ELK介绍、安装es、测试(查看集群状态)、总结

 

 

 

 

 

 ELK介绍

 

 

 

 

 

需求背景

业务发展越来越庞大,服务器越来越多

各种访问日志、应用日志、错误日志量越来越多

开发人员排查问题,需要到服务器上查日志,不方便

运营人员需要一些数据,需要我们运维到服务器上分析日志

ELK介绍

官网https://www.elastic.co/cn/

中文指南https://www.gitbook.com/book/chenryn/elk-stack-guide-cn/details

ELK Stack (5.0版本之后) Elastic Stack == (ELK Stack + Beats)

ELK Stack包含:ElasticSearch、Logstash、Kibana

ElasticSearch是一个搜索引擎,用来搜索、分析、存储日志。它是分布式的,也就是说可以横向扩容,可以自动发现,索引自动分片,总之很强大。文档https://www.elastic.co/guide/cn/elasticsearch/guide/current/index.html

Logstash用来采集日志,把日志解析为json格式交给ElasticSearch。

Kibana是一个数据可视化组件,把处理后的结果通过web界面展示

Beats在这里是一个轻量级日志采集器,其实Beats家族有5个成员

早期的ELK架构中使用Logstash收集、解析日志,但是Logstash对内存、cpu、io等资源消耗比较高。相比 Logstash,Beats所占系统的CPU和内存几乎可以忽略不计

x-pack对Elastic Stack提供了安全、警报、监控、报表、图表于一身的扩展包,是收费的

ELK架构

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

27.2 ELK安装准备工作

 

 

 

 

准备3台机器128,130,133

角色划分:

1.3台全部安装elasticsearch(后续简称es) ,1主节点128,2数据节点130,133

2.es主128上安装kibana

3.1台es数据节点130上安装logstash (beats先不装)

4.3台机器全部安装jdk8(openjdk即可)

yum install -y java-1.8.0-openjdk

 

 

 

实例:

[root@axinlinux-01 ~]# vim /etc/hosts #先写一个hosts。三台机器都写
192.168.208.128 axinlinux-01
192.168.208.130 axinlinux-02
192.168.208.133 axinlinux-03
[root@axinlinux-02 ~]# vim /etc/hosts
[root@axinlinux-03 ~]# vim /etc/hosts
[root@axinlinux-02 ~]# yum install -y java-1.8.0-openjdk #三个机器分别安装opebjdk。其他两台都手动安装过啦,就不需要了

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

ELK安装 – 安装es

 

 

官方文档 https://www.elastic.co/guide/en/elastic-stack/current/installing-elastic-stack.html

以下操作3台机器上都要执行

1.rpm - -import https://artifacts.elastic.co/GPG-KEY-elasticsearch

#就是搞一个yum源

简单说就是要导入密钥。 涉及到一个安全验证。

2.vim /etc/yum.repos.d/elastic.repo //加入如下内容
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
3.yum install -y elasticsearch //然后安装
如果,yum速度太慢。也可以直接下载rpm文件,然后安装
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm
rpm -ivh elasticsearch-6.0.0.rpm

 

实例:

[root@axinlinux-01 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch #三台机器都要执行

[root@axinlinux-01 ~]# vim /etc/yum.repos.d/elastic.repo #三台机器都要执行。文件名写什么都可以,关键是后缀名要为.repo

[elasticsearch-6.x]


name=Elasticsearch repository for 6.x packages

baseurl=https://artifacts.elastic.co/packages/6.x/yum

gpgcheck=1


gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1


autorefresh=1


type=rpm-md

[root@axinlinux-01 ~]# yum list |grep elastic

apm-server.i686                             6.8.0-1                    elasticsearch-6.x
apm-server.x86_64                           6.8.0-1                    elasticsearch-6.x
auditbeat.i686                              6.8.0-1                    elasticsearch-6.x
auditbeat.x86_64                            6.8.0-1                    elasticsearch-6.x
elasticsearch.noarch                        6.8.0-1                    elasticsearch-6.x
filebeat.i686                               6.8.0-1                    elasticsearch-6.x
filebeat.x86_64                             6.8.0-1                    elasticsearch-6.x
heartbeat-elastic.i686                      6.8.0-1                    elasticsearch-6.x
heartbeat-elastic.x86_64                    6.8.0-1                    elasticsearch-6.x
journalbeat.i686                            6.8.0-1                    elasticsearch-6.x
journalbeat.x86_64                          6.8.0-1                    elasticsearch-6.x
kibana.x86_64                               6.8.0-1                    elasticsearch-6.x
kibana-oss.x86_64                           6.3.0-1                    elasticsearch-6.x
logstash.noarch                             1:6.8.0-1                  elasticsearch-6.x
metricbeat.i686                             6.8.0-1                    elasticsearch-6.x
metricbeat.x86_64                           6.8.0-1                    elasticsearch-6.x
packetbeat.i686                             6.8.0-1                    elasticsearch-6.x
packetbeat.x86_64                           6.8.0-1                    elasticsearch-6.x
pcp-pmda-elasticsearch.x86_64               4.1.0-5.el7_6              updates  
rsyslog-elasticsearch.x86_64                8.24.0-34.el7              base

elasticsearch.noarch 6.5.4-1 elasticsearch-6.x #就是这个直接yum。但是速度太慢了,可以去官网下载的rpm包,然后再rpm -ivh的

 yum install -y elasticsearch //也可以直接下载rpm文件,然后安装
 wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.0.0.rpm  rpm -ivh elasticsearch-6.0.0.rpm

yum install -y elasticsearch.noarch 6.5.4-1 elasticsearch-6.x

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

配置es

 

 

 

elasticsearch配置文件/etc/elasticsearch和/etc/sysconfig/elasticsearch

参考https://www.elastic.co/guide/en/elasticsearch/reference/6.0/rpm.html

1.在128上(主节点)编辑配置文件vi /etc/elasticsearch/elasticsearch.yml//增加或更改

cluster.name: aminglinux #集群的名字
node.master: true//意思是该节点为主节点
node.data: false 意思是不是data节点。以上这两行是要加进去的
network.host: 192.168.208.128 #在哪个ip上监听端口。只监听一个内网ip就行了
discovery.zen.ping.unicast.hosts: ["192.168.133.130", "192.168.133.132", "192.168.133.133"] #定义有哪些机器。可以写ip。也可以写主机名(需定义hosts)
2.在132和133上同样编辑配置文件vi /etc/elasticsearch/elasticsearch.yml//增加或更改
cluster.name: aminglinux
node.master: false
node.data: true
network.host: 192.168.208.130(所在机器的ip)
discovery.zen.ping.unicast.hosts: ["192.168.133.130", "192.168.133.132", "192.168.133.133"]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

ELK安装 – 安装x-pack(可省略、收费!)

 

 

 

3台机器上都要执行

cd /usr/share/elasticsearch/bin/ (可省略)

./elasticsearch-plugin install x-pack //如果速度慢,就下载x-pack压缩包(可省略)

cd /tmp/; wget https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.0.0.zip (可省略)

./elasticsearch-plugin install file:///tmp/x-pack-6.0.0.zip (可省略)

启动elasticsearch服务

systemctl enable elasticsearch.service

 

systemctl start elasticsearch.service

以下操作只需要在130上执行

安装x-pack后就可以为内置用户设置密码了,如下

/usr/share/elasticsearch/bin/x-pack/setup-passwords interactive (可省略)

Sets the passwords for reserved users

Commands
--------
auto - Uses randomly generated passwords
interactive - Uses passwords entered by a user

Non-option arguments:
command              

Option         Description        
------         -----------        
-h, --help     show help          
-s, --silent   show minimal output
-v, --verbose  show verbose output
ERROR: Missing command

curl localhost:9200 -u elastic //输入密码,可以查看到输出信息(可省略)

Enter host password for user 'elastic':
{
  "name" : "axinlinux-01",
  "cluster_name" : "aminglinux",
  "cluster_uuid" : "_na_",
  "version" : {
    "number" : "6.8.0",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "65b6179",
    "build_date" : "2019-05-15T20:06:13.172855Z",
    "build_snapshot" : false,
    "lucene_version" : "7.7.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

ELK安装 – curl查看es(查看集群是否成功)

 

 

128(主节点)上执行

curl 'localhost:9200/_cluster/health?pretty' 健康检查(状态)

#我们绑定的ip是内网(192.168.208.128),所以这里localhost要写成192.168.208.128.如果绑定的是0.0.0.0,就可以写localhost

 

curl 'localhost:9200/_cluster/state?pretty'    集群详细信息

{
  "error" : {
    "root_cause" : [
      {
        "type" : "master_not_discovered_exception",
        "reason" : null
      }
    ],
    "type" : "master_not_discovered_exception",
    "reason" : null
  },
  "status" : 503
}

参考 http://zhaoyanblog.com/archives/732.html

 

 

 

9200端口是cluster自己本身要通信的

9300端口是他们数据传输的时候用到的

 

总结:

首先要安装rpm包(可以yum,但比较慢),然后rpm -ivh安装

主节点机器上配置配置文件vim /etc/elasticsearch/elasticsearch.yml

启动不了,可以查看日志: 1. /var/log/masssges

2. /var/log/elasticsearch/aminglinux.log