1. 硬件环境检查
在安装elk之前,必须对服务器的硬件环境进行全面检查,确保满足elk 7.17.10的最低要求。更多学习教程www.fgedu.net.cn
# free -h
total used free shared buff/cache available
Mem: 32G 2.1G 28G 8.5M 1.8G 29G
Swap: 16G 0B 16G
# 检查磁盘空间
# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 16G 0 16G 0% /dev
tmpfs 16G 0 16G 0% /dev/shm
tmpfs 16G 8.5M 16G 1% /run
tmpfs 16G 0 16G 0% /sys/fs/cgroup
/dev/sda1 50G 15G 36G 30% /
/dev/sdb1 500G 20G 480G 4% /data
# 检查CPU核心数
# nproc
8
# 检查系统架构
# uname -m
x86_64
2. 操作系统检查
elk 7.17.10支持RHEL 7.3+、RHEL 8.0+、RHEL 9.0+等操作系统。本文以RHEL 9为例。学习交流加群风哥微信: itpux-com
# cat /etc/redhat-release
Red Hat Enterprise Linux release 9.0 (Plow)
# 检查内核版本
# uname -r
5.14.0-70.22.1.el9_0.x86_64
# 检查SELinux状态
# getenforce
Disabled
# 关闭SELinux(如未关闭)
# vi /etc/selinux/config
SELINUX=disabled
# 检查防火墙状态
# systemctl status firewalld
# 开放elk相关端口
# firewall-cmd –permanent –add-port=9200/tcp
# firewall-cmd –permanent –add-port=9300/tcp
# firewall-cmd –permanent –add-port=5601/tcp
# firewall-cmd –reload
3. 安装准备
在安装elk之前,需要进行一系列准备工作,包括安装Java、配置系统参数等。
# dnf install -y java-11-openjdk-devel
# 检查Java版本
# java -version
openjdk version “11.0.16”
OpenJDK Runtime Environment (build 11.0.16+8)
OpenJDK 64-Bit Server VM (build 11.0.16+8, mixed mode)
# 安装必要的依赖
# dnf install -y wget tar
# 调整系统参数
# 修改系统限制
# vi /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
* soft nproc 4096
* hard nproc 4096
# 修改内核参数
# vi /etc/sysctl.conf
vm.max_map_count=262144
# 使内核参数生效
# sysctl -p
4. elk软件安装
现在开始安装elk 7.17.10软件,按照以下步骤进行。
4.1 安装Elasticsearch
# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.10-linux-x86_64.tar.gz
# 解压安装包
# tar -xzvf elasticsearch-7.17.10-linux-x86_64.tar.gz
# mv elasticsearch-7.17.10 /opt/elasticsearch
# 创建用户
# useradd elasticsearch
# chown -R elasticsearch:elasticsearch /opt/elasticsearch
# 创建数据和日志目录
# mkdir -p /var/lib/elasticsearch /var/log/elasticsearch
# chown -R elasticsearch:elasticsearch /var/lib/elasticsearch /var/log/elasticsearch
4.2 安装Logstash
# wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.10-linux-x86_64.tar.gz
# 解压安装包
# tar -xzvf logstash-7.17.10-linux-x86_64.tar.gz
# mv logstash-7.17.10 /opt/logstash
# 创建数据和日志目录
# mkdir -p /var/lib/logstash /var/log/logstash
# chown -R elasticsearch:elasticsearch /var/lib/logstash /var/log/logstash
4.3 安装Kibana
# wget https://artifacts.elastic.co/downloads/kibana/kibana-7.17.10-linux-x86_64.tar.gz
# 解压安装包
# tar -xzvf kibana-7.17.10-linux-x86_64.tar.gz
# mv kibana-7.17.10-linux-x86_64 /opt/kibana
# 设置权限
# chown -R elasticsearch:elasticsearch /opt/kibana
5. 数据库配置
配置ELK Stack的核心配置文件。
# vi /opt/elasticsearch/config/elasticsearch.yml
cluster.name: elk-cluster
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.type: single-node
# 配置JVM参数
# vi /opt/elasticsearch/config/jvm.options
-Xms16g
-Xmx16g
# vi /opt/logstash/config/logstash.yml
path.data: /var/lib/logstash
path.logs: /var/log/logstash
# 配置JVM参数
# vi /opt/logstash/config/jvm.options
-Xms4g
-Xmx4g
# vi /opt/kibana/config/kibana.yml
server.port: 5601
server.host: “0.0.0.0”
elasticsearch.hosts: [“http://localhost:9200”]
# su – elasticsearch -c “/opt/elasticsearch/bin/elasticsearch -d”
# 启动Logstash服务
# su – elasticsearch -c “/opt/logstash/bin/logstash -d”
# 启动Kibana服务
# su – elasticsearch -c “/opt/kibana/bin/kibana –daemon”
# 设置开机自启
# vi /etc/systemd/system/elasticsearch.service
[Unit]
Description=Elasticsearch
After=network.target
[Service]
Type=simple
User=elasticsearch
ExecStart=/opt/elasticsearch/bin/elasticsearch
Restart=on-failure
[Install]
WantedBy=multi-user.target
# vi /etc/systemd/system/logstash.service
[Unit]
Description=Logstash
After=elasticsearch.service
[Service]
Type=simple
User=elasticsearch
ExecStart=/opt/logstash/bin/logstash
Restart=on-failure
[Install]
WantedBy=multi-user.target
# vi /etc/systemd/system/kibana.service
[Unit]
Description=Kibana
After=elasticsearch.service
[Service]
Type=simple
User=elasticsearch
ExecStart=/opt/kibana/bin/kibana
Restart=on-failure
[Install]
WantedBy=multi-user.target
# 启用服务
# systemctl daemon-reload
# systemctl enable elasticsearch logstash kibana
# systemctl start elasticsearch logstash kibana
6. 测试验证
启动ELK Stack并验证功能正常。学习交流加群风哥QQ113257174
# curl http://localhost:9200
{
“name” : “node-1”,
“cluster_name” : “elk-cluster”,
“cluster_uuid” : “abcdef123456”,
“version” : {
“number” : “7.17.10”,
“build_flavor” : “default”,
“build_type” : “tar”,
“build_hash” : “1234567”,
“build_date” : “2023-02-08T15:21:16.449963995Z”,
“build_snapshot” : false,
“lucene_version” : “8.11.1”,
“minimum_wire_compatibility_version” : “6.8.0”,
“minimum_index_compatibility_version” : “6.0.0-beta1”
},
“tagline” : “You Know, for Search”
}
# 检查Kibana状态
# curl http://localhost:5601
# 检查Logstash状态
# ps aux | grep logstash
# 测试ELK集成
# 创建Logstash配置文件
# vi /opt/logstash/config/test.conf
input {
stdin {}
}
output {
elasticsearch {
hosts => [“localhost:9200”]
index => “test-%{+YYYY.MM.dd}”
}
stdout { codec => rubydebug }
}
# 运行Logstash测试
# /opt/logstash/bin/logstash -f /opt/logstash/config/test.conf
# 输入测试数据,然后按Ctrl+D
7. 备份配置
配置ELK Stack备份策略,确保数据安全。
# mkdir -p /backup/elk
# chown -R elasticsearch:elasticsearch /backup/elk
# 备份Elasticsearch数据
# curl -X PUT “localhost:9200/_snapshot/my_backup” -H “Content-Type: application/json” -d ‘{
“type”: “fs”,
“settings”: {
“location”: “/backup/elk”
}
}’
# 创建快照
# curl -X PUT “localhost:9200/_snapshot/my_backup/snapshot_1”
# 备份配置文件
# cp -r /opt/elasticsearch/config /backup/elk/
# cp -r /opt/logstash/config /backup/elk/
# cp -r /opt/kibana/config /backup/elk/
# 创建备份脚本
# vi /root/backup_elk.sh
#!/bin/bash
DATE=$(date +%Y%m%d)
# 创建Elasticsearch快照
curl -X PUT “localhost:9200/_snapshot/my_backup/snapshot_$DATE”
# 备份配置文件
cp -r /opt/elasticsearch/config /backup/elk/config_$DATE/
cp -r /opt/logstash/config /backup/elk/config_$DATE/
cp -r /opt/kibana/config /backup/elk/config_$DATE/
# 清理30天前的备份
find /backup/elk -name “snapshot_*” -mtime +30 -delete
find /backup/elk -name “config_*” -mtime +30 -delete
# 给脚本添加执行权限
# chmod +x /root/backup_elk.sh
# 添加到crontab
# crontab -e
# 添加以下内容(每天凌晨2点执行备份)
0 2 * * * /root/backup_elk.sh
8. 升级迁移
ELK Stack的升级和迁移过程。
# 1. 备份配置和数据
# /root/backup_elk.sh
# 2. 停止服务
# systemctl stop elasticsearch logstash kibana
# 3. 升级Elasticsearch
# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.10-linux-x86_64.tar.gz
# tar -xzvf elasticsearch-7.17.10-linux-x86_64.tar.gz
# mv /opt/elasticsearch /opt/elasticsearch-old
# mv elasticsearch-7.17.10 /opt/elasticsearch
# cp -r /opt/elasticsearch-old/config/* /opt/elasticsearch/config/
# chown -R elasticsearch:elasticsearch /opt/elasticsearch
# 4. 升级Logstash
# wget https://artifacts.elastic.co/downloads/logstash/logstash-7.17.10-linux-x86_64.tar.gz
# tar -xzvf logstash-7.17.10-linux-x86_64.tar.gz
# mv /opt/logstash /opt/logstash-old
# mv logstash-7.17.10 /opt/logstash
# cp -r /opt/logstash-old/config/* /opt/logstash/config/
# chown -R elasticsearch:elasticsearch /opt/logstash
# 5. 升级Kibana
# wget https://artifacts.elastic.co/downloads/kibana/kibana-7.17.10-linux-x86_64.tar.gz
# tar -xzvf kibana-7.17.10-linux-x86_64.tar.gz
# mv /opt/kibana /opt/kibana-old
# mv kibana-7.17.10-linux-x86_64 /opt/kibana
# cp -r /opt/kibana-old/config/* /opt/kibana/config/
# chown -R elasticsearch:elasticsearch /opt/kibana
# 6. 启动服务
# systemctl start elasticsearch logstash kibana
# 7. 验证升级结果
# curl http://localhost:9200
# curl http://localhost:5601
# 从旧版本ELK Stack迁移到ELK Stack 7.17.10
# 1. 在旧系统上创建快照
# curl -X PUT “old-server:9200/_snapshot/my_backup/snapshot_migration”
# 2. 将备份文件复制到新系统
# scp -r /backup/elk/* new-server:/backup/elk/
# 3. 在新系统上注册快照仓库
# curl -X PUT “localhost:9200/_snapshot/my_backup” -H “Content-Type: application/json” -d ‘{
“type”: “fs”,
“settings”: {
“location”: “/backup/elk”
}
}’
# 4. 恢复快照
# curl -X POST “localhost:9200/_snapshot/my_backup/snapshot_migration/_restore”
# 5. 复制配置文件
# scp user@old-server:/opt/elasticsearch/config/elasticsearch.yml /opt/elasticsearch/config/
# scp user@old-server:/opt/logstash/config/logstash.yml /opt/logstash/config/
# scp user@old-server:/opt/kibana/config/kibana.yml /opt/kibana/config/
# 6. 启动服务
# systemctl start elasticsearch logstash kibana
# 7. 验证迁移结果
# curl http://localhost:9200
# curl http://localhost:5601
9. 总结
本文详细介绍了elk 7.17.10 for RHEL 9的安装、配置、升级和迁移过程。通过按照本文的步骤操作,可以成功部署ELK Stack服务并确保其稳定运行。from:www.itpux.com
– 定期备份ELK Stack数据和配置,建议每天执行一次全备份
– 监控ELK Stack性能,定期检查服务状态和日志
– 定期更新ELK Stack版本,确保系统安全性和性能
– 合理规划ELK Stack存储,避免空间不足
– 配置合适的参数,优化ELK Stack性能
– 对于生产环境,建议部署多节点集群,提高可用性和可靠性
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
