安装教程
https://cloud.tencent.com/developer/article/1115956
安装的一些说明
1:启动步骤为 logstash——>elasticsearch->kibana
2:elasticsearch和logstash的jvm配置默认都比较高,本地测试的时候有可能报内存不足,请修改
3:elasticsearch的启动不能用root用户组,需要新创建,下面给出步骤
4:
安装准备:
- 环境信息
- 环境:Centos7.2
- 软件环境:jdk1.8
- 安装:elasticsearch[6.5.1]、logstash[6.5.1]、Kibana[6.5.1]
- 前期准备:
- elasticsearch的用户组设置
elasticsearch不能使用root用户组去启动,我们新建一个用户组,创建一个用户,然后把elasticsearch的相关文件夹设置为非root的用户中
#创建kunzai用户组及kunzai用户
groupadd kunzai
useradd kunzai -g kunzai -p admin
#更改elasticsearch文件夹及内部文件的所属用户及组为kunzai:kunzai
#elasticsearch为你elasticsearch的目录名称
chown -R kunzai:kunzai elasticsearch
切换到kunzai用户再启动
su kunzai #切换账户
elasticsearch的安装与设置:
- 设置elasticsearch的相关配置
- 修改jvm的配置
vim /usr/local/opt/elasticsearch-6.5.1/config/jvm.options
#修改为
-Xms512m
-Xmx512m
- 修改elasticsearch的配置文件
vim /usr/local/opt/elasticsearch-6.5.1/config/elasticsearch.yml
#找到配置文件中的cluster.name,打开该配置并设置集群名称
cluster.name: demon
#找到配置文件中的node.name,打开该配置并设置节点名称
node.name: elk-1
#修改data存放的路径
path.data: /data/es-data
#修改logs日志的路径
path.logs: /var/log/elasticsearch/
#配置内存使用用交换分区
bootstrap.memory_lock: true
#监听的网络地址
network.host: 0.0.0.0
#开启监听的端口
http.port: 9200
- 设置elasticsearch相关文件夹赋予新用户组
#创建elasticsearch的data的存放目录,并修改该目录的属主属组
mkdir -p /usr/data/es-data #(自定义用于存放data数据的目录)
chown -R kunzai:kunzai /usr/data/es-data
#修改elasticsearch的日志属主属组
chown -R kunzai:kunzai /var/log/elasticsearch/
- 启动
[root@localhost bin]# ./elasticsearch
[2018-12-08T16:06:02,716][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [es-kunzai-node-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.5.1.jar:6.5.1]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.5.1.jar:6.5.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:103) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:170) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.1.jar:6.5.1]
... 6 more
#切换为kunzai用户
[root@localhost bin]# su kunzai
[kunzai@localhost bin]$
[kunzai@localhost bin]$ ./elasticsearch
OpenJDK 64-Bit Server VM warning: Cannot open file logs/gc.log due to Permission denied
Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: java.nio.file.AccessDeniedException: /usr/local/opt/elasticsearch-6.5.1/config/elasticsearch.keystore
Likely root cause: java.nio.file.AccessDeniedException: /usr/local/opt/elasticsearch-6.5.1/config/elasticsearch.keystore
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
at java.nio.file.Files.newByteChannel(Files.java:361)
at java.nio.file.Files.newByteChannel(Files.java:407)
at org.apache.lucene.store.SimpleFSDirectory.openInput(SimpleFSDirectory.java:77)
at org.elasticsearch.common.settings.KeyStoreWrapper.load(KeyStoreWrapper.java:215)
at org.elasticsearch.bootstrap.Bootstrap.loadSecureSettings(Bootstrap.java:230)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:295)
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136)
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86)
Refer to the log for complete error details.
#出现上面的错误(无权限访问)
查看/usr/local/opt/elasticsearch-6.5.1/config/elasticsearch.keystore文件的信息
[kunzai@localhost config]$ ll
总用量 36
-rw-rw----. 1 root root 207 Dec 8 16:05 elasticsearch.keystore
切换到root用户再次将此文件分配到kunzai用户组下
[kunzai@localhost config]$ su
密码:此处输入密码
[root@localhost config]# chown -R kunzai:kunzai elasticsearch.keystore
[root@localhost config]# ll
总用量 36
-rw-rw----. 1 kunzai kunzai 207 Dec 8 16:05 elasticsearch.keystore
#再次启动
#剩下如果还遇到权限不足的,一样操作
再次启动报错
#继续使用kunzai启动-又出现一点错误-修改
........错误省略
[2018-12-08T16:28:47,663][INFO ][o.e.t.TransportService ] [es-kunzai-node-1] publish_address {192.168.137.128:9300}, bound_addresses {[::]:9300}
[2018-12-08T16:28:47,764][INFO ][o.e.b.BootstrapChecks ] [es-kunzai-node-1] bound or publishing to a non-loopback address, enforcing bootstrap checks
————》ERROR: [2] bootstrap checks failed
————》[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
————》[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解决办法:
1:登录到root用户,修改如下
[kunzai@localhost bin]$ su
密码:
[root@localhost bin]# vim /etc/security/limits.conf
在末尾追加以下内容(elk为启动用户,当然也可以指定为*,我们这里可以设置为*)
#elk soft nofile 65536
* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 2048
* soft memlock unlimited
* hard memlock unlimited
2:继续再修改一个参数
[root@centos7.4-64 ~]# vim /etc/security/limits.conf
修改或添加
* hard nproc 4096
切换用户,如果还是不行则修改:/etc/security/limits.d/20-nproc.conf,其他文章上写的都是修改90-nproc.conf
不过我这个安装之后没有这个文件,只有一个20-nproc.conf,我的修改这个就行,刚开始学不知道什么原因
将里面的1024改为2048(ES最少要求为2048)
[root@centos7.4-64 ~]# vim /etc/security/limits.d/20-nproc.conf
将内容改为:
* soft nproc 4096
* hard nproc 4096 #(这是新增的)
如果是使用xshell开两个窗口的话修改完成之后一定要断开重新登录一下哦
---修改内容
1.max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
修改/etc/security/limits.conf文件,添加或修改如下行:
* hard nofile 65536
* soft nofile 65536
2.max virtual memory areas vm.max......
修改 /etc/sysctl.conf 文件,添加如下行:
vm.max_map_count=262144
修改好了以后,调用sysctl -a查看,发现参数并没有变动,使用(sudo sysctl -p )让配置生效或者要重启才可以。
重启以后,再启动es即可,就可以通过主机ip访问。
安装elasticsearch-head插件
安装docker镜像或者通过github下载elasticsearch-head项目都是可以的,1或者2两种方式选择一种安装使用即可
1. 使用docker的集成好的elasticsearch-head
# docker run -p 9100:9100 mobz/elasticsearch-head:5
docker容器下载成功并启动以后,运行浏览器打开http://localhost:9100/
2. 使用git安装elasticsearch-head
# yum install -y npm
# git clone git://github.com/mobz/elasticsearch-head.git
# cd elasticsearch-head
# npm install
# npm run start
检查端口是否起来
netstat -antp |grep 9100
浏览器访问测试是否正常
http://IP:9100/
一些操作:
查看服务状态,如果有报错可以去看错误日志 less /var/log/elasticsearch/集群 名称.log(日志的名称是以集群名称命名的)
创建开机自启动服务
# chkconfig elasticsearch on
#后台启动
elasticsearch -d