▼ - VictoriaMetrics (8428) + vmauth (18428) -> VictoriaMetrics (container:8428) │ │ 数据存储 ▼ @@ -79,9 +79,9 @@ Alertmanager 处理告警 ## 容器详细说明 -### 1. VictoriaMetrics (8428) -- **作用**:远程写入接收器,存储时序数据 -- **接收**:边缘节点通过 `remote_write` 推送的数据 +### 1. vmauth (18428) +- **作用**:鉴权/路由入口,给 remote_write 与查询接口加访问控制 +- **接收**:边缘节点通过 `remote_write` 推送的数据(带 basic auth) - **提供**:数据查询接口 - **数据路径**:`/storage/victoria-metrics-data` @@ -121,7 +121,8 @@ monitoring_net (Docker Bridge) ├─ prometheus-central:9090 -> 宿主机 9091 ├─ grafana:3000 -> 宿主机 3000 ├─ alertmanager:9093 -> 宿主机 9093 -└─ victoria-metrics:8428 -> 宿主机 8428 +├─ vmauth:8427 -> 宿主机 18428 +└─ victoria-metrics:8428 -> (不对外暴露,仅容器网络可达) ``` ## 端口映射 @@ -131,7 +132,7 @@ monitoring_net (Docker Bridge) | Prometheus | 9090 | 9091 | PromQL 查询和 Web UI | | Grafana | 3000 | 3000 | 可视化仪表板 | | Alertmanager | 9093 | 9093 | 告警管理界面 | -| VictoriaMetrics | 8428 | 8428 | 远程写入和查询接口 | +| vmauth | 18428 | 8427 | 远程写入与查询入口(鉴权) | ## 数据存储 diff --git a/doc/BEST_PRACTICES.md b/doc/BEST_PRACTICES.md index 98cd9d2..8f3c8f9 100644 --- a/doc/BEST_PRACTICES.md +++ b/doc/BEST_PRACTICES.md @@ -40,14 +40,14 @@ # 开放端口 firewall-cmd --permanent --add-port=3000/tcp # Grafana firewall-cmd --permanent --add-port=9091/tcp # Prometheus -firewall-cmd --permanent --add-port=8428/tcp # VictoriaMetrics +firewall-cmd --permanent --add-port=18428/tcp # VictoriaMetrics firewall-cmd --permanent --add-port=9093/tcp # Alertmanager firewall-cmd --reload ``` **边缘节点**: - 不需要开放端口(只做数据推送) -- 确保可以访问中央服务器 8428 端口 +- 确保可以访问中央服务器 18428 端口 #### 网络优化 diff --git a/doc/CENTRAL_SERVER_CONFIG.md b/doc/CENTRAL_SERVER_CONFIG.md index 57eefd3..7bcbefb 100644 --- a/doc/CENTRAL_SERVER_CONFIG.md +++ b/doc/CENTRAL_SERVER_CONFIG.md @@ -22,7 +22,7 @@ central-server/ |------|------|------| | prometheus-central | 9091 | 自抓 + 告警评估;边缘数据由 Grafana 从 VictoriaMetrics 查询 | | grafana | 3000 | 数据源:Prometheus(中央自抓)、VictoriaMetrics(边缘数据) | -| victoria-metrics | 8428 | 接收边缘 remote_write | +| vmauth | 18428 | 边缘 remote_write 与 Grafana 查询入口(鉴权) | | alertmanager | 9093 | 告警路由与通知 | ## 关键配置摘要 diff --git a/doc/DEPLOYMENT_GUIDE.md b/doc/DEPLOYMENT_GUIDE.md index 77a258a..2d821f2 100644 --- a/doc/DEPLOYMENT_GUIDE.md +++ b/doc/DEPLOYMENT_GUIDE.md @@ -6,7 +6,7 @@ ## 第一步:部署中央服务器 -**前置**:Docker、Docker Compose;端口 3000、9091、8428、9093 未被占用;磁盘充足。 +**前置**:Docker、Docker Compose;端口 3000、9091、18428、9093 未被占用;磁盘充足。 ```bash cd central-server @@ -14,7 +14,7 @@ cp env.example .env # 可选,按需改端口、Traefik 等 bash deploy.sh ``` -**验证**:Grafana http://localhost:3000(admin/admin123)、Prometheus http://localhost:9091、VictoriaMetrics http://localhost:8428。 +**验证**:Grafana http://localhost:3000(admin/admin123)、Prometheus http://localhost:9091、vmauth(VictoriaMetrics 入口)http://localhost:18428。 **详细**:[CENTRAL_SERVER_CONFIG](CENTRAL_SERVER_CONFIG.md)、[central-server/CONFIGURATION.md](../central-server/CONFIGURATION.md)。 @@ -22,9 +22,9 @@ bash deploy.sh ## 第二步:部署边缘节点 -**前提**:中央已运行,VictoriaMetrics 8428 可访问。 +**前提**:中央已运行,vmauth(VictoriaMetrics 入口)18428 可访问。 -- **本机同机**:`cd edge-agent && bash deploy.sh --local`(中央地址设为 host.docker.internal:8428)。 +- **本机同机**:`cd edge-agent && bash deploy.sh --local`(中央地址设为 host.docker.internal:18428)。 - **边缘跨机**:`cd edge-agent` → 编辑 `.env` 中 `CENTRAL_SERVER_HOST=中央IP` → `bash deploy.sh`。 **验证**:边缘 http://localhost:9092;中央 Grafana 选数据源 **VictoriaMetrics**,查询 `probe_success{job="network-ping"}` 可见边缘数据。 @@ -32,7 +32,7 @@ bash deploy.sh **targets.csv**:部署时自动生成 target-*.json;修改 targets.csv 后需手动 `cd config && ./update-configs.sh`,vmagent 每 5 分钟自动重载。 **常见问题**: -- 看不到边缘数据:确认 `.env` 中为中央 IP(跨机不能用 host.docker.internal);`curl -s -o /dev/null -w "%{http_code}" http://<中央IP>:8428/health` 应为 200。 +- 看不到边缘数据:确认 `.env` 中为中央 IP(跨机不能用 host.docker.internal);`curl -s -o /dev/null -w "%{http_code}" http://<中央IP>:18428/health` 应为 200(需要带鉴权时用 `-u user:pass`)。 - 端口冲突:边缘已映射 9092,与中央 9091 区分。 **详细**:[EDGE_AGENT_CONFIG](EDGE_AGENT_CONFIG.md)、[TARGETS_AND_MONITORING](TARGETS_AND_MONITORING.md)。 diff --git a/doc/EDGE_AGENT_CONFIG.md b/doc/EDGE_AGENT_CONFIG.md index 6faa2df..4597140 100644 --- a/doc/EDGE_AGENT_CONFIG.md +++ b/doc/EDGE_AGENT_CONFIG.md @@ -27,7 +27,11 @@ - **config/targets.csv**:统一监控目标(ping/onvif/topology),格式与脚本见 [TARGETS_AND_MONITORING.md](TARGETS_AND_MONITORING.md)。 - **config/update-configs.sh**:从 targets.csv 生成 `target-onvif.json`、`target-ping.json`、`target-topology.geojson`。 - **prometheus-edge (vmagent)**:使用 `config/vmagent/vmagent-scrape.yml.template` 抓取;`CENTRAL_SERVER_HOST`/`PORT` 来自 `.env`;磁盘缓存卷 `vmagent-cache-data`。 -- **.env**:`CENTRAL_SERVER_HOST`、`CENTRAL_SERVER_PORT=8428`、`EDGE_NODE_ID`。本机同机用 `./deploy.sh --local`;跨机配 `.env` 后 `./deploy.sh`。 +- **.env**:`CENTRAL_SERVER_HOST`、`CENTRAL_SERVER_PORT=18428`、`VMAUTH_WRITE_USER`、`VMAUTH_WRITE_PASSWORD`、`EDGE_NODE_ID`。本机同机用 `./deploy.sh --local`;跨机配 `.env` 后 `./deploy.sh`。 + +## 严格多租户(推荐) + +中央启用 `central-server/config/vmauth/tenants.csv` 后,每个边缘节点建议配置独立的 `VMAUTH_WRITE_USER/VMAUTH_WRITE_PASSWORD`,与中央 tenants.csv 中对应的 write 账号一致;这样每个边缘写入各自 tenant,Grafana 也能按 tenant 独立查询。 ## 常用操作 diff --git a/doc/TROUBLESHOOTING.md b/doc/TROUBLESHOOTING.md index 987cbe6..a461bbc 100644 --- a/doc/TROUBLESHOOTING.md +++ b/doc/TROUBLESHOOTING.md @@ -64,7 +64,7 @@ netstat -tulpn | grep <端口> 2. **在中央直接查 VictoriaMetrics** 在**中央服务器**上执行(或浏览器访问): ```bash - curl -sG 'http://localhost:8428/api/v1/series' --data-urlencode 'match[]=probe_success{job="network-ping"}' + curl -u 'vm_read:change-me-strong-read' -sG 'http://localhost:18428/api/v1/series' --data-urlencode 'match[]=probe_success{job="network-ping"}' ``` - 若返回 `"data":[]` 表示还没有收到边缘数据(可能是网络不通、刚启动未到抓取周期、或 remote_write 失败)。 - 若 `data` 里有元素(带 `__name__`、`job`、`region` 等),说明边缘数据已写入中央。 @@ -81,7 +81,7 @@ curl http://localhost:9092/api/v1/query?query=up # 2. 检查网络连通性 ping <中央服务器IP> -telnet <中央服务器IP> 8428 +telnet <中央服务器IP> 18428 # 3. 检查环境变量 cat edge-agent/.env diff --git a/edge-agent/deploy.sh b/edge-agent/deploy.sh index 586358f..53e5b90 100644 --- a/edge-agent/deploy.sh +++ b/edge-agent/deploy.sh @@ -14,7 +14,7 @@ if [ "$1" = "--local" ]; then [ ! -f .env ] && [ -f env.example ] && cp env.example .env sed -i 's/^CENTRAL_SERVER_HOST=.*/CENTRAL_SERVER_HOST=host.docker.internal/' .env 2>/dev/null || \ echo 'CENTRAL_SERVER_HOST=host.docker.internal' >> .env - grep -q '^CENTRAL_SERVER_PORT=' .env || echo 'CENTRAL_SERVER_PORT=8428' >> .env + grep -q '^CENTRAL_SERVER_PORT=' .env || echo 'CENTRAL_SERVER_PORT=18428' >> .env fi # Docker 环境 diff --git a/edge-agent/docker-compose.yml b/edge-agent/docker-compose.yml index 97c0c46..197c65d 100644 --- a/edge-agent/docker-compose.yml +++ b/edge-agent/docker-compose.yml @@ -10,7 +10,9 @@ services: restart: unless-stopped environment: - CENTRAL_SERVER_HOST=${CENTRAL_SERVER_HOST:-192.168.1.10} - - CENTRAL_SERVER_PORT=${CENTRAL_SERVER_PORT:-8428} + - CENTRAL_SERVER_PORT=${CENTRAL_SERVER_PORT:-18428} + - VMAUTH_WRITE_USER=${VMAUTH_WRITE_USER:-vm_write} + - VMAUTH_WRITE_PASSWORD=${VMAUTH_WRITE_PASSWORD:-change-me-strong-write} volumes: - vmagent-cache-data:/cache - ./config/vmagent/vmagent-scrape.yml.template:/etc/vmagent/scrape.yml:ro @@ -25,6 +27,8 @@ services: command: - -promscrape.config=/etc/vmagent/scrape.yml - -remoteWrite.url=http://${CENTRAL_SERVER_HOST}:${CENTRAL_SERVER_PORT}/api/v1/write + - -remoteWrite.basicAuth.username=${VMAUTH_WRITE_USER} + - -remoteWrite.basicAuth.password=${VMAUTH_WRITE_PASSWORD} - -remoteWrite.tmpDataPath=/cache/remotewrite - -remoteWrite.maxDiskUsagePerURL=512MB - -memory.allowedPercent=80 diff --git a/edge-agent/env.example b/edge-agent/env.example index 57fdf90..341945d 100644 --- a/edge-agent/env.example +++ b/edge-agent/env.example @@ -5,19 +5,23 @@ CENTRAL_SERVER_HOST=192.168.1.10 # 本机同机: CENTRAL_SERVER_HOST=host.docker.internal # 中央服务器端口 -CENTRAL_SERVER_PORT=8428 +CENTRAL_SERVER_PORT=18428 # 常用端口说明: -# 8428 - VictoriaMetrics (推荐) +# 18428 - VictoriaMetrics (推荐) # 9090 - Prometheus # 8080 - 自定义端口 # 边缘节点标识 EDGE_NODE_ID=workernode_1 +# vmauth 写入账号(需与中央 central-server/.env 保持一致) +VMAUTH_WRITE_USER=vm_write +VMAUTH_WRITE_PASSWORD=change-me-strong-write + # 远程写入配置 # 边缘节点会将数据推送到中央服务器的VictoriaMetrics # 格式: http://域名或IP:端口/api/v1/write -# 默认端口: 8428 (VictoriaMetrics) +# 默认端口: 18428 (VictoriaMetrics) # 边缘缓存:docker-compose 使用 vmagent,含内存+磁盘缓存,详见 doc/EDGE_AGENT_CONFIG.md