ELKStack集群架构设计

Posted 努力哥-运维自动化

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELKStack集群架构设计相关的知识,希望对你有一定的参考价值。

一、ELKStack介绍与入门实践

二、Elasticsearch 集群架构图

wKiom1e_36mwL1v7AABT-LrNWf4924.png

 

服务器配置:Centos6.6 x86_64 CPU:1核心 MEM:2G (做实验,配置比较低一些)

注:这里配置elasticsearch集群用了3台服务器,可以根据自己的实际情况进行调整。

三、开始安装配置nginx和logstash

注:这里使用yum安装,如果需要较高版本的,可以使用编译安装。

在10.0.18.144上操作,10.0.18.145配置方式和144是一样的。

1、安装nginx

配置yum源并安装nginx

1
2
3
4
5
6
7
8
9
10
11
#vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
安装
#yum install nginx -y
查看版本
#rpm -qa nginx
nginx-1.10.1-1.el6.ngx.x86_64

修改nginx配置文件,修改为如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
user  nginx;
worker_processes  1;
error_log  /var/log/nginx/error.log  notice;      #默认是warn
pid       /var/run/nginx.pid;
  
events {
    worker_connections  1024;
}
  
http {
    include       mime.types;
    default_type  application/octet-stream;
  
    log_format main \'$remote_addr - $remote_user [$time_local] "$request" \'
                      \'$status $body_bytes_sent "$http_referer" \'
                      \'"$http_user_agent" $http_x_forwarded_for $request_length $msec $connection_requests $request_time\';
 ##添加了$request_length $msec $connection_requests $request_time
    sendfile        on;
    keepalive_timeout  65;
  
    server {
        listen       80;
        server_name  localhost;
        access_log  /var/log/nginx/access.log  main;
  
        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }
  
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
}
修改nginx默认页面
#vi /usr/share/nginx/html/index.html
<body>
<h1>Welcome to nginx!</h1>
改为
<body>
<h1>Welcome to nginx! 144</h1>

启动nginx,并访问测试:

1
2
3
4
5
6
7
8
9
10
11
12
#service nginx start
#chkconfig --add nginx
#chkconfig nginx on
查看启动情况
#netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1023/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1101/master         
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      1353/nginx          
tcp        0      0 :::22                       :::*                        LISTEN      1023/sshd           
tcp        0      0 ::1:25                      :::*                        LISTEN      1101/master

在浏览器访问测试,如下:

wKioL1e_5mSSriqaAABUVVuZVew858.png

2、安装配置java环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
直接使用rpm包安装,比较方便
#rpm -ivh jdk-8u92-linux-x64.rpm 
Preparing...                ########################################### [100%]
   1:jdk1.8.0_92            ########################################### [100%]
Unpacking JAR files...
        tools.jar...
        plugin.jar...
        javaws.jar...
        deploy.jar...
        rt.jar...
        jsse.jar...
        charsets.jar...
        localedata.jar...
#java -version
java version "1.8.0_92"
Java(TM) SE Runtime Environment (build 1.8.0_92-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode)

3、安装配置logstash

配置logstash的yum源,如下:

1
2
3
4
5
6
7
8
9
10
11
12
#vim /etc/yum.repos.d/logstash.repo
[logstash-2.3]
name=Logstash repository for 2.3.x packages
baseurl=https://packages.elastic.co/logstash/2.3/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
安装logstash
#yum install logstash -y
查看版本
#rpm -qa logstash
logstash-2.3.4-1.noarch

配置logstash的配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#cd /etc/logstash/conf.d
#vim logstash.conf
input {
     file {
          path => ["/var/log/nginx/access.log"]
          type => "nginx_log"
          start_position => "beginning" 
        }
}
output {
     stdout {
     codec => rubydebug
      }
}
检测语法是否有错
#/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --configtest
Configuration OK    #语法OK

启动并查看收集nginx日志情况:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#列出一部分
#/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf 
Settings: Default pipeline workers: 1
Pipeline main started
{
       "message" => "10.0.90.8 - - [26/Aug/2016:15:30:18 +0800] \\"GET / HTTP/1.1\\" 304 0 \\"-\\" \\"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)\\" \\"-\\" 415 1472196618.085 1 0.000",
      "@version" => "1",
    "@timestamp" => "2016-08-26T07:30:32.699Z",
          "path" => "/var/log/nginx/access.log",
          "host" => "0.0.0.0",
          "type" => "nginx_log"
}
{
       "message" => "10.0.90.8 - - [26/Aug/2016:15:30:18 +0800] \\"GET / HTTP/1.1\\" 304 0 \\"-\\" \\"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)\\" \\"-\\" 415 1472196618.374 2 0.000",
      "@version" => "1",
    "@timestamp" => "2016-08-26T07:30:32.848Z",
          "path" => "/var/log/nginx/access.log",
          "host" => "0.0.0.0",
          "type" => "nginx_log"
}
………………
PS:在网上看到其他版本logstash的pipeline workers是默认为4,但我安装的2.3.4版本这个默认值为1
这是因为这个默认值和服务器本身的cpu核数有关,我这里的服务器cpu都是1核,故默认值为1。
可以通过 /opt/logstash/bin/logstash -h 命令查看一些参数

修改logstash的配置文件,将日志数据输出到redis

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
#cat /etc/logstash/conf.d/logstash.conf
input {
     file {
          path => ["/var/log/nginx/access.log"]
          type => "nginx_log"
          start_position => "beginning" 
        }
}
output {
     redis {
            host => "10.0.18.146"
            key => \'logstash-redis\'
            data_type => \'list\'
      }
}

检查语法并启动服务

1
2
3
4
5
6
7
8
#/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf  --configtest
Configuration OK
#service logstash start
logstash started.
查看启动进程
#ps -ef | grep logstash
logstash  2029     1 72 15:37 pts/0    00:00:18 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Djava.io.tmpdir=/var/lib/logstash -Xmx1g -Xss2048k -Djffi.boot.library.path=/opt/logstash/vendor/jruby/lib/jni -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Djava.io.tmpdir=/var/lib/logstash -XX:HeapDumpPath=/opt/logstash/heapdump.hprof -Xbootclasspath/a:/opt/logstash/vendor/jruby/lib/jruby.jar -classpath : -Djruby.home=/opt/logstash/vendor/jruby -Djruby.lib=/opt/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main --1.9 /opt/logstash/lib/bootstrap/environment.rb logstash/runner.rb agent -f /etc/logstash/conf.d -l /var/log/logstash/logstash.log
root      2076  1145  0 15:37 pts/0    00:00:00 grep logstash

四、安装配置redis

下载并安装redis

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#yum install wget gcc gcc-c++ -y   #安装过的,就不需要再安装了
#wget http://download.redis.io/releases/redis-3.0.7.tar.gz
#tar xf redis-3.0.7.tar.gz
#cd redis-3.0.7
#make 
make没问题之后,创建目录
#mkdir -p /usr/local/redis/{conf,bin}
#cp ./*.conf /usr/local/redis/conf/
#cp runtest* /usr/local/redis/
#cd utils/
#cp mkrelease.sh   /usr/local/redis/bin/
#cd ../src
#cp redis-benchmark redis-check-aof redis-check-dump redis-cli redis-sentinel redis-server redis-trib.rb /usr/local/redis/bin/
创建redis数据存储目录
#mkdir -pv /data/redis/db
#mkdir -pv /data/log/redis

修改redis配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
#cd /usr/local/redis/conf
#vi redis.conf
dir ./  修改为dir /data/redis/db/
保存退出
启动redis
#nohup /usr/local/redis/bin/redis-server /usr/local/redis/conf/redis.conf &
查看redis进程
#ps -ef | grep redis
root      4425  1149  0 16:21 pts/0    00:00:00 /usr/local/redis/bin/redis-server *:6379                          
root      4435  1149  0 16:22 pts/0    00:00:00 grep redis
#netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1402/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      1103/master         
tcp        0      0 0.0.0.0:6379                0.0.0.0:*                   LISTEN      4425/redis-server 
tcp        0      0 :::22                       :::*                        LISTEN      1402/sshd           
tcp        0      0 ::1:25                      :::*                        LISTEN      1103/master         
tcp        0      0 :::6379                     :::*                        LISTEN      4425/redis-server *

五、安装配置logstash server

1、安装jdk

1
2
3
4
5
6
7
8
9
10
11
12
#rpm -ivh jdk-8u92-linux-x64.rpm 
Preparing...                ########################################### [100%]
   1:jdk1.8.0_92            ########################################### [100%]
Unpacking JAR files...
        tools.jar...
        plugin.jar...
        javaws.jar...
        deploy.jar...
        rt.jar...
        jsse.jar...
        charsets.jar...
        localedata.jar...

2、安装logstash

1
2
3
4
5
6
7
8
9
10
配置yum源
#vim /etc/yum.repos.d/logstash.repo
[logstash-2.3]
name=Logstash repository for 2.3.x packages
baseurl=https://packages.elastic.co/logstash/2.3/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
安装logstash
#yum install logstash -y

配置logstash server

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
配置文件如下:
#cd /etc/logstash/conf.d
#vim logstash_server.conf
input {
    redis {
        port => "6379"
        host => "10.0.18.146"
        data_type => "list"
        key => "logstash-redis"
        type => "redis-input"
   }
}
output {
    stdout {
    codec => rubydebug
    }
}
检查语法
#/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash_server.conf --configtest
Configuration OK

语法没问题之后,测试查看收集nginx日志的情况,如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

(c)2006-2024 SYSTEM All Rights Reserved IT常识