ELK介绍、安装es、测试(查看集群状态)、总结
ELK介绍
需求背景
业务发展越来越庞大,服务器越来越多
各种访问日志、应用日志、错误日志量越来越多
开发人员排查问题,需要到服务器上查日志,不方便
运营人员需要一些数据,需要我们运维到服务器上分析日志
ELK介绍
官网https://www.elastic.co/cn/
中文指南https://www.gitbook.com/book/chenryn/elk-stack-guide-cn/details
ELK Stack (5.0版本之后) Elastic Stack == (ELK Stack + Beats)
ELK Stack包含:ElasticSearch、Logstash、Kibana
ElasticSearch是一个搜索引擎,用来搜索、分析、存储日志。它是分布式的,也就是说可以横向扩容,可以自动发现,索引自动分片,总之很强大。文档https://www.elastic.co/guide/cn/elasticsearch/guide/current/index.html
Logstash用来采集日志,把日志解析为json格式交给ElasticSearch。
Kibana是一个数据可视化组件,把处理后的结果通过web界面展示
Beats在这里是一个轻量级日志采集器,其实Beats家族有5个成员
早期的ELK架构中使用Logstash收集、解析日志,但是Logstash对内存、cpu、io等资源消耗比较高。相比 Logstash,Beats所占系统的CPU和内存几乎可以忽略不计
x-pack对Elastic Stack提供了安全、警报、监控、报表、图表于一身的扩展包,是收费的
ELK架构
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
27.2 ELK安装准备工作
准备3台机器128,130,133
角色划分:
1.3台全部安装elasticsearch(后续简称es) ,1主节点128,2数据节点130,133
2.es主128上安装kibana
3.1台es数据节点130上安装logstash (beats先不装)
4.3台机器全部安装jdk8(openjdk即可)
yum install -y java-1.8.0-openjdk
实例:
[root@axinlinux-01 ~]# vim /etc/hosts #先写一个hosts。三台机器都写
192.168.208.128 axinlinux-01
192.168.208.130 axinlinux-02
192.168.208.133 axinlinux-03
[root@axinlinux-02 ~]# vim /etc/hosts
[root@axinlinux-03 ~]# vim /etc/hosts
[root@axinlinux-02 ~]# yum install -y java-1.8.0-openjdk #三个机器分别安装opebjdk。其他两台都手动安装过啦,就不需要了
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ELK安装 – 安装es
官方文档 https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.html
以下操作3台机器上都要执行
1.rpm - -import https://artifacts.elastic.co/GPG-KEY-elasticsearch
#就是搞一个yum源
简单说就是要导入密钥。 涉及到一个安全验证。
2.vim /etc/yum.repos.d/elastic.repo //加入如下内容
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
3.yum install -y elasticsearch //然后安装
如果,yum速度太慢。也可以直接下载rpm文件,然后安装
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm
rpm -ivh elasticsearch-6.0.0.rpm
实例:
[root@axinlinux-01 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch #三台机器都要执行
[root@axinlinux-01 ~]# vim /etc/yum.repos.d/elastic.repo #三台机器都要执行。文件名写什么都可以,关键是后缀名要为.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[root@axinlinux-01 ~]# yum list |grep elastic
apm-server.i686 6.8.0-1 elasticsearch-6.x
apm-server.x86_64 6.8.0-1 elasticsearch-6.x
auditbeat.i686 6.8.0-1 elasticsearch-6.x
auditbeat.x86_64 6.8.0-1 elasticsearch-6.x
elasticsearch.noarch 6.8.0-1 elasticsearch-6.x
filebeat.i686 6.8.0-1 elasticsearch-6.x
filebeat.x86_64 6.8.0-1 elasticsearch-6.x
heartbeat-elastic.i686 6.8.0-1 elasticsearch-6.x
heartbeat-elastic.x86_64 6.8.0-1 elasticsearch-6.x
journalbeat.i686 6.8.0-1 elasticsearch-6.x
journalbeat.x86_64 6.8.0-1 elasticsearch-6.x
kibana.x86_64 6.8.0-1 elasticsearch-6.x
kibana-oss.x86_64 6.3.0-1 elasticsearch-6.x
logstash.noarch 1:6.8.0-1 elasticsearch-6.x
metricbeat.i686 6.8.0-1 elasticsearch-6.x
metricbeat.x86_64 6.8.0-1 elasticsearch-6.x
packetbeat.i686 6.8.0-1 elasticsearch-6.x
packetbeat.x86_64 6.8.0-1 elasticsearch-6.x
pcp-pmda-elasticsearch.x86_64 4.1.0-5.el7_6 updates
rsyslog-elasticsearch.x86_64 8.24.0-34.el7 base
elasticsearch.noarch 6.5.4-1 elasticsearch-6.x #就是这个直接yum。但是速度太慢了,可以去官网下载的rpm包,然后再rpm -ivh的
yum install -y elasticsearch //也可以直接下载rpm文件,然后安装
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm rpm -ivh elasticsearch-6.0.0.rpm
yum install -y elasticsearch.noarch 6.5.4-1 elasticsearch-6.x
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
配置es
elasticsearch配置文件/etc/elasticsearch和/etc/sysconfig/elasticsearch
参考https://www.elastic.co/guide/en/elasticsearch/reference/6.0/rpm.html
1.在128上(主节点)编辑配置文件vi /etc/elasticsearch/elasticsearch.yml//增加或更改
cluster.name: aminglinux #集群的名字
node.master: true//意思是该节点为主节点
node.data: false 意思是不是data节点。以上这两行是要加进去的
network.host: 192.168.208.128 #在哪个ip上监听端口。只监听一个内网ip就行了
discovery.zen.ping.unicast.hosts: ["192.168.133.130", "192.168.133.132", "192.168.133.133"] #定义有哪些机器。可以写ip。也可以写主机名(需定义hosts)
2.在132和133上同样编辑配置文件vi /etc/elasticsearch/elasticsearch.yml//增加或更改
cluster.name: aminglinux
node.master: false
node.data: true
network.host: 192.168.208.130(所在机器的ip)
discovery.zen.ping.unicast.hosts: ["192.168.133.130", "192.168.133.132", "192.168.133.133"]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ELK安装 – 安装x-pack(可省略、收费!)
3台机器上都要执行
cd /usr/share/elasticsearch/bin/ (可省略)
./elasticsearch-plugin install x-pack //如果速度慢,就下载x-pack压缩包(可省略)
cd /tmp/; wget https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.0.0.zip (可省略)
./elasticsearch-plugin install file:///tmp/x-pack-6.0.0.zip (可省略)
启动elasticsearch服务
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
以下操作只需要在130上执行
安装x-pack后就可以为内置用户设置密码了,如下
/usr/share/elasticsearch/bin/x-pack/setup-passwords interactive (可省略)
Sets the passwords for reserved users
Commands
--------
auto - Uses randomly generated passwords
interactive - Uses passwords entered by a user
Non-option arguments:
command
Option Description
------ -----------
-h, --help show help
-s, --silent show minimal output
-v, --verbose show verbose output
ERROR: Missing command
curl localhost:9200 -u elastic //输入密码,可以查看到输出信息(可省略)
Enter host password for user 'elastic':
{
"name" : "axinlinux-01",
"cluster_name" : "aminglinux",
"cluster_uuid" : "_na_",
"version" : {
"number" : "6.8.0",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "65b6179",
"build_date" : "2019-05-15T20:06:13.172855Z",
"build_snapshot" : false,
"lucene_version" : "7.7.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ELK安装 – curl查看es(查看集群是否成功)
128(主节点)上执行
curl 'localhost:9200/_cluster/health?pretty' 健康检查(状态)
#我们绑定的ip是内网(192.168.208.128),所以这里localhost要写成192.168.208.128.如果绑定的是0.0.0.0,就可以写localhost
curl 'localhost:9200/_cluster/state?pretty' 集群详细信息
{
"error" : {
"root_cause" : [
{
"type" : "master_not_discovered_exception",
"reason" : null
}
],
"type" : "master_not_discovered_exception",
"reason" : null
},
"status" : 503
}
参考 http://zhaoyanblog.com/archives/732.html
9200端口是cluster自己本身要通信的
9300端口是他们数据传输的时候用到的
总结:
首先要安装rpm包(可以yum,但比较慢),然后rpm -ivh安装
主节点机器上配置配置文件vim /etc/elasticsearch/elasticsearch.yml
启动不了,可以查看日志: 1. /var/log/masssges
2. /var/log/elasticsearch/aminglinux.log