zk-kafka安装记录

10.100.2.21   node1
10.100.2.22   node2
10.100.2.23   node3

zookeeper  soft  nofile 65536
zookeeper  hard  nofile 65536
zookeeper  soft  nproc  65536
zookeeper  hard  nproc  65536

kafka  soft  nofile 65536
kafka  hard  nofile 65536
kafka  soft  nproc  65536
kafka  hard  nproc  65536


useradd kafka
useradd zookeeper

mkdir -p /srv/{app,logs,data}/{zookeeper,kafka}
chown -Rf kafka:kafka /srv/{app,logs,data}/kafka
chown -Rf zookeeper:zookeeper /srv/{app,logs,data}/zookeeper

echo -e "# append zk_env
export PATH=$PATH:/srv/app/zookeeper/bin" >> /etc/profile


tickTime=2000
initLimit=10
syncLimit=5
dataDir=/srv/data/zookeeper
dataLogDir=/srv/logs/zookeeper
clientPort=2181
autopurge.snapRetainCount=500
autopurge.purgeInterval=24
server.1= 10.100.2.21:2888:3888
server.2= 10.100.2.22:2888:3888
server.3= 10.100.2.23:2888:3888

需要创建myid



init.d/zookeeper

#!/bin/bash
#chkconfig:2345 20 90
#description:zookeeper
#processname:zookeeper
export JAVA_HOME=/srv/app/tools/java/jdk1.8.0_181
ZKUSER="root"
ZKHOME="/srv/app/zookeeper"
case $1 in
        start) su ${ZKUSER} ${ZKHOME}/bin/zkServer.sh start;;
         stop) su ${ZKUSER} ${ZKHOME}/bin/zkServer.sh stop;;
       status) su ${ZKUSER} ${ZKHOME}/bin/zkServer.sh status;;
      restart) su ${ZKUSER} ${ZKHOME}/bin/zkServer.sh restart;;
            *) echo "require start|stop|status|restart" ;;
esac

chown -Rf root:root /srv/{app,data,logs}/zookeeper

[program:kafka]
command = /srv/app/kafka/bin/kafka-server-start.sh /srv/app/kafka/config/server.properties
autostart = true
startsecs = 5
autorestart = true
startretries = 3
user = kafka
redirect_stderr = true
stdout_logfile_maxbytes = 20MB
stdout_logfile_backups = 20
stdout_logfile = /srv/logs/supervisor/kafka_super.log

docker pull openresty/openresty:alpine



#!/bin/bash
for version in 6.4.2 6.7.0 7.2.0 7.4.0 7.4.2 7.5.0; do
  echo ">>>>>> ${version} >>>>>>>"
  docker pull elasticsearch:${version};
  docker pull logstash:${version};
  docker pull kibana:${version};
  #docker pull filebeat:${version};
done


docker pull elasticsearch:7.4.0;
docker pull elasticsearch:6.4.2;
docker pull elasticsearch:6.7.0;
docker pull elasticsearch:7.5.0;

docker pull elasticsearch:7.4.0;
docker pull elasticsearch:6.4.2;
docker pull elasticsearch:6.7.0;
docker pull elasticsearch:7.5.0;


#bin/bash
#20170926
iptables -F
iptables -X

iptables -P INPUT DROP        #INPUT链默认丢弃,需要添加ACCEPT相应的地址规则才放开
iptables -P OUTPUT ACCEPT     #默认放通
iptables -P FORWARD ACCEPT    #默认放通

## 封禁某个IP的访问
# 举例:
#  1.  封禁10.10.10.10访问nginx: iptables -A INPUT -s 10.10.10.10 -p tcp --dport 80 -j DROP
#  2.  封禁10.10.10.10全部访问(不允许访问任何端口): iptables -A INPUT -s 10.10.10.10 -j DROP
### 封禁区 ###
# iptables -A INPUT -s 10.10.10.10 -p tcp --dport 80 -j DROP

iptables -A INPUT -s 192.168.33.0/24 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 192.168.35.0/24 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 172.19.30.251 -p tcp --dport 22 -j ACCEPT     #Jenkins自动升级病毒库文件
iptables -A INPUT -s 192.168.35.11 -j ACCEPT
iptables -A INPUT -s 100.100.100.225 -p tcp --sport 7000 -j ACCEPT #ELK filebeat连接redis端口
iptables -A INPUT -m multiport -p tcp --dport 80,443 -j ACCEPT     #允许dport 80,443,外部请求nginx
iptables -A INPUT -m multiport -p tcp --sport 80,443 -j ACCEPT     #允许sport 80,443,访问yum源
iptables -A INPUT -p udp --sport 53 -j ACCEPT                      #允许本地dns解析
iptables -A INPUT -m multiport -p udp --sport 123,323 -j ACCEPT    #允许本地进行ntp同步时间
iptables -A INPUT -p icmp -j ACCEPT                                #允许ping
iptables -A INPUT -i lo -p all -j ACCEPT                           #允许本地回环解析

iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT   #处理IP碎片数量,防止攻击,允许每秒100个
iptables -A FORWARD -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT #设置ICMP包过滤,允许每秒1个包,限制触发条件是10个包.
iptables -A FORWARD -m state --state INVALID -j DROP                        #drop非法转发

service iptables save
service iptables restart
chkconfig iptables on
iptables -nv -L