--规划:
197.255.20.213 Elasticsearch data logstash kibana
197.255.20.214 Elasticsearch data
197.255.20.215 Elasticsearch master
配置repo:
--导入key:
#rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
[ELK7]
name=Elastic repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
# yum -y install logstash elasticsearch kibana
手动下载安装:
# rpm -ivh elasticsearch-7.1.0-x86_64.rpm
警告:elasticsearch-7.1.0-x86_64.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID d88e42b4: NOKEY
准备中... ################################# [100%]
Creating elasticsearch group... OK
Creating elasticsearch user... OK
正在升级/安装...
1:elasticsearch-0:7.1.0-1 ################################# [100%]
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
Created elasticsearch keystore in /etc/elasticsearch
# rpm -ivh kibana-7.1.0-x86_64.rpm
# rpm -ivh logstash-7.1.0.rpm
警告:logstash-7.1.0.rpm: head V4 RSA/SHA512 Signature, 密钥 ID d88e42b4: NOKEY
准备中... ################################# [100%]
正在升级/安装...
1:logstash-1:7.1.0-1 ################################# [100%]
Using provided startup.options file: /etc/logstash/startup.options
/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/pleaserun-0.0.30/lib/pleaserun/platform/base.rb:112: warning: constant ::Fixnum is deprecated
Successfully created system startup script for Logstash
[root@datanode1 ~]#
--安装之前系统参数设置:
# vim /etc/security/limits.conf
* soft nofile 100000 #可打开的文件句柄的最大数
* hard nofile 100000 #soft:软限制、hard:硬限制
* soft nproc 4096 #单个用户可用的最大进程数量
* hard nproc 4096
* soft memlock unlimited #可打开的文件描述符的最大数
* hard memlock unlimited #unlimited:无限制
# vim /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max = 100000
vm.max_map_count = 262144 #JVM能开启的最大线程数
#vm.swappiness = 0 # 禁用 swap
//运行 sysctl -p 使修改的内核参数生效
创建自定义的目录,不使用默认的数据目录:
# mkdir -p /data/elasticsearch
# chown -R elasticsearch:elasticsearch /data/elasticsearch/
# chmod -R g+s /data/elasticsearch/
# ls -l /data/ | grep -i ela
drwxr-sr-x 2 elasticsearch elasticsearch 4096 5月 22 16:48 elasticsearch
--stick权限的设置:
chmod u+s/g+x/o+s /data/elasticsearch/
-- 文件配置:
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: ES_cluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node01
node.master: true
#node.data: true
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /var/lib/elasticsearch
path.data: /data/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
bootstrap.memory_lock: false
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 0.0.0.0
#
# Set a custom port for HTTP:
#
http.port: 9200
transport.tcp.port: 9300
#
# For more information, consult the network module documentation.
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["197.255.20.215", "197.255.20.214","197.255.20.213"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["197.255.20.215","197.255.30.214","197.255.20.213"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
-- ES的内存设置:默认只有1G 其他的默认即可
# vim /etc/elasticsearch/jvm.options
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
-Xms4g
-Xmx4g
--在三个节点上:
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service
--查看和验证:
http://197.255.20.215:9200/_cat/nodes
197.255.20.213 12 77 10 0.64 0.80 0.82 mdi * node03
197.255.20.214 11 80 10 0.87 0.89 0.79 mdi - node02
197.255.20.215 13 99 10 1.13 0.85 0.79 mdi - node01
http://197.255.20.215:9200/
{
"name" : "node01",
"cluster_name" : "ES_cluster",
"cluster_uuid" : "d-ULXSLMQdarkY6ExGN4uQ",
"version" : {
"number" : "7.1.0",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "606a173",
"build_date" : "2019-05-16T00:43:15.323135Z",
"build_snapshot" : false,
"lucene_version" : "8.0.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
--查看license:
http://197.255.20.215:9200/_license
{
"license" : {
"status" : "active",
"uid" : "2dc3cf09-d3cd-4a34-8380-37be960fc587",
"type" : "basic",
"issue_date" : "2019-05-22T09:43:40.157Z",
"issue_date_in_millis" : 1558518220157,
"max_nodes" : 1000,
"issued_to" : "ES_cluster",
"issuer" : "elasticsearch",
"start_date_in_millis" : -1
}
}
--查询_cat:
http://197.255.20.215:9200/_cat
=^.^=
/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/tasks
/_cat/indices
/_cat/indices/{index}
/_cat/segments
/_cat/segments/{index}
/_cat/count
/_cat/count/{index}
/_cat/recovery
/_cat/recovery/{index}
/_cat/health
/_cat/pending_tasks
/_cat/aliases
/_cat/aliases/{alias}
/_cat/thread_pool
/_cat/thread_pool/{thread_pools}
/_cat/plugins
/_cat/fielddata
/_cat/fielddata/{fields}
/_cat/nodeattrs
/_cat/repositories
/_cat/snapshots/{repository}
/_cat/templates
http://197.255.20.215:9200/_cluster/health
{"cluster_name":"ES_cluster","status":"green","timed_out":false,"number_of_nodes":3,"number_of_data_nodes":3,"active_primary_shards":0,"active_shards":0,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}
或者使用curl命令:
# curl -XGET http://197.255.20.215:9200/_cluster/health
Elasticsearch启动命令:
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service
sudo systemctl restart elasticsearch.service
logstash的启动:
# sudo systemctl status logstash.service
# sudo systemctl restart logstash.service
排除问题的时候可使用命令:
测试验证:
/usr/share/logstash/bin/logstash --path.settings /etc/logstash/
kibana的配置:
# cat /etc/kibana/kibana.yml | grep -v ^#
server.port: 5601
server.host: "197.255.20.213"
elasticsearch.hosts: ["http://197.255.20.213:9200"]
kibana启动的命令:
# /usr/share/kibana/bin/kibana &
sudo /bin/systemctl daemon-reload
sudo /bin/systemctl enable kibana.service
Kibana 启动和停止命令如下:
sudo systemctl start kibana.service
sudo systemctl stop kibana.service
默认登录可监控:
http://197.255.20.213:5601/app/monitoring