目录

  • 1. 实验环境
  • 1.1 实验工具
  • 1.2 操作系统
  • 1.3 架构版本、IP地址规划与虚拟机配置要求
  • 1.4 拓扑图
  • 1.5 其他要求
  • 2. 实验步骤
  • 2.1 安装Elasticsearch(单节点)
  • (1)检查系统jdk版本
  • (2)下载elasticsearch
  • (3)安装elasticsearch
  • (4)配置elasticsearch
  • (5)启动与查看服务
  • (6)访问elasticsearch
  • 2.2 搭建Elasticsearch集群
  • (1)安装elasticsearch
  • (2)配置elasticsearch集群
  • 设置节点192.168.100.31
  • 设置节点192.168.100.32
  • 总结
  • (3)重启elasticsearch服务
  • (4)查看es集群信息
  • 参考资料
  • 关联博文


1. 实验环境

1.1 实验工具

VMware® Workstation 16 Pro

1.2 操作系统

CentOS 7.9.2009 (Linux)

1.3 架构版本、IP地址规划与虚拟机配置要求

开源软件

虚拟机IP地址

版本

CPU与内存

Elasticsearch

192.168.100.31,192.168.100.32

8.2.1

大于1cpu, 大于1G内存

Logstash

192.168.100.33

8.2.0

大于1cpu, 大于1G内存

Kibana

192.168.100.33

8.2.1

大于1cpu, 大于1G内存

Filebeat

192.168.100.31-33

8.2.1

大于1cpu, 大于1G内存

1.4 拓扑图

LINUX ELK_运维

1.5 其他要求

  • 所有虚拟机需要连接互联网,虚拟机网卡模式设置为NAT或桥接模式

2. 实验步骤

以下操作需要在三台虚拟机上同时进行

关闭防火墙

systemctl stop firewall
systemctl disabled firewall

将SELinux设置为disabled

vim /etc/selinux/config 

SELINUX=disabled

同步服务器时间

yum install ntp            #安装ntp服务
systemctl start ntpd       #启动ntp
systemctl enable ntpd      #设置开机自启
date                       #三台服务器的时间一致即可

2.1 安装Elasticsearch(单节点)

官方安装包下载地址:https://www.elastic.co/cn/downloads/elasticsearch

(1)检查系统jdk版本

rpm -qa | grep openjdk
java -version

如果系统没有java环境,需要自行安装。

yum install java

再次检查jdk环境

LINUX ELK_elk_02

(2)下载elasticsearch

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.2.2-x86_64.rpm

(3)安装elasticsearch

rpm -ivh elasticsearch-8.2.2-x86_64.rpm
警告:elasticsearch-8.2.2-x86_64.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID d88e42b4: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:elasticsearch-0:8.2.2-1          ################################# [100%]
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : GjKOXtfn5q1ZlHq7dM2K    #内置超级用户密码

If this node should join an existing cluster, you can reconfigure this with           #加入现有集群的命令
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with                          #重置es内置超级用户的密码
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with                           #为 Kibana 实例生成一个注册令牌
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with                #为 Elasticsearch 节点生成一个注册令牌
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service

使用rpm包安装的elasticsearch其配置目录在/etc/elasticsearch;安装目录在/usr/share/elasticsearch

小技巧:通过rpm -qc命令查看elasticsearch的配置文件路径
# rpm -qc elasticsearch-8.2.2-1.x86_64
/etc/elasticsearch/elasticsearch-plugins.example.yml
/etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/jvm.options
/etc/elasticsearch/log4j2.properties
/etc/elasticsearch/role_mapping.yml
/etc/elasticsearch/roles.yml
/etc/elasticsearch/users
/etc/elasticsearch/users_roles
/etc/sysconfig/elasticsearch
/usr/lib/sysctl.d/elasticsearch.conf
/usr/lib/systemd/system/elasticsearch.service

(4)配置elasticsearch

vim /etc/elasticsearch/elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: elk-cluster                    #自定义集群名
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1                           #自定义节点名
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch            #elasticsearch数据存放路径
#
# Path to log files:
#
path.logs: /var/log/elasticsearch            #elasticsearch日志存放路径
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0            #设置能访问elasticsearch的IP地址,0.0.0.0表示所有IP都能访问,监听所有IP
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200                 #设置elasticsearch数据传输端口号,即监听端口,默认为9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# --------------------------------- Readiness ----------------------------------
#
# Enable an unauthenticated TCP readiness endpoint on localhost
#
#readiness.port: 9399
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 04-06-2022 20:18:05
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true                             #elasticsearch v7以后自动开启安全模式

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["vms31.rhce.cc"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

修改完后使用cat命令查看设置

# cat /etc/elasticsearch/elasticsearch.yml | grep -Ev "#|^$" 
cluster.name: elk-cluster
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["vms31.rhce.cc"]
http.host: 0.0.0.0

(5)启动与查看服务

启动服务

systemctl start elasticsearch.service 
systemctl enable elasticsearch.service

查看启动端口

# netstat -ntlup | grep java
tcp6       0      0 :::9200                 :::*                    LISTEN      24625/java          
tcp6       0      0 :::9300                 :::*                    LISTEN      24625/java

其中9200是数据传输端口,9300示集群通信端口。

(6)访问elasticsearch

使用curl命令访问

# curl -u elastic:GjKOXtfn5q1ZlHq7dM2K https://192.168.100.31:9200/ --insecure
{
  "name" : "vms31.rhce.cc",
  "cluster_name" : "elk-cluster",
  "cluster_uuid" : "4IoxZ9U5T_-7T26soNLm8A",
  "version" : {
    "number" : "8.2.2",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "9876968ef3c745186b94fdabd4483e01499224ef",
    "build_date" : "2022-05-25T15:47:06.259735307Z",
    "build_snapshot" : false,
    "lucene_version" : "9.1.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

使用浏览器访问:https://192.168.100.31:9200/

LINUX ELK_linux_03

2.2 搭建Elasticsearch集群

为了安装elasticsearch集群,我们将

  • 192.168.100.31节点设置为master
  • 192.168.100.32和192.168.100.33节点视为node

(1)安装elasticsearch

根据2.1的(1)——(3),在另外两台服务器192.168.100.32和192.168.100.33上安装elasticsearch

(2)配置elasticsearch集群

设置节点192.168.100.31
# cat /etc/elasticsearch/elasticsearch.yml | grep -v "#"
cluster.name: elk-cluster
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: 
  - 192.168.100.31:9300
  - 192.168.100.32:9300
cluster.initial_master_nodes: ["node-1", "node-2"]


xpack.security.enabled: false

xpack.security.enrollment.enabled: true

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

http.host: 0.0.0.0
设置节点192.168.100.32
# cat /etc/elasticsearch/elasticsearch.yml | grep -v "#"
cluster.name: elk-cluster
node.name: node-2
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.100.31:9300", "192.168.100.32:9300"]
cluster.initial_master_nodes: ["node-1", "node-2"]


xpack.security.enabled: false

xpack.security.enrollment.enabled: true

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

http.host: 0.0.0.0
总结

初始化集群时,所有节点的

  • 集群名cluster.name要一致,
  • 集群IP地址discovery.seed_hosts要一致,

(3)重启elasticsearch服务

systemctl restart elasticsearch

(4)查看es集群信息

# curl http://192.168.100.31:9200/_cluster/health?pretty
{
  "cluster_name" : "elk-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 2,
  "number_of_data_nodes" : 2,
  "active_primary_shards" : 2,
  "active_shards" : 4,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

# curl http://192.168.100.31:9200/_nodes/process?pretty
{
  "_nodes" : {
    "total" : 2,
    "successful" : 2,
    "failed" : 0
  },
  "cluster_name" : "elk-cluster",
  "nodes" : {
    "8bB4P1EET2mjhecE4fez9Q" : {
      "name" : "node-2",
      "transport_address" : "192.168.100.32:9300",
      "host" : "192.168.100.32",
      "ip" : "192.168.100.32",
      "version" : "8.2.2",
      "build_flavor" : "default",
      "build_type" : "rpm",
      "build_hash" : "9876968ef3c745186b94fdabd4483e01499224ef",
      "roles" : [
        "data",
        "data_cold",
        "data_content",
        "data_frozen",
        "data_hot",
        "data_warm",
        "ingest",
        "master",
        "ml",
        "remote_cluster_client",
        "transform"
      ],
      "attributes" : {
        "ml.machine_memory" : "4122771456",
        "ml.max_jvm_size" : "2063597568",
        "xpack.installed" : "true"
      },
      "process" : {
        "refresh_interval_in_millis" : 1000,
        "id" : 52915,
        "mlockall" : false
      }
    },
    "c69H-_ToSLOsbiiIZnY6QA" : {
      "name" : "node-1",
      "transport_address" : "192.168.100.31:9300",
      "host" : "192.168.100.31",
      "ip" : "192.168.100.31",
      "version" : "8.2.2",
      "build_flavor" : "default",
      "build_type" : "rpm",
      "build_hash" : "9876968ef3c745186b94fdabd4483e01499224ef",
      "roles" : [
        "data",
        "data_cold",
        "data_content",
        "data_frozen",
        "data_hot",
        "data_warm",
        "ingest",
        "master",
        "ml",
        "remote_cluster_client",
        "transform"
      ],
      "attributes" : {
        "xpack.installed" : "true",
        "ml.max_jvm_size" : "2063597568",
        "ml.machine_memory" : "4122771456"
      },
      "process" : {
        "refresh_interval_in_millis" : 1000,
        "id" : 38585,
        "mlockall" : false
      }
    }
  }
}

参考资料

  • Elasticsearch介绍:Elasticsearch 是什么?
  • Elasticsearch文档:Elasticsearch Guide
  • Logstash文档:Logstash Reference
  • Kibana文档:Kibana Guide
  • Filebeat文档:Filebeat Reference

关联博文

由于篇幅原因,关于搭建ELKB集群其他内容请查阅:安装 Logstash 和 Kibana安装 Filebeat和问题与解决方案