通过ansible-playbook,部署ELFK集群。
java安装目录: /usr/local/jdk
elasticsearch安装目录: /home/elfk/elasticsearch
logstash安装目录: /home/elfk/logstash
filebeat安装目录: /home/elfk/filebeat
kibana安装目录: /home/elfk/kibana
elasticsearch-head安装目录: /home/elfk/head
nginx安装目录: /usr/local/nginx
下载elfk各组件的旧版本:
https://www.elastic.co/downloads/past-releases
准备
- 将所有部署elfk的主机分组:
# vim /etc/ansible/hosts
[elasticsearch]
192.168.30.128
192.168.30.129
192.168.30.130
[logstash]
192.168.30.131
192.168.30.132
192.168.30.133
[filebeat]
192.168.30.131
192.168.30.132
[kibana]
192.168.30.133
- 创建管理目录:
# mkdir -p elfk/roles/{java_install,elasticsearch_install,logstash_install,filebeat_install,kibana_install,head_install,nginx_install}/{files,handlers,meta,tasks,templates,vars}
# cd elfk/
说明:
files:存放需要同步到异地服务器的源码文件及配置文件;
handlers:当资源发生变化时需要进行的操作,若没有此目录可以不建或为空;
meta:存放说明信息、说明角色依赖等信息,可留空;
tasks:ELFK 安装过程中需要进行执行的任务;
templates:用于执行 ELFK 安装的模板文件,一般为脚本;
vars:本次安装定义的变量
提前下载好elfk各个tar包,放至对应的files目录下。
# tree .
.
├── elfk.yml
└── roles
├── elasticsearch_install
│ ├── files
│ │ └── elasticsearch-6.7.1.tar.gz
│ ├── handlers
│ ├── meta
│ ├── tasks
│ │ ├── copy.yml
│ │ └── main.yml
│ ├── templates
│ │ ├── elasticsearch
│ │ ├── elasticsearch.conf
│ │ └── elasticsearch.service
│ └── vars
│ └── main.yml
├── filebeat_install
│ ├── files
│ │ └── filebeat-6.7.1-linux-x86_64.tar.gz
│ ├── handlers
│ ├── meta
│ ├── tasks
│ │ ├── copy.yml
│ │ ├── main.yml
│ │ └── prepare.yml
│ ├── templates
│ │ └── filebeat.service
│ └── vars
│ └── main.yml
├── head_install
│ ├── files
│ ├── handlers
│ ├── meta
│ ├── tasks
│ │ ├── copy.yml
│ │ ├── install.yml
│ │ └── main.yml
│ ├── templates
│ │ ├── elasticsearch-head
│ │ └── node_PATH
│ └── vars
│ └── main.yml
├── java_install
│ ├── files
│ │ └── jdk-8u191-linux-x64.tar.gz
│ ├── handlers
│ ├── meta
│ ├── tasks
│ │ ├── copy.yml
│ │ ├── main.yml
│ │ └── prepare.yml
│ ├── templates
│ │ ├── java_PATH
│ │ └── limits.conf
│ └── vars
│ └── main.yml
├── kibana_install
│ ├── files
│ │ ├── kibana-6.7.1-linux-x86_64.tar.gz
│ │ └── Kibana_Hanization-master.zip
│ ├── handlers
│ ├── meta
│ ├── tasks
│ │ ├── chinesization.yml
│ │ ├── copy.yml
│ │ ├── main.yml
│ │ └── prepare.yml
│ ├── templates
│ │ ├── kibana
│ │ ├── kibana.conf
│ │ └── kibana.service
│ └── vars
│ └── main.yml
├── logstash_install
│ ├── files
│ │ └── logstash-6.7.1.tar.gz
│ ├── handlers
│ ├── meta
│ ├── tasks
│ │ ├── copy.yml
│ │ ├── main.yml
│ │ └── prepare.yml
│ ├── templates
│ │ ├── logstash
│ │ ├── logstash.conf
│ │ └── logstash.service
│ └── vars
│ └── main.yml
└── nginx_install
├── files
├── handlers
├── meta
├── tasks
│ ├── copy.yml
│ ├── install.yml
│ ├── main.yml
│ └── prepare.yml
├── templates
│ ├── fastcgi_params
│ ├── kibana.conf
│ ├── nginx.conf
│ └── nginx.service
└── vars
└── main.yml
50 directories, 54 files
- 创建安装入口文件,用来调用roles:
# vim elfk.yml
---
- hosts: elasticsearch
remote_user: root
gather_facts: True
roles:
- java_install
- elasticsearch_install
- hosts: logstash
remote_user: root
gather_facts: True
roles:
- java_install
- logstash_install
- hosts: filebeat
remote_user: root
gather_facts: True
roles:
- filebeat_install
- hosts: kibana
remote_user: root
gather_facts: True
roles:
- kibana_install
- head_install
- nginx_install
java部分
- 创建java入口文件,用来调用java_install:
# vim java.yml
#用于批量安装Java
- hosts: elasticsearch
remote_user: root
gather_facts: True
roles:
- java_install
- 创建变量:
# vim roles/java_install/vars/main.yml
#定义java安装中的变量
JAVA_VER: 191
SOURCE_DIR: /software
JAVA_DIR: /usr/local/jdk
- 创建模板文件:
环境变量java_PATH
# vim roles/java_install/templates/java_PATH
JAVA_HOME={
{
JAVA_DIR }}
PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/jre/lib
export JAVA_HOME PATH CLASSPATH
系统环境limits.conf
# vim roles/java_install/templates/limits.conf
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
- 环境准备prepare.yml:
# vim roles/java_install/tasks/prepare.yml
- name: 关闭firewalld
service: name=firewalld state=stopped enabled=no
- name: 临时关闭 selinux
shell: "setenforce 0"
failed_when: false
- name: 永久关闭 selinux
lineinfile:
dest: /etc/selinux/config
regexp: "^SELINUX="
line: "SELINUX=disabled"
- name: 添加EPEL仓库
yum: name=epel-release state=latest
- name: 安装常用软件包
yum:
name:
- vim
- lrzsz
- net-tools
- wget
- curl
- bash-completion
- rsync
- gcc
- unzip
- git
state: latest
- name: 更新系统
shell: "yum update -y"
ignore_errors: yes
args:
warn: False
- 文件拷贝copy.yml:
# vim roles/java_install/tasks/copy.yml
- name: 拷贝系统环境limits.conf
template: src=limits.conf dest={
{
SOURCE_DIR }} owner=root group=root
- name: 配置系统环境limits.conf
shell: "if [ `grep '* soft nofile 65536' /etc/security/limits.conf |wc -l` -eq 0 ]; then cat {
{ SOURCE_DIR }}/limits.conf >> /etc/security/limits.conf; fi"
- name: 配置系统环境
shell: "if [ `grep 'vm.max_map_count' /etc/sysctl.conf |wc -l` -eq 0 ]; then echo 'vm.max_map_count=655360' >> /etc/sysctl.conf && sysctl -p; fi"
- name: 创建software目录
file: name={
{
SOURCE_DIR }} state=directory recurse=yes
#当前主机files目录下要准备好jdk包
- name: 拷贝jdk包
copy: src=jdk-8u{
{
JAVA_VER }}-linux-x64.tar.gz dest={
{
SOURCE_DIR }} owner=root group=root
- name: 解压jdk包
shell: "tar zxf jdk-8u{
{ JAVA_VER }}-linux-x64.tar.gz"
args:
chdir: "{
{ SOURCE_DIR }}"
warn: False
- name: 目录重命名
shell: "if [ ! -d {
{ JAVA_DIR }} ]; then mv {
{ SOURCE_DIR }}/jdk1.8.0_{
{ JAVA_VER }}/ {
{ JAVA_DIR }}; fi"
- name: 拷贝环境变量java_PATH
template: src=java_PATH dest={
{
SOURCE_DIR }} owner=root group=root
- name: 加入java_PATH到~/.bashrc
shell: "if [ `grep {
{ JAVA_DIR }} ~/.bashrc |wc -l` -eq 0 ]; then cat {
{ SOURCE_DIR }}/java_PATH >> ~/.bashrc && source ~/.bashrc; fi"
- name: 加入java_PATH到/etc/profile
shell: "if [ `grep {
{ JAVA_DIR }} /etc/profile |wc -l` -eq 0 ]; then cat {
{ SOURCE_DIR }}/java_PATH >> /etc/profile && source /etc/profile; fi"
- 引用文件main.yml:
# vim roles/java_install/tasks/main.yml
#引用prepare、copy模块
- include: prepare.yml
- include: copy.yml
elasticsearch部分
- 创建elasticsearch入口文件,用来调用elasticsearch_install:
# vim elasticsearch.yml
#用于批量安装Elasticsearch
- hosts: elasticsearch
remote_user: root
gather_facts: True
roles:
- elasticsearch_install
- 创建变量:
# vim roles/elasticsearch_install/vars/main.yml
#定义elasticsearch安装中的变量
ES_VER: 6.7.1
DOWNLOAD_URL: https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-{
{
ES_VER }}.tar.gz
SOURCE_DIR: /software
JAVA_DIR: /usr/local/jdk
ELFK_USER: elk
ELFK_DIR: /home/elfk
ES_CLUSTER: elk
ES_PORT: 9200
TCP_PORT: 9300
- 创建模板文件:
配置文件elasticsearch.conf
# vim roles/elasticsearch_install/templates/elasticsearch.conf
cluster.name: {
{
ES_CLUSTER }}
node.name: {
{
ES_CLUSTER }}-{
{
hostvars[inventory_hostname]['ansible_default_ipv4']['address'].split('.')[-1] }}
node.master: true
node.data: true
path.data: {
{
ELFK_DIR }}/elasticsearch/data
path.logs: {
{
ELFK_DIR }}/elasticsearch/logs
bootstrap.memory_lock: false
network.host: {
{
hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}
http.port: {
{
ES_PORT }}
transport.tcp.port: {
{
TCP_PORT }}
http.enabled: true
http.cors.enabled: true
http.cors.allow-origin: "*"
服务配置文件elasticsearch
# vim roles/elasticsearch_install/templates/elasticsearch
################################
# Elasticsearch
################################
# Elasticsearch home directory
#ES_HOME=/usr/share/elasticsearch
ES_HOME={
{
ELFK_DIR }}/elasticsearch
# Elasticsearch Java path
#JAVA_HOME=
JAVA_HOME={
{
JAVA_DIR }}
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/jre/lib
# Elasticsearch configuration directory
#ES_PATH_CONF=/etc/elasticsearch
ES_PATH_CONF={
{
ELFK_DIR }}/elasticsearch/config
# Elasticsearch PID directory
#PID_DIR=/var/run/elasticsearch
PID_DIR={
{
ELFK_DIR }}/elasticsearch/run
# Additional Java OPTS
#ES_JAVA_OPTS=
# Configure restart on package upgrade (true, every other setting will lead to not restarting)
#RESTART_ON_UPGRADE=true
################################
# Elasticsearch service
################################
# SysV init.d
#
# The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process
ES_STARTUP_SLEEP_TIME=5
################################
# System properties
################################
# Specifies the maximum file descriptor number that can be opened by this process
# When using Systemd, this setting is ignored and the LimitNOFILE defined in
# /usr/lib/systemd/system/elasticsearch.service takes precedence
#MAX_OPEN_FILES=65535
# The maximum number of bytes of memory that may be locked into RAM
# Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
# in elasticsearch.yml.
# When using systemd, LimitMEMLOCK must be set in a unit file such as
# /etc/systemd/system/elasticsearch.service.d/override.conf.
#MAX_LOCKED_MEMORY=unlimited
# Maximum number of VMA (Virtual Memory Areas) a process can own
# When using Systemd, this setting is ignored and the 'vm.max_map_count'
# property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf
#MAX_MAP_COUNT=262144
服务文件elasticsearch.service
# vim roles/elasticsearch_install/templates/elasticsearch.service
[Unit]
Description=Elasticsearch
Documentation=http://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
RuntimeDirectory=elasticsearch
PrivateTmp=true
Environment=ES_HOME={
{
ELFK_DIR }}/elasticsearch
Environment=ES_PATH_CONF={
{
ELFK_DIR }}/elasticsearch/config
Environment=PID_DIR={
{
ELFK_DIR }}/elasticsearch/run
EnvironmentFile=-/etc/sysconfig/elasticsearch
WorkingDirectory={
{
ELFK_DIR }}/elasticsearch
User={
{
ELFK_USER }}
Group={
{
ELFK_USER }}
ExecStart={
{
ELFK_DIR }}/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet
# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# elasticsearch logging system is initialized. Elasticsearch
# stores its logs in /var/log/elasticsearch and does not use