本文承接ELK部署

安装redis服务及主从配置

1.node1和node2安装redis

[root@node1 ~]# yum install redis -y
[root@node2 ~]# yum install redis -y

node1和node2都修改的配置
[root@node1 ~]# vim /etc/redis.conf
bind 0.0.0.0
daemonize yes
appendonly yes
[root@node2 ~]# vim /etc/redis.conf
bind 0.0.0.0
daemonize yes
appendonly yes

从redis(node2)比主配置多一行：
[root@node2 ~]# vim /etc/redis.conf
################################# REPLICATION #################################
# slaveof  
slaveof node1 6379

主从都配置开机自启
[root@node1 ~]# systemctl enable --now redis
Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /usr/lib/systemd/system/redis.service.

[root@node2 ~]# systemctl enable --now redis
Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /usr/lib/systemd/system/redis.service.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

2.Keepalived安装

两个节点都安装

[root@node1 ~]# yum install -y keepalived
1

3.redis+keepalived配置

主节点配置

注意：主从节点需要安装psmisc(提供killall命令)
先装psmisc-22.20-17.el7.x86_64

[root@node1 ~]# cd /etc/keepalived/
[root@node1 keepalived]# ls
keepalived.conf
[root@node1 keepalived]# cp keepalived.conf{,.bak}
[root@node1 keepalived]# vim keepalived.conf
#全替换为下方代码
global_defs {
router_id redis-master
}
vrrp_script chk_redis {
script "killall -0 redis-server"
interval 2
timeout 2
fall 3
}
vrrp_instance redis {
state BACKUP
interface ens33
lvs_sync_daemon_interface ens33
virtual_router_id 202
priority 150
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.43.126           # 同一网段VIP地址
}
track_script {
chk_redis
}
#对端地址
notify_master "/etc/keepalived/scripts/redis_master.sh 127.0.0.1 192.168.43.112 6379"
#对端地址
notify_backup "/etc/keepalived/scripts/redis_backup.sh 127.0.0.1 192.168.43.112 6379"
#故障切换
notify_fault /etc/keepalived/scripts/redis_fault.sh
#keepalived停止
notify_stop /etc/keepalived/scripts/redis_stop.sh
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

从节点配置

先在node1配置，再发送到node2

[root@node1 keepalived]# pwd
/etc/keepalived
[root@node1 keepalived]# ls
keepalived.conf  keepalived.conf.bak
[root@node1 keepalived]# mkdir scripts
[root@node1 keepalived]# cd scripts/
---------------------------------------1--------------------------------------------------
[root@node1 scripts]# vim redis_master.sh 
[root@node1 scripts]# cat redis_master.sh 
#!/bin/bash
REDISCLI="redis-cli -h $1 -p $3"
LOGFILE="/var/log/keepalived-redis-state.log"
echo "[master]" >> $LOGFILE
date >> $LOGFILE
echo "Being master...." >> $LOGFILE 2>&1
echo "Run SLAVEOF cmd ... " >> $LOGFILE
$REDISCLI SLAVEOF $2 $3 >> $LOGFILE 2>&1
echo "SLAVEOF $2 cmd can't excute ... " >> $LOGFILE
sleep 10
echo "Run SLAVEOF NO ONE cmd ..." >> $LOGFILE
$REDISCLI SLAVEOF NO ONE >> $LOGFILE 2>&1
---------------------------------------2--------------------------------------------------
[root@node1 scripts]# vim redis_backup.sh
[root@node1 scripts]# cat redis_backup.sh 
#!/bin/bash
REDISCLI="redis-cli"
LOGFILE="/var/log/keepalived-redis-state.log"
echo "[BACKUP]" >> $LOGFILE
date >> $LOGFILE
echo "Being slave...." >> $LOGFILE 2>&1
echo "Run SLAVEOF cmd ..." >> $LOGFILE 2>&1
$REDISCLI SLAVEOF $2 $3 >> $LOGFILE
sleep 100
exit 0
----------------------------------------3-------------------------------------------------
[root@node1 scripts]# vim redis_fault.sh
[root@node1 scripts]# cat redis_fault.sh 
#!/bin/bash
LOGFILE="/var/log/keepalived-redis-state.log"
echo "[fault]" >> $LOGFILE
date >> $LOGFILE
----------------------------------------4-------------------------------------------------
[root@node1 scripts]# vim redis_stop.sh
[root@node1 scripts]# cat redis_stop.sh 
#!/bin/bash
LOGFILE="/var/log/keepalived-redis-state.log"
echo "[stop]" >> $LOGFILE
date >> $LOGFILE

给予执行权限
[root@node1 scripts]# chmod +x *.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53

拷贝文件到node2




node2修改配置文件

修改一下几点
[root@node2 keepalived]# vim keepalived.conf

router_id redis-slave
priority 100
notify_master "/etc/keepalived/scripts/redis_master.sh 127.0.0.1 192.168.43.111 6379"
notify_backup "/etc/keepalived/scripts/redis_backup.sh 127.0.0.1 192.168.43.111 6379"
1
2
3
4
5
6
7

以上的keepalived.conf文件中的切换模式设置为nopreempt，意思是：
不抢占VIP资源，此种模式要是所有的节点都必须设置为state BACKUP模式！
需要注意无论主备服务器都需要设置为BACKUP，与以往KeepAlived的配置不同，
其目的就是防止主服务器恢复后重新抢回VIP，导致Redis切换从而影响稳定。

主节点脚本复制到从节点，保证有执行权限。
Keepalived在转换状态时会依照状态来呼叫：
当进入Master状态时会呼叫notify_master
当进入Backup状态时会呼叫notify_backup
当发现异常情况时进入Fault状态呼叫notify_fault
当Keepalived程序终止时则呼叫notify_stop

主从启动服务(开机自启)

[root@node1 keepalived]# systemctl enable --now keepalived.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.

[root@node2 keepalived]# systemctl enable --now keepalived.service
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
1
2
3
4
5

redis+keepalived测试

通过VIP连接Redis:

插入数据测试

部署Kibana及nginx代理访问环境

Kibana及nginx代理访问环境部署（访问权限控制）。在elk-node03节点机上操作

1、kibana安装配置

[root@node3 ~]# yum install https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-7.x/7.2.0/kibana-7.2.0-x86_64.rpm
1

由于维护的业务系统比较多，每个系统下的业务日志在kibana界面展示的访问权限只给该系统相关人员
开放，对系统外人员不开放。所以需要做kibana权限控制。
这里通过nginx的访问验证配置来实现。
可以配置多个端口的kibana，每个系统单独开一个kibana端口号，比如财务系统kibana使用5601端
口、租赁系统kibana使用5602，然后nginx做代理访问配置。
每个系统的业务日志单独在其对应的端口的kibana界面里展示。

[root@node3 ~]# cp -r /etc/kibana/ /etc/cw-5601-kibana
[root@node3 ~]# cp -r /etc/kibana/ /etc/zl-5602-kibana
[root@node3 ~]# vim /etc/cw-5601-kibana/kibana.yml
#修改以下命令
server.port: 5601
server.host: "0.0.0.0"
kibana.index: ".cw-kibana"
elasticsearch.hosts: ["http://192.168.43.111:9200"]

覆盖原zl，并新建
[root@node3 ~]# cp /etc/cw-5601-kibana/kibana.yml /etc/zl-5602-kibana/
cp: overwrite ‘/etc/zl-5602-kibana/kibana.yml’? y
[root@node3 ~]# vim /etc/zl-5602-kibana/kibana.yml
#再修改以下命令
server.port: 5602
server.host: "0.0.0.0"
kibana.index: ".zl-kibana"
elasticsearch.hosts: ["http://192.168.43.111:9200"]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

提供服务脚本：

拷贝原始脚本重命名
[root@node3 ~]# cp -a /etc/systemd/system/kibana.service /etc/systemd/system/kibana_cw.service
修改文件
[root@node3 ~]# vim /etc/systemd/system/kibana_cw.service 
#需修改的命令
ExecStart=/usr/share/kibana/bin/kibana "-c /etc/cw-5601-kibana/kibana.yml"

复制一份重命名为zl并修改内容
[root@node3 ~]# cp /etc/systemd/system/kibana_cw.service /etc/systemd/system/kibana_zl.service 
[root@node3 ~]# vim /etc/systemd/system/kibana_zl.service 
#需修改的命令
ExecStart=/usr/share/kibana/bin/kibana "-c /etc/zl-5602-kibana/kibana.yml"
1
2
3
4
5
6
7
8
9
10
11
12

使用node3的IP:5601测试

使用node3IP:5602测试

配置nginx的反向代理以及访问验证

安装nginx
[root@node3 ~]# yum install nginx -y
若失败，则添加扩展源后在重新安装
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

配置虚拟主机：
[root@node3 ~]# vim  /etc/nginx/conf.d/cw_kibana.conf
server {
listen 15601;
server_name localhost;
location / {
proxy_pass http://192.168.43.113:5601/;
auth_basic "Access Authorized";
auth_basic_user_file /etc/nginx/conf.d/cw_auth_password;
}
}

[root@node3 ~]# cp /etc/nginx/conf.d/cw_kibana.conf /etc/nginx/conf.d/zl_kibana.conf
[root@node3 ~]# vim /etc/nginx/conf.d/zl_kibana.conf 
server {
listen 15602;
server_name localhost;
location / {
proxy_pass http://192.168.43.113:5602/;
auth_basic "Access Authorized";
auth_basic_user_file /etc/nginx/conf.d/zl_auth_password;
}
}


设置验证文件
安装httpd-tools
[root@node3 ~]# yum install httpd-tools -y

配置登录认证机制
[root@node3 ~]# htpasswd -c /etc/nginx/conf.d/cw_auth_password cwlog
New password: 
Re-type new password: 
Adding password for user cwlog
[root@node3 ~]# htpasswd -c /etc/nginx/conf.d/zl_auth_password zllog
New password: 
Re-type new password: 
Adding password for user zllog

测试语法是否有问题
[root@node3 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

nginx开机自启
[root@node3 ~]# systemctl enable --now nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.

kibana开机自起
[root@node3 ~]# systemctl enable --now kibana_cw.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana_cw.service to /etc/systemd/system/kibana_cw.service.
[root@node3 ~]# systemctl enable --now kibana_zl.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/kibana_zl.service to /etc/systemd/system/kibana_zl.service.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

测试

只有对应的用户才可登入

打开node1配置的插件