#1.下载 cd /opt wget https://github.com/elastic/elasticsearch/archive/refs/tags/v6.8.12.tar.gz #2.解压缩 tar xf elasticsearch-6.8.12.tar.gz -C /data/ota_soft/ mkdir -p /data/ota_soft/elasticsearch-6.8.12/data mkdir -p /data/ota_soft/elasticsearch-6.8.12/logs #3.创建配置文件 vim /data/ota_soft/elasticsearch-6.8.12/config/elasticsearch.yml cluster.name: ota-es-cluster path.data: /data/ota_soft/elasticsearch/data path.logs: /data/ota_soft/elasticsearch/logs bootstrap.memory_lock: true network.host: 192.168.100.128 #修改自己对应IP http.port: 9200 transport.tcp.port: 9300 discovery.zen.ping.unicast.hosts: [ "master1","slave1","slave2"] #注意此处利用别名需要设置 discovery.zen.minimum_master_nodes: 2 bootstrap.system_call_filter : false xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 配置文件详解: #如果 Es 用到了 swap 作为内存,性能将会变得极差,所以建议关闭. #sysctl vm.swappiness=1 注意:这只是让 kenerl 在正常情况下不会使用 swap 交换内存,紧急情况下仍然会使用. #设置bootstrap.memory_lock: true,使用linux的mlockall进行进行内存锁定,防止使用 swap #除了上述 es 配置,通常需要在/etc/security/limits.conf写入如下配置: #hard memlock unlimited #soft memlock unlimited #这是在因为Centos6不支持SecComp,而ES5.2.0默认bootstrap.system_call_filter为true进行检测,所以导致检测失败,失败后直接导致ES不能启动j解决:在elasticsearch.yml中配置bootstrap.system_call_filter为false #4./etc/hosts创建配置文件中的别名(注意修改自己对应IP) vim /etc/hosts 192.168.100.128 master1 192.168.100.129 slave1 192.168.100.131 slave2 #5.集群安全认证(一台执行) 创建keystore(会在config目录下创建一个elasticsearch.keystore) /data/ota_soft/elasticsearch-6.8.12/bin/elasticsearch-keystore create #6.创建ca证书(中间会让输入路径跟密码,都可以不输直接回车) cd /data/ota_soft/elasticsearch-6.8.12/bin/ /data/ota_soft/elasticsearch-6.8.12/bin/elasticsearch-certutil ca 完成后会生成一个elastic-stack-ca.p12 (如果没指定位置的话,就在bin下) #7.创建秘钥 /data/ota_soft/elasticsearch-6.8.12/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 中间需要输入刚才设置的密码就直接输入,需要输入路径的地方就直接回车 建议不输直接回车,然后会生成一个文件:elastic-certificates.p12 #9.验证创建的证书 理论上来说 此刻bin目录下应该有两个p12文件 ls |grep 'p12' elastic-certificates.p12 elastic-stack-ca.p12 #10.创建存放密钥的文件夹,与配置文件匹配 mkdir /data/ota_soft/elasticsearch-6.8.12/config/certs #11.复制证书(所有节点) #本机拷贝 cp elastic-certificates.p12 /data/ota_soft/elasticsearch-6.8.12/config/certs/ #其他两节点 mkdir -p /data/ota_soft/elasticsearch-6.8.12/config/certs #在本机上scp scp elastic-certificates.p12 root@192.168.100.131:/data/ota_soft/elasticsearch-6.8.12/config/certs/ #注意修改自己对应IP #推送后,得注意此时接收推送的证书权限,(接收的两台检查授权) chown -R ota:wheel /data/ota_soft/elasticsearch/ #11.所有节点添加证书密码(创建证书时候没设置密码则跳过) bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password #12.创建普通用户启动服务 #新增什么用户都可以,只要有启动es权限即可 useradd ota -g wheel ln -s /data/ota_soft/elasticsearch-6.8.12/ /data/ota_soft/elasticsearch chown -R ota.wheel /data/ota_soft/elasticsearch-6.8.12/ #13.调整系统参数(三台机器) cat << 'EOF' >> /etc/security/limits.conf ota soft memlock unlimited ota hard memlock unlimited ota soft nofile 165535 ota hard nofile 165535 ota soft nproc 4096 ota hard nproc 4096 EOF #追加最大值 cat << 'EOF' >> /etc/sysctl.conf vm.max_map_count = 262155 vm.swappiness = 1 EOF #设置内存锁定,锁定内存大小 vim /data/ota_soft/elasticsearch/config/jvm.options -Xms256m #最大锁定内存 -Xmx256m #最小锁定内存 sysctl -p 生效 #安装Java yum install java-1.8.0* -y Java -version (tar xf jdk-8u191-linux-x64.tar.gz && mv jdk1.8.0_191 jdk && cp -R jdk /data/ota_soft/) 添加环境变量(yum下载不用,自己安装需要) vim /etc/profile JAVA_HOME=/data/ota_soft/jdk PATH=$JAVA_HOME/bin:$PATH CLASSPATH=$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export JAVA_HOME export PATH export CLASSPATH source /etc/profile #14.启动 su ota -c "/data/ota_soft/elasticsearch/bin/elasticsearch -d " #15.设置elastic栈各种软件的密码(与下方kibana配置文件中password一致【123】) su ota -c "/data/ota_soft/elasticsearch/bin/elasticsearch-setup-passwords interactive" (温馨提示)要输入好多遍好多遍,最好别设置太复杂二、supervisor管理es
#1.下载supervisor 安装Linux的epel的yum源的命令,某些yum源会提示无supervisor源码包,此时可以使用此命令 yum install epel-release yum install -y supervisor #2.修改配置文件 vim /etc/supervisord.conf 修改最后一行 [include] files = supervisord.d/*.conf #3.把elastic search加入supervisord中监控 cat << 'EOF' > /etc/supervisord.d/elasticsearch.conf [program:elasticsearch] command=/data/ota_soft/elasticsearch/bin/elasticsearch user=ota numprocs=1 priority=1 autostart=true startretries=3 autorestart=true stopasgroup=true killasgroup=true redirect_stderr=true minfds=65535 minprocs=4096 EOF #4.启动supervisor systemctl start supervisord systemctl enable supervisord #5.如果配置文件有改动都需要重载superv supervisord update/reload #6.启动es supervisorctl start elasticsearch三、filebeat部署
每台有日志的都要部署,做日志收集
#1.下载
#2.解压
mkdir -p /data/ota_soft/
tar xf filebeat-6.8.12-linux-x86_64.tar.gz -C /data/ota_soft/
ln -sf /data/ota_soft/filebeat-6.8.12-linux-x86_64 /data/ota_soft/filebeat
#3.修改配置文件(收集多个日志)
#需要注意修改配置文件中的hosts并修改相应的日志文件路径
vim /data/ota_soft/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /data/logs/api1/*.log
fields:
log_type: api1-info
fields_under_root: true
- type: log
enabled: true
paths:
- /data/logs/api2/*.log
fields:
log_type: api2-info
fields_under_root: true
- type: log
enabled: true
paths:
- /data/logs/api3/*.log
fields:
log_type: api3-info
fields_under_root: true
- type: log
enabled: true
paths:
- /data/logs/api1/error/*.log
fields:
log_type: api1_error
fields_under_root: true
multiline.pattern: '^d+-d+-d+sd+:d+:d+.*'
multiline.negate: true
multiline.match: after
- type: log
enabled: true
paths:
- /data/logs/api2/error/*.log
fields:
log_type: api2_error
fields_under_root: true
multiline.pattern: '^d+-d+-d+sd+:d+:d+.*'
multiline.negate: true
multiline.match: after
- type: log
enabled: true
paths:
- /data/logs/api3/error/*.log
fields:
log_type: api3_error
fields_under_root: true
multiline.pattern: '^d+-d+-d+sd+:d+:d+.*'
multiline.negate: true
multiline.match: after
setup.template.settings:
index.number_of_shards: 3
index.number_of_replicas: 1
output.elasticsearch:
hosts: ["master1:9200","salve1:9200","salve2:9200"]
username: "elastic"
password: "123"
indices:
- index: "api1info-%{+yyyy.MM.dd}"
when.contains:
log_type: "api1-info"
- index: "api2-info-%{+yyyy.MM.dd}"
when.contains:
log_type: "api2-info"
- index: "api3-info-%{+yyyy.MM.dd}"
when.contains:
log_type: "api3-info"
- index: "api1-error-%{+yyyy.MM.dd}"
when.contains:
log_type: "api1-error"
- index: "api2-error-%{+yyyy.MM.dd}"
when.contains:
log_type: "api2-error"
- index: "api3-error-%{+yyyy.MM.dd}"
when.contains:
log_type: "api3-error"
#参数解释
#为收集的日志设置字段
#fields: log_type: ota-iov-open-api-info
#收集字段的日志 传到索引并按天划分
#- index: "ota-iov-open-api-info-%{+yyyy.MM.dd}"
#when.contains:
#log_type: "ota-iov-open-api-info"
四、supervisor管理filebeat
#1.配置文件 vim /etc/supervisord.d/filebeat.conf [program:filebeat] command=/data/ota_soft/filebeat/filebeat -e -c /data/ota_soft/filebeat/filebeat.yml autostart=true autorestart=true user=ota #修改权限 chown -R ota.wheel /data/ota_soft/filebeat chown -R ota.wheel /data/ota_soft/filebeat-6.8.12 chown -R ota.wheel /data/logs #启动 supervisorctl start filebeat五、kibana部署(一台单节点)
#1.下载 #2.解压 mkdir -p /data/ota_soft/ mkdir -p /data/logs/kibana tar xf kibana-6.8.12-linux-x86_64.tar.gz -C /data/ota_soft/ ln -sf /data/ota_soft/kibana-6.8.12-linux-x86_64 /data/ota_soft/kibana chown -R ota.wheel /data/ota_soft/kibana-6.8.12-linux-x86_64/ #3.修改配置文件 vim /data/ota_soft/kibana/config/kibana.yml server.host: "0.0.0.0" elasticsearch.hosts: ["master1:9200","salve1:9200","salve2:9200"] elasticsearch.username: "elastic" elasticsearch.password: "123" server.basePath: "/kibana" 解释:server.basePath: "/kibana"这个是为了nginx,得加上这个配置,如果没有nginx,注释掉 #启动 nohup /data/ota_soft/kibana/bin/kibana & #验证 netstat -nlpt|grep 5601六、supervisor管理kibana
#1.配置文件
vim /etc/supervisord.d/kibana.conf
[program:kibana]
command=/data/ota_soft/kibana/bin/kibana
autostart=true
autorestart=true
user=ota
stdout_logfile=/data/logs/kibana/kibana.log
stderr_logfile=/data/logs/kibana/kibana.log
#2.授权
chown -R ota.wheel /data/ota_soft/kibana
#3.启动
supervisorctl start kibana
#4.Nginx代理
location /kibana {
proxy_pass http://ip:5601;
rewrite ^/kibana/(.*)$ /$1 break;
}
访问:
https://域名/kibana/login#?_g=()
http://ip:port/kibana/login#?_g=()
账号、密码: elastic/123
