Kubernetes实录系列记录文档完整目录参考: Kubernetes实录-目录
相关记录链接地址 :
- 第一篇-集群部署配置(24) Kubernetes日志方案-使用EFK实现日志管理(1)-介绍与架构概要
- 第一篇-集群部署配置(25) Kubernetes日志方案-使用EFK实现日志管理(2)-配置外部ELK服务
- 第一篇-集群部署配置(26) Kubernetes日志方案-使用EFK实现日志管理(3)-配置外部Kafka服务
- 第一篇-集群部署配置(27) Kubernetes日志方案-使用EFK实现日志管理(4)-配置Fluentd-agent
- 第一篇-集群部署配置(28) Kubernetes日志方案-使用EFK实现日志管理(5)-日志服务使用场景
- 第一篇-集群部署配置(29) Kubernetes日志方案-使用EFK实现日志管理(6)-集群内配置所有日志服务组件
一、资源准备与约定
1.1 服务器资源
| 主机名称 | ip地址 | 操作系统 | 角色 | 软件版本 | 备注 |
|---|---|---|---|---|---|
| ejucselasticsearch-shylf-1 | 10.116.71.64 | CentOS 7.6 | logstash+Elasticsearch | 7.8.1 | |
| ejucselasticsearch-shylf-2 | 10.116.71.65 | CentOS 7.6 | logstash+Elasticsearch | 7.8.1 | |
| ejucselasticsearch-shylf-3 | 10.116.71.66 | CentOS 7.6 | logstash+Elasticsearch | 7.8.1 |
1.2 系统初始化
这里系统采用最小化安装,根据需要进行初始化,这里初始化省略。
禁用selinux,关闭firewalld[所有节点]
# 禁用selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
# 关闭防火墙
yum install -y firewalld
systemctl stop firewalld.service
systemctl disable firewalld.service
主机名称解析[所有节点]
cat /etc/hosts
# 其他省略
10.116.71.64 ejucselasticsearch-shylf-1
10.116.71.65 ejucselasticsearch-shylf-2
10.116.71.66 ejucselasticsearch-shylf-3
调优
cat /proc/sys/fs/file-max
1610023
cat /etc/security/limits.d/90-nproc.conf
* soft nproc 10240
* hard nproc 10240
* soft nofile 102400
* hard nofile 102400
root soft nproc unlimited
echo 'vm.max_map_count = 409600' >> /etc/sysctl.conf
sysctl -p
1.3 软件版本与下载地址
# tree
├── elasticsearch-7.8.1-linux-x86_64.tar.gz
└── logstash-7.8.1.tar.gz
- elasticsearch
版本:elasticsearch采用当前最新版本7.8.1
地址:地址:https://www.elastic.co/cn/downloads/elasticsearch 选择下载elasticsearch-7.8.1-linux-x86_64.tar.gz - logstash
版本:logstash采用当前最新版本7.8.1
地址:https://www.elastic.co/cn/downloads/logstash 选择下载logstash-7.8.1.tar.gz
1.4 安装路径约定
二进制分发的软件统一安装在/opt/app/install目录下,并且带版本号。然后软连接到/opt/app/目录下,不携带版本号。例如jdk
# ll /opt/app/install/
drwxr-xr-x 8 root root 115 Aug 3 15:27 logstash-7.8.1
# ll /opt/app/
lrwxrwxrwx 1 root root 27 Aug 3 15:30 logstash -> /opt/app/install/logstash-7.8.1
二、Elasticsearch集群部署配置
创建账户与相关路径
# 可以创建启动es的账户和组,我所在的环境业务应用统一使用运维组:账户admin:admin启动
# groupadd -g 800 elasticsearch
# useradd -s /sbin/nologin -g 800 -u 800 -M elasticsearch
mkdir -p /var/lib/elasticsearch/data
mkdir -p /var/log/elasticsearch/logs
chown -R admin:admin /var/lib/elasticsearch
chown -R admin:admin /var/log/elasticsearch
将下载的Elasticsearch二进制软件包解压并放置到安装目录[所有节点]
tar zxvf elasticsearch-7.8.1-linux-x86_64.tar.gz -C /opt/app/install/
ln -s /opt/app/install/elasticsearch-7.8.1 /opt/app/elasticsearch
ls -l /opt/app/elasticsearch
/opt/app/elasticsearch -> /opt/app/install/elasticsearch-7.8.1
chown -R admin:admin /opt/app/install/elasticsearch-7.8.1
chown -R admin:admin /opt/app/elasticsearch
配置Elasticsearch,各节点配置有所不同[所有节点]
vi /opt/app/elasticsearch/config/elasticsearch.yml
#其他参数保存不变,如有需要可以修改调优
cluster.name: ejucs-cluster
node.name: ejucselasticsearch-shylf-1 # 配置各节点的主机名称
path.data: /var/lib/elasticsearch/data
path.logs: /var/log/elasticsearch/logs
network.host: 10.116.71.64 # 配置各节点的主机IP地址
http.port: 9200
discovery.seed_hosts: ["10.116.71.64", "10.116.71.65", "10.116.71.66"]
cluster.initial_master_nodes: ["10.116.71.64", "10.116.71.65", "10.116.71.66"]
调整JVM参数,修改Elasticsearch使用的内存[所有节点]
vi /opt/app/install/elasticsearch-7.8.1/config/jvm.options
-Xms8g
-Xmx8g
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
#-XX:+HeapDumpOnOutOfMemoryError
#-XX:HeapDumpPath=/data/logs/elasticsearch_29200h
#-XX:ErrorFile=/data/logs/elasticsearch_29200/hs_err_pid%p.log
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:/data/logs/elasticsearch_29200/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m
#9-:-Xlog:gc*,gc+age=trace,safepoint:file=/data/logs/elasticsearch_29200/gc.log:utctime,pid,tags:filecount=32,filesize=64m
备注:服务器内存为16GB,设置es内存使用不超过一半
启动Elasticsearch[所有节点]
/opt/app/elasticsearch/bin/elasticsearch -d
netstat -pltn
#这里第一个节点为例:各个节点监听的IP地址是不同的。
tcp 0 0 10.116.71.64:9200 0.0.0.0:* LISTEN 4338/java
tcp 0 0 10.116.71.64:9300 0.0.0.0:* LISTEN 4338/java
#node1为例,各个节点监听的IP地址是不同的
curl 10.116.71.64:9200
{
"name" : "ejucselasticsearch-shylf-1",
"cluster_name" : "ejucs-cluster",
"cluster_uuid" : "l7bwgu6EQ2i8ml73mgLwlg",
"version" : {
"number" : "7.8.1",
"build_flavor" : "default",
"build_type" : "tar",
"build_hash" : "b5ca9c58fb664ca8bf9e4057fc229b3396bf3a89",
"build_date" : "2020-07-21T16:40:44.668009Z",
"build_snapshot" : false,
"lucene_version" : "8.5.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
systemd自启动脚本[待进一步优化处理]
[Unit]
Description=Elasticsearch
Documentation=http://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
Type=forking
Group=admin
User=admin
LimitNOFILE=65536
LimitNPROC=4096
Environment=ES_HOME=/opt/app/elasticsearch
Environment=ES_PATH_CONF=/opt/app/elasticsearch/config
Environment=PID_DIR=/opt/app/elasticsearch
EnvironmentFile=-/opt/app/elasticsearch/config/elasticsearch
WorkingDirectory=/opt/app/elasticsearch
ExecStart=/opt/app/elasticsearch/bin/elasticsearch -d
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl start elasticsearch.service
systemctl status elasticsearch.service
三、logstash部署配置
准备java环境
tar zxvf jdk-11.0.8_linux-x64_bin.tar.gz -C /opt/app/install/
ln -s /opt/app/install/jdk-11.0.8 /opt/app/jdk
vi /etc/profile.d/java.sh
export JAVA_HOME=/opt/app/jdk
export PATH=$PATH:$JAVA_HOME/bin
chmod +x /etc/profile.d/java.sh
source /etc/profile.d/java.sh
# java -version
java version "11.0.8" 2020-07-14 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.8+10-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.8+10-LTS, mixed mode)
将下载的logstash二进制软件包加压并放置到安装目录[所有节点]
tar zxvf logstash-7.8.1.tar.gz -C /opt/app/install/
ln -s /opt/app/install/logstash-7.8.1 /opt/app/logstash
chown -R admin:admin /opt/app/install/logstash-7.8.1
chown -R admin:admin /opt/app/logstash
备注:logstash只用来从kafka获取数据处理后输出到ES,不用来收集例如syslog等日志,不用部署在root账户下,这里部署跟es一致部署在admin运维账户下,也可以建立单独的账户允许。
配置logstash[所有节点]
/opt/app/logstash/config/
调整JVM参数,修改logstash使用的内存[所有节点]
/opt/app/logstash/config/jvm.options
#其他参数保存不变,如有需要可以修改调优
启动logstash[所有节点]
-Xms2g
-Xmx2g
四、Kibana部署配置
将下载的Kibana二进制软件包加压并放置到安装目录
tar zxvf kibana-7.8.1-linux-x86_64.tar.gz -C /opt/app/install/
ln -s /opt/app/install/kibana-7.8.1-linux-x86_64 /opt/app/kibana
chown -R admin:admin /opt/app/install/kibana-7.8.1-linux-x86_64
chown -R admin:admin /opt/app/kibana
配置Kibana
vi /opt/app/kibana/config/kibana.yml
server.port: 5601
server.host: "10.116.71.69"
elasticsearch.hosts: ["http://10.116.71.64:9200", "http://10.116.71.65:9200", "http://10.116.71.66:9200"]
启动Kibana[所有节点]
nohup /opt/app/kibana/bin/kibana &
五、简单验证Elasticsearch集群与logstash
5.1 验证Elasticsearch集群
集群状态查询
curl -X GET "10.116.71.64:9200/_cat/health?v"
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1596558879 16:34:39 ejucs-cluster green 3 3 0 0 0 0 0 0 - 100.0%
集群节点查询
curl -X GET "10.116.71.64:9200/_cat/nodes?v"
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
10.116.71.65 10 68 0 0.00 0.02 0.05 dilmrt - ejucselasticsearch-shylf-2
10.116.71.64 10 69 0 0.00 0.01 0.05 dilmrt * ejucselasticsearch-shylf-1
10.116.71.66 9 68 0 0.00 0.01 0.05 dilmrt - ejucselasticsearch-shylf-3
//heap.percent 堆内存的百分比
列出集群index,当前没有创建index,返回为空值
curl -X GET "10.116.71.64:9200/_cat/indices?v"
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
304
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
