ELK5.2.2自动化部署脚本

 

 

安装server端sh elk-and.sh masterIP nodeIP MASTER

安装agent端

sh elk-and.sh masterIP nodeIP NODE

 

cat elk-and.sh

#!/bin/bash
usage ()
{
  echo "usage: elk-and-node.sh <elk_master_ip> <elk_node_ip> <master or node>"
}
if [ $# -ne 3 ]; then
  usage
  exit -1
fi
MASTERHOUZHUI=`ssh $1 ip a|grep global|awk -F/ '{print $1}'|awk '{print $2}'|awk -F. '{print "-"$3"-"$4}'`
NODEHOUZHUI=`ssh $2 ip a|grep global|awk -F/ '{print $1}'|awk '{print $2}'|awk -F. '{print "-"$3"-"$4}'`
case $3 in
MASTER)
#ssh $1 "MASTERHOSTNAME=`ip a|grep global|awk -F/ '{print $1}'|awk '{print $2}'|awk -F. '{print "-"$3"-"$4}'`;hostnamectl --static set-hostname elk-master$MASTERHOSTNAME"
cat elk-master.sh |ssh $1 "cat > /elk-master.sh";ssh $1 "sh -x /elk-master.sh"
ssh $2 "mkdir -p /etc/filebeat/pki/tlk/private/ /etc/filebeat/pki/tls/certs/"
#ssh $1 "cat /etc/logstash/pki/tls/certs/logstash-master$MASTERHOUZHUI.crt"|ssh $2 "cat > /etc/filebeat/pki/tls/certs/logstash-master$MASTERHOUZHUI.crt"
#ssh $1 "sed -i s/filebeat.crt/filebeat-node$NODEHOUZHUI.crt/g /etc/logstash/conf.d/02-beats-input.conf"
ssh $2 "sed -i s/logstash.crt/logstash-master$MASTERHOUZHUI.crt/g /etc/filebeat/filebeat.yml"
;;

NODE)
cat elk-node.sh |ssh $2 "cat > /elk-node.sh";ssh $2 "sh -x /elk-node.sh"
ssh $2 "cat /etc/filebeat/pki/tls/certs/filebeat-node$NODEHOUZHUI.crt" | ssh $1 "cat > /etc/logstash/pki/tls/certs/filebeat-node$NODEHOUZHUI.crt"
ssh $2 "sed -i s/masterhost/$1/g /etc/filebeat/filebeat.yml"
ssh $2 "systemctl start filebeat.service"
HOSTAAA=`ssh $2 "hostname"`
ssh $1 "echo $2 $HOSTAAA >>/etc/hosts"
ssh $1 "sed -i /true/a'ssl_certificate_authorities => [\"/etc/logstash/pki/tls/certs/filebeat-node.crt\"]' /etc/logstash/conf.d/02-beats-input.conf"
ssh $1 sed -i "s/filebeat-node.crt/filebeat-node$NODEHOUZHUI.crt/g /etc/logstash/conf.d/02-beats-input.conf"
ssh $1 "sed -n '/filebeat.crt/d' /etc/logstash/conf.d/02-beats-input.conf"
ssh $2 "sed -i s/logstash.crt/logstash-master$MASTERHOUZHUI.crt/g /etc/filebeat/filebeat.yml"
ssh $1 "cat /etc/logstash/pki/tls/certs/logstash-master$MASTERHOUZHUI.crt"|ssh $2 "cat > /etc/filebeat/pki/tls/certs/logstash-master$MASTERHOUZHUI.crt"
;;
*)
echo "You have to enter <MASTER> or <NODE>      !!!"
esac
ssh $1 "systemctl restart logstash.service"
sleep 5
ssh $2 "systemctl restart filebeat.service"

 

cat elk-master.sh
#!/bin/bash
#—————————————————————————————————————————————————————————初始化及安装软件
#MASTERHOSTNAME=`ip a|grep global|awk -F/ '{print $1}'|awk '{print $2}'|awk -F. '{print "-"$3"-"$4}'`;hostnamectl --static set-hostname elk-master$MASTERHOSTNAME
NWIP=`ip a|grep global|awk -F/ '{print $1}'|awk '{print $2}'`
MASTERHOUZHUI=`echo $NWIP|awk -F. '{print "-"$3"-"$4}'`
hostnamectl --static set-hostname elk-master$MASTERHOUZHUI
HOSTNAME=`hostname`
HOSTS=`cat /etc/hosts|grep $NWIP|awk '{print $2}'`
sed -i s/$HOSTS/$HOSTNAME/g /etc/hosts
cd /
mkdir -p /tmp/phantomjs/
mkdir -p /etc/logstash/pki/tlk/private/
mkdir -p /etc/logstash/pki/tls/certs/
wget -N -P / http://10.143.50.200:8080/software/elk/elasticsearch-head.tar.gz http://10.143.50.200:8080/software/elk/node_modules.tar.gz http://10.143.50.200:8080/software/elk/npm.tar.gz
wget -N -P /tmp/phantomjs/ http://10.143.50.200:8080/software/elk/phantomjs-2.1.1-linux-x86_64.tar.bz2
rpm -ivh http://10.143.50.200:8080/Files/rpmbuild/gomerepo-1.0.0-1.x86_64.rpm
echo "10.143.50.200   mirrors.vps.gmfcloud.com"  >> /etc/hosts
gomerepo init
gomerepo enable gomeos_base
yum install java npm git elasticsearch logstash kibana -y

#——————————————————————————————————————————————认证
sed -i "/\[ v3_ca \]/a\subjectAltName = IP: $NWIP" /etc/pki/tls/openssl.cnf
openssl req -subj /CN=$HOSTNAME/ -x509 -days $((100*365)) -batch -nodes -newkey rsa:2048 -keyout /etc/logstash/pki/tlk/private/logstash-master$MASTERHOUZHUI.key -out /etc/logstash/pki/tls/certs/logstash-master$MASTERHOUZHUI.crt

#——————————————————————————————————————————安装软件
yum install java npm git elasticsearch logstash kibana -y

#——————————————————————————————Elasticsearch配置
for i in `ls *.tar.gz`;do tar -zxvf $i;done
cd /var/lib/elasticsearch/elasticsearch-head/
sed -i s/"http:\/\/localhost:9200"/"http:\/\/$NWIP:9200"/g _site/app.js
cat <<EOF > /etc/elasticsearch/elasticsearch.yml
network.host: 0.0.0.0
http.port: 9200
http.cors.enabled: true
http.cors.allow-origin: "*"
EOF
systemctl start elasticsearch.service
ln -s /usr/lib/node_modules/grunt/bin/grunt /usr/bin/grunt
echo '* * * * * sleep 5;cd /var/lib/elasticsearch/elasticsearch-head/;nohup grunt server & ' >> /var/spool/cron/root

#——————————————————————————————logstash配置
cat <<EOF> /etc/logstash/conf.d/02-beats-input.conf
input {
  beats {
    host => "$NWIP"
    port => 5044
    type => "syslogs"
    ssl => true
    ssl_certificate => "/etc/logstash/pki/tls/certs/logstash-master$MASTERHOUZHUI.crt"
    ssl_key => "/etc/logstash/pki/tlk/private/logstash-master$MASTERHOUZHUI.key"
    ssl_verify_mode => "force_peer"
  }
}
output {
  elasticsearch {
    hosts => ["$NWIP:9200"]
    index => "test-system-%{+YYYY.MM.dd}"
  }
}
EOF
systemctl start logstash.service

#——————————————————————————————kibana配置
cat <<EOF > /etc/kibana/kibana.yml
server.port: 5601
server.host: "$NWIP"
elasticsearch.url: "http://$NWIP:9200"
kibana.index: ".kibana"
EOF
sed -i '/kibana/s/service //' /etc/passwd
systemctl start kibana.service

 

cat elk-node.sh
#!/bin/bash
#—————————————————————————————————————————————————————————初始化及安装软件
rpm -ivh http://10.143.50.200:8080/Files/rpmbuild/gomerepo-1.0.0-1.x86_64.rpm
echo "10.143.50.200   mirrors.vps.gmfcloud.com"  >> /etc/hosts
gomerepo init
gomerepo enable gomeos_base
NWIP=`ip a|grep global|awk -F/ '{print $1}'|awk '{print $2}'`
NODEHOUZHUI=`echo $NWIP|awk -F. '{print "-"$3"-"$4}'`

#——————————————————————————————————————————安装软件
yum install filebeat -y
mkdir -p /etc/filebeat/pki/tlk/private/
mkdir -p /etc/filebeat/pki/tls/certs/

#——————————————————————————————————————————————认证
openssl req -x509 -days $((100*365)) -batch -nodes -newkey rsa:2048 -keyout /etc/filebeat/pki/tlk/private/filebeat-node$NODEHOUZHUI.key -out /etc/filebeat/pki/tls/certs/filebeat-node$NODEHOUZHUI.crt

#——————————————————————————————filebeat配置
cat <<EOF > /etc/filebeat/filebeat.yml
filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/*.log
output.logstash:
  hosts: ["masterhost:5044"]
  ssl.enabled: true
  ssl.verification_mode: full
  ssl.certificate_authorities: ["/etc/filebeat/pki/tls/certs/logstash.crt"]
  ssl.certificate:  "/etc/filebeat/pki/tls/certs/filebeat-node$NODEHOUZHUI.crt"
  ssl.key: "/etc/filebeat/pki/tlk/private/filebeat-node$NODEHOUZHUI.key"
logging.to_files: true
logging.files:
EOF