0、昨日內(nèi)容回顧:

• filebeat多實(shí)例

• logstash的多實(shí)例

• logstash的分支語法

• logstash的pipeline

• logstash的filter插件之mutate,useragent

• ELFK架構(gòu)采集日志寫入ES集群，并使用kibana出圖展示

  • map
  • 可視化庫
  • dashboard

• filebeat的模塊使用

1、基于nginx的反向代理控制訪問kibana

(1)部署nginx服務(wù)
略，參考之前的筆記即可。

(2)編寫nginx的配置文件

cat > /etc/nginx/conf.d/kibana.conf <<'EOF'
server {listen 80;server_name kibana.oldboyedu.com;location / {proxy_pass http://10.0.0.103:5601$request_uri;auth_basic "oldboyedu kibana web!";auth_basic_user_file conf/htpasswd;}
}
EOF

(3)創(chuàng)建賬號文件

mkdir -pv /etc/nginx/conf
yum -y install httpd-tools
htpasswd -c -b /etc/nginx/conf/htpasswd admin oldboyedu

(4)啟動nginx服務(wù)

nginx -t
systemctl reload nginx

(5)訪問nginx驗(yàn)證kibana訪問

如下圖所示。

2、配置ES集群TSL認(rèn)證:

(1)elk101節(jié)點(diǎn)生成證書文件

cd /oldboyedu/softwares/es7/elasticsearch-7.17.5/
./bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass ""  --days 3650

(2)elk101節(jié)點(diǎn)為證書文件修改屬主和屬組

chown oldboyedu:oldboyedu config/elastic-certificates.p12 

(3)elk101節(jié)點(diǎn)同步證書文件到其他節(jié)點(diǎn)

data_rsync.sh `pwd`/config/elastic-certificates.p12 

(4)elk101節(jié)點(diǎn)修改ES集群的配置文件

vim /oldboyedu/softwares/es7/elasticsearch-7.17.5/config/elasticsearch.yml 
...
cluster.name: oldboyedu-linux85-binary
path.data: /oldboyedu/data/es7
path.logs: /oldboyedu/logs/es7
network.host: 0.0.0.0
discovery.seed_hosts: ["elk101.oldboyedu.com","elk102.oldboyedu.com","elk103.oldboyedu.com"]
cluster.initial_master_nodes: ["elk103.oldboyedu.com"]
reindex.remote.whitelist: "10.0.0.*:19200"
node.data: true
node.master: true# 在最后一行添加以下內(nèi)容xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

(5)elk101節(jié)點(diǎn)同步ES配置文件到其他節(jié)點(diǎn)

data_rsync.sh `pwd`/config/elasticsearch.yml 

(6)所有節(jié)點(diǎn)重啟ES集群

systemctl restart es7

(7)生成隨機(jī)密碼

[root@elk101.oldboyedu.com elasticsearch-7.17.5]# ./bin/elasticsearch-setup-passwords auto
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
Future versions of Elasticsearch will require Java 11; your Java version from [/oldboyedu/softwares/jdk1.8.0_291/jre] does not meet this requirement. Consider switching to a distribution of Elasticsearch with a bundled JDK. If you are already using a distribution with a bundled JDK, ensure the JAVA_HOME environment variable is not set.
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]yChanged password for user apm_system
PASSWORD apm_system = by9j4WkXTocxc7Gl7l8SChanged password for user kibana_system
PASSWORD kibana_system = t0HSSsrBPACFTDxor4IxChanged password for user kibana
PASSWORD kibana = t0HSSsrBPACFTDxor4IxChanged password for user logstash_system
PASSWORD logstash_system = JUXrlCfaMa74seZJnhw4Changed password for user beats_system
PASSWORD beats_system = 2V39PZkHNGIymaVaDFx0Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = UZplScGKm6zAmMCO9JmgChanged password for user elastic
PASSWORD elastic = e31LGPoUxik7fnitQidO

(8)postman訪問

3、配置kibana連接ES集群

(1)修改kibana的配置文件

[root@elk103.oldboyedu.com elasticsearch-7.17.5]# yy /etc/kibana/kibana.yml 
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://10.0.0.101:9200","http://10.0.0.102:9200","http://10.0.0.103:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "VxFV4WjsHyxsA3CH2LQT"
i18n.locale: "zh-CN"
[root@elk103.oldboyedu.com elasticsearch-7.17.5]# 

(2)重啟kibana

[root@elk103.oldboyedu.com elasticsearch-7.17.5]# systemctl restart kibana

(3)使用elastic用戶登錄并修改密碼

4、配置filebeat連接ES集群

(1)修改配置文件

[root@elk103.oldboyedu.com filebeat-7.17.5-linux-x86_64]# cat config/24-log-to-es_tls.yaml 
filebeat.inputs:
- type: logpaths:- /tmp/oldboyedu-linux85/test.log output.elasticsearch:hosts: ["http://10.0.0.101:9200","http://10.0.0.102:9200","http://10.0.0.103:9200"] username: "elastic"password: "yinzhengjie"index: "oldboyedu-jiaoshi07-test"setup.ilm.enabled: false
setup.template.name: "oldboyedu-jiaoshi07"
setup.template.pattern: "oldboyedu-jiaoshi07-*"
setup.template.overwrite: true
setup.template.settings:index.number_of_shards: 3index.number_of_replicas: 0

(2)啟動filebeat實(shí)例

[root@elk103.oldboyedu.com filebeat-7.17.5-linux-x86_64]# filebeat -e -c config/24-log-to-es_tls.yaml

5、配置logstash連接ES集群

(1)編寫配置文件

[root@elk101.oldboyedu.com ~]# cat config/16-file-to-es_tsl.conf
input { file {
# 指定本地文件的路徑path => "/tmp/oldboyedu-linux85-file"
# 指定讀取文件的起始位置，但前提是該文件之前未讀取過或者未在".sincedb"文件中記錄。
start_position => "beginning"}
} output { # stdout {} elasticsearch {hosts => ["http://localhost:9200"]index => "oldboyedu-linux85-logstash-file"user => "elastic"password => "yinzhengjie"}
}
[root@elk101.oldboyedu.com ~]# 
[root@elk101.oldboyedu.com ~]# 

(2)啟動logstash實(shí)例

[root@elk101.oldboyedu.com ~]# logstash -rf config/16-file-to-es_tsl.conf

查看logstash采集文件的偏移量路徑。

ls -la /oldboyedu/softwares/logstash-7.17.5/data/plugins/inputs/file/

6、自定義角色使用logstash組件寫入數(shù)據(jù)到ES集群

[root@elk101.oldboyedu.com ~]# cat config/16-file-to-es_tsl.conf 
input { file {# 指定本地文件的路徑path => "/tmp/oldboyedu-linux85-file"# 指定讀取文件的起始位置，但前提是該文件之前未讀取過或者未在".sincedb"文件中記錄。start_position => "beginning"}
} output { # stdout {} elasticsearch {hosts => ["http://localhost:9200"]#index => "oldboyedu-linux85-logstash-file"index => "oldboyedu-linux85-logstash-demo"user => "jiaoshi07-logstash"password => "123456"}
}
[root@elk101.oldboyedu.com ~]# 

7、部署zookeeper單點(diǎn)

(1)下載zookeeper軟件

https://zookeeper.apache.org/releases.html[root@elk101.oldboyedu.com ~]# wget http://192.168.15.253/ElasticStack/day07-/softwares/apache-zookeeper-3.8.0-bin.tar.gz

(2)解壓軟件包

[root@elk101.oldboyedu.com ~]# tar xf apache-zookeeper-3.8.0-bin.tar.gz -C /oldboyedu/softwares/

(3)創(chuàng)建符號連接

[root@elk101.oldboyedu.com ~]# cd /oldboyedu/softwares/ && ln -sv apache-zookeeper-3.8.0-bin zk

(4)聲明zk的環(huán)境變量

[root@elk101.oldboyedu.com softwares]# cat > /etc/profile.d/kafka.sh <<'EOF'  
#!/bin/bashexport ZK_HOME=/oldboyedu/softwares/zk
export PATH=$PATH:$ZK_HOME/bin
EOF
source /etc/profile.d/kafka.sh

(5)創(chuàng)建zk的配置文件

[root@elk101.oldboyedu.com ~]# cp /oldboyedu/softwares/zk/conf/{zoo_sample.cfg,zoo.cfg}

(6)啟動zk節(jié)點(diǎn)

[root@elk101.oldboyedu.com ~]# zkServer.sh start 
[root@elk101.oldboyedu.com ~]# zkServer.sh status  # 查看zk服務(wù)的狀態(tài)信息
[root@elk101.oldboyedu.com ~]# zkServer.sh stop
[root@elk101.oldboyedu.com ~]# zkServer.sh restart

(7)連接ZK節(jié)點(diǎn)

[root@elk101.oldboyedu.com ~]# zkCli.sh 

8、zookeeper的命令行基本管理

# 查看
ls /  # 查看根(/)下有多少子zookeeper node，簡稱"znode"。	
get /oldboyedu-linux85/jiaoshi07   # 查看"/oldboyedu-linux85/jiaoshi07"的數(shù)據(jù)。# 創(chuàng)建
create /oldboyedu-linux85  # 在根路徑下創(chuàng)建一個(gè)名為"oldboyedu-linux85"的"znode"。
create /oldboyedu-linux85/jiaoshi07 123 # 在"/oldboyedu-linux85/"znode下創(chuàng)建一個(gè)名為"jiaoshi07"的子znode，并指定該znode數(shù)據(jù)為"123"。
create -s /oldboyedu-linux85/jiaoshi07/liwenxuan 88888 # 創(chuàng)建一個(gè)前綴為"/oldboyedu-linux85/jiaoshi07/liwenxuan"有序編號的znode，數(shù)據(jù)為88888
create -s -e /oldboyedu-linux85/linux85/test # 創(chuàng)建一個(gè)名為"/oldboyedu-linux85/linux85/test"的臨時(shí)znode。當(dāng)前會話結(jié)束，臨時(shí)znode會自動刪除。# 修改
set /oldboyedu-linux85/jiaoshi07 456 # 將"/oldboyedu-linux85/jiaoshi07 "的znode數(shù)據(jù)修改為456.# 刪除
delete /oldboyedu-linux85/test02 # 刪除名為"/oldboyedu-linux85/test02"的znode，但該znode不能有子znode。即必須為空。
deleteall /oldboyedu-linux85/jiaoshi07 # 遞歸刪除"/oldboyedu-linux85/jiaoshi07"下的所有znode。

9、zookeeper集群部署

(1)創(chuàng)建zk的數(shù)據(jù)目錄

[root@elk101.oldboyedu.com ~]# install -d /oldboyedu/data/zk

(2)修改單點(diǎn)zk的配置文件

[root@elk101.oldboyedu.com ~]# vim /oldboyedu/softwares/zk/conf/zoo.cfg                          
...
# 定義最小單元的時(shí)間范圍tick。
tickTime=2000
# 啟動時(shí)最長等待tick數(shù)量。
initLimit=5
# 數(shù)據(jù)同步時(shí)最長等待的tick時(shí)間進(jìn)行響應(yīng)ACK
syncLimit=2
# 指定數(shù)據(jù)目錄
dataDir=/oldboyedu/data/zk
# 監(jiān)聽端口
clientPort=2181
# 開啟四字命令允許所有的節(jié)點(diǎn)訪問。
4lw.commands.whitelist=*
# server.ID=A:B:C[:D]
# ID:
#    zk的唯一編號。
# A:
#    zk的主機(jī)地址。
# B:
#    leader的選舉端口，是誰leader角色，就會監(jiān)聽該端口。
# C: 
#    數(shù)據(jù)通信端口。
# D:
#    可選配置，指定角色。
server.101=10.0.0.101:2888:3888
server.102=10.0.0.102:2888:3888
server.103=10.0.0.103:2888:3888

(3)同步數(shù)據(jù)即可

[root@elk101.oldboyedu.com ~]# data_rsync.sh /oldboyedu/softwares/zk/
[root@elk101.oldboyedu.com ~]# data_rsync.sh /oldboyedu/softwares/apache-zookeeper-3.8.0-bin/
[root@elk101.oldboyedu.com ~]# data_rsync.sh /oldboyedu/data/zk/
[root@elk101.oldboyedu.com ~]# data_rsync.sh /etc/profile.d/kafka.sh 	

(4)創(chuàng)建myid文件

[root@elk101.oldboyedu.com ~]# for ((host_id=101;host_id<=103;host_id++)) do ssh 10.0.0.${host_id} "echo ${host_id} > /oldboyedu/data/zk/myid";done

(5)所有節(jié)點(diǎn)啟動zk服務(wù)

[root@elk101.oldboyedu.com ~]# zkServer.sh start[root@elk102.oldboyedu.com ~]# source /etc/profile.d/kafka.sh 
[root@elk102.oldboyedu.com ~]# zkServer.sh start[root@elk103.oldboyedu.com ~]# source /etc/profile.d/kafka.sh 
[root@elk103.oldboyedu.com ~]# zkServer.sh start

(6)查看zk的角色狀態(tài)

[root@elk101.oldboyedu.com ~]# zkServer.sh status

leader選舉流程圖解

10、編寫zk的集群管理腳本

[root@elk101.oldboyedu.com ~]# cat /usr/local/sbin/zkManager.sh
#!/bin/bash#判斷用戶是否傳參
if [ $# -ne 1 ];thenecho "無效參數(shù)，用法為: $0  {start|stop|restart|status}"exit
fi#獲取用戶輸入的命令
cmd=$1#定義函數(shù)功能
function zookeeperManger(){case $cmd instart)echo "啟動服務(wù)"        remoteExecution start;;stop)echo "停止服務(wù)"remoteExecution stop;;restart)echo "重啟服務(wù)"remoteExecution restart;;status)echo "查看狀態(tài)"remoteExecution status;;*)echo "無效參數(shù)，用法為: $0  {start|stop|restart|status}";;esac
}#定義執(zhí)行的命令
function remoteExecution(){for (( i=101 ; i<=103 ; i++ )) ; dotput setaf 2echo ========== 10.0.0.${i} zkServer.sh  $1 ================tput setaf 9ssh 10.0.0.${i}  "source /etc/profile.d/kafka.sh; zkServer.sh $1 2>/dev/null"done
}#調(diào)用函數(shù)
zookeeperManger[root@elk101.oldboyedu.com ~]# chmod +x /usr/local/sbin/zkManager.sh
[root@elk101.oldboyedu.com ~]# zkManager.sh start
[root@elk101.oldboyedu.com ~]# zkManager.sh staus

驗(yàn)證集群：

[root@elk103.oldboyedu.com ~]# zkCli.sh -server 10.0.0.101:2181,10.0.0.102:2181,10.0.0.103:2181

11、使用zkWeb管理zookeeper集群

(1)下載軟件包

[root@elk103.oldboyedu.com ~]# wget http://192.168.15.253/ElasticStack/day07-/softwares/zkWeb-v1.2.1.jar

(2)啟動zkweb

java -jar zkWeb-v1.2.1.jar 

12、快速搭建kafka單點(diǎn)環(huán)境

(1)下載kafka軟件包

[root@elk101.oldboyedu.com ~]# wget http://192.168.15.253/ElasticStack/day07-/softwares/kafka_2.13-3.2.1.tgz

(2)解壓軟件包

[root@elk101.oldboyedu.com ~]# tar xf kafka_2.13-3.2.1.tgz -C /oldboyedu/softwares/

(3)創(chuàng)建符號連接

[root@elk101.oldboyedu.com ~]# cd /oldboyedu/softwares/ && ln -svf kafka_2.13-3.2.1 kafka

(4)配置環(huán)境變量

[root@elk101.oldboyedu.com softwares]# cat /etc/profile.d/kafka.sh 
#!/bin/bashexport ZK_HOME=/oldboyedu/softwares/zk
export PATH=$PATH:$ZK_HOME/bin
export KAFKA_HOME=/oldboyedu/softwares/kafka
export PATH=$PATH:$KAFKA_HOME/bin[root@elk101.oldboyedu.com softwares]# source /etc/profile.d/kafka.sh 

(5)修改配置文件

[root@elk101.oldboyedu.com ~]# yy /oldboyedu/softwares/kafka/config/server.properties 
...
broker.id=101
zookeeper.connect=10.0.0.101:2181,10.0.0.102:2181,10.0.0.103:2181/oldboyedu-linux85-kafka321
[root@elk101.oldboyedu.com ~]# 

(6)啟動kafka單點(diǎn)

[root@elk101.oldboyedu.com softwares]# kafka-server-start.sh -daemon $KAFKA_HOME/config/server.properties 

(7)驗(yàn)證zookeeper的源數(shù)據(jù)信息

[root@elk101 softwares]# kafka-server-start.sh -daemon $KAFKA_HOME/config/server.properties
[root@elk101 softwares]# jps
4134 Jps
1134 Elasticsearch
1135 Elasticsearch
2815 QuorumPeerMain
[root@elk101 softwares]# cat /tmp/kafka-logs/meta.properties 
#
#Fri Jun 07 11:14:46 CST 2024
cluster.id=H2ceIpqTT1iUzb46e5jeKw
version=0
broker.id=101
[root@elk101 softwares]# jps
4156 Jps
1134 Elasticsearch
1135 Elasticsearch
2815 QuorumPeerMain
[root@elk101 softwares]# rm -rf /tmp/kafka-logs/
[root@elk101 softwares]# kafka-server-start.sh -daemon $KAFKA_HOME/config/server.properties

在zkWeb查看即可。

今日作業(yè)
(1)完成課堂的所有練習(xí)并整理思維導(dǎo)圖;
擴(kuò)展作業(yè):
(1)使用ansible一鍵部署zookeeper集群;