时间戳

首页 > 技术文章 > 部署ELK

部署ELK

momenglin 2019-04-21 12:56 原文

1.搭建客户机Nginx

ls[root@nginx ~]# hostname

nginx

[root@nginx ~]# cat /etc/redhat-release

CentOS release 6.5 (Final)

[root@nginx ~]# uname -r

2.6.32-431.el6.x86_64

[root@nginx ~]# /etc/init.d/iptables stop

iptables:将链设置为政策 ACCEPT:filter                    [确定]

iptables:清除防火墙规则:                                 [确定]

iptables:正在卸载模块:                                   [确定]

[root@nginx ~]# setenforce 0

setenforce: SELinux is disabled

[root@nginx ~]# chkconfig iptables off

[root@nginx ~]# tar xf nginx-1.13.12.tar.gz -C /usr/src/

[root@nginx ~]# useradd -M -s /sbin/nologin nginx

[root@nginx ~]# cd /usr/src/nginx-1.13.12/

[root@nginx nginx-1.13.12]# ./configure --prefix=/usr/local/nginx --user=nginx --group=nginx && make && make install

[root@nginx nginx-1.13.12]# cp -p /usr/local/nginx/sbin/* /usr/local/sbin/

[root@nginx nginx-1.13.12]# nginx

[root@nginx nginx-1.13.12]# netstat -anpt|grep nginx

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      5605/nginx

2部署客户机Apache:

[root@Apache ~]# hostname

Apache

[root@Apache ~]# cat /etc/redhat-release

CentOS release 6.5 (Final)

[root@Apache ~]# uname -r

2.6.32-431.el6.x86_64

[root@Apache ~]# /etc/init.d/iptables stop

[root@Apache ~]# setenforce 0

[root@Apache ~]# tar xf apr-1.5.1.tar.gz -C /usr/src/

[root@Apache ~]# tar xf apr-util-1.5.1.tar.gz -C /usr/src/

[root@Apache ~]# tar xf  httpd-2.4.33.tar.gz  -C /usr/src/

[root@Apache ~]# cd /usr/src/apr-1.5.1/

[root@Apache apr-1.5.1]# ./configure prefix=/usr/local/apr && make && make install

[root@Apache apr-1.5.1]# cd ../apr-util-1.5.1/

[root@Apache apr-util-1.5.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/ && make && make install

[root@Apache apr-util-1.5.1]# cd ../httpd-2.4.33/

[root@Apache httpd-2.4.33]# ./configure --prefix=/usr/local/httpd --enable-so --enable-rewrite --enable-header --enable-charset-lite --enable-cgi --with-apr=/usr/local/apr/ --with-apr-util=/usr/local/apr-util/ && make && make install

[root@Apache httpd-2.4.33]# ln -s /usr/local/httpd/bin/* /usr/local/sbin/

[root@Apache httpd-2.4.33]# apachectl start

AH00557: httpd: apr_sockaddr_info_get() failed for Apache

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message

[root@Apache httpd-2.4.33]# netstat -anpt|grep httpd

tcp        0      0 :::80                       :::*                        LISTEN      34117/httpd 

3.部署Elasticserch(Logstash、Kibana三台都需要安装JDK)

1.查看系统环境:

[root@Elasticserch ~]# hostname

Elasticserch

[root@Elasticserch ~]# cat /etc/redhat-release

CentOS release 6.5 (Final)

[root@Elasticserch ~]# uname -r

2.6.32-431.el6.x86_64

[root@Elasticserch ~]# /etc/init.d/iptables stop         

[root@Elasticserch ~]# setenforce 0

2.安装JDK环境:

[root@Elasticserch ~]# tar xf jdk-8u161-linux-x64.tar.gz

[root@Elasticserch ~]# mv jdk1.8.0_161/ /usr/local/java

[root@Elasticserch ~]# vim /etc/profile.d/java.sh

export JAVA_HOME=/usr/local/java

export PATH=$PATH:$JAVA_HOME/bin

[root@Elasticserch ~]# source /etc/profile

[root@Elasticserch ~]# java -version

java version "1.8.0_161"

Java(TM) SE Runtime Environment (build 1.8.0_161-b12)

Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)

3.安装Elasticserch节点:

[root@Elasticserch ~]# tar xf elasticsearch-6.2.4.tar.gz

[root@Elasticserch ~]# mv elasticsearch-6.2.4 /usr/local/elasticsearch

[root@Elasticserch ~]# cd /usr/local/elasticsearch/

[root@Elasticserch elasticsearch]# cd config/

[root@Elasticserch config]# cp elasticsearch.yml{,.default}     #备份配置文件,防止修改错误

4.修改配置文件:

[root@Elasticserch config]# vim elasticsearch.yml

cluster.name: my-es-cluster           #集群的名称

node.name: node-1                 #节点的名称

path.data: /usr/local/elasticsearch/data   #数据路径

path.logs: /usr/local/ elasticsearch /logs    #日志路径

bootstrap.memory_lock: false          #这行去掉注释把ture改成false,不改会造成服务启动报错

bootstrap.system_call_filter: false      #添加这行,否则启动会报错。

配置上述两行的原因:
这是在因为Centos6不支持SecComp,而ES5.2.0默认bootstrap.system_call_filter为true进行检测,所以导致检测失败,失败后直接导致ES不能启动。

network.host: 192.168.200.132          # elasticsearch主机地址

http.port: 9200                        #端口号

discovery.zen.ping.unicast.hosts: ["node-1"]  #启动新节点通过主机列表发现。

discovery.zen.minimum_master_nodes: 1    #总节点数

[root@elasticsearch ~]# vim /etc/security/limits.d/90-nproc.conf

*          soft    nproc     4096   #默认1024,改成4096

[root@elasticsearch ~]# vim /etc/sysctl.conf

#末尾追加否则服务会报错。

vm.max_map_count=655360

[root@elasticsearch ~]# sysctl -p   #使上述配置生效

3.创建elasticsearch运行的用户:

[root@Elasticserch config]# useradd elasticsearch

[root@Elasticserch config]# chown -R elasticsearch.elasticsearch /usr/local/elasticsearch/

4.修改文件句柄数:

[root@Elasticserch config]# vim /etc/security/limits.conf

#添加下面内容:

*               soft    nofile           65536

*               hard    nofile           65536

*               soft    nproc           65536

*               hard    nproc           65536

5.切换用户启动服务

[root@Elasticserch config]# su - elasticsearch

[elasticsearch@Elasticserch ~]$ cd /usr/local/elasticsearch/

[elasticsearch@elasticsearch elasticsearch]$ bin/elasticsearch &

注:如果启动错误请看下上述配置过程黄色标记的部分是否有配置错误或者没有配置。

 

6.查看服务是否启动成功

[root@elasticsearch ~]# netstat -anpt

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  

tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      970/rpcbind        

tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1150/sshd          

tcp        0      0 0.0.0.0:56600               0.0.0.0:*                   LISTEN      988/rpc.statd      

tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1226/master        

tcp        0     64 192.168.200.132:22          192.168.200.2:62459         ESTABLISHED 1301/sshd          

tcp        0      0 :::111                      :::*                        LISTEN      970/rpcbind        

tcp        0      0 ::ffff:192.168.200.132:9200 :::*                        LISTEN      3990/java          

tcp        0      0 ::ffff:192.168.200.132:9300 :::*                        LISTEN      3990/java          

tcp        0      0 :::52916                    :::*                        LISTEN      988/rpc.statd      

tcp        0      0 :::22                       :::*                        LISTEN      1150/sshd           

tcp        0      0 ::1:25                      :::*                        LISTEN      1226/master      

7.简单测试下:

[root@elasticsearch ~]# curl http://192.168.200.132:9200

{

  "name" : "node-1",

  "cluster_name" : "my-es-cluster",

  "cluster_uuid" : "tMW5tRXMTwO0g1i9BAp0rg",

  "version" : {

    "number" : "6.2.4",

    "build_hash" : "ccec39f",

    "build_date" : "2018-04-12T20:37:28.497551Z",

    "build_snapshot" : false,

    "lucene_version" : "7.2.1",

    "minimum_wire_compatibility_version" : "5.6.0",

    "minimum_index_compatibility_version" : "5.0.0"

  },

  "tagline" : "You Know, for Search"

}

说明服务正常。

8.安装head插件:

[root@Elasticserch ~]# vim /usr/local/elasticsearch/config/elasticsearch.yml

# 增加参数,使head插件可以访问es

http.cors.enabled: true

http.cors.allow-origin: "*"

下载head插件

wget https://github.com/mobz/elasticsearch-head/archive/master.zip

安装node

wget https://npm.taobao.org/mirrors/node/latest-v4.x/node-v4.4.7-linux-x64.tar.gz

 tar -zxvf node-v4.4.7-linux-x64.tar.gz

配置下环境变量,编辑/etc/profile添加

[root@Elasticserch ~]# vim /etc/profile.d/node.sh

export NODE_HOME=/root/node-v4.4.7-linux-x64

export PATH=$PATH:$NODE_HOME/bin

export DODE_PATH=$NODE_HOME/lib/node_modules

[root@Elasticserch ~]# . /etc/profile

安装grunt

grunt是基于Node.js的项目构建工具,可以进行打包压缩、测试、执行等等的工作,head插件就是通过grunt启动

[root@Elasticserch ~]# unzip master.zip

[root@Elasticserch ~]# cd elasticsearch-head-master/

[root@Elasticserch elasticsearch-head-master]# npm install -g grunt-cli         # 执行后会生成node_modules文件夹

[root@Elasticserch elasticsearch-head-master]# grunt -version

grunt-cli v1.2.0

[root@Elasticserch elasticsearch-head-master]# vim Gruntfile.js

               connect: {

                        server: {

                                options: {

                                        port: 9100,

                                        base: '.',

                                        keepalive: true

                                        hostname: '*'             #添加这行

[root@Elasticserch elasticsearch-head-master]# vim _site/app.js

(function( app, i18n ) {

 

        var ui = app.ns("ui");

        var services = app.ns("services");

 

        app.App = ui.AbstractWidget.extend({

                defaults: {

                        base_uri: null

                },

                init: function(parent) {

                        this._super();

                        this.prefs = services.Preferences.instance();

                        this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.200.130:9200";            #改成es地址

运行head

[root@Elasticserch elasticsearch-head-master]# grunt server &

 

重启es

报错解决方法:

npm config set strict-ssl false

npm config set registry http://registry.cnpmjs.org

npm info underscore

npm --registry http://registry.cnpmjs.org info underscore

编辑 ~/.npmrc 加入下面内容

registry = http://registry.cnpmjs.org

 

推荐阅读