zoukankan      html  css  js  c++  java
  • ELK-elasticsearch-6.3.2部署

    参考博客:linux下ElasticSearch.6.2.2集群安装与head、Kibana、X-Pack..插件的配置安装

    参考博客:ELK5.5.1 插件安装实践纪要(head/bigdesk/kopf/cerebo/中文分词插件)

    参考博客:ELK构建MySQL慢日志收集平台详解

    参考博客:针对Logstash吞吐量一次优化

    参考博客:ElasticStack系列之十八 & ElasticSearch5.x XPack 过期新 License 更新

    1. 主机规划

    主机名称

    IP信息

    内网IP

    操作系统

    安装软件

    备注:运行程序

    mini01

    10.0.0.11

    172.16.1.11

    CentOS 7.4

    2G内存

    jdk、elasticsearch、kibana

    插件head、bigdesk、cerebro

    mini02

    10.0.0.12

    172.16.1.12

    CentOS 7.4

    4G内存

    jdk、elasticsearch、logstash

    mini03

    10.0.0.13

    172.16.1.13

    CentOS 7.4

    4G内存

    jdk、elasticsearch、logstash

    mini04

    10.0.0.14

    172.16.1.14

    CentOS 7.4

    jdk、logstash

    添加hosts信息,保证每台都可以相互ping通

    1 [root@mini01 ~]# cat /etc/hosts  
    2 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
    3 ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
    4 
    5 10.0.0.11    mini01
    6 10.0.0.12    mini02
    7 10.0.0.13    mini03
    8 10.0.0.14    mini04
    9 10.0.0.15    mini05

    windows的hosts文件也追加如下信息

    1 c:windowssystem32driversetc
    2 ########################################## 追加信息如下:
    3 10.0.0.11    mini01
    4 10.0.0.12    mini02
    5 10.0.0.13    mini03
    6 10.0.0.14    mini04
    7 10.0.0.15    mini05

    2. 添加用户账号

    1 # 使用一个专门的用户,避免直接使用root用户
    2 # 添加用户、指定家目录并指定用户密码
    3 useradd -d /app yun && echo '123456' | /usr/bin/passwd --stdin yun
    4 # sudo提权
    5 echo "yun  ALL=(ALL)       NOPASSWD: ALL" >>  /etc/sudoers
    6 # 让其它普通用户可以进入该目录查看信息
    7 chmod 755 /app/

    3. Jdk【java8】

    3.1. 软件安装

     1 [yun@mini01 software]# pwd
     2 /app/software
     3 [yun@mini01 software]# tar xf jdk1.8.0_112.tar.gz 
     4 [yun@mini01 software]# ll
     5 total 201392
     6 drwxr-xr-x 8   10  143      4096 Dec 20 13:27 jdk1.8.0_112
     7 -rw-r--r-- 1 root root 189815615 Mar 12 16:47 jdk1.8.0_112.tar.gz
     8 [yun@mini01 software]# mv jdk1.8.0_112/ /app/
     9 [yun@mini01 software]# cd /app/
    10 [yun@mini01 app]# ll
    11 total 8
    12 drwxr-xr-x  8   10   143 4096 Dec 20 13:27 jdk1.8.0_112
    13 [yun@mini01 app]# ln -s jdk1.8.0_112/ jdk
    14 [yun@mini01 app]# ll
    15 total 8
    16 lrwxrwxrwx  1 root root    13 May 16 23:19 jdk -> jdk1.8.0_112/
    17 drwxr-xr-x  8   10   143 4096 Dec 20 13:27 jdk1.8.0_112

    3.2. 环境变量

     1 [root@mini01 ~]$ pwd
     2 /app
     3 [root@mini01 ~]$ ll -d jdk*  # 选择jdk1.8  
     4 lrwxrwxrwx 1 yun yun   11 Mar 15 14:58 jdk -> jdk1.8.0_112
     5 drwxr-xr-x 8 yun yun 4096 Dec 20 13:27 jdk1.8.0_112
     6 [root@mini01 profile.d]$ pwd
     7 /etc/profile.d
     8 [root@mini01 profile.d]$ cat jdk.sh # java环境变量   
     9 export JAVA_HOME=/app/jdk
    10 export JRE_HOME=/app/jdk/jre
    11 export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib:$CLASSPATH
    12 export PATH=$JAVA_HOME/bin:$PATH
    13 
    14 [root@mini01 profile.d]# source /etc/profile
    15 [root@mini01 profile.d]$ java -version  
    16 java version "1.8.0_112"
    17 Java(TM) SE Runtime Environment (build 1.8.0_112-b15)
    18 Java HotSpot(TM) 64-Bit Server VM (build 25.112-b15, mixed mode)

    4. elasticsearch部署

    4.1. 软件部署

    1 [yun@mini01 software]$ pwd
    2 /app/software
    3 [yun@mini01 software]$ tar xf elasticsearch-6.3.2.tar.gz 
    4 [yun@mini01 software]$ mv elasticsearch-6.3.2 /app/
    5 [yun@mini01 software]$ cd /app/
    6 [yun@mini01 ~]$ ln -s elasticsearch-6.3.2/ elasticsearch

    4.2. 环境变量

           所有安装es的机器都要有该配置

    1 [root@mini01 profile.d]# pwd
    2 /etc/profile.d
    3 [root@mini01 profile.d]# cat es.sh 
    4 export ES_HOME="/app/elasticsearch"
    5 export PATH=$ES_HOME/bin:$PATH
    6 
    7 [root@mini01 profile.d]# logout
    8 [yun@mini01 es-data]$ source /etc/profile  # 重加在环境变量

    4.3. 配置修改

           由于node.name使用了变量,所以所有集群的该配置都可以一样

     1 [yun@mini01 config]$ pwd
     2 /app/elasticsearch/config
     3 [yun@mini01 config]$ vim elasticsearch.yml
     4 ………………
     5 # ---------------------------------- Cluster -----------------------------------
     6 #
     7 # Use a descriptive name for your cluster:
     8 #
     9 #cluster.name: my-application
    10 # 集群名称
    11 cluster.name: zhang-es
    12 #
    13 # ------------------------------------ Node ------------------------------------
    14 #
    15 # Use a descriptive name for the node:
    16 #
    17 #node.name: node-1
    18 # 节点名称
    19 node.name: ${HOSTNAME}
    20 
    21 #
    22 # Add custom attributes to the node:
    23 ………………
    24 # Path to directory where to store the data (separate multiple locations by comma):
    25 #
    26 #path.data: /path/to/data
    27 # 该目录需要创建
    28 path.data: /app/es-data
    29 
    30 #
    31 # Path to log files:
    32 #
    33 #path.logs: /path/to/logs
    34 # 该目录需要创建
    35 path.logs: /app/es-data/logs
    36 ………………
    37 # Lock the memory on startup:
    38 #
    39 # 锁定内存
    40 bootstrap.memory_lock: true
    41 #
    42 ………………
    43 # Set the bind address to a specific IP (IPv4 or IPv6):
    44 #
    45 #network.host: 192.168.0.1
    46 # 绑定
    47 network.host: 0.0.0.0
    48 
    49 #
    50 # Set a custom port for HTTP:
    51 #
    52 http.port: 9200
    53 #
    54 ………………
    55 # Elasticsearch performs poorly when the system is swapping the memory.
    56 #
    57 #discovery.zen.ping.unicast.hosts: ["host1", "host2"]
    58 # 集群节点ip或者主机
    59 discovery.zen.ping.unicast.hosts: ["mini01", "mini02", "mini03"]
    60 
    61 #
    62 # Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
    63 #
    64 # 防止脑裂配置,注意在多master时,这个值应该等于 Math.floor(master候选节点数/2)+1
    65 # 意思是master候选节点的数目最少达到多少个,才去选举master
    66 # 没有这个配置,在多master时容易造成脑裂,出现多个集群
    67 # 这里只有一个master就设置成1即可  【默认为1】
    68 #discovery.zen.minimum_master_nodes: 
    69 ………………
    70 #action.destructive_requires_name: true
    71 
    72 # 下面两行配置为haad和bigdesk插件配置,各服务器一致
    73 http.cors.enabled: true
    74 http.cors.allow-origin: "*"

    4.4. 启动es程序

     1 # -d 后台运行   -p 指定pid文件
     2 [yun@mini01 ~]$ elasticsearch -d -p /app/elasticsearch/es.pid  # 添加了环境变量,所以可以在任何地方启动程序 
     3 [yun@mini01 ~]$ cat elasticsearch/es.pid 
     4 2637
     5 [yun@mini01 ~]$ netstat -lntup | grep '9200'
     6 (Not all processes could be identified, non-owned process info
     7  will not be shown, you would have to be root to see it all.)
     8 tcp6       0      0 :::9200                 :::*                    LISTEN      2637/java   
     9 [yun@mini01 ~]$ kill -9 2637   # 停止es
    10 [yun@mini01 ~]$ ps -ef | grep 'ela'
    11 yun        3263   1807  0 20:56 pts/0    00:00:00 grep --color=auto ela

    4.5. 浏览器访问

    1 http://mini01:9200/    
    2 http://mini02:9200/    
    3 http://mini03:9200/    

    4.6. 启动报错与解决

    1 # 启动报错如下:
    2 [3] bootstrap checks failed
    3 [1]: max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536]
    4 [2]: memory locking requested for elasticsearch process but memory is not locked
    5 [3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

    4.6.1. 解决1和2

     1 # 将 soft nofile和hard nofile从 65535 改为 131070,如下:
     2 # 添加soft memlock和hard memlock
     3 [yun@mini01 ~]$ tail /etc/security/limits.conf   # 需要退出重新登录才生效
     4 #*               hard    rss             10000
     5 #@student        hard    nproc           20
     6 #@faculty        soft    nproc           20
     7 #@faculty        hard    nproc           50
     8 #ftp             hard    nproc           0
     9 #@student        -       maxlogins       4
    10 
    11 # End of file
    12 * soft nofile 131070
    13 * hard nofile 131070
    14 * soft memlock unlimited
    15 * hard memlock unlimited

    4.6.2. 解决3

    1 [root@mini01 ~]# vim /etc/sysctl.conf  # 追加如下信息
    2 ………………
    3 
    4 vm.max_map_count=655360
    5 [root@mini01 ~]# sysctl -p  # 生效

    5. ES的XPack 过期新 License 更新

           当我们直接访问ES的索引,出现如下信息时,表示license已经过期,需要重新更新

           其中涉及ES的账号信息------elastic:是可以 build 这个项目的超级用户,对应默认的密码为:changeme

    命令行访问

     1 [yun@mini02 ~]$ curl -XGET -u elastic:changeme 'http://mini01:9200/_xpack/license'
     2 {
     3   "license" : {
     4     "status" : "expired",
     5     "uid" : "59bc0e32-685b-48a9-bfdb-ddd373f672ab",
     6     "type" : "trial",
     7     "issue_date" : "2018-06-03T08:56:33.376Z",
     8     "issue_date_in_millis" : 1528016193376,
     9     "expiry_date" : "2018-07-03T08:56:33.376Z",
    10     "expiry_date_in_millis" : 1530608193376,
    11     "max_nodes" : 1000,
    12     "issued_to" : "zhang-es",
    13     "issuer" : "elasticsearch",
    14     "start_date_in_millis" : -1
    15   }
    16 }
    17 [yun@mini02 ~]$ curl -XGET -u elastic:changeme 'http://mini01:9200/_cat/indices'
    18 {"error":{"root_cause":[{"type":"security_exception","reason":"current license is non-compliant for [security]","license.expired.feature":"security"}],"type":"security_exception","reason":"current license is non-compliant for [security]","license.expired.feature":"security"},"status":403}

    浏览器访问

    1 http://mini01:9200/_cat/indices    

    获取License 

    1 https://register.elastic.co/marvel_register    

           需要你输入你对应的邮箱等基本信息,随便填写,但是邮箱和国家必须是真实的,将对应新下载的 license 上传到对应集群的某一台服务器上即可,我将我下载的一堆很长名字的 license 修改为简单的名称即:

    mv xxxxx-license.json license.json

    更新 license

           我们更新最新的 license 不需要重启相应的 ElasticSearch 节点,只需要通过一个命令就可以动态的生效

     1 [yun@mini02 ~]$ curl -XPUT -u elastic:changeme 'http://mini01:9200/_xpack/license?acknowledge=true' -H "Content-Type: application/json" -d @license.json 
     2 {"acknowledged":true,"license_status":"valid"}
     3 [yun@mini02 ~]$ curl -XGET -u elastic:changeme 'http://mini01:9200/_xpack/license'
     4 {
     5   "license" : {
     6     "status" : "active",
     7     "uid" : "aad141e1-c24b-453c-92d1-0fdf5ac63540",
     8     "type" : "basic",
     9     "issue_date" : "2018-09-07T00:00:00.000Z",
    10     "issue_date_in_millis" : 1536278400000,
    11     "expiry_date" : "2019-09-07T23:59:59.999Z",
    12     "expiry_date_in_millis" : 1567900799999,
    13     "max_nodes" : 100,
    14     "issued_to" : "zhang lia (myself)",
    15     "issuer" : "Web Form",
    16     "start_date_in_millis" : 1536278400000
    17   }
    18 }

    之后就可以正常访问了

    1 [yun@mini02 ~]$ curl http://mini01:9200/_cat/indices
    2 green open logstash-2018.08.21         MoHGSrCBQgyYrA5PLcHePg 5 1     9 0  74.5kb  37.2kb
    3 green open nginx-access-log-2018.08.25 TJRUOCELRPaNBLj_t943Ww 5 1   121 0 652.8kb 321.3kb
    4 green open httpd-access-log-2018.08.31 21NENLdBTNu49oIg9bIlnw 5 1   573 0 739.6kb 409.6kb
    5 green open index-demo                  cTz0lN39SmSQfOLAM89GRg 5 1     2 0  17.9kb   8.9kb
    6 green open system-rsyslog-2018.08      zHmPivsQS72dtkQzVhIFBQ 5 1   154 0 605.9kb 302.9kb
    7 ………………

  • 相关阅读:
    Excel长数字防止转换为科学计数法
    SVN迁移部署
    且行且珍惜
    功能的权衡——推荐功能做不做?
    渗透小白如何学编程
    Metasploit log命令技巧
    Metasploit 使用msfconsole帮助功能技巧
    Metasploit resource命令技巧
    Metasploit makerc命令技巧
    Metasploit irb命令使用技巧
  • 原文地址:https://www.cnblogs.com/zhanglianghhh/p/9608119.html
Copyright © 2011-2022 走看看