ELK-Elasticsearch 安装启动

系统版本：Centos7

Elasticsearch：5.3.1

1：关闭SELinux

[root@es local]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

2：关闭防火墙

[root@es local]# systemctl stop firewalld
[root@es local]# systemctl disable firewalld

3：安装EPEL源

[root@es local]# yum -y install epel-release
[root@es local]# yum clean all
[root@es local]# yum makecache

4：安装系统工具

[root@es local]# yum -y install vim wget telnet

5：安装OpenJDK

[root@es local]# yum -y install java-1.8.0-openjdk*
[root@es local]# java -version

openjdk version "1.8.0_201"
OpenJDK Runtime Environment (build 1.8.0_201-b09)
OpenJDK 64-Bit Server VM (build 25.201-b09, mixed mode)

6：安装ElasticSearch

[root@es local]# wget -P/usr/local/src/ -c https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.3.1.tar.gz
[root@es local]# tar -xzvf /usr/local/src/elasticsearch-5.3.1.tar.gz -C /usr/local/src/
[root@es local]# mkdir -p /usr/local/elk/elasticsearch
[root@es local]# mv /usr/local/src/elasticsearch-5.3.1 /usr/local/elk/elasticsearch
[root@es local]# mkdir -p /usr/local/elk/elasticsearch/data/elasticsearch
[root@es local]# mkdir -p /usr/local/elk/elasticsearch/data/logs
[root@es local]# mkdir -p /usr/local/elk/elasticsearch/data/backup

　　释义：

　　6.1：下载压缩包到"/usr/local/src/"

　　6.2：解压到"/usr/local/src/"

　　6.3：创建目录"/usr/local/elk/elasticsearch"

　　6.4：迁移目录"/usr/local/src/elasticsearch-5.3.1"到目录"/usr/local/elk/elasticsearch"下

　　6.5-6.7：创建目录，用于后续保存数据、日志、备份

7：添加elk账户

[root@es local]# groupadd elk
[root@es local]# useradd -g elk elk
[root@es local]# chown -R elk.elk /usr/local/elk/elasticsearch

　　释义：

　　7.1：创建用户组

　　7.2：用户组增加用户

　　7.3：路径授权

8：编辑ElasticSearch配置文件

[root@es local]# vim /usr/local/elk/elasticsearch/elasticsearch-5.3.1/config/elasticsearch.yml

打开文件，按“Insert”使文件处于编辑状态

编辑内部数据如下：

# ---------------------------------- Cluster -----------------------------------
#配置es的集群名称，默认是elasticsearch，es会自动发现在同一网段下的es，如果在同一网段下有多个集群，就可以用这个属性来区分不同的集群
  cluster.name: elk-cluster
# ------------------------------------ Node ------------------------------------
#节点名，默认随机指定一个name列表中名字，该列表在es的jar包中config文件夹里name.txt文件中，其中有很多作者添加的有趣名字
  node.name: elk01
# ----------------------------------- Paths ------------------------------------
# 设置索引数据的存储路径，上面代码创建的目录，如果目录不存在，启动会报错，提示目录不存在，默认是es根目录下的data文件夹，可以设置多个存储路径，用逗号隔开，例：path.data: /path/to/data1,/path/to/data2
  path.data: /usr/local/elk/elasticsearch/data/elasticsearch
# 设置日志文件的存储路径，默认是es根目录下的logs文件夹
  path.logs: /usr/local/elk/elasticsearch/data/logs
# 备份目录
  path.repo: /usr/local/elk/elasticsearch/data/backup
# ----------------------------------- Memory -----------------------------------
#由于当jvm开始swapping时es的效率会降低，所以要保证它不swap，这对节点健康极其重要。实现这一目标的一种方法是将 bootstrap.memory_lock 设置为true
#关于其他相关配置参考：https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall
  bootstrap.memory_lock: false
  bootstrap.system_call_filter: false
# ---------------------------------- Network -----------------------------------
# 设置绑定的ip地址，可以是ipv4或ipv6的，默认为0.0.0.0
  network.host: 0.0.0.0
# 设置对外服务的http端口，默认为9200
  http.port: 9250
# 设置节点间交互的tcp端口，默认是9300
  transport.tcp.port: 9350
# --------------------------------- Discovery ----------------------------------
# 设置集群中master节点的初始列表，可以通过这些节点来自动发现新加入集群的节点
#discovery.zen.ping.unicast.hosts: ["172.16.1.141", "172.16.1.142", "172.16.1.143"]
# ---------------------------------- Various -----------------------------------
#是否elasticsearch可以根据磁盘使用情况来决定是否继续分配shard
  cluster.routing.allocation.disk.threshold_enabled: true
  cluster.routing.allocation.disk.watermark.low: 15gb
  cluster.routing.allocation.disk.watermark.high: 10gb

编辑完成后，按“Esc”退出编辑模式，输入“:wq!”保存修改，保存后，可以用如下命令查看修改后的结果，按“q”退出查看。

[root@es elasticsearch-5.3.1]# less  /usr/local/elk/elasticsearch/elasticsearch-5.3.1/config/elasticsearch.yml

 9：启动ES

[root@es elasticsearch-5.3.1]# su - elk --command="/usr/local/elk/elasticsearch/elasticsearch-5.3.1/bin/elasticsearch -d"


OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
[root@es elasticsearch-5.3.1]# OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000085330000, 2060255232, 0) failed; error='Cannot allocate memory' (errno=12)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 2060255232 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /home/elk/hs_err_pid12704.log

启动ES，也可以在bin目录下，切换到elk账户，执行#./elasticsearch -d 启动ES 

此处发现报错，需要进入查看错误信息，查看路径为：

[root@es local]# cd /usr/local/elk/elasticsearch/data/logs
[root@es local]# tailf elk-cluster.log

具体错误信息，会有如下信息

[ERROR][o.e.b.Bootstrap          ] [elk01] node validation exception
bootstrap checks failed
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解决方式为：

查看配置信息：

[root@es local]# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 3870
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 3870
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[root@es local]# ulimit -n 65536

PS:该项配置，仅限于当前窗口，系统一旦重启，变会恢复，可以使用如下方式修噶

[root@es local]## vim /etc/security/limits.conf  //加入以下配置，重启即可生效
* hard nofile 65536
* soft nofile 65536

修改另一处异常：

[root@es elk]# vim /elasticsearch/elasticsearch-5.3.1/etc/sysctl.conf 
# sysctl settings are defined through files in 
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. 
# 
# Vendors settings live in /usr/lib/sysctl.d/. 
# To override a whole file, create a new file with the same in 
# /etc/sysctl.d/ and put new settings there. To override 
# only specific settings, add a file with a lexically later 
# name in /etc/sysctl.d/ and put new settings there. 
# 
# For more information, see sysctl.conf(5) and sysctl.d(5). 
# 
# vm.swappiness=1 
# 
 vm.max_map_count = 262144

　　

[root@es elk]# sysctl -p
vm.max_map_count = 262144

修复后，重新启动ES，然后查询启动端口号，发现上述配置的9250，以及9350端口号，都已经启动了，ES可以正常访问

[elk@es bin]$ ss -anlt
State      Recv-Q Send-Q                Local Address:Port                               Peer Address:Port              
LISTEN     0      128                               *:22                                            *:*                  
LISTEN     0      100                       127.0.0.1:25                                            *:*                  
LISTEN     0      128                              :::22                                           :::*                  
LISTEN     0      100                             ::1:25                                           :::*                  
LISTEN     0      128                              :::9250                                         :::*                  
LISTEN     0      128                              :::9350                                         :::* 

10：使用

执行如下命令，IP和端口为之前配置好的IP和端口

[root@es elasticsearch-5.3.1]# curl http://192.168.56.101:9250/

返回如下信息，则表示ES执行成功

{
  "name" : "elk01",
  "cluster_name" : "elk-clustern",
  "cluster_uuid" : "srgahQGyTpSS7HfB1wBz_A",
  "version" : {
    "number" : "5.3.1",
    "build_hash" : "c67dc32e24162035d18d6fe1e952c4cbcbe79d16",
    "build_timestamp" : "2016-09-27T18:57:55Z",
    "build_snapshot" : false,
    "lucene_version" : "6.4.2"
  },
  "tagline" : "You Know, for Search"
}