一. 操作系统设置

安装规划：

1.内核参数

echo "vm.max_map_count=262144">>/etc/sysctl.conf
echo "net.core.somaxconn= 1024">>/etc/sysctl.conf
echo "vm.max_map_count=262144">>/etc/sysctl.conf
echo "vm.swappiness=1">>/etc/sysctl.conf
echo "vm.overcommit_memoryecho=1">>/etc/sysctl.conf

--生效命令
sysctl -p

2.关闭透明大页

echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo never > /sys/kernel/mm/transparent_hugepage/defrag

echo "if test -f /sys/kernel/mm/transparent_hugepage/enabled; then
   echo never > /sys/kernel/mm/transparent_hugepage/enabled
fi
if test -f /sys/kernel/mm/transparent_hugepage/defrag; then
   echo never > /sys/kernel/mm/transparent_hugepage/defrag
fi">>/etc/rc.d/rc.local

--使可执行
chmod +x /etc/rc.d/rc.local

3.用户限制

echo "* soft nofile 655360
* hard nofile 655360
* soft nproc 65535
* hard nproc 65535
*               hard    memlock         unlimited
*               soft    memlock         unlimited">> /etc/security/limits.conf

echo "*          soft    nproc     65535
root       soft    nproc     unlimited">>/etc/security/limits.d/20-nproc.conf

4.系统限制设置

echo "DefaultLimitNOFILE=655360
DefaultLimitNPROC=65535
DefaultLimitMEMLOCK=infinity">>/etc/systemd/system.conf

--生效命令
/bin/systemctl daemon-reload

二. es集群安装

Elasticsearch简介

Elasticsearch一款基于Apache Lucene™开源搜索引擎，其核心是迄今为止最先进、性能最好的、功能最全的搜索引擎库Lucene。Elasticsearch使用简单，具有非常强大的全文搜索功能：

分布式的实时文件存储，每个字段都被索引并可被搜索
分布式的实时分析搜索引擎
可以扩展到上百台服务器，处理PB级结构化或非结构化数据

1.安装配置

IP、节点名称需要修改，每个节点都执行

useradd kaiyuanuser
mkdir /data/elasticsearch/{data,logs}
tar -zxvf elasticsearch-8.1.1-linux-x86_64.tar.gz -C  /usr/local/
chown kaiyuanuser.kaiyuanuser -R /data/elasticsearch
chown kaiyuanuser.kaiyuanuser -R /usr/local/elasticsearch-8.1.1
chown kaiyuanuser.kaiyuanuser  elasticsearch-8.1.1-linux-x86_64.tar.gz
su - kaiyuanuser
cd /usr/local/elasticsearch-8.1.1/config
echo "cluster.name: es-test
node.name: node_131
node.roles: [ data, master ]
path.data: /data/elasticsearch/data
path.logs: /data/elasticsearch/logs
network.host: 192.168.100.131
http.port: 9200
transport.port: 9300
discovery.seed_hosts: [192.168.100.131, 192.168.100.135, 192.168.100.138]
cluster.initial_master_nodes: [192.168.100.131, 192.168.100.135, 192.168.100.138]
xpack.security.enabled: false">>elasticsearch.yml

2.生成密码验证文件

只在131上执行

../bin/elasticsearch-certutil ca
../bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

mv  /usr/local/elasticsearch-8.1.1/elastic-certificates.p12  /usr/local/elasticsearch-8.1.1/config
scp /usr/local/elasticsearch-8.1.1/config/elastic-certificates.p12 192.168.100.135: /usr/local/elasticsearch-8.1.1/config
scp /usr/local/elasticsearch-8.1.1/config/elastic-certificates.p12 192.168.100.138: /usr/local/elasticsearch-8.1.1/config

3.加载密钥文件

每个节点都执行

../bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
../bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password 

4.添加加密参数到配置文件

每个节点都执行

echo "xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/elasticsearch-8.1.1/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/local/elasticsearch-8.1.1/config/elastic-certificates.p12">>elasticsearch.yml

5.重启es节点

每个节点都执行

kill -SIGTERM `jps | grep Elasticsearch|cut -d ' ' -f1` 
../bin/elasticsearch -d

6.输入启动密码

只在131上执行

../bin/elasticsearch-setup-passwords interactive #按照提示输入密码

上面步骤中输入的密码，例如是cgm123

7.登录es界面查看

http://192.168.100.131:9200

输入es的用户名和密码
例如：elsatic/cgm123

三. kibana安装

kibana简介

Kibana是一个与Elasticsearch协同工作的开源分析和可视化平台，Kibana 可以让你更方便地对 Elasticsearch 中数据进行操作，包括高级的数据分析以及在图表中可视化您的数据。Kibana 的主版本号和次版本号不要超过 Elasticsearch，最好使用同版本号的 Kibana 与 Elasticsearch。

1.解压安装

只在131上安装

mkdir /data/kibana
tar -zxvf kibana-8.1.1-linux-x86_64.tar.gz -C /usr/local
chown kaiyuanuser.kaiyuanuser -R /data/kibana
chown kaiyuanuser.kaiyuanuser -R /user/local/kibana-8.1.1
su - kaiyuanuser
cd /usr/local/kibana-8.1.1/config
echo "server.port: 5601
server.host: "192.168.100.131"
server.publicBaseUrl: "http://192.168.100.131:5601"
server.name: "kibana-test"
elasticsearch.hosts: ["http://192.168.100.131:9200","http://192.168.100.135:9200","http://192.168.100.138:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "cgm123"
i18n.locale: "zh-CN"
elasticsearch.pingTimeout: 10000
elasticsearch.requestTimeout: 30000
elasticsearch.ssl.certificateAuthorities: [ "/usr/local/elasticsearch-8.1.1/config/elastic-certificates.p12" ]
path.data: /data/kibana
pid.file: /data/kibana/kibana.pid
logging.appenders.default:
  type: file
  fileName: /data/kibana/kibana.log
  layout:
    type: json
xpack.reporting.encryptionKey: "a_random_string"
xpack.security.encryptionKey: "something_at_least_32_characters"
xpack.encryptedSavedObjects.encryptionKey: ae4f1cde5f1d64a63f62baed788fdb28
#monitoring.kibana.collection.enabled: false
monitoring.ui.ccs.enabled: false">>kibana.yml

2.启动kibana

nohup bin/kibana &

3.登录kibana查看

http://192.168.100.131:5601

输入es的用户名和密码
例如：elsatic/cgm123

四. 安装metricbeat

metricbeat简介

轻量型指标采集器。用于从系统和服务收集指标。Metricbeat能够以一种轻量型的方式，输送各种系统和服务统计数据，从CPU到内存，从Redis到Nginx。定期收集操作系统或应用服务的指标数据，存储到Elasticsearch中，进行实时分析。

1.解压安装

每个节点都执行，es的主机IP自行修改

tar -zxvf metricbeat-8.1.1-linux-x86_64.tar.gz -C /usr/local
chown kaiyuanuser.kaiyuanuser -R /usr/local/metricbeat-8.1.1-linux-x86_64
su - kaiyuanuser
cd /usr/local/metricbeat-8.1.1-linux-x86_64

echo "setup.kibana:
  host: "http://192.168.100.131:5601"
  username: "elastic"
  password: "cgm123"
output.elasticsearch:
  hosts: ["http://192.168.100.131:9200"]
  username: "elastic"
  password: "cgm123"">>metricbeat.yml

2.使采集模块生效

每个节点都执行

./metricbeat modules list
#./metricbeat modules enable nginx --额外的采集模块生效
nohup ./metricbeat setup -e &

PS：安装之后书写的，有可能个别地方有些许问题，请在参考安装报错时给与指正，谢谢！