ELFK日志平台入门2---Elasticseach集群搭建
ELFK日志平台入门5---Logstash+Filebeat集群搭建
这个章节我们介绍下Kibana搭建。
1、Kibana部署
- 解压Kibana安装包:
# tar zxf kibana-6.2.4-linux-x86_64.tar.gz && mv kibana-6.2.4-linux-x86_64 /usr/local/kibana
- 修改配置:
# vim /usr/local/kibana/config/kibana.yml
server.port: 5601 #监听端口
server.host: "0.0.0.0" #监听IP
elasticsearch.hosts: ["http://192.168.0.0:9200","http://192.168.0.1:9200","http://192.168.0.2:9200"] #集群es地址
logging.dest: /usr/local/kibana/logs/kibana.log #日志路径
kibana.index: ".kibana" #默认索引
# mkdir /usr/local/kibana/logs && touch /usr/local/kibana/logs/kibana.log
- 启动kibana:
# /usr/local/kibana/bin/kibana &
- 配置成kibana服务:
# vim /etc/default/kibana
user="elk"
group="elk"
chroot="/"
chdir="/"
nice=""
# If this is set to 1, then when `stop` is called, if the process has
# not exited within a reasonable time, SIGKILL will be sent next.
# The default behavior is to simply log a message "program stop failed; still running"
KILL_ON_STOP_TIMEOUT=0
新增服务文件:
# vim /etc/systemd/system/kibana.service
# vim /etc/sysconfig/elasticsearch
################################
# Elasticsearch
################################
# Elasticsearch home directory
#ES_HOME=/usr/share/elasticsearch
ES_HOME=/usr/local/elasticsearch
# Elasticsearch Java path
#JAVA_HOME=
JAVA_HOME=/usr/local/jdk
CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/jre/lib
# Elasticsearch configuration directory
#ES_PATH_CONF=/etc/elasticsearch
ES_PATH_CONF=/usr/local/elasticsearch/config
# Elasticsearch PID directory
#PID_DIR=/var/run/elasticsearch
PID_DIR=/usr/local/elasticsearch/run
# Additional Java OPTS
#ES_JAVA_OPTS=
# Configure restart on package upgrade (true, every other setting will lead to not restarting)
#RESTART_ON_UPGRADE=true
################################
# Elasticsearch service
################################
# SysV init.d
#
# The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process
ES_STARTUP_SLEEP_TIME=5
################################
# System properties
################################
# Specifies the maximum file descriptor number that can be opened by this process
# When using Systemd, this setting is ignored and the LimitNOFILE defined in
# /usr/lib/systemd/system/elasticsearch.service takes precedence
#MAX_OPEN_FILES=65535
# The maximum number of bytes of memory that may be locked into RAM
# Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
# in elasticsearch.yml.
# When using systemd, LimitMEMLOCK must be set in a unit file such as
# /etc/systemd/system/elasticsearch.service.d/override.conf.
#MAX_LOCKED_MEMORY=unlimited
# Maximum number of VMA (Virtual Memory Areas) a process can own
# When using Systemd, this setting is ignored and the 'vm.max_map_count'
# property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf
#MAX_MAP_COUNT=262144
管理服务:
# chown -R elk:elk /usr/local/kibana
# systemctl daemon-reload
# systemctl enable kibana
# systemctl start kibana #先kill之前的kibana进程
- 浏览器访问(Kibana默认端口5601)
2、Kibana开启密码登录
因为Kibana部署好后,不需要账号密码可以直接登录访问界面,这样对于生产环境而言,安全性较差,那如何提供设置Kibana账号密码登录呢?这里提供一种方案:
nginx提供ngx_http_auth_basic_module模块,实现代理之后权限控制。那下面看下如何配置(默认已安装好nginx,这里不做介绍):
- 创建用户名密码文件:
# htpasswd -b -c /usr/local/nginx/conf/passwd.db user 123456
- nginx增加auth_basic和auth_basic_user_file两项配置:
# vi nginx.conf
server {
listen 5601;
server_name 127.0.0.1;
location / {
auth_basic "secret";
auth_basic_user_file /usr/local/nginx/db/passwd.db;
proxy_pass http://*.*.*.*:5601; #kibana访问地址
proxy_set_header Host $host:5601;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Via "nginx";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- 重新加载nginx配置:
# ./nginx -s reload
- 浏览器访问 :
至此,Kibana已部署完成,如果需要集群,可以自己在nginx配置。