极客时间运维进阶训练营第五周作业

文档

https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-guides.html

vim /etc/sysctl.conf

vm.max_map_count=262144

vim /etc/hosts

192.168.253.137 elasticsearch1192.168.253.138 elasticsearch2192.168.253.139 elasticsearch3

vim /etc/security/limits.conf

root             soft    core            unlimitedroot             hard    core            unlimitedroot             soft    nproc           1000000root             hard    nproc           1000000root             soft    nofile          1000000root             hard    nofile          1000000root             soft    memlock         32000root             hard    memlock         32000root             soft    msgqueue        8192000root             hard    msgqueue        8192000
*                soft    core            unlimited*                hard    core            unlimited*                soft    nproc           1000000*                hard    nproc           1000000*                soft    nofile          1000000*                hard    nofile          1000000*                soft    memlock         32000*                hard    memlock         32000*                soft    msgqueue        8192000*                hard    msgqueue        8192000

groupadd -g 2888 elasticsearch && useradd -u 2888 -g 2888 -r -m -s /bin/bash elasticsearch

passwd elasticsearch

mkdir /data/esdata /data/eslogs /apps -pv

chown elasticsearch:elasticsearch /data /apps/ -R

chown -R elasticsearch:elasticsearch /data /apps/

reboot

cd /appsll

tar xvf elasticsearch-8.5.1-linux-x86_64.tar.gz

ln -sv /apps/elasticsearch-8.5.1 /apps/elasticsearch

cd /apps/elasticsearch

chown -R elasticsearch:elasticsearch /apps/

ll

su - elasticsearch

ll

cd /apps/elasticsearch

ll

vim config/elasticsearch.yml

vim instances.yml

instances:

/- name: "elasticsearch1"

​ ip: - "192.168.253.137"

/- name: "elasticsearch2"

​ ip: - "192.168.253.138"

/- name: "elasticsearch3"

​ ip: - "192.168.253.139"

pwd

ls

ls bin/

elasticsearch@elasticsearch1:/apps/elasticsearch$ ./bin/elasticsearch-certutil --helpSimplifies certificate creation for use with the Elastic Stack

Commands

csr - generate certificate signing requestscert - generate X.509 certificates and keysca - generate a new local certificate authorityhttp - generate a new certificate (or certificate request) for the Elasticsearch HTTP interface

Non-option arguments:command

Option Description

-E Configure a setting-h, --help Show help-s, --silent Show minimal output-v, --verbose Show verbose output

生成本地证书颁发机构

bin/elasticsearch-certutil ca

elastic-stack-ca.p12 will be generated

生成证书、密钥

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

elastic-certificates.p12 will generated

签发 elasticsearch 集群主机证书

bin/elasticsearch-certutil cert --silent --in instances.yml --out certs.zip --pass--ca elastic-stack-ca.p12

ll

certs.zip will be generated

证书分发：

unzip certs.zip

mkdir config/certs

ll elasticsearch1

cp elasticsearch1/elasticsearch1.p12 config/certs/

ll config/

ll config/certs/

scp elasticsearch2/elasticsearch2.p12 192.168.253.138:/apps/elasticsearch/config/certs/

ll config/certs

scp elasticsearch3/elasticsearch3.p12 192.168.253.139:/apps/elasticsearch/config/certs/

ll config/certs

pwd

ls

./bin/elasticsearch-keystore create

file /apps/elasticsearch/config/elasticsearch.keystore

bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password

./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

scp /apps/elasticsearch/config/elasticsearch.keystore 192.168.253.138:/apps/elasticsearch/config/elasticsearch.keystore

scp /apps/elasticsearch/config/elasticsearch.keystore 192.168.253.139:/apps/elasticsearch/config/elasticsearch.keystore

vim config/elasticsearch.yml

cluster.name: es-cluster1

node.name: es-node-1

node.name: es-node-2

node.name: es-node-3

elasticsearch@elasticsearch1:/apps/elasticsearch$ ll /data/esdata/ -ddrwxr-xr-x 2 elasticsearch elasticsearch 4096 Nov 23 21:46 /data/esdata/

vim config/elasticsearch.yml

path.data: /data/esdata/

path.logs: /data/eslogs/

#bootstrap.memory_lock: true

vim config/jvm.options

`## -Xms4g

`## -Xmx4g

network.host: 0.0.0.0

http.port: 9200

discovery.seed_hosts: ["192.168.253.137","192.168.253.138","192.168.253.139"]

cluster.initial_master_nodes: ["192.168.253.137", "192.168.253.138", "192.168.253.139"]

action.destructive_requires_name: true

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.keystore.path: /apps/elasticsearch/config/certs/elasticsearch1.p12

xpack.security.transport.ssl.truststore.path: /apps/elasticsearch/config/certs/elasticsearch1.p12

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.keystore.path: /apps/elasticsearch/config/certs/elasticsearch2.p12

xpack.security.transport.ssl.truststore.path: /apps/elasticsearch/config/certs/elasticsearch2.p12

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.keystore.path: /apps/elasticsearch/config/certs/elasticsearch3.p12

xpack.security.transport.ssl.truststore.path: /apps/elasticsearch/config/certs/elasticsearch3.p12

vim /lib/systemd/system/elasticsearch.service

cat /lib/systemd/system/elasticsearch.service

systemctl daemon-reload && systemctl start elasticsearch.service && systemctl enable elasticsearch.service

Log Path

tail -f /data/eslogs/es-cluster1.log

ps -es | grep elasticsearch

ps -es | grep java

/apps#: ll

su - elasticsearch

cd /apps

bin/elasticsearch-setup-passwords interactive

./bin/elasticsearch-users useradd miscellchen -p-r superuser

curl -u miscellchen:http://192.168.253.137:9200

ss -tnl

elasticsearch.yml --> note.roles

了解 Elasticsearch API 的简单使用，安装 head 插件管理 ES 的数据

curl -u miscellchen:<password> -X GET http://192.168.253.137:9200/_cat
curl -u miscellchen:<password> -X GET http://192.168.253.137:9200/_cat/master?v
curl -u miscellchen:<password> -X GET http://192.168.253.137:9200/_cat/nodes?v
curl -u miscellchen:<password> -X GET http://192.168.253.137:9200/_cat/health?v
curl -u miscellchen:<password> -X PUT http://192.168.253.137:9200/test_index?pretty
curl -u miscellchen:<password> -X GET http://192.168.253.137:9200/test_index?pretty
curl -u miscellchen:<password> -X POST "http://192.168.253.137:9200/test_index/_doc/1?pretty" -H 'Content-Type: application/json' -d '{"name": "Miscell", "age": 19}'
curl -u miscellchen:<password> -X GET "http://192.168.253.137:9200/test_index/_doc/1?pretty"
curl -u miscellchen:<password> -X PUT http://192.168.253.137:9200/test_index/_settings -H 'content-Type:application/json' -d '{"number_of_replicas": 2}'
curl -u miscellchen:<password> -X GET http://192.168.253.137:9200/test_index/_settings?pretty
curl -u miscellchen:<password> -X POST http://192.168.253.137:9200/test_index/_close?pretty
curl -u miscellchen:<password> -X POST http://192.168.253.137:9200/test_index/_open?pretty
curl -u miscellchen:<password> -X DELETE http://192.168.253.137:9200/test_index/?pretty
curl -u miscellchen:<password> -X PUT http://192.168.253.137:9200/_cluster/settings?pretty -H 'Content-Type: application/json' -d '{        "persistent" : {                "cluster.max_shards_per_node" : "1000000"        }}'


curl -u miscellchen:<password> -X PUT http://192.168.253.137:9200/_cluster/settings?pretty -H 'Content-Type: application/json' -d '{        "persistent" : {                "cluster.routing.allocation.disk.watermark.low" : "95%",                "cluster.routing.allocation.disk.watermark.high" : "95%"         }}'

安装 Logstash 收集不同类型的系统日志并写入到 ES 的不同 index

安装命令

dpkg -i logstash-8.5.1-amd64.deb

修改配置

vim /lib/systemd/system/logstash.service

User=root:

Group=root

systemctl daemon-reload

/usr/share/logstash/bin/logstash -e 'input { stdin{} } output { stdout{ codec => rubydebug }}'

/etc/logstash/conf.d/

https://www.elastic.co/guide/en/logstash/current/plugins-outputs-elasticsearch.html

配置文件

vim /etc/logstash/conf.d/syslog-to-elasticsearch.conf

input {	file {	  path => "/var/log/syslog"	  type => "systemlog"	  start_position => "beginning"	  stat_interval => "1"	}}
output {	if[type] == "systemlog"{		elasticsearch {			hosts => ["192.168.253.137:9200"]			index => "logstash-testing-%{+YYYY.MM.dd}"			user => "miscellchen"			password => "<password>"		}	}}

/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/syslog-to-elasticsearch.conf

systemctl restart logstash.service

安装 Kibana、查看 ES 集群的数据

配置文件/etc/kibana/kibana.ymlserver.port: 5601elasticsearch.hosts: ["http://172.31.2.102:9200"]elasticsearch.username: "kibana_system"elasticsearch.password: "magedu123"#i18n.locale: "zh-CN"

systemctl restart kibana.servicesystemctl enable kibana.servicess -tnltail -f /var/log/kibana/kibana.log