8.1环境说明
主机 |
IP地址 |
备注 |
lb01 |
192.168.1.5 |
LVS+KEEPALIVED负载均衡及高可用 |
lb02 |
192.168.1.6 |
LVS+KEEPALIVED负载均衡及高可用 |
web01 |
192.168.1.7 |
nginx+php提供web服务 |
web02 |
192.168.1.8 |
nginx+php提供web服务 |
web03 |
192.168.1.9 |
nginx+php提供web服务 |
Mysql-proxy |
192.168.1.10 |
Atlas代理,实现mysql读写分离 |
db01 |
192.168.1.11 |
mysql主库 |
db02 |
192.168.1.12 |
mysql从库1 |
db03 |
192.168.1.13 |
mysql从库2 |
MHA-Manager |
192.168.1.14 |
MHA管理机 |
NFS+Redis |
192.168.1.16 |
WEB文件及SESSION共享 |
Backup |
192.168.1.17 |
rsync接收备份及xtraback备份 |
openvpn |
192.168.1.18 |
管理机,提供opvpn、ansible及SSH跳板功能 |
zabbix |
192.168.1.19 |
监控指标收集及查看 |
EFK |
192.168.1.20 |
日志收集+日志查看 |
8.2服务端安装
安装Elasticsearch
yum install -y https://mirrors.tuna.tsinghua.edu.cn/elasticstack/8.x/yum/8.0.0/elasticsearch-8.0.0-x86_64.rpm
编缉配置文件
vim /etc/elasticsearch.yml path.data: /var/lib/elasticsearch path.logs: /var/log/elasticsearch xpack.security.enabled: false xpack.security.enrollment.enabled: false xpack.security.http.ssl: enabled: false keystore.path: certs/http.p12 xpack.security.transport.ssl: enabled: false verification_mode: certificate keystore.path: certs/transport.p12 truststore.path: certs/transport.p12 cluster.initial_master_nodes: ["192.168.1.20 "] http.host: [_local_, _site_] http.cors.enabled: true http.cors.allow-origin: "*"
安装head插件
echo " 185.199.111.153 git.github.com" >> /etc/hosts yum install npm git git clone https://github.com/mobz/elasticsearch-head.git cd elasticsearch-head npm install
启动head插件
npm start &
打开http://192.168.1.20:9100,将连地地址改为http://192.168.1.20:9200
安装Kibana
yum install -y https://mirrors.tuna.tsinghua.edu.cn/elasticstack/8.x/yum/8.0.0/kibana-8.0.0-x86_64.rpm
配置kibana.yml,修改监听地址以及elasticsearch地址
vim /etc/kibana.yml …… server.host: "0.0.0.0" …… elasticsearch.hosts: ["http://192.168.2.210:9200"] ……
启动
systemctl enable kibana
systemctl start kibana
访问http://192.168.1.20:5601
8.3客户端Filebeat收集日志插件安装
使用ansible进行批量安装,在Openvpn管理机上执行
创建filebeat角色
ansible-galaxy init filebeat
准备需分发的nginx模块配置文件
cat > /etc/ansible/filebeat/files/nginx.yml << EOF - module: nginx # Access logs access: enabled: true var.paths: ["/var/log/nginx/access.log"] # Error logs error: enabled: true var.paths: ["/var/log/nginx/error.log"] EOF
准备需分发的mysql模块配置文件
cat > /etc/ansible/filebeat/files/mysql.yml << EOF - module: mysql # Error logs error: enabled: true var.paths: ["/var/log/mysql.log"] # Slow logs slowlog: enabled: false #var.paths: EOF
准备filebeat配置文件
cat > /etc/filebeat/filebeat.yml << EOF filebeat.inputs: - type: filestream enabled: false paths: - /var/log/*.log filebeat.config.modules: path: ${path.config}/modules.d/*.yml reload.enabled: true output.elasticsearch: hosts: ["192.168.1.20:9200"] indices: - index: "nginx-access-%{[agent.version]}-%{+yyyy.MM}" when.contains: message: "access" - index: "nginx-error-%{[agent.version]}-%{+yyyy.MM}" when.contains: message: "error" - index: "mysql-error-%{[agent.version]}-%{+yyyy.MM}" when.contains: message: "mysql_error" setup.template.name: “nginx” setup.template.pattern: “nginx-*” setup.template.enabled: false setup.template.overwrite: true EOF
准备filebeat安装包
wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/8.x/yum/8.0.0/filebeat-8.0.0-x86_64.rpm -P /etc/ansible/roles/filebeat/files
编写filebeat角色的任务脚本(仅收集nginx和mysql日志,其他有时间和精力再进行补充)
vim /etc/ansible/roles/filebeat/tasks/main.yml - name: 1-推送Filebeat安装包 copy: src: filebeat-8.0.0-x86_64.rpm dest: /tmp - name: 2-安装Filebeat shell: cmd: yum localinstll /tmp/filebeat-8.0.0-x86_64.rpm when: ansible_eth0.ipv4.address != "192.168.1.20" - name: 3-开启nginx模块 shell: cmd: filebeat modules enable nginx when: ansible_eth0.ipv4.address == "192.168.1.7" or "192.168.1.8" or "192.168.1.9" - name: 4-开启mysql模块 shell: cmd: filebeat modules enable mysql when: ansible_eth0.ipv4.address == "192.168.1.11" or "192.168.1.12" or "192.168.1.13" - name: - name: 5-推送nginx.yml配置文件到web主机组 copy: src: nginx.yml dest: /etc/filebeat/modules.d when: ansible_eth0.ipv4.address == "192.168.1.7" or "192.168.1.8" or "192.168.1.9" - name: 6-推送mysql.yml配置文件到db主机组 copy: src: mysql.yml dest: /etc/filebeat/modules.d when: ansible_eth0.ipv4.address == "192.168.1.11" or "192.168.1.12" or "192.168.1.13" - name: 7-推送filebeat.yml配置文件 copy: src: filebeat.yml dest: /etc/filebeat/ when: ansible_eth0.ipv4.address == "192.168.1.11" or "192.168.1.12" or "192.168.1.13" or "192.168.1.7" or "192.168.1.8" or "192.168.1.9" - name: 8-启动filebeat service: name: filebeat state: started enable: true when: ansible_eth0.ipv4.address != "192.168.1.20"
应用角色
vim /etc/ansible/roles/roles1.yml - hosts: all roles: filebeat
执行
ansible-playbook /etc/ansible/roles.yaml