案例描述
本案例共讲述了多个节点部署Elk集群日志分析系统,分别在三个节点使用ansible部署Kibana、Logstash以及Elasticsearch服务。
案例准备
1. 规划节点
|----------------|---------|------------------------|
| IP | 主机名 | 节点 |
| 192.168.100.25 | ansible | Ansible节点 |
| 192.168.100.35 | node1 | Elasticsearch/Kibana |
| 192.168.100.45 | node2 | Elasticsearch/Logstash |
| 192.168.100.55 | node1 | Elasticsearch |
2. 基准准备
登录物理OpenStack平台,使用CentOS7.9镜像创建四台云主机,云主机类型使用1VCPU/2GB内存/20GB硬盘。
案例实施
1. ELK部署
1.1 配置主机映射
1.1 .1 修改主机名
root@ansible \~\]# systemctl set-hostnamectl ansible \[root@ansible \~\]# bash ###### 1.1.2 修改ansible主机映射 \[root@ansible \~\]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.100.25 ansible 192.168.100.35 node1 192.168.100.45 node2 192.168.100.55 node3 ###### 1.1.3 配置免密访问 虚拟机root用户密码为000000 \[root@ansible \~\]# ssh-keygen \[root@ansible \~\]# ssh-copy-id node1 \[root@ansible \~\]# ssh-copy-id node2 \[root@ansible \~\]# ssh-copy-id node3 vi /etc/ssh/sshd_config PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys sudo systemctl restart sshd  ###### 1.1.4 复制ansible域名解析文件 将ansible节点的域名解析文件复制给安装Elasticsearch集群服务的三个节点 \[root@ansible \~\]# scp /etc/hosts node1:/etc/ \[root@ansible \~\]# scp /etc/hosts node2:/etc/ \[root@ansible \~\]# scp /etc/hosts node3:/etc/  ###### 1.1.5 关闭防火墙 \[root@redis \~\]# systemctl stop firewalld \[root@redis \~\]# setenforce 0 ##### 1.2 软件包上传及Yum源配置 ###### 1.2.1 上传软件包 将提供的Elasticsearch、Kibana以及Logstash软件包上传至ansible节点/root目录下,并将相应服务的软件包拷贝至不同节点 \[root@ansible \~\]# ls elasticsearch-6.0.0.rpm kibana-6.0.0-x86_64.rpm logstash-6.0.0.rpm ###### 1.2.2 将软件包拷贝到三个节点 将Elasticsearch软件包拷贝至三个节点,将Kibana软件包拷贝至node1节点,将Logstash软件包拷贝至node2节点 \[root@ansible \~\]# scp elasticsearch-6.0.0.rpm node1:/root/ \[root@ansible \~\]# scp elasticsearch-6.0.0.rpm node2:/root/ \[root@ansible \~\]# scp elasticsearch-6.0.0.rpm node3:/root/ \[root@ansible \~\]# scp kibana-6.0.0-x86_64.rpm node1:/root/ \[root@ansible \~\]# scp logstash-6.0.0.rpm node2:/root/ ###### 1.2.3 配置本地Yum源 将软件包ansible.tar.gz上传至ansible节点配置本地Yum源,并安装ansible \[root@ansible \~\]# ls ansible.tar.gz elasticsearch-6.0.0.rpm kibana-6.0.0-x86_64.rpm logstash-6.0.0.rpm \[root@ansible \~\]# tar -zxvf ansible.tar.gz -C /opt/ \[root@ansible \~\]# mv /etc/yum.repos.d/\* /media/ \[root@ansible \~\]# vi /etc/yum.repos.d/local.repo  \[root@ansible \~\]# yum -y install ansible ##### 1.3 配置ansible主机映射 ###### 1.3.1 创建示例目录,并配置ansible主机映射 \[root@ansible \~\]# mkdir example \[root@ansible \~\]# cd example \[root@ansible example\]# vi /etc/ansible/hosts  ###### 1.3.2 安装java 使用CentOS-7-x86_64-DVD-2009.iso镜像文件作为安装库,将镜像挂载至/opt/centos,编写Yum源文件,安装vsftpd服务,用于给远程主机安装Java \[root@redis example\]# mkdir /opt/centos \[root@ansible example\]# mount /root/CentOS-7-x86_64-DVD-2009.iso /opt/centos/ \[root@ansible example\]# vi /etc/yum.repos.d/local.repo  \[root@ansible example\]# yum install -y vsftpd \[root@ansible example\]# vi /etc/vsftpd/vsftpd.conf  ###### 1.3.3 安装Elasticsearch服务并编写node1节点配置文件 \[root@ansible example\]# rpm -ivh /root/elasticsearch-6.0.0.rpm \[root@ansible example\]# cp -rf /etc/elasticsearch/elasticsearch.yml elk1.yml \[root@ansible example\]# cat elk1.yml \| grep -Ev "\^$\|\^#"  ###### 1.3.4 编写node2节点配置文件 \[root@ansible example\]# cp elk1.yml elk2.yml \[root@ansible example\]# cat elk2.yml \| grep -Ev "\^$\|\^#"  ###### 1.3.5 编写node3节点配置文件 \[root@ansible example\]# cp elk1.yml elk3.yml \[root@ansible example\]# cat elk3.yml \| grep -Ev "\^$\|\^#"  ###### 1.3.6 安装kibana获取配置文件 安装kibana服务并编写配置文件 \[root@ansible example\]# rpm -ivh /root/kibana-6.0.0-x86_64.rpm \[root@ansible example\]# cp -rf /etc/kibana/kibana.yml . \[root@ansible example\]# cat kibana.yml \|grep -v \^#  ###### 1.3.7 安装logstash获取配置文件 安装logstash服务并获取配置文件 yum install java-1.8.0-openjdk-devel \[root@ansible example\]# rpm -ivh /root/logstash-6.0.0.rpm \[root@ansible example\]# cp -rf /etc/logstash/logstash.yml . \[root@ansible example\]# vi logstash.yml http.host: "192.168.100.45" 新建日志输出文件 \[root@ansible example\]# vi syslog.conf  ###### 1.3.8 编写剧本文件 编写Playbook剧本文件 \[root@ansible example\]# vi cscc_install.yaml - hosts: all remote_user: root tasks: - name: rm repo shell: rm -rf /etc/yum.repos.d/\* - name: copy repo copy: src=ftp.repo dest=/etc/yum.repos.d/ - name: install java shell: yum -y install java-1.8.0-\* - name: install elk shell: rpm -ivh elasticsearch-6.0.0.rpm - hosts: node1 remote_user: root tasks: - name: copy config copy: src=elk1.yml dest=/etc/elasticsearch/elasticsearch.yml - name: daemon-reload shell: systemctl daemon-reload - name: start elk shell: systemctl start elasticsearch \&\& systemctl enable elasticsearch - name: install kibana shell: rpm -ivh kibana-6.0.0-x86_64.rpm - name: copy config template: src=kibana.yml dest=/etc/kibana/kibana.yml - name: start kibana shell: systemctl start kibana \&\& systemctl enable kibana - hosts: node2 remote_user: root tasks: - name: copy config copy: src=elk2.yml dest=/etc/elasticsearch/elasticsearch.yml - name: daemon-reload shell: systemctl daemon-reload - name: start elk shell: systemctl start elasticsearch \&\& systemctl enable elasticsearch - name: install logstash shell: rpm -ivh logstash-6.0.0.rpm - name: copy config copy: src=logstash.yml dest=/etc/logstash/logstash.yml - name: copy config copy: src=syslog.conf dest=/etc/logstash/conf.d/syslog.conf - hosts: node3 remote_user: root tasks: - name: copy config copy: src=elk3.yml dest=/etc/elasticsearch/elasticsearch.yml - name: daemon-reload shell: systemctl daemon-reload - name: start elk shell: systemctl start elasticsearch \&\& systemctl enable elasticsearch 执行PlayBook完成ELK集群的部署 \[root@ansible example\]# ansible-playbook cscc_install.yaml 执行结果如下图  #### 2. 浏览器访问 浏览器访问node1节点5601端口,http://192.168.100.35:5601/ 