Quicktricks.net

Config Kibana + Elasticsearch 100% working on Linux (Centos/ Rocky)

Install JAVA

First, install Java 1.8. Check java, install if not exist:

java -version
dnf install java-1.8.0-openjdk-devel

Open firewall TCP port 9200, 8200, and 5601

firewall-cmd --add-port=9200/tcp --permanent
firewall-cmd --add-port=8200/tcp --permanent
firewall-cmd --add-port=5601/tcp --permanent
firewall-cmd --reload

Install ElasticSearch:

Install Elasticsearch:

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
tee /etc/yum.repos.d/elasticsearch.repo <<EOF
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
dnf install elasticsearch

Config ELS:

vi /etc/elasticsearch/elasticsearch.yml
network.host: 0.0.0.0
http.port: 9200
# only 1 server, disable checking bootstrap
discovery.type: single-node
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true

Save xml file then:

chown -R elasticsearch:elasticsearch /var/lib/elasticsearch/

Config tempdir to work with JAVA:

vi /etc/sysconfig/elasticsearch
ES_JAVA_OPTS="-Djna.tmpdir=/var/lib/elasticsearch/tmp"

Above for Elasticsearc 7.15. For newer Elasticsearch version maybe:

ES_JAVA_OPTS="-Djava.io.tmpdir=/var/lib/elasticsearch/tmp"

Save elasticsearch file, then restart & check status:

systemctl enable elasticsearch
systemctl start elasticsearch
systemctl status elasticsearch

If everything ok, check http://localhost:9200

Install and config Kibana:

Install Kibana:

tee /etc/yum.repos.d/kibana.repo <<EOF
[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
dnf install kibana

Create username and password:

cd /usr/share/elasticsearch/bin
./elasticsearch-setup-passwords auto

system auto generate these passwords for you to config in next steps:

Changed password for user apm_system
PASSWORD apm_system = sdfgkhfghjkghjkjhgfghj
Changed password for user kibana_system
PASSWORD kibana_system = sdfgkhfghjkghjkjhgfghj
Changed password for user kibana
PASSWORD kibana = this_is_kibana_password
Changed password for user logstash_system
PASSWORD logstash_system = sdfgkhfghjkghjkjhgfghj
Changed password for user beats_system
PASSWORD beats_system = sdfgkhfghjkghjkjhgfghj
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = sdfgkhfghjkghjkjhgfghj
Changed password for user elastic
PASSWORD elastic = this_is_elastic_password

Note: Storage above text in a file.

Config Kibana to work

Edit file /etc/kibana/kibana.yml like as:

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "this_is_kibana_password"

Save xml file then start:

systemctl enable kibana
systemctl start kibana

On Browser, enter your Monitor Server address with port 5601 to connect Kibana UI:

Example: http://localhost:5601, http:127.0.0.1:5601,….

  • User: elastic
  • password: this_is_elastic_password (find in before steps)

After login successful, create more users: On Kibana Menu, click Stack Management->User (Sercurity bar)->Create user

Install Elastic APM Server

curl -L -O https://artifacts.elastic.co/downloads/apm-server/apm-server-7.15.2-x86_64.rpm
rpm -vi apm-server-7.15.2-x86_64.rpm

Config APM server in /etc/apm-server/apm-server.yml:

apm-server:
  host: "0.0.0.0:8200"
api_key:
    enabled: true
limit: 1000
elasticsearch:
      hosts: ["localhost:9200"]
      protocol: "http"
      # Username and password are only needed for the apm-server apikey sub-command, and they are ignored otherwise
      # See `apm-server apikey --help` for details.
      username: "elastic"
      password: "this_is_elastic_password"

Save yml file then:

systemctl enable apm-server
service apm-server start

Restart all service

systemctl restart elasticsearch
systemctl restart kibana
systemctl restart apm-server

If everything ok, check:

  • http://your_server_ip:9200 (Elasticsearch)
  • http://your_server_ip:8200 (Elastic APM server)
  • http://your_server_ip:5601 (Kibana)

If your server have physics firewall or 3rd DNS service, please confirm port 9200, 8200 and 5601 were opened.

Should config DNS to Public IP, APM maybe not work if you point a domain to local IP.

Debug ElasticSearch + PHP

In terminal, you write:

php -v
php -i

If you received “zend_mm_heap corrupted” error. Please check in your folder php.d, delete extension “elasticsearch.ini”. Or change php-cli version to 8.0 (below is example for Open lite speed server):

rm -f /usr/bin/php && ln -s  /usr/local/lsws/lsphp80/bin/php /usr/bin/php

AGENT setup

After successful installation on the Monitoring computer, we install Elastic APM on each computer we have (which need monitoring). The first, change php-cli on every computer to php80. With me, on Open lite speed server:

rm -f /usr/bin/php && ln -s  /usr/local/lsws/lsphp80/bin/php /usr/bin/php

Elastic APM Agent

On the Monitor computer

On Kibana Menu, click Stack Management->API key (Sercurity bar)->Create API key. Store your key (base64) to a note file to use later.

Important: Only 1 Key be used for all Agents. Dont use > 1 key.

On the Agent computer

Download and install:

curl -L -O https://github.com/elastic/apm-agent-php/releases/download/v1.3.1/apm-agent-php-1.3.1-1.noarch.rpm
rpm -i apm-agent-php-1.3.1-1.noarch.rpm

open file /opt/elastic/apm-agent-php/etc/elastic-apm-custom.ini

then add something like:

elastic_apm.server_url="http://YOUR_MONITOR_SERVER_IP:8200"
elastic_apm.api_key = "YOUR_API_KEY at before step"
elastic_apm.service_name="The No.1 Agent Computer"
elastic_apm.log_level = "TRACE"

api_key you create on the Monitor computer from Kibana web: server_ip:5601

Metricbeat

On the Monitor computer

from you Kibana web UI:

On Menu, click Stack Management->Role (Sercurity bar)->Create role:

  1. Set role name is something as: setup_role
  2. Cluster privileges: All
  3. Run As privileges: elastic_system, kibana_system, beat_system
  4. Index privileges:
    • Indices = metricbeat-*
    • Privileges = monitor, manage_ilm, manage, write
  5. Add Kibana privilege: All space
  6. Create or update role

On Menu, click Stack Management->User (Sercurity bar)->Create user

  1. Set Username = user1 (or something you like)
  2. Password: 123456 (or something you like)
  3. Privileges: setup role, ingest_admin, kibana_admin

On Agent computer

Download and install Metricbeat on Agent

curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.15.2-x86_64.rpm
rpm -vi metricbeat-7.15.2-x86_64.rpm

edit file /etc/metricbeat/metricbeat.yml:

setup.kibana:
  host: "10.x.x.x:5601"
  username: "user1"
  password: "123456"
# (change ip to your kibana server ip)
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["10.x.x.x:9200"]
  username: "user1"
  password: "123456"

save your file then run this commands:

metricbeat modules enable apache mysql
metricbeat modules enable php_fpm
metricbeat setup -e
service metricbeat start

Restart your server and Enjoy

,
, ,

DMCA.com Protection Status

Leave a Reply

Your email address will not be published. Required fields are marked *