1、ELK日志收集
Elasticsearch : 数据库,存数据 java
Logstash:收集日志,过滤数据 java
Kibana:分析,过滤,展示 java
Filebeat: 收集日志,传输到ES GO
- 安装kibana(收集Nginx日志)
#优化时间同步
yum install ntpdate -y
# 上传kibana包#依赖java环境。(如没有需安装java-1.8.0-openjdk.x86_64)
rpm -ivh kibana-6.6.0-x86_64.rpm
# 查看配置文件
[root@db01 /data/soft]# rpm -qc kibana
[root@db01 ~]# grep '^[a-z]' /etc/kibana/kibana.yml
server.port: 5601
server.host: "10.0.0.51" # kibana服务器ip
server.name: "db01"
elasticsearch.hosts: ["http://10.0.0.51:9200"] # 填写es地址
kibana.index: ".kibana"
# 重启kibana
systemctl restart kibana
#测试环境部署安装(Nginx、db压测软件)
yum install nginx httpd-tools -y
systemctl start nginx
ab -n 100 -c 100 http://10.0.0.51/
# 观察日志
tail -f /var/log/nginx/access.log
#安装filebeat,上传安装包
rpm -ivh filebeat-6.6.0-x86_64.rpm
cp /etc/filebeat/filebeat.yml /tmp/ 备份配置文件
[root@db01 /data/soft]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true # 开启
paths:
- /var/log/nginx/access.log #收集Nginx日志
output.elasticsearch:
hosts: ["10.0.0.51:9200"] # 填写ES服务器IP
# 重启filebeat
systemctl restart filebeat
2.kibana-Web页面配置
image.png
image.png
image.png
image.png
-
单条件查询
image.png -
多条件查询
image.png -
多条件冲突时
image.png -
排除过滤
image.png
3.filebeat原理
把filebeat部署到需要采集数据的服务器中,用于数据收集,并将收集到的数据发个elasticsearch服务器存储。
filebeat只负责传输最新的数据,不会关心es服务器是否存储
filebeat每次收集日志都会记录一个坐标点。当filebeat服务器停止期间有新的数据产生,会在filebeat启动时有新数据产生时,会将上次记录的发送点为起点,将最新的数据发送到es服务器中。以前已经发送过的数据,并不会二次发送!!!
- 修改Nginx日志为json格式
修改nginx 配置文件(nginx多台配置一样)
image.png
[root@db01 ~]# vim /etc/nginx/nginx.conf
log_format json '{ "time_local": "$time_local", '
'"remote_addr": "$remote_addr", '
'"referer": "$http_referer", '
'"request": "$request", '
'"status": $status, '
'"bytes": $body_bytes_sent, '
'"agent": "$http_user_agent", '
'"x_forwarded": "$http_x_forwarded_for", '
'"up_addr": "$upstream_addr",'
'"up_host": "$upstream_http_host",'
'"upstream_time": "$upstream_response_time",'
'"request_time": "$request_time"'
' }';
# 语法检查,并重启Nginx服务
nginx -t
systemctl restart nginx
-
修改filebeat配置(优化日志收集)nginx多台配置一样。
image.png
[root@db01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
index: "nginx-%{[beat.version]}-%{+yyyy.MM}"
setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true
# 重启filebeat
systemctl restart filebeat
更改json格式后。日志会与之前的冲突,最好备份以前的日志
elasticsearch-Web页面和kibana-Web页面都需重新创建于配置!!!
image.png
4.分别收集Nginx的正确和错误日志
image.png
[root@db01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["access"]
- type: log
enabled: true
paths:
- /var/log/nginx/error.log
tags: ["error"]
setup.kibana:
host: "10.0.0.51:5601"
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
# index: "nginx-%{[beat.version]}-%{+yyyy.MM}"
indices:
- index: "nginx-access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "access"
- index: "nginx-error-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "error"
setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true
# 重启filebeat服务
systemctl restart filebeat
在kibana和es页面删除旧的索引,并创建新的索引
image.png
image.png
image.png
5.收集Tomcat日志
#安装Tmocat,#带webapps的包为软件测试包
yum install tomcat tomcat-webapps tomcat-admin-webapps tomcat-docs-webapp tomcat-javadoc -y
[root@db01 ~]# systemctl start tomcat
[root@db01 ~]# netstat -lntup|grep 8080
tcp6 0 0 :::8080 :::* LISTEN 3956/java
image.png
-
修改Tmocat配置文件。改写为json格式输出日志
image.png
vim /etc/tomcat/server.xml
# 删除原本139行,粘贴如下内容
pattern="{"clientip":"%h","ClientUser":"%l","authenticated":"%u","AccessTime":"%t&
quot;,"method":"%r","status":"%s","SendBytes":"%b","Query?string":"%q","partner":&
quot;%{Referer}i","AgentVersion":"%{User-Agent}i"}"/>
# 重启Tomcat,备份或清空原来日志
systemctl restart tomcat
- filebeat配置文件中添加Tomcat的解析
[root@db01 ~]# cat /etc/filebeat/filebeat.yml
filebeat.inputs:
##################Nginx###################
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["access"]
- type: log
enabled: true
paths:
- /var/log/nginx/error.log
tags: ["error"]
##################Tomcat###################
- type: log
enabled: true
paths:
- /var/log/tomcat/localhost_access_log.*.txt # tomcat 日志文件相对特殊,以日期格式命名。所以此时*表可收集变动日志
json.keys_under_root: true
json.overwrite_keys: true
tags: ["tomcat"]
##################output###################
setup.kibana:
host: "10.0.0.51:5601"
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
# index: "nginx-%{[beat.version]}-%{+yyyy.MM}"
indices:
- index: "nginx-access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "access"
- index: "nginx-error-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "error"
- index: "tomcat-access-%{[beat.version]}-%{+yyyy.MM}" # tomcat按照月来收集日志创建索引
when.contains:
tags: "tomcat"
setup.template.name: "nginx" # 此处没加Tomcat的使用,此时只使用一次,前面Nginx已经使用过。所有Tomcat可以不用加,也可以按名字识别
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true
# 重启filebeat服务
systemctl restart filebeat
在Tomcat随便点击产生一些日志后,在kibana页面添加索引,观察es和Kinbana的Web页面是否正常
image.png
image.png
6.java日志收集
官方地址https://www.elastic.co/guide/en/beats/filebeat/6.6/multiline-examples.html
因为java日志的输出信息非常多,需要将多行拼成一个事件,所以需要多行匹配模式,因为elasticsearch本身就是java开发的,所以我们可以直接收集ES的日志
image.png
- 代码
[root@db01 ~]# cat /etc/filebeat/filebeat.yml
filebeat.inputs:
##################Nginx###################
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["access"]
- type: log
enabled: true
paths:
- /var/log/nginx/error.log
tags: ["error"]
##################Tomcat###################
- type: log
enabled: true
paths:
- /var/log/tomcat/localhost_access_log.*.txt
json.keys_under_root: true
json.overwrite_keys: true
tags: ["tomcat"]
##################es###################
- type: log
enabled: true
paths:
- /var/log/elasticsearch/elasticsearch.log
tags: ["es"]
multiline.pattern: '^\['
multiline.negate: true
multiline.match: after
##################output###################
setup.kibana:
host: "10.0.0.51:5601"
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
# index: "nginx-%{[beat.version]}-%{+yyyy.MM}"
indices:
- index: "nginx-access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "access"
- index: "nginx-error-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "error"
- index: "tomcat-access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "tomcat"
- index: "es-java-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
tags: "es"
setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true
#重启filebeat
systemctl restart filebeat
尝试在es的配置文件自造错误。然后恢复观察日志。
在kibana创建索引观察Es报错日志变化
image.png
image.png
7.收集docker日志
- 安装docker(部署Nginx)
rm -fr /etc/yum.repos.d/local.repo
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/docker-ce.repo https://mirrors.ustc.edu.cn/docker-ce/linux/centos/docker-ce.repo
sed -i 's#download.docker.com#mirrors.tuna.tsinghua.edu.cn/docker-ce#g' /etc/yum.repos.d/docker-ce.repo
yum install docker-ce -y
systemctl start docker
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://registry.docker-cn.com"]
}
systemctl restart docker
#运行nginx镜像
docker pull nginx
docker run --name nginx -p 80:80 -d nginx
docker ps
docker start afa04f1bbeb9
docker exec -it afa04f1bbeb9 /bin/bash
docker logs -f nginx
------------------------------------------------------------------第二版镜像
docker commit nginx nginx:v2
docker images
docker run --name nginx -p 8080:80 -d nginx:v2
# 刷点nginx日志查看是否有日志产生
#docker容器的日志目录(编码目录对应相应的容器id)
[root@db02 /var/lib/docker/containers]# pwd
/var/lib/docker/containers
- 配置filebeat收集单个docker日志(缺陷:日志正确错误混乱)
官方文档:https://www.elastic.co/guide/en/beats/filebeat/6.7/filebeat-input-docker.html
# 首先查看docker容器的id(inspect 跟容器的名称)
docker inspect nginx-test|grep -w "Id"
# 配置文件
vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: docker
containers.ids:
- '2338d5038f7a2eac96d84d6cf424fb1829bd754ec5e0df944bdd29ba6d61a54e' # /var/lib/docker/containers/目录下对应的容器id
tags: ["docker-nginx"] # 日志内打标签
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
index: "docker-nginx-%{[beat.version]}-%{+yyyy.MM.dd}"
setup.template.name: "docker"
setup.template.pattern: "docker-*"
setup.template.enabled: false
setup.template.overwrite: true
- 收集多个容器日志(分类不同服务容器,区分正确错误日志)
假如我们有多个docker镜像或者重新提交了新镜像,那么直接指定ID的就不是太方便了。如果直接配置filebeat存到es里台机器所有的容器日志都会混在一起没有办法区分多容器日志收集处理。
其实收集的日志本质来说还是文件,而这个日志是以容器json,log命名存放在默认目录下的json格式文件。但是每个容器的ID都不一样,为了区分不同服务器运行的不同容器,可以使用docker-compose通过给容器添加labels标签来作为区分
然后filebeat把容器日志当作普通的json格式来解析并传输到es
- 安装docker-compose(容器编排工具)
#1.安装docker-compose
yum install -y python2-pip
#2.这里使用pip安装,默认源为国外,可以使用国内加速,相关网站#https://mirrors.tuna.tsinghua.edu.cn/help/pypi/
#pip加速操作命令
pip install -i https://pypi.tuna.tsinghua.edu.cn/simple pip -U
pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
#3.继续安装docker-compose#报错可尝试执行yum install python-devel
pip install docker-compose
#4.检查
docker-compose version
image.png
- 创建docker-compose.yml
[root@db02 ~]# cat docker-compose.yml
version: '3' # 固定写法
services: # 相当于一个服务,下面容器都属于这个服务
nginx:
image: nginx:v2 # 容器名称
# 设置labels
labels:
service: nginx #设置标签
# logging设置增加labels.service
logging:
options:
labels: "service" # 将标签记录到日志中去
ports:
- "8080:80"
db:
image: nginx:latest
# 设置labels
labels:
service: db # 容器标签
# logging设置增加labels.service
logging:
options:
labels: "service"
ports:
- "80:80"
#启动docker-compose
docker-compose up #此时会创建2个容器,并且前台启动,会罕住。新开一个窗口docker ps查看
image.png
- 配置filebeat
[root@db02 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/lib/docker/containers/*/*-json.log
json.keys_under_root: true
json.overwrite_keys: true
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
indices:
- index: "docker-nginx-access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
attrs.service: "nginx"
stream: "stdout"
- index: "docker-nginx-error-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
attrs.service: "nginx"
stream: "stderr"
- index: "docker-db-access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
attrs.service: "db"
stream: "stdout"
- index: "docker-db-error-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
attrs.service: "db"
stream: "stderr"
setup.template.name: "docker"
setup.template.pattern: "docker-*"
setup.template.enabled: false
setup.template.overwrite: true
image.png
image.png
image.png
8.filebeat modules配置(自带的日志收集模块,有缺陷)
使用nginx模版配置需要安装2个插件,默认从官方下载速度太慢,可以提前下载然后离线安装
https://www.elastic.co/guide/en/elasticsearch/plugins/6.6/ingest-geoip.html
https://www.elastic.co/guide/en/elasticsearch/plugins/6.6/plugin-management-custom-url.html
# 在线安装
[root@elk-175 ~]# /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-user-agent
[root@elk-175 ~]# /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-geoip
[root@elk-175 ~]# wget https://artifacts.elastic.co/downloads/elasticsearch-plugins/ingest-user-agent/ingest-user-agent-6.6.0.zip
[root@elk-175 ~]# wget https://artifacts.elastic.co/downloads/elasticsearch-plugins/ingest-geoip/ingest-geoip-6.6.0.zip
#离线下载好安装包,上传服务器进行安装
[root@db02 ~]# /usr/share/elasticsearch/bin/elasticsearch-plugin install file:///root/ingest-geoip-6.6.0.zip
[root@db02 ~]# /usr/share/elasticsearch/bin/elasticsearch-plugin install file:///root/ingest-user-agent-6.6.0.zip
- 操作步骤
#1.filebeat 配置文件添加模块路径
filebeat.config.modules: # 配置filebeat modules模块
path: ${path.config}/modules.d/*.yml # modules 的配置文件在哪里
reload.enabled: true # 自动载入
reload.period: 10s
#2.模块会更改json格式,所有吧nginx的日志改为普通格式
vim /etc/nginx/nginx.conf
main
>/var/log/nginx/access.log
>/var/log/nginx/error.log
nginx -t
systemctl restart nginx
#3.命令行输入激活模块
filebeat modules enable nginx
#4. 重启Es
systemctl restart elasticsearch
#5.重启filebaet
systemctl restart filebeat
- fiebleat 完整配置
[root@db01 /etc/filebeat]# vim filebeat.yml
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml #模块路径
reload.enabled: true
reload.period: 10s
setup.kibana:
host: "10.0.0.51:5601"
output.elasticsearch:
hosts: ["10.0.0.51:9200"]
indices:
- index: "nginx-access-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
fileset.name: "access"
- index: "nginx-error-%{[beat.version]}-%{+yyyy.MM}"
when.contains:
fileset.name: "error"
setup.template.name: "nginx"
setup.template.pattern: "nginx-*"
setup.template.enabled: false
setup.template.overwrite: true
单机模式发布了远程es服务器。本地可以发。集群模发生es正常
9.使用Redis作为缓存
filebeat 缺陷:只支持传输到单台Redis服务去,不支持Redis集群和哨兵
#1.安装Redis并启动
#2.修改nginx配置文件日志输出格式为json格式
#3.修改filebeat配置文件output到Redis中
[root@db01 /etc/logstash/conf.d]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["access"]
- type: log
enabled: true
paths:
- /var/log/nginx/error.log
tags: ["error"]
setup.kibana:
host: "10.0.0.51:5601"
output.redis:
hosts: ["10.0.0.51"] # Redis服务器IP
key: "filebeat" # 将日志存入Redis的filebeat键值中
db: 0
timeout: 5
--------------------------------------------------------------------------------------------------------------------------------------------
#4.配置logstash配置文件
[root@db01 ~]# cat /etc/logstash/conf.d/redis.conf
input {
redis {
host => "10.0.0.51" #Redis 服务器地址
port => "6379"
db => "0"
key => "filebeat" # 取Redis中filebeat键值的内容
data_type => "list" # 类型
}
}
filter {
mutate {
convert => ["upstream_time", "float"] # 两行Nginx与PHP解析的时间,转换为浮点型,方便大小排序
convert => ["request_time", "float"]
}
}
output {
if "access" in [tags] { # key值中含有access的传输到Es服务器nginx_access索引
elasticsearch {
hosts => "http://10.0.0.51:9200"
manage_template => false
index => "nginx_access-%{+yyyy.MM.dd}"
}
}
if "error" in [tags] { # # key值中含有error的传输到Es服务器nginx_error索引
elasticsearch {
hosts => "http://10.0.0.51:9200"
manage_template => false
index => "nginx_error-%{+yyyy.MM.dd}"
}
}
}
#5.启动logstash(前台启动,启动速度慢)
[root@db01 /etc/elasticsearch]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/redis.conf
10.kibana数据图制作
上传测试数据,然后开始kibana-web页面设置
image.png
image.png
image.png
image.png
image.png
image.png
image.png
image.png
image.png
image.png
image.png
11.kibana监控ES集群
image.png
image.png
image.png
12.使用kafka作为缓存
三台服务器配置hosts,并可以互相ping通
[root@db01 ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.51 db01
10.0.0.52 db02
10.0.0.53 db03
- 下载安装并验证zookeeper
zookeeper下载地址http://zookeeper.apache.org/releases.html
kafka下载地址http://kafka.apache.org/downloads.html
zookeeper集群特性:整个集群中只要有超过集群数量一半的zookeeper工作是正常的,那么整个集群对外就是可用的,例如有2台服务器做一个zaookeeper,只要有任何一台故障或宕机,那么这个zookeeper集群就是不可用的了。因为剩下的一台没有超过集群的一半的数量,但是假如有三台zookeeper组成一个集群,那么损坏一台还剩两台,大于3台的一半,所以损坏一台还是可以正常运行的,但是再损坏一台就只剩下一台,集群就不可用了.
如果是4台组成,损坏一台正常,损坏两台还剩两台,不满足集群总数的一半,所以3台的集群和4台的集群算坏两台的结果都是集群不可用.所以这也是为什么集群一般是奇数的原因.
#上传zookeeper-3.4.11.tar.gz和kafka_2.11-1.0.0.tgz
[root@db01 /data/soft]# tar zxf zookeeper-3.4.11.tar.gz -C /opt/
[root@db01 /data/soft]# ln -s /opt/zookeeper-3.4.11/ /opt/zookeeper
[root@db01 /data/soft]# ll /opt/
[root@db01 /data/soft]# mkdir -p /data/zookeeper
[root@db01 /data/soft]# cp /opt/zookeeper/conf/zoo_sample.cfg /opt/zookeeper/conf/zoo.cfg #将简易配置文件修改为正式配置文件
# 编辑保留的配置文件
[root@db01 /data/soft]# vim /opt/zookeeper/conf/zoo.cfg
tickTime=2000
initLimit=10
syncLimit=5
dataDir=/data/zookeeper
clientPort=2181
server.1=10.0.0.51:2888:3888
server.2=10.0.0.52:2888:3888
server.3=10.0.0.53:2888:3888
# 用rsync发送zookeeper给另外两台服务器
[root@db01 /opt]# rsync -avz zookeeper* db02:/opt/
[root@db01 /opt]# rsync -avz zookeeper* db03:/opt/
#用rsync 发送数据目录
[root@db01 /opt]# rsync -avz /data/zookeeper db02:/data/
[root@db01 /opt]# rsync -avz /data/zookeeper db03:/data/
# 修改三台服务器的myid
[root@db01 /opt]# echo "1" > /data/zookeeper/myid # 填写的数字必须对应zoo,cfg配置中的server.$
[root@db02 /opt]# echo "2" > /data/zookeeper/myid
[root@db03 /opt]# echo "3" > /data/zookeeper/myid
# 各节点启动zookeeper
[root@db01 /opt]# /opt/zookeeper/bin/zkServer.sh start
[root@db01 /opt]# /opt/zookeeper/bin/zkServer.sh status
#Mode: leader为主、Mode: follower为从(目前集群为高可用架构,可以坏一台)
- zookeeper 简单操作命令测试
连接到任意节点生成数据:
我们在节点1生成数据,然后在其他节点验证数据
#其中一个点节点创建一条hello的数据
[root@db01 /opt]# /opt/zookeeper/bin/zkCli.sh -server db01:2181
[zk: db01:2181(CONNECTED) 0] create /test "hello"
#集群其他节点可查看到
[root@db02 /opt]# /opt/zookeeper/bin/zkCli.sh -server db02:2181
[zk: db02:2181(CONNECTED) 0] get /test
hello
cZxid = 0x100000002
ctime = Tue Apr 07 20:07:30 CST 2020
mZxid = 0x100000002
mtime = Tue Apr 07 20:07:30 CST 2020
pZxid = 0x100000002
cversion = 0
dataVersion = 0
aclVersion = 0
ephemeralOwner = 0x0
dataLength = 5
numChildren = 0
- 安装部署kafka
# 上传kafka安装包
[root@db01 /data/soft]# tar xf kafka_2.11-1.0.0.tgz -C /opt/
[root@db01 /data/soft]# ln -s /opt/kafka_2.11-1.0.0/ /opt/kafka
[root@db01 /data/soft]# mkdir /opt/kafka/logs
[root@db01 /data/soft]# vim /opt/kafka/config/server.properties
broker.id=1 # 填写的数字必须对应zoo,cfg配置中的server.$
listeners=PLAINTEXT://10.0.0.51:9092 # 本机ip地址
log.dirs=/opt/kafka/logs
log.retention.hours=24
zookeeper.connect=10.0.0.51:2181,10.0.0.52:2181,10.0.0.53:2181 #zookeeper集群ip
#将配置文件和kafka一同发送到集群中的其他机器
[root@db01 /data/soft]# rsync -avz /opt/kafka* db02:/opt/
[root@db01 /data/soft]# rsync -avz /opt/kafka* db03:/opt/
#其他两台机器修改kafka配置文件
[root@db02 /opt]# vim kafka/config/server.properties
broker.id=2 # 填写的数字必须对应zoo,cfg配置中的server.$
listeners=PLAINTEXT://10.0.0.52:9092 # 本机IP
log.dirs=/opt/kafka/logs
log.retention.hours=24
zookeeper.connect=10.0.0.51:2181,10.0.0.52:2181,10.0.0.53:2181
----------------------------------------------------------------------------------------------------------------------------------------------
[root@db03 /opt]# vim kafka/config/server.properties
broker.id=3 # 填写的数字必须对应zoo,cfg配置中的server.$
listeners=PLAINTEXT://10.0.0.53:9092 # 本机IP
log.dirs=/opt/kafka/logs
log.retention.hours=24
zookeeper.connect=10.0.0.51:2181,10.0.0.52:2181,10.0.0.53:2181
- 各节点启动kafka
# 节点1,可以先前台启动,方便查看日志报错(3台测试)
[root@db01 /data/soft]# /opt/kafka/bin/kafka-server-start.sh /opt/kafka/config/server.properties
# 最后一行出现KafkaServer id 和started 字样,就表明启动成功了, 然后就可以放到后台启动了(集群3台启动)
[root@db01 /data/soft]# /opt/kafka/bin/kafka-server-start.sh -daemon /opt/kafka/config/server.properties #(3台都启动)
[root@db01 /data/soft]# tail -f /opt/kafka/logs/server.log
# 创建测试
[root@db01 ~]# /opt/kafka/bin/kafka-topics.sh --create --zookeeper 10.0.0.51:2181,10.0.0.52:2181,10.0.0.53:2181 --partitions 3 --replication-factor 3 --topic kafkatest
OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
Created topic "kafkatest".
#测试获取TOPPID,任意一台机测试
[root@db01 ~]# /opt/kafka/bin/kafka-topics.sh --describe --zookeeper 10.0.0.51:2181,10.0.0.52:2181,10.0.0.53:2181 --topic kafkatest
OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
Topic:kafkatest PartitionCount:3 ReplicationFactor:3 Configs:
Topic: kafkatest Partition: 0 Leader: 2 Replicas: 2,1,3 Isr: 2,1,3
Topic: kafkatest Partition: 1 Leader: 3 Replicas: 3,2,1 Isr: 3,2,1
Topic: kafkatest Partition: 2 Leader: 1 Replicas: 1,3,2 Isr: 1,3,2
# 数据测试创建一个名为messagetest的topic
[root@db01 ~]# /opt/kafka/bin/kafka-topics.sh --create --zookeeper 10.0.0.51:2181,10.0.0.52:2181,10.0.0.53:2181 --partitions 3 --replication-factor 3 --topic messagetest
#登录发送消息
#发送消息:注意,端口是 kafka的9092,而不是zookeeper的2181
#producer.sh发送消失这、consumer.sh接收消息者
[root@db01 ~]# /opt/kafka/bin/kafka-console-producer.sh --broker-list 10.0.0.51:9092,10.0.0.52:9092,10.0.0.53:9092 --topic messagetest
#其他节点登录接收消息者脚本
[root@db02 ~]# /opt/kafka/bin/kafka-console-consumer.sh --zookeeper 10.0.0.51:2181,10.0.0.52:2181,10.0.0.53:2181 --topic messagetest --from-beginning
[root@db03 ~]# /opt/kafka/bin/kafka-console-consumer.sh --zookeeper 10.0.0.51:2181,10.0.0.52:2181,10.0.0.53:2181 --topic messagetest --from-beginning
- 配置filebeat配置文件(发送到kafka)
[root@db01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["access"]
- type: log
enabled: true
paths:
- /var/log/nginx/error.log
tags: ["error"]
setup.kibana:
host: "10.0.0.51:5601"
output.kafka:
hosts: ["10.0.0.51:9092","10.0.0.52:9092","10.0.0.53:9092"]
topic: elklog # 创建一个话题框
- logstatsh配置文件
[root@db01 ~]# vim /etc/logstash/conf.d/kafka.conf
input{
kafka{
bootstrap_servers=>"10.0.0.51:9092" # kafka集群中任意一台
topics=>["elklog"] # 对应filebeat 的话题框
group_id=>"logstash"
codec => "json"
}
}
filter {
mutate {
convert => ["upstream_time", "float"] convert => ["request_time", "float"]
}
}
output {
if "access" in [tags] {
elasticsearch {
hosts => "http://10.0.0.51:9200"
manage_template => false
index => "nginx_access-%{+yyyy.MM}"
}
}
if "error" in [tags] {
elasticsearch {
hosts => "http://10.0.0.51:9200"
manage_template => false
index => "nginx_error-%{+yyyy.MM}"
}
}
}
--------------------------------------------------------------------------------------------------------
#启动logstash
[root@db01 /etc/elasticsearch]# systemctl restart filebeat
[root@db01 /etc/elasticsearch]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/kafka.conf
13.使用nginx+keepalived代理多台redis
image.png
redis集群方案有哨兵和集群,但可惜的是filebeat和logstash都不支持这两种方案。但是我们可采用keepalived的方式解决
1.使用Nginx+keepalived反向代理负载均衡到后面的多台Redis
2.考虑Redis故障切换数据一致性的问题,所有最好我们使用2台Redis,并且只工作一台,另外一台作为backup,只有第一台坏掉后,第二台才会工作。
3.filebeat的oputut的Redis地址为Keepalived的虚拟IP
4.logstash可以启动多个节点来加速读取Redis的数据
5.后端可以采用多台es集群来做支撑
- 安装keepalived
#两台服务器安装keepalived
[root@db01 ~]# yum install keepalived
[root@db01 ~]# vim /etc/keepalived/keepalived.conf
router_id lb01
}
vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 50
priority 150 # 权重
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
------------------------------------------------------------------------------------------------------------------------------------------
[root@db02 ~]# vim /etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state BACKUP
interface eth0
virtual_router_id 50
priority 100 #权重改小
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3
}
}
- 安装redis
mkdir /data/soft -p
cd /data/soft
# 上传安装包
tar xf redis-5.0.7.tar.gz -C /opt/
ln -s /opt/redis-5.0.7 /opt/redis
cd /opt/redis
make
make install
mkdir -p /opt/redis_6379/{conf,pid,logs}
mkdir -p /data/redis_6379
vim /opt/redis_6379/conf/redis_6379.conf
daemonize yes
bind 127.0.0.1 10.0.0.52
port 6379
pidfile /opt/redis_6379/pid/redis_6379.pid
logfile /opt/redis_6379/logs/redis_6379.log
save 900 1
save 300 10
save 60 10000
dbfilename redis.rdb
dir /data/redis_6379/
#启动
redis-server /opt/redis_6379/conf/redis_6379.conf
- 配置Nginx反向代理(4层代理)
# 在配置文件底部加入stram模块
[root@db01 /data]# vim /etc/nginx/nginx.conf
stream {
upstream redis {
server 10.0.0.52:6379 max_fails=2 fail_timeout=10s;
server 10.0.0.53:6379 max_fails=2 fail_timeout=10s backup; #backup的参数是在IP52Redis存活时不启动。宕机时才启动顶替52继续工作(备用服务器)
}
server {
listen 6379;
proxy_connect_timeout 1s;
proxy_timeout 3s;
proxy_pass redis;
}
}
# 语法检查后重启Nginx服务
[root@db01 /data]# nginx -t
[root@db01 /data]# systemctl restart nginx
[root@db01 /data]# ss -lntup|grep nginx
tcp LISTEN 0 128 *:6379 *:* users:(("nginx",pid=2261,fd=7),("ngin",pid=2260,fd=7))
tcp LISTEN 0 128 *:80 *:* users:(("nginx",pid=2261,fd=6),("ngin",pid=2260,fd=6))
# 远程登录测试是否反向代理成功。(0.3是keepalived的VIP网卡)
# Nginx配置文件stream不加backup时,正常是负载均衡
[root@db01 /data]# redis-cli -h 10.0.0.3
- 配置filebeta配置文件
[root@db01 ~]# vim /etc/filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
json.keys_under_root: true
json.overwrite_keys: true
tags: ["access"]
- type: log
enabled: true
paths:
- /var/log/nginx/error.log
tags: ["error"]
setup.kibana:
host: "10.0.0.51:5601"
output.redis:
hosts: ["10.0.0.3"] # 填写keepalived的IP地址
key: "filebeat"
#重启filebeat
systemctl resatrt filebeat
- 配置logstash配置文件
[root@db01 ~]# vim /etc/logstash/conf.d/redis.conf
input {
redis {
host => "10.0.0.3" # 填写keepalived的IP地址
port => "6379"
db => "0"
key => "filebeat"
data_type => "list"
}
}
filter {
mutate {
convert => ["upstream_time", "float"]
convert => ["request_time", "float"]
}
}
output {
if "access" in [tags] {
elasticsearch {
hosts => "http://10.0.0.51:9200"
manage_template => false
index => "nginx_access-%{+yyyy.MM.dd}"
}
}
if "error" in [tags] {
elasticsearch {
hosts => "http://10.0.0.51:9200"
manage_template => false
index => "nginx_error-%{+yyyy.MM.dd}"
}
}
}
#启动logstash
[root@db01 /data]# /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/redis.conf
#ab压测产生数据
[root@db02 /opt/redis]# ab -n 20000 -c 20 http://10.0.0.51/tt
image.png
es每存储一条数据,Redis中就会少一条时间。成功替ES服务器减少压力。、
image.png
image.png
