案例描述
本案例共讲述了多个节点部署Elk集群日志分析系统,分别在三个节点使用ansible部署Kibana、Logstash以及Elasticsearch服务。
案例准备
1. 规划节点
|----------------|---------|------------------------|
| IP | 主机名 | 节点 |
| 192.168.100.25 | ansible | Ansible节点 |
| 192.168.100.35 | node1 | Elasticsearch/Kibana |
| 192.168.100.45 | node2 | Elasticsearch/Logstash |
| 192.168.100.55 | node1 | Elasticsearch |
2. 基准准备
登录物理OpenStack平台,使用CentOS7.9镜像创建四台云主机,云主机类型使用1VCPU/2GB内存/20GB硬盘。
案例实施
1. ELK部署
1.1 配置主机映射
1.1 .1 修改主机名
[root@ansible ~]# systemctl set-hostnamectl ansible
[root@ansible ~]# bash
1.1.2 修改ansible主机映射
[root@ansible ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.25 ansible
192.168.100.35 node1
192.168.100.45 node2
192.168.100.55 node3
1.1.3 配置免密访问
虚拟机root用户密码为000000
[root@ansible ~]# ssh-keygen
[root@ansible ~]# ssh-copy-id node1
[root@ansible ~]# ssh-copy-id node2
[root@ansible ~]# ssh-copy-id node3
vi /etc/ssh/sshd_config
PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
sudo systemctl restart sshd
1.1.4 复制ansible域名解析文件
将ansible节点的域名解析文件复制给安装Elasticsearch集群服务的三个节点
[root@ansible ~]# scp /etc/hosts node1:/etc/
[root@ansible ~]# scp /etc/hosts node2:/etc/
[root@ansible ~]# scp /etc/hosts node3:/etc/
1.1.5 关闭防火墙
[root@redis ~]# systemctl stop firewalld
[root@redis ~]# setenforce 0
1.2 软件包上传及Yum源配置
1.2.1 上传软件包
将提供的Elasticsearch、Kibana以及Logstash软件包上传至ansible节点/root目录下,并将相应服务的软件包拷贝至不同节点
[root@ansible ~]# ls
elasticsearch-6.0.0.rpm kibana-6.0.0-x86_64.rpm logstash-6.0.0.rpm
1.2.2 将软件包拷贝到三个节点
将Elasticsearch软件包拷贝至三个节点,将Kibana软件包拷贝至node1节点,将Logstash软件包拷贝至node2节点
[root@ansible ~]# scp elasticsearch-6.0.0.rpm node1:/root/
[root@ansible ~]# scp elasticsearch-6.0.0.rpm node2:/root/
[root@ansible ~]# scp elasticsearch-6.0.0.rpm node3:/root/
[root@ansible ~]# scp kibana-6.0.0-x86_64.rpm node1:/root/
[root@ansible ~]# scp logstash-6.0.0.rpm node2:/root/
1.2.3 配置本地Yum源
将软件包ansible.tar.gz上传至ansible节点配置本地Yum源,并安装ansible
[root@ansible ~]# ls
ansible.tar.gz elasticsearch-6.0.0.rpm kibana-6.0.0-x86_64.rpm logstash-6.0.0.rpm
[root@ansible ~]# tar -zxvf ansible.tar.gz -C /opt/
[root@ansible ~]# mv /etc/yum.repos.d/* /media/
[root@ansible ~]# vi /etc/yum.repos.d/local.repo
[root@ansible ~]# yum -y install ansible
1.3 配置ansible主机映射
1.3.1 创建示例目录,并配置ansible主机映射
[root@ansible ~]# mkdir example
[root@ansible ~]# cd example
[root@ansible example]# vi /etc/ansible/hosts
1.3.2 安装java
使用CentOS-7-x86_64-DVD-2009.iso镜像文件作为安装库,将镜像挂载至/opt/centos,编写Yum源文件,安装vsftpd服务,用于给远程主机安装Java
[root@redis example]# mkdir /opt/centos
[root@ansible example]# mount /root/CentOS-7-x86_64-DVD-2009.iso /opt/centos/
[root@ansible example]# vi /etc/yum.repos.d/local.repo
[root@ansible example]# yum install -y vsftpd
[root@ansible example]# vi /etc/vsftpd/vsftpd.conf
1.3.3 安装Elasticsearch服务并编写node1节点配置文件
[root@ansible example]# rpm -ivh /root/elasticsearch-6.0.0.rpm
[root@ansible example]# cp -rf /etc/elasticsearch/elasticsearch.yml elk1.yml
[root@ansible example]# cat elk1.yml | grep -Ev "^$|^#"
1.3.4 编写node2节点配置文件
[root@ansible example]# cp elk1.yml elk2.yml
[root@ansible example]# cat elk2.yml | grep -Ev "^$|^#"
1.3.5 编写node3节点配置文件
[root@ansible example]# cp elk1.yml elk3.yml
[root@ansible example]# cat elk3.yml | grep -Ev "^$|^#"
1.3.6 安装kibana获取配置文件
安装kibana服务并编写配置文件
[root@ansible example]# rpm -ivh /root/kibana-6.0.0-x86_64.rpm
[root@ansible example]# cp -rf /etc/kibana/kibana.yml .
[root@ansible example]# cat kibana.yml |grep -v ^#
1.3.7 安装logstash获取配置文件
安装logstash服务并获取配置文件
yum install java-1.8.0-openjdk-devel
[root@ansible example]# rpm -ivh /root/logstash-6.0.0.rpm
[root@ansible example]# cp -rf /etc/logstash/logstash.yml .
[root@ansible example]# vi logstash.yml
http.host: "192.168.100.45"
新建日志输出文件
[root@ansible example]# vi syslog.conf
1.3.8 编写剧本文件
编写Playbook剧本文件
[root@ansible example]# vi cscc_install.yaml
- hosts: all
remote_user: root
tasks:
- name: rm repo
shell: rm -rf /etc/yum.repos.d/*
- name: copy repo
copy: src=ftp.repo dest=/etc/yum.repos.d/
- name: install java
shell: yum -y install java-1.8.0-*
- name: install elk
shell: rpm -ivh elasticsearch-6.0.0.rpm
- hosts: node1
remote_user: root
tasks:
- name: copy config
copy: src=elk1.yml dest=/etc/elasticsearch/elasticsearch.yml
- name: daemon-reload
shell: systemctl daemon-reload
- name: start elk
shell: systemctl start elasticsearch && systemctl enable elasticsearch
- name: install kibana
shell: rpm -ivh kibana-6.0.0-x86_64.rpm
- name: copy config
template: src=kibana.yml dest=/etc/kibana/kibana.yml
- name: start kibana
shell: systemctl start kibana && systemctl enable kibana
- hosts: node2
remote_user: root
tasks:
- name: copy config
copy: src=elk2.yml dest=/etc/elasticsearch/elasticsearch.yml
- name: daemon-reload
shell: systemctl daemon-reload
- name: start elk
shell: systemctl start elasticsearch && systemctl enable elasticsearch
- name: install logstash
shell: rpm -ivh logstash-6.0.0.rpm
- name: copy config
copy: src=logstash.yml dest=/etc/logstash/logstash.yml
- name: copy config
copy: src=syslog.conf dest=/etc/logstash/conf.d/syslog.conf
- hosts: node3
remote_user: root
tasks:
- name: copy config
copy: src=elk3.yml dest=/etc/elasticsearch/elasticsearch.yml
- name: daemon-reload
shell: systemctl daemon-reload
- name: start elk
shell: systemctl start elasticsearch && systemctl enable elasticsearch
执行PlayBook完成ELK集群的部署
[root@ansible example]# ansible-playbook cscc_install.yaml
执行结果如下图
2. 浏览器访问
浏览器访问node1节点5601端口,http://192.168.100.35:5601/
