CentOS 7部署ELK
安装环境准备
操作系统版本:CentOS Linux release 7.7.1908 (Core)
elasticsearch-7.5.0-x86_64.rpm #官网下载
logstash-7.5.1.rpm #官网下载
kibana-7.5.1-x86_64.rpm #官网下载
jdk-8u202-linux-x64.rpm #需要java环境,https://mirror.its.sfu.ca/mirror/CentOS-Third-Party/RCG/common/x86_64/ 可免oracle账号下载
下载完后,全部上传至Centos server操作系统.
[root@localhost opt]# ls elasticsearch-7.5.0-x86_64.rpm jdk-8u202-linux-x64.rpm kibana-7.5.1-x86_64.rpm logstash-7.5.1.rpm
安装前,编辑/etc/sysconfig/selinux关闭 selinux
[root@localhost opt]# cat /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
安装jdk
[root@localhost opt]# rpm -ivh jdk-8u202-linux-x64.rpm warning: jdk-8u202-linux-x64.rpm: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY Preparing... ################################# [100%] Updating / installing... 1:jdk1.8-2000:1.8.0_202-fcs ################################# [100%] Unpacking JAR files... tools.jar... plugin.jar... javaws.jar... deploy.jar... rt.jar... jsse.jar... charsets.jar... localedata.jar... [root@localhost opt]# java -version java version "1.8.0_202" Java(TM) SE Runtime Environment (build 1.8.0_202-b08) Java HotSpot(TM) 64-Bit Server VM (build 25.202-b08, mixed mode)
安装Elasticsearch
[root@localhost opt]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch # 导入elastic GPG Key [root@localhost opt]# rpm -ivh elasticsearch-7.5.0-x86_64.rpm Preparing... ################################# [100%] Creating elasticsearch group... OK Creating elasticsearch user... OK Updating / installing... 1:elasticsearch-0:7.5.0-1 ################################# [100%] ### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service ### You can start elasticsearch service by executing sudo systemctl start elasticsearch.service Created elasticsearch keystore in /etc/elasticsearch
编辑/etc/elasticsearch/elasticsearch.yml,取消下面两行的注释
bootstrap.memory_lock: true
http.port: 9200
[root@localhost opt]# systemctl daemon-reload [root@localhost opt]# systemctl start elasticsearch [root@localhost opt]# systemctl enable elasticsearch Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service. [root@localhost opt]# netstat -tnlp # tcp 9200端口已启用,验证elasticsearch服务已启动。 Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1359/master tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1144/sshd tcp6 0 0 ::1:25 :::* LISTEN 1359/master tcp6 0 0 127.0.0.1:9200 :::* LISTEN 2567/java tcp6 0 0 ::1:9200 :::* LISTEN 2567/java tcp6 0 0 127.0.0.1:9300 :::* LISTEN 2567/java tcp6 0 0 ::1:9300 :::* LISTEN 2567/java tcp6 0 0 :::22 :::* LISTEN 1144/sshd
安装配置Nginx
[root@localhost opt]# yum install nginx httpd-tools -y
安装完毕编辑 /etc/nginx/nginx.conf,删除默认server配置
这里把位于36、59行之间的Server块删掉,在 /etc/nginx/conf.d/*.conf中新增需要的配置文件。 # vi 第一步,:set number显示行数, 第二步,确认行号之后,:37,58d 删除第37至58行。
36 include /etc/nginx/conf.d/*.conf;
Server { }
59# Settings for a TLS enabled server.
新建kibana.conf
[root@localhost opt]# vi /etc/nginx/conf.d/kibana.conf
粘贴下面内容,主机名 elk.demo,使用http-basic认证,location部分,当Nginx监听到servername:80的请求时,会转发给本地5601端口的进程,这个进程就是将要安装的kibana
server { listen 80; server_name elk.demo; auth_basic "Restricted Access"; auth_basic_user_file /etc/nginx/.kibana-user; location / { proxy_pass http://localhost:5601; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
新建elasticsearch.conf,粘贴如下内容:
server { listen 81; server_name elk.demo; location / { proxy_pass http://localhost:9200; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
添加认证用户:
[root@localhost opt]# htpasswd -c /etc/nginx/.kibana-user admin
New password:
Re-type new password:
Adding password for user admin
nginx -t检查配置文件,无误则启动nginx,有错误则按提示检查刚才编辑的配置文件
[root@localhost ~]# systemctl enable nginx
[root@localhost ~]# systemctl start nginx
安装Kibana
[root@localhost opt]# rpm -ivh kibana-7.5.1-x86_64.rpm Preparing... ################################# [100%] Updating / installing... 1:kibana-7.5.1-1 ################################# [100%]
编辑/etc/kibana/kibana.yml,去掉如下几行的注释:
server.port: 5601
server.host: "localhost"
elasticsearch.hosts: ["http://localhost:9200"]
启动Kibana
[root@localhost opt]# systemctl enable kibana Created symlink from /etc/systemd/system/multi-user.target.wants/kibana.service to /etc/systemd/system/kibana.service. [root@localhost opt]# systemctl start kibana [root@localhost opt]# netstat -tln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:5601 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 ::1:25 :::* LISTEN tcp6 0 0 127.0.0.1:9200 :::* LISTEN tcp6 0 0 ::1:9200 :::* LISTEN tcp6 0 0 127.0.0.1:9300 :::* LISTEN tcp6 0 0 ::1:9300 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN
安装Logstash
[root@localhost opt]# rpm -ivh logstash-7.5.1.rpm Preparing... ################################# [100%] Updating / installing... 1:logstash-1:7.5.1-1 ################################# [100%] Using provided startup.options file: /etc/logstash/startup.options /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/pleaserun-0.0.30/lib/pleaserun/platform/base.rb:112: warning: constant ::Fixnum is deprecated Successfully created system startup script for Logstash [root@localhost opt]# systemctl enable logstash Created symlink from /etc/systemd/system/multi-user.target.wants/logstash.service to /etc/systemd/system/logstash.service. [root@localhost opt]# systemctl start logstash
开启防火墙端口
[root@localhost opt]# firewall-cmd --zone='public' --add-port=80/tcp --add-port=81/tcp --permanent success [root@localhost opt]# firewall-cmd --reload success
客户端修改hosts文件,增加elk.demo解析为服务器IP的记录。
访问 http://elk.demo ,输入之前创建的admin账号和密码,
访问http://elk.demo:81/?pretty
安装完成,慢慢学习吧,感觉这个系统玩起来老复杂了。
