关于shell:Shell集群部署ELKZookeeperKafkafilebeat

服务器 2核4G

filebat->kafka->logstash->elasticsearch->kibana

Elasticsearch

Node-1

#!/bin/bash# 用户/明码ELK_USER=esELK_USER_PASSWORD=123install_es(){    yum install -y wget sudo vimcat >> /usr/lib/sysctl.d/00-system.conf <<EOFnet.ipv4.ip_forward=1EOFcat > /etc/sysctl.conf <<EOFvm.max_map_count=262144EOFcat > /etc/security/limits.conf <<EOF* hard nofile 65536* soft nofile 65536* hard nproc 65536* soft nproc 65536EOFsystemctl restart network;sudo sysctl -p;ulimit -S -n;ulimit -H -n;# ELK用户if id -u ${ELK_USER} >/dev/null 2>&1; then    echo "user exists"else    echo "user does not exist"    useradd ${ELK_USER}    echo "${ELK_USER_PASSWORD}" | passwd --stdin ${ELK_USER}fifile="elasticsearch-7.17.0-linux-x86_64.tar.gz"if [ ! -f /tmp/$file ]; then    wget -P /tmp https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.0-linux-x86_64.tar.gzfitar -zxvf /tmp/elasticsearch-7.17.0-linux-x86_64.tar.gz -C /usr/localmv /usr/local/elasticsearch-7.17.0 /usr/local/es# 创立目录上传证书mkdir -p /usr/local/es/config/certs/# 上传证书到/usr/local/es/config/certs/将http.p12和elastic-certificates.p12上传到/usr/local/es/config/certs/#链接：https://pan.baidu.com/s/1jlh5MYfFouemzF0XAqQf7w 提取码：3no1 cat > /usr/local/es/config/elasticsearch.yml << "EOF"# 集群名称cluster.name: es-cluster# 集群节点名称node.name: node-1# ES默认 只容许本地 127.0.0.1 和[::1] 拜访# 也能够设置成0.0.0.0 容许所有IP主机拜访# 如果不配置就默认认为是开发者模式，如果配置不正确会写入正告然而能正确运行# 如果配置了就会认为进入了生产环境, 如果配置不正确就会降级为异样,ES无奈正确启动。network.host: 0.0.0.0# 默认ES节点端口9200，如果是伪集群（在一台服务器上搭建集群），须要批改。http.port: 9200# 对外通信端口transport.port: 9300# 是否应用内存替换分区bootstrap.memory_lock: false# 设置数据寄存门路path.data: /usr/local/es/data/# 设置日志寄存门路path.logs: /usr/local/es/logs/# 发现其余节点主机配置 这里配置的是ES所在服务器的公网IP地址discovery.seed_hosts: ["10.0.0.21:9300","10.0.0.22:9300","10.0.0.23:9300"]# 哪些节点能够被选举为主节点配置cluster.initial_master_nodes: ["10.0.0.21","10.0.0.22","10.0.0.23"]#减少新的参数，为了让elasticsearch-head插件能够拜访es (5.x版本，如果没有能够本人手动加)http.cors.enabled: truehttp.cors.allow-origin: "*"# 数据采集指标xpack.monitoring.collection.enabled: truexpack.monitoring.exporters.my_local.type: localxpack.monitoring.exporters.my_local.use_ingest: falsexpack.security.authc.api_key.enabled: true# https-esxpack.security.enabled: truexpack.security.http.ssl.enabled: truexpack.security.http.ssl.keystore.path: "/usr/local/es/config/certs/http.p12"xpack.security.http.ssl.truststore.path: "/usr/local/es/config/certs/http.p12"# https-kibanaxpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.client_authentication: requiredxpack.security.transport.ssl.keystore.path: "/usr/local/es/config/certs/elastic-certificates.p12"xpack.security.transport.ssl.truststore.path: "/usr/local/es/config/certs/elastic-certificates.p12"EOF# 配置内置JAVAcat >> /usr/local/es/bin/elasticsearch << EOFexport JAVA_HOME=/usr/local/es/jdkexport PATH=$JAVA_HOME/bin:$PATHEOF#  调整运行内存cat >> /usr/local/es/config/jvm.options << EOF-Xms256m-Xmx256mEOFchmod u+x /usr/local/es/binchown -R es:es /usr/local/es#  端口firewall-cmd --zone=public --add-port=9200/tcp --permanent;firewall-cmd --zone=public --add-port=9300/tcp --permanent;firewall-cmd --zone=public --add-service=http --permanent;firewall-cmd --zone=public --add-service=https --permanent;firewall-cmd --reload;firewall-cmd --list-all;    #  注册服务项cat > /usr/lib/systemd/system/es.service << "EOF"[Unit]Description=elasticsearchAfter=network.target[Service]Type=forkingUser=esExecStart=/usr/local/es/bin/elasticsearch -dPrivateTmp=true# 指定此过程能够关上的最大文件数LimitNOFILE=65535# 指定此过程能够关上的最大过程数LimitNPROC=65535# 最大虚拟内存LimitAS=infinity# 最大文件大小LimitFSIZE=infinity# 超时设置 0-永不超时TimeoutStopSec=0# SIGTERM是进行java过程的信号KillSignal=SIGTERM# 信号只发送给给JVMKillMode=process# java过程不会被杀掉SendSIGKILL=no# 失常退出状态SuccessExitStatus=143[Install]WantedBy=multi-user.targetEOFchmod 755 /usr/lib/systemd/system/es.servicesystemctl enable es.servicesystemctl start es.servicesystemctl status es.service}install_es

Node-2

#!/bin/bash# 用户/明码ELK_USER=esELK_USER_PASSWORD=123install_es(){    yum install -y wget sudo vimcat >> /usr/lib/sysctl.d/00-system.conf <<EOFnet.ipv4.ip_forward=1EOFcat > /etc/sysctl.conf <<EOFvm.max_map_count=262144EOFcat > /etc/security/limits.conf <<EOF* hard nofile 65536* soft nofile 65536* hard nproc 65536* soft nproc 65536EOFsystemctl restart network;sudo sysctl -p;ulimit -S -n;ulimit -H -n;# ELK用户if id -u ${ELK_USER} >/dev/null 2>&1; then    echo "user exists"else    echo "user does not exist"    useradd ${ELK_USER}    echo "${ELK_USER_PASSWORD}" | passwd --stdin ${ELK_USER}fifile="elasticsearch-7.17.0-linux-x86_64.tar.gz"if [ ! -f /tmp/$file ]; then    wget -P /tmp https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.0-linux-x86_64.tar.gzfitar -zxvf /tmp/elasticsearch-7.17.0-linux-x86_64.tar.gz -C /usr/localmv /usr/local/elasticsearch-7.17.0 /usr/local/es# 创立目录上传证书mkdir -p /usr/local/es/config/certs/# 上传证书到/usr/local/es/config/certs/将http.p12和elastic-certificates.p12上传到/usr/local/es/config/certs/#链接：https://pan.baidu.com/s/1jlh5MYfFouemzF0XAqQf7w 提取码：3no1 cat > /usr/local/es/config/elasticsearch.yml << "EOF"# 集群名称cluster.name: es-cluster# 集群节点名称node.name: node-2# ES默认 只容许本地 127.0.0.1 和[::1] 拜访# 也能够设置成0.0.0.0 容许所有IP主机拜访# 如果不配置就默认认为是开发者模式，如果配置不正确会写入正告然而能正确运行# 如果配置了就会认为进入了生产环境, 如果配置不正确就会降级为异样,ES无奈正确启动。network.host: 0.0.0.0# 默认ES节点端口9200，如果是伪集群（在一台服务器上搭建集群），须要批改。http.port: 9200# 对外通信端口transport.port: 9300# 是否应用内存替换分区bootstrap.memory_lock: false# 设置数据寄存门路path.data: /usr/local/es/data/# 设置日志寄存门路path.logs: /usr/local/es/logs/# 发现其余节点主机配置 这里配置的是ES所在服务器的公网IP地址discovery.seed_hosts: ["10.0.0.21:9300","10.0.0.22:9300","10.0.0.23:9300"]# 哪些节点能够被选举为主节点配置cluster.initial_master_nodes: ["10.0.0.21","10.0.0.22","10.0.0.23"]#减少新的参数，为了让elasticsearch-head插件能够拜访es (5.x版本，如果没有能够本人手动加)http.cors.enabled: truehttp.cors.allow-origin: "*"# 数据采集指标xpack.monitoring.collection.enabled: truexpack.monitoring.exporters.my_local.type: localxpack.monitoring.exporters.my_local.use_ingest: falsexpack.security.authc.api_key.enabled: true# https-esxpack.security.enabled: truexpack.security.http.ssl.enabled: truexpack.security.http.ssl.keystore.path: "/usr/local/es/config/certs/http.p12"xpack.security.http.ssl.truststore.path: "/usr/local/es/config/certs/http.p12"# https-kibanaxpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.client_authentication: requiredxpack.security.transport.ssl.keystore.path: "/usr/local/es/config/certs/elastic-certificates.p12"xpack.security.transport.ssl.truststore.path: "/usr/local/es/config/certs/elastic-certificates.p12"EOF# 配置内置JAVAcat >> /usr/local/es/bin/elasticsearch << EOFexport JAVA_HOME=/usr/local/es/jdkexport PATH=$JAVA_HOME/bin:$PATHEOF#  调整运行内存cat >> /usr/local/es/config/jvm.options << EOF-Xms256m-Xmx256mEOFchmod u+x /usr/local/es/binchown -R es:es /usr/local/es#  端口firewall-cmd --zone=public --add-port=9200/tcp --permanent;firewall-cmd --zone=public --add-port=9300/tcp --permanent;firewall-cmd --zone=public --add-service=http --permanent;firewall-cmd --zone=public --add-service=https --permanent;firewall-cmd --reload;firewall-cmd --list-all;#  注册服务项cat > /usr/lib/systemd/system/es.service << "EOF"[Unit]Description=elasticsearchAfter=network.target[Service]Type=forkingUser=esExecStart=/usr/local/es/bin/elasticsearch -dPrivateTmp=true# 指定此过程能够关上的最大文件数LimitNOFILE=65535# 指定此过程能够关上的最大过程数LimitNPROC=65535# 最大虚拟内存LimitAS=infinity# 最大文件大小LimitFSIZE=infinity# 超时设置 0-永不超时TimeoutStopSec=0# SIGTERM是进行java过程的信号KillSignal=SIGTERM# 信号只发送给给JVMKillMode=process# java过程不会被杀掉SendSIGKILL=no# 失常退出状态SuccessExitStatus=143[Install]WantedBy=multi-user.targetEOFchmod 755 /usr/lib/systemd/system/es.servicesystemctl enable es.servicesystemctl start es.servicesystemctl status es.service}install_es

Node-3

#!/bin/bash# 用户/明码ELK_USER=esELK_USER_PASSWORD=123install_es(){    yum install -y wget sudo vimcat >> /usr/lib/sysctl.d/00-system.conf <<EOFnet.ipv4.ip_forward=1EOFcat > /etc/sysctl.conf <<EOFvm.max_map_count=262144EOFcat > /etc/security/limits.conf <<EOF* hard nofile 65536* soft nofile 65536* hard nproc 65536* soft nproc 65536EOFsystemctl restart network;sudo sysctl -p;ulimit -S -n;ulimit -H -n;# ELK用户if id -u ${ELK_USER} >/dev/null 2>&1; then    echo "user exists"else    echo "user does not exist"    useradd ${ELK_USER}    echo "${ELK_USER_PASSWORD}" | passwd --stdin ${ELK_USER}fifile="elasticsearch-7.17.0-linux-x86_64.tar.gz"if [ ! -f /tmp/$file ]; then    wget -P /tmp https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.0-linux-x86_64.tar.gzfitar -zxvf /tmp/elasticsearch-7.17.0-linux-x86_64.tar.gz -C /usr/localmv /usr/local/elasticsearch-7.17.0 /usr/local/es# 创立目录上传证书mkdir -p /usr/local/es/config/certs/# 上传证书到/usr/local/es/config/certs/将http.p12和elastic-certificates.p12上传到/usr/local/es/config/certs/#链接：https://pan.baidu.com/s/1jlh5MYfFouemzF0XAqQf7w 提取码：3no1 cat > /usr/local/es/config/elasticsearch.yml << "EOF"# 集群名称cluster.name: es-cluster# 集群节点名称node.name: node-3# ES默认 只容许本地 127.0.0.1 和[::1] 拜访# 也能够设置成0.0.0.0 容许所有IP主机拜访# 如果不配置就默认认为是开发者模式，如果配置不正确会写入正告然而能正确运行# 如果配置了就会认为进入了生产环境, 如果配置不正确就会降级为异样,ES无奈正确启动。network.host: 0.0.0.0# 默认ES节点端口9200，如果是伪集群（在一台服务器上搭建集群），须要批改。http.port: 9200# 对外通信端口transport.port: 9300# 是否应用内存替换分区bootstrap.memory_lock: false# 设置数据寄存门路path.data: /usr/local/es/data/# 设置日志寄存门路path.logs: /usr/local/es/logs/# 发现其余节点主机配置 这里配置的是ES所在服务器的公网IP地址discovery.seed_hosts: ["10.0.0.21:9300","10.0.0.22:9300","10.0.0.23:9300"]# 哪些节点能够被选举为主节点配置cluster.initial_master_nodes: ["10.0.0.21","10.0.0.22","10.0.0.23"]#减少新的参数，为了让elasticsearch-head插件能够拜访es (5.x版本，如果没有能够本人手动加)http.cors.enabled: truehttp.cors.allow-origin: "*"# 数据采集指标xpack.monitoring.collection.enabled: truexpack.monitoring.exporters.my_local.type: localxpack.monitoring.exporters.my_local.use_ingest: falsexpack.security.authc.api_key.enabled: true# https-esxpack.security.enabled: truexpack.security.http.ssl.enabled: truexpack.security.http.ssl.keystore.path: "/usr/local/es/config/certs/http.p12"xpack.security.http.ssl.truststore.path: "/usr/local/es/config/certs/http.p12"# https-kibanaxpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.client_authentication: requiredxpack.security.transport.ssl.keystore.path: "/usr/local/es/config/certs/elastic-certificates.p12"xpack.security.transport.ssl.truststore.path: "/usr/local/es/config/certs/elastic-certificates.p12"EOF# 配置内置JAVAcat >> /usr/local/es/bin/elasticsearch << EOFexport JAVA_HOME=/usr/local/es/jdkexport PATH=$JAVA_HOME/bin:$PATHEOF#  调整运行内存cat >> /usr/local/es/config/jvm.options << EOF-Xms256m-Xmx256mEOFchmod u+x /usr/local/es/binchown -R es:es /usr/local/es#  端口firewall-cmd --zone=public --add-port=9200/tcp --permanent;firewall-cmd --zone=public --add-port=9300/tcp --permanent;firewall-cmd --zone=public --add-service=http --permanent;firewall-cmd --zone=public --add-service=https --permanent;firewall-cmd --reload;firewall-cmd --list-all;#  注册服务项cat > /usr/lib/systemd/system/es.service << "EOF"[Unit]Description=elasticsearchAfter=network.target[Service]Type=forkingUser=esExecStart=/usr/local/es/bin/elasticsearch -dPrivateTmp=true# 指定此过程能够关上的最大文件数LimitNOFILE=65535# 指定此过程能够关上的最大过程数LimitNPROC=65535# 最大虚拟内存LimitAS=infinity# 最大文件大小LimitFSIZE=infinity# 超时设置 0-永不超时TimeoutStopSec=0# SIGTERM是进行java过程的信号KillSignal=SIGTERM# 信号只发送给给JVMKillMode=process# java过程不会被杀掉SendSIGKILL=no# 失常退出状态SuccessExitStatus=143[Install]WantedBy=multi-user.targetEOFchmod 755 /usr/lib/systemd/system/es.servicesystemctl enable es.servicesystemctl start es.servicesystemctl status es.service}install_es