零、規劃
# 版本 OS CentOS 7.2 ELK version 6.4 ELK Cluster env-elk
| 主機名 | IP | 角色 | 備註 |
| elk1 | 10.200.4.35 | elasticsearch node1 | |
| elk2 | 10.200.4.36 | elasticsearch node2 | |
| elk3 | 10.200.4.37 | kibaba\logstash\grafana | |
| elk4 | 10.200.4.38 | zabbix-server |
一、系統配置
sudo swapoff -a (echo 0 > /proc/sys/vm/swappiness) ulimit -n 65536 vi /etc/security/limits.conf # 結尾前添加 * soft nofile 65536 * hard nofile 655 hostnamectl set-hostname elkN hostnamectl set-hostname elkN --static echo -e "10.200.4.35\telk1" >> /etc/hosts echo -e "10.200.4.36\telk2" >> /etc/hosts echo -e "10.200.4.37\telk3" >> /etc/hosts echo -e "10.200.4.38\telk4" >> /etc/hosts
二、安裝
1)安裝JDK
rpm -ivh jdk-8u131-linux-x64.rpm
2)安裝Elasticsearch
# 導入elastic PGP Key
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
# 配置軟件源,根據要安裝的版本修改
cat > /etc/yum.repos.d/elasticsearch.repo << EOF
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
# 安裝配置開機自啓
yum makecache
yum install elasticsearch -y
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service
# 使用額外的硬盤存儲數據
mkdir /opt/elk-data
mkfs.xfs /dev/vdc
vi /etc/fstab
/dev/vdc /opt/elk-data xfs defaults 0 0
mount -a
df -h
mkdir -p /opt/elk-data/data
mkdir -p /opt/elk-data/log
cd /opt/elk-data/
chown elasticsearch:elasticsearch data/
chown elasticsearch:elasticsearch log/
# 修改elasticsearch配置文件
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: env-elk
path.data: /opt/elk-data/data
path.logs: /opt/elk-data/log
network.host: 0.0.0.0
http.port: 9200
node.name: elk2 # 寫本節點的主機名
discovery.zen.ping.unicast.hosts: ["elk1", "elk2"]
# 啓動節點
systemctl start elasticsearch
systemctl status elasticsearch
curl -XGET 'localhost:9200/?pretty'
curl -XGET 'http://localhost:9200/_cluster/health?pretty'
{
"cluster_name" : "env-elk",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 2,
"number_of_data_nodes" : 2,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
3)安裝Kibana
# 導入elastic PGP Key rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch # 配置軟件源,根據要安裝的版本修改 cat > /etc/yum.repos.d/kibana.repo << EOF [kibana-6.x] name=Kibana repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF # 安裝並配置開機自啓 yum makecache && yum install kibana -y sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service # vim /etc/kibana/kibana.yml server.port: 5601 server.host: "elk3" elasticsearch.url: " # 啓動 systemctl start kibana http://10.200.4.37:5601
4)安裝Logstash
yum install logstash -y systemctl start logstash.service systemctl enable logstash.service ### 暫時沒用,先裝上吧
5)安裝Grafana
# 查看新的穩定版 http://docs.grafana.org/installation/rpm/ # 安裝 wget https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-5.3.1-1.x86_64.rpm sudo yum localinstall grafana-5.3.1-1.x86_64.rpm sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable grafana-server.service sudo /bin/systemctl start grafana-server.service # start的時候報錯“Failed to verify pid directory" logger=server error="mkdir /var/run/grafana: permission denied” # 解決:https://github.com/grafana/grafana/issues/4446 # mkdir /var/run/grafana/ # chmod +777 /var/run/grafana/ # environment file位置 /etc/sysconfig/grafana-server # sqlite3數據庫位置 /var/lib/grafana/grafana.db
