安裝教程
https://cloud.tencent.com/developer/article/1115956
安裝的一些說明
1:啓動步驟爲 logstash——>elasticsearch->kibana
2:elasticsearch和logstash的jvm配置默認都比較高,本地測試的時候有可能報內存不足,請修改
3:elasticsearch的啓動不能用root用戶組,需要新創建,下面給出步驟
4:
安裝準備:
- 環境信息
- 環境:Centos7.2
- 軟件環境:jdk1.8
- 安裝:elasticsearch[6.5.1]、logstash[6.5.1]、Kibana[6.5.1]
- 前期準備:
- elasticsearch的用戶組設置
elasticsearch不能使用root用戶組去啓動,我們新建一個用戶組,創建一個用戶,然後把elasticsearch的相關文件夾設置爲非root的用戶中
#創建kunzai用戶組及kunzai用戶
groupadd kunzai
useradd kunzai -g kunzai -p admin
#更改elasticsearch文件夾及內部文件的所屬用戶及組爲kunzai:kunzai
#elasticsearch爲你elasticsearch的目錄名稱
chown -R kunzai:kunzai elasticsearch
切換到kunzai用戶再啓動
su kunzai #切換賬戶
elasticsearch的安裝與設置:
- 設置elasticsearch的相關配置
- 修改jvm的配置
vim /usr/local/opt/elasticsearch-6.5.1/config/jvm.options
#修改爲
-Xms512m
-Xmx512m
- 修改elasticsearch的配置文件
vim /usr/local/opt/elasticsearch-6.5.1/config/elasticsearch.yml
#找到配置文件中的cluster.name,打開該配置並設置集羣名稱
cluster.name: demon
#找到配置文件中的node.name,打開該配置並設置節點名稱
node.name: elk-1
#修改data存放的路徑
path.data: /data/es-data
#修改logs日誌的路徑
path.logs: /var/log/elasticsearch/
#配置內存使用用交換分區
bootstrap.memory_lock: true
#監聽的網絡地址
network.host: 0.0.0.0
#開啓監聽的端口
http.port: 9200
- 設置elasticsearch相關文件夾賦予新用戶組
#創建elasticsearch的data的存放目錄,並修改該目錄的屬主屬組
mkdir -p /usr/data/es-data #(自定義用於存放data數據的目錄)
chown -R kunzai:kunzai /usr/data/es-data
#修改elasticsearch的日誌屬主屬組
chown -R kunzai:kunzai /var/log/elasticsearch/
- 啓動
[root@localhost bin]# ./elasticsearch
[2018-12-08T16:06:02,716][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [es-kunzai-node-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.5.1.jar:6.5.1]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.5.1.jar:6.5.1]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:103) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:170) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.1.jar:6.5.1]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.1.jar:6.5.1]
... 6 more
#切換爲kunzai用戶
[root@localhost bin]# su kunzai
[kunzai@localhost bin]$
[kunzai@localhost bin]$ ./elasticsearch
OpenJDK 64-Bit Server VM warning: Cannot open file logs/gc.log due to Permission denied
Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: java.nio.file.AccessDeniedException: /usr/local/opt/elasticsearch-6.5.1/config/elasticsearch.keystore
Likely root cause: java.nio.file.AccessDeniedException: /usr/local/opt/elasticsearch-6.5.1/config/elasticsearch.keystore
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
at java.nio.file.Files.newByteChannel(Files.java:361)
at java.nio.file.Files.newByteChannel(Files.java:407)
at org.apache.lucene.store.SimpleFSDirectory.openInput(SimpleFSDirectory.java:77)
at org.elasticsearch.common.settings.KeyStoreWrapper.load(KeyStoreWrapper.java:215)
at org.elasticsearch.bootstrap.Bootstrap.loadSecureSettings(Bootstrap.java:230)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:295)
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136)
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86)
Refer to the log for complete error details.
#出現上面的錯誤(無權限訪問)
查看/usr/local/opt/elasticsearch-6.5.1/config/elasticsearch.keystore文件的信息
[kunzai@localhost config]$ ll
總用量 36
-rw-rw----. 1 root root 207 Dec 8 16:05 elasticsearch.keystore
切換到root用戶再次將此文件分配到kunzai用戶組下
[kunzai@localhost config]$ su
密碼:此處輸入密碼
[root@localhost config]# chown -R kunzai:kunzai elasticsearch.keystore
[root@localhost config]# ll
總用量 36
-rw-rw----. 1 kunzai kunzai 207 Dec 8 16:05 elasticsearch.keystore
#再次啓動
#剩下如果還遇到權限不足的,一樣操作
再次啓動報錯
#繼續使用kunzai啓動-又出現一點錯誤-修改
........錯誤省略
[2018-12-08T16:28:47,663][INFO ][o.e.t.TransportService ] [es-kunzai-node-1] publish_address {192.168.137.128:9300}, bound_addresses {[::]:9300}
[2018-12-08T16:28:47,764][INFO ][o.e.b.BootstrapChecks ] [es-kunzai-node-1] bound or publishing to a non-loopback address, enforcing bootstrap checks
————》ERROR: [2] bootstrap checks failed
————》[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
————》[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
解決辦法:
1:登錄到root用戶,修改如下
[kunzai@localhost bin]$ su
密碼:
[root@localhost bin]# vim /etc/security/limits.conf
在末尾追加以下內容(elk爲啓動用戶,當然也可以指定爲*,我們這裏可以設置爲*)
#elk soft nofile 65536
* soft nofile 65536
* hard nofile 65536
* soft nproc 2048
* hard nproc 2048
* soft memlock unlimited
* hard memlock unlimited
2:繼續再修改一個參數
[[email protected] ~]# vim /etc/security/limits.conf
修改或添加
* hard nproc 4096
切換用戶,如果還是不行則修改:/etc/security/limits.d/20-nproc.conf,其他文章上寫的都是修改90-nproc.conf
不過我這個安裝之後沒有這個文件,只有一個20-nproc.conf,我的修改這個就行,剛開始學不知道什麼原因
將裏面的1024改爲2048(ES最少要求爲2048)
[[email protected] ~]# vim /etc/security/limits.d/20-nproc.conf
將內容改爲:
* soft nproc 4096
* hard nproc 4096 #(這是新增的)
如果是使用xshell開兩個窗口的話修改完成之後一定要斷開重新登錄一下哦
---修改內容
1.max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
修改/etc/security/limits.conf文件,添加或修改如下行:
* hard nofile 65536
* soft nofile 65536
2.max virtual memory areas vm.max......
修改 /etc/sysctl.conf 文件,添加如下行:
vm.max_map_count=262144
修改好了以後,調用sysctl -a查看,發現參數並沒有變動,使用(sudo sysctl -p )讓配置生效或者要重啓纔可以。
重啓以後,再啓動es即可,就可以通過主機ip訪問。
安裝elasticsearch-head插件
安裝docker鏡像或者通過github下載elasticsearch-head項目都是可以的,1或者2兩種方式選擇一種安裝使用即可
1. 使用docker的集成好的elasticsearch-head
# docker run -p 9100:9100 mobz/elasticsearch-head:5
docker容器下載成功並啓動以後,運行瀏覽器打開http://localhost:9100/
2. 使用git安裝elasticsearch-head
# yum install -y npm
# git clone git://github.com/mobz/elasticsearch-head.git
# cd elasticsearch-head
# npm install
# npm run start
檢查端口是否起來
netstat -antp |grep 9100
瀏覽器訪問測試是否正常
http://IP:9100/
一些操作:
查看服務狀態,如果有報錯可以去看錯誤日誌 less /var/log/elasticsearch/集羣 名稱.log(日誌的名稱是以集羣名稱命名的)
創建開機自啓動服務
# chkconfig elasticsearch on
#後臺啓動
elasticsearch -d