• 1. 说明
  • 2. 环境准备
  • 2.1. 集群列表
  • 2.2. 最大文件打开数
  • 2.3. Java 的 JDK
  • 3. Elasticsearch 的安装
  • 3.1. 从官网下载安装包
  • 3.2. 解压到指定的目录下
  • 3.3. 角色分配
  • 3.4. Elasticsearch.yml 设置
  • 3.5. jvm.options 配置
  • 3.6. Elasticsearch 启动
  • 3.7. Elasticsearch 停止
  • 3.8. 查看 Elasticsearch 集群状态
  • 3.9. 测试
  • 4. Kibana 安装
  • 4.1. 下载安装包
  • 4.2. 解压
  • 4.3. 在各 Elasticsearch 主机下安装 x-pack
  • 4.4. 在 Kibana 下安装 x-pack
  • 4.5. 根据需要修改 Kibana 配置
  • 4.6. 启动 Kibana
  • 4.7. 停止
  • 4.8. 访问
  • 5. Search Guard 安装
  • 6. 安装过程中遇到的问题

1. 说明

本安装文档针对 ElasticSearch5.4.3 进行编写。

2. 环境准备

2.1. 集群列表

172.19.7.91 du-es-1
172.19.7.92 du-es-2
172.19.7.93 du-es-3
172.19.7.94 du-es-4
172.19.7.95 du-es-5

2.2. 最大文件打开数

1.在 /etc/security/limits.conf 添加如下内容

* soft nofile 655350
* hard nofile 655350
* soft nproc 655350
* hard nproc 655350

2.注释掉 /etc/security/limits.d/90-nproc.conf 里面的两行

#* soft nproc 1024
#root soft nproc unlimited

3.直接设置文件打开数(避免重启)

ulimit -n 655350

4.修改 max_map_count(操作系统默认限制的内存映射数是比较低的,可能会引起内存溢出异常。)

在 /etc/sysctl.conf 添加
vm.max_map_count=655360
然后执行 sysctl -p
验证:
sysctl -a | grep “vm.max_map_count”

2.3. Java 的 JDK

1.jdk 的版本

因为 Elasticsearch5.4.3 至少需要 Java 8,本文使用的是 oracle jdk 1.8.0_131
可以从 JDK 官网直接下载 jdk-8u131-linux-x64.tar.gz。

2.Java 的垃圾回收器算法
采用 G1 收集器

3. Elasticsearch 的安装

3.1. 从官网下载安装包

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.4.3.tar.gz

3.2. 解压到指定的目录下

tar –zxvf elasticsearch-5.4.3.tar.gz –C /srv/app/es/

3.3. 角色分配

ip

主机名

实例目录

角色

数据目录

日志目录

172.19.7.91

du-es-1

Instance1

Master:true nodedata:false

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

172.19.7.91

du-es-1

Instance2

Master:false nodedata:false

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

172.19.7.91

du-es-1

Instance3

Master:false nodedata:true

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

172.19.7.91

du-es-1

Instance4

Master: false nodedata:true

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

172.19.7.91

du-es-1

Instance5

Master: false nodedata:true

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

ip

主机名

实例目录

角色

数据目录

日志目录

172.19.7.92

du-es-2

Instance1

Master:true nodedata:false

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

172.19.7.92

du-es-2

Instance[2-4]

Master:false nodedata:false

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

172.19.7.93

du-es-3

Instance1

Master:trune nodedata:true

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

172.19.7.93

du-es-3

Instance[2-4]

Master: false nodedata:true

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

172.19.7.94

du-es-4

Instance[1-4]

Master: false nodedata:true

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

172.19.7.95

du-es-2

Instance[1-4]

Master: false nodedata:true

/data1/es/data,/data2/es/data,/data3/es/data,/data4/es/data

/data1/es/logs,

端口配置

集群名称

ip

主机名

实例

节点实例名称

http.port

Transport.tcp.port

du-es

172.19.7.91

du-es-1

instance1

du-es-1-1

9211

9311

 

172.19.7.91

du-es-1

Instance2

du-es-1-2

9212

9312

 

172.19.7.91

du-es-1

Instance3

du-es-1-3

9213

9313

 

172.19.7.91

du-es-1

Instance4

du-es-1-4

9214

9314

 

172.19.7.91

du-es-1

instance5

du-es-1-5

9215

9315

其它机器都可以作为数据节点,配置请参照 172.19.7.91

3.4. Elasticsearch.yml 设置

同一个主机上第i个实例配置,注所有的参数配置,参数名:空格值,此处的空格一定要有。每个实例 instance 目录下都要有一个 elasticsearch.yml 文件。

[srvadmin@du-es-1 config]$ more elasticsearch.yml.default

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html #
# ————————————————— Cluster —————————————————-
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
cluster.name:du-es
#
# —————————————————— Node ——————————————————
#
# Use a descriptive name for the node:
#
#node.name: node-1
node.name: ${HOSTNAME}-i
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#下面4种情况只能选择一个。
#1、每台机器请参照上述角色进行配置
node.master:true
node.data:false
node.ingest:false
search.remote.connect:false
#2、数据节点
node.master: false
node.data: true
node.ingest:false
search.remote.connect:false
#3、ingest节点
node.master: false
node.data: false
node.ingest: true
search.remote.connect:false
#4、协调节点
node.master: false
node.data: false
node.ingest: false
search.remote.connect: false

# —————————————————- Paths ——————————————————
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#注两个目录之间用逗号分隔且逗号后面要有空格
path.data: /data1/es/data, /data2/es/data, /data3/es/data, /data4/es/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#logs目录只能配置一个
path.logs: /data1/es/logs
#
# —————————————————- Memory —————————————————-
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#禁止内存交换,此设置生效 需要问题 4 的解决办法。
bootstrap.memory_lock: true
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ————————————————— Network —————————————————-
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 172.19.7.91
#
# Set a custom port for HTTP:
#
#http.port: 9200
#可以为Http传输监听定制端口:
http.port: 921i
#可以定制该节点与其他节点交互的端口:
transport.tcp.port:931i
#
# For more information, consult the network module documentation.
#
# ————————————————- Discovery —————————————————
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is [“127.0.0.1”, “[::1]”]
#
#discovery.zen.ping.unicast.hosts: [“host1”, “host2”]
discovery.zen.ping.unicast.hosts: [“172.19.7.91:9311”,”172.19.7.92:9311”,”172.19.7.93:9311”]
#
# Prevent the “split brain” by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
#
#discovery.zen.minimum_master_nodes: 3
discovery.zen.minimum_master_nodes: 2
#本地的最大节点数(包括主节点,数据节点,协调节点等节点)
#第一个机器配置如下
node.max_local_storage_nodes:5
# 其它机器配置 node.max_local_storage_nodes:4
# For more information, consult the zen discovery module documentation.
#
# ————————————————— Gateway —————————————————-
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ————————————————— Various —————————————————-
#设置是否可以通过正则或者_all删除或者关闭索引,false是允许,true是禁止
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
# ES 在内存不够 JVM 开启 swapping 的时候,表现得会很差,所以为了避免这个问题,将该属性设为 true,表示锁定 ES 所使用的内存

#请确保 ES_MIN_MEM 和 ES_MAX_MEM 的值是一样的,并且能够为、 ElasticSearch 分配足够的内在,并为系统操作保留足够的内存。

#启动会报错,实例起不来,详细错误见问题 3

#bootstrap.mlockall: true

#分片数,启动会报错,实例起不来,详细错误见问题 3
#index.number_of_shards: 200

#副本数 ,启动会报错,实例起不来,详细错误见问题 3
#index.number_of_replicas: 0

3.5. jvm.options 配置

jvm.options 只能在 config 目录下,不能放在 config/instancei 目录下的。

[srvadmin@du-es-1 config]$ more jvm.options

## JVM configuration
################################################################
## IMPORTANT: JVM heap size
################################################################
##
## You should always set the min and max JVM heap
## size to the same value. For example, to set
## the heap to 4 GB, set:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html ## for more information
##
################################################################
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space
-Xms14g
-Xmx14g

################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don’t tamper with them unless
## you understand what you are doing
##
################################################################
## GC configuration
-XX:+UseG1GC
-XX:G1HeapRegionSize=2
-XX:MaxGCPauseMillis=20

#-XX:ParaleGCThreads=2
#-XX:ConcGCThreads=2
## optimizations
# disable calls to System#gc

-XX:+DisableExplicitGC

# pre-touch memory pages used by the JVM during initialization

-XX:+AlwaysPreTouch

## basic

# force the server VM (remove on 32-bit client JVMs)
-server

# explicitly set the stack size (reduce to 320k on 32-bit client JVMs)
-Xss1m
# set to headless, just in case

-Djava.awt.headless=true

# ensure UTF-8 encoding by default (e.g. filenames)

-Dfile.encoding=UTF-8

# use our provided JNA always versus the system one

-Djna.nosys=true

# use old-style file permissions on JDK9

-Djdk.io.permissionsUseCanonicalPath=true

# flags to configure Netty

-Dio.netty.noUnsafe=true

-Dio.netty.noKeySetOptimization=true

-Dio.netty.recycler.maxCapacityPerThread=0

# log4j 2

-Dlog4j.shutdownHookEnabled=false
-Dlog4j2.disable.jmx=true
-Dlog4j.skipJansi=true

## heap dumps

# generate a heap dump when an allocation from the Java heap fails

# heap dumps are created in the working directory of the JVM

-XX:+HeapDumpOnOutOfMemoryError

# specify an alternative path for heap dumps

# ensure the directory exists and has sufficient space

#-XX:HeapDumpPath=${heap.dump.path}

## GC logging

#-XX:+PrintGCDetails

#-XX:+PrintGCTimeStamps

#-XX:+PrintGCDateStamps

#-XX:+PrintClassHistogram

#-XX:+PrintTenuringDistribution

#-XX:+PrintGCApplicationStoppedTime

# log GC status to a file with time stamps

# ensure the directory exists

#-Xloggc:${loggc}

# By default, the GC log file will not rotate.

# By uncommenting the lines below, the GC log file

# will be rotated every 128MB at most 32 times.

#-XX:+UseGCLogFileRotation

#-XX:NumberOfGCLogFiles=32

#-XX:GCLogFileSize=128M

# Elasticsearch 5.0.0 will throw an exception on unquoted field names in JSON.

# If documents were already indexed with unquoted fields in a previous version

# of Elasticsearch, some operations may throw errors.

#

# WARNING: This option will be removed in Elasticsearch 6.0.0 and is provided

# only for migration purposes.

#-Delasticsearch.json.allow_unquoted_field_names=true

3.6. Elasticsearch 启动

bin/elasticsearch -Epath.conf=/srv/app/elasticsearch/config/instance1 -d -p /tmp/elasticsearch_1.pid

bin/elasticsearch -Epath.conf=/srv/app/elasticsearch/config/instance2 -d -p /tmp/elasticsearch_2.pid

bin/elasticsearch -Epath.conf=/srv/app/elasticsearch/config/instance3 -d -p /tmp/elasticsearch_3.pid

bin/elasticsearch -Epath.conf=/srv/app/elasticsearch/config/instance4 -d -p /tmp/elasticsearch_4.pid

bin/elasticsearch -Epath.conf=/srv/app/elasticsearch/config/instance5 -d -p /tmp/elasticsearch_5.pid

3.7. Elasticsearch 停止

直接杀进程

kill -9 cat /tmp/elasticsearch_1.pid

3.8. 查看 Elasticsearch 集群状态

curl ‘172.19.7.91:9211/_cat/nodes?v’

curl -XGET ‘http://172.19.7.91:9211/_cluster/health?pretty

curl -XGET ‘http://172.19.7.91:9211/_cluster/health?level=indices&pretty

3.9. 测试

创建索引实例

curl -XPUT ‘http://172.19.7.91:9211/twitter‘ -d ‘{

“settings”:{

“number_of_shards”:3,

“number_of_replicas”:2

}

}’

创建文档

curl -XPUT ‘http://172.19.7.91:9211/twitter/tweet/1‘ -d ‘{

“user”:”kimchy”,

“post_date”:”2012-12-12”,

“message”:”trying out ElasticSearch!”

}’

查询文档

curl -XGET ‘http://172.19.7.91:9211/twitter/tweet/1

显示下面结果则表明成功了:

[srvadmin@du-es-1 elasticsearch]$ curl -XGET ‘http://172.19.7.91:9211/twitter/tweet/1

{“_index”:”twitter”,”_type”:”tweet”,”_id”:”1”,”_version”:1,”found”:true,”_source”:{

“user”:”kimchy”,

“post_date”:”2012-12-12”,s

“message”:”trying out ElasticSearch!”

}}

4. Kibana 安装

4.1. 下载安装包

wget https://artifacts.elastic.co/downloads/kibana/kibana-5.4.3-linux-x86_64.tar.gz

4.2. 解压

tar -xzf kibana-5.4.3-linux-x86_64.tar.gz

4.3. 在各 Elasticsearch 主机下安装 x-pack

./elasticsearch-plugin install x-pack

#修改 Elasticsearch 配置。如果是用 ambari 安装,则修改 elasticsearch.yml.j2,重启 ambari

#如果要使用 xpack 的安全控制,可以将此属性设置为 true,用户为 elastic/changeme,

但此功能是收费的
xpack.security.enabled: false
重启 Elasticsearch

4.4. 在 Kibana 下安装 x-pack

./kibana-plugin install x-pack

4.5. 根据需要修改 Kibana 配置

kibana.yml

4.6. 启动 Kibana

./kibana &

4.7. 停止

fuser -n tcp 5601

kill -9

4.8. 访问

http:// 172.19.7.91:5601/

elastic/changeme

5. Search Guard 安装

Search Guard 是 Elasticsearch 的一个安全控件,绝大部分功能免费。但难于安装和操作使用,没有管理界面,只能在配置文件中进行操作。在安装此控制后,其它控件如 elasticsearch-head、kibana monitoring 将不可用

#如果 openssl 版本不够高,需要升级 openssl

wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1k.tar.gz

tar -zvxf openssl-1.0.1k.tar.gz

cd openssl-1.0.1k

./config shared

make

make install

mv /usr/bin/openssl /usr/bin/openssl.bak

mv /usr/include/openssl /usr/include/openssl.bak

ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

ln -s /usr/local/ssl/include/openssl/ /usr/include/openssl

cp /etc/ld.so.conf /etc/ld.so.conf.bak

echo “/usr/local/ssl/lib” >> /etc/ld.so.conf

ldconfig

ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1

ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

#控件安装,5.4.3 是与 Elasticsearch 对应的版本

./elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.3-12

#制作证书

git clone https://github.com/floragunncom/search-guard-ssl.git

cd search-guard-ssl/example-pki-scripts

#修改 example.sh

es 启动_elasticsearch

#生成证书

./example.sh

#将 node-0-keystore.jks、truststore.jks 拷贝到 Elasticsearch 各节点的 config 目录下

#将 sgadmin-keystore.jks、truststore.jks 拷贝到 elasticsearch 各节点的控件 search guard 的 sgconfig 目录下

#修改 elasticsearch 追加配置。如果是用 ambari 安装,则修改 elasticsearch.yml.j2,重启 ambari

searchguard.ssl.transport.enabled: true

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: 123456

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: 123456

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.authcz.admin_dn:

  • CN=sgadmin,OU=client,O=client,L=test, C=de

#如果有安装 xpack

xpack.monitoring.enabled: true

xpack.graph.enabled: false

xpack.watcher.enabled: false

xpack.monitoring.exporters:

my_remote:

type: http

host: “http://{{hostname}}:9200

auth:

username: admin

password: admin

#在各节点上运行 sgadmin,在运行前需要对脚本授权

plugins/search-guard-5/tools/sgadmin.sh -cd plugins/search-guard-5/sgconfig/ -ks plugins/search-guard-5/sgconfig/sgadmin-keystore.jks -ts plugins/search-guard-5/sgconfig/truststore.jks -kspass 123456 -tspass 123456 -nhnv —diagnose -cn es_cluster -h isunode

#重启 Elasticsearch

#访问进行验证,可以看到访问 Elasticsearch 时需要进行用户名密码验证,输入默认管理员用户 admin/admin 可进入

es 启动_es 启动_02

#用户角色和权限管理,请配置 search guard 控件安装目录下 sgconfig 中的配置文件

6. 安装过程中遇到的问题

问题 1:

main ERROR Could not register mbeans

java.security.AccessControlException:

access denied (“javax.management.MBeanTrustPermission” “register”)

解决办法:

该安装采用的是单节点多实例的方案,在 config 目录下建立多个 instancei( i 是变量从 1 到 n)目录,每个目录下都要保证有

elasticsearch.yml,log4j2.properties 这 2 个文件。而 jvm.options 是必须要在 config 目录下的

上面报错就是因为,config 目录下没有 jvm.options 文件了。jvm.options 中有这样一个参数设置 -Dlog4j2.disable.jmx=true

问题 2:

java.lang.IllegalArgumentException: node settings must not contain any index level settings

解决办法:

即 Elasticsearch 不支持针对索引的配置,把针对索引的设置都去掉就可以了

问题 3:

java.lang.IllegalArgumentException: unknown setting [bootstrap.mlockall] please check that any required plugins are installed, or check the breaking changes documentation for removed settings

解决办法:

bootstrap.memory_lock: true

问题 4:

[1] bootstrap checks failed

[1]: memory locking requested for elasticsearch process but memory is not locked

[2017-06-30T09:53:49,673][INFO ][o.e.n.Node ][du-es-1-4] stopping …

[2017-06-30T09:53:49,689][INFO ][o.e.n.Node ][du-es-1-4] stopped

[2017-06-30T09:53:49,689][INFO ][o.e.n.Node ][du-es-1-4] closing …

[2017-06-30T09:53:49,697][INFO ][o.e.n.Node ][du-es-1-4] closed

[2017-06-30T09:53:50,448][WARN ][o.e.b.JNANatives ] Unable to lock JVM Memory: error=12, reason=Cannot allocate memory

[2017-06-30T09:53:50,449][WARN ][o.e.b.JNANatives ] This can result in part of the JVM being swapped out.

[2017-06-30T09:53:50,450][WARN ][o.e.b.JNANatives ] Increase RLIMIT_MEMLOCK, soft limit: 65536, hard limit: 65536

[2017-06-30T09:53:50,450][WARN ][o.e.b.JNANatives ] These can be adjusted by modifying /etc/security/limits.conf, for example:

# allow user ‘srvadmin’ mlockall

srvadmin soft memlock unlimited

srvadmin hard memlock unlimited

[2017-06-30T09:53:50,450][WARN ][o.e.b.JNANatives ] If you are logged in interactively, you will have to re-login for the new limits to take effect.

[2017-06-30T09:53:50,511][INFO ][o.e.n.Node ][du-es-1-5] initializing …

[2017-06-30T09:53:50,580][INFO ][o.e.e.NodeEnvironment ][du-es-1-5] using [4] data paths, mounts [[/data3 (/dev/vdd1), /data2 (/dev/vdc1), /data1 (/dev/vdb1), /data4 (/dev/vde1)]], net usable_space [7.2tb], net total_space [7.6tb], spins? [possibly], types [ext4]

解决办法:

/etc/security/limits.conf
baoshan soft memlock unlimited
baoshan hard memlock unlimited

修改:
/etc/sysctl.conf
vm.swappiness=0

重启机器

问题 5:

第 2 个节点总共有 4 个实例,前 3 个实例都可以正常起来,但当第 4 个实例启动的时候报

Caused by: java.lang.IllegalStateException: handshake failed with

原因:

Jvm.options 参数内存设置过大

解决办法:

Jvm.options 参数内存设置改小即可

问题 6:

java.lang.IllegalStateException: failed to obtain node locks, tried [[/data1/es/data/du-es, /data2/es/data/du-es, /data3/es/data/du-es, /data4/es/data/du-es]] with lock id [0]; maybe these locations are not writable or multiple nodes were started without increasing [node.max_local_storage_nodes] (was [1])?

原因:

每天机器上都有多个实例,node.max_local_storage_nodes 应该配置为本机上的实例个数

解决办法:

node.max_local_storage_nodes:4