向往天空的鱼 2019-09-27
Elastic stack 俗称 ELK stack,是一组包括 Elasticsearch、Logstash 和 Kibana 在内的开源产品。Elastic Stack 由 Elastic 公司开发和维护。使用 Elastic stack,可以将系统日志发送到 Logstash,它是一个数据收集引擎,接受来自可能任何来源的日志或数据,并对日志进行归一化,然后将日志转发到 Elasticsearch,用于分析、索引、搜索和存储,最后使用 Kibana 表示为可视化数据,使用 Kibana,我们还可以基于用户的查询创建交互式图表。
在本文中,我们将演示如何在 RHEL 8 / CentOS 8 服务器上设置多节点 elastic stack 集群。以下是我的 Elastic Stack 集群的详细信息:
Elasticsearch:
elasticsearch1.linuxtechi.local
)、192.168.56.50 (elasticsearch2.linuxtechi.local
)、192.168.56.60(elasticsearch3.linuxtechi.local`)Logstash:
logstash1.linuxtechi.local
)、192.168.56.30(logstash2.linuxtechi.local
)Kibana:
kibana.linuxtechi.local
)Filebeat:
web-server
)让我们从设置 Elasticsearch 集群开始,
正如我已经说过的,设置 Elasticsearch 集群的节点,登录到每个节点,设置主机名并配置 yum/dnf 库。
使用命令 hostnamectl
设置各个节点上的主机名:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"elasticsearch1.linuxtechi. local"</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"elasticsearch2.linuxtechi. local"</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"elasticsearch3.linuxtechi. local"</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
对于 CentOS 8 系统,我们不需要配置任何操作系统包库,对于 RHEL 8 服务器,如果你有有效订阅,那么用红帽订阅以获得包存储库就可以了。如果你想为操作系统包配置本地 yum/dnf 存储库,请参考以下网址:
在所有节点上配置 Elasticsearch 包存储库,在 /etc/yum.repo.d/
文件夹下创建一个包含以下内容的 elastic.repo
文件:
<span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="kwd">yum</span><span class="pun">.</span><span class="pln">repos</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">elastic</span><span class="pun">.</span><span class="pln">repo</span>
<span class="pun">[</span><span class="pln">elasticsearch</span><span class="pun">-</span><span class="lit">7.x</span><span class="pun">]</span>
<span class="pln">name</span><span class="pun">=</span><span class="typ">Elasticsearch</span><span class="pln"> repository </span><span class="kwd">for</span><span class="pln"> </span><span class="lit">7.x</span><span class="pln"> packages</span>
<span class="pln">baseurl</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/packages/7.x/yum</span>
<span class="pln">gpgcheck</span><span class="pun">=</span><span class="lit">1</span>
<span class="pln">gpgkey</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
<span class="pln">enabled</span><span class="pun">=</span><span class="lit">1</span>
<span class="pln">autorefresh</span><span class="pun">=</span><span class="lit">1</span>
<span class="pln">type</span><span class="pun">=</span><span class="pln">rpm</span><span class="pun">-</span><span class="pln">md</span>
保存文件并退出。
在所有三个节点上使用 rpm
命令导入 Elastic 公共签名密钥。
<span class="pun">~]#</span><span class="pln"> rpm </span><span class="pun">--</span><span class="kwd">import</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
在所有三个节点的 /etc/hosts
文件中添加以下行:
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span><span class="pln"> elasticsearch1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.50</span><span class="pln"> elasticsearch2</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.60</span><span class="pln"> elasticsearch3</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
使用 yum
/dnf
命令在所有三个节点上安装 Java:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install java</span><span class="pun">-</span><span class="pln">openjdk </span><span class="pun">-</span><span class="pln">y</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install java</span><span class="pun">-</span><span class="pln">openjdk </span><span class="pun">-</span><span class="pln">y</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install java</span><span class="pun">-</span><span class="pln">openjdk </span><span class="pun">-</span><span class="pln">y</span>
使用 yum
/dnf
命令在所有三个节点上安装 Elasticsearch:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install elasticsearch </span><span class="pun">-</span><span class="pln">y</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install elasticsearch </span><span class="pun">-</span><span class="pln">y</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install elasticsearch </span><span class="pun">-</span><span class="pln">y</span>
注意: 如果操作系统防火墙已启用并在每个 Elasticsearch 节点中运行,则使用 firewall-cmd
命令允许以下端口开放:
<span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">permanent </span><span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">9300</span><span class="pun">/</span><span class="pln">tcp</span>
<span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">permanent </span><span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">9200</span><span class="pun">/</span><span class="pln">tcp</span>
<span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">reload</span>
配置 Elasticsearch, 在所有节点上编辑文件 /etc/elasticsearch/elasticsearch.yml
并加入以下内容:
<span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vim</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">elasticsearch</span><span class="pun">/</span><span class="pln">elasticsearch</span><span class="pun">.</span><span class="pln">yml</span>
<span class="pln">cluster</span><span class="pun">.</span><span class="pln">name</span><span class="pun">:</span><span class="pln"> opn</span><span class="pun">-</span><span class="pln">cluster</span>
<span class="pln">node</span><span class="pun">.</span><span class="pln">name</span><span class="pun">:</span><span class="pln"> elasticsearch1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
<span class="pln">network</span><span class="pun">.</span><span class="pln">host</span><span class="pun">:</span><span class="pln"> </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span>
<span class="pln">http</span><span class="pun">.</span><span class="pln">port</span><span class="pun">:</span><span class="pln"> </span><span class="lit">9200</span>
<span class="pln">discovery</span><span class="pun">.</span><span class="pln">seed_hosts</span><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="str">"elasticsearch1.linuxtechi.local"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"elasticsearch2.linuxtechi.local"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"elasticsearch3.linuxtechi.local"</span><span class="pun">]</span>
<span class="pln">cluster</span><span class="pun">.</span><span class="pln">initial_master_nodes</span><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="str">"elasticsearch1.linuxtechi.local"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"elasticsearch2.linuxtechi.local"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"elasticsearch3.linuxtechi.local"</span><span class="pun">]</span>
注意: 在每个节点上,在 node.name
中填写正确的主机名,在 network.host
中填写正确的 IP 地址,其他参数保持不变。
现在使用 systemctl
命令在所有三个节点上启动并启用 Elasticsearch 服务:
<span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> daemon</span><span class="pun">-</span><span class="pln">reload</span>
<span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> enable elasticsearch</span><span class="pun">.</span><span class="pln">service</span>
<span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> start elasticsearch</span><span class="pun">.</span><span class="pln">service</span>
使用下面 ss
命令验证 elasticsearch 节点是否开始监听 9200 端口:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">ss</span><span class="pln"> </span><span class="pun">-</span><span class="pln">tunlp </span><span class="pun">|</span><span class="pln"> </span><span class="kwd">grep</span><span class="pln"> </span><span class="lit">9200</span>
<span class="pln">tcp LISTEN </span><span class="lit">0</span><span class="pln"> </span><span class="lit">128</span><span class="pln"> </span><span class="pun">[::</span><span class="pln">ffff</span><span class="pun">:</span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span><span class="pun">]:</span><span class="lit">9200</span><span class="pln"> </span><span class="pun">*:*</span><span class="pln"> </span><span class="kwd">users</span><span class="pun">:((</span><span class="str">"java"</span><span class="pun">,</span><span class="pln">pid</span><span class="pun">=</span><span class="lit">2734</span><span class="pun">,</span><span class="pln">fd</span><span class="pun">=</span><span class="lit">256</span><span class="pun">))</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
使用以下 curl
命令验证 Elasticsearch 群集状态:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> curl http</span><span class="pun">:</span><span class="com">//elasticsearch1.linuxtechi.local:9200</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> curl </span><span class="pun">-</span><span class="pln">X GET http</span><span class="pun">:</span><span class="com">//elasticsearch2.linuxtechi.local:9200/_cluster/health?pretty</span>
命令的输出如下所示:
Elasticsearch-cluster-status-rhel8
以上输出表明我们已经成功创建了 3 节点的 Elasticsearch 集群,集群的状态也是绿色的。
注意: 如果你想修改 JVM 堆大小,那么你可以编辑了文件 /etc/elasticsearch/jvm.options
,并根据你的环境更改以下参数:
-Xms1g
-Xmx1g
现在让我们转到 Logstash 节点。
在两个 Logstash 节点上执行以下步骤。
登录到两个节点使用 hostnamectl
命令设置主机名:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"logstash1.linuxtechi.local"</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"logstash2.linuxtechi.local"</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
在两个 logstash 节点的 /etc/hosts
文件中添加以下条目:
<span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">hosts</span>
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span><span class="pln"> elasticsearch1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.50</span><span class="pln"> elasticsearch2</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.60</span><span class="pln"> elasticsearch3</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
保存文件并退出。
在两个节点上配置 Logstash 存储库,在文件夹 /ete/yum.repo.d/
下创建一个包含以下内容的文件 logstash.repo
:
<span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="kwd">yum</span><span class="pun">.</span><span class="pln">repos</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">logstash</span><span class="pun">.</span><span class="pln">repo</span>
<span class="pun">[</span><span class="pln">elasticsearch</span><span class="pun">-</span><span class="lit">7.x</span><span class="pun">]</span>
<span class="pln">name</span><span class="pun">=</span><span class="typ">Elasticsearch</span><span class="pln"> repository </span><span class="kwd">for</span><span class="pln"> </span><span class="lit">7.x</span><span class="pln"> packages</span>
<span class="pln">baseurl</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/packages/7.x/yum</span>
<span class="pln">gpgcheck</span><span class="pun">=</span><span class="lit">1</span>
<span class="pln">gpgkey</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
<span class="pln">enabled</span><span class="pun">=</span><span class="lit">1</span>
<span class="pln">autorefresh</span><span class="pun">=</span><span class="lit">1</span>
<span class="pln">type</span><span class="pun">=</span><span class="pln">rpm</span><span class="pun">-</span><span class="pln">md</span>
保存并退出文件,运行 rpm
命令导入签名密钥:
<span class="pun">~]#</span><span class="pln"> rpm </span><span class="pun">--</span><span class="kwd">import</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
使用 yum
/dnf
命令在两个节点上安装 Java OpenJDK:
<span class="pun">~]#</span><span class="pln"> dnf install java</span><span class="pun">-</span><span class="pln">openjdk </span><span class="pun">-</span><span class="pln">y</span>
从两个节点运行 yum
/dnf
命令来安装 logstash:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install logstash </span><span class="pun">-</span><span class="pln">y</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> dnf install logstash </span><span class="pun">-</span><span class="pln">y</span>
现在配置 logstash,在两个 logstash 节点上执行以下步骤,创建一个 logstash 配置文件,首先我们在 /etc/logstash/conf.d/
下复制 logstash 示例文件:
<span class="com">#</span><span class="pln"> </span><span class="kwd">cd</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">logstash</span><span class="pun">/</span>
<span class="com">#</span><span class="pln"> </span><span class="kwd">cp</span><span class="pln"> logstash</span><span class="pun">-</span><span class="pln">sample</span><span class="pun">.</span><span class="pln">conf conf</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">logstash</span><span class="pun">.</span><span class="pln">conf</span>
编辑配置文件并更新以下内容:
<span class="com">#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> conf</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">logstash</span><span class="pun">.</span><span class="pln">conf</span>
<span class="pln">input </span><span class="pun">{</span>
<span class="pln"> beats </span><span class="pun">{</span>
<span class="pln"> port </span><span class="pun">=></span><span class="pln"> </span><span class="lit">5044</span>
<span class="pln"> </span><span class="pun">}</span>
<span class="pun">}</span>
<span class="pln">output </span><span class="pun">{</span>
<span class="pln"> elasticsearch </span><span class="pun">{</span>
<span class="pln"> hosts </span><span class="pun">=></span><span class="pln"> </span><span class="pun">[</span><span class="str">"http://elasticsearch1.linuxtechi.local:9200"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"http://elasticsearch2.linuxtechi.local:9200"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"http://elasticsearch3.linuxtechi.local:9200"</span><span class="pun">]</span>
<span class="pln"> index </span><span class="pun">=></span><span class="pln"> </span><span class="str">"%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"</span>
<span class="pln"> </span><span class="com">#</span><span class="pln">user </span><span class="pun">=></span><span class="pln"> </span><span class="str">"elastic"</span>
<span class="pln"> </span><span class="com">#</span><span class="pln">password </span><span class="pun">=></span><span class="pln"> </span><span class="str">"changeme"</span>
<span class="pln"> </span><span class="pun">}</span>
<span class="pun">}</span>
在 output
部分之下,在 hosts
参数中指定所有三个 Elasticsearch 节点的 FQDN,其他参数保持不变。
使用 firewall-cmd
命令在操作系统防火墙中允许 logstash 端口 “5044”:
<span class="pun">~</span><span class="pln"> </span><span class="com">#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">permanent </span><span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">5044</span><span class="pun">/</span><span class="pln">tcp</span>
<span class="pun">~</span><span class="pln"> </span><span class="com">#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">–</span><span class="pln">reload</span>
现在,在每个节点上运行以下 systemctl
命令,启动并启用 Logstash 服务:
<span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> start logstash</span>
<span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> eanble logstash</span>
使用 ss
命令验证 logstash 服务是否开始监听 5044 端口:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">ss</span><span class="pln"> </span><span class="pun">-</span><span class="pln">tunlp </span><span class="pun">|</span><span class="pln"> </span><span class="kwd">grep</span><span class="pln"> </span><span class="lit">5044</span>
<span class="pln">tcp LISTEN </span><span class="lit">0</span><span class="pln"> </span><span class="lit">128</span><span class="pln"> </span><span class="pun">*:</span><span class="lit">5044</span><span class="pln"> </span><span class="pun">*:*</span><span class="pln"> </span><span class="kwd">users</span><span class="pun">:((</span><span class="str">"java"</span><span class="pun">,</span><span class="pln">pid</span><span class="pun">=</span><span class="lit">2416</span><span class="pun">,</span><span class="pln">fd</span><span class="pun">=</span><span class="lit">96</span><span class="pun">))</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
以上输出表明 logstash 已成功安装和配置。让我们转到 Kibana 安装。
登录 Kibana 节点,使用 hostnamectl
命令设置主机名:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">hostnamectl</span><span class="pln"> </span><span class="kwd">set</span><span class="pun">-</span><span class="kwd">hostname</span><span class="pln"> </span><span class="str">"kibana.linuxtechi.local"</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">exec</span><span class="pln"> </span><span class="kwd">bash</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
编辑 /etc/hosts
文件并添加以下行:
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.40</span><span class="pln"> elasticsearch1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.50</span><span class="pln"> elasticsearch2</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.60</span><span class="pln"> elasticsearch3</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
使用以下命令设置 Kibana 存储库:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="kwd">yum</span><span class="pun">.</span><span class="pln">repos</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">kibana</span><span class="pun">.</span><span class="pln">repo</span>
<span class="pun">[</span><span class="pln">elasticsearch</span><span class="pun">-</span><span class="lit">7.x</span><span class="pun">]</span>
<span class="pln">name</span><span class="pun">=</span><span class="typ">Elasticsearch</span><span class="pln"> repository </span><span class="kwd">for</span><span class="pln"> </span><span class="lit">7.x</span><span class="pln"> packages</span>
<span class="pln">baseurl</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/packages/7.x/yum</span>
<span class="pln">gpgcheck</span><span class="pun">=</span><span class="lit">1</span>
<span class="pln">gpgkey</span><span class="pun">=</span><span class="pln">https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
<span class="pln">enabled</span><span class="pun">=</span><span class="lit">1</span>
<span class="pln">autorefresh</span><span class="pun">=</span><span class="lit">1</span>
<span class="pln">type</span><span class="pun">=</span><span class="pln">rpm</span><span class="pun">-</span><span class="pln">md</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> rpm </span><span class="pun">--</span><span class="kwd">import</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch</span>
执行 yum
/dnf
命令安装 kibana:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">yum</span><span class="pln"> install kibana </span><span class="pun">-</span><span class="pln">y</span>
通过编辑 /etc/kibana/kibana.yml
文件,配置 Kibana:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vim</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">kibana</span><span class="pun">/</span><span class="pln">kibana</span><span class="pun">.</span><span class="pln">yml</span>
<span class="pun">…………</span>
<span class="pln">server</span><span class="pun">.</span><span class="pln">host</span><span class="pun">:</span><span class="pln"> </span><span class="str">"kibana.linuxtechi.local"</span>
<span class="pln">server</span><span class="pun">.</span><span class="pln">name</span><span class="pun">:</span><span class="pln"> </span><span class="str">"kibana.linuxtechi.local"</span>
<span class="pln">elasticsearch</span><span class="pun">.</span><span class="pln">hosts</span><span class="pun">:</span><span class="pln"> </span><span class="pun">[</span><span class="str">"http://elasticsearch1.linuxtechi.local:9200"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"http://elasticsearch2.linuxtechi.local:9200"</span><span class="pun">,</span><span class="pln"> </span><span class="str">"http://elasticsearch3.linuxtechi.local:9200"</span><span class="pun">]</span>
<span class="pun">…………</span>
启用并启动 kibana 服务:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> start kibana</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">systemctl</span><span class="pln"> enable kibana</span>
在系统防火墙上允许 Kibana 端口 “5601”:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">permanent </span><span class="pun">--</span><span class="pln">add</span><span class="pun">-</span><span class="pln">port</span><span class="pun">=</span><span class="lit">5601</span><span class="pun">/</span><span class="pln">tcp</span>
<span class="pln">success</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> firewall</span><span class="pun">-</span><span class="pln">cmd </span><span class="pun">--</span><span class="pln">reload</span>
<span class="pln">success</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
使用以下 URL 访问 Kibana 界面:http://kibana.linuxtechi.local:5601
Kibana-Dashboard-rhel8
从面板上,我们可以检查 Elastic Stack 集群的状态。
Stack-Monitoring-Overview-RHEL8
这证明我们已经在 RHEL 8 /CentOS 8 上成功地安装并设置了多节点 Elastic Stack 集群。
现在让我们通过 filebeat
从其他 Linux 服务器发送一些日志到 logstash 节点中,在我的例子中,我有一个 CentOS 7服务器,我将通过 filebeat
将该服务器的所有重要日志推送到 logstash。
登录到 CentOS 7 服务器使用 yum/rpm 命令安装 filebeat 包:
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> rpm </span><span class="pun">-</span><span class="pln">ivh https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.3.1-x86_64.rpm</span>
<span class="typ">Retrieving</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.3.1-x86_64.rpm</span>
<span class="typ">Preparing</span><span class="pun">...</span><span class="pln"> </span><span class="com">################################# [100%]</span>
<span class="typ">Updating</span><span class="pln"> </span><span class="pun">/</span><span class="pln"> installing</span><span class="pun">...</span>
<span class="pln"> </span><span class="lit">1</span><span class="pun">:</span><span class="pln">filebeat</span><span class="pun">-</span><span class="lit">7.3</span><span class="pun">.</span><span class="lit">1</span><span class="pun">-</span><span class="lit">1</span><span class="pln"> </span><span class="com">################################# [100%]</span>
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span>
编辑 /etc/hosts
文件并添加以下内容:
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.20</span><span class="pln"> logstash1</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
<span class="lit">192.168</span><span class="pun">.</span><span class="lit">56.30</span><span class="pln"> logstash2</span><span class="pun">.</span><span class="pln">linuxtechi</span><span class="pun">.</span><span class="kwd">local</span>
现在配置 filebeat
,以便它可以使用负载平衡技术向 logstash 节点发送日志,编辑文件 /etc/filebeat/filebeat.yml
,并添加以下参数:
在 filebeat.inputs:
部分将 enabled: false
更改为 enabled: true
,并在 paths
参数下指定我们可以发送到 logstash 的日志文件的位置;注释掉 output.elasticsearch
和 host
参数;删除 output.logstash:
和 hosts:
的注释,并在 hosts
参数添加两个 logstash 节点,以及设置 loadbalance: true
。
<span class="pun">[</span><span class="pln">root@linuxtechi </span><span class="pun">~]#</span><span class="pln"> </span><span class="kwd">vi</span><span class="pln"> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">filebeat</span><span class="pun">/</span><span class="pln">filebeat</span><span class="pun">.</span><span class="pln">yml</span>
<span class="pln">filebeat</span><span class="pun">.</span><span class="pln">inputs</span><span class="pun">:</span>
<span class="pun">-</span><span class="pln"> type</span&g