整个架构,加上跳板机,总共12台机器
技术方案:
1. 配置nfs服务器,为web集群提供共享网络文件系统
# 部署 NFS 服务
[root@nfs ~]# dnf install -y nfs-utils
[root@nfs ~]# vim /etc/exports
/var/webroot 192.168.1.0/24(rw,no_root_squash)
2. web集群开机自动挂载nfs共享目录
tail /etc/fstab
192.168.1.10:/var/webroot /var/www/html nfs defaults,_netdev,nolock 1 1
web集群采用apache httpd,并配置filebeat,采集本地日志数据,调试日志,通过网络自动发送给logstash
3. 启动es集群
[root@es-0001 ~]# dnf install -y elasticsearch
[root@es-0001 ~]# vim /etc/elasticsearch/elasticsearch.yml
17: cluster.name: my-es
23: node.name: es-0001
56: network.host: 0.0.0.0
70: discovery.seed_hosts: ["es-0001", "es-0002", "es-0003"]
74: cluster.initial_master_nodes: ["es-0001", "es-0002", "es-0003"]
[root@es-0002 ~]# dnf install -y elasticsearch
[root@es-0002 ~]# vim /etc/elasticsearch/elasticsearch.yml
17: cluster.name: my-es
23: node.name: es-0002
56: network.host: 0.0.0.0
70: discovery.seed_hosts: ["es-0001", "es-0002", "es-0003"]
74: cluster.initial_master_nodes: ["es-0001", "es-0002", "es-0003"
[root@es-0002 ~]# curl http://es-0001:9200/_cat/nodes?pretty
- es-0001
* es-0002
-----------------------------
# ansible集群扩容
...
4. es主机上部署好head插件,通过 head 插件管理 elasticsearch 集群
# 在 es-0001 上安装 web 服务,并部署插件
[root@es-0001 ~]# dnf install -y nginx
[root@es-0001 ~]# systemctl enable --now nginx
[root@es-0001 ~]# tar zxf head.tar.gz -C /usr/share/nginx/html/
[root@es-0001 ~]# vim /etc/nginx/default.d/myesproxy.conf
location ~* ^/es/(.*)$ {
proxy_pass http://127.0.0.1:9200/$1;
auth_basic "Es admin";
auth_basic_user_file /etc/nginx/auth-user;
}
[root@es-0001 ~]# dnf install -y httpd-tools
[root@es-0001 ~]# htpasswd -cm /etc/nginx/auth-user admin
New password:
Re-type new password:
Adding password for user admin
[root@es-0001 ~]# systemctl reload nginx
5. 安装部署logstash服务器,拿日志,格式化,发日志
[root@logstash ~]# cat /etc/logstash/conf.d/my.conf
input {
beats {
port => 5044
}
}
filter {
if [fields][logtype] == "apache_log" {
grok {
match => { "message" => "%{HTTPD_COMBINEDLOG}" }
remove_field => ["message"]
}}
}
output {
# stdout { codec => "rubydebug" }
if [fields][logtype] == "apache_log" {
elasticsearch {
hosts => ["http://es-0002:9200", "http://es-0003:9200"]
index => "weblog-%{+YYYY.MM.dd}"
}}
}
6. web集群安装部署filebeat
# 安装 filebeat 服务
[root@web-0001 ~]# dnf install -y filebeat
[root@web-0001 ~]# systemctl enable --now filebeat
# 配置 filebeat
[root@web-0001 ~]# vim /etc/filebeat/filebeat.yml
25: id: my-filestream-id # 如果同时配置多个收集器,id不能重复
28: enabled: true # 打开收集模块
32: - /var/log/httpd/access_log # 日志文件路径
135: # 注释掉 Elasticsearch 配置
137: # 注释掉 Elasticsearch 配置
148: output.logstash: # 设置输出模块
150: hosts: ["192.168.1.27:5044"] # 输出给logstash
163: processors:
164: - drop_fields: # 删除冗余数据
165: fields:
166: - log
167: - offset
168: - agent
169: - ecs
170: # - add_host_metadata: 注释掉(收集主机信息)
171: # when.not.contains.tags: forwarded 注释掉(判断是否为容器)
172: # - add_cloud_metadata: ~ 注释掉(收集 cloud 信息)
173: # - add_docker_metadata: ~ 注释掉(收集 docker 信息)
174: # - add_kubernetes_metadata: ~ 注释掉(收集 kubernetes 信息)
[root@web-0001 ~]# rm -f /var/log/httpd/*
[root@web-0001 ~]# systemctl restart httpd filebeat
7. 安装部署kibana
[root@kibana ~]# dnf install -y kibana
[root@kibana ~]# vim /etc/kibana/kibana.yml
02: server.port: 5601
07: server.host: "0.0.0.0"
23: server.publicBaseUrl: "http://192.168.1.26:5601"
32: elasticsearch.hosts: ["http://es-0004:9200", "http://es-0005:9200"]
115: i18n.locale: "zh-CN"