logstash 安装部署成服务

 

logstash最常见的运行方式即命令行运行./bin/logstash -f logstash.conf然后通过ctrl+c结束，这种方式的优点在于运行方便，但是缺点也很明显，不便于管理，同时如果遇到服务器重启，则维护成本会更高一些，如果在生产环境运行logstash建议还是使用服务的方式运行。本文介绍如何将logstash加入linux的service中，以服务的方式启动logstash，同时借助service的特性实现开机自启动的能力。

0X01 环境准备

• logstash 5.x 以上版本，假设安装在/opt/logstash目录
• Centos服务器

0x02 配置

在安装目录下修改startip.optins文件

vi /opt/logstash/config/startup.options

# 如果java 是手动tar安装的，定位到javacmd而logstash默认配置文件去 /usr/bin、/bin、/sbin、/usr/sbin 找java，找不到会报错
JAVA_CMD=/usr/local/java/bin/java
# Set a home directory
LS_HOME=/opt/logstash

# logstash settings directory, the path which contains logstash.yml
LS_SETTINGS_DIR=/opt/logstash/config

# Arguments to pass to logstash
LS_OPTS="--path.settings ${LS_SETTINGS_DIR} -f /root/mylogstash"
# 我们把logstash的配置文件如logstash.conf都放在/root/mylogstash目录下面 

# user and group id to be invoked as
LS_USER=root
LS_GROUP=root

之后我们编辑logstash.conf 配置文件，下面的例子将heartbeat写到磁盘上

input{
    heartbeat{
        interval => 60
        type => "heartbeat"
        message => "logstash is alive"
    }

    syslog{
        host => "0.0.0.0"
        port => 1514
    }
}

output{
    file {
        path => "/root/logs/%{+yyyyMMdd}.log"
        codec => line { format => "%{message}"}
    }
}

0x03 创建服务

以root身份执行logstash命令创建服务

/opt/logstash/bin/system-install

完成后在会在这里创建一个配置文件/etc/systemd/system/logstash.service

0x04 启动服务

启动Logstash服务

• 设置服务自启动：systemctl enable logstash
• 启动服务：systemctl start logstash
• 停止服务：systemctl stop logstash
• 重启服务：systemctl restart logstash
• 查看服务状态：systemctl status logstash

0x05 查看日志

默认情况下日志会保存在以下两个位置

• /var/log/messages
• /opt/logstash/logs

不输出日志启动：messages太大

下列脚本放在、/etc/init.d/logstash

用脚本启动

/etc/init.d/logstash start

/etc/init.d/logstash stop

/etc/init.d/logstash status

#!/bin/sh
# Init script for logstash
# Maintained by 
# Generated by pleaserun.
# Implemented based on LSB Core 3.1:
#   * Sections: 20.2, 20.3
#
### BEGIN INIT INFO
# Provides:          logstash
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: 
# Description:       logstash
### END INIT INFO

PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH

name=logstash
program=/usr/local/logstash-7.3.2/bin/logstash
args=--path.settings\ /usr/local/logstash-7.3.2/config\ -f\ /usr/local/logstash-7.3.2/mysql/
pidfile="/var/run/$name.pid"
user="root"
group="root"
chroot="/"
chdir="/"
nice="19"
limit_open_files="16384"


# If this is set to 1, then when `stop` is called, if the process has
# not exited within a reasonable time, SIGKILL will be sent next.
# The default behavior is to simply log a message "program stop failed; still running"
KILL_ON_STOP_TIMEOUT=0

# When loading default and sysconfig files, we use `set -a` to make
# all variables automatically into environment variables.
set -a
[ -r /etc/default/logstash ] && . /etc/default/logstash
[ -r /etc/sysconfig/logstash ] && . /etc/sysconfig/logstash
set +a

[ -z "$nice" ] && nice=0

trace() {
  logger -t "/etc/init.d/logstash" "$@"
}

emit() {
  trace "$@"
  echo "$@"
}

start() {

  # Ensure the log directory is setup correctly.
  if [ ! -d "/var/log" ]; then 
    mkdir "/var/log"
    chown "$user":"$group" "/var/log"
    chmod 755 "/var/log"
  fi


  # Setup any environmental stuff beforehand
  ulimit -n ${limit_open_files}

  # Run the program!
  nice -n "$nice" \
  chroot --userspec "$user":"$group" "$chroot" sh -c "
    ulimit -n ${limit_open_files}
    cd \"$chdir\"
    exec \"$program\" $args >/dev/null 2>&1 &
  #" >> /var/log/logstash-stdout.log 2>> /var/log/logstash-stderr.log &
  # Generate the pidfile from here. If we instead made the forked process
  # generate it there will be a race condition between the pidfile writing
  # and a process possibly asking for status.
  echo $! > $pidfile

  emit "$name started"
  return 0
}

stop() {
  # Try a few times to kill TERM the program
  if status ; then
    pid=$(pgrep -f "logstash-7.3.2")
    trace "Killing $name (pid $pid) with SIGTERM"
    kill -9 $pid
    # Wait for it to exit.
    for i in 1 2 3 4 5 ; do
      trace "Waiting $name (pid $pid) to die..."
      status || break
      sleep 1
    done
    if status ; then
      if [ "$KILL_ON_STOP_TIMEOUT" -eq 1 ] ; then
        trace "Timeout reached. Killing $name (pid $pid) with SIGKILL.  This may result in data loss."
        kill -KILL $pid
        emit "$name killed with SIGKILL."
      else
        emit "$name stop failed; still running."
      fi
    else
      emit "$name stopped."
    fi
  fi
}

status() {
  pid=$(pgrep -f "logstash-7.3.2")


  if [ ! $pid  ] ; then
    return 3 # program is not running
  else
    return 0 # program is  running
  fi
}

force_stop() {
  if status ; then
    stop
    status && kill -KILL $(cat "$pidfile")
  fi
}


case "$1" in
  force-start|start|stop|force-stop|restart)
    trace "Attempting '$1' on logstash"
    ;;
esac

case "$1" in
  force-start)
    PRESTART=no
    exec "$0" start
    ;;
  start)
    status
    code=$?
    if [ $code -eq 0 ]; then
      emit "$name is already running"
      exit $code
    else
      start
      exit $?
    fi
    ;;
  stop) stop ;;
  force-stop) force_stop ;;
  status)
    status
    code=$?
    if [ $code -eq 0 ] ; then
      emit "$name is running"
    else
      emit "$name is not running"
    fi
    exit $code
    ;;
  restart)
    
    stop && start
    ;;
  *)
    echo "Usage: $SCRIPTNAME {start|force-start|stop|force-start|force-stop|status|restart}" >&2
    exit 3
  ;;
esac

exit $?