1、单节点ElasticSearch安装
1.1 下载安装包
cd /usr/local/src/ && wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.6.1.rpm
1.2 安装ElasticSearch
rpm -ivh elasticsearch-6.6.1.rpm
[root@host108 src]# rpm -ivh elasticsearch-6.6.1.rpm
警告:elasticsearch-6.6.1.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID d88e42b4: NOKEY
准备中... ################################# [100%]
Creating elasticsearch group... OK
Creating elasticsearch user... OK
正在升级/安装...
1:elasticsearch-0:6.6.1-1 ################################# [100%]
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
sudo systemctl start elasticsearch.service
Created elasticsearch keystore in /etc/elasticsearch
[root@host108 src]#
1.3 修改配置文件
cat > /etc/elasticsearch/elasticsearch.yml << EOF
cluster.name: elasticsearch-cluster
node.name: node-107
node.master: true
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: false
network.host: 0.0.0.0
http.port: 9200
EOF
1.4 启动ElasticSearch
systemctl start elasticsearch.service
systemctl enable elasticsearch.service
systemctl status elasticsearch.service
2、ElasticSearch开启用户认证
2.1 启用用户认证
curl -H "Content-Type:application/json" -XPOST http://192.168.0.107:9200/_xpack/license/start_trial?acknowledge=true
2.2 修改配置文件并重启
cat >> /etc/elasticsearch/elasticsearch.yml << EOF
xpack.security.enabled: true
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
EOF
systemctl restart elasticsearch.service
2.3 生成用户名密码
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive # 生成指定的密码 elastic:elastic
systemctl restart elasticsearch.service
3、集群搭建
3.1 修改配置为集群配置
# 在每一台节点上都需要生成, 注意修改node.name
cat > /etc/elasticsearch/elasticsearch.yml << EOF
cluster.name: elasticsearch-cluster
node.name: node-107 # 每个节点的该配置都要不一样
node.master: true
node.data: true
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
bootstrap.memory_lock: false
network.host: 0.0.0.0
http.port: 9200
transport.tcp.port: 9300
discovery.zen.ping.unicast.hosts: ["192.168.0.107", "192.168.0.108", "192.168.0.110"]
discovery.zen.minimum_master_nodes: 2
xpack.security.enabled: true
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
EOF
这里建议优先在已经启用了用户认证的节点上优先启动ElasticSearch,这样该节点会先成为主节点,避免其他节点启动之后,没有设置用户认证导致用户验证配置无法同步。
3.2 依次启动ElasticSearch节点
systemctl restart elasticsearch.service
3.3 查看日志
tail -f /var/log/elasticsearch/elasticsearch-cluster.log
4、安装Kibana
4.1 下载Kibana
cd /usr/local/src/ && wget https://artifacts.elastic.co/downloads/kibana/kibana-6.6.1-x86_64.rpm
4.2 安装Kibana
rpm -ivh kibana-6.6.1-x86_64.rpm
4.3 修改Kibana的配置文件
server.port: "5601"
server.host: "0.0.0.0"
logging.dest: "/var/log/kibana/kibana.log"
elasticsearch.username: "elastic"
elasticsearch.password: "elastic"
elasticsearch.hosts: ["http://192.168.0.107:9200", "http://192.168.0.108:9200", "http://192.168.0.110:9200"]
4.4 创建对应目录并授权
mkdir -pv /var/log/kibana/
chown kibana:kibana -R /var/log/kibana/
4.5 启动Kibana
systemctl start kibana.service
5、注意点
5.1 修改主机最大文件打开数
ElasticSearch启动的时候会检查主机最大文件打开数是否大于等于65535,所以需要提前修改。
# 方法1
vim /etc/security/limits.conf
root soft nofile 65536
root hard nofile 65536
* soft nproc 65536
* hard nproc 65536
* - nofile 65536
# 方法2
vim /etc/security/limits.d/20-nproc.conf
* soft nproc 65536
* hard nproc 65536
# 方法3
echo "ulimit -SHn 65536" >> /etc/profile
source /etc/profile
# 以上三种方法哪种有效使用哪种
# 查看
ulimit -n
5.2 Kibana需要配置IElasticSearch认证
Kibana如果配置了连接到ElasticSearch集群,则必须要配置ElasticSearch集群认证的账户密码才能够正常访问,否则日志会报错。
文章转载自运维小菜鸡,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
