系统版本:Centos7
Elasticsearch:5.3.1
1:关闭SELinux
[[email protected] local]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
2:关闭防火墙
[[email protected] local]# systemctl stop firewalld
[[email protected] local]# systemctl disable firewalld
3:安装EPEL源
[[email protected] local]# yum -y install epel-release [[email protected] local]# yum clean all [[email protected] local]# yum makecache
4:安装系统工具
[[email protected] local]# yum -y install vim wget telnet
5:安装OpenJDK
[[email protected] local]# yum -y install java-1.8.0-openjdk* [[email protected] local]# java -version openjdk version "1.8.0_201" OpenJDK Runtime Environment (build 1.8.0_201-b09) OpenJDK 64-Bit Server VM (build 25.201-b09, mixed mode)
6:安装ElasticSearch
[[email protected] local]# wget -P/usr/local/src/ -c https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.3.1.tar.gz [[email protected] local]# tar -xzvf /usr/local/src/elasticsearch-5.3.1.tar.gz -C /usr/local/src/
[[email protected] local]# mkdir -p /usr/local/elk/elasticsearch
[[email protected] local]# mv /usr/local/src/elasticsearch-5.3.1 /usr/local/elk/elasticsearch
[[email protected] local]# mkdir -p /usr/local/elk/elasticsearch/data/elasticsearch
[[email protected] local]# mkdir -p /usr/local/elk/elasticsearch/data/logs
[[email protected] local]# mkdir -p /usr/local/elk/elasticsearch/data/backup
释义:
6.1:下载压缩包到"/usr/local/src/"
6.2:解压到"/usr/local/src/"
6.3:创建目录"/usr/local/elk/elasticsearch"
6.4:迁移目录"/usr/local/src/elasticsearch-5.3.1"到目录"/usr/local/elk/elasticsearch"下
6.5-6.7:创建目录,用于后续保存数据、日志、备份
7:添加elk账户
[[email protected] local]# groupadd elk [[email protected] local]# useradd -g elk elk [[email protected] local]# chown -R elk.elk /usr/local/elk/elasticsearch
释义:
7.1:创建用户组
7.2:用户组增加用户
7.3:路径授权
8:编辑ElasticSearch配置文件
[[email protected] local]# vim /usr/local/elk/elasticsearch/elasticsearch-5.3.1/config/elasticsearch.yml
打开文件,按“Insert”使文件处于编辑状态
编辑内部数据如下:
# ---------------------------------- Cluster -----------------------------------
#配置es的集群名称,默认是elasticsearch,es会自动发现在同一网段下的es,如果在同一网段下有多个集群,就可以用这个属性来区分不同的集群
cluster.name: elk-cluster
# ------------------------------------ Node ------------------------------------
#节点名,默认随机指定一个name列表中名字,该列表在es的jar包中config文件夹里name.txt文件中,其中有很多作者添加的有趣名字
node.name: elk01
# ----------------------------------- Paths ------------------------------------
# 设置索引数据的存储路径,上面代码创建的目录,如果目录不存在,启动会报错,提示目录不存在,默认是es根目录下的data文件夹,可以设置多个存储路径,用逗号隔开,例:path.data: /path/to/data1,/path/to/data2
path.data: /usr/local/elk/elasticsearch/data/elasticsearch
# 设置日志文件的存储路径,默认是es根目录下的logs文件夹
path.logs: /usr/local/elk/elasticsearch/data/logs
# 备份目录
path.repo: /usr/local/elk/elasticsearch/data/backup
# ----------------------------------- Memory -----------------------------------
#由于当jvm开始swapping时es的效率会降低,所以要保证它不swap,这对节点健康极其重要。实现这一目标的一种方法是将 bootstrap.memory_lock 设置为true
#关于其他相关配置参考:https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall
bootstrap.memory_lock: false
bootstrap.system_call_filter: false
# ---------------------------------- Network -----------------------------------
# 设置绑定的ip地址,可以是ipv4或ipv6的,默认为0.0.0.0
network.host: 0.0.0.0
# 设置对外服务的http端口,默认为9200
http.port: 9250
# 设置节点间交互的tcp端口,默认是9300
transport.tcp.port: 9350
# --------------------------------- Discovery ----------------------------------
# 设置集群中master节点的初始列表,可以通过这些节点来自动发现新加入集群的节点
#discovery.zen.ping.unicast.hosts: ["172.16.1.141", "172.16.1.142", "172.16.1.143"]
# ---------------------------------- Various -----------------------------------
#是否elasticsearch可以根据磁盘使用情况来决定是否继续分配shard
cluster.routing.allocation.disk.threshold_enabled: true
cluster.routing.allocation.disk.watermark.low: 15gb
cluster.routing.allocation.disk.watermark.high: 10gb
编辑完成后,按“Esc”退出编辑模式,输入“:wq!”保存修改,保存后,可以用如下命令查看修改后的结果,按“q”退出查看。
[[email protected] elasticsearch-5.3.1]# less /usr/local/elk/elasticsearch/elasticsearch-5.3.1/config/elasticsearch.yml
9:启动ES
[[email protected] elasticsearch-5.3.1]# su - elk --command="/usr/local/elk/elasticsearch/elasticsearch-5.3.1/bin/elasticsearch -d"
OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N [[email protected] elasticsearch-5.3.1]# OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000085330000, 2060255232, 0) failed; error='Cannot allocate memory' (errno=12) # # There is insufficient memory for the Java Runtime Environment to continue. # Native memory allocation (mmap) failed to map 2060255232 bytes for committing reserved memory. # An error report file with more information is saved as: # /home/elk/hs_err_pid12704.log
启动ES,也可以在bin目录下,切换到elk账户,执行#./elasticsearch -d 启动ES
此处发现报错,需要进入查看错误信息,查看路径为:
[[email protected] local]# cd /usr/local/elk/elasticsearch/data/logs [[email protected] local]# tailf elk-cluster.log
具体错误信息,会有如下信息
[ERROR][o.e.b.Bootstrap ] [elk01] node validation exception bootstrap checks failed max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536] max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决方式为:
查看配置信息:
[[email protected] local]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 3870
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 3870
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
[[email protected] local]# ulimit -n 65536
PS:该项配置,仅限于当前窗口,系统一旦重启,变会恢复,可以使用如下方式修噶
[[email protected] local]## vim /etc/security/limits.conf //加入以下配置,重启即可生效 * hard nofile 65536 * soft nofile 65536
修改另一处异常:
[[email protected] elk]# vim /elasticsearch/elasticsearch-5.3.1/etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
#
# vm.swappiness=1
#
vm.max_map_count = 262144
[[email protected] elk]# sysctl -p
vm.max_map_count = 262144
修复后,重新启动ES,然后查询启动端口号,发现上述配置的9250,以及9350端口号,都已经启动了,ES可以正常访问
[[email protected] bin]$ ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
LISTEN 0 128 :::9250 :::*
LISTEN 0 128 :::9350 :::*
10:使用
执行如下命令,IP和端口为之前配置好的IP和端口
[[email protected] elasticsearch-5.3.1]# curl http://192.168.56.101:9250/
返回如下信息,则表示ES执行成功
{ "name" : "elk01", "cluster_name" : "elk-clustern", "cluster_uuid" : "srgahQGyTpSS7HfB1wBz_A", "version" : { "number" : "5.3.1", "build_hash" : "c67dc32e24162035d18d6fe1e952c4cbcbe79d16", "build_timestamp" : "2016-09-27T18:57:55Z", "build_snapshot" : false, "lucene_version" : "6.4.2" }, "tagline" : "You Know, for Search" }