ELK企业应用-elk快速搭建-elasticsearch
1、安装JDK
elasticsearch,logstash的运行需要依赖java环境。
下载并解压jdk二进制包。
tar xf jdk-8u144-linux-x64.tar.gz -C /usr/local
mv /usr/local/jdk1.8.0_144 /usr/local/java
cd ~
配置java环境变量。
在~/.bashrc文件末尾添加如下内容:
export JAVA_HOME=/usr/local/java
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/bin/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
使配置生效。
source ~/.bashrc
2、安装Elasticsearch
2.1.创建用户
elasticsearch不能以root用户启动,故需要创建非root用户来启动elasticsearch。
adduser elasticsearch
2.2.下载elasticsearch安装包
tar xf elasticsearch-6.2.4.tar.gz -C /usr/local
chown -R elasticsearch:elasticsearch /usr/local/elasticsearch-6.2.4
cd /usr/local/elasticsearch-6.2.4
2.3.修改elasticsearch配置文件
配置文件/usr/local/elasticsearch-6.2.4/config/elasticsearch.yml
node-maser配置文件如下:
vim /usr/local/elasticsearch-6.2.4/config/elasticsearch.yml
###########################################
cluster.name: es-cluster
node.name: node-master
path.logs: /var/log/elasticsearch
network.host: 10.0.0.130
http.port: 9200
创建对应的路径,并更改用户属性。
mkdir -p /var/log/elasticsearch
mkdir -p /data/es-data
chown -R elasticsearch:elasticsearch /var/log/elasticsearch
chown -R elasticsearch:elasticsearch /data/es-data
注:集群名称必须相同。
3、启动
3.1.创建启动脚本
vim /usr/local/elasticsearch-6.2.4/elasticsearch
####################################################
#!/bin/sh
# description: elasticsearch
export JAVA_HOME=/usr/local/java
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/bin/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
case "$1" in
start)
su - elasticsearch<<!
cd /usr/local/elasticsearch-6.2.4
./bin/elasticsearch -d
!
echo "elasticsearch startup"
;;
stop)
es_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`
kill -9 $es_pid
echo "elasticsearch stopped"
;;
restart)
es_pid=`ps aux|grep elasticsearch | grep -v 'grep elasticsearch' | awk '{print $2}'`
kill -9 $es_pid
echo "elasticsearch stopped"
su - elasticsearch<<!
cd /usr/local/elasticsearch-6.2.4
./bin/elasticsearch -d
!
echo "elasticsearch startup"
;;
*)
echo "start|stop|restart"
;;
esac
exit $?
添加执行权限。
chmod +x elasticsearch
设置开机启动。
echo "/usr/local/elasticsearch-6.2.4/elasticsearch start" >> /etc/rc.d/rc.local
启动
/usr/local/elasticsearch-6.2.4/elasticsearch start
3.2.遇到的问题
问题一:
如果启动失败是elasticsearch没java环境,就进入elasticsearch用户手动添加
cd
vim .bashrc
#######################################
export JAVA_HOME=/usr/local/java
export JRE_HOME=$JAVA_HOME/jre
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/bin/tools.jar:$JRE_HOME/lib
export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH
source .bashrc
问题二:
启动报“max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]”错误。
在 /etc/security/limits.conf文件末尾添加如下内容:
elasticsearch hard nofile 65536
elasticseatch soft nofile 65536
可通过如下命令检验配置是否生效。
su - elasticsearch
ulimit -Hn
问题三:
启动报“max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]”。
切换至root用户。
在/etc/sysctl.conf文件末尾添加如下内容:
vm.max_map_count=262144
使配置生效。
sysctl -p
问题四:
启动报“max number of threads [3799] for user [elasticsearch] is too low, increase to at least [4096]”
修改vim /etc/security/limits.d/20-nproc.conf配置文件
加上“* hard nproc 4096”即可
4、检验elasticsearch安装
在浏览器执行http://10.16.4.21:9200/_cluster/health?pretty,看到如下内容:
{
"cluster_name" : "es-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 2,
"number_of_data_nodes" : 1,
"active_primary_shards" : 3,
"active_shards" : 3,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
即安装成功!
检查端口
[root@e ~]# netstat -lntup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 936/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1070/master
tcp6 0 0 10.0.0.130:9200 :::* LISTEN 2910/java
tcp6 0 0 10.0.0.130:9300 :::* LISTEN 2910/java
tcp6 0 0 :::22 :::* LISTEN 936/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1070/master