ELK集群部署
1 ELK
1.1 elasticsearch 7.4.2
1.1.1 elasticsearch 7.4.2 安装
#下载
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.4.2-linux-x86_64.tar.gz
#解压
tar -zxvf elasticsearch-7.4.2-linux-x86_64.tar.gz
# 移动解压文件 根据自己喜好自由选择
# 根据自己喜好目录
mv elasticsearch-7.4.2 /opt/elasticsearch-7.4.2
# es官方默认目录 推荐使用
mv elasticsearch-7.4.2 /usr/share/elasticsearch
# 常见opt 目录
mv elasticsearch-7.4.2 /opt/elasticsearch
#添加 work用户
useradd work
# 为work添加密码123.abc
passwd work
123.abc
# 删除用户 work
userdel -rf work
# 密码长度
authconfig --passminlen=6 --update
# 添加权限 /opt下所有目录及文件
chown -R work:work /opt
chown -R work:work /opt/elasticsearch-7.4.2/
chown -R work:work /usr/share/elasticsearch/
chown -R work:work /opt/elasticsearch/
#编辑 sysctl.conf 文件
vi /etc/sysctl.conf
##########添加配置############ 就一行
vm.max_map_count=655360
##########添加配置############
# 执行生效命令:
sysctl -p
# 编辑 limits.conf
vi /etc/security/limits.conf
#########添加配置#############
work soft nofile 65536
work soft nproc 4096
work hard nofile 131072
work hard nproc 4096
soft nofile 65536
soft nproc 4096
hard nofile 131072
hard nproc 4096
#########添加配置#############
#切换 root用户
su root
#切换 work用户
su work
#启动服务 根据安装的目录自由选择
sh /opt/elasticsearch-7.4.2/bin/elasticsearch
sh /usr/share/elasticsearch/bin/elasticsearch
sh /opt/elasticsearch/bin/elasticsearch
1.1.2 开机自动启动
1.1.2.1 elasticsearch 文件配置
vi /etc/sysconfig/elasticsearch
官方路径使用配置
注意:此版本自带java环境无需配置java_home
################################
# Elasticsearch
################################
# Elasticsearch home directory
#ES_HOME=/usr/share/elasticsearch
# Elasticsearch Java path
#JAVA_HOME=
# Elasticsearch configuration directory
#ES_PATH_CONF=${path.conf}
# Elasticsearch PID directory
#PID_DIR=/var/run/elasticsearch
# Additional Java OPTS
#ES_JAVA_OPTS=
# Configure restart on package upgrade (true, every other setting will lead to not restarting)
#RESTART_ON_UPGRADE=true
################################
# Elasticsearch service
################################
# SysV init.d
#
# The number of seconds to wait before checking if Elasticsearch started successfully as a daemon process
ES_STARTUP_SLEEP_TIME=5
################################
# System properties
################################
# Specifies the maximum file descriptor number that can be opened by this process
# When using Systemd, this setting is ignored and the LimitNOFILE defined in
# /usr/lib/systemd/system/elasticsearch.service takes precedence
#MAX_OPEN_FILES=65535
# The maximum number of bytes of memory that may be locked into RAM
# Set to "unlimited" if you use the 'bootstrap.memory_lock: true' option
# in elasticsearch.yml.
# When using systemd, LimitMEMLOCK must be set in a unit file such as
# /etc/systemd/system/elasticsearch.service.d/override.conf.
#MAX_LOCKED_MEMORY=unlimited
# Maximum number of VMA (Virtual Memory Areas) a process can own
# When using Systemd, this setting is ignored and the 'vm.max_map_count'
# property is set at boot time in /usr/lib/sysctl.d/elasticsearch.conf
#MAX_MAP_COUNT=262144
参考elasticsearch配置文件
https://github.com/elastic/elasticsearch/blob/master/distribution/packages/src/common/env/elasticsearch
1.1.2.2 elasticsearch.service 文件配置
vi /usr/lib/systemd/system/elasticsearch.service
官方路径使用配置
[Unit]
Description=Elasticsearch
Documentation=http://www.elastic.co
Wants=network-online.target
After=network-online.target
[Service]
Restart=always
Type=notify
RuntimeDirectory=elasticsearch
PrivateTmp=true
Environment=ES_HOME=/usr/share/elasticsearch
Environment=ES_PATH_CONF=/usr/share/elasticsearch/config
Environment=PID_DIR=/var/run/elasticsearch
Environment=ES_SD_NOTIFY=true
EnvironmentFile=/etc/sysconfig/elasticsearch
WorkingDirectory=/usr/share/elasticsearch
User=work
Group=work
ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet
# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# elasticsearch logging system is initialized. Elasticsearch
# stores its logs in /var/log/elasticsearch and does not use
# journalctl by default. If you also want to enable journalctl
# logging, you can simply remove the "quiet" option from ExecStart.
StandardOutput=journal
StandardError=inherit
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65535
# Specifies the maximum number of processes
LimitNPROC=4096
# Specifies the maximum size of virtual memory
LimitAS=infinity
# Specifies the maximum file size
LimitFSIZE=infinity
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=0
# SIGTERM signal is used to stop the Java process
KillSignal=SIGTERM
# Send the signal only to the JVM rather than its control group
KillMode=process
# Java process is never killed
SendSIGKILL=no
# When a JVM receives a SIGTERM signal it exits with code 143
SuccessExitStatus=143
[Install]
WantedBy=multi-user.target
# Built for ${project.name}-${project.version} (${project.name})
注意:User=work
Group=work es启动不能用root账户
参考 elasticsearch.service 文件配置
https://github.com/elastic/elasticsearch/blob/master/distribution/packages/src/common/systemd/elasticsearch.service
1.1.3 elasticsearch 集群配置
编辑 elasticsearch.yml 配置文件
1.1.3.1 节点1配置
cluster.name: cluster-es
node.name: node-1
network.host: 0.0.0.0
network.publish_host: 192.168.100.100
#是否有资格选举成master
#node.master: true
#node.data: true
discovery.seed_hosts: ["192.168.100.100:9300","192.168.100.101:9300","192.168.100.102:9300"]
#cluster.initial_master_nodes: ["node-1","node-2","node-3"]
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
#discovery.zen.minimum_master_nodes: 2
#cluster.remote.connect: true
http.cors.enabled: true
http.cors.allow-origin: "*"
1.1.3.2 节点2配置
cluster.name: cluster-es
node.name: node-2
network.host: 0.0.0.0
network.publish_host: 192.168.100.101
#是否有资格选举成master
#node.master: true
#node.data: true
#transport.tcp.port: 9300
discovery.seed_hosts: ["192.168.100.100:9300","192.168.100.101:9300","192.168.100.102:9300"]
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
discovery.zen.minimum_master_nodes: 2
#cluster.remote.connect: true
http.cors.enabled: true
http.cors.allow-origin: "*"
1.1.3.3 节点3配置
cluster.name: cluster-es
node.name: node-3
network.host: 0.0.0.0
network.publish_host: 192.168.100.102
#是否有资格选举成master
#node.master: true
#node.data: true
discovery.seed_hosts: ["192.168.100.100:9300","192.168.100.101:9300","192.168.100.102:9300"]
#cluster.initial_master_nodes: ["node-1","node-2","node-3"]
cluster.initial_master_nodes: ["node-1","node-2","node-3"]
discovery.zen.minimum_master_nodes: 2
#cluster.remote.connect: true
http.cors.enabled: true
http.cors.allow-origin: "*"