在Ubuntu 14.04 上安装单机版ELK 2.*(脚本化)
1.判断是否为root权限
if [ "${UID}" -ne 0 ];
then
echo "You must be root to run this program." >&2
exit 3
fi
2.记录脚本运行日志(可以在ubuntu日志中找到对应的运行信息)
log()
{
echo "$1"
logger "$1"
}
3.设置脚本运行参数
# Set the VM name for the elasticsearch network.host
# Set the host name instead of internal ip
while getopts n:e: optname; do
log "Option $optname set with value ${OPTARG}"
case $optname in
n) #set the encoded configuration string
log "Setting the VM Name"
VMNAME=${OPTARG}
;;
e) #set the encoded configuration string
log "Setting the encoded configuration string"
CONF_FILE_ENCODED_STRING=${OPTARG}
;;
\?) #unrecognized option - show help
echo -e \\n"Option -${BOLD}$OPTARG${NORM} not allowed."
help
exit 2
;;
esac
done
4.安装java 8
#install java8
install_java()
{
log "begin install java8"
sudo add-apt-repository -y ppa:webupd8team/java
sudo apt-get -y update > /dev/null
echo debconf shared/accepted-oracle-license-v1-1 select true | sudo debconf-set-selections
echo debconf shared/accepted-oracle-license-v1-1 seen true | sudo debconf-set-selections
sudo apt-get -y install oracle-java8-installer > /dev/null
log "java8 has been installed"
}
5.安装Elasticsearch,配置Elasticsearch的主要参数
install_config_elasticsearch()
{
log "begin install elasticsearch"
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
sudo apt-get update
sudo apt-get -y install elasticsearch
# configure the elasticsearch
sudo echo "bootstrap.mlockall: true" >> /etc/elasticsearch/elasticsearch.yml
sudo echo "network.host: $VMNAME" >> /etc/elasticsearch/elasticsearch.yml
sudo echo "http.port: 9200" >> /etc/elasticsearch/elasticsearch.yml
# configure elasticsearch heap
log "elasticsearch.yml has been configured . The elasticsearch heap begin to configure"
es_heap_size=$(free -m |grep Mem | awk '{if ($2/2 >31744) print 31744;else print $2/2;}')
sudo printf "\nES_HEAP_SIZE=%sm\n" $es_heap_size >> /etc/default/elasticsearch
sudo printf "MAX_LOCKED_MEMORY=unlimited\n" >> /etc/default/elasticsearch
sudo echo "elasticsearch - nofile 65536" >> /etc/security/limits.conf
sudo echo "elasticsearch - memlock unlimited" >> /etc/security/limits.conf
log "es heap has been set"
sudo service elasticsearch restart
sudo update-rc.d elasticsearch defaults 95 10
log "elasticsearch has been installed"
}
6.安装主要插件,可选。
install_plugin()
{
cd /usr/share/elasticsearch/
sudo bin/plugin install lmenezes/elasticsearch-kopf
sudo bin/plugin install mobz/elasticsearch-head
sudo bin/plugin install license
sudo bin/plugin install watcher
#install marvel part0
sudo bin/plugin install marvel-agent
cd
}
7.安装配置kibana
install_config_kibana()
{
#install kibana
log "begin to install kibana"
echo "deb http://packages.elastic.co/kibana/4.4/debian stable main" | sudo tee -a /etc/apt/sources.list.d/kibana-4.4.x.list
sudo apt-get update
sudo apt-get -y install kibana
#configure kibana
# take care of the server.host name
sudo echo "server.host: '$VMNAME'" >> /opt/kibana/config/kibana.yml
sudo echo "elasticsearch.url: 'http://$VMNAME:9200'" >> /opt/kibana/config/kibana.yml
sudo update-rc.d kibana defaults 96 9
sudo service kibana start
#install marvel part1 . marvel need to be installed after kibana was done.
sudo bin/kibana plugin --install elasticsearch/marvel/2.1.0
log "kibana has been installed"
}
8.安装配置logstash
install_logstash()
{
# Install Logstash
# The Logstash package is available from the same repository as Elasticsearch . Install the public key.
# Create the logstash source list
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
log "begin to install logstash"
echo 'deb http://packages.elastic.co/logstash/2.2/debian stable main' | sudo tee /etc/apt/sources.list.d/logstash-2.2.x.list
sudo apt-get update
sudo apt-get install logstash
#configure
log "Decoding configuration string"
log "$CONF_FILE_ENCODED_STRING"
echo $CONF_FILE_ENCODED_STRING > logstash.conf.encoded
DECODED_STRING=$(base64 -d logstash.conf.encoded)
log "$DECODED_STRING"
echo $DECODED_STRING > ~/logstash.conf
#log "Installing user configuration file"
log "Installing user configuration named logstash.conf"
sudo \cp -f ~/logstash.conf /etc/logstash/conf.d/
# Configure Start
log "Configure start up service"
sudo update-rc.d logstash defaults 96 9
sudo service logstash start
}
9.运行方式
- 如果你不太熟悉,可以分段或分句复制,type到命令行然后运行。
- 如果你较为熟悉,可以复制整理所有的函数到一个elk.sh脚本中并调用,如下:
sudo bash elk.sh -n {parameter1} -e {parameter2}
#parameter1 是hostname
#parameter2 是logstash的配置文件,此处你可以简单带入如下:
"aW5wdXQgIHsgICBzdGRpbiB7fSB9IG91dHB1dCB7ICAgc3Rkb3V0IHsgY29kZWMgPT4gcnVieWRlYnVnIH0gfQ=="
#该字符串解码后为input { stdin {} } output { stdout { codec => rubydebug } }
#logstash无默认的配置文件,无法启动服务。因此需要导入一个简单的配置。然后根据后续进行修改