elk7.5.1集群搭建

ELK集群搭建

准备两台机器,定义node1、node2

资源前置阶段

kibana、es下载地址:

curl -L -O https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.5.1-linux-x86_64.tar.gz
curl -L -O  https://artifacts.elastic.co/downloads/kibana/kibana-7.5.1-linux-x86_64.tar.gz

新增用户

# 创建elastic用户
useradd elastic
# 设置用户密码
passwd elastic
# 切换到elastic用户
su elastic

elasticsearch集群搭建

下载后解压,编辑conf/elasticsearch.yml文件

1. 修改配置文件

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: my-application
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /home/elastic/elasticsearch/data
#
# Path to log files:
#
path.logs: /home/elastic/elasticsearch/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: 192.168.28.129
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.28.129", "192.168.28.130", "192.168.28.131"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1", "node-2", "node-3"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
# ---------------------------------- xpack -------------------------------------
#
xpack.monitoring.collection.enabled: true
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

主要修改如下几处配置:

cluster.name:集群的名称,集群中所有节点的 cluster.name 的值必须要相同。
node.name:集群中每个Elasticsearch的节点名称,不可以重复。
path.data:设置存放Elasticsearch索引文件数据的路径。
path.logs:设置存放日志文件的路径。
network.host:Elasticsearch绑定的IP,外界可以通过这个IP访问到当前Elasticsearch节点,一般配配置当前系统的IP,或者 0.0.0.0 (任何地址都能访问到)。
http.port:当前启动Elasticsearch的端口号,一般默认 9200 即可,当然你也可以修改
discovery.seed_hosts:配置所有Elasticsearch节点绑定的IP地址。
cluster.initial_master_nodes:配置那些节点可以有资格被选为主节点。
xpack.monitoring.collection.enabled:收集监控数据默认为false不收集监控数据。

elasticsearch集群安全配置

1.为集群创建认证机构

文件根目录下执行 bin/elasticsearch-certutil ca
依次输入回车(文件使用默认名),密码

2.为节点颁发证书

复制生成的elastic-stack-ca.p12文件至每个节点,并执行bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12生成证书
依次输入上一个步骤的密码。回车(文件使用默认名),密码(建议与上一步密码相同)

如果有有设置密码,执行以下命令保存密码

bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password 第一步输入的密码 
bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password 第一步输入的密码 

4.修改配置

/config/elasticsearch.yml中增加一下配置,启用x-pack安全组件,启用ssl加密通信,并且配置认证证书:

#---------------------security------------------
#
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

配置修改完成后,重启es服务,重启成功后
http://192.168.1.100:9200/ 访问Es服务要输入用户名和密码。

5.密码设置

通过设置访问密码,这是elastic用户和其他一些系统内置用户的密码

bin/elasticsearch-setup-passwords interactive

FAQ

错误: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决方案:

echo "vm.max_map_count=262144" > /etc/sysctl.conf
sysctl -p

你可能感兴趣的:(elasticsearch)