ELKStack集群架构设计
Posted 努力哥-运维自动化
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELKStack集群架构设计相关的知识,希望对你有一定的参考价值。
一、ELKStack介绍与入门实践
二、Elasticsearch 集群架构图
服务器配置:Centos6.6 x86_64 CPU:1核心 MEM:2G (做实验,配置比较低一些)
注:这里配置elasticsearch集群用了3台服务器,可以根据自己的实际情况进行调整。
三、开始安装配置nginx和logstash
注:这里使用yum安装,如果需要较高版本的,可以使用编译安装。
在10.0.18.144上操作,10.0.18.145配置方式和144是一样的。
1、安装nginx
配置yum源并安装nginx
|
1
2
3
4
5
6
7
8
9
10
11
|
#vim /etc/yum.repos.d/nginx.repo[nginx]name=nginx repobaseurl=http://nginx.org/packages/centos/$releasever/$basearch/gpgcheck=0enabled=1安装#yum install nginx -y查看版本#rpm -qa nginxnginx-1.10.1-1.el6.ngx.x86_64 |
修改nginx配置文件,修改为如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
user nginx;worker_processes 1;error_log /var/log/nginx/error.log notice; #默认是warnpid /var/run/nginx.pid; events { worker_connections 1024;} http { include mime.types; default_type application/octet-stream; log_format main \'$remote_addr - $remote_user [$time_local] "$request" \' \'$status $body_bytes_sent "$http_referer" \' \'"$http_user_agent" $http_x_forwarded_for $request_length $msec $connection_requests $request_time\'; ##添加了$request_length $msec $connection_requests $request_time sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; access_log /var/log/nginx/access.log main; location / { index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }}修改nginx默认页面#vi /usr/share/nginx/html/index.html<body><h1>Welcome to nginx!</h1>改为<body><h1>Welcome to nginx! 144</h1> |
启动nginx,并访问测试:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
#service nginx start#chkconfig --add nginx#chkconfig nginx on查看启动情况#netstat -tunlpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1023/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1101/master tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1353/nginx tcp 0 0 :::22 :::* LISTEN 1023/sshd tcp 0 0 ::1:25 :::* LISTEN 1101/master |
在浏览器访问测试,如下:
2、安装配置java环境
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
直接使用rpm包安装,比较方便#rpm -ivh jdk-8u92-linux-x64.rpm Preparing... ########################################### [100%] 1:jdk1.8.0_92 ########################################### [100%]Unpacking JAR files... tools.jar... plugin.jar... javaws.jar... deploy.jar... rt.jar... jsse.jar... charsets.jar... localedata.jar...#java -versionjava version "1.8.0_92"Java(TM) SE Runtime Environment (build 1.8.0_92-b14)Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode) |
3、安装配置logstash
配置logstash的yum源,如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
|
#vim /etc/yum.repos.d/logstash.repo[logstash-2.3]name=Logstash repository for 2.3.x packagesbaseurl=https://packages.elastic.co/logstash/2.3/centosgpgcheck=1gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearchenabled=1安装logstash#yum install logstash -y查看版本#rpm -qa logstashlogstash-2.3.4-1.noarch |
配置logstash的配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
#cd /etc/logstash/conf.d#vim logstash.confinput { file { path => ["/var/log/nginx/access.log"] type => "nginx_log" start_position => "beginning" }}output { stdout { codec => rubydebug }}检测语法是否有错#/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --configtestConfiguration OK #语法OK |
启动并查看收集nginx日志情况:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
#列出一部分#/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf Settings: Default pipeline workers: 1Pipeline main started{ "message" => "10.0.90.8 - - [26/Aug/2016:15:30:18 +0800] \\"GET / HTTP/1.1\\" 304 0 \\"-\\" \\"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)\\" \\"-\\" 415 1472196618.085 1 0.000", "@version" => "1", "@timestamp" => "2016-08-26T07:30:32.699Z", "path" => "/var/log/nginx/access.log", "host" => "0.0.0.0", "type" => "nginx_log"}{ "message" => "10.0.90.8 - - [26/Aug/2016:15:30:18 +0800] \\"GET / HTTP/1.1\\" 304 0 \\"-\\" \\"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)\\" \\"-\\" 415 1472196618.374 2 0.000", "@version" => "1", "@timestamp" => "2016-08-26T07:30:32.848Z", "path" => "/var/log/nginx/access.log", "host" => "0.0.0.0", "type" => "nginx_log"}………………PS:在网上看到其他版本logstash的pipeline workers是默认为4,但我安装的2.3.4版本这个默认值为1这是因为这个默认值和服务器本身的cpu核数有关,我这里的服务器cpu都是1核,故默认值为1。可以通过 /opt/logstash/bin/logstash -h 命令查看一些参数 |
修改logstash的配置文件,将日志数据输出到redis
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
#cat /etc/logstash/conf.d/logstash.confinput { file { path => ["/var/log/nginx/access.log"] type => "nginx_log" start_position => "beginning" }}output { redis { host => "10.0.18.146" key => \'logstash-redis\' data_type => \'list\' }} |
检查语法并启动服务
|
1
2
3
4
5
6
7
8
|
#/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --configtestConfiguration OK#service logstash startlogstash started.查看启动进程#ps -ef | grep logstashlogstash 2029 1 72 15:37 pts/0 00:00:18 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Djava.io.tmpdir=/var/lib/logstash -Xmx1g -Xss2048k -Djffi.boot.library.path=/opt/logstash/vendor/jruby/lib/jni -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless=true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Djava.io.tmpdir=/var/lib/logstash -XX:HeapDumpPath=/opt/logstash/heapdump.hprof -Xbootclasspath/a:/opt/logstash/vendor/jruby/lib/jruby.jar -classpath : -Djruby.home=/opt/logstash/vendor/jruby -Djruby.lib=/opt/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell=/bin/sh org.jruby.Main --1.9 /opt/logstash/lib/bootstrap/environment.rb logstash/runner.rb agent -f /etc/logstash/conf.d -l /var/log/logstash/logstash.logroot 2076 1145 0 15:37 pts/0 00:00:00 grep logstash |
四、安装配置redis
下载并安装redis
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
#yum install wget gcc gcc-c++ -y #安装过的,就不需要再安装了#wget http://download.redis.io/releases/redis-3.0.7.tar.gz#tar xf redis-3.0.7.tar.gz#cd redis-3.0.7#make make没问题之后,创建目录#mkdir -p /usr/local/redis/{conf,bin}#cp ./*.conf /usr/local/redis/conf/#cp runtest* /usr/local/redis/#cd utils/#cp mkrelease.sh /usr/local/redis/bin/#cd ../src#cp redis-benchmark redis-check-aof redis-check-dump redis-cli redis-sentinel redis-server redis-trib.rb /usr/local/redis/bin/创建redis数据存储目录#mkdir -pv /data/redis/db#mkdir -pv /data/log/redis |
修改redis配置文件
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
#cd /usr/local/redis/conf#vi redis.confdir ./ 修改为dir /data/redis/db/保存退出启动redis#nohup /usr/local/redis/bin/redis-server /usr/local/redis/conf/redis.conf &查看redis进程#ps -ef | grep redisroot 4425 1149 0 16:21 pts/0 00:00:00 /usr/local/redis/bin/redis-server *:6379 root 4435 1149 0 16:22 pts/0 00:00:00 grep redis#netstat -tunlpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1402/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1103/master tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 4425/redis-server * tcp 0 0 :::22 :::* LISTEN 1402/sshd tcp 0 0 ::1:25 :::* LISTEN 1103/master tcp 0 0 :::6379 :::* LISTEN 4425/redis-server * |
五、安装配置logstash server
1、安装jdk
|
1
2
3
4
5
6
7
8
9
10
11
12
|
#rpm -ivh jdk-8u92-linux-x64.rpm Preparing... ########################################### [100%] 1:jdk1.8.0_92 ########################################### [100%]Unpacking JAR files... tools.jar... plugin.jar... javaws.jar... deploy.jar... rt.jar... jsse.jar... charsets.jar... localedata.jar... |
2、安装logstash
|
1
2
3
4
5
6
7
8
9
10
|
配置yum源#vim /etc/yum.repos.d/logstash.repo[logstash-2.3]name=Logstash repository for 2.3.x packagesbaseurl=https://packages.elastic.co/logstash/2.3/centosgpgcheck=1gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearchenabled=1安装logstash#yum install logstash -y |
配置logstash server
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
配置文件如下:#cd /etc/logstash/conf.d#vim logstash_server.confinput { redis { port => "6379" host => "10.0.18.146" data_type => "list" key => "logstash-redis" type => "redis-input" }}output { stdout { codec => rubydebug }}检查语法#/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash_server.conf --configtestConfiguration OK |
语法没问题之后,测试查看收集nginx日志的情况,如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
以上是关于ELKStack集群架构设计的主要内容,如果未能解决你的问题,请参考以下文章
|