網(wǎng)站制作超鏈接怎么做淘寶代運(yùn)營靠譜嗎
Day07-ES集群加密,kibana的RBAC實(shí)戰(zhàn),zookeeper集群搭建,zookeeper基本管理及kafka單點(diǎn)部署實(shí)戰(zhàn)
- 0、昨日內(nèi)容回顧:
- 1、基于nginx的反向代理控制訪問kibana
- 2、配置ES集群TSL認(rèn)證:
- 3、配置kibana連接ES集群
- 4、配置filebeat連接ES集群
- 5、配置logstash連接ES集群
- 6、自定義角色使用logstash組件寫入數(shù)據(jù)到ES集群
- 7、部署zookeeper單點(diǎn)
- 8、zookeeper的命令行基本管理
- 9、zookeeper集群部署
- 10、編寫zk的集群管理腳本
- 11、使用zkWeb管理zookeeper集群
- 12、快速搭建kafka單點(diǎn)環(huán)境
0、昨日內(nèi)容回顧:
-
filebeat多實(shí)例
-
logstash的多實(shí)例
-
logstash的分支語法
-
logstash的pipeline
-
logstash的filter插件之mutate,useragent
-
ELFK架構(gòu)采集日志寫入ES集群,并使用kibana出圖展示
- map
- 可視化庫
- dashboard
-
filebeat的模塊使用
1、基于nginx的反向代理控制訪問kibana
(1)部署nginx服務(wù)
略,參考之前的筆記即可。
(2)編寫nginx的配置文件
cat > /etc/nginx/conf.d/kibana.conf <<'EOF'
server {listen 80;server_name kibana.oldboyedu.com;location / {proxy_pass http://10.0.0.103:5601$request_uri;auth_basic "oldboyedu kibana web!";auth_basic_user_file conf/htpasswd;}
}
EOF
(3)創(chuàng)建賬號文件
mkdir -pv /etc/nginx/conf
yum -y install httpd-tools
htpasswd -c -b /etc/nginx/conf/htpasswd admin oldboyedu
(4)啟動nginx服務(wù)
nginx -t
systemctl reload nginx
(5)訪問nginx驗(yàn)證kibana訪問
如下圖所示。
2、配置ES集群TSL認(rèn)證:
(1)elk101節(jié)點(diǎn)生成證書文件
cd /oldboyedu/softwares/es7/elasticsearch-7.17.5/
./bin/elasticsearch-certutil cert -out config/elastic-certificates.p12 -pass "" --days 3650
(2)elk101節(jié)點(diǎn)為證書文件修改屬主和屬組
chown oldboyedu:oldboyedu config/elastic-certificates.p12
(3)elk101節(jié)點(diǎn)同步證書文件到其他節(jié)點(diǎn)
data_rsync.sh `pwd`/config/elastic-certificates.p12
(4)elk101節(jié)點(diǎn)修改ES集群的配置文件
vim /oldboyedu/softwares/es7/elasticsearch-7.17.5/config/elasticsearch.yml
...
cluster.name: oldboyedu-linux85-binary
path.data: /oldboyedu/data/es7
path.logs: /oldboyedu/logs/es7
network.host: 0.0.0.0
discovery.seed_hosts: ["elk101.oldboyedu.com","elk102.oldboyedu.com","elk103.oldboyedu.com"]
cluster.initial_master_nodes: ["elk103.oldboyedu.com"]
reindex.remote.whitelist: "10.0.0.*:19200"
node.data: true
node.master: true# 在最后一行添加以下內(nèi)容xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
(5)elk101節(jié)點(diǎn)同步ES配置文件到其他節(jié)點(diǎn)
data_rsync.sh `pwd`/config/elasticsearch.yml
(6)所有節(jié)點(diǎn)重啟ES集群
systemctl restart es7
(7)生成隨機(jī)密碼
[root@elk101.oldboyedu.com elasticsearch-7.17.5]# ./bin/elasticsearch-setup-passwords auto
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
Future versions of Elasticsearch will require Java 11; your Java version from [/oldboyedu/softwares/jdk1.8.0_291/jre] does not meet this requirement. Consider switching to a distribution of Elasticsearch with a bundled JDK. If you are already using a distribution with a bundled JDK, ensure the JAVA_HOME environment variable is not set.
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
The passwords will be randomly generated and printed to the console.
Please confirm that you would like to continue [y/N]yChanged password for user apm_system
PASSWORD apm_system = by9j4WkXTocxc7Gl7l8SChanged password for user kibana_system
PASSWORD kibana_system = t0HSSsrBPACFTDxor4IxChanged password for user kibana
PASSWORD kibana = t0HSSsrBPACFTDxor4IxChanged password for user logstash_system
PASSWORD logstash_system = JUXrlCfaMa74seZJnhw4Changed password for user beats_system
PASSWORD beats_system = 2V39PZkHNGIymaVaDFx0Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = UZplScGKm6zAmMCO9JmgChanged password for user elastic
PASSWORD elastic = e31LGPoUxik7fnitQidO
(8)postman訪問
3、配置kibana連接ES集群
(1)修改kibana的配置文件
[root@elk103.oldboyedu.com elasticsearch-7.17.5]# yy /etc/kibana/kibana.yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://10.0.0.101:9200","http://10.0.0.102:9200","http://10.0.0.103:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "VxFV4WjsHyxsA3CH2LQT"
i18n.locale: "zh-CN"
[root@elk103.oldboyedu.com elasticsearch-7.17.5]#
(2)重啟kibana
[root@elk103.oldboyedu.com elasticsearch-7.17.5]# systemctl restart kibana
(3)使用elastic用戶登錄并修改密碼
4、配置filebeat連接ES集群
(1)修改配置文件
[root@elk103.oldboyedu.com filebeat-7.17.5-linux-x86_64]# cat config/24-log-to-es_tls.yaml
filebeat.inputs:
- type: logpaths:- /tmp/oldboyedu-linux85/test.log output.elasticsearch:hosts: ["http://10.0.0.101:9200","http://10.0.0.102:9200","http://10.0.0.103:9200"] username: "elastic"password: "yinzhengjie"index: "oldboyedu-jiaoshi07-test"setup.ilm.enabled: false
setup.template.name: "oldboyedu-jiaoshi07"
setup.template.pattern: "oldboyedu-jiaoshi07-*"
setup.template.overwrite: true
setup.template.settings:index.number_of_shards: 3index.number_of_replicas: 0
(2)啟動filebeat實(shí)例
[root@elk103.oldboyedu.com filebeat-7.17.5-linux-x86_64]# filebeat -e -c config/24-log-to-es_tls.yaml
5、配置logstash連接ES集群
(1)編寫配置文件
[root@elk101.oldboyedu.com ~]# cat config/16-file-to-es_tsl.conf
input { file {
# 指定本地文件的路徑path => "/tmp/oldboyedu-linux85-file"
# 指定讀取文件的起始位置,但前提是該文件之前未讀取過或者未在".sincedb"文件中記錄。
start_position => "beginning"}
} output { # stdout {} elasticsearch {hosts => ["http://localhost:9200"]index => "oldboyedu-linux85-logstash-file"user => "elastic"password => "yinzhengjie"}
}
[root@elk101.oldboyedu.com ~]#
[root@elk101.oldboyedu.com ~]#
(2)啟動logstash實(shí)例
[root@elk101.oldboyedu.com ~]# logstash -rf config/16-file-to-es_tsl.conf
查看logstash采集文件的偏移量路徑。
ls -la /oldboyedu/softwares/logstash-7.17.5/data/plugins/inputs/file/
6、自定義角色使用logstash組件寫入數(shù)據(jù)到ES集群
[root@elk101.oldboyedu.com ~]# cat config/16-file-to-es_tsl.conf
input { file {# 指定本地文件的路徑path => "/tmp/oldboyedu-linux85-file"# 指定讀取文件的起始位置,但前提是該文件之前未讀取過或者未在".sincedb"文件中記錄。start_position => "beginning"}
} output { # stdout {} elasticsearch {hosts => ["http://localhost:9200"]#index => "oldboyedu-linux85-logstash-file"index => "oldboyedu-linux85-logstash-demo"user => "jiaoshi07-logstash"password => "123456"}
}
[root@elk101.oldboyedu.com ~]#
7、部署zookeeper單點(diǎn)
(1)下載zookeeper軟件
https://zookeeper.apache.org/releases.html[root@elk101.oldboyedu.com ~]# wget http://192.168.15.253/ElasticStack/day07-/softwares/apache-zookeeper-3.8.0-bin.tar.gz
(2)解壓軟件包
[root@elk101.oldboyedu.com ~]# tar xf apache-zookeeper-3.8.0-bin.tar.gz -C /oldboyedu/softwares/
(3)創(chuàng)建符號連接
[root@elk101.oldboyedu.com ~]# cd /oldboyedu/softwares/ && ln -sv apache-zookeeper-3.8.0-bin zk
(4)聲明zk的環(huán)境變量
[root@elk101.oldboyedu.com softwares]# cat > /etc/profile.d/kafka.sh <<'EOF'
#!/bin/bashexport ZK_HOME=/oldboyedu/softwares/zk
export PATH=$PATH:$ZK_HOME/bin
EOF
source /etc/profile.d/kafka.sh
(5)創(chuàng)建zk的配置文件
[root@elk101.oldboyedu.com ~]# cp /oldboyedu/softwares/zk/conf/{zoo_sample.cfg,zoo.cfg}
(6)啟動zk節(jié)點(diǎn)
[root@elk101.oldboyedu.com ~]# zkServer.sh start
[root@elk101.oldboyedu.com ~]# zkServer.sh status # 查看zk服務(wù)的狀態(tài)信息
[root@elk101.oldboyedu.com ~]# zkServer.sh stop
[root@elk101.oldboyedu.com ~]# zkServer.sh restart
(7)連接ZK節(jié)點(diǎn)
[root@elk101.oldboyedu.com ~]# zkCli.sh
8、zookeeper的命令行基本管理
# 查看
ls / # 查看根(/)下有多少子zookeeper node,簡稱"znode"。
get /oldboyedu-linux85/jiaoshi07 # 查看"/oldboyedu-linux85/jiaoshi07"的數(shù)據(jù)。# 創(chuàng)建
create /oldboyedu-linux85 # 在根路徑下創(chuàng)建一個(gè)名為"oldboyedu-linux85"的"znode"。
create /oldboyedu-linux85/jiaoshi07 123 # 在"/oldboyedu-linux85/"znode下創(chuàng)建一個(gè)名為"jiaoshi07"的子znode,并指定該znode數(shù)據(jù)為"123"。
create -s /oldboyedu-linux85/jiaoshi07/liwenxuan 88888 # 創(chuàng)建一個(gè)前綴為"/oldboyedu-linux85/jiaoshi07/liwenxuan"有序編號的znode,數(shù)據(jù)為88888
create -s -e /oldboyedu-linux85/linux85/test # 創(chuàng)建一個(gè)名為"/oldboyedu-linux85/linux85/test"的臨時(shí)znode。當(dāng)前會話結(jié)束,臨時(shí)znode會自動刪除。# 修改
set /oldboyedu-linux85/jiaoshi07 456 # 將"/oldboyedu-linux85/jiaoshi07 "的znode數(shù)據(jù)修改為456.# 刪除
delete /oldboyedu-linux85/test02 # 刪除名為"/oldboyedu-linux85/test02"的znode,但該znode不能有子znode。即必須為空。
deleteall /oldboyedu-linux85/jiaoshi07 # 遞歸刪除"/oldboyedu-linux85/jiaoshi07"下的所有znode。
9、zookeeper集群部署
(1)創(chuàng)建zk的數(shù)據(jù)目錄
[root@elk101.oldboyedu.com ~]# install -d /oldboyedu/data/zk
(2)修改單點(diǎn)zk的配置文件
[root@elk101.oldboyedu.com ~]# vim /oldboyedu/softwares/zk/conf/zoo.cfg
...
# 定義最小單元的時(shí)間范圍tick。
tickTime=2000
# 啟動時(shí)最長等待tick數(shù)量。
initLimit=5
# 數(shù)據(jù)同步時(shí)最長等待的tick時(shí)間進(jìn)行響應(yīng)ACK
syncLimit=2
# 指定數(shù)據(jù)目錄
dataDir=/oldboyedu/data/zk
# 監(jiān)聽端口
clientPort=2181
# 開啟四字命令允許所有的節(jié)點(diǎn)訪問。
4lw.commands.whitelist=*
# server.ID=A:B:C[:D]
# ID:
# zk的唯一編號。
# A:
# zk的主機(jī)地址。
# B:
# leader的選舉端口,是誰leader角色,就會監(jiān)聽該端口。
# C:
# 數(shù)據(jù)通信端口。
# D:
# 可選配置,指定角色。
server.101=10.0.0.101:2888:3888
server.102=10.0.0.102:2888:3888
server.103=10.0.0.103:2888:3888
(3)同步數(shù)據(jù)即可
[root@elk101.oldboyedu.com ~]# data_rsync.sh /oldboyedu/softwares/zk/
[root@elk101.oldboyedu.com ~]# data_rsync.sh /oldboyedu/softwares/apache-zookeeper-3.8.0-bin/
[root@elk101.oldboyedu.com ~]# data_rsync.sh /oldboyedu/data/zk/
[root@elk101.oldboyedu.com ~]# data_rsync.sh /etc/profile.d/kafka.sh
(4)創(chuàng)建myid文件
[root@elk101.oldboyedu.com ~]# for ((host_id=101;host_id<=103;host_id++)) do ssh 10.0.0.${host_id} "echo ${host_id} > /oldboyedu/data/zk/myid";done
(5)所有節(jié)點(diǎn)啟動zk服務(wù)
[root@elk101.oldboyedu.com ~]# zkServer.sh start[root@elk102.oldboyedu.com ~]# source /etc/profile.d/kafka.sh
[root@elk102.oldboyedu.com ~]# zkServer.sh start[root@elk103.oldboyedu.com ~]# source /etc/profile.d/kafka.sh
[root@elk103.oldboyedu.com ~]# zkServer.sh start
(6)查看zk的角色狀態(tài)
[root@elk101.oldboyedu.com ~]# zkServer.sh status
leader選舉流程圖解
10、編寫zk的集群管理腳本
[root@elk101.oldboyedu.com ~]# cat /usr/local/sbin/zkManager.sh
#!/bin/bash#判斷用戶是否傳參
if [ $# -ne 1 ];thenecho "無效參數(shù),用法為: $0 {start|stop|restart|status}"exit
fi#獲取用戶輸入的命令
cmd=$1#定義函數(shù)功能
function zookeeperManger(){case $cmd instart)echo "啟動服務(wù)" remoteExecution start;;stop)echo "停止服務(wù)"remoteExecution stop;;restart)echo "重啟服務(wù)"remoteExecution restart;;status)echo "查看狀態(tài)"remoteExecution status;;*)echo "無效參數(shù),用法為: $0 {start|stop|restart|status}";;esac
}#定義執(zhí)行的命令
function remoteExecution(){for (( i=101 ; i<=103 ; i++ )) ; dotput setaf 2echo ========== 10.0.0.${i} zkServer.sh $1 ================tput setaf 9ssh 10.0.0.${i} "source /etc/profile.d/kafka.sh; zkServer.sh $1 2>/dev/null"done
}#調(diào)用函數(shù)
zookeeperManger[root@elk101.oldboyedu.com ~]# chmod +x /usr/local/sbin/zkManager.sh
[root@elk101.oldboyedu.com ~]# zkManager.sh start
[root@elk101.oldboyedu.com ~]# zkManager.sh staus
驗(yàn)證集群:
[root@elk103.oldboyedu.com ~]# zkCli.sh -server 10.0.0.101:2181,10.0.0.102:2181,10.0.0.103:2181
11、使用zkWeb管理zookeeper集群
(1)下載軟件包
[root@elk103.oldboyedu.com ~]# wget http://192.168.15.253/ElasticStack/day07-/softwares/zkWeb-v1.2.1.jar
(2)啟動zkweb
java -jar zkWeb-v1.2.1.jar
12、快速搭建kafka單點(diǎn)環(huán)境
(1)下載kafka軟件包
[root@elk101.oldboyedu.com ~]# wget http://192.168.15.253/ElasticStack/day07-/softwares/kafka_2.13-3.2.1.tgz
(2)解壓軟件包
[root@elk101.oldboyedu.com ~]# tar xf kafka_2.13-3.2.1.tgz -C /oldboyedu/softwares/
(3)創(chuàng)建符號連接
[root@elk101.oldboyedu.com ~]# cd /oldboyedu/softwares/ && ln -svf kafka_2.13-3.2.1 kafka
(4)配置環(huán)境變量
[root@elk101.oldboyedu.com softwares]# cat /etc/profile.d/kafka.sh
#!/bin/bashexport ZK_HOME=/oldboyedu/softwares/zk
export PATH=$PATH:$ZK_HOME/bin
export KAFKA_HOME=/oldboyedu/softwares/kafka
export PATH=$PATH:$KAFKA_HOME/bin[root@elk101.oldboyedu.com softwares]# source /etc/profile.d/kafka.sh
(5)修改配置文件
[root@elk101.oldboyedu.com ~]# yy /oldboyedu/softwares/kafka/config/server.properties
...
broker.id=101
zookeeper.connect=10.0.0.101:2181,10.0.0.102:2181,10.0.0.103:2181/oldboyedu-linux85-kafka321
[root@elk101.oldboyedu.com ~]#
(6)啟動kafka單點(diǎn)
[root@elk101.oldboyedu.com softwares]# kafka-server-start.sh -daemon $KAFKA_HOME/config/server.properties
(7)驗(yàn)證zookeeper的源數(shù)據(jù)信息
[root@elk101 softwares]# kafka-server-start.sh -daemon $KAFKA_HOME/config/server.properties
[root@elk101 softwares]# jps
4134 Jps
1134 Elasticsearch
1135 Elasticsearch
2815 QuorumPeerMain
[root@elk101 softwares]# cat /tmp/kafka-logs/meta.properties
#
#Fri Jun 07 11:14:46 CST 2024
cluster.id=H2ceIpqTT1iUzb46e5jeKw
version=0
broker.id=101
[root@elk101 softwares]# jps
4156 Jps
1134 Elasticsearch
1135 Elasticsearch
2815 QuorumPeerMain
[root@elk101 softwares]# rm -rf /tmp/kafka-logs/
[root@elk101 softwares]# kafka-server-start.sh -daemon $KAFKA_HOME/config/server.properties
在zkWeb查看即可。
今日作業(yè)
(1)完成課堂的所有練習(xí)并整理思維導(dǎo)圖;
擴(kuò)展作業(yè):
(1)使用ansible一鍵部署zookeeper集群;