1.CentOS 7安装elasticsearch:
(1)下载elasticsearch-8.3.2-x86_64.rpm:
https://www.elastic.co/cn/downloads/past-releases/elasticsearch-8-3-2
(2)用XFtp将安装包上传到/root目录,使用rpm命令安装(安装目录为/usr/share/elasticsearch):
[root@localhost ~]# rpm -ivh elasticsearch-8.3.2-x86_64.rpm
(3)(可选步骤)创建ca证书+p12秘钥(生成后见/etc/elasticsearch/certs目录):
<1>生成ca证书(cd /usr/share/elasticsearch/bin):
[root@localhost bin]# ./elasticsearch-certutil ca -out /etc/elasticsearch/certs/my-ca.p12
Enter password for my-ca.p12 : #创建ca证书的密码,此处输入123456
<2>根据ca证书生成p12秘钥(cd /usr/share/elasticsearch/bin):
[root@localhost bin]# ./elasticsearch-certutil cert --ca /etc/elasticsearch/certs/my-ca.p12 -out /etc/elasticsearch/certs/my-certificates.p12
Enter password for CA (/etc/elasticsearch/certs/my-ca.p12) : #验证ca证书的密码,此处输入123456
Enter password for my-certificates.p12 : #创建p12秘钥的密码,此处输入123456
<3>将ca证书密码加入ES密码库:
[root@localhost bin]# ./elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
Setting xpack.security.transport.ssl.keystore.secure_password already exists. Overwrite? [y/N]y
Enter value for xpack.security.transport.ssl.keystore.secure_password: #此处输入ca证书密码
<4>将p12秘钥密码加入ES密码库:
[root@localhost bin]# ./elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
Setting xpack.security.transport.ssl.truststore.secure_password already exists. Overwrite? [y/N]y
Enter value for xpack.security.transport.ssl.truststore.secure_password: #此处输入p12秘钥密码
(4)修改配置:
[root@localhost ~]# vi /etc/elasticsearch/elasticsearch.yml
内容如下:
path.data: /var/lib/elasticsearch #数据路径
path.logs: /var/log/elasticsearch #日志路径
network.host: 0.0.0.0 #绑定的IP,0.0.0.0支持外网所有主机访问
http.port: 9200 #外的http端口,默认为9200
bootstrap.memory_lock: true #锁定物理内存地址,避免es频繁swap交换分区(导致IOPS变高)
#新增允许跨域访问
http.cors.enabled: true
http.cors.allow-origin: "*"
#以下为集群相关配置
#cluster.name: es-cluster #集群名称
#node.name: node-1 #当前es节点名称
#discovery.seed_hosts: ["192.168.83.128", "192.168.83.129"]
#集群发现主机IP列表
#cluster.initial_master_nodes: ["node-1", "node-2"] #参加master选举的节点列表
#开启elastic https传输,启用后访问路径为https://ip:port,未启用访问路径为http://ip:port
xpack.security.enabled: false #true启用安全特性,false不启用
xpack.security.enrollment.enabled: false #true为启用
#对HTTP API客户端连接(如Kibana、Logstash、Agents)启用加密
xpack.security.http.ssl:
enabled: false #true为启用
keystore.path: certs/my-ca.p12 #配置为自已的证书文件名
#启用集群节点之间的加密和相互认证
xpack.security.transport.ssl:
enabled: false #true为启用
verification_mode: certificate
keystore.path: certs/my-certificates.p12 #配置为自已的p12秘钥文件名
truststore.path: certs/my-certificates.p12 #配置为自已的p12秘钥文件名
(5)设置开机启动:
[root@localhost ~]# systemctl enable elasticsearch
(6)启动/查看/停止elasticsearch:
[root@localhost ~]# systemctl start elasticsearch
[root@localhost ~]# systemctl status elasticsearch
[root@localhost ~]# systemctl stop elasticsearch
(7)系统调优:
<1>修改/etc/security/limits.conf:
[root@localhost ~]# vi /etc/security/limits.conf
内容如下:
#nofile表示单进程允许打开文件最大个数
* soft nofile 65536 #软限制
* hard nofile 65536 #硬限制
* soft nproc 2048
* hard nproc 4096
<2>修改/etc/sysctl.conf:
[root@localhost ~]# vi /etc/sysctl.conf
内容如下:
vm.max_map_count=655360 #限制一个进程占用的虚拟内存的数量
<3>输入命令让参数生效:
[root@localhost ~]# sysctl -p
(8)安装IK分词器(暂时没找到8.3.2版本的分词器):
[root@localhost ~]# /usr/share/elasticsearch/bin/elasticsearch-plugin install https://.../elasticsearch-analysis-ik-x.x.x.zip
2.CentOS 7中安装kibana:
(1)下载kibana-8.3.2-x86_64.rpm:
https://www.elastic.co/cn/downloads/kibana
(2)用XFtp将安装包上传到/root目录,使用rpm命令安装:
[root@localhost ~]# rpm -ivh kibana-8.3.2-x86_64.rpm
(3)修改配置:
[root@localhost ~]# vi /etc/kibana/kibana.yml
内容如下:
server.port: 5601 #对外端口
server.host: "0.0.0.0" #绑定的IP,0.0.0.0支持外网所有主机访问
elasticsearch.hosts: ["http://192.168.83.128:9200"] #配置elasticsearch服务器地址,开启Xpack时用https
i18n.locale: "zh-CN" #使用中文展示
(4)设置开机启动:
[root@localhost ~]# systemctl enable kibana
(5)启动/查看/停止kibana:
[root@localhost ~]# systemctl start kibana
[root@localhost ~]# systemctl status kibana
[root@localhost ~]# systemctl stop kibana
3.CentOS 7中安装logstash:
(1)下载logstash-8.3.2-x86_64.rpm:
https://www.elastic.co/cn/downloads/logstash
(2)用XFtp将安装包上传到/root目录,使用rpm命令安装:
[root@localhost ~]# rpm -ivh logstash-8.3.2-x86_64.rpm
(3)将logstash-sample.conf拷贝到conf.d目录(cd /etc/logstash):
[root@localhost logstash]# cp logstash-sample.conf conf.d/logstash-sample.conf
(4)修改logstash-sample.conf配置(/etc/logstash/conf.d):
[root@localhost ~]# vi logstash-sample.conf
内容如下:
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://192.168.83.128:9200"] #elasticsearch连接地址与端口,开启Xpack时用https
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
#user => "elastic" #elasticsearch登录用户
#password => "changeme" #elasticsearch登录密码
}
}
(5)测试配置是否正确(cd /usr/share/logstash/bin):
[root@localhost bin]# ./logstash -e "input{stdin{}} output{stdout{}}"
...
[INFO ] 2022-07-14 08:06:35.826 [main] runner - Starting Logstash {"logstash.version"=>"8.3.2", "jruby.version"=>"jruby 9.2.20.1 (2.5.8) 2021-11-30 2a2962fbd1 OpenJDK 64-Bit Server VM 11.0.15+10 on 11.0.15+10 +indy +jit [linux-x86_64]"}
...
[INFO ] 2022-07-14 08:06:42.036 [Api Webserver] agent - Successfully started Logstash API endpoint {:port=>9600, :ssl_enabled=>false}
...
测试输入 #此为命令行输入文本
{
"event" => {
"original" => "测试输入"
},
"host" => {
"hostname" => "localhost.localdomain"
},
"@version" => "1",
"message" => "测试输入",
"@timestamp" => 2022-07-14T12:08:52.522767Z
}
(6)设置开机启动:
[root@localhost ~]# systemctl enable logstash
(7)启动/查看/停止logstash:
[root@localhost ~]# systemctl start logstash
[root@localhost ~]# systemctl status logstash
[root@localhost ~]# systemctl stop logstash