在kubernetes集群中部署logstash步骤如下:
1:logstash安装文件(目前最新版本2.3.4);
2:编写Dockerfile及执行点脚本文件run.sh,并且修改logstash conf文件,配置为消费指定rabbitmq queue,并持久化消息至目标elasticsearch集群,制作logstash镜像;
3:推送镜像至某个Docker源,可以是公网的源,也可以是公司内部源;
4:在kubernetes主节点编写logstash镜像对应的RC文件;
5:在kubernetes集群中创建logstash pods;
6:测试验证
================================================================================================
1:logstash安装文件(目前最新版本2.3.4)
logstash目前最新版本安装包:logstash-2.3.4.tar.gz,可事先下载COPY进Docker镜像,也可以通过wget的方式在Dockerfile中配置下载;
================================================================================================
2:编写Dockerfile及执行点脚本文件run.sh,并且修改logstash conf文件,配置为消费指定rabbitmq queue,并持久化消息至目标elasticsearch集群,制作logstash镜像
由于logstash运行依赖于其配置文件,需要根据实际使用场景对配置文件的in,filter,out三个模块进行配置,因此需要先建立好conf文件;
我的使用场景是logstash作为rabbitmq中日志信息队列的消费者,获得rabbitmq推送的消息后,推送至out模块配置的elasticsearch集群,以供kibana使用(ELK框架)。
这是一个比较典型的应用场景,也可以根据实际需求配置logstash为redis或其它数据源的消费者;
如下是我的场景中的logstash配置文件(log-pipeline.conf):
input {
http {
}
rabbitmq {
host => "localhost"
port => 5672
queue => "example.queue"
key => ""
user => "guest"
password => "guest"
durable => true
}
}
filter {
date {
match => [ "timestamp","yyyy-MM-dd HH:mm:ss" ]
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "logstash-*"
}
}
配置文件中的所有配置项都是默认值,实际参数是配置在kubernetes集群的RC文件中的;
同时,我们这里打开了http这个in模块,接受http直接推送消息,默认端口是8080;
现在我们可以建立Dockerfile:
FROM centos:7.2.1511
MAINTAINER JiaKai "jiakai@gridsum.com"
COPY CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo
RUN yum update -y -q && yum install -y -q java-headless which && rm -rf /var/cache/yum
ENV LOGSTASH_VERSION 2.3.4
COPY ./logstash-${LOGSTASH_VERSION}.tar.gz /opt/logstash-${LOGSTASH_VERSION}.tar.gz
RUN tar -xzf /opt/logstash-${LOGSTASH_VERSION}.tar.gz && \
mv -f /logstash-${LOGSTASH_VERSION} /opt/logstash && \
rm -f /opt/logstash-${LOGSTASH_VERSION}.tar.gz
ENV CONF_FILE /log-pipeline.conf
COPY ./log-pipeline.conf ${CONF_FILE}
COPY ./run.sh /run.sh
RUN chmod a+wx ${CONF_FILE} && chmod a+x /run.sh
# logstash-input-http plugin default port 8080
EXPOSE 8080
CMD ["/run.sh"]
Dockerfile中需要注意的是,logstash的运行依赖于java环境及which组件,需要在基础镜像的基础上安装,同时要注意清除yum缓存,打开8080端口为为了支持logstash的http模块(在我的应用场景中也可以不打开);
Dockerfile的入口点run.sh文件如下:
#!/bin/sh
set -e
RABBIT_HOST=${RABBIT_HOST:-localhost}
RABBIT_PORT=${RABBIT_PORT:-5672}
RABBIT_QUEUE=${RABBIT_QUEUE:-example.queue}
RABBIT_USER=${RABBIT_USER:-guest}
RABBIT_PWD=${RABBIT_PWD:-guest}
ES_URLS=${ES_URLS:-localhost:9200}
ES_INDEX=${ES_INDEX:-logstash-*}
sed -i "s;^.*host => .*; host => \"${RABBIT_HOST}\";" ${CONF_FILE}
sed -i "s;^.*port => .*; port => ${RABBIT_PORT};" ${CONF_FILE}
sed -i "s;^.*queue => .*; queue => \"${RABBIT_QUEUE}\";" ${CONF_FILE}
sed -i "s;^.*user => .*; user => \"${RABBIT_USER}\";" ${CONF_FILE}
sed -i "s;^.*password => .*; password => \"${RABBIT_PWD}\";" ${CONF_FILE}
sed -i "s;^.*hosts => .*; hosts => [\"${ES_URLS}\"];" ${CONF_FILE}
sed -i "s;^.*index => .*; index => \"${ES_INDEX}\";" ${CONF_FILE}
exec /opt/logstash/bin/logstash -f ${CONF_FILE}
需要注意的是在配置文件的修改中,字符串参数需要双引号,因此sh中以\"包含起来;
完成以上3个文件的创建,即可通过
sudo docker build -t="jiakai/logstash:2.3.4" .
来创建logstash的Docker镜像;
无误的话将得到名为jiakai/logstash,Tag为2.3.4的logstash镜像,可以通过
sudo docker run -e RABBIT_HOST=10.XXX.XXX.XXX -e RABBIT_PORT=5672 -e RABBIT_QUEUE=Gridsum.LawDissector.NLog.Targets.LogMessage:Gridsum.LawDissector.NLog.Targets -e RABBIT_USER=XXX -e RABBIT_PWD=XXX -e ES_URLS=10.XXX.XXX.XXX:XXXX -e ES_INDEX=ld.log-%{+YYYY.MM} -i -t 913defa45d4c
来启动该镜像,其中913defa45d4c是我的Docker镜像ID,根据实际更改即可,无误的话,这时候我们查看Rabbitmq中指定的队列的consumer,会多出一个我们执行Docker镜像的宿主机的消费者,且这个IP是docker0的IP;
===============================================================================================
3:推送镜像至某个Docker源,可以是公网的源,也可以是公司内部源
推送镜像之前需要为镜像重新标记(TAG),这里以公司的内部源为例,将制作好的镜像推送至目标源:
sudo docker Tag jiakai/logstash:2.3.4 10.200.XXX.XXX:5000/gridsum/logstash:2.3.4
===============================================================================================
4:在kubernetes主节点编写logstash镜像对应的RC文件
5:在kubernetes集群中创建logstash pods;
6:测试验证。
由于我们场景中的logstash无需对外提供服务,仅仅作为rabbitmq的消费者存在,因此无需在kubernetes中提供logstash service,至需要利用RC保持logstash的高可用服务即可,因此我们建立logstash的RC文件:
apiVersion: v1
kind: ReplicationController
metadata:
name: logstash
namespace: default
labels:
component: elk
name: logstash
spec:
replicas: 1
selector:
component: elk
name: logstash
template:
metadata:
labels:
component: elk
name: logstash
spec:
containers:
- name: logstash
image: 10.XXX.XXX.XXX:5000/gridsum/logstash:2.3.4
env:
- name: RABBIT_HOST
value: 10.XXX.XXX.XXX
- name: RABBIT_PORT
value: "5672"
- name: RABBIT_QUEUE
value: Gridsum.LawDissector.NLog.Targets.LogMessage:Gridsum.LawDissector.NLog.Targets
- name: RABBIT_USER
value: XXX
- name: RABBIT_PWD
value: XXX
- name: ES_URLS
value: 10.XXX.XXX.XXX:XXXX
- name: ES_INDEX
value: ld.log-%{+YYYY.MM}
ports:
- containerPort: 8080
name: http
protocol: TCP
文件保存为logstash-controller.yaml,之后在kubernetes集群主节点上执行
kubectl create -f logstash-controller.yaml
启动该RC;通过
kubectl get pods
检查logstash pod是否正常运行(running),同时检查rabbitmq对应的queue是否正确由这个logstash pod消费,再从elasticsearch集群确认消费的日志消息时候已经正确推送ELK。
经过以上步骤,即可通过kubernetes集群提供高可用的logstash服务,为ELK框架提供支持。