零、規劃
# 版本 OS CentOS 7.2 ELK version 6.4 ELK Cluster env-elk
主機名 | IP | 角色 | 備註 |
elk1 | 10.200.4.35 | elasticsearch node1 | |
elk2 | 10.200.4.36 | elasticsearch node2 | |
elk3 | 10.200.4.37 | kibaba\logstash\grafana | |
elk4 | 10.200.4.38 | zabbix-server |
一、系統配置
sudo swapoff -a (echo 0 > /proc/sys/vm/swappiness) ulimit -n 65536 vi /etc/security/limits.conf # 結尾前添加 * soft nofile 65536 * hard nofile 655 hostnamectl set-hostname elkN hostnamectl set-hostname elkN --static echo -e "10.200.4.35\telk1" >> /etc/hosts echo -e "10.200.4.36\telk2" >> /etc/hosts echo -e "10.200.4.37\telk3" >> /etc/hosts echo -e "10.200.4.38\telk4" >> /etc/hosts
二、安裝
1)安裝JDK
rpm -ivh jdk-8u131-linux-x64.rpm
2)安裝Elasticsearch
# 導入elastic PGP Key rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch # 配置軟件源,根據要安裝的版本修改 cat > /etc/yum.repos.d/elasticsearch.repo << EOF [elasticsearch-6.x] name=Elasticsearch repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF # 安裝配置開機自啓 yum makecache yum install elasticsearch -y sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable elasticsearch.service # 使用額外的硬盤存儲數據 mkdir /opt/elk-data mkfs.xfs /dev/vdc vi /etc/fstab /dev/vdc /opt/elk-data xfs defaults 0 0 mount -a df -h mkdir -p /opt/elk-data/data mkdir -p /opt/elk-data/log cd /opt/elk-data/ chown elasticsearch:elasticsearch data/ chown elasticsearch:elasticsearch log/ # 修改elasticsearch配置文件 vi /etc/elasticsearch/elasticsearch.yml cluster.name: env-elk path.data: /opt/elk-data/data path.logs: /opt/elk-data/log network.host: 0.0.0.0 http.port: 9200 node.name: elk2 # 寫本節點的主機名 discovery.zen.ping.unicast.hosts: ["elk1", "elk2"] # 啓動節點 systemctl start elasticsearch systemctl status elasticsearch curl -XGET 'localhost:9200/?pretty' curl -XGET 'http://localhost:9200/_cluster/health?pretty' { "cluster_name" : "env-elk", "status" : "green", "timed_out" : false, "number_of_nodes" : 2, "number_of_data_nodes" : 2, "active_primary_shards" : 0, "active_shards" : 0, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 }
3)安裝Kibana
# 導入elastic PGP Key rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch # 配置軟件源,根據要安裝的版本修改 cat > /etc/yum.repos.d/kibana.repo << EOF [kibana-6.x] name=Kibana repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF # 安裝並配置開機自啓 yum makecache && yum install kibana -y sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable kibana.service # vim /etc/kibana/kibana.yml server.port: 5601 server.host: "elk3" elasticsearch.url: " # 啓動 systemctl start kibana http://10.200.4.37:5601
4)安裝Logstash
yum install logstash -y systemctl start logstash.service systemctl enable logstash.service ### 暫時沒用,先裝上吧
5)安裝Grafana
# 查看新的穩定版 http://docs.grafana.org/installation/rpm/ # 安裝 wget https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-5.3.1-1.x86_64.rpm sudo yum localinstall grafana-5.3.1-1.x86_64.rpm sudo /bin/systemctl daemon-reload sudo /bin/systemctl enable grafana-server.service sudo /bin/systemctl start grafana-server.service # start的時候報錯“Failed to verify pid directory" logger=server error="mkdir /var/run/grafana: permission denied” # 解決:https://github.com/grafana/grafana/issues/4446 # mkdir /var/run/grafana/ # chmod +777 /var/run/grafana/ # environment file位置 /etc/sysconfig/grafana-server # sqlite3數據庫位置 /var/lib/grafana/grafana.db