Elasticsearch是个开源分布式搜索引擎，提供搜集、分析、存储数据三大功能。它的特点有：分布式，零配置，自动发现，索引自动分片，索引副本机制，restful风格接口，多数据源，自动搜索负载等。

中文官网：https://www.elastic.co/cn

安装包下载

下载地址：https://www.elastic.co/cn/downloads/elasticsearch
选择适合你的任意方式下载：

es 下载

本篇采用的es版本：elasticsearch-6.5.0.tar.gz

Es 安装

1. 解压

[root@localhost app]# tar -xzvf AppStore/elasticsearch-6.5.0.tar.gz
……
[root@localhost app]# ll
总用量 4
drwxr-xr-x. 2 root root  238 8月   5 22:19 AppStore
drwxr-xr-x. 8 root root  143 11月 10 2018 elasticsearch-6.5.0
drwxr-xr-x. 7   10  143  245 4月   2 11:51 jdk1.8.0_211
drwxrwxr-x. 6 root root 4096 3月  19 00:21 redis
drwxr-xr-x. 2 root root   52 6月  24 21:48 redis-cluster
[root@localhost app]# 

2. elasticsearch-6.5.0 目录结构

[root@localhost elasticsearch-6.5.0]# ll
总用量 436
drwxr-xr-x.  3 root root   4096 8月  19 22:06 bin
drwxr-xr-x.  2 root root    148 11月 10 2018 config
drwxr-xr-x.  3 root root   4096 11月 10 2018 lib
-rw-r--r--.  1 root root  13675 11月 10 2018 LICENSE.txt
drwxr-xr-x.  2 root root      6 11月 10 2018 logs
drwxr-xr-x. 28 root root   4096 11月 10 2018 modules
-rw-r--r--.  1 root root 403816 11月 10 2018 NOTICE.txt
drwxr-xr-x.  2 root root      6 11月 10 2018 plugins
-rw-r--r--.  1 root root   8519 11月 10 2018 README.textile

3. 修改配置文件

[root@localhost elasticsearch-6.5.0]# cd config/
[root@localhost config]# ll
总用量 32
-rw-rw----. 1 root root  2853 11月 10 2018 elasticsearch.yml
-rw-rw----. 1 root root  3194 11月 10 2018 jvm.options
-rw-rw----. 1 root root 12423 11月 10 2018 log4j2.properties
-rw-rw----. 1 root root   473 11月 10 2018 role_mapping.yml
-rw-rw----. 1 root root   197 11月 10 2018 roles.yml
-rw-rw----. 1 root root     0 11月 10 2018 users
-rw-rw----. 1 root root     0 11月 10 2018 users_roles
[root@localhost config]# vim elasticsearch.yml

在编辑器中依次打开如下配置项，并修改配置，然后保存退出：

// 命名集群名称
cluster.name: galaxy_cluster
// 命名当前节点名称
node.name: node-192.168.18.170
// 在 elasticsearch 目录下创建 data 目录，将数据存放目录指向 data 目录
path.data: /app/elasticsearch-6.5.0/data
// 将日志目录指向 path.data: /app/elasticsearch-6.5.0/logs
path.logs: /app/elasticsearch-6.5.0/logs
// 绑定网络主机，填写主机 IP 地址即可，端口缺省 9200
network.host: 192.168.18.170

4. 启动 elasticsearch

[root@localhost config]# cd ../bin/
[root@localhost bin]# ./elasticsearch
[2019-08-19T22:24:59,647][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [node-192.168.18.170] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:140) ~[elasticsearch-6.5.0.jar:6.5.0]
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:127) ~[elasticsearch-6.5.0.jar:6.5.0]
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.5.0.jar:6.5.0]
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.5.0.jar:6.5.0]
    at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.5.0.jar:6.5.0]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) ~[elasticsearch-6.5.0.jar:6.5.0]
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:86) ~[elasticsearch-6.5.0.jar:6.5.0]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
    at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:103) ~[elasticsearch-6.5.0.jar:6.5.0]
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:170) ~[elasticsearch-6.5.0.jar:6.5.0]
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) ~[elasticsearch-6.5.0.jar:6.5.0]
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.5.0.jar:6.5.0]
    ... 6 more

启动报错，提示root用户不能启动es，新建用户再次启动：

[root@localhost bin]# useradd elk
[root@localhost bin]# cd ../..
[root@localhost app]# chown -R elk:elk elasticsearch-6.5.0/
[root@localhost app]# vim /etc/passwd
# 修改 elk 用户目录 - elk:x:1000:1000::/app:/bin/bash，切换到 elk 用户时可直接怼到 /app 目录下
[root@localhost app]#
[root@localhost app]# su - elk
-bash-4.2$ pwd
/app
-bash-4.2$ ll
总用量 4
drwxr-xr-x. 2 root root  238 8月   5 22:19 AppStore
drwxr-xr-x. 9 elk  elk   155 8月  19 22:16 elasticsearch-6.5.0
drwxr-xr-x. 7   10  143  245 4月   2 11:51 jdk1.8.0_211
drwxrwxr-x. 6 root root 4096 3月  19 00:21 redis
drwxr-xr-x. 2 root root   52 6月  24 21:48 redis-cluster
-bash-4.2$

-bash-4.2$ cd elasticsearch-6.5.0/bin/
-bash-4.2$ ./elasticsearch
……
# 提示如下错误信息
ERROR: [3] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
[2]: max number of threads [3818] for user [elk] is too low, increase to at least [4096]
[3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
……

ERROR: [3] bootstrap checks failed表示bootstrap检查出三个错误，分别是：

• 对于elasticsearch来说4096个文件描述符配置过低，至少要增加到65536
• 对于elk用户来说，3818个进程数配置过低，至少要增加到4096
• 对于虚拟内存来说，vm.max_map_count [65530]配置过低，至少要增加到[262144]

上述错误均为linux系统配置过低导致，使用root用户依次修改配置即可：

# 配置文件描述符数量
[root@localhost app]# echo "* soft nofile 65536" >> /etc/security/limits.conf
[root@localhost app]# echo "* hard nofile 131072" >> /etc/security/limits.conf
# 配置 elk 用户支持的最大进程数
[root@localhost app]# echo "elk soft nproc 4096" >> /etc/security/limits.conf
[root@localhost app]# echo "elk hard nproc 4096" >> /etc/security/limits.conf
# 配置最大内存，使用 sysctl -p 使之永久生效
[root@localhost app]# echo "vm.max_map_count=262144" >> /etc/sysctl.conf
[root@localhost app]# sysctl -p
vm.max_map_count = 262144

完成上述配置后查看 elk 用户的配置信息，此时配置并未生效，配置详情如下：

-bash-4.2$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 3818
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 3818
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

reboot重启设备后，再看elk用户信息，配置已生效：

-bash-4.2$ ulimit -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
scheduling priority             (-e) 0
file size               (blocks, -f) unlimited
pending signals                 (-i) 3818
max locked memory       (kbytes, -l) 64
max memory size         (kbytes, -m) unlimited
open files                      (-n) 65536
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) 819200
real-time priority              (-r) 0
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) 4096
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited

centos 7.x以下版本会报：
[4]：system call filters failed to install；check the logs and fix your configuration or disable system call filters at your own risk
解决方法是修改elasticsearch.yml配置文件，找到Memory模块，打开bootstrap.memory_lock配置，设置 false，另添加bootstrap.system_call_filter: false配置项

再次启动 es，./elasticsearch，启动成功！
输入如下命令进行验证：

[root@localhost ~]# curl -XGET '192.168.18.170:9200/?pretty'
{
  "name" : "node-192.168.18.170",
  "cluster_name" : "galaxy_cluster",
  "cluster_uuid" : "65N6jLD7RVOM-ZDznPmM8A",
  "version" : {
    "number" : "6.5.0",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "816e6f6",
    "build_date" : "2018-11-09T18:58:36.352602Z",
    "build_snapshot" : false,
    "lucene_version" : "7.5.0",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  },
  "tagline" : "You Know, for Search"
}
[root@localhost ~]#