欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

ELK-Elasticsearch 安装启动

程序员文章站 2022-07-09 15:45:46
...

系统版本:Centos7

Elasticsearch:5.3.1

 

1:关闭SELinux

[[email protected] local]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

2:关闭防火墙

[[email protected] local]# systemctl stop firewalld
[[email protected] local]# systemctl disable firewalld

3:安装EPEL源

[[email protected] local]# yum -y install epel-release
[[email protected] local]# yum clean all
[[email protected] local]# yum makecache

4:安装系统工具

[[email protected] local]# yum -y install vim wget telnet

5:安装OpenJDK

[[email protected] local]# yum -y install java-1.8.0-openjdk*
[[email protected] local]# java -version

openjdk version "1.8.0_201"
OpenJDK Runtime Environment (build 1.8.0_201-b09)
OpenJDK 64-Bit Server VM (build 25.201-b09, mixed mode)

6:安装ElasticSearch

[[email protected] local]# wget -P/usr/local/src/ -c https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.3.1.tar.gz
[[email protected] local]# tar -xzvf /usr/local/src/elasticsearch-5.3.1.tar.gz -C /usr/local/src/
[[email protected] local]# mkdir -p /usr/local/elk/elasticsearch
[[email protected] local]# mv /usr/local/src/elasticsearch-5.3.1 /usr/local/elk/elasticsearch
[[email protected] local]# mkdir -p /usr/local/elk/elasticsearch/data/elasticsearch
[[email protected] local]# mkdir -p /usr/local/elk/elasticsearch/data/logs
[[email protected] local]# mkdir -p /usr/local/elk/elasticsearch/data/backup

  释义:

  6.1:下载压缩包到"/usr/local/src/"

  6.2:解压到"/usr/local/src/"

  6.3:创建目录"/usr/local/elk/elasticsearch"

  6.4:迁移目录"/usr/local/src/elasticsearch-5.3.1"到目录"/usr/local/elk/elasticsearch"下

  6.5-6.7:创建目录,用于后续保存数据、日志、备份

7:添加elk账户

[[email protected] local]# groupadd elk
[[email protected] local]# useradd -g elk elk
[[email protected] local]# chown -R elk.elk /usr/local/elk/elasticsearch

  释义:

  7.1:创建用户组

  7.2:用户组增加用户

  7.3:路径授权

8:编辑ElasticSearch配置文件

[[email protected] local]# vim /usr/local/elk/elasticsearch/elasticsearch-5.3.1/config/elasticsearch.yml

打开文件,按“Insert”使文件处于编辑状态

编辑内部数据如下:

# ---------------------------------- Cluster -----------------------------------
#配置es的集群名称,默认是elasticsearch,es会自动发现在同一网段下的es,如果在同一网段下有多个集群,就可以用这个属性来区分不同的集群
  cluster.name: elk-cluster
# ------------------------------------ Node ------------------------------------
#节点名,默认随机指定一个name列表中名字,该列表在es的jar包中config文件夹里name.txt文件中,其中有很多作者添加的有趣名字
  node.name: elk01
# ----------------------------------- Paths ------------------------------------
# 设置索引数据的存储路径,上面代码创建的目录,如果目录不存在,启动会报错,提示目录不存在,默认是es根目录下的data文件夹,可以设置多个存储路径,用逗号隔开,例:path.data: /path/to/data1,/path/to/data2
  path.data: /usr/local/elk/elasticsearch/data/elasticsearch
# 设置日志文件的存储路径,默认是es根目录下的logs文件夹
  path.logs: /usr/local/elk/elasticsearch/data/logs
# 备份目录
  path.repo: /usr/local/elk/elasticsearch/data/backup
# ----------------------------------- Memory -----------------------------------
#由于当jvm开始swapping时es的效率会降低,所以要保证它不swap,这对节点健康极其重要。实现这一目标的一种方法是将 bootstrap.memory_lock 设置为true
#关于其他相关配置参考:https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall
  bootstrap.memory_lock: false
  bootstrap.system_call_filter: false
# ---------------------------------- Network -----------------------------------
# 设置绑定的ip地址,可以是ipv4或ipv6的,默认为0.0.0.0
  network.host: 0.0.0.0
# 设置对外服务的http端口,默认为9200
  http.port: 9250
# 设置节点间交互的tcp端口,默认是9300
  transport.tcp.port: 9350
# --------------------------------- Discovery ----------------------------------
# 设置集群中master节点的初始列表,可以通过这些节点来自动发现新加入集群的节点
#discovery.zen.ping.unicast.hosts: ["172.16.1.141", "172.16.1.142", "172.16.1.143"]
# ---------------------------------- Various -----------------------------------
#是否elasticsearch可以根据磁盘使用情况来决定是否继续分配shard
  cluster.routing.allocation.disk.threshold_enabled: true
  cluster.routing.allocation.disk.watermark.low: 15gb
  cluster.routing.allocation.disk.watermark.high: 10gb

 

编辑完成后,按“Esc”退出编辑模式,输入“:wq!”保存修改,保存后,可以用如下命令查看修改后的结果,按“q”退出查看。

[[email protected] elasticsearch-5.3.1]# less  /usr/local/elk/elasticsearch/elasticsearch-5.3.1/config/elasticsearch.yml

 9:启动ES

[[email protected] elasticsearch-5.3.1]# su - elk --command="/usr/local/elk/elasticsearch/elasticsearch-5.3.1/bin/elasticsearch -d"

OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N [[email protected] elasticsearch-5.3.1]# OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000085330000, 2060255232, 0) failed; error='Cannot allocate memory' (errno=12) # # There is insufficient memory for the Java Runtime Environment to continue. # Native memory allocation (mmap) failed to map 2060255232 bytes for committing reserved memory. # An error report file with more information is saved as: # /home/elk/hs_err_pid12704.log

启动ES,也可以在bin目录下,切换到elk账户,执行#./elasticsearch -d 启动ES 

此处发现报错,需要进入查看错误信息,查看路径为:

[[email protected] local]# cd /usr/local/elk/elasticsearch/data/logs
[[email protected] local]# tailf elk-cluster.log

具体错误信息,会有如下信息

[ERROR][o.e.b.Bootstrap          ] [elk01] node validation exception
bootstrap checks failed
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决方式为:

查看配置信息:

[[email protected] local]# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 3870
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 3870
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[[email protected] local]# ulimit -n 65536

PS:该项配置,仅限于当前窗口,系统一旦重启,变会恢复,可以使用如下方式修噶

[[email protected] local]## vim /etc/security/limits.conf  //加入以下配置,重启即可生效
* hard nofile 65536
* soft nofile 65536

修改另一处异常:

[[email protected] elk]# vim /elasticsearch/elasticsearch-5.3.1/etc/sysctl.conf 
# sysctl settings are defined through files in 
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. 
# 
# Vendors settings live in /usr/lib/sysctl.d/. 
# To override a whole file, create a new file with the same in 
# /etc/sysctl.d/ and put new settings there. To override 
# only specific settings, add a file with a lexically later 
# name in /etc/sysctl.d/ and put new settings there. 
# 
# For more information, see sysctl.conf(5) and sysctl.d(5). 
# 
# vm.swappiness=1 
# 
 vm.max_map_count = 262144

  

[[email protected] elk]# sysctl -p
vm.max_map_count = 262144

修复后,重新启动ES,然后查询启动端口号,发现上述配置的9250,以及9350端口号,都已经启动了,ES可以正常访问

[[email protected] bin]$ ss -anlt
State      Recv-Q Send-Q                Local Address:Port                               Peer Address:Port              
LISTEN     0      128                               *:22                                            *:*                  
LISTEN     0      100                       127.0.0.1:25                                            *:*                  
LISTEN     0      128                              :::22                                           :::*                  
LISTEN     0      100                             ::1:25                                           :::*                  
LISTEN     0      128                              :::9250                                         :::*                  
LISTEN     0      128                              :::9350                                         :::* 

10:使用

执行如下命令,IP和端口为之前配置好的IP和端口

[[email protected] elasticsearch-5.3.1]# curl http://192.168.56.101:9250/

返回如下信息,则表示ES执行成功

{
  "name" : "elk01",
  "cluster_name" : "elk-clustern",
  "cluster_uuid" : "srgahQGyTpSS7HfB1wBz_A",
  "version" : {
    "number" : "5.3.1",
    "build_hash" : "c67dc32e24162035d18d6fe1e952c4cbcbe79d16",
    "build_timestamp" : "2016-09-27T18:57:55Z",
    "build_snapshot" : false,
    "lucene_version" : "6.4.2"
  },
  "tagline" : "You Know, for Search"
}