- 前言
- 本地安装
- 安装elasticsearch
- 安装kibana
- docker安装
- 安装elasticsearch
- 安装kibana
- ik分词器安装
- 下载安装
- 自定义扩展分词库
环境准备:
系统:centos7.x;
jdk版本:1.8.x;
注意:一定要保证所有软件(ELK、IK)版本一致,否则会报错。
- 下载
官网下载
- 上传解压
tar -zxvf xxx.tar.gz
- 后台启动
sh /usr/local/es/elasticsearch-7.17.3/bin/elasticsearch -d
报错
原因是elasticsearch 默认是不支持用root用户来启动的。正式环境用root运行可能会有安全风险,不建议用root来跑。推荐解决方案:添加专门的用户
- 添加用户
useradd elastic passwd elastic
- 改变es目录拥有者账号
chown -R elastic /usr/local/es/elasticsearch-7.17.3/
- 配置
由于我用的虚拟机,所以要对内存做一些限制,开放es外部也能访问,而且要避免一些报错。
报错如下
编辑config目录下的编辑config目录下的elasticsearch.yml文件
vim /usr/local/es/elasticsearch-7.17.3/config/elasticsearch.yml
修改了7个地方
# ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # cluster.name: my-application # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node.name: node-1 # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # path.data: /usr/local/es/elasticsearch-7.17.3/data # # Path to log files: # path.logs: /usr/local/es/elasticsearch-7.17.3/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # #bootstrap.memory_lock: true # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # By default Elasticsearch is only accessible on localhost. Set a different # address here to expose this node on the network: # network.host: 0.0.0.0 # # By default Elasticsearch listens for HTTP traffic on the first free port it # finds starting at 9200. Set a specific HTTP port here: # http.port: 9200 # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when this node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # #discovery.seed_hosts: ["host1", "host2"] # # Bootstrap the cluster using an initial set of master-eligible nodes: # cluster.initial_master_nodes: ["node-1"] # # For more information, consult the discovery and cluster formation module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true # # ---------------------------------- Security ---------------------------------- # # *** WARNING *** # # Elasticsearch security features are not enabled by default. # These features are free, but require configuration changes to enable them. # This means that users don’t have to provide credentials and can get full access # to the cluster. Network connections are also not encrypted. # # To protect your data, we strongly encourage you to enable the Elasticsearch security features. # Refer to the following documentation for instructions. # # https://www.elastic.co/guide/en/elasticsearch/reference/7.16/configuring-stack-security.html
elasticsearch用户拥有的内存权限太小,至少需要262144。切换root用户下,使用vim /etc/sysctl.conf命令编辑sysctl.conf文件
vm.max_map_count=262144
因为 es 不允许使用root用户安装,在使用新建的es用户安装的时候报错如下,
max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
将当前用户的软硬限制调大。找到文件 /etc/security/limits.conf,编辑,在文件的最后追加如下配置,注意elastic 改成你自己运行elasticsearch的用户。
elastic hard nofile 65536 elastic soft nofile 65536
- 开放端口
# 开启防火墙 systemctl start firewalld # 开放指定端口 不加--permanent也是临时开放 firewall-cmd --zone=public --add-port=9200/tcp --permanent # 重启防火墙 firewall-cmd --reload # 查看 firewall-cmd --zone=public --query-port=9200/tcp # 删除 firewall-cmd --zone=public --remove-port=9200/tcp --permanent
- 切换账号,重新启动
su elastic
- 访问测试:http://192.168.25.131:9200
成功!!!
- 下载压缩包
官网下载
- 安装
上传并解压
tar -zxvf xxx.tar.z
- 配置
编辑kibana.yml文件,开放访问和切换中文
#取消server.port端口、server.host网络和elasticsearch地址ip注释,并修改 server.port: 5601 server:host:"0.0.0.0" elasticsearch.hosts: ["http://localhost:9200"] #修改中文 i18n.locale: "zh-CN"
注意root用户无法启动Kibana,需要对其他用户进行授权
#root账户下操作 #改变es目录拥有者账号 chown -R estest /usr/local/kibana/kibana-7.17.3-linux-x86_64/ #还需要设置访问权限 chmod -R 777 /usr/local/kibana/kibana-7.17.3-linux-x86_64/
切换账号登录
su elastic # 后台启动 nohup ./bin/kibana &
连接测试:http://192.168.25.131:5601
注意,这个版本安装完成之后,用chrome浏览器打不开,换了其他浏览器才能连接上
镜像地址
- 拉取镜像
docker pull elasticsearch:7.17.3
- 配置挂载数据文件夹
# 创建配置文件目录 mkdir -p /mydata/elasticsearch/config # 创建数据目录 mkdir -p /mydata/elasticsearch/data # 将/mydata/elasticsearch/文件夹中文件都可读可写 chmod -R 777 /mydata/elasticsearch/ # 配置任意机器可以访问 elasticsearch echo "http.host: 0.0.0.0" >/mydata/elasticsearch/config/elasticsearch.yml
- 启动容器
docker run --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx512m" -v /mydata/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /mydata/elasticsearch/data:/usr/share/elasticsearch/data -v /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins -d elasticsearch:7.17.3
# 自动启动也设置一下 docker update elasticsearch --restart=always
访问测试
浏览器输入:192.168.25.131:9200
- 拉取镜像
docker pull kibana:7.17.3
- 启动容器
docker run --name kibana -e ELASTICSEARCH_HOSTS=http://192.168.25.131:9200 -p 5601:5601 -d kibana:7.17.3
docker update kibana --restart=always
-e ELASTICSEARCH_HOSTS=http://192.168.25.131:9200: 这里要设置成自己的虚拟机IP地址
- 访问测试
浏览器输入:192.168.25.131:5601
- 下载
下载地址
- 上传
上传到外部挂载目录plugins,解压之后删除压缩包即可,如果是直接安装,那就直接上传到es对用的插件文件夹plugins中。 - 重启es
这里我遇到一个问题,restart es之后总是提示内存不足,导致无法启动,解决办法:停止es容器并删除,按照上边的docker run命令再启动一下es,可能是因为装了ik插件,导致重启变成默认占用内存了,我用的虚拟机,内存只有2g。
vim /mydata/elasticsearch/plugins/ik/config/IKAnalyzer.cfg.xml
建一个文件 fenci.txt,放在nginx的html路径下,即可实现远程扩展字典,当然也可以放在本地,远程会方便修改
IK Analyzer 扩展配置 http://192.168.25.131/fenci.txt
重启
docker restart elasticsearch
