Elasticsearch+Kibana集群部署(3节点)
l
i
n
d
o
r
−
−
良民笔记
lindor--良民笔记
lindor−−良民笔记
文章目录
前言
仅作为笔记并记录elk搭建过程和搭建中遇到的问题,转载请注明出处,目前该章节只讲述了 elasticsearch+Kibana 的安装过程,以及安装中的一些简单报错;适合有适当基础的同学,理论表的比较少。
项目地址:
elastic官网地址:https://www.elastic.co/cn/
elastic产品地址:https://www.elastic.co/cn/elastic-stack
清华大学yum源地址:https://mirrors.tuna.tsinghua.edu.cn/elasticstack/
准备工具:
-
ELK版本:elasticsearch-7.7.1-x86_64.rpm
-
Filebeat版本:filebeat-7.7.1-x86_64.rpm
-
Kibana版本:kibana-7.7.1-x86_64.rpm
-
JDK版本:java-1.8.0-openjdk
-
Logstash版本:logstash-8.5.0-linux-x86_64.rpm
节点分布:
| IP | 节点类型 | 部署应用 |
|---|---|---|
| 10.0.0.1 | es-master | elasticsearch,kibana,filebeat,logstash |
| 10.0.0.2 | es-nodes1 | elasticsearch |
| 10.0.0.3 | es-nodes2 | elasticsearch |
一、Elasticsearch部署
-
只展示单台ES节点 ,其他ES节点步骤一致
-
安装JDK
1.安装 [root@localhost ~]# yum -y install java-1.8.0-openjdk 2.验证 root@localhost ~]# java -version openjdk version "1.8.0_352" OpenJDK Runtime Environment (build 1.8.0_352-b08) OpenJDK 64-Bit Server VM (build 25.352-b08, mixed mode) > yum安装的jdk 不用配置环境变量。手动下载linux的包需要配置环境变量 -
安装Elasticsearch
我这里提前上传到了/root/ 目录下,直接本地安装即可。下载可参考项目地址[^1]
1.安装 创建elk用户并授权elk文件夹权限 [root@localhost ~]# ls elasticsearch-7.7.1-x86_64.rpm [root@localhost ~]# adduser elasticsearch #创建elasticsearch用户 [root@localhost ~]# yum -y localinstall elasticsearch-7.7.1-x86_64.rpm #安装elasticsearch [root@localhost ~]# chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/ #授权所有权给elasticsearch用户 [root@localhost ~]# mkdir -p /home/elasticsearch/{data,logs} #创建data/log文件夹 [root@localhost ~]# chown -R elasticsearch:elasticsearch /home/elasticsearch #授权文件夹所属用户为elasticsearch [root@localhost ~]# su elasticsearch #切换elasticsearch用户 [root@localhost ~]# /usr/share/elasticsearch/bin/elasticsearch #前台启动查看是否报错 2.elasticsearch安装路径 [root@localhost ~]# whereis elasticsearch elasticsearch: /etc/elasticsearch /usr/share/elasticsearch 配置文件路径:/etc/elasticsearch 安装程序路径:/usr/share/elasticsearch
-
Elasticsearch 系统优化
优化默认软限制或硬限制 参考:https://access.redhat.com/solutions/406663
在/etc/security/limits.d/20-nproc.conf 下添加如下配置 优化配置: [root@localhost limits.d]# vim /etc/security/limits.d/20-nproc.conf elasticsearch soft nofile 65535 #elasticsearch 代表你创建的es用户我这里是elasticsearch elasticsearch hard nofile 65535 elasticsearch soft nproc 4096 elasticsearch hard nproc 4096 elasticsearch soft memlock unlimited elasticsearch hard memlock unlimited -
Elasticsearch节点配置
一共3个节点 分别是 master、node1、node2,我这里用IP命名
主要配置文件在:/etc/elasticsearch/elasticsearch.yml
master
[root@localhost ~]# grep -Ev "^$|^[#;]" /etc/elasticsearch/elasticsearch.yml path.data: /var/log/elasticsearch/data path.logs: /var/log/elasticsearch/logs cluster.name: els node.name: 10.0.0.1 network.host: 10.0.0.1 node.master: true #抢占master http.port: 9200 http.cors.enabled: true http.cors.allow-origin: '*' discovery.seed_hosts: ['10.0.0.1', '10.0.0.2','10.0.0.3'] cluster.initial_master_nodes: ['10.0.0.1', '10.0.0.2','10.0.0.3'] discovery.zen.minimum_master_nodes: 3 indices.memory.index_buffer_size: 20% indices.query.bool.max_clause_count: 100000000 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.client_authentication: required xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12 #证书配置 xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12 #证书配置node1
[root@localhost ~]# grep -Ev "^$|^[#;]" /etc/elasticsearch/elasticsearch.yml path.data: /var/log/elasticsearch/data path.logs: /var/log/elasticsearch/logs cluster.name: els node.name: 192.168.169.40 network.host: 192.168.169.40 node.master: true #抢占master http.port: 9200 http.cors.enabled: true http.cors.allow-origin: '*' discovery.seed_hosts: ['10.0.0.1', '10.0.0.2','10.0.0.3'] cluster.initial_master_nodes: ['10.0.0.1', '10.0.0.2','10.0.0.3'] discovery.zen.minimum_master_nodes: 3 indices.memory.index_buffer_size: 20% indices.query.bool.max_clause_count: 100000000 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.client_authentication: required xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12 #证书配置 xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12 #证书配置node2
[root@localhost ~]# grep -Ev "^$|^[#;]" /etc/elasticsearch/elasticsearch.yml path.data: /var/log/elasticsearch/data path.logs: /var/log/elasticsearch/logs cluster.name: els node.name: 10.0.0.3 network.host: 10.0.0.3 node.master: true #抢占master http.port: 9200 http.cors.enabled: true http.cors.allow-origin: '*' discovery.seed_hosts: ['10.0.0.1', '10.0.0.2','10.0.0.3'] cluster.initial_master_nodes: ['10.0.0.1', '10.0.0.2','10.0.0.3'] discovery.zen.minimum_master_nodes: 3 indices.memory.index_buffer_size: 20% indices.query.bool.max_clause_count: 100000000 xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.client_authentication: required xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12 #证书配置 xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12 #证书配置注:在没做好基础配置前,安装好后先切换到ES用户前台启动一次,看看是否报错。然后在做好基础配置后,一定要切换到ES用户,前台启动看看是否报错等,在接着往下
Elasticsearch 设置证书和密钥
在/etc/elasticsearch/elasticsearch.yml下 添加如下配置
xpack.security.enabled: true xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12 #证书配置 xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12 #证书配置生成如下证书,并赋予证书权限,有疑问请跳转到报错篇
#生成证书和证书密钥,证书生成后默认路径在/usr/share/elasticsearch/下 [root@localhost ~]# sh /usr/share/elasticsearch/bin/elasticsearch-certutil ca #生成证书,直接全部回车到最后 [root@localhost ~]# sh /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 #生成证书对应的密钥,在将密钥分发到/etc/elasticsearch/ [root@localhost ~]# ls /usr/share/elasticsearch/ bin elastic-certificates.p12 elastic-stack-ca.p12 jdk lib LICENSE.txt modules NOTICE.txt plugins README.asciidoc #拷贝证书到/etc/elasticsearch/下,和配置文件对应,并授权 [root@localhost ~]# cp /usr/share/elasticsearch/elastic-certificates.p12 /etc/elasticsearch/ [root@localhost ~]# chomd 777 /etc/elasticsearch/elastic-certificates.p12 [root@localhost ~]# chown -R elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12 [root@localhost ~]# ls /etc/elasticsearch/ elastic-certificates.p12 elasticsearch.yml jvm.options.d role_mapping.yml users elasticsearch.keystore jvm.options log4j2.properties roles.yml users_roles注:设置证书在集群没起来的时候就可以配置,配置完证书后**把密钥证书 elastic-certificates.p12 **分发证书到各个节点的/etc/elasticsearch/下,路径可自定义。
Elasticsearch 生成密码
常见的生成密码有两种,我只展示第一种;
Plan A:随机生成所有密码
Plan B:自定义生成密码
随机生成密码如下:
命令: sh /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto 演示: [root@localhost bin]# sh /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. The passwords will be randomly generated and printed to the console. Please confirm that you would like to continue [y/N] y Changed password for user apm_system PASSWORD apm_system = sMZg4sW5bBbfL1fRjDPP Changed password for user kibana PASSWORD kibana = qZjB60sGzxfBcPrTxdQT Changed password for user logstash_system PASSWORD logstash_system = raxBaIRutgxxwRqe63c1 Changed password for user beats_system PASSWORD beats_system = 86NyKgnMkaDrb9gBSyr4 Changed password for user remote_monitoring_user PASSWORD remote_monitoring_user = sSQycnFqnTeEuxBZN7HS Changed password for user elastic PASSWORD elastic = Y3NpRblUxipGz9YCN6gg [root@localhost bin]#注:生成密钥后需要做好保存,在集群没起来前,生成密钥时会报错。集群起来后在master节点生成密码即可;
-
Elasticsearch验证
通过curl的方式,查看每个节点的状态是否正常和集群是否正常
http://10.0.0.1:9200{ "name" : "10.0.0.1", "cluster_name" : "els", "cluster_uuid" : "rCoR2r6oTzmcozBuUImupA", "version" : { "number" : "7.7.1", "build_flavor" : "default", "build_type" : "rpm", "build_hash" : "ad56dce891c901a492bb1ee393f12dfff473a423", "build_date" : "2020-05-28T16:30:01.040088Z", "build_snapshot" : false, "lucene_version" : "8.5.1", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }http://10.0.0.2:9200
{ "name" : "10.0.0.2", "cluster_name" : "els", "cluster_uuid" : "rCoR2r6oTzmcozBuUImupA", "version" : { "number" : "7.7.1", "build_flavor" : "default", "build_type" : "rpm", "build_hash" : "ad56dce891c901a492bb1ee393f12dfff473a423", "build_date" : "2020-05-28T16:30:01.040088Z", "build_snapshot" : false, "lucene_version" : "8.5.1", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }http://10.0.0.3:9200
{ "name" : "10.0.0.3", "cluster_name" : "els", "cluster_uuid" : "rCoR2r6oTzmcozBuUImupA", "version" : { "number" : "7.7.1", "build_flavor" : "default", "build_type" : "rpm", "build_hash" : "ad56dce891c901a492bb1ee393f12dfff473a423", "build_date" : "2020-05-28T16:30:01.040088Z", "build_snapshot" : false, "lucene_version" : "8.5.1", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }基本正常,接下来查看集群状态
http://10.0.0.1:9200/_cluster/health?pretty{ "cluster_name" : "els", #集群名称 "status" : "green", #集群状态,green表示所有主分片和副本分片%100可用(属于正常) "timed_out" : false, #超时 "number_of_nodes" : 3, #集群节点3个 "number_of_data_nodes" : 3, "active_primary_shards" : 70, "active_shards" : 140, "relocating_shards" : 2, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 100.0 }检查端口是否正常
[root@localhost ~]# netstat -anpt [root@localhost ~]# lsof -i:9200测试各个节点正常,集群正常,端口正常,自此es集群部署完毕
-
Elasticsearch报错
-
配置好证书后,切换elasticsearch用户启动ES时,收到如下报错
[ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [192.168.169.12] uncaught exception in thread [main] org.elasticsearch.bootstrap.StartupException: ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager - not permitted to read truststore file [/etc/elasticsearch/elastic-certificates.p12]]; nested: AccessDeniedException[/etc/elasticsearch/elastic-certificates.p12]; #报错原因:无法加载/etc/elasticsearch/elastic-certificates.p12证书 #因为是直接生成的证书,未改动权限,直接copy到/etc/elasticsearch目录下,查看了下权限,无法执行,不属于elasticsearch用户。 #解决办法:授权给elasticsearch用户,加权到777在更改。 chomd 777 /etc/elasticsearch/elastic-certificates.p12 chown -R elasticsearch:elasticsearch /etc/elasticsearch/elastic-certificates.p12 #再启动时问题解决
二、kibana部署
-
kibana安装
依旧是提前下载好了并上传到了10.0.0.1的/root/下
[root@localhost ~]# ls kibana-7.7.1-x86_64.rpm #直接本地安装 [root@localhost ~]# yum -y localinstall kibana-7.7.1-x86_64.rpm #文件路径 [root@localhost ~]# whereis kibana kibana: /etc/kibana /usr/share/kibana #配置文件路径:/etc/kibana #安装程序路径:/usr/share/kibana -
kibana配置
配置文件是 /etc/kibana/kibana.yml 直接编辑找到相关配置更改即可,参考如下
[root@localhost kibana]# grep -Ev "^$|^[#;]" /etc/kibana/kibana.yml server.port: 5601 server.host: "0.0.0.0" server.maxPayloadBytes: 10485760 elasticsearch.hosts: ["http://192.168.169.41:9200","http://192.168.169.40:9200","http://192.168.169.39:9200"] #kibana.index: ".kibana" //参考kibana报错,可解决 elasticsearch.username: "elastic" elasticsearch.password: "Y3NpRblUxipGz9YCN6gg" i18n.locale: "zh-CN" #编码改为中国 -
启动kibana,进入web界面
启动命令如下;比较粗暴直接在root下启动 [root@localhost ~]# sh /usr/share/kibana/bin/kibana --allow-root 没有报错,直接系统启动 [root@localhost ~]# systemctl start kibana
自此kibana安装完毕,安装完毕还没有数据,需要配合filebeat、logstash或者auditbeat,推送日志数据到es中,然后建立索引,并配合面板进行展示即可
-
kibana报错
基础配置做好时启动报如下错误
[root@localhost ~]# sh /usr/share/kibana/bin/kibana --allow-root log [07:47:48.360] [warning][plugins-discovery] Expect plugin "id" in camelCase, but found: apm_oss log [07:47:48.368] [warning][plugins-discovery] Expect plugin "id" in camelCase, but found: file_upload log [07:47:48.369] [warning][plugins-discovery] Expect plugin "id" in camelCase, but found: triggers_actions_ui log [07:47:53.145] [warning][config][deprecation] Setting [elasticsearch.username] to "elastic" is deprecated. You should use the "kibana" user instead. log [07:47:53.145] [warning][config][deprecation] Setting [monitoring.username] to "elastic" is deprecated. You should use the "kibana" user instead. log [07:47:53.148] [fatal][root] { Error: Unknown configuration key(s): "index". Check for spelling errors and ensure that expected plugins are installed. at ensureValidConfiguration (/usr/share/kibana/src/core/server/legacy/config/ensure_valid_configuration.js:46:11) code: 'InvalidConfig', processExitCode: 64, cause: undefined } FATAL Error: Unknown configuration key(s): "index". Check for spelling errors and ensure that expected plugins are installed. 报错原因:Unknown configuration key(s): "index",是因为此项配置错误导致,官网8.0版本的kibana中 已经没有使用该配置,所以删除该配置即可。 参考:https://discuss.elastic.co/t/kibana-8-0-0-unknown-configuration-key-s-kibana-index/299228/1
953
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
