零、规划

# 版本
OS          CentOS 7.2
ELK version    6.4
ELK Cluster    env-elk

主机名
IP
角色
备注
elk1
10.200.4.35
elasticsearch node1
elk2 10.200.4.36 elasticsearch node2  

elk3 10.200.4.37 kibaba\logstash\grafana   

elk4 10.200.4.38 zabbix-server


一、系统配置

sudo swapoff -a
(echo 0 > /proc/sys/vm/swappiness)

ulimit -n 65536

vi /etc/security/limits.conf 
# 结尾前添加
* soft nofile 65536
* hard nofile 655

hostnamectl set-hostname elkN
hostnamectl set-hostname elkN --static

echo -e "10.200.4.35\telk1" >> /etc/hosts 
echo -e "10.200.4.36\telk2" >> /etc/hosts 
echo -e "10.200.4.37\telk3" >> /etc/hosts 
echo -e "10.200.4.38\telk4" >> /etc/hosts

二、安装

1)安装JDK

rpm -ivh jdk-8u131-linux-x64.rpm

2)安装Elasticsearch

# 导入elastic PGP Key
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

# 配置软件源,根据要安装的版本修改
cat > /etc/yum.repos.d/elasticsearch.repo << EOF
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

# 安装配置开机自启
yum makecache
yum install elasticsearch -y
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable elasticsearch.service

# 使用额外的硬盘存储数据
mkdir /opt/elk-data
mkfs.xfs /dev/vdc

vi /etc/fstab 
/dev/vdc /opt/elk-data xfs defaults        0 0

mount -a
df -h
mkdir -p /opt/elk-data/data
mkdir -p /opt/elk-data/log

cd /opt/elk-data/
chown elasticsearch:elasticsearch data/
chown elasticsearch:elasticsearch log/

# 修改elasticsearch配置文件
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: env-elk
path.data: /opt/elk-data/data
path.logs: /opt/elk-data/log
network.host: 0.0.0.0
http.port: 9200
node.name: elk2  # 写本节点的主机名
discovery.zen.ping.unicast.hosts: ["elk1", "elk2"]

# 启动节点
systemctl start elasticsearch
systemctl status elasticsearch

curl -XGET 'localhost:9200/?pretty'

curl -XGET 'http://localhost:9200/_cluster/health?pretty'
{
  "cluster_name" : "env-elk",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 2,
  "number_of_data_nodes" : 2,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

ELK部署_第1张图片

3)安装Kibana

# 导入elastic PGP Key
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
# 配置软件源,根据要安装的版本修改
cat > /etc/yum.repos.d/kibana.repo << EOF 
[kibana-6.x]
name=Kibana repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

# 安装并配置开机自启
yum makecache && yum install kibana -y
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service

# vim /etc/kibana/kibana.yml 
server.port: 5601
server.host: "elk3"
elasticsearch.url: "

# 启动 
systemctl start kibana

http://10.200.4.37:5601

ELK部署_第2张图片

4)安装Logstash

yum install logstash -y
systemctl start logstash.service
systemctl enable logstash.service

### 暂时没用,先装上吧

5)安装Grafana

# 查看新的稳定版
http://docs.grafana.org/installation/rpm/

# 安装
wget https://s3-us-west-2.amazonaws.com/grafana-releases/release/grafana-5.3.1-1.x86_64.rpm 
sudo yum localinstall grafana-5.3.1-1.x86_64.rpm

sudo /bin/systemctl daemon-reload 
sudo /bin/systemctl enable grafana-server.service
sudo /bin/systemctl start grafana-server.service

# start的时候报错“Failed to verify pid directory" logger=server error="mkdir /var/run/grafana: permission denied”
# 解决:https://github.com/grafana/grafana/issues/4446 
#   mkdir /var/run/grafana/
#   chmod +777 /var/run/grafana/

# environment file位置
/etc/sysconfig/grafana-server

# sqlite3数据库位置
/var/lib/grafana/grafana.db

ELK部署_第3张图片