Elk stack安装部署

环境准备

软件版本

软件 版本
jdk >=1.8
elasticsearch 7.5.2
kibana 7.5.2
logstash 7.5.2

安装方式

rpm包安装

安装elasticsearch

修改系统默认nofile, memlock以及nproc

echo -e "* soft nofile 65535\n* hard nofile 65535\nelasticsearch soft memlock unlimited\nelasticsearch hard memlock unlimited\nelasticsearch soft nproc 4096\nelasticsearch hard nproc 4096" >> /etc/security/limits.conf

安装elasticsearch

rpm -ivh elasticsearch-7.5.2-x86_64.rpm

系统版本不同执行命令之后可能会出现如下报错, 可以忽略

以下命令所有节点都要执行

mkdir /etc/elasticsearch/certs
chown -R elasticsearch:elasticsearch /etc/elasticsearch/
echo "JAVA_HOME=/usr/share/elasticsearch/jdk" >> /etc/sysconfig/elasticsearch
export JAVA_HOME=/usr/share/elasticsearch/jdk

以下命令只在其中一个节点执行

cd /usr/share/elasticsearch/
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12  #一直回车, 不需要输入任何信息
cp elastic-certificates.p12 /etc/elasticsearch/certs
chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
chmod 777 /etc/elasticsearch/certs/elastic-certificates.p12

​ 要把该节点证书/etc/elasticsearch/certs/elastic-certificates.p12拷贝到其他节点的/etc/elasticsearch/certs目录下, 并在其余节点执行以下命令

chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
chmod 777 /etc/elasticsearch/certs/elastic-certificates.p12

以下命令所有节点都要执行

cd /etc/elasticsearch/
cp elasticsearch.yml elasticsearch.yml.bak
mkdir -pv /data1/elasticsearch
mkdir -pv /data1/log/elasticsearch
chown -R elasticsearch:elasticsearch /data1/elasticsearch
chown -R elasticsearch:elasticsearch /data1/log/

生成配置文件, 所有节点都要执行

cat << EOF > /etc/elasticsearch/elasticsearch.yml
cluster.name: hrbbank_es_cluster
node.name: es-node01                 #每个节点的名字不能重复
node.master: true
node.data: true
path.data: /data1/elasticsearch
path.logs: /data1/log/elasticsearch
bootstrap.memory_lock: true
bootstrap.system_call_filter: false
network.host: 35.14.8.21                #改成本机IP
http.port: 9200
transport.tcp.port: 9300
transport.tcp.compress: true
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["35.14.8.21", "35.14.8.22", "35.14.8.23"]
discovery.zen.minimum_master_nodes: 2
cluster.initial_master_nodes: ["es-node01", "es-node02","es-node03"]
node.attr.rack_id: rack_one
cluster.routing.allocation.awareness.attributes: rack_id

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic-certificates.p12
EOF

安装ik中文分词器, 所有节点都要执行

unzip -d /usr/share/elasticsearch/plugins/ik elasticsearch-analysis-ik-7.5.2.zip

启动服务

/etc/init.d/elasticsearch start  #centos6
systemctl start elasticsearch    #centos7
netstat -lntp|grep 9200     #启动命令执行完后, 等待一分钟查看9200端口是否启动

设置访问密码命令, 其中一台节点执行即可

export JAVA_HOME=/usr/share/elasticsearch/jdk
cd /usr/share/elasticsearch/
bin/elasticsearch-setup-passwords interactive
#其中注意elastic用户的密码是前端kibana登录时需要用到的密码

验证elasticsearch集群搭建成功

[root@elasticsearch_68 ~]# curl -u elastic:123456 -XGET http://192.168.68.3:9200/_cat/nodes?pretty
192.168.69.3 40 95  6 0.02 0.19 0.73 dilm * es-node02
192.168.68.3 61 98 30 0.00 0.04 0.11 dilm - es-node01
192.168.70.3 39 95 26 0.77 0.68 0.44 dilm - es-node03

安装kibana

简单粗暴, 没什么好说的

rpm -ivh kibana-7.5.2-x86_64.rpm
cd /etc/kibana/
mv kibana.yml kibana.yml.bak

cat << EOF > kibana.yml
server.port: 5601
server.host: "35.14.8.21"
server.name: "hrbbank-kibana"
elasticsearch.hosts: ["http://35.14.8.21:9200", "http://35.14.8.22:9200", "http://35.14.8.23:9200"]
elasticsearch.username: "elastic"
elasticsearch.password: "hrbbank"
i18n.locale: "zh-CN"
EOF

#启动服务
/etc/init.d/kibana start  #centos6
systemctl start kibana    #centos7

安装logstash

修改系统默认nofile, memlock以及nproc

echo -e "* soft nofile 65535\n* hard nofile 65535\nelasticsearch soft memlock unlimited\nelasticsearch hard memlock unlimited\nelasticsearch soft nproc 4096\nelasticsearch hard nproc 4096" >> /etc/security/limits.conf

初始化logstash环境

cat << EOF > /etc/default/logstash
LS_HOME="/usr/share/logstash"
LS_SETTINGS_DIR="/etc/logstash"
LS_PIDFILE="/var/run/logstash.pid"
LS_USER="logstash"
LS_GROUP="logstash"
LS_GC_LOG_FILE="/var/log/logstash/gc.log"
LS_OPEN_FILES="16384"
LS_NICE="19"
SERVICE_NAME="logstash"
SERVICE_DESCRIPTION="logstash"
EOF

安装logstash

export JAVA_HOME=/usr/share/jdk #根据自己环境的jdk路径设置JAVA_HOME, 最好写到/etc/profile文件中
rpm -ivh logstash-7.5.2.rpm

修改/etc/logstash/jvm.options

-Xms8g
-Xmx8g

启动logstash

#centos6没有logstash启动脚本, 直接用命令启动
nohup /usr/share/logstash/bin/logstash "--path.settings" "/etc/logstash" &

#centos7可以直接使用systemctl启动
systemctl start logstash

配置文件存放在/etc/logstash/conf.d/

posted @ 2020-12-18 11:18  培天王  阅读(212)  评论(0编辑  收藏  举报