ELK部署脚本---亲测可用
Posted IT大白鼠
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELK部署脚本---亲测可用相关的知识,希望对你有一定的参考价值。
环境:centos7.9 && 网络通畅
注意事项:部分扩展需要连接github网站,你懂的,可能导致部分插件安装失败,可以在脚本执行中跳过,待网络良好时再安装。操作方法文后给出。
架构:两台elasticsearch(分别对应两个节点脚本);一台logstash,对应加入日志管理的机器。
废话少说,直接上脚本:
elasticsearch-node1脚本:(脚本运行中会提示你输入部分信息如IP,日志文件路径以及日志文件类型等)
#!/bin/bash
#function:ELK-YUM-node1
#author:tommypeng 20220729
#####root判断#####
if
[ "$USER" != "root" ]
then
echo "错误:非root用户,权限不足!"
exit 0
fi
###############防火墙及SElinux############
systemctl stop firewalld && systemctl disable firewalld && echo "防火墙已经关闭"
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config && echo "关闭selinux"
##############网络测试##############
ping -c 3 www.baidu.com
if
[ $? = 0 ]
then
echo "外网通讯良好!"
else
echo "丫的你在逗我吗?网都没有安装个毛线!"
exit 1
fi
##############yum源配置################
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch &&
cat >> /etc/yum.repos.d/elasticsearch.repo << EOF
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enable=1
EOF
sleep 5
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch &&
cat >> /etc/yum.repos.d/logstash.repo << EOG
[logstash-2.1]
name=Logstash repository for 2.1.x packages
baseurl=http://packages.elastic.co/logstash/2.1/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enable=1
EOG
sleep 5
###############jdk###############
yum install java -y
############elasticsearch#################
yum install elasticsearch -y
if [ $? -eq 0 ];then
echo -e "\\n\\033[32m-----------------------------------------------\\033[0m"
echo -e "\\033[32melasticsearch安装成功 !\\033[0m"
else
echo -e "\\033[32mmelasticsearch安装失败,即将退出 !"
exit 0
fi
cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.bak && rm -rf /etc/elasticsearch/elasticsearch.yml
read -p "请输入另一台ES节点的IP" KIP
cat >> /etc/elasticsearch/elasticsearch.yml << EOG
cluster.name: test
node.name: test-1
path.data: /data/es-data
path.logs: /var/log/elasticsearch/
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["127.0.0.1", "$KIP"]
EOG
sleep 5
#cat >> /etc/security/limits.conf << EOF
#elasticsearch soft memlock unlimited
#elasticsearch hard memlock unlimited
#EOF
mkdir -p /data/es-data && chown -R elasticsearch:elasticsearch /data/es-data
sleep 5
systemctl start elasticsearch.service
if [ $? -eq 0 ];then
echo -e "\\n\\033[32m-----------------------------------------------\\033[0m"
echo -e "\\033[32melasticsearch启动成功 !\\033[0m"
else
echo -e "\\033[32mmelasticsearch启动失败,继续安装,请在脚本运行完成后手动启动 !"
fi
##############head##########
cd /usr/share/elasticsearch/ && /usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
##/usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
#sleep 5
IP=$(ip a | grep "inet "|grep "ens33" | awk 'print $2'| awk -F / 'print $1')
echo "登录http://$IP:9200/_plugin/head/访问您的elasticsearch "
sleep 5
############kopf##############
cd /usr/share/elasticsearch/ && /usr/share/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf
echo "登录http://$IP:9200/_plugin/kopf 查看节点负载 "
sleep 5
##############logstash#############
yum install logstash -y
sleep 5
ln -s /opt/logstash/bin/logstash /usr/bin/
read -p "请输入您要监控的本机日志文件路径" PPO
read -p "请输入您要监控的本机日志文件类型(对应ES索引)" WOKAO
cat >> /opt/logstash/bin/file.conf << EOG
input
file
path => "$PPO"
type => "$WOKAO"
start_position => "beginning"
output
elasticsearch
hosts => ["$IP:9200"]
index => "$WOKAO-%+YYYY.MM.dd"
EOG
systemctl start logstash
sleep 5
systemctl restart logstash
cd /opt/logstash/bin/ && /opt/logstash/bin/logstash -f file.conf&
###########kibana##################
cd ~
wget https://download.elastic.co/kibana/kibana/kibana-4.3.1-linux-x64.tar.gz
tar zxvf kibana-4.3.1-linux-x64.tar.gz -C /opt/ && mv /opt/kibana-4.3.1-linux-x64/ /opt/kibana/
cat >> /opt/kibana/config/kibana.yml << EOF
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://$IP:9200"
kibana.index: ".kibana"
EOF
/opt/kibana/bin/kibana
echo "登录http://$IP:9200/_plugin/head/访问您的elasticsearch "
echo "访问http://$IP:5601 来查看管理您的日志吧 "
elasticsearch-node2脚本:
#!/bin/bash
#function:ELK-YUM-note2
#author:tommypeng 20220729
#####root判断#####
if
[ "$USER" != "root" ]
then
echo "错误:非root用户,权限不足!"
exit 0
fi
###############防火墙及SElinux############
systemctl stop firewalld && systemctl disable firewalld && echo "防火墙已经关闭"
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config && echo "关闭selinux"
##############网络测试##############
ping -c 3 www.baidu.com
if
[ $? = 0 ]
then
echo "外网通讯良好!"
else
echo "丫的你在逗我吗?网都没有安装个毛线!"
exit 1
fi
##############yum源配置################
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch &&
cat >> /etc/yum.repos.d/elasticsearch.repo << EOF
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=http://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enable=1
EOF
sleep 5
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch &&
cat >> /etc/yum.repos.d/logstash.repo << EOG
[logstash-2.1]
name=Logstash repository for 2.1.x packages
baseurl=http://packages.elastic.co/logstash/2.1/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enable=1
EOG
sleep 5
###############jdk###############
yum install java -y
############elasticsearch#################
yum install elasticsearch -y
cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.bak
read -p "请输入另一台ES节点的IP" KIP
cat >> /etc/elasticsearch/elasticsearch.yml << EOG
cluster.name: test
node.name: test-2
path.data: /data/es-data
path.logs: /var/log/elasticsearch/
bootstrap.memory_lock: true
network.host: 0.0.0.0
http.port: 9200
discovery.zen.ping.unicast.hosts: ["127.0.0.1", "$KIP"]
EOG
sleep 5
###mkdir -p /data/es-data
sleep 5
#cat >> /etc/security/limits.conf << EOF
#elasticsearch soft memlock unlimited
#elasticsearch hard memlock unlimited
#EOF
mkdir -p /data/es-data && chown -R elasticsearch:elasticsearch /data/es-data
sleep 5
systemctl start elasticsearch.service ###启动###
##############head##########
cd /usr/share/elasticsearch/
/usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
#sleep 5
IP=$(ip a | grep "inet "|grep "ens33" | awk 'print $2'| awk -F / 'print $1')
echo "登录http://$IP:9200/_plugin/head/访问您的elasticsearch "
############kopf##############
cd /usr/share/elasticsearch/
/usr/share/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf
###echo "登录http://$IP:9200/_plugin/kopf 查看节点负载 "
##############logstash#############
yum install logstash -y
sleep 5
ln -s /opt/logstash/bin/logstash /usr/bin/
read -p "请输入您要监控的本机日志文件路径" PPO
read -p "请输入您要监控的本机日志文件类型(对应ES索引)" WOKAO
read -p "请输入ES节点1的IP" HAOSHUAI
cat >> /opt/logstash/bin/file.conf << EOG
input
file
path => "$PPO"
type => "$WOKAO"
start_position => "beginning"
output
elasticsearch
hosts => ["$HAOSHUAI:9200"]
index => "$WOKAO-%+YYYY.MM.dd"
EOG
systemctl start logstash
sleep 5
systemctl restart logstash
cd /opt/logstash/bin/
/opt/logstash/bin/logstash -f file.conf&
logstash脚本:该脚本用来将相应的服务器主机的日志输出到ELK。
举个例子,你新上线了一台服务器,想监控系统日志,那么运行该脚本时出现提示输入以下信息即可:
提示"请输入您要监控的本机日志文件路径" 您输入 /var/log/messages (这个就是系统日志路径)
提示 "请输入您要监控的本机日志文件类型(对应ES索引)" system
提示"请输入ES节点1的IP" 输入对应的节点IP即可。
请注意:在ES脚本中也有相关提示输入,按实际情况输入即可。
#!/bin/bash
#function:ELK-YUM-logstash
#author:tommypeng 20220729
#####root判断#####
if
[ "$USER" != "root" ]
then
echo "错误:非root用户,权限不足!"
exit 0
fi
###############防火墙及SElinux############
systemctl stop firewalld && systemctl disable firewalld && echo "防火墙已经关闭"
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config && echo "关闭selinux"
##############网络测试##############
ping -c 3 www.baidu.com
if
[ $? = 0 ]
then
echo "外网通讯良好!"
else
echo "丫的你在逗我吗?网都没有安装个毛线!"
exit 1
fi
##############yum源配置################
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch &&
cat >> /etc/yum.repos.d/logstash.repo << EOG
[logstash-2.1]
name=Logstash repository for 2.1.x packages
baseurl=http://packages.elastic.co/logstash/2.1/centos
gpgcheck=1
gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
enable=1
EOG
sleep 5
##############logstash#############
yum install logstash -y
sleep 5
ln -s /opt/logstash/bin/logstash /usr/bin/
read -p "请输入您要监控的本机日志文件路径" PPO
read -p "请输入您要监控的本机日志文件类型(对应ES索引)" WOKAO
read -p "请输入ES节点1的IP" HAOSHUAI
cat >> /opt/logstash/bin/file.conf << EOG
input
file
path => "$PPO"
type => "$WOKAO"
start_position => "beginning"
output
elasticsearch
hosts => ["$HAOSHUAI:9200"]
index => "$WOKAO-%+YYYY.MM.dd"
EOG
systemctl start logstash
sleep 5
systemctl restart logstash
cd /opt/logstash/bin/
/opt/logstash/bin/logstash -f file.conf&
填坑:
重新安装head扩展命令:
cd /usr/share/elasticsearch/ && /usr/share/elasticsearch/bin/plugin install mobz/elasticsearch-head
重新安装kopf扩展命令:
cd /usr/share/elasticsearch/ &&/ usr/share/elasticsearch/bin/plugin install lmenezes/elasticsearch-kopf
脚本运行有其他问题请私信沟通。
以上是关于ELK部署脚本---亲测可用的主要内容,如果未能解决你的问题,请参考以下文章