FreezeJ' Blog

Kibana 7.14部署

2022-03-31

系统使用centos7.8

操作步骤

wget https://artifacts.elastic.co/downloads/kibana/kibana-7.14.2-linux-x86_64.tar.gz
tar xf kibana-7.14.2-linux-x86_64.tar.gz
mv kibana-7.14.2-linux-x86_64  /data/kibana
useradd kibana -s /usr/sbin/nologin -U -M --system
mkdir /data/kibana/logs/  # 自定义日志目录
chown -R kibana.kibana /data/kibana
mkdir /run/kibana  # pid存放目录
chown -R kibana.kibana /run/kibana

启动脚本配置

/etc/init.d/kibana

#!/bin/sh
# Init script for kibana
# Maintained by
# Generated by pleaserun.
# Implemented based on LSB Core 3.1:
#   * Sections: 20.2, 20.3
#
### BEGIN INIT INFO
# Provides:          kibana
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description:
# Description:       Kibana
### END INIT INFO

#
# Source function libraries if present.
# (It improves integration with systemd)
#
# Red Hat
if [ -f /etc/rc.d/init.d/functions ]; then
    . /etc/rc.d/init.d/functions

# Debian
elif [ -f /lib/lsb/init-functions ]; then
    . /lib/lsb/init-functions

# SUSE
elif [ -f /etc/rc.status ]; then
    . /etc/rc.status
    rc_reset
fi

user="kibana"
group="kibana"
chroot="/"
chdir="/"
nice=""


KILL_ON_STOP_TIMEOUT=${KILL_ON_STOP_TIMEOUT-1}
KBN_PATH_CONF="/data/kibana/config"
RESTART_ON_UPGRADE="false"

name=kibana
program=/data/kibana/bin/kibana
args="--logging.dest=/data/kibana/logs/kibana.log"
pidfile="/var/run/kibana/$name.pid"

[ -r /etc/default/$name ] && . /etc/default/$name
[ -r /etc/sysconfig/$name ] && . /etc/sysconfig/$name

export KBN_PATH_CONF
export NODE_OPTIONS

[ -z "$nice" ] && nice=0

trace() {
  logger -t "/etc/init.d/kibana" "$@"
}

emit() {
  trace "$@"
  echo "$@"
}

start() {
  [ ! -d "/var/run/kibana/" ] && mkdir "/var/run/kibana/"
  chown "$user":"$group" "/var/run/kibana/"
  chmod 755 "/var/run/kibana/"
  echo "$user":"$group"

  chroot --userspec "$user":"$group" "$chroot" sh -c "

    cd \"$chdir\"
    exec \"$program\" \"$args\"
  " >> /data/kibana/logs/startup.log  2>&1 &

  # Generate the pidfile from here. If we instead made the forked process
  # generate it there will be a race condition between the pidfile writing
  # and a process possibly asking for status.
  echo $! > $pidfile

  emit "$name started"
  return 0
}

stop() {
  # Try a few times to kill TERM the program
  if status ; then
    pid=$(cat "$pidfile")
    trace "Killing $name (pid $pid) with SIGTERM"
    kill -TERM $pid
    # Wait for it to exit.
    for i in 1 2 3 4 5 ; do
      trace "Waiting $name (pid $pid) to die..."
      status || break
      sleep 1
    done
    if status ; then
      if [ "$KILL_ON_STOP_TIMEOUT" -eq 1 ] ; then
        trace "Timeout reached. Killing $name (pid $pid) with SIGKILL.  This may result in data loss."
        kill -KILL $pid
        emit "$name killed with SIGKILL."
      else
        emit "$name stop failed; still running."
      fi
    else
      emit "$name stopped."
    fi
  fi
}

status() {
  if [ -f "$pidfile" ] ; then
    pid=$(cat "$pidfile")
    if ps -p $pid > /dev/null 2> /dev/null ; then
      # process by this pid is running.
      # It may not be our pid, but that's what you get with just pidfiles.
      # TODO(sissel): Check if this process seems to be the same as the one we
      # expect. It'd be nice to use flock here, but flock uses fork, not exec,
      # so it makes it quite awkward to use in this case.
      return 0
    else
      return 2 # program is dead but pid file exists
    fi
  else
    return 3 # program is not running
  fi
}

force_stop() {
  if status ; then
    stop
    status && kill -KILL $(cat "$pidfile")
  fi
}


case "$1" in
  force-start|start|stop|force-stop|restart)
    trace "Attempting '$1' on kibana"
    ;;
esac

case "$1" in
  force-start)
    PRESTART=no
    exec "$0" start
    ;;
  start)
    status
    code=$?
    if [ $code -eq 0 ]; then
      emit "$name is already running"
      exit $code
    else
      start
      exit $?
    fi
    ;;
  stop) stop ;;
  force-stop) force_stop ;;
  status)
    status
    code=$?
    if [ $code -eq 0 ] ; then
      emit "$name is running"
    else
      emit "$name is not running"
    fi
    exit $code
    ;;
  restart)

    stop && start
    ;;
  *)
    echo "Usage: $SCRIPTNAME {start|force-start|stop|force-start|force-stop|status|restart}" >&2
    exit 3
  ;;
esac

exit $?

设置nginx代理

/etc/nginx/conf.d/kibana.conf

server{
    listen 443;
    server_name  xxxxxx.com;
    ssl on;
    ssl_certificate ssl/xxxxxxxxx.crt;
    ssl_certificate_key  ssl/xxxxxxxxxx.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
    ssl_prefer_server_ciphers on;

    location / {
            proxy_pass http://127.0.0.1:5601;
            auth_basic "test";
            auth_basic_user_file ".htpasswd";  # 需要手动创建密码文件
            allow x.x.x.x;  # 允许特定ip访问
            deny all;
    }
}
yum install -y httpd-tools
# 创建http密码
htpasswd -c -d /etc/nginx/.htpasswd test

# 重启nginx配置
nginx -t
nginx -s reload

修改配置文件

修改/data/kibana/config/kibana.yml

设置中文

i18n.locale: "zh-CN"

设置http地址

(好像基础免费版这个设置是无效的)

server.publicBaseUrl: "xxxxxx.com"

启动kibana

chkconfig --add kibana
chkconfig kibana on  # 开机启动
systemctl start kibana  # 启动服务

如果启动不成功可以通过systemctl status kibana -l和查看日志/data/kibana/logs/*来排查问题。

Tags: ELK