安装环境前言: 为方便针对日志进行管理,以及对日志进行分析,需要搭建ELK集群,最终目的是为了搭建elk集群,以及elkf集群的一些治理方法,此篇文档目标是搭建ES集群,并部署相应的监控工具,ELK相关的其他组件以及各个组件的治理方法、使用方法、压力测试等将依次进行更新。
系统:
[root@VM-240-2-centos ~]# cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL="https://bugs.centos.org/" CENTOS_MANTISBT_PROJECT="CentOS-7" CENTOS_MANTISBT_PROJECT_VERSION="7" REDHAT_SUPPORT_PRODUCT="centos" REDHAT_SUPPORT_PRODUCT_VERSION="7" [root@VM-240-7-centos package]# cat /proc/meminfo |grep "MemTotal" MemTotal: 32778376 kB [root@VM-240-7-centos package]# cat /proc/cpuinfo |grep "core id"|wc -l 16 [root@VM-240-7-centos package]# cat /proc/diskstats 253 0 vda 21639 193 1344189 22032 540081 440034 16337281 1480199 0 230800 1502231 253 1 vda1 21605 193 1341813 22001 538991 440034 16337281 1480037 0 230506 1502038 253 16 vdb 608 0 30234 395 2065621 3354248 81954280 2778018 0 1338117 2778413 253 17 vdb1 195 0 9218 227 1589703 3354248 81954272 2741411 0 1295162 2741638 11 0 sr0 141 0 14492 59 0 0 0 0 0 41 59
ES相关组件:
**ElasticSearch: elasticsearch-7.15.1-linux-x86_64.tar.gz **Logstags: logstash-7.15.1-linux-x86_64.tar.gz **Kafka: kafka_2.13-3.0.0.tgz **Filebeat: filebeat-7.15.1-linux-x86_64.tar.gz **Kibana: kibana-7.15.1-linux-x86_64.tar.gz **Zookeeper: apache-zookeeper-3.7.0-bin.tar.gz **JDK: jdk-17_linux-x64_bin.tar.gz *********************************************************************************************** **扩展插件: **Cerebor:cerebro-0.9.4.tar.gz **jdk:jdk-8u65-linux-x64.gz **kafka-manager:CMAK-3.0.0.5.tar.gz **jdk:jdk-11.0.13_linux-x64_bin.tar.gz1、下载Elasticsearch组件
[root@VM-240-7-centos ~]# cd /home/package/ [root@VM-240-7-centos package]# https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.15.1-linux-x86_64.tar.gz [root@VM-240-7-centos package]# ls elasticsearch-7.15.1-linux-x86_64.tar.gz elasticsearch-7.15.1-linux-x86_64.tar.gz2、系统优化
[root@VM-240-7-centos package]# cat /etc/sysctl.conf net.ipv4.ip_forward = 0 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.core_uses_pid = 1 net.ipv4.tcp_syncookies = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 net.ipv4.conf.all.promote_secondaries = 1 net.ipv4.conf.default.promote_secondaries = 1 net.ipv6.neigh.default.gc_thresh3 = 4096 net.ipv4.neigh.default.gc_thresh3 = 4096 kernel.softlockup_panic = 1 kernel.sysrq = 1 net.ipv6.conf.all.disable_ipv6=0 net.ipv6.conf.default.disable_ipv6=0 net.ipv6.conf.lo.disable_ipv6=0 kernel.numa_balancing = 0 kernel.shmmax = 68719476736 kernel.printk = 5 vm.max_map_count=262144 [root@VM-240-7-centos package]# sysctl -p [root@VM-240-7-centos package]# cat /etc/security/limits.conf # End of file * soft nofile 100001 * hard nofile 100002 root soft nofile 100001 root hard nofile 1000023、部署JDK
[root@VM-240-2-centos package]# tar xf jdk-17_linux-x64_bin.tar.gz [root@VM-240-2-centos package]# pwd /home/package #配置文件追加 [root@VM-240-2-centos package]# cat /etc/profile export JAVA_HOME=/home/package/jdk-17.0.1 export JRE_HOME=/home/package/jdk-17.0.1 export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar export PATH=$JAVA_HOME/bin:$PATH [root@VM-240-2-centos package]# source /etc/profile4、部署ES、jvm优化
[root@VM-240-2-centos package]# tar xf elasticsearch-7.15.1-linux-x86_64.tar.gz -C /data/
[root@VM-240-2-centos package]# cd /data/
[root@VM-240-2-centos data]# mv elasticsearch-7.15.1 elasticsearch
[root@VM-240-2-centos data]# cat -n elasticsearch/config/jvm.options
31 -Xms10g
32 -Xmx10g
5、配置文件讲解
在开启x-pack的环境下启动集群,x-pack(略)。 如果集群需要要使用x-pack 那么集群之间通信是需要开启ssl的,需要使用密钥进行通信,这个是强制要求。
生产ES集群密钥
[root@VM-240-2-centos data]# cd elasticsearch/bin/ [root@VM-240-2-centos bin]#./elasticsearch-certutil ca -out config/elastic-certificates.p12 -pass ""
此时会在ES的config文件夹下有生成两个文件一个是elastic-certificates.p12,另外一个是elasticsearch.keystore,需要将上边两个文件cp到其他的节点,如下:
[root@VM-240-2-centos bin]# ll ../config/elastic-certificates.p12 -rw-r--r-- 1 elk elk 2672 Nov 9 20:14 ../config/elastic-certificates.p12 [root@VM-240-2-centos bin]# ll ../config/elasticsearch.keystore -rw-r--r-- 1 elk elk 199 Nov 9 20:16 ../config/elasticsearch.keystore
引用证书
xpack.security.transport.ssl.enabled: true xpack.security.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
如果在密钥文件config下那么可以直接引用,如果不在需要填写完整绝对路径
集群配置文件
**集群名称,同一个集群的所有节点cluster.name 必须配置相同 cluster.name: log-elk-prod **用于识别本节点 node.name: es-node-2 **是否为master节点 node.master: true **节点服务器所在的机柜信息,此配置可不设 node.attr.rack: r2 **数据存放目录 path.data: /data/elasticsearch/data **日志存放目录 path.logs: /data/elasticsearch/logs **是否锁定内存,如果锁定内存,那么当服务本身压力小时,内存也不会释放, **如果不锁定内存,内存被其他服务占用,es容器宕机,由于内存紧张,此处不用锁定,资源充足建议锁定 bootstrap.memory_lock: false **连接此节点的地址 network.host: xxx.xxx.xxx.xxx **此节点的port http.port: 9200 **节点之间进行通信的接口 transport.tcp.port: 9300 **必须使用discovery.seed_hosts设置提供群集中其他节点的列表 discovery.seed_hosts: ["xxx.xxx.xxx.xxx:9300", "xxx.xxx.xxx.xxx:9300", "xxx.xxx.xxx.xxx:9300"] **必须明确列出符合条件的节点的名称或IP地址,这些节点的投票应在第一次选举中计算 cluster.initial_master_nodes: ["es-node-1", "es-node-2", "es-node-3"] **是否可以通过正则或者_all删除或者关闭索引 action.destructive_requires_name: true
开启watcher
xpack.watcher.enabled: true
完整的配置文件
cluster.name: log-elk-prod node.name: es-node-2 node.master: true node.attr.rack: r2 path.data: /data/elasticsearch/data path.logs: /data/elasticsearch/logs bootstrap.memory_lock: false network.host: xxx.xxx.xxx.xxx http.port: 9200 transport.tcp.port: 9300 discovery.seed_hosts: ["xxx.xxx.xxx.xxx:9300", "xxx.xxx.xxx.xxx:9300", "xxx.xxx.xxx.xxx:9300"] cluster.initial_master_nodes: ["es-node-1", "es-node-2", "es-node-3"] action.destructive_requires_name: true xpack.security.transport.ssl.enabled: true xpack.security.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 xpack.watcher.enabled: true
其他三个节点配置一样,需要注意一下几点:
1)、ssl证书密钥必须是一套,只在一个节点生成cp到其他节点即可,共两个文件elastic-certificates.p12 、elasticsearch.keystore。
2)、cluster.name 同一个集群的节点必须设置为一样。
3)、discovery.seed_hosts 中填写的端口必须是transport.tcp.port指定的端口。
4)、如果开启x-pack,那么集群之间必须加密验证。
配置账号密码需要在配置文件增加:xpack.security.enabled: true,且生效。
查看ES设置密码方式:
[root@VM-240-2-centos bin]# ./elasticsearch-setup-passwords --help warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME Sets the passwords for reserved users Commands -------- auto - Uses randomly generated passwords interactive - Uses passwords entered by a user Non-option arguments: command Option Description ------ ----------- -EConfigure a setting -h, --help Show help -s, --silent Show minimal output -v, --verbose Show verbose output
上图描述了两种方式可以进行设置密码:
auto:则自动生成密码
interactive:则需要自己输出密码:密码需要记录
./bin/elasticsearch-setup-passwords interactive You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N] y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]:
此时访问ES则需要输入用户密码。
7、配置kibana获取kibana安装包,此处安装的版本为:
[root@VM-240-15-centos ~]# cd /home/package [root@VM-240-15-centos package]# wget https://artifacts.elastic.co/downloads/kibana/kibana-7.15.1-linux-x86_64.tar.gz [root@VM-240-15-centos package]# tar xf kibana-7.15.1-linux-x86_64.tar.gz -C /data [root@VM-240-15-centos package]# cd /data && mv kibana-7.15.1-linux-x86_64 kibana [root@VM-240-15-centos package]# cd /data/kibana/config/ [root@VM-240-15-centos config]# egrep -v "^#|^$" kibana.yml server.port: 5601 server.host: "0.0.0.0" elasticsearch.hosts: ["http://xxx.xxx.xxx.xxx:9200"] elasticsearch.username: "xxxxx" elasticsearch.password: "xxxxx" [root@VM-240-15-centos config]# cd ../bin/ [root@VM-240-15-centos bin]# nohup ./kibana &
后续介绍优化,此时账号密码填写上边创建的kibana用户的即可。es地址连接一个即可。
8、集群验证ES的_cat api查看:http://172.21.240.2:9200/_cat
访问任意es节点:
查看节点信息:
查看节点状态:
查看集群状态:
ES状态玛简解:
green:健康状态,参考:主副分片全部正常分配
yello:亚健康,参考:至少有一个副本分片没有分配
red:不可用,参考:至少有一个主分片没有分配
至此ES搭建已经结束,下篇将讲解,ES集群监控工具cerebor,感谢您的查看!
引:
