Filebeat在Ubuntu上的自动化部署方案
在自动化部署前,需确保目标Ubuntu主机满足以下条件:
wget、curl、gnupg等基础工具(可通过sudo apt install -y wget curl gnupg安装);根据团队运维习惯,可选择以下工具实现自动化:
通过Shell脚本封装安装、配置、启动等步骤,实现一键部署。示例如下:
#!/bin/bash
# Filebeat自动化部署脚本(Ubuntu版)
# 1. 安装依赖
sudo apt update && sudo apt install -y wget apt-transport-https gnupg
# 2. 添加Elastic GPG密钥
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
# 3. 添加Elastic APT仓库
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
# 4. 安装Filebeat
sudo apt update && sudo apt install -y filebeat
# 5. 配置Filebeat(示例:收集系统日志)
sudo tee /etc/filebeat/filebeat.yml > /dev/null <<EOL
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/syslog
- /var/log/auth.log
output.elasticsearch:
hosts: ["localhost:9200"]
index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
EOL
# 6. 启动并启用服务
sudo systemctl daemon-reload
sudo systemctl enable --now filebeat
# 7. 验证状态
sudo systemctl status filebeat
使用方法:将脚本保存为deploy_filebeat.sh,赋予执行权限(chmod +x deploy_filebeat.sh),然后在目标主机运行(./deploy_filebeat.sh)。
通过Ansible Playbook实现集中化自动化部署,支持多主机批量操作。示例如下:
deploy_filebeat.yml):---
- name: Deploy Filebeat on Ubuntu
hosts: all
become: yes
vars:
filebeat_version: "7.17.22"
filebeat_repo: "deb https://artifacts.elastic.co/packages/7.x/apt stable main"
tasks:
- name: Install dependencies
apt:
name: ["wget", "apt-transport-https", "gnupg"]
state: present
update_cache: yes
- name: Add Elastic GPG key
apt_key:
url: https://artifacts.elastic.co/GPG-KEY-elasticsearch
state: present
- name: Add Elastic APT repository
apt_repository:
repo: "{{ filebeat_repo }}"
state: present
- name: Install Filebeat
apt:
name: filebeat
state: present
update_cache: yes
- name: Configure Filebeat
template:
src: filebeat.yml.j2
dest: /etc/filebeat/filebeat.yml
owner: root
group: root
mode: '0644'
notify: Restart Filebeat
- name: Enable Filebeat service
systemd:
name: filebeat
enabled: yes
state: started
handlers:
- name: Restart Filebeat
systemd:
name: filebeat
state: restarted
filebeat.yml.j2):filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/syslog
- /var/log/auth.log
output.elasticsearch:
hosts: ["localhost:9200"]
index: "filebeat-%{[agent.version]}-%{+yyyy.MM.dd}"
使用方法:将Playbook和模板文件放在控制节点的同一目录下,运行ansible-playbook -i inventory_file deploy_filebeat.yml(inventory_file为目标主机列表文件)。
无论选择哪种方式,自动化部署的核心步骤一致:
apt-key添加GPG密钥,确保软件包来源可信;apt安装官方提供的稳定版本;/etc/filebeat/filebeat.yml,指定输入源(如系统日志、应用日志)和输出目标(如Elasticsearch);systemctl命令启动Filebeat,并设置为开机自启。部署完成后,需验证Filebeat是否正常运行:
sudo systemctl status filebeat(应显示“active (running)”);sudo journalctl -u filebeat -f(观察是否有错误信息);curl -X GET "localhost:9200/_cat/indices?v"查看是否有filebeat-*索引;若输出到Logstash,可查看Logstash日志(/var/log/logstash/logstash-plain.log)。若需动态添加日志采集路径(如新增应用日志),可通过脚本或Ansible实现配置文件的自动更新。例如:
append_config.sh):#!/bin/bash
SERVICE_NAME=$1
LOG_PATH=$2
# 检查配置是否已存在
if grep -q "$SERVICE_NAME" /etc/filebeat/filebeat.yml; then
echo "Config for $SERVICE_NAME already exists."
else
# 追加新的输入配置
sed -i "/filebeat.inputs:/a \ - type: log\n enabled: true\n paths:\n - $LOG_PATH\n fields:\n log_topic: $SERVICE_NAME" /etc/filebeat/filebeat.yml
echo "Added config for $SERVICE_NAME."
fi
# 重启Filebeat使配置生效
sudo systemctl restart filebeat
使用方法:./append_config.sh nginx /var/log/nginx/access.log(新增Nginx日志采集)。
通过以上方案,可实现Filebeat在Ubuntu上的高效自动化部署,减少人工操作误差,提升运维效率。