目录
环境准备
软件版本
| 软件 | 版本 |
|---|---|
| jdk | >=1.8 |
| elasticsearch | 7.5.2 |
| kibana | 7.5.2 |
| logstash | 7.5.2 |
安装方式
rpm包安装
安装elasticsearch
修改系统默认nofile, memlock以及nproc
echo -e "* soft nofile 65535
* hard nofile 65535
elasticsearch soft memlock unlimited
elasticsearch hard memlock unlimited
elasticsearch soft nproc 4096
elasticsearch hard nproc 4096" >> /etc/security/limits.conf
安装elasticsearch
rpm -ivh elasticsearch-7.5.2-x86_64.rpm
系统版本不同执行命令之后可能会出现如下报错, 可以忽略
以下命令所有节点都要执行
mkdir /etc/elasticsearch/certs
chown -R elasticsearch:elasticsearch /etc/elasticsearch/
echo "JAVA_HOME=/usr/share/elasticsearch/jdk" >> /etc/sysconfig/elasticsearch
export JAVA_HOME=/usr/share/elasticsearch/jdk
以下命令只在其中一个节点执行
cd /usr/share/elasticsearch/
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 #一直回车, 不需要输入任何信息
cp elastic-certificates.p12 /etc/elasticsearch/certs
chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
chmod 777 /etc/elasticsearch/certs/elastic-certificates.p12
要把该节点证书/etc/elasticsearch/certs/elastic-certificates.p12拷贝到其他节点的/etc/elasticsearch/certs目录下, 并在其余节点执行以下命令
chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
chmod 777 /etc/elasticsearch/certs/elastic-certificates.p12
以下命令所有节点都要执行
cd /etc/elasticsearch/
cp elasticsearch.yml elasticsearch.yml.bak
mkdir -pv /data1/elasticsearch
mkdir -pv /data1/log/elasticsearch
chown -R elasticsearch:elasticsearch /data1/elasticsearch
chown -R elasticsearch:elasticsearch /data1/log/
生成配置文件, 所有节点都要执行
cat << EOF > /etc/elasticsearch/elasticsearch.yml
cluster.name: hrbbank_es_cluster
node.name: es-node01 #每个节点的名字不能重复
node.master: true
node.data: true
path.data: /data1/elasticsearch
path.logs: /data1/log/elasticsearch
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
network.host: 35.14.8.21 #改成本机IP
http.port: 9200
transport.tcp.port: 9300
transport.tcp.compress: true
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["35.14.8.21", "35.14.8.22", "35.14.8.23"]
discovery.zen.minimum_master_nodes: 2
cluster.initial_master_nodes: ["es-node01", "es-node02","es-node03"]
node.attr.rack_id: rack_one
cluster.routing.allocation.awareness.attributes: rack_id
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic-certificates.p12
EOF
安装ik中文分词器, 所有节点都要执行
unzip -d /usr/share/elasticsearch/plugins/ik elasticsearch-analysis-ik-7.5.2.zip
启动服务
/etc/init.d/elasticsearch start #centos6
systemctl start elasticsearch #centos7
netstat -lntp|grep 9200 #启动命令执行完后, 等待一分钟查看9200端口是否启动
设置访问密码命令, 其中一台节点执行即可
export JAVA_HOME=/usr/share/elasticsearch/jdk
cd /usr/share/elasticsearch/
bin/elasticsearch-setup-passwords interactive
#其中注意elastic用户的密码是前端kibana登录时需要用到的密码
验证elasticsearch集群搭建成功
[root@elasticsearch_68 ~]# curl -u elastic:123456 -XGET http://192.168.68.3:9200/_cat/nodes?pretty
192.168.69.3 40 95 6 0.02 0.19 0.73 dilm * es-node02
192.168.68.3 61 98 30 0.00 0.04 0.11 dilm - es-node01
192.168.70.3 39 95 26 0.77 0.68 0.44 dilm - es-node03
安装kibana
简单粗暴, 没什么好说的
rpm -ivh kibana-7.5.2-x86_64.rpm
cd /etc/kibana/
mv kibana.yml kibana.yml.bak
cat << EOF > kibana.yml
server.port: 5601
server.host: "35.14.8.21"
server.name: "hrbbank-kibana"
elasticsearch.hosts: ["http://35.14.8.21:9200", "http://35.14.8.22:9200", "http://35.14.8.23:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "hrbbank"
i18n.locale: "zh-CN"
EOF
#启动服务
/etc/init.d/kibana start #centos6
systemctl start kibana #centos7
安装logstash
修改系统默认nofile, memlock以及nproc
echo -e "* soft nofile 65535
* hard nofile 65535
elasticsearch soft memlock unlimited
elasticsearch hard memlock unlimited
elasticsearch soft nproc 4096
elasticsearch hard nproc 4096" >> /etc/security/limits.conf
初始化logstash环境
cat << EOF > /etc/default/logstash
LS_HOME="/usr/share/logstash"
LS_SETTINGS_DIR="/etc/logstash"
LS_PIDFILE="/var/run/logstash.pid"
LS_USER="logstash"
LS_GROUP="logstash"
LS_GC_LOG_FILE="/var/log/logstash/gc.log"
LS_OPEN_FILES="16384"
LS_NICE="19"
SERVICE_NAME="logstash"
SERVICE_DESCRIPTION="logstash"
EOF
安装logstash
export JAVA_HOME=/usr/share/jdk #根据自己环境的jdk路径设置JAVA_HOME, 最好写到/etc/profile文件中
rpm -ivh logstash-7.5.2.rpm
修改/etc/logstash/jvm.options
-Xms8g
-Xmx8g
启动logstash
#centos6没有logstash启动脚本, 直接用命令启动
nohup /usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash" &
#centos7可以直接使用systemctl启动
systemctl start logstash