ELK部署
零、规划
# 版本 OS CentOS 7.2 ELK version 6.4 ELK Cluster env-elk
主机名 |
IP |
角色 |
备注 |
elk1 |
10.200.4.35 |
elasticsearch node1 | |
elk2 | 10.200.4.36 | elasticsearch node2 |
|
elk3 | 10.200.4.37 | kibaba\logstash\grafana |
|
elk4 | 10.200.4.38 | zabbix-server |
一、系统配置
sudo swapoff -a (echo 0 > /proc/sys/vm/swappiness) ulimit -n 65536 vi /etc/security/limits.conf # 结尾前添加 * soft nofile 65536 * hard nofile 655 hostnamectl set-hostname elkN hostnamectl set-hostname elkN --static echo -e "10.200.4.35\telk1" >> /etc/hosts echo -e "10.200.4.36\telk2" >> /etc/hosts echo -e "10.200.4.37\telk3" >> /etc/hosts echo -e "10.200.4.38\telk4" >> /etc/hosts
二、安装
1)安装JDK
rpm -ivh jdk-8u131-linux-x64.rpm
2)安装Elasticsearch
# 导入elastic PGP Key rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch # 配置软件源,根据要安装的版本修改 cat > /etc/yum.repos.d/elasticsearch.repo << EOF [elasticsearch-6.x] name=Elasticsearch repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF # 安装配置开机自启 yum makecache yum install elasticsearch -y sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable elasticsearch.service # 使用额外的硬盘存储数据 mkdir /opt/elk-data mkfs.xfs /dev/vdc vi /etc/fstab /dev/vdc /opt/elk-data xfs defaults 0 0 mount -a df -h mkdir -p /opt/elk-data/data mkdir -p /opt/elk-data/log cd /opt/elk-data/ chown elasticsearch:elasticsearch data/ chown elasticsearch:elasticsearch log/ # 修改elasticsearch配置文件 vi /etc/elasticsearch/elasticsearch.yml cluster.name: env-elk path.data: /opt/elk-data/data path.logs: /opt/elk-data/log network.host: 0.0.0.0 http.port: 9200 node.name: elk2 # 写本节点的主机名 discovery.zen.ping.unicast.hosts: ["elk1", "elk2"] # 启动节点 systemctl start elasticsearch systemctl status elasticsearch curl -XGET 'localhost:9200/?pretty' curl -XGET 'http://localhost:9200/_cluster/health?pretty' { "cluster_name" : "env-elk", "status" : "green", "timed_out" : false, "number_of_nodes" : 2, "number_of_data_nodes" : 2, "active_primary_shards" : 0, "active_shards" : 0, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 }
3)安装Kibana
# 导入elastic PGP Key rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch # 配置软件源,根据要安装的版本修改 cat > /etc/yum.repos.d/kibana.repo << EOF [kibana-6.x] name=Kibana repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF # 安装并配置开机自启 yum makecache && yum install kibana -y sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service # vim /etc/kibana/kibana.yml server.port: 5601 server.host: "elk3" elasticsearch.url: " # 启动 systemctl start kibana http://10.200.4.37:5601
4)安装Logstash
yum install logstash -y systemctl start logstash.service systemctl enable logstash.service ### 暂时没用,先装上吧
5)安装Grafana
# 查看新的稳定版 http://docs.grafana.org/installation/rpm/ # 安装 wget https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-5.3.1-1.x86_64.rpm sudo yum localinstall grafana-5.3.1-1.x86_64.rpm sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable grafana-server.service sudo /bin/systemctl start grafana-server.service # start的时候报错“Failed to verify pid directory" logger=server error="mkdir /var/run/grafana: permission denied” # 解决:https://github.com/grafana/grafana/issues/4446 # mkdir /var/run/grafana/ # chmod +777 /var/run/grafana/ # environment file位置 /etc/sysconfig/grafana-server # sqlite3数据库位置 /var/lib/grafana/grafana.db
转载于:https://blog.51cto.com/zhanghy/2306574