从零构建ELK日志分析平台:Elasticsearch7.9安装

1. 准备

1.1 镜像准备

• 下载elasticsearch镜像

  docker pull elasticsearch:7.9.1
  

  此镜像比较大,如果下载速度过慢,可以配置阿里云docker镜像加速

• 查看下载的elasticsearch镜像

  docker images |grep elastic
  

  

1.2 系统配置

• 设置max_map_count
  ES使用mmapfs来保存索引,系统默认的mmap数太小,可能引发内存溢出

  # root用户操作
  # 编辑配置文件
  vim /etc/sysctl.conf
  # 添加以下内容
  vm.max_map_count = 262144
  
  # 加载配置文件
  sysctl -p
  # 验证配置是否生效
  sysctl vm.max_map_count
  

2. elasticsearch安装

• 2.1 创建目录/root/docker-compose/elasticsearch,用于存放elasticsearch的docker-compose.yml文件

  [root@localhost ~]# mkdir -vp ~/docker-compose/elasticsearch
  mkdir: 已创建目录 "/root/docker-compose/elasticsearch"
  

• 2.2 创建文件/root/docker-compose/elasticsearch/docker-compose.yml,内容如下

  version: '2.2'
  services:
    es:
      image: elasticsearch:7.9.1
      container_name: es01
      hostname: docker-es01
      restart: always
      environment:
        - node.name=es01
        - cluster.name=docker-cluster
        - cluster.initial_master_nodes=es01
        - bootstrap.memory_lock=true
        - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
      ulimits:
        memlock:
          soft: -1
          hard: -1
      volumes:
        - data:/usr/share/elasticsearch/data
      ports:
        - 9200:9200
  volumes:
    data:
  

• 2.3 启动elasticsearch

# 进入docker-compose.yml文件所在目录
[root@localhost ~]# cd /root/docker-compose/elasticsearch/
# 启动elasticsearch
[root@localhost elasticsearch]# docker-compose up -d 
Creating network "elasticsearch_default" with the default driver
Creating volume "elasticsearch_data" with default driver
Creating es01 ... done

# 通过docker ps查看启动情况
[root@localhost elasticsearch]# docker ps |grep elastic
0cf83e9d2ab1        elasticsearch:7.9.1   "/tini -- /usr/loc..."   26 seconds ago      Up 25 seconds       0.0.0.0:9200->9200/tcp, 9300/tcp                       es01

# 如果发现elasticsearch未启动成功,可通过以下命令查看日志进行排查(若有无法解决问题,欢迎留言.)
docker logs es01

3. 验证安装

# 访问es地址
[root@localhost elasticsearch]# curl http://192.168.1.14:9200
{
  "name" : "es01",
  "cluster_name" : "docker-cluster",
  "cluster_uuid" : "k601rishQY60x1qFGpmAxw",
  "version" : {
    "number" : "7.9.1",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "083627f112ba94dffc1232e8b42b73492789ef91",
    "build_date" : "2020-09-01T21:22:21.964974Z",
    "build_snapshot" : false,
    "lucene_version" : "8.6.2",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}


# 从返回信息中可以看出，ES已经启动成功，版本为7.9.1，节点名为es01