本文转载于个人博客:https://docs.wziqi.vip/
文档地址:
官网文档地址: https://www.elastic.co/guide/index.html
rpm包/源码下载地址:https://www.elastic.co/cn/downloads
源码安装-环境准备:
node-001 192.168.1.81
node-002 192.168.1.82
node-003 192.168.1.83
在每台机器上都拉取rpm包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.0-linux-x86_64.tar.gz # ES的,我用的7.14.0版本
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.14.0-linux-x86_64.tar.gz # Kibana 的,版本要一致,只在node-001上安装
修改一下解析hosts文件,这一步每台机器都要配置
vim /etc/hosts
192.168.1.81 node-001
192.168.1.82 node-002
192.168.1.83 node-003
解压ES源码包
每一台ES机器都需要执行
# 切到工作目录
mkdir /opt/elk && cd /opt/elk
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.0-linux-x86_64.tar.gz
tar xf elasticsearch-7.14.0-linux-x86_64.tar.gz
cd elasticsearch-7.14.0
修改ES集群配置文件
####### node-001 配置文件基本一样,只是节点名称换了
egrep -v "^#|^&" config/elasticsearch.yml
cluster.name: elk # 集群名称
node.name: node-001 # 节点名称
path.data: /opt/elk/data # 自定义数据目录
path.logs: /opt/elk/logs # 自定义logs文件目录
network.host: 0.0.0.0 # 配置那些ip可以访问
http.port: 9200 # 配置端口
discovery.seed_hosts: ["192.168.1.81:9300", "192.168.1.82:9300","192.168.1.83:9300"] # 这是配置集群访问端口的,也可以配置为node-001......之类的只要配置了hosts就行,他会自动拼接ip:9300
cluster.initial_master_nodes: ["node-001", "node-002","node-003"] # 配置节点信息。我上边节点名称用了node-001...这边就配置node-001...
######## node-002
egrep -v "^#|^&" config/elasticsearch.yml
cluster.name: elk # 集群名称
node.name: node-002 # 节点名称
path.data: /opt/elk/data # 自定义数据目录
path.logs: /opt/elk/logs # 自定义logs文件目录
network.host: 0.0.0.0 # 配置那些ip可以访问
http.port: 9200 # 配置端口
discovery.seed_hosts: ["192.168.1.81:9300", "192.168.1.82:9300","192.168.1.83:9300"] # 这是配置集群访问端口的,也可以配置为node-001......之类的只要配置了hosts就行,他会自动拼接ip:9300
cluster.initial_master_nodes: ["node-001", "node-002","node-003"] # 配置节点信息。我上边节点名称用了node-001...这边就配置node-001...
########## node-003
egrep -v "^#|^&" config/elasticsearch.yml
cluster.name: elk # 集群名称
node.name: node-003 # 节点名称
path.data: /opt/elk/data # 自定义数据目录
path.logs: /opt/elk/logs # 自定义logs文件目录
network.host: 0.0.0.0 # 配置那些ip可以访问
http.port: 9200 # 配置端口
discovery.seed_hosts: ["192.168.1.81:9300", "192.168.1.82:9300","192.168.1.83:9300"] # 这是配置集群访问端口的,也可以配置为node-001......之类的只要配置了hosts就行,他会自动拼接ip:9300
cluster.initial_master_nodes: ["node-001", "node-002","node-003"] # 配置节点信息。我上边节点名称用了node-001...这边就配置node-001...
修改服务器参数
#### 每台ES服务器都需要执行
vim /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65537
vim /etc/sysctl.conf
vm.max_map_count=262144
sysctl -p
启动ES集群
#### 每台ES服务器都需要执行
# 因为ES不允许用root用户启动,所以我就创建一个普通用户来进行管理
useradd elsearch && echo "elsearchpassword" | passwd --stdin "elsearch" # 创建一个普通用户
chown -R elsearch:elsearch /opt/elk/ # 给es源码换一下所属组和主
su elsearch # 切到普通用户进行操作
cd /opt/elk # 切到工作目录准备启动
./bin/elasticsearch -d # 后台运行启动(第一次启动可以先不加-d前台运行看下有没有问题和报错)
启动后可以浏览器 ip:9200 测试看下,可以看到信息说明已经启动成功
解压Kibana源码包
##### 只需要在一台机器上启动即可
cd /opt/elk
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.14.0-linux-x86_64.tar.gz
tar xf kibana-7.14.0-linux-x86_64.tar.gz
cd kibana-7.14.0-linux-x86_64
修改Kibana配置文件
egrep -v "^#|^%" config/kibana.yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.1.81:9200","http://192.168.1.82:9200","http://192.168.1.83:9200"]
i18n.locale: "zh-CN"
启动Kibana,后台运行
./bin/kibana &
只要不报错过一会儿浏览器访问 ip:5601 就可以看到Kibana了
查看ES集群运行状态
给ES实例都配置上密码
###### 先修改一下配置文件
######
su elsearch # 切到普通用户进行操作,以免有权限问题
egrep -v "^#|^&" config/elasticsearch.yml
cluster.name: elk # 集群名称
node.name: node-001 # 节点名称
path.data: /opt/elk/data # 自定义数据目录
path.logs: /opt/elk/logs # 自定义logs文件目录
network.host: 0.0.0.0 # 配置那些ip可以访问
http.port: 9200 # 配置端口
discovery.seed_hosts: ["192.168.1.81:9300", "192.168.1.82:9300","192.168.1.83:9300"] # 这是配置集群访问端口的,也可以配置为node-001......之类的只要配置了hosts就行,他会自动拼接ip:9300
cluster.initial_master_nodes: ["node-001", "node-002","node-003"] # 配置节点信息。我上边节点名称用了node-001...这边就配置node-001...
xpack.security.enabled: true # 配置加密
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
######## node-002
egrep -v "^#|^&" config/elasticsearch.yml
cluster.name: elk # 集群名称
node.name: node-002 # 节点名称
path.data: /opt/elk/data # 自定义数据目录
path.logs: /opt/elk/logs # 自定义logs文件目录
network.host: 0.0.0.0 # 配置那些ip可以访问
http.port: 9200 # 配置端口
discovery.seed_hosts: ["192.168.1.81:9300", "192.168.1.82:9300","192.168.1.83:9300"] # 这是配置集群访问端口的,也可以配置为node-001......之类的只要配置了hosts就行,他会自动拼接ip:9300
cluster.initial_master_nodes: ["node-001", "node-002","node-003"] # 配置节点信息。我上边节点名称用了node-001...这边就配置node-001...
xpack.security.enabled: true # 配置加密
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
########## node-003
egrep -v "^#|^&" config/elasticsearch.yml
cluster.name: elk # 集群名称
node.name: node-003 # 节点名称
path.data: /opt/elk/data # 自定义数据目录
path.logs: /opt/elk/logs # 自定义logs文件目录
network.host: 0.0.0.0 # 配置那些ip可以访问
http.port: 9200 # 配置端口
discovery.seed_hosts: ["192.168.1.81:9300", "192.168.1.82:9300","192.168.1.83:9300"] # 这是配置集群访问端口的,也可以配置为node-001......之类的只要配置了hosts就行,他会自动拼接ip:9300
cluster.initial_master_nodes: ["node-001", "node-002","node-003"] # 配置节点信息。我上边节点名称用了node-001...这边就配置node-001...
xpack.security.enabled: true # 配置加密
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
在node-001执行创建p12文件和配置密码
cd /opt/elk/elasticsearch-7.14.0/bin/ # 切到工作目录
# cv 回车就行
./elasticsearch-certutil cert -out /opt/elk/elasticsearch-7.14.0/conf/elastic-certificates.p12 -pass ""
把文件拷贝到另外两个节点
scp /opt/elk/elasticsearch-7.14.0/conf/elastic-certificates.p12 root@192.168.1.82:/opt/elk/elasticsearch-7.14.0/conf/elastic-certificates.p12
scp /opt/elk/elasticsearch-7.14.0/conf/elastic-certificates.p12root@192.168.1.83:/opt/elk/elasticsearch-7.14.0/conf/elastic-certificates.p12
##### 重启一下ES服务读一下配置文件,几个节点都要执行
cd /opt/elk/elasticsearch-7.14.0/
ss -tnlp | grep 9200 # 直接查一下pid然后kill掉
kill -9 pid
./bin/elasticsearch -d # 后台运行启动(可以先不加-d前台运行看下有没有问题和报错)
##### 启动好之后创建密码,还是只在一台机器上运行就行,要输入好多次,可以把密码先复制到剪切板然后直接粘贴回车
配置密码
./bin/elasticsearch-setup-passwords interactive
修改Kibana 配置文件
egrep -v "^#|^%" config/kibana.yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.1.81:9200","http://192.168.1.82:9200","http://192.168.1.83:9200"]
elasticsearch.username: "kibana_system" # 使用kibana_system用户
elasticsearch.password: "123qqq...A" # 刚才配置的密码
i18n.locale: "zh-CN"
查看效果
RPM包安装-环境准备:
node-001 192.168.1.12
node-002 192.168.1.13
node-003 192.168.1.14
在每台机器上都拉取rpm包
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.0-x86_64.rpm # ES的,我用的7.14.0版本
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.14.0-x86_64.rpm # Kibana 的,版本要一致,只在node-001上安装
修改一下解析hosts文件,这一步每台机器都要配置
vim /etc/hosts
192.168.1.12 node-001
192.168.1.13 node-002
192.168.1.14 node-003
安装ES集群
安装ES+Kibana
这些步骤处理kibana其他每台机器都要做
mkdir /opt/es && cd /opt/es
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.0-x86_64.rpm # 下载ES rpm包
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.14.0-x86_64.rpm # 下载kibana rpm包,只在node-001上安装
yum -y install localinstall elasticsearch-7.14.0-x86_64.rpm # 安装ES
yum -y install localinstall kibana-7.14.0-x86_64.rpm # 安装Kibana,只在node-001上安装
安装好后看下ES项目目录
安装好后看下ES的项目目录
systemctl cat elasticsearch.service
[Unit]
Description=Elasticsearch # 这行提供了服务的简短描述
Documentation=https://www.elastic.co # 这行提供了服务的文档链接
Wants=network-online.target # 这行表示该服务希望在网络完全启动后启动
After=network-online.target # 这行表示该服务应该在网络完全启动后启动
[Service] # 这部分用于指定服务的启动细节
Type=notify # 这行表示服务会在准备就绪后向systemd发送通知
RuntimeDirectory=elasticsearch # 这行定义了运行时目录的名称
PrivateTmp=true # 这行表示为服务创建一个独立的临时文件夹
Environment=ES_HOME=/usr/share/elasticsearch # 这行定义了环境变量ES_HOME
Environment=ES_PATH_CONF=/etc/elasticsearch # 这行定义了配置文件环境变量ES_PATH_CONF
Environment=PID_DIR=/var/run/elasticsearch # 这行定义了环境变量PID_DIR
Environment=ES_SD_NOTIFY=true # 这行定义了环境变量ES_SD_NOTIFY
EnvironmentFile=-/etc/sysconfig/elasticsearch # 这行定义了环境变量的文件源
WorkingDirectory=/usr/share/elasticsearch # 这行定义了服务的工作目录
User=elasticsearch # 这行定义了运行服务的用户
Group=elasticsearch # 这行定义了运行服务的组
ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet # 这行定义了启动服务的命令
修改ES配置文件
node-001
egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
cluster.name: elk # 集群名称
node.name: node-001 # 实例名称
path.data: /var/lib/elasticsearch # 默认目录
path.logs: /var/log/elasticsearch # 默认目录
network.host: 0.0.0.0 # 可以访问的host
discovery.seed_hosts: ["node-001", "node-002","node-003"] # 几个实例配置几个
cluster.initial_master_nodes: ["node-001", "node-002","node-003"] # 几个实例配置几个
node-002
egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
cluster.name:elk
node.name: node-002
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.seed_hosts: ["node-001", "node-002","node-003"]
cluster.initial_master_nodes: ["node-001", "node-002","node-003"]
node-003
egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
cluster.name: elk
node.name: node-003
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.seed_hosts: ["node-001", "node-002","node-003"]
cluster.initial_master_nodes: ["node-001", "node-002","node-003"]
启动ES集群服务
每台服务器都执行启动
systemctl start elasticsearch.service
测试集群可用性
浏览器执行
http://192.168.1.12:9200/_cat/nodes
192.168.1.13 41 72 0 0.00 0.04 0.07 cdfhilmrstw - node-002 # 可以看到集群效果
192.168.1.14 2 76 0 0.00 0.01 0.05 cdfhilmrstw * node-003 # 带星号的为master
192.168.1.12 40 68 0 0.07 0.06 0.06 cdfhilmrstw - node-001
启动Kibana并加入ES集群
前面执行过则跳过,只需要在一台机器上安装即可
wget https://artifacts.elastic.co/downloads/kibana/kibana-7.14.0-x86_64.rpm
yum -y localinstall kibana-7.14.0-x86_64.rpm
先修改配置文件
egrep -v "^#|^$" /etc/kibana/kibana.yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.1.12:9200","http://192.168.1.13:9200","http://192.168.1.14:9200"]
i18n.locale: "zh-CN"
启动服务
systemctl start kibana.service
访问Kibana并测试
创建一个工作区
因为我测试的时候发现如果不单独创建一个工作区,用默认的,ES集群配置完加密后默认工作区菜单栏里的功能就都没了,暂时没找到解决,所以创建一个单独的工作区也可以正常使用
配置ES集群密码
先修改一下配置文件
node-001
egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
cluster.name: elk # 集群名称
node.name: node-001 # 实例名称
path.data: /var/lib/elasticsearch # 默认目录
path.logs: /var/log/elasticsearch # 默认目录
network.host: 0.0.0.0 # 可以访问的host
discovery.seed_hosts: ["node-001", "node-002","node-003"] # 几个实例配置几个
cluster.initial_master_nodes: ["node-001", "node-002","node-003"] # 几个实例配置几个
xpack.security.enabled: true # 配置加密
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
node-002
egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
cluster.name: elk
node.name: node-002
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.seed_hosts: ["node-001", "node-002","node-003"]
cluster.initial_master_nodes: ["node-001", "node-002","node-003"]
xpack.security.enabled: true # 配置加密
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
node-003
egrep -v "^#|^$" /etc/elasticsearch/elasticsearch.yml
cluster.name: elk
node.name: node-003
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.seed_hosts: ["node-001", "node-002","node-003"]
cluster.initial_master_nodes: ["node-001", "node-002","node-003"]
xpack.security.enabled: true # 配置加密
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
在node-001执行创建p12文件和配置密码
cd /usr/share/elasticsearch/bin/ # 切到工作目录
# cv 回车就行
./elasticsearch-certutil cert -out /etc/elasticsearch/elastic-certificates.p12 -pass ""
# 修改所属主组
chown elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12
把文件拷贝到另外两个节点
scp /etc/elasticsearch/elastic-certificates.p12 root@192.168.1.13:/etc/elasticsearch/elastic-certificates.p12
scp /etc/elasticsearch/elastic-certificates.p12 root@192.168.1.14:/etc/elasticsearch/elastic-certificates.p12
配置密码
./elasticsearch-setup-passwords interactive
修改完重启ES集群
node-001
systemctl restart elasticsearch.service
node-002
systemctl restart elasticsearch.service
node-003
systemctl restart elasticsearch.service
修改Kibana配置文件
egrep -v "^#|^$" /etc/kibana/kibana.yml
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.1.12:9200","http://192.168.1.13:9200","http://192.168.1.14:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "123qqq...A" # 修改为自己的密码
i18n.locale: "zh-CN"
重启kibana服务
systemctl restart kibana.service