Linux学习-ELK(一)

配置三台elasticsearch服务器

安装包
elasticsearch.j2

报错

#---执行rsync命令报以下错误
[root@es1 ~]# rsync -av /etc/hosts 192.168.29.172:/etc/hosts
root@192.168.29.172's password:
bash: rsync: 未找到命令
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(226) [sender=3.1.3]

解决方法

== 同步双方机器都需要安装rsync==

机器环境：RockyLinux8.6
资源列表：es1,es2,es3,nfs-server
es1:192.168.29.171
es2:192.168.29.172
es3:192.168.29.173
nfs-server:192.168.29.139

#-----------------配置本地yum仓库
#------------搭建nfs-server[root@harbor ~]# yum install -y nfs-utils
#查看nfs-server配置文件
[root@harbor ~]# cat /etc/exports
/var/ftp 192.168.29.0/24(rw,no_root_squash)
[root@harbor ~]# systemctl enable nfs-server --now
#------------搭建nfs-server
[root@harbor ftp]# createrepo --update /var/ftp/elk
Directory walk started
Directory walk done - 5 packages
Loaded information about 0 packages
Temporary output repo path: /var/ftp/elk/.repodata/
Preparing sqlite DBs
Pool started (with 5 workers)
Pool finished
[root@harbor ~]# ls /var/ftp/elk
elasticsearch-7.17.8-x86_64.rpm  kibana-7.17.8-x86_64.rpm    metricbeat-7.17.8-x86_64.rpm
filebeat-7.17.8-x86_64.rpm       logstash-7.17.8-x86_64.rpm  repodata
#-----------------配置本地yum仓库
#---------在三台机器上分别安装elasticsearch
#-----yum配置文件
[root@es1 ~]# cat /etc/yum.repos.d/extra.repo
[es]
name=Rocky Linux $releasever - es
#mirrorlist=https://mirrors.rockylinux.org/mirrorlist?arch=$basearch&repo=BaseOS-$releasever
baseurl=ftp://192.168.29.139/elk/
gpgcheck=0
enabled=1
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
[root@es1 ~]# dnf install -y elasticsearch
#集群名称
cluster.name: elk-cluster
#节点名称
node.name: es1
#监听地址
network.host: 0.0.0.0
#集群广播成员，用于设置Elasticsearch节点启动时去连接的种子节点列表，这有助于节点能够发现集群中的其他节点
discovery.seed_hosts: ["es1", "es2","es3"]
#集群创始人成员，用于指定集群启动时应该被选举为初始主节点的节点列表
cluster.initial_master_nodes: ["es1", "es2","es3"]
[root@es1 ~]# systemctl enable elasticsearch --now[root@es1 ~]# curl 192.168.29.171:9200
{"name" : "es1","cluster_name" : "elk-cluster","cluster_uuid" : "_na_","version" : {"number" : "7.17.8","build_flavor" : "default","build_type" : "rpm","build_hash" : "120eabe1c8a0cb2ae87cffc109a5b65d213e9df1","build_date" : "2022-12-02T17:33:09.727072865Z","build_snapshot" : false,"lucene_version" : "8.11.1","minimum_wire_compatibility_version" : "6.8.0","minimum_index_compatibility_version" : "6.0.0-beta1"},"tagline" : "You Know, for Search"
}

使用Ansible批量部署ES

[root@harbor es]# cat ansible.cfg
[defaults]
inventory         = hostlist
host_key_checking = False#elasticsearch.j2通过变量获取主机名称
node.name: {{ ansible_hostname }}#部署es的playbook文件
[root@harbor es]# cat deployes.yaml
---
- name: deploy eshosts: estasks:- name: 'set /etc/hosts'copy:dest: /etc/hostsowner: rootgroup: rootmode: 0644content: |127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4::1         localhost localhost.localdomain localhost6 localhost6.localdomain6{% for i in groups.es %}{{ hostvars[i].ansible_ens160.ipv4.address }}{{ hostvars[i].ansible_hostname }}{% endfor %}- name: install esdnf:name: elasticsearchstate: latestupdate_cache: yes- name: copy config filetemplate:src: elasticsearch.j2dest: /etc/elasticsearch/elasticsearch.ymlowner: rootgroup: elasticsearchmode: 0600- name: update es serviceservice:name: elasticsearchstate: startedenabled: yes
#主机列表文件
[root@harbor es]# cat hostlist
[web]
192.168.29.161
192.168.29.162
[es]
192.168.29.171
192.168.29.172
192.168.29.173
[root@harbor es]# ansible-playbook deployes.yaml
#部署完成后，查看集群状态[root@el2 ~]# curl 192.168.29.172:9200/_cat/nodes?pretty
192.168.29.172 26 94  4 0.55 0.21 0.10 cdfhilmrstw * es2
192.168.29.171 12 93  4 0.09 0.11 0.08 cdfhilmrstw - es1
192.168.29.173  7 93 30 1.09 0.32 0.16 cdfhilmrstw - es3

部署插件页面


[root@es1 ~]# dnf install -y nginx
[root@es1 ~]# systemctl enable nginx --now
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.
[root@es1 ~]# tar xf head.tar.gz -C /usr/share/nginx/html/

在这里插入图片描述

认证和代理

[root@es1 conf.d]# cat /etc/nginx/default.d/es.conf
location ~* ^/es/(.*)$ {proxy_pass http://127.0.0.1:9200/$1;auth_basic "elastic admin";auth_basic_user_file /etc/nginx/auth-user;
}
[root@es1 conf.d]# dnf install -y httpd-tools
[root@es1 conf.d]# htpasswd -cm /etc/nginx/auth-user admin
[root@es1 conf.d]# systemctl restart nginx