Skip to content

L
log_server
Commit 6decaad6 authored by Peter Cheng's avatar Peter Cheng
Browse files
Options

開發完成

parent 1213a8e3
Hide whitespace changes
Inline Side-by-side
Showing with 261 additions and 0 deletions
.env.swp 0 → 100644
View file @ 6decaad6
[server]
log ansible_host=127.0.0.1
\ No newline at end of file
README.md
View file @ 6decaad6
# log_server
日誌伺服器
## 資料夾結構
resources 用來存放軟體相關設定檔用
tasks 用來存放分類存放要安裝、設定的Ansible Playbook排程
.env.swp Ansible Playbook主機參數檔
install.yml 用來安裝所需之套件
config.yml 用來設定相關之設定
## Ansible Playbook 操作流程
1. 將.env.swp檔名改成.env
2. 設定.env中,對應的主機名與IP,可一次設定多台
3. 將./resources/.env.swp檔名改成.env,此為SonarQube連到資料庫所需之相關設定,請自行設定好
4. 運行以下指令安裝所需之套件
```
ansible-playbook -i .env install.yml --ask-become-pass
```
5. 輸入登入用密碼
6. 等全部的所需套件都安裝完成,並且沒有跳Fail
7. 運行以下指令設定服務器
```
ansible-playbook -i .env config.yml --ask-become-pass
```
8. 輸入登入用密碼
9. 等全部的所需套件都安裝完成,並且沒有跳Fail
## 服務與連接阜
5044 Port為Logstash服務
5601 Port為Kibana服務
9200, 9300 Port為Elasticsearch服務
本伺服器啟動之後,預設會開始剖析/var/log/dpkg.log服務,預設會將dpkg.log中的內容透過Filebeat扔到Logstash做剖析,最後格式化扔去Elasticsearch,供Kibana分析
你可以透過修改遠端主機底下的/opt/filebeat/filebeat.yml設定抓取檔案來源,與參考/opt/logstash/pipeline/dpkg.conf進行資料剖析
## Logstash 剖析設定相關連結
[grok 教學](https://blog.johnwu.cc/article/elk-logstash-grok-filter.html)
[grok debug](https://grokdebug.herokuapp.com/)
\ No newline at end of file
config.yml 0 → 100644
View file @ 6decaad6
---
- hosts: log
remote_user: petercheng
become: yes
tasks:
# 初始化系統
- name: "設定系統參數"
include_tasks: tasks/config/init.yml
\ No newline at end of file
install.yml 0 → 100644
View file @ 6decaad6
---
- hosts: log
remote_user: petercheng
become: yes
tasks:
# 初始化系統
- name: "全系統更新"
include_tasks: tasks/install/init.yml
# 安裝Docker
- name: "安裝Docker"
include_tasks: tasks/install/docker.yml
# 安裝Docker-Compose
- name: "安裝Docker"
include_tasks: tasks/install/docker-compose.yml
\ No newline at end of file
resources/docker/docker-compose.yml 0 → 100644
View file @ 6decaad6
version: '3'
services:
elasticsearch:
image: 'docker.elastic.co/elasticsearch/elasticsearch:7.5.0'
container_name: 'elasticsearch'
networks:
- log-networks
ports:
- 0.0.0.0:9200:9200
- 0.0.0.0:9300:9300
volumes:
- ./elasticsearch/data:/usr/share/elasticsearch/data
- ./elasticsearch/config:/usr/share/elasticsearch/config
environment:
- discovery.type=single-node
restart: always
kibana:
image: 'docker.elastic.co/kibana/kibana:7.5.0'
container_name: 'kibana'
networks:
- log-networks
depends_on:
- elasticsearch
ports:
- 0.0.0.0:5601:5601
volumes:
- ./kibana/config:/usr/share/kibana/config
restart: always
filebeat:
image: 'docker.elastic.co/beats/filebeat:7.5.0'
container_name: 'filebeat'
networks:
- log-networks
volumes:
- /opt/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml
- /opt/filebeat/data:/usr/share/filebeat/data
- /opt/filebeat/logs:/usr/share/filebeat/logs
- /var/log:/log/local
depends_on:
- elasticsearch
- logstash
restart: always
logstash:
image: 'docker.elastic.co/logstash/logstash:7.5.0'
container_name: 'logstash'
networks:
- log-networks
ports:
- 0.0.0.0:5044:5044
volumes:
- /opt/logstash/config:/usr/share/logstash/config
- /opt/logstash/pipeline:/usr/share/logstash/pipeline
depends_on:
- elasticsearch
restart: always
networks:
log-networks:
driver: bridge
tasks/config/init.yml 0 → 100644
View file @ 6decaad6
---
- name: "複製Docker-Compose.yml到遠端機器"
copy:
src: ./resources/docker/docker-compose.yml
dest: /opt/docker-compose.yml
owner: root
group: root
follow: yes
mode: "644"
- name: "複製Docker環境變數到遠端機器"
copy:
src: ./resources/docker/.env
dest: /opt/.env
owner: root
group: root
follow: yes
mode: "644"
- name: "複製運行Elasticsearch所需資料"
unarchive:
src: ./resources/elasticsearch.tar.gz
dest: /opt
- name: "設定Elasticsearch資料夾權限"
file:
path: /opt/elasticsearch/data
mode: "777"
owner: root
group: root
recurse: yes
- name: "複製運行Filebeat所需資料"
unarchive:
src: ./resources/filebeat.tar.gz
dest: /opt
- name: "設定Filebeat資料夾權限"
file:
path: /opt/filebeat/data
mode: "777"
owner: root
group: root
recurse: yes
- name: "設定Filebeat資料夾權限"
file:
path: /opt/filebeat/logs
mode: "777"
owner: root
group: root
recurse: yes
- name: "複製運行Kibana所需資料"
unarchive:
src: ./resources/kibana.tar.gz
dest: /opt
- name: "複製運行Logstash所需資料"
unarchive:
src: ./resources/logstash.tar.gz
dest: /opt
- name: "運行Docker-Compose"
shell: "docker-compose -f /opt/docker-compose.yml up -d --build"
args:
executable: /bin/bash
\ No newline at end of file
tasks/install/docker-compose.yml 0 → 100644
View file @ 6decaad6
---
#宣告變數
- shell: echo $(uname -s)-$(uname -m)
register: os
#安裝Docker-Compose
- name: "下載Docker-Compose 1.25.0"
get_url:
url: https://github.com/docker/compose/releases/download/1.25.0/docker-compose-{{ os.stdout }}
dest: /usr/local/bin/docker-compose
mode: "755"
- name: "設定Docker-Compose執行連結"
file:
src: /usr/local/bin/docker-compose
dest: /usr/bin/docker-compose
owner: root
group: root
state: link
follow: yes
\ No newline at end of file
tasks/install/docker.yml 0 → 100644
View file @ 6decaad6
---
#宣告變數
- shell: echo $(lsb_release -cs)
register: release_name
#安裝Docker
- name: "移除舊版Docker"
apt:
pkg:
- docker
- docker-engine
- docker.io
- containerd
- runc
- docker-ce
purge: yes
state: absent
- name: "安裝下載Docker所需之相依性套件"
apt:
pkg:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
state: present
update_cache: yes
- name: "下載安裝Docker所需之套件庫GPG Key"
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: "下載Docker套件庫來源"
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ release_name.stdout }} stable
state: present
filename: docker.list
- name: "安裝Docker"
apt:
pkg:
- docker-ce
- docker-ce-cli
- containerd.io
state: present
update_cache: yes
\ No newline at end of file
tasks/install/init.yml 0 → 100644
View file @ 6decaad6
---
# 初始化系統
- name: "全系統更新"
apt:
upgrade: dist
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment