ELKStack集群架构设计
Posted 努力哥-运维自动化
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ELKStack集群架构设计相关的知识,希望对你有一定的参考价值。
一、ELKStack介绍与入门实践
二、Elasticsearch 集群架构图
服务器配置:Centos6.6 x86_64 CPU:1核心 MEM:2G (做实验,配置比较低一些)
注:这里配置elasticsearch集群用了3台服务器,可以根据自己的实际情况进行调整。
三、开始安装配置nginx和logstash
注:这里使用yum安装,如果需要较高版本的,可以使用编译安装。
在10.0.18.144上操作,10.0.18.145配置方式和144是一样的。
1、安装nginx
配置yum源并安装nginx
1
2
3
4
5
6
7
8
9
10
11
|
#vim /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http: //nginx .org /packages/centos/ $releasever/$basearch/ gpgcheck=0 enabled=1 安装 #yum install nginx -y 查看版本 #rpm -qa nginx nginx-1.10.1-1.el6.ngx.x86_64 |
修改nginx配置文件,修改为如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
user nginx; worker_processes 1; error_log /var/log/nginx/error .log notice; #默认是warn pid /var/run/nginx .pid; events { worker_connections 1024; } http { include mime.types; default_type application /octet-stream ; log_format main \'$remote_addr - $remote_user [$time_local] "$request" \' \'$status $body_bytes_sent "$http_referer" \' \'"$http_user_agent" $http_x_forwarded_for $request_length $msec $connection_requests $request_time\' ; ##添加了$request_length $msec $connection_requests $request_time sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; access_log /var/log/nginx/access .log main; location / { index index.html index.htm; } error_page 500 502 503 504 /50x .html; location = /50x .html { root /usr/share/nginx/html ; } } } 修改nginx默认页面 #vi /usr/share/nginx/html/index.html <body> <h1>Welcome to nginx!< /h1 > 改为 <body> <h1>Welcome to nginx! 144< /h1 > |
启动nginx,并访问测试:
1
2
3
4
5
6
7
8
9
10
11
12
|
#service nginx start #chkconfig --add nginx #chkconfig nginx on 查看启动情况 #netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID /Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1023 /sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1101 /master tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1353 /nginx tcp 0 0 :::22 :::* LISTEN 1023 /sshd tcp 0 0 ::1:25 :::* LISTEN 1101 /master |
在浏览器访问测试,如下:
2、安装配置java环境
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
直接使用rpm包安装,比较方便 #rpm -ivh jdk-8u92-linux-x64.rpm Preparing... ########################################### [100%] 1:jdk1.8.0_92 ########################################### [100%] Unpacking JAR files... tools.jar... plugin.jar... javaws.jar... deploy.jar... rt.jar... jsse.jar... charsets.jar... localedata.jar... #java -version java version "1.8.0_92" Java(TM) SE Runtime Environment (build 1.8.0_92-b14) Java HotSpot(TM) 64-Bit Server VM (build 25.92-b14, mixed mode) |
3、安装配置logstash
配置logstash的yum源,如下:
1
2
3
4
5
6
7
8
9
10
11
12
|
#vim /etc/yum.repos.d/logstash.repo [logstash-2.3] name=Logstash repository for 2.3.x packages baseurl=https: //packages .elastic.co /logstash/2 .3 /centos gpgcheck=1 gpgkey=https: //packages .elastic.co /GPG-KEY-elasticsearch enabled=1 安装logstash #yum install logstash -y 查看版本 #rpm -qa logstash logstash-2.3.4-1.noarch |
配置logstash的配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
#cd /etc/logstash/conf.d #vim logstash.conf input { file { path => [ "/var/log/nginx/access.log" ] type => "nginx_log" start_position => "beginning" } } output { stdout { codec => rubydebug } } 检测语法是否有错 #/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --configtest Configuration OK #语法OK |
启动并查看收集nginx日志情况:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
#列出一部分 #/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf Settings: Default pipeline workers: 1 Pipeline main started { "message" => "10.0.90.8 - - [26/Aug/2016:15:30:18 +0800] \\"GET / HTTP/1.1\\" 304 0 \\"-\\" \\"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)\\" \\"-\\" 415 1472196618.085 1 0.000" , "@version" => "1" , "@timestamp" => "2016-08-26T07:30:32.699Z" , "path" => "/var/log/nginx/access.log" , "host" => "0.0.0.0" , "type" => "nginx_log" } { "message" => "10.0.90.8 - - [26/Aug/2016:15:30:18 +0800] \\"GET / HTTP/1.1\\" 304 0 \\"-\\" \\"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)\\" \\"-\\" 415 1472196618.374 2 0.000" , "@version" => "1" , "@timestamp" => "2016-08-26T07:30:32.848Z" , "path" => "/var/log/nginx/access.log" , "host" => "0.0.0.0" , "type" => "nginx_log" } ……………… PS:在网上看到其他版本logstash的pipeline workers是默认为4,但我安装的2.3.4版本这个默认值为1 这是因为这个默认值和服务器本身的cpu核数有关,我这里的服务器cpu都是1核,故默认值为1。 可以通过 /opt/logstash/bin/logstash -h 命令查看一些参数 |
修改logstash的配置文件,将日志数据输出到redis
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
#cat /etc/logstash/conf.d/logstash.conf input { file { path => [ "/var/log/nginx/access.log" ] type => "nginx_log" start_position => "beginning" } } output { redis { host => "10.0.18.146" key => \'logstash-redis\' data_type => \'list\' } } |
检查语法并启动服务
1
2
3
4
5
6
7
8
|
#/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --configtest Configuration OK #service logstash start logstash started. 查看启动进程 #ps -ef | grep logstash logstash 2029 1 72 15:37 pts /0 00:00:18 /usr/bin/java -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless= true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Djava.io.tmpdir= /var/lib/logstash -Xmx1g -Xss2048k -Djffi.boot.library.path= /opt/logstash/vendor/jruby/lib/jni -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -Djava.awt.headless= true -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Djava.io.tmpdir= /var/lib/logstash -XX:HeapDumpPath= /opt/logstash/heapdump .hprof -Xbootclasspath /a : /opt/logstash/vendor/jruby/lib/jruby .jar -classpath : -Djruby.home= /opt/logstash/vendor/jruby -Djruby.lib= /opt/logstash/vendor/jruby/lib -Djruby.script=jruby -Djruby.shell= /bin/sh org.jruby.Main --1.9 /opt/logstash/lib/bootstrap/environment .rb logstash /runner .rb agent -f /etc/logstash/conf .d -l /var/log/logstash/logstash .log root 2076 1145 0 15:37 pts /0 00:00:00 grep logstash |
四、安装配置redis
下载并安装redis
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
#yum install wget gcc gcc-c++ -y #安装过的,就不需要再安装了 #wget http://download.redis.io/releases/redis-3.0.7.tar.gz #tar xf redis-3.0.7.tar.gz #cd redis-3.0.7 #make make 没问题之后,创建目录 #mkdir -p /usr/local/redis/{conf,bin} #cp ./*.conf /usr/local/redis/conf/ #cp runtest* /usr/local/redis/ #cd utils/ #cp mkrelease.sh /usr/local/redis/bin/ #cd ../src #cp redis-benchmark redis-check-aof redis-check-dump redis-cli redis-sentinel redis-server redis-trib.rb /usr/local/redis/bin/ 创建redis数据存储目录 #mkdir -pv /data/redis/db #mkdir -pv /data/log/redis |
修改redis配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
#cd /usr/local/redis/conf #vi redis.conf dir ./ 修改为 dir /data/redis/db/ 保存退出 启动redis #nohup /usr/local/redis/bin/redis-server /usr/local/redis/conf/redis.conf & 查看redis进程 #ps -ef | grep redis root 4425 1149 0 16:21 pts /0 00:00:00 /usr/local/redis/bin/redis-server *:6379 root 4435 1149 0 16:22 pts /0 00:00:00 grep redis #netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID /Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1402 /sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1103 /master tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 4425 /redis-server * tcp 0 0 :::22 :::* LISTEN 1402 /sshd tcp 0 0 ::1:25 :::* LISTEN 1103 /master tcp 0 0 :::6379 :::* LISTEN 4425 /redis-server * |
五、安装配置logstash server
1、安装jdk
1
2
3
4
5
6
7
8
9
10
11
12
|
#rpm -ivh jdk-8u92-linux-x64.rpm Preparing... ########################################### [100%] 1:jdk1.8.0_92 ########################################### [100%] Unpacking JAR files... tools.jar... plugin.jar... javaws.jar... deploy.jar... rt.jar... jsse.jar... charsets.jar... localedata.jar... |
2、安装logstash
1
2
3
4
5
6
7
8
9
10
|
配置yum源 #vim /etc/yum.repos.d/logstash.repo [logstash-2.3] name=Logstash repository for 2.3.x packages baseurl=https: //packages .elastic.co /logstash/2 .3 /centos gpgcheck=1 gpgkey=https: //packages .elastic.co /GPG-KEY-elasticsearch enabled=1 安装logstash #yum install logstash -y |
配置logstash server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
配置文件如下: #cd /etc/logstash/conf.d #vim logstash_server.conf input { redis { port => "6379" host => "10.0.18.146" data_type => "list" key => "logstash-redis" type => "redis-input" } } output { stdout { codec => rubydebug } } 检查语法 #/opt/logstash/bin/logstash -f /etc/logstash/conf.d/logstash_server.conf --configtest Configuration OK |
语法没问题之后,测试查看收集nginx日志的情况,如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
以上是关于ELKStack集群架构设计的主要内容,如果未能解决你的问题,请参考以下文章
|