Ansible开ELK集群

节点规划

IP地址主机名服务
192.168.100.10ansibleansible
192.168.100.20elk-1ela+kibana
192.168.100.21elk-2ela+logstash
192.168.100.22elk-3ela

设置解析域名(所有节点)

cat >> /etc/hosts <<EOF
192.168.100.10 ansible
192.168.100.20 elk-1 
192.168.100.21 elk-2 
192.168.100.22 elk-3 
EOF

设置主机名(所有节点)

#ansible节点--192.168.100.10:
hostnamectl set-hostname
#elk1节点--192.168.100.21:
hostnamectl set-hostname elk-1
#elk2节点--192.168.100.22:
hostnamectl set-hostname elk-2
#elk3节点--192.168.100.23:
hostnamectl set-hostname elk-3

创建目录结构(Ansible)

mkdir /root/install_elk
touch /root/install_elk/install_elk.yaml
mkdir -p /root/install_elk/roles/{ela,kib,log}/{files,handlers,tasks,templates,vars}
##下载所需要的软件包
curl -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.0-linux-x86_64.tar.gz
curl -O https://artifacts.elastic.co/downloads/kibana/kibana-7.17.0-linux-x86_64.tar.gz
curl -O https://artifacts.elastic.co/downloads/logstash/logstash-7.17.0-linux-x86_64.tar.gz
##复制所需要的软件包
cp -rvf elasticsearcg-7.17.0-linux-x86_64.tar.gz /root/install_elk/ela/files/
cp -rvf jdk-8u144-linux-x64.tar.gz /root/install_elk/ela/files/
cp -rvf kibana-7.17.0-linux-x86.64.tar.gz /root/install_elk/kib/files/
cp -rvf logstash-7.17.0-linux-x86_64.tar.gz /root/install_elk/kib/files/
ssh-keygen
##执行ssh-keygen不用输入内容,按几下回车
ssh-copy-id elk-1
ssh-copy-id elk-2
ssh-copy-id elk-3


cat >>  /etc/ansible/hosts <<EOF
[ela]
elk-1 node_name=elk-1
elk-2 node_name=elk-2
elk-3 node_name=elk-3
[kib]
elk-1
[log]
elk-2
EOF

编写ELK剧本(Ansible)

配置ELA模板

cat > /root/install_elk/install_elk.yaml <<EOF
---
- hosts: ela
  gather_facts: no
  remote_user: root
  roles: 
  - ela

- hosts: kib 
  gather_facts: no
  remote_user: root
  roles:
  - kib 
  
- hosts: log
  gather_facts: no
  remote_user: root
  roles:
  - log
EOF

cat > /root/install_elk/roles/ela/tasks/main.yaml <<EOF
- name: 安装Java环境
  unarchive:
    src: jdk-8u144-linux-x64.tar.gz  
    dest: /opt
    list_files: yes

- name: 添加Java环境变量
  shell: echo 'export JAVA_HOME=/opt/jdk1.8.0_144' >> /etc/profile && echo 'export PATH=$PATH:/opt/jdk1.8.0_144/bin' >> /etc/profile

- name: 生效环境变量
  shell: source /etc/profile

- name: 创建用户
  user:
    name: ela

- name: 传输本地软件包到远程主机并且解压到指定目录
  unarchive:
    src: elasticsearch-7.17.0-linux-x86_64.tar.gz
    dest: /opt
    owner: ela
    group: ela
    list_files: yes
  register: ret

- name: 创建软链接
  file:
    src: /opt/{{ ret.files.0 | regex_replace('/.*') }}
    dest: /opt/elasticsearch
    state: link

- name: 传输配置文件
  template:
    src: elasticsearch.j2
    dest: /opt/elasticsearch/config/elasticsearch.yml
    owner: ela
    group: ela
    
- name: 传输系统配置文件
  copy:
    src: limits.conf
    dest: /etc/security/limits.conf

- name: 传输系统配置文件
  copy:
    src: sysctl.conf
    dest: /etc/sysctl.conf

- name: 加载 /etc/sysctl.conf文件,使内核参数生效
  shell: sysctl -p

- name: 启动服务
  # 使用ela用户执行此命令
  become: yes
  become_user: ela
  command:
    # argv 是一个列表,存放了需要执行的命令及其参数
    # 一行一个
    argv:
      - nohup
      - /opt/elasticsearch/bin/elasticsearch
      - -d
EOF

设置j2主配置文件模板

cat > /root/install_elk/roles/ela/templates/elasticsearch.j2 <<EOF
cluster.name: elk
node.name: {{ node_name }}
node.data: true
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts:
   - 192.168.100.20
   - 192.168.100.21
   - 192.168.100.22
cluster.initial_master_nodes: ["elk-1","elk-2","elk-3"]
EOF

设置句柄

cat > /root/install_elk/roles/ela/files/limits.conf <<EOF
* soft nofile 65535
* hard nofile 65535
* soft nproc  4096
* hard nproc 4096
EOF

配置KIB模板

cat > /root/install_elk/roles/kib/tasks/main.yaml <<EOF
- name: 传输本地软件包到远程主机并且解压到指定目录
  unarchive:
    src: kibana-7.17.0-linux-x86_64.tar.gz
    dest: /opt
    owner: ela
    group: ela
    list_files: yes
  register: ret

- name: 创建软链接
  file:
    src: /opt/{{ ret.files.0 | regex_replace('/.*') }}
    dest: /opt/kibana
    state: link

- name: 创建日志与PID存放目录
  shell: mkdir -p /var/log/kibana /run/kibana

- name: 给如上目录设置权限
  shell: chown -R ela:ela /var/log/kibana /run/kibana

- name: 传输配置文件
  copy:
    src: kibana.yml
    dest: /opt/kibana/config/kibana.yml
    
- name: 传输服务管理文件
  template:
    src: kibana.service.j2
    dest: /etc/systemd/system/kibana.service

- name: 启动服务
  systemd:
    name: kibana
    state: started
    daemon_reload: yes
EOF

设置程序配置文件

cat > /root/install_elk/roles/kib/files/kibana.yml <<EOF
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.100.20:9200"]
i18n.locale: "zh-CN"
pid.file: /run/kibana/kibana.pid
logging.dest: /var/log/kibana/kibana.log
EOF

设置程序管理模板

cat > /root/install_elk/roles/kib/templates/kibana.service.j2 <<EOF
[Unit]
Description=Kibana
Documentation=https://www.elastic.co
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=ela
Group=ela
ExecStart=/opt/kibana/bin/kibana
ExecStop=/bin/pkill -F "/run/kibana/kibana.pid"
Restart=on-failure
RestartSec=3
StartLimitBurst=3
StartLimitInterval=60
WorkingDirectory=/opt/kibana
StandardOutput=journal
StandardError=inherit
[Install]
WantedBy=multi-user.target
EOF

配置LOG模板

cat > /root/install_elk/roles/log/tasks/main.yaml <<EOF
- name: 创建日志目录
  file:
    path: /var/log/logstash
    state: directory

- name: 服务日志目录权限
  shell: chown -R ela:ela /var/log/logstash

- name: 传输本地软件包到远程主机并且解压到指定目录
  unarchive:
    src: logstash-7.17.0-linux-x86_64.tar.gz
    dest: /opt
    list_files: yes
  register: ret

- name: 创建软链接
  file:
    src: /opt/{{ ret.files.0 | regex_replace('/.*') }}
    dest: /opt/logstash
    state: link

- name: 传输配置文件
  template:
    src: logstash.yml
    dest: /opt/logstash/config/logstash.yml

- name: 传输管道配置文件
  copy:
    src: logstash.conf
    dest: /opt/logstash/config/logstash-sample.conf
    
- name: 传输系统服务文件
  template:
    src: logstash.service.j2
    dest: /etc/systemd/system/logstash.service

- name: 启动 logstash
  systemd:
    name: logstash
    state: started
    daemon_reload: yes

- name: restart logstash
  systemd:
    name: logstash
    state: restarted
    daemon_reload: yes

#- name: 启动服务
#  become: yes
#  become_user: ela
#  shell: sh /opt/logstash/bin/logstash -f /opt/logstash/config/logstash-sample.conf 
EOF

设置程序配置文件

cat > /root/install_elk/roles/log/templates/logstash.yml <<EOF
http.host: "0.0.0.0"
path.logs: /var/log/logstash/
EOF

设置管道配置文件

cat > /root/install_elk/roles/log/files/logstash.conf <<EOF
#将本地的/var/log/yum.log内日志标准输入
input {
  file {
    path => "/var/log/yum.log"
    type => "yum_log"
    start_position => "beginning"
  }
}

#标准输出到elasticsearch中
output {
  elasticsearch {
    hosts =>  ["192.168.100.20:9200","192.168.100.21:9200","192.168.100.22:9200"] 
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  }
}
EOF

设置进程管理模板

cat > /root/install_elk/roles/log/templates/logstash.service.j2 <<EOF
Unit]
Description=logstash

[Service]
Type=simple
ExecStart=/opt/logstash/bin/logstash "-f" "/opt/logstash/config/*.conf"
Restart=always
WorkingDirectory=/
LimitNOFILE=65535
TimeoutStopSec=infinity
[Install]
WantedBy=multi-user.target
EOF

版权属于:JiuXia2025

本文链接:https://blog.inekoxia.com/index.php/archives/706.html

转载时须注明出处及本声明

最后修改:2024 年 12 月 23 日
© 允许规范转载
喜欢就支持一下吧