CentOS7.9.2009搭建elasticsearch7.11.1分布式集群

1.elasticsearch7.11.1分布式集群规划表

OS Version	ES Version	IP/Http Port	Node Name	Role
CentOS Linux release 7.9.2009 (Core)	7.11.1	192.168.10.243/9201	node_1	node.master: true node.data: true
CentOS Linux release 7.9.2009 (Core)	7.11.1	192.168.10.243/9202	node_2	node.master: true node.data: true
CentOS Linux release 7.9.2009 (Core)	7.11.1	192.168.10.243/9203	node_3	node.master: true node.data: true
CentOS Linux release 7.9.2009 (Core)	7.11.1	192.168.10.243/9204	node_4	node.master: false node.data: true

2.关闭防火墙与selinux

具体参考：

Linux常规基础配置_linux基础配置-CSDN博客

3.安装jdk

具体参考：

https://blog.csdn.net/z19861216/article/details/136479909

如果没有设置 $JAVA_HOME环境变量，可以使用elasticsearch介质中自带的jdk；不过建议安装单独的jdk

4.elasticsearch安装用户创建及系统参数优化

以root用户登录服务器

1).创建elasticsearch安装用户

命令：

groupadd elk

useradd elk -g elk

id elk

[root@elasticsearch ~]# groupadd elk
[root@elasticsearch ~]# 
[root@elasticsearch ~]# useradd elk -g elk
[root@elasticsearch ~]# 
[root@elasticsearch ~]# id elk
uid=1000(elk) gid=1000(elk) groups=1000(elk)
[root@elasticsearch ~]# 

2).ulimit参数调优

vim /etc/security/limits.conf

*	soft	nofile	65535
*	hard	nofile	65535
*	soft	noproc	65535
*	hard	noproc	65535
*	soft	stack	65535
*	hard	stack	65535
elk	hard	memlock unlimited
elk	soft	memlock	unlimited

退出登录生效。

3).vm参数优化

vim /etc/sysctl.conf

vm.max_map_count=655360
vm.swappiness=1

执行sysctl -p生效

5.elasticsearch7.11.1下载

地址：

Past Releases of Elastic Stack Software | Elastic

-->以root用户登录，上传elasticsearch7.11.1版本至CentOS7.9.2009并解压

命令：

tar -zxvf elasticsearch-7.11.1-linux-x86_64.tar.gz -C /usr/local/

-->复制elasticsearch-7.11.1并授权

命令：

cd /usr/local

cp -rp elasticsearch-7.11.1 elasticsearch1

cp -rp elasticsearch-7.11.1 elasticsearch2

cp -rp elasticsearch-7.11.1 elasticsearch3

cp -rp elasticsearch-7.11.1 elasticsearch4

chown -R elk:elk elasticsearch1

chown -R elk:elk elasticsearch2

chown -R elk:elk elasticsearch3

chown -R elk:elk elasticsearch4

ls -ld elasticsearch*

[root@elasticsearch local]# ls -ld elasticsearch*
drwxr-xr-x 10 elk elk 167 Oct 25 09:39 elasticsearch1
drwxr-xr-x 10 elk elk 167 Oct 25 09:39 elasticsearch2
drwxr-xr-x 10 elk elk 167 Oct 25 09:39 elasticsearch3
drwxr-xr-x 10 elk elk 167 Oct 25 09:39 elasticsearch4
drwxr-xr-x 10 elk elk 167 Oct 25 09:39 elasticsearch-7.11.1
[root@elasticsearch local]# 

6.配置elasticsearch分布式集群

1).参数释义

参数	说明
cluster.name	集群名称，相同名称为一个集群
node.name	节点名称，es默认会随机指定一个名字，用户也可自行配置。集群模式下每个节点名称唯一
node.master	当前节点是否可以被选举为master节点，是：true；否：false
node.data	当前节点是否用于存储数据，是：true；否：false
node.max_local_storage_nodes	最大集群节点数
path.data	索引数据存放的位置
path.logs	日志文件存放的位置
path.conf	设置配置文件的存储路径，tar或zip包安装默认在es根目录下的config目录，rpm包安装默认在/etc/elasticsearch目录
path.plugins	设置插件的存放路径，默认是es根目录下的plugins目录
bootstrap.memory_lock	是否锁住物理内存，避免内存进行swap，是：true；否：false
bootstrap.system_call_filter	SecComp检测，是：true；否：false
network.host	监听地址，用于访问该es
network.publish_host	集群内各节点之间通信地址
http.port	es对外提供的http端口，默认：9200
transport.port	集群内部节点之间通信端口，默认：9300
discovery.seed_hosts	es7.x 之后新增的配置，写入候选主节点的设备地址，在开启服务后可以被选为主节点
cluster.initial_master_nodes	es7.x 之后新增的配置，初始化一个新的集群时需要此配置来选举master
http.cors.enabled	是否支持跨域，是：true，在使用head插件时需要此配置
http.cors.allow-origin	表示支持所有域名
http.cors.allow-headers	所支持的请求头
http.cors.allow-credentials	是否支持认证，是：true
discovery.zen.minimum_master_nodes	最少要有N个节点才能选举出主节点
discovery.zen.ping.timeout	设置es自动发现节点连接超时的时间，默认为3s
action.destructive_requires_name	删除索引时是否必须要实际索引名
gateway.recover_after_nodes	至少恢复N个节点及以上，集群节点才可以被访问

2).elasticsearch集群配置

vim /usr/local/elasticsearch1/config/elasticsearch.yml

vim /usr/local/elasticsearch2/config/elasticsearch.yml

vim /usr/local/elasticsearch3/config/elasticsearch.yml

vim /usr/local/elasticsearch4/config/elasticsearch.yml

node1

cluster.name: my_es
node.name: node_1
node.master: true
node.data: true
node.max_local_storage_nodes: 3
transport.port: 9301
path.data: /usr/local/elasticsearch1/data
path.logs: /usr/local/elasticsearch1/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0 
http.port: 9201
discovery.seed_hosts: ["192.168.10.243:9301", "192.168.10.243:9302", "192.168.10.243:9303"]
cluster.initial_master_nodes: ["node_1", "node_2", "node_3"]
bootstrap.system_call_filter: false
http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization
http.cors.allow-credentials: true

node2

cluster.name: my_es
node.name: node_2
node.master: true
node.data: true
node.max_local_storage_nodes: 3
transport.port: 9302
path.data: /usr/local/elasticsearch2/data
path.logs: /usr/local/elasticsearch2/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0 
http.port: 9202
discovery.seed_hosts: ["192.168.10.243:9301", "192.168.10.243:9302", "192.168.10.243:9303"]
cluster.initial_master_nodes: ["node_1", "node_2", "node_3"]
bootstrap.system_call_filter: false
http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization
http.cors.allow-credentials: true

node3

cluster.name: my_es
node.name: node_3 
node.master: true
node.data: true
node.max_local_storage_nodes: 3
transport.port: 9303
path.data: /usr/local/elasticsearch3/data
path.logs: /usr/local/elasticsearch3/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0 
http.port: 9203
discovery.seed_hosts: ["192.168.10.243:9301", "192.168.10.243:9302", "192.168.10.243:9303"]
cluster.initial_master_nodes: ["node_1", "node_2", "node_3"]
bootstrap.system_call_filter: false
http.cors.allow-origin: "*"
http.cors.enabled: true
http.cors.allow-headers: X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization
http.cors.allow-credentials: true

node4

cluster.name: my_es
node.name: node_4 
node.master: false
node.data: true
transport.port: 9304
path.data: /usr/local/elasticsearch4/data
path.logs: /usr/local/elasticsearch4/logs
bootstrap.memory_lock: true
network.host: 0.0.0.0 
http.port: 9204
discovery.seed_hosts: ["192.168.10.243:9301", "192.168.10.243:9302", "192.168.10.243:9303"]
bootstrap.system_call_filter: false

3).elasticsearch实例启动

su - elk

whoami

/usr/local/elasticsearch1/bin/elasticsearch -d -p /tmp/elasticsearch1.pid

/usr/local/elasticsearch2/bin/elasticsearch -d -p /tmp/elasticsearch2.pid

/usr/local/elasticsearch3/bin/elasticsearch -d -p /tmp/elasticsearch3.pid

/usr/local/elasticsearch4/bin/elasticsearch -d -p /tmp/elasticsearch4.pid

[elk@elasticsearch ~]$ whoami
elk
[elk@elasticsearch ~]$ 
[elk@elasticsearch ~]$ /usr/local/elasticsearch1/bin/elasticsearch -d -p /tmp/elasticsearch1.pid
Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[elk@elasticsearch ~]$ 
[elk@elasticsearch ~]$ /usr/local/elasticsearch2/bin/elasticsearch -d -p /tmp/elasticsearch2.pid
Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[elk@elasticsearch ~]$ 
[elk@elasticsearch ~]$ /usr/local/elasticsearch3/bin/elasticsearch -d -p /tmp/elasticsearch3.pid
[elk@elasticsearch ~]$ Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.

[elk@elasticsearch ~]$ /usr/local/elasticsearch4/bin/elasticsearch -d -p /tmp/elasticsearch4.pid
Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[elk@elasticsearch ~]$ 

以下告警无需关注

Java HotSpot(TM) 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.

4).进程、日志、端口验证

进程验证

[elk@elasticsearch ~]$ p