efk8.0.1部署

1.初始化系统

1.1修改文件限制
vi /etc/security/limits.conf
*       soft nofile 65536
*       hard nofile 65536
*       soft nproc 4096
*       hard nproc 4096

1.2调整虚拟内存 最大并发连接
vim /etc/sysctl.conf 
vm.max_map_count=262144
fs.file-max=655360
vm.swappiness=0 
sysctl -p

1.3安装JDK
vim /etc/profile
export JAVA_HOME=/usr/local/jdk1.8.0_192
export JAVA_BIN=$JAVA_HOME/bin
export JAVA_LIB=$JAVA_HOME/lib
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_LIB/tools.jar:$JAVA_LIB/dt.jar 
source /etc/profile 

1.4添加用户
useradd elasticsearch
useradd kibana
useradd filebeat 

2.Elasticsearch

2.1创建软链接 方便后期版本迭代更新
ln -s /home/elasticsearch-8.0.1 /home/elasticsearch 

2.2生成CA证书
 cd /home/elasticsearch/bin
./elasticsearch-certutil ca
./elasticsearch-certutil cert --ca elastic-stack-ca.p12 
复制证书到config 目录

2.3 elasticsearch配置文件
cluster.name: my-application
node.name: 20.58.32.64
path.data: /home/elasticsearch-8.0.1/data
path.logs: /home/elasticsearch-8.0.1/logs
network.host: 0.0.0.0
http.port: 19200
transport.port: 19300
discovery.seed_hosts: ["192.168.133.100:19300"]
cluster.initial_master_nodes: ["20.58.32.64"]
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 

2.4systemctl 配置管理
cat > /etc/systemd/system/elasticsearch.service <