ELK-Elasticsearch 安裝啓動

系統版本：Centos7

Elasticsearch：5.3.1

 

1：關閉SELinux

[root@es local]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

2：關閉防火牆

[root@es local]# systemctl stop firewalld
[root@es local]# systemctl disable firewalld

3：安裝EPEL源

[root@es local]# yum -y install epel-release
[root@es local]# yum clean all
[root@es local]# yum makecache

4：安裝系統工具

[root@es local]# yum -y install vim wget telnet

5：安裝OpenJDK

[root@es local]# yum -y install java-1.8.0-openjdk*
[root@es local]# java -version

openjdk version "1.8.0_201"
OpenJDK Runtime Environment (build 1.8.0_201-b09)
OpenJDK 64-Bit Server VM (build 25.201-b09, mixed mode)

6：安裝ElasticSearch

[root@es local]# wget -P/usr/local/src/ -c https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.3.1.tar.gz
[root@es local]# tar -xzvf /usr/local/src/elasticsearch-5.3.1.tar.gz -C /usr/local/src/
[root@es local]# mkdir -p /usr/local/elk/elasticsearch
[root@es local]# mv /usr/local/src/elasticsearch-5.3.1 /usr/local/elk/elasticsearch
[root@es local]# mkdir -p /usr/local/elk/elasticsearch/data/elasticsearch
[root@es local]# mkdir -p /usr/local/elk/elasticsearch/data/logs
[root@es local]# mkdir -p /usr/local/elk/elasticsearch/data/backup

　　釋義：

　　6.1：下載壓縮包到"/usr/local/src/"

　　6.2：解壓到"/usr/local/src/"

　　6.3：建立目錄"/usr/local/elk/elasticsearch"

　　6.4：遷移目錄"/usr/local/src/elasticsearch-5.3.1"到目錄"/usr/local/elk/elasticsearch"下

　　6.5-6.7：建立目錄，用於後續保存數據、日誌、備份

7：添加elk帳戶

[root@es local]# groupadd elk
[root@es local]# useradd -g elk elk
[root@es local]# chown -R elk.elk /usr/local/elk/elasticsearch

　　釋義：

　　7.1：建立用戶組

　　7.2：用戶組增長用戶

　　7.3：路徑受權

8：編輯ElasticSearch配置文件

[root@es local]# vim /usr/local/elk/elasticsearch/elasticsearch-5.3.1/config/elasticsearch.yml

打開文件，按「Insert」使文件處於編輯狀態

編輯內部數據以下：

# ---------------------------------- Cluster -----------------------------------
#配置es的集羣名稱，默認是elasticsearch，es會自動發如今同一網段下的es，若是在同一網段下有多個集羣，就能夠用這個屬性來區分不一樣的集羣
  cluster.name: elk-cluster
# ------------------------------------ Node ------------------------------------
#節點名，默認隨機指定一個name列表中名字，該列表在es的jar包中config文件夾裏name.txt文件中，其中有不少做者添加的有趣名字
  node.name: elk01
# ----------------------------------- Paths ------------------------------------
# 設置索引數據的存儲路徑，上面代碼建立的目錄，若是目錄不存在，啓動會報錯，提示目錄不存在，默認是es根目錄下的data文件夾，能夠設置多個存儲路徑，用逗號隔開，例：path.data: /path/to/data1,/path/to/data2
  path.data: /usr/local/elk/elasticsearch/data/elasticsearch
# 設置日誌文件的存儲路徑，默認是es根目錄下的logs文件夾
  path.logs: /usr/local/elk/elasticsearch/data/logs
# 備份目錄
  path.repo: /usr/local/elk/elasticsearch/data/backup
# ----------------------------------- Memory -----------------------------------
#因爲當jvm開始swapping時es的效率會下降，因此要保證它不swap，這對節點健康極其重要。實現這一目標的一種方法是將 bootstrap.memory_lock 設置爲true
#關於其餘相關配置參考：https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall
 bootstrap.memory_lock: false bootstrap.system_call_filter: false
# ---------------------------------- Network -----------------------------------
# 設置綁定的ip地址，能夠是ipv4或ipv6的，默認爲0.0.0.0
 network.host: 0.0.0.0
# 設置對外服務的http端口，默認爲9200
  http.port: 9250
# 設置節點間交互的tcp端口，默認是9300
  transport.tcp.port: 9350
# --------------------------------- Discovery ----------------------------------
# 設置集羣中master節點的初始列表，能夠經過這些節點來自動發現新加入集羣的節點
#discovery.zen.ping.unicast.hosts: ["172.16.1.141", "172.16.1.142", "172.16.1.143"]
# ---------------------------------- Various -----------------------------------
#是否elasticsearch能夠根據磁盤使用狀況來決定是否繼續分配shard
  cluster.routing.allocation.disk.threshold_enabled: true cluster.routing.allocation.disk.watermark.low: 15gb cluster.routing.allocation.disk.watermark.high: 10gb

 

編輯完成後，按「Esc」退出編輯模式，輸入「:wq!」保存修改，保存後，能夠用以下命令查看修改後的結果，按「q」退出查看。

[root@es elasticsearch-5.3.1]# less  /usr/local/elk/elasticsearch/elasticsearch-5.3.1/config/elasticsearch.yml

 9：啓動ES

[root@es elasticsearch-5.3.1]# su - elk --command="/usr/local/elk/elasticsearch/elasticsearch-5.3.1/bin/elasticsearch -d"


OpenJDK 64-Bit Server VM warning: If the number of processors is expected to increase from one, then you should configure the number of parallel GC threads appropriately using -XX:ParallelGCThreads=N
[root@es elasticsearch-5.3.1]# OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x0000000085330000, 2060255232, 0) failed; error='Cannot allocate memory' (errno=12)
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 2060255232 bytes for committing reserved memory.
# An error report file with more information is saved as:
# /home/elk/hs_err_pid12704.log

啓動ES，也能夠在bin目錄下，切換到elk帳戶，執行#./elasticsearch -d 啓動ES 

此處發現報錯，須要進入查看錯誤信息，查看路徑爲：

[root@es local]# cd /usr/local/elk/elasticsearch/data/logs
[root@es local]# tailf elk-cluster.log

具體錯誤信息，會有以下信息

[ERROR][o.e.b.Bootstrap          ] [elk01] node validation exception
bootstrap checks failed
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

解決方式爲：

查看配置信息：

[root@es local]# ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 3870
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 3870
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited
[root@es local]# ulimit -n 65536

PS:該項配置，僅限於當前窗口，系統一旦重啓，變會恢復，可使用以下方式修噶

[root@es local]## vim /etc/security/limits.conf  //加入如下配置，重啓便可生效
* hard nofile 65536
* soft nofile 65536

修改另外一處異常：

[root@es elk]# vim /elasticsearch/elasticsearch-5.3.1/etc/sysctl.conf 
# sysctl settings are defined through files in 
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. 
# 
# Vendors settings live in /usr/lib/sysctl.d/. 
# To override a whole file, create a new file with the same in 
# /etc/sysctl.d/ and put new settings there. To override 
# only specific settings, add a file with a lexically later 
# name in /etc/sysctl.d/ and put new settings there. 
# 
# For more information, see sysctl.conf(5) and sysctl.d(5). 
# 
# vm.swappiness=1 
# 
 vm.max_map_count = 262144

　　

[root@es elk]# sysctl -p
vm.max_map_count = 262144

修復後，從新啓動ES，而後查詢啓動端口號，發現上述配置的9250，以及9350端口號，都已經啓動了，ES能夠正常訪問

[elk@es bin]$ ss -anlt
State      Recv-Q Send-Q                Local Address:Port                               Peer Address:Port              
LISTEN     0      128                               *:22                                            *:*                  
LISTEN     0      100                       127.0.0.1:25                                            *:*                  
LISTEN     0      128                              :::22                                           :::*                  
LISTEN     0      100                             ::1:25                                           :::*                  
LISTEN     0      128                              :::9250                                         :::*                  
LISTEN     0      128                              :::9350                                         :::* 

10：使用

執行以下命令，IP和端口爲以前配置好的IP和端口

[root@es elasticsearch-5.3.1]# curl http://192.168.56.101:9250/

返回以下信息，則表示ES執行成功

{
  "name" : "elk01",
  "cluster_name" : "elk-clustern",
  "cluster_uuid" : "srgahQGyTpSS7HfB1wBz_A",
  "version" : {
    "number" : "5.3.1",
    "build_hash" : "c67dc32e24162035d18d6fe1e952c4cbcbe79d16",
    "build_timestamp" : "2016-09-27T18:57:55Z",
    "build_snapshot" : false,
    "lucene_version" : "6.4.2"
  },
  "tagline" : "You Know, for Search"
}