Install JAVA
First, install Java 1.8. Check java, install if not exist:
java -version
dnf install java-1.8.0-openjdk-devel
Open firewall TCP port 9200, 8200, and 5601
firewall-cmd --add-port=9200/tcp --permanent
firewall-cmd --add-port=8200/tcp --permanent
firewall-cmd --add-port=5601/tcp --permanent
firewall-cmd --reload
Install ElasticSearch:
Install Elasticsearch:
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
tee /etc/yum.repos.d/elasticsearch.repo <<EOF
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
dnf install elasticsearch
Config ELS:
vi /etc/elasticsearch/elasticsearch.yml
network.host: 0.0.0.0
http.port: 9200
# only 1 server, disable checking bootstrap
discovery.type: single-node
xpack.security.enabled: true
xpack.security.authc.api_key.enabled: true
Save xml file then:
chown -R elasticsearch:elasticsearch /var/lib/elasticsearch/
Config tempdir to work with JAVA:
vi /etc/sysconfig/elasticsearch
ES_JAVA_OPTS="-Djna.tmpdir=/var/lib/elasticsearch/tmp"
Above for Elasticsearc 7.15. For newer Elasticsearch version maybe:
ES_JAVA_OPTS="-Djava.io.tmpdir=/var/lib/elasticsearch/tmp"
Save elasticsearch file, then restart & check status:
systemctl enable elasticsearch
systemctl start elasticsearch
systemctl status elasticsearch
If everything ok, check http://localhost:9200
Install and config Kibana:
Install Kibana:
tee /etc/yum.repos.d/kibana.repo <<EOF
[kibana-7.x]
name=Kibana repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
dnf install kibana
Create username and password:
cd /usr/share/elasticsearch/bin
./elasticsearch-setup-passwords auto
system auto generate these passwords for you to config in next steps:
Changed password for user apm_system
PASSWORD apm_system = sdfgkhfghjkghjkjhgfghj
Changed password for user kibana_system
PASSWORD kibana_system = sdfgkhfghjkghjkjhgfghj
Changed password for user kibana
PASSWORD kibana = this_is_kibana_password
Changed password for user logstash_system
PASSWORD logstash_system = sdfgkhfghjkghjkjhgfghj
Changed password for user beats_system
PASSWORD beats_system = sdfgkhfghjkghjkjhgfghj
Changed password for user remote_monitoring_user
PASSWORD remote_monitoring_user = sdfgkhfghjkghjkjhgfghj
Changed password for user elastic
PASSWORD elastic = this_is_elastic_password
Note: Storage above text in a file.
Config Kibana to work
Edit file /etc/kibana/kibana.yml
like as:
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://localhost:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "this_is_kibana_password"
Save xml file then start:
systemctl enable kibana
systemctl start kibana
On Browser, enter your Monitor Server address with port 5601 to connect Kibana UI:
Example: http://localhost:5601, http:127.0.0.1:5601,….
- User: elastic
- password: this_is_elastic_password (find in before steps)
After login successful, create more users: On Kibana Menu, click Stack Management
->User
(Sercurity bar)->Create user
Install Elastic APM Server
curl -L -O https://artifacts.elastic.co/downloads/apm-server/apm-server-7.15.2-x86_64.rpm
rpm -vi apm-server-7.15.2-x86_64.rpm
Config APM server in /etc/apm-server/apm-server.yml
:
apm-server:
host: "0.0.0.0:8200"
api_key:
enabled: true
limit: 1000
elasticsearch:
hosts: ["localhost:9200"]
protocol: "http"
# Username and password are only needed for the apm-server apikey sub-command, and they are ignored otherwise
# See `apm-server apikey --help` for details.
username: "elastic"
password: "this_is_elastic_password"
Save yml file then:
systemctl enable apm-server
service apm-server start
Restart all service
systemctl restart elasticsearch
systemctl restart kibana
systemctl restart apm-server
If everything ok, check:
- http://your_server_ip:9200 (Elasticsearch)
- http://your_server_ip:8200 (Elastic APM server)
- http://your_server_ip:5601 (Kibana)
If your server have physics firewall or 3rd DNS service, please confirm port 9200, 8200 and 5601 were opened.
Should config DNS to Public IP, APM maybe not work if you point a domain to local IP.
Debug ElasticSearch + PHP
In terminal, you write:
php -v
php -i
If you received “zend_mm_heap corrupted
” error. Please check in your folder php.d, delete extension “elasticsearch.ini”. Or change php-cli version to 8.0 (below is example for Open lite speed server):
rm -f /usr/bin/php && ln -s /usr/local/lsws/lsphp80/bin/php /usr/bin/php
AGENT setup
After successful installation on the Monitoring computer, we install Elastic APM on each computer we have (which need monitoring). The first, change php-cli on every computer to php80. With me, on Open lite speed server:
rm -f /usr/bin/php && ln -s /usr/local/lsws/lsphp80/bin/php /usr/bin/php
Elastic APM Agent
On the Monitor computer
On Kibana Menu, click Stack Management
->API key
(Sercurity bar)->Create API key
. Store your key (base64) to a note file to use later.
Important: Only 1 Key be used for all Agents. Dont use > 1 key.
On the Agent computer
Download and install:
curl -L -O https://github.com/elastic/apm-agent-php/releases/download/v1.3.1/apm-agent-php-1.3.1-1.noarch.rpm
rpm -i apm-agent-php-1.3.1-1.noarch.rpm
open file /opt/elastic/apm-agent-php/etc/elastic-apm-custom.ini
then add something like:
elastic_apm.server_url="http://YOUR_MONITOR_SERVER_IP:8200"
elastic_apm.api_key = "YOUR_API_KEY at before step"
elastic_apm.service_name="The No.1 Agent Computer"
elastic_apm.log_level = "TRACE"
api_key you create on the Monitor computer from Kibana web: server_ip:5601
Metricbeat
On the Monitor computer
from you Kibana web UI:
On Menu, click Stack Management
->Role
(Sercurity bar)->Create role
:
- Set role name is something as: setup_role
- Cluster privileges: All
- Run As privileges: elastic_system, kibana_system, beat_system
- Index privileges:
- Indices = metricbeat-*
- Privileges = monitor, manage_ilm,
manage
, write
- Add Kibana privilege: All space
- Create or update role
On Menu, click Stack Management
->User
(Sercurity bar)->Create user
- Set Username = user1 (or something you like)
- Password: 123456 (or something you like)
- Privileges:
setup role
,ingest_admin
,kibana_admin
On Agent computer
Download and install Metricbeat on Agent
curl -L -O https://artifacts.elastic.co/downloads/beats/metricbeat/metricbeat-7.15.2-x86_64.rpm
rpm -vi metricbeat-7.15.2-x86_64.rpm
edit file /etc/metricbeat/metricbeat.yml
:
setup.kibana:
host: "10.x.x.x:5601"
username: "user1"
password: "123456"
# (change ip to your kibana server ip)
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["10.x.x.x:9200"]
username: "user1"
password: "123456"
save your file then run this commands:
metricbeat modules enable apache mysql
metricbeat modules enable php_fpm
metricbeat setup -e
service metricbeat start
Restart your server and Enjoy