Hai guys, kali ini ayies akan jelasin cara Membuat Cluster Elastic Search (ELK) 3 Node Yang Ciamik di Linux. Kenapa ciamik? karena ELK yang kita buat ini bukan kaleng-kaleng melainkan support beberapa fitur berikut:

  1. Cluster 3 Node (1 master, 1 master & data node dan 1 data node)
  2. HTTPS (biar lebih secure)
  3. Fitur API Key Enable console
  4. SSL interaction over cluster
  5. Xpack Elastic Search Enable
  6. dll…

Yuk mulai…. Seperti biasa siapkan 3 server dengan Linux Ubuntu 18.04 (Kenapa Ubuntu? karena Linux favorit saya dan sejuta umat lainnya :D)

Katakanlah IP Server tsb adalah:

192.168.1.1 elk-node-1 (MASTER AND COORDINATOR ONLY)

192.168.1.2 elk-node-2 (MASTER AND DATA NODE)

192.168.1.3 elk-node-3 (DATA NODE ONLY)


Membuat Cluster Elastic Search (ELK) 3 Node Yang Ciamik di Linux

ELK Cluster ini akan kita kasih nama CIST-ELK (Cuma Ingin Situ Tau) Hahahaha….

SETUP HOSTNAME

edit file /etc/hosts dan Tambahkan berikut:

sudo nano /etc/hosts
192.168.1.1   elk-node-1

192.168.1.2   elk-node-2

192.168.1.3   elk-node-3

Matikan UFW (Saya lebih suka UFW dimatikan karena Firewall disisi router saja)

sudo systemctl disable ufw

SETUP TIME SERVER CLUSTER (NTPD)

sudo timedatectl set-ntp no
timedatectl

Pastikan sync dalam keadaan NO.

INSTALL NTP PACKAGE

sudo apt-get install ntp
sudo systemctl enable ntp
sudo ntpq -p

Pastikan Hasilnya syncronized Yes dan format dalam UTC

Setup ELK Cluster di Linux Ubuntu

SETUP ELK NODE 1

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Install Versi Latest yaitu ELK versi 7.x

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
sudo apt install apt-transport-https openjdk-11-jdk
sudo apt install elasticsearch
sudo nano /etc/elasticsearch/jvm.options

Sesuaikan menjadi kira2 sekitar 65% RAM:

-Xms5g

-Xmx5g

nano /etc/elasticsearch/elasticsearch.yml

Sesuaikan sampai menjadi:

cara install cluster elk setup di linux ubuntu

cara install cluster elk linux ubuntu

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

Yup sampai proses ini Elastic search kamu sudah ready sebenernya tapi… ini baru dasarnya banged. Belum support HTTPS, API Key, SSL atau Xpack enable dll. Masih sabar dan kuat kan setup nya? Yuk lanjut…

Membuat Cluster Elastic Search (ELK) memang butuh kesabaran 🙂

TEST FUNCTIONAL CLUSTER

curl http://192.168.1.1:9200/_cluster/health?pretty

Pastikan hasilnya:

Cek Cluster ELK di Linux Ubuntu

CHECK MASTER AND NODE CONDITION STATUS

curl http://192.168.1.1:9200/_cat/master

1fjVWXYjKLSM8gHbmx3GQ 192.168.1.1 192.168.1.1 elk-node-1

curl http://192.168.1.1:9200/_cat/nodes?h=ip,port,heapPercent,name

192.168.1.1 9300  elk-node-1

192.168.1.2 9300  elk-node-2

192.168.1.3 9300  elk-node-3

MEMBUAT SELURUH NODE LEBIH SECURE 

DENGAN SSL/HTTPS COMMUNICATION TRANSPORT CLUSTER

/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca
/etc/elasticsearch/certs/elastic-certificates.p12 --dns elk-node-1,elk-node-2,elk-node-3 --days 1000

Elastic Search HTTPS SLL Cluster Linux Ubuntu

sudo mkdir /etc/elasticsearch/certs
sudo mv /usr/share/elasticsearch/elastic-certificates.p12 /etc/elasticsearch/certs
sudo chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
sudo nano /etc/elasticsearch/elasticsearch.yml

Tambahkan baris berikut dibagian bawah pada file /etc/elasticsearch/elasticsearch.yml sehingga menjadi: 


config elk linux ubuntu xpack elastic search

 

Restart Service Elasticsearch

sudo systemctl restart elasticsearch

Lakukan hal diatas cukup di 1 node induk Master (192.168.1.1) dan copy file elastic-certificates.p12 di node 1 itu di seluruh node lainnya. (jadi gak perlu generate lagi diseluruh node) … cukup copy saja.

Dan cukup lakukan ini saja setelah mencopy file P12 tadi.

sudo mkdir /etc/elasticsearch/certs

Copy file P12 ke /etc/elasticsearch/certs lalu

sudo chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
sudo nano /etc/elasticsearch/elasticsearch.yml

Tambahkan baris berikut dibagian bawah pada file /etc/elasticsearch/elasticsearch.yml sehingga menjadi: 


config elk linux ubuntu xpack elastic search

Beginilah Penampakannya Kira2 Baik di Master 1 dan Node lainnya.

Elastic Search Master di Linux Ubuntu Elastic Search Master di Linux Ubuntu - ELK2.jpegElastic Search Master di Linux Ubuntu - ELK3.

Buat credential juga agar lebih secure.

Lakukan hal berikut cukup di 1 server Master Node. Tidak perlu diseluruh node.

/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

root@a000s-itelkclust1:~# /usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user.You will be prompted to enter passwords as the process progresses.Please confirm that you would like to continue [y/N]y

Enter password for [elastic]:  
Reenter password for [elastic]:  
Enter password for [apm_system]:  
Reenter password for [apm_system]:  
Enter password for [kibana]:  
Reenter password for [kibana]:  
Enter password for [logstash_system]:  
Reenter password for [logstash_system]:  
Enter password for [beats_system]:  
Reenter password for [beats_system]:  
Enter password for [remote_monitoring_user]:  
Reenter password for [remote_monitoring_user]:  
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

Check Kondisi Masing2 Cluster setelah Dienable Password. Jalankan dimasing2 node

curl -u elastic:xxxxPASSWORDxxxxx -k https://192.168.1.1:9200/_cluster/health?pretty

Pastikan hasilnya keluar dengan baik.Dengan detail masing2 node.

Langkah terakhir gak lengkap kalau gak setup atau install Kibana sekalian.

KIBANA

Download and install public signing key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install kibana
 sudo nano /etc/kibana/kibana.yml

Ubah konfigurasi Kibana agar seperti ini

server.port: 5601
server.host: “0.0.0.0”
server.name: “cist-elk”
elasticsearch.hosts: [“https://elk-node-1:9200”]
kibana.index: “.kibana”
elasticsearch.username: “elastic”
elasticsearch.password: “xxxxxxxxxxxxxxxxxxxx”
elasticsearch.ssl.verificationMode: none

Akses kibana kamu:

kibana elastic search elk di linux ubuntu

 

Sekian tutorial dari saya semoga berkenan dan bermanfaat. Untuk video segera menyusul 😉 doain saya gak males. hehehe

Buat yang masih bingung lsg ajah tulis komentar dibagian bawah atau email saya ibrahim@ayies.com

Salam!


2 Comments

alvianno · 26/05/2020 at 20:26

kl setting email alert gmn?

Leave a Reply

Your email address will not be published. Required fields are marked *