ELK：日志监控平台部署-基于elastic stack 8版本

ELK：日志监控平台部署

前言
一、系统准备工作
- [1. 配置hosts文件](#1. 配置hosts文件)
- [2. 配置互信免密登录](#2. 配置互信免密登录)
- 3.设置NTP时钟同步
- 4.关闭firewalld和selinux
- 5.关闭交换分区
- 6.调整内存映射区域数限制
- 7.调整文件、进程、内存资源限制
二、部署JDK
- [1. 解压软件](#1. 解压软件)
- [2. 编辑环境变量](#2. 编辑环境变量)
- [3. 验证结构](#3. 验证结构)
三、部署ES
- [1. 创建用户](#1. 创建用户)
- [2. 创建目录](#2. 创建目录)
- [3. 解压程序](#3. 解压程序)
- [4. 创建证书](#4. 创建证书)
- [5. 编写配置文件](#5. 编写配置文件)
- [6. 启动](#6. 启动)
- [7. 配置密码](#7. 配置密码)
- [8. 验证](#8. 验证)
四、部署Kibana
- [1. 解压软件并授权](#1. 解压软件并授权)
- [2. 编辑配置文件](#2. 编辑配置文件)
- [3. 启动程序](#3. 启动程序)
- [4. 登录验证](#4. 登录验证)
五、部署zookeeper
- [1. 创建运行目录](#1. 创建运行目录)
- [2. 解压软件并授权](#2. 解压软件并授权)
- [3. 切换用户修改配置文件](#3. 切换用户修改配置文件)
- [4. 启动并验证](#4. 启动并验证)
六、部署kafka
- [1. 创建运行目录](#1. 创建运行目录)
- [2. 解压软件](#2. 解压软件)
- [3. 查看kafka对应的zookeeper版本](#3. 查看kafka对应的zookeeper版本)
- [4. 修改kafka配置文件](#4. 修改kafka配置文件)
- [5. 同步配置文件](#5. 同步配置文件)
- [6. 授权](#6. 授权)
- [7. 启动](#7. 启动)
- [8. 验证](#8. 验证)
知识补充
- [1. 在ES中创建用户并授权](#1. 在ES中创建用户并授权)

前言

简介

最近在学习ELK，已完成了集群的部署，但在部署期间遇到很多问题，从而浪费很长时间，所以想将部署过程记录下来，分享给大家，希望大家少走弯路，加快学习效率，也为自己巩固知识，愿与大家共同成长！

架构

主机名	IP	软件	角色
elk1	192.168.31.111	ES ZK Kafka Filebeat	master、data
elk2	192.168.31.112	ES ZK Kafka Filebeat	master、data
elk3	192.168.31.113	ES ZK Kafka Filebeat	master、data
elk4	192.168.31.114	Logstach Kabina

软件包下载

链接: https://pan.baidu.com/s/1u0C36gwQUN6JbtxDNm3u_A?pwd=YSnb 提取码: YSnb

视频链接（自己录制，原创）

ELK-日志监控平台-部署教程-1-部署前准备工作

https://www.bilibili.com/video/BV1Ts1PYGELu?vd_source=8e069ee61132fd8c52b63a8467883499

一、系统准备工作

1. 配置hosts文件

[root@elk1 ~]# vim /etc/hosts
192.168.31.111 elk1
192.168.31.112 elk2
192.168.31.113 elk3
192.168.31.114 elk4

2. 配置互信免密登录

2.1 生成密钥对

[root@elk1 ~]# ssh-keygen -t rsa

2.2 发送公钥

[root@elk1 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@ek2

3.设置NTP时钟同步

3.1 安装ntpdate

[root@elk1 ~]# yum -y install ntpdate

3.2 同步时钟

[root@elk1 ~]# ntpdate ntp.aliyun.com

3.2 配置时钟同步定时任务

[root@elk1 ~]# echo "*/5 * * * * ntpdate ntp.aliyun.com > /dev/null 2>&1" > /var/spool/cron/root

4.关闭firewalld和selinux

[root@elk1 ~]# vim /etc/selinux/config 
SELINUX=disabled

5.关闭交换分区

5.1 临时生效

[root@elk1 ~]# swapoff -a

5.2 永久生效

[root@elk1 ~]# vim /etc/fstab 
# swap 相关的行

6.调整内存映射区域数限制

6.1 查看当前值

[root@elk1 ~]# sysctl vm.max_map_count
vm.max_map_count = 65530

6.2 临时调整

[root@elk1 ~]# sysctl -w vm.max_map_count=262144
vm.max_map_count = 262144

6.3 永久调整

[root@elk1 ~]# rm -rf /etc/sysctl.d/99-sysctl.conf

[root@elk1 ~]# vim /etc/sysctl.conf 
vm.max_map_count=262144

[root@elk1 ~]# sysctl -p
vm.max_map_count = 262144

7.调整文件、进程、内存资源限制

[root@elk1 ~]# vim /etc/security/limits.conf
*    soft    nofile    65536
*    hard    nofile    65536
*    soft    nproc     4096
*    hard    nproc     4096
*    soft    memlock   unlimited
*    hard    memlock   unlimited

二、部署JDK

1. 解压软件

[root@elk1 package]# tar zxf jdk-8u281-linux-x64.tar.gz -C /opt/soft/

2. 编辑环境变量

[root@elk1 ~]# vim /etc/profile
export JAVA_HOME=/opt/soft/jdk1.8.0_281
export PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin
export CLASSPATH=$JAVA_HOME/lib:$JAVA_HOME/jre/lib

3. 验证结构

[root@elk1 ~]# source /etc/profile

[root@elk1 ~]# java -version
java version "1.8.0_281"
Java(TM) SE Runtime Environment (build 1.8.0_281-b09)
Java HotSpot(TM) 64-Bit Server VM (build 25.281-b09, mixed mode)

三、部署ES

1. 创建用户

[root@elk3 ~]# useradd elastic

2. 创建目录

[root@elk1 ~]# mkdir -p /opt/es/data
[root@elk1 ~]# chown -R elastic:elastic /opt/es

3. 解压程序

[root@elk1 ~]# su - elastic
[elastic@elk1 ~]$ cd /opt/soft/
[elastic@elk1 soft]$ tar zxf elasticsearch-8.14.0-linux-x86_64.tar.gz -C /opt/es/

4. 创建证书

[elastic@elk1 ~]$ cd /opt/es/elasticsearch-8.14.0/bin
[elastic@elk1 bin]$ ./elasticsearch-certutil ca
[elastic@elk1 bin]$ ./elasticsearch-certutil cert --ca elastic-stack-ca.p12

5. 编写配置文件

[elastic@elk1 config]$ egrep -v "^#|^$" elasticsearch.yml 
cluster.name: elk
node.name: elk1
node.roles: [data,master]
path.data: /opt/es/data
path.logs: /opt/es/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
transport.port: 9300
discovery.seed_hosts: ["elk1", "elk2", "elk3"]
cluster.initial_master_nodes: ["elk1"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

6. 启动

[elastic@elk1 bin]$ ./elasticsearch -d

7. 配置密码

[elastic@elk1 ~]$ cd /opt/es/elasticsearch-8.14.0/bin/
[elastic@elk1 bin]$ ./elasticsearch-setup-passwords

8. 验证

8.1 查看节点状态

http://192.168.31.113:9200/_cat/nodes

8.2 查看ES中有哪些用户

http://192.168.31.113:9200/_security/user

四、部署Kibana

1. 解压软件并授权

[root@elk4 ~]# cd /opt/soft
[root@elk4 soft]# mkdir /opt/kibana
[root@elk4 soft]# tar zxf kibana-8.14.0-linux-x86_64.tar.gz -C /opt/kibana/
[root@elk4 ~]# chown -R elastic:elastic /opt/kibana/

2. 编辑配置文件

[root@elk4 ~]# su - elastic
[elastic@elk4 ~]$ cd /opt/kibana/kibana-8.14.0/config/
[elastic@elk4 config]$ egrep -v "^#|^$" kibana.yml
server.port: 5601
server.host: "elk4"
elasticsearch.hosts: ["http://elk1:9200","http://elk2:9200","http://elk3:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "1qaz3edc"

3. 启动程序

[elastic@elk4 ~]$ cd /opt/kibana/kibana-8.14.0/bin/
[elastic@elk4 bin]$ nohup ./kibana &
[elastic@elk4 bin]$ ps -ef | grep node
elastic    1288   1262 92 22:47 pts/0    00:00:16 ./../node/bin/node ./../src/cli/dist

4. 登录验证

http://192.168.31.114:5601/

五、部署zookeeper

1. 创建运行目录

[root@elk1 ~]# mkdir /opt/zk/{logs,data}

2. 解压软件并授权

[root@elk1 soft]# tar zxf apache-zookeeper-3.7.2-bin.tar.gz -C /opt/zk/
[root@elk1 soft]# chown -R elastic:elastic /opt/zk/

3. 切换用户修改配置文件

[root@elk1 soft]# su - elastic

[elastic@elk1 ~]$ cd /opt/zk/apache-zookeeper-3.7.2-bin/conf/
[elastic@elk1 conf]$ egrep -v "^$|^#" zoo.cfg 
tickTime=2000
initLimit=10
syncLimit=5
dataDir=/opt/zk/data
dataLogDir=/opt/zk/logs
clientPort=2181
server.1=192.168.31.111:2888:3888
server.2=192.168.31.112:2888:3888
server.3=192.168.31.113:2888:3888

[elastic@elk1 conf]$ cd /opt/zk/data/
[elastic@elk1 data]$ cat myid 
1

4. 启动并验证

[elastic@elk1 data]$ cd /opt/zk/apache-zookeeper-3.7.2-bin/bin/
[elastic@elk1 bin]$ ./zkServer.sh start
[elastic@elk1 bin]$ ./zkServer.sh status

六、部署kafka

1. 创建运行目录

[root@elk1 ~]# mkdir -p /opt/kafka/logs

2. 解压软件

[root@elk1 ~]# tar zxf /opt/soft/kafka_2.13-3.7.1.tgz -C /opt/kafka/

3. 查看kafka对应的zookeeper版本

[root@elk1 ~]# cd /opt/kafka/kafka_2.13-3.7.1
[root@elk1 kafka_2.13-3.7.1]# grep zookeeper LICENSE 
zookeeper-3.8.4
zookeeper-jute-3.8.4

4. 修改kafka配置文件

[elastic@elk1 config]$ egrep -v "^#|^$" server.properties
broker.id=1
advertised.listeners=PLAINTEXT://elk1:9092
num.network.threads=3
num.io.threads=8
socket.send.buffer.bytes=102400
socket.receive.buffer.bytes=102400
socket.request.max.bytes=104857600
log.dirs=/opt/kafka/logs
num.partitions=1
num.recovery.threads.per.data.dir=1
offsets.topic.replication.factor=1
transaction.state.log.replication.factor=1
transaction.state.log.min.isr=1
log.flush.interval.messages=10000
log.flush.interval.ms=1000
log.retention.hours=24
log.retention.check.interval.ms=300000
zookeeper.connect=elk1:2181,elk2:2181,elk3:2181
zookeeper.connection.timeout.ms=18000
group.initial.rebalance.delay.ms=0

5. 同步配置文件

[root@elk1 config]# scp server.properties root@elk2:`pwd`
[root@elk1 config]# scp server.properties root@elk2:`pwd`

6. 授权

chown -R elastic:elastic /opt/kafka/

7. 启动

[elastic@elk1 kafka_2.13-3.7.1]$ cd /opt/kafka/kafka_2.13-3.7.1
[elastic@elk1 kafka_2.13-3.7.1]$ nohup ./bin/kafka-server-start.sh ./config/server.properties > kafka.log 2>&1 &

8. 验证

[elastic@elk1 kafka_2.13-3.7.1]$ jps
2065 Kafka

[elastic@elk1 kafka_2.13-3.7.1]$ cd /opt/zk/apache-zookeeper-3.8.4-bin/bin/
[elastic@elk1 bin]$ ./zkCli.sh -server elk1:2181
[zk: elk1:2181(CONNECTED) 2] ls /brokers/ids
[1, 2, 3]
[zk: elk1:2181(CONNECTED) 3] get /brokers/ids/1
{"features":{},"listener_security_protocol_map":{"PLAINTEXT":"PLAINTEXT"},"endpoints":["PLAINTEXT://elk1:9092"],"jmx_port":-1,"port":9092,"host":"elk1","version":5,"timestamp":"1730647375569"}
[zk: elk1:2181(CONNECTED) 4] get /brokers/ids/2
{"features":{},"listener_security_protocol_map":{"PLAINTEXT":"PLAINTEXT"},"endpoints":["PLAINTEXT://elk2:9092"],"jmx_port":-1,"port":9092,"host":"elk2","version":5,"timestamp":"1730647484714"}
[zk: elk1:2181(CONNECTED) 5] get /brokers/ids/3
{"features":{},"listener_security_protocol_map":{"PLAINTEXT":"PLAINTEXT"},"endpoints":["PLAINTEXT://elk3:9092"],"jmx_port":-1,"port":9092,"host":"elk3","version":5,"timestamp":"1730647488343"}

[elastic@elk1 bin]$ pwd
/opt/kafka/kafka_2.13-3.7.1/bin
[elastic@elk1 bin]$ ./kafka-topics.sh --create --topic test --bootstrap-server 192.168.31.111:9092,192.168.31.112:9092,192.168.31.113:9092
Created topic test.
[elastic@elk1 bin]$ ./kafka-topics.sh --list --bootstrap-server 192.168.31.111:9092,192.168.31.112:9092,192.168.31.113:9092
test

知识补充

1. 在ES中创建用户并授权

[elastic@elk1 bin]$ pwd
/opt/es/elasticsearch-8.14.0/bin
[elastic@elk1 bin]$ ./elasticsearch-users useradd test
[elastic@elk1 bin]$ ./elasticsearch-users roles -a superuser test
[elastic@elk1 bin]$ ./elasticsearch-users roles -a kibana_system test