0%

elasticsearch、kibana安装x-pack可视化插件

x-pack插件可提供es集群的可视化,但不提供报警功能。

先来看几张x-pack的成品图:
x-pack1.png

x-pack2.png

x-pack3.png
x-pack4.png

安装x-pack插件

elasticsearch kibana都应该安装x-pack插件。

  • 在线安装方式(在线安装时间比较长,没事别瞎敲回车)

    1
    2
    # ./kibana-plugin install x-pack
    # ./elasticsearch-plugin install x-pack
  • 离线安装方式(推荐,方便多台机器重复使用)

    1
    2
    3
    4
    # wget https://artifacts.elastic.co/downloads/elasticsearch-plugins/x-pack/x-pack-5.6.16.zip
    # ./elasticsearch-plugin install file:///usr/local/src/elk/elasticsearch-plugin/x-pack-5.6.16.zip
    # wget https://artifacts.elastic.co/downloads/kibana-plugins/x-pack/x-pack-5.6.16.zip
    # ./kibana-plugin install file:///usr/local/src/elk/kibana-plugin/x-pack-5.6.16.zip

    安装提示一路y就行了。

license

新建LicenseVerifier.java文件,内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
package org.elasticsearch.license;
import java.nio.*;
import java.util.*;
import java.security.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.common.io.*;
import java.io.*;
public class LicenseVerifier
{
public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
return true;
}
public static boolean verifyLicense(final License license) {
return true;
}
}

执行编译,依赖的几个jar包都在es的安装目录,编译完成后会得到一个.class文件

1
2
3
# javac -cp "/usr/local/es/lib/elasticsearch-5.6.16.jar:/usr/local/es/lib/lucene-core-6.6.1.jar:/usr/local/es/plugins/x-pack/x-pack-5.6.16.jar" LicenseVerifier.java
# ls
LicenseVerifier.class LicenseVerifier.java

替换jar包中的文件

1
2
3
4
5
6
7
8
9
10
# mkdir tmp
# cd tmp/
# cp -a /usr/local/es/plugins/x-pack/x-pack-5.6.16.jar .
# jar -xvf x-pack-5.6.16.jar
# rm -f x-pack-5.6.16.jar
# cp -a ../LicenseVerifier.class org/elasticsearch/license/
cp: overwrite ‘org/elasticsearch/license/LicenseVerifier.class’? y
# jar czf x-pack-5.6.16.jar .
# cp -a x-pack-5.6.16.jar /usr/local/es/plugins/x-pack/
cp: overwrite ‘/usr/local/es/plugins/x-pack/x-pack-5.6.16.jar’? y

重启es服务

获取license文件,传送门->,也可以使用下面的文件。
官网说的明白,6.3以上版本,无需license,6.3以下版本的license可用1年时间,1年后可以再次到官网注册获取。修改license文件可以获得更长时间的授权,我的license文件license.json如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
{
"license": {
"uid": "074c9167-e43a-4a37-ac25-be16984b3cad",
"type": "platinum",
"issue_date_in_millis": 1573084800000,
"expiry_date_in_millis": 1573171200000,
"max_nodes": 100,
"issued_to": "fred fred (my test)",
"issuer": "Web Form",
"signature": "AAAAAwAAAA2WppdztHfRfNgNXQ4AAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQCpIi8gy1gi2B5jieakBrC9SXLGNt2H2KWgwUU7UVLyVsqVTp6mUrz5OTvRJrJFR0dFA8p//P4aZseT3rWL0j0CNEmJ1hsEw915oPh+yrAnVnq7OaV6ORTxU5PqDJASILsI2pDxFBF6D2RiGmpGYwelxE816e1+N5L2s3NKTZViRV4zD7tozhdMWwH9zXaa10rFqNIvhMXvH+jJyUxWaF4TuRjnDCU2V/LSUq7wn88Owt+4C9Rtqq8nMkF237nt0vekGq8++asLK8vAp3twIjuNd3kJLh3CegfDghP6t4kW8bkTrm7zVC4Rq+/GtbzboVdaMpjsHEa6A7ikBl1Rp80M",
"start_date_in_millis": 1564531200000
}
}

type表示会员类型,默认为basic,改成platinum表示白金版,有所有功能;
issue_date_in_millis expiry_date_in_millis基于start_date_in_millis自己看着改下,这样就不用每年去注册了;
集群规模比较大的话max_nodes也看着改下。

查看授权信息,注意带有用户名密码,这是安装x-pack之后的默认用户名密码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# curl -XGET -u elastic:changeme http://10.2.1.105:9200/_xpack/license?pretty
{
"license" : {
"status" : "active",
"uid" : "0a7cb49f-e95d-4df7-849e-c50ef9cba2f1",
"type" : "trial",
"issue_date" : "2019-07-31T06:50:07.415Z",
"issue_date_in_millis" : 1564555807415,
"expiry_date" : "2019-08-30T06:50:07.415Z",
"expiry_date_in_millis" : 1567147807415,
"max_nodes" : 1000,
"issued_to" : "lang-test",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}

基于license.json进行授权

1
2
# curl -XPUT -u elastic:changeme http://10.2.1.105:9200/_xpack/license?acknowledge=true -H 'Content-Type: application/json' -d @license.json
{"acknowledged":true,"license_status":"invalid"}

其他elasticsearch实例重复上步骤。

监控报警

elasticsearch提供RESTful API,可以获取集群健康状态,详细请参考
http://www.54tianzhisheng.cn/2017/10/15/ElasticSearch-cluster-health-metrics/
http://www.54tianzhisheng.cn/2017/10/18/ElasticSearch-nodes-metrics/#
https://www.datadoghq.com/blog/monitor-elasticsearch-performance-metrics/

异常与处理

添加x-pack后,kibana无法登录

kibana启动日志错误日志如下

1
2
3
4
5
6
log   [06:37:45.171] [error][status][plugin:upgrade@5.6.16] Status changed from uninitialized to red - Authentication Exception
log [06:37:45.211] [info][status][plugin:console@5.6.16] Status changed from uninitialized to green - Ready
log [06:37:45.233] [info][status][plugin:metrics@5.6.16] Status changed from uninitialized to green - Ready
log [06:37:45.421] [info][status][plugin:timelion@5.6.16] Status changed from uninitialized to green - Ready
log [06:37:45.427] [info][listening] Server running at http://10.2.1.105:5601
log [06:37:45.429] [error][status][ui settings] Status changed from uninitialized to red - Elasticsearch plugin is red

报错截图
err.png

安装kibana之后,elasticsearch会添加登录认证,默认用户名密码elastic:changeme,需修改kibana配置文件kibana.yml

1
2
elasticsearch.username: "elastic"
elasticsearch.password: "changeme"

重启服务后再次登录,用户名密码仍然同上。

参考
https://blog.csdn.net/warrah/article/details/82869362