提示:文章写完后,目录可以自动生成,如何生成可参考右边的帮助文档
- 6.2.4升级到6.8.9
- 一、升级Elasticsearch
- 二、升级Kibana
- 三、升级Logstash
- 四、升级Beats
- 6.8.9升级到7.14.0
- 一、升级java
- 二、升级Elasticsearch
- 三、升级Kibana
- 四、升级redis
- 五、升级Logstash
- 六、 升级Beats
版本升级依次从6.2升级到6.8,再升级到7.14
我的版本是6.2.4,升级到6.8.9,再升级到7.14.0
版本兼容性参考官方
https://www.elastic.co/cn/support/matrix#matrix_compatibility
集群升级需要将节点依次升级,优先升级非主节点,升级后作为主节点
一、升级Elasticsearch1、Back up your data by taking a snapshot
1.1 Register a snapshot repository
PUT /_snapshot/backup
{
“type”: “fs”,
“settings”: {
“location”: “/localdata/snapshot” //提前创建目录并授权给elasticsearch用户
}
}
查看Register
GET /_snapshot/backup
1.2 Create a snapshot
在kibana界面Dev Tools中输入如下内容,创建名为snapshot_1的snapshot
查看
2、升级非主节点的Elasticsearch
2.1 Disable shard allocation.
2、 升级非主节点的ES
2.1 Disable shard allocation.
PUT _cluster/settings
{
“persistent”: {
“cluster.routing.allocation.enable”: “primaries”
}
}
2.2 Stop non-essential indexing and perform a synced flush
POST _flush/synced
2.3 Shut down a single node.
[root@elktest ~]# systemctl stop elasticsearch.service
2.4 Upgrade the node you shut down
由于旧版本使用RPM包安装,所以rpm方式升级
[root@elktest ~]# rpm -Uvh elasticsearch-6.8.9.rpm
2.5 Start the upgraded node.
[root@elktest ~]# systemctl start elasticsearch.service
查看
GET _cat/nodes
2.6 Reenable shard allocation.
PUT _cluster/settings
{
“persistent”: {
“cluster.routing.allocation.enable”: null
}
}
2.7 Wait for the node to recover.
GET _cat/health?v=true
Wait for the status column to switch to green. once the node is green, all primary and replica shards have been allocated
GET _cat/recovery
GET /_cat/health?v=true
GET /_cat/nodes?h=ip,name,version&v=true
接下来依次升级其他节点,升级完成的节点作为主节点(必须高版本为主节点)
[root@elktest ~]# systemctl stop kibana
[root@elktest ~]# rpm -Uvh kibana-6.8.9-x86_64.rpm
[root@elktest ~]# systemctl daemon-reload
[root@elktest ~]# systemctl start kibana
[root@elktest ~]# rpm -Uvh logstash-6.8.9.rpm
[root@elktest ~]# systemctl start logstash
[root@elktest ~]# systemctl stop filebeat
[root@elktest ~]# rpm -Uvh filebeat-6.8.9-x86_64.rpm
[root@elktest ~]# systemctl start filebeat
参考如下链接
https://blog.csdn.net/gjjhyd/article/details/120522850?spm=1001.2014.3001.5501
1、步骤同6.2.4升级到6.8.9,rpm执行完成后执行如下操作
[root@elktest ~]# vim /etc/elasticsearch/jvm.options //注销以下3行
#-XX:+UseConcMarkSweepGC
#-XX:CMSInitiatingOccupancyFraction=75
#-XX:+UseCMSInitiatingOccupancyOnly
[root@elktest ~]# vim /etc/elasticsearch/elasticsearch.yml //修改以下行
#discovery.zen.ping.unicast.hosts: [“elktest”]
discovery.seed_hosts: [“elktest”]
cluster.initial_master_nodes: [“elktest”] 第一个升级的节点为master
[root@elktest ~]# systemctl start elasticsearch
2、Start the upgraded node.
[root@elktest ~]# systemctl start elasticsearch.service
3、Reenable shard allocation.
4、Wait for the node to recover
GET _cat/health?v=true
GET _cat/recovery
5、check which nodes have been upgraded
GET /_cat/nodes?h=ip,name,version&v=true
[root@elktest ~]# systemctl stop kibana
[root@elktest ~]# rpm -Uvh kibana-7.14.0-x86_64.rpm
[root@elktest ~]# vim /etc/kibana/kibana.yml
#elasticsearch.url: “http://elktest:9200”
elasticsearch.hosts: [“http://elktest:9200”]
[root@elktest ~]# systemctl daemon-reload
[root@elktest ~]# systemctl start kibana
注:Beats output is expected to work with all Redis versions between 3.2.4 and 5.0.8. Other versions might work as well, but are not supported.
[root@elktest ~]# tar zxvf redis-6.2.5.tar.gz -C /usr/local/etc/
[root@elktest ~]# vim /usr/local/etc/redis-6.2.5/redis.conf
bind 0.0.0.0
protected-mode no
port 6379
tcp-backlog 1024
logfile “/var/log/redis.log”
requirepass 123qwe
[root@elktest ~]# cd /usr/local/etc/redis-6.2.5/src/
[root@elktest ~]# make
[root@elktest ~]# make install
[root@elktest ~]# ./redis-server /usr/local/etc/redis-6.2.5/redis.conf &
[root@elktes src]# redis-cli
127.0.0.1:6379> auth 123qwe
OK
127.0.0.1:6379> keys *
- “syslog”
[root@elktest ~]# systemctl stop logstash
[root@elktest ~]# rpm -Uvh logstash-7.14.0.rpm
[root@elktest ~]# vim /etc/logstash/jvm.options //注释掉以下行
#-XX:+UseParNewGC
#-XX:+UseConcMarkSweepGC
#-XX:CMSInitiatingOccupancyFraction=75
#-XX:+UseCMSInitiatingOccupancyOnly
[root@elktest ~]# systemctl start logstash
1、升级Filebeat
[root@elktest ~]# systemctl stop filebeat
[root@elktest ~]# rpm -Uvh filebeat-7.14.0-x86_64.rpm
[root@elktest ~]# vim /etc/filebeat/filebeat.yml //复制一个7.14版本的filebeat.yml,将output部分改为以下内容
#filebeat.prospectors: //将filebeat.prospectors改为filebeat.inputs
filebeat.inputs:
enabled: false //input false,使用module收集
output.redis: //修改redis部分
hosts: [“elktest”]
password: “123qwe”
key: “syslog”
db: 0
timeout: 5
[root@elktest ~]# cd /etc/filebeat/modules.d/
[root@elktest modules.d]# filebeat modules list
[root@elktest modules.d]# filebeat modules enable system
[root@elktest modules.d]# vim system.yml
[root@elktest ~]# systemctl start filebeat
升级后kibana中的Visualize需要更改,Field都变更为*.Keyword,例如beat.hostname更改为beat.hostname.keyword
2、升级Auditbeat
[root@elktest ~]# systemctl stop auditbeat
[root@elktest ~]# rpm -Uvh auditbeat-7.14.0-x86_64.rpm
[root@elktest ~]# vim /etc/auditbeat/auditbeat.yml
output.redis: //将output.redis部分改成如下内容
hosts: [“elktest”]
password: “123qwe”
key: “syslog”
db: 0
timeout: 5
worker: 2
[root@elktest ~]# systemctl start auditbeat
