workshop redhat storage and splunk

Instance Details

Replace userX with your user id. For example, user1 –> user 30

On your laptop

cd ~/.ssh wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/rhte-splunk-lab wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/rhte-splunk-lab.pub chmod 600 rhte-splunk-lab chmod 644 rhte-splunk-lab.pub

ssh -i ~/.ssh/rhte-splunk-lab -l ec2-user gw-userX.apac.red

On all RHS Nodes

sudo su - subscription-manager attach –pool 8a85f9864675056e014684868378649c subscription-manager repos –disable=* subscription-manager repos –enable rhel-6-server-rpms –enable rhs-3-for-rhel-6-server-rpms –enable rhel-scalefs-for-rhel-6-server-rpms

yum -y update

cat /etc/redhat-* # should say Red Hat Enterprise Linux 6.6 (Santiago) and Red Hat Storage 3.0 Update 2

/sbin/service glusterd restart

On RHS-01

gluster peer probe rhs-02.userX.apac.red gluster peer probe rhs-03.userX.apac.red gluster peer probe rhs-04.userX.apac.red

gluster pool list

gluster volume create splunk replica 2 rhs-01.userX.apac.red:/srv/brick1/splunk rhs-02.userX.apac.red:/srv/brick1/splunk rhs-03.userX.apac.red:/srv/brick1/splunk rhs-04.userX.apac.red:/srv/brick1/splunk

gluster volume set splunk storage.owner-uid 1001 gluster volume set splunk storage.owner-gid 1001 gluster volume set splunk user.nfs disable

gluster volume start splunk

gluster volume info gluster volume status

On Splunk Master and Splunk Search Nodes

subscription-manager attach –pool 8a85f9864675056e014684868378649c subscription-manager repos –disable=* subscription-manager repos –enable rhel-7-server-rpms

yum -y update

wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/splunk-6.2.0-237341-linux-2.6-x86_64.rpm –no-check-certificate

On all Splunk Nodes

subscription-manager attach –pool 8a85f9864675056e014684868378649c subscription-manager repos –disable=* subscription-manager repos –enable rhel-7-server-rpms –enable rhel-7-server-openstack-5.0-rpms –enable rhel-7-server-rh-common-rpms

yum -y update

yum -y install wget lvm2

wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/splunk-6.2.0-237341-linux-2.6-x86_64.rpm –no-check-certificate

/bin/systemctl start lvm2-lvmetad.service /bin/systemctl start lvm2-monitor.service

pvcreate –dataalignment 1024k /dev/xvdb1 vgcreate splunkdb /dev/xvdb1 /sbin/lvcreate -a y -l 100%VG -n splunkdb splunkdb mkfs.xfs -i size=512 /dev/mapper/splunkdb-splunkdb

On all Splunk Nodes

echo -e blkid /dev/mapper/splunkdb-splunkdb | cut -d " " -f 2"\t/opt/\txfs\tdefaults,inode64,noatime\t0\t0" » /etc/fstab mount /opt

yum -y localinstall splunk-6.2.0-237341-linux-2.6-x86_64.rpm

echo -e “splunk\t\tsoft\tnofile\t10240” » /etc/security/limits.conf echo -e “splunk\t\thard\tnofile\t20480” » /etc/security/limits.conf

cd /lib/systemd/system wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/splunkd.service –no-check-certificate

sed -i.bak ‘/^After|^Requires/d’ splunkd.service sed -i.bak ‘/Description/a After=network.target local-fs.target’ splunkd.service systemctl daemon-reload systemctl enable splunkd.service systemctl start splunkd.service

runuser -l splunk -c ‘splunk status’ q y systemctl restart splunkd.service runuser -l splunk -c ‘splunk status’

On Splunk Peer Nodes

yum install -y glusterfs-fuse python-httplib2 attr

mkdir /mnt/glusterfs echo -e “rhs-01.userX.apac.red:/splunk\t\t/mnt/glusterfs\t\tglusterfs\t\tdefaults,_netdev,backup-volfile-servers=rhs02.userX.apac.red:rhs-03.userX.apac.red:rhs-04.userX.apac.red\t0\t0” » /etc/fstab mount /mnt/glusterfs

runuser -l splunk -c ‘mkdir -p /opt/splunk/var/lib/splunk/glusterfs’ runuser -l splunk -c ‘mkdir -p /mnt/glusterfs/$(hostname -s)’

cd /lib/systemd/system wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/splunkd-pre.service systemctl enable splunkd-pre.service systemctl start splunkd-pre.service

echo OPTIMISTIC_ABOUT_FILE_LOCKING = 1 » /opt/splunk/etc/splunk-launch.conf

wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/splunkd.service systemctl daemon-reload systemctl enable splunkd.service systemctl start splunkd.service runuser -l splunk -c ‘splunk status’ q y systemctl start splunkd.service runuser -l splunk -c ‘splunk status’

cd /opt/splunk/bin wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/rhsBucketMover.py wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/rhsBucketMover.sh wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/rhsLinkChecker.py

chown splunk:splunk/rhs*

on gw-userX.apac.red

iptables -t nat -A PREROUTING -p tcp –dport 8001 -j DNAT –to-destination 10.100.0.211:8000 iptables -t nat -A PREROUTING -p tcp –dport 8002 -j DNAT –to-destination 10.100.0.212:8000 iptables -t nat -A PREROUTING -p tcp –dport 8003 -j DNAT –to-destination 10.100.0.213:8000

Web GUI on Splunk Master (http://splunk.userX.apac.red:8000/)

Settings –> Indexer Clustering Replication Factor 3 Search Factor 2 Enable Clustering - accept until restart and hit ok

on each

Web GUI on Splunk Peer 01 (http://gw-userX.apac.red:8001/) Web GUI on Splunk Peer 02 (http://gw-userX.apac.red:8002/) Web GUI on Splunk Peer 03 (http://gw-userX.apac.red:8003/)

Settings –> Indexer Clustering Enable Clustering Type - Peer host = https://splunkmaster.userX.apac.red port 8089 replication port 8090

Web GUI on Splunk Search (http://search.userX.apac.red:8000/)

Settings –> Indexer Clustering Enable Clustering Type - Search host = https://splunkmaster.userX.apac.red port 8089 replication port 8090

on Splunk Master Node

cd /opt/splunk/etc/master-apps/_cluster/local directory wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/indexes.conf runuser -l splunk -c ‘splunk apply cluster-bundle –answer-yes’ admin password runuser -l splunk -c ‘splunk show cluster-bundle-status’

On each Node

runuser -l splunk -c ‘splunk search “| rest /services/data/indexes | table title, homePath, coldPath”’|grep demo < look for $SPLUNKDB/glusterfs/demo/colddb

on Splunk Master Node

su - ec2-user

cd ~/.ssh wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/rhte-splunk-lab wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/rhte-splunk-lab.pub chmod 600 rhte-splunk-lab chmod 644 rhte-splunk-lab.pub

cd /tmp wget https://s3-ap-southeast-1.amazonaws.com/splunk-lab/eventgen.tar.gz scp -i ~/.ssh/rhte-splunk-lab eventgen.tar.gz splunkpeer-01.userX.apac.red:eventgen.tar.gz scp -i ~/.ssh/rhte-splunk-lab eventgen.tar.gz splunkpeer-02.userX.apac.red:eventgen.tar.gz scp -i ~/.ssh/rhte-splunk-lab eventgen.tar.gz splunkpeer-03.userX.apac.red:eventgen.tar.gz

On each Peer Node

cd /opt/splunk mv ~ec2-user/eventgen.tar.gz /opt/splunk chown splunk:splunk eventgen.tar.gz runuser -l splunk -c ‘splunk install app /opt/splunk/eventgen.tar.gz’ runuser -l splunk -c ‘splunk restart’

cd /opt/splunk/etc/apps/eventgen/samples cp sample.tutorial1 demo_data sed -i.bak s/main/demo/g demo_data cd /opt/splunk/etc/apps/eventgen/local cp ../README/eventgen.conf.tutorial1 eventgen.conf sed -i.bak ’s/main/demo/g;s/sample.tutorial1/demo_data/g’ eventgen.conf

runuser -l splunk -c ‘splunk restart’

Log into WebUI on Splunk Master search “index = demo” timeframe = realtime > 5 minutes

check /opt/splunk/var/lib/splunk/demo/db

署名-非商业性使用-禁止演绎 4.0 (CC BY-NC-ND 4.0)
comments powered by Disqus
本博客始于 2007 年
使用 Hugo 构建
主题 StackJimmy 设计