版本选择
elasticsearch-5.6.15.tar.gz
Elasticsearch三机集群搭建
ELK1机(ip:10.10.61.205)
Elasticsearch安装
第1、2、3步类似Logstash安装。
-
配置elasticsearch.yml
elasticsearch.yml详情,如下代码块:
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
# 集群名
cluster.name: elk
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
# 节点名
node.name: elk1
#
# Add custom attributes to the node:
# 指定节点的部落属性,这是一个比集群更大的范围。
node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
# 这一部分是关于数据和日志的存放路径的,这两个设置十分重要,因为比如要进行版本升级,如果程序与数据分离,将非常容易实现。程序的崩溃也不影响数据。
# 如果不配置这两项,这两个目录将在ES的主目录下创建。
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#启动后是否锁定内存,提高ES的性能。
bootstrap.memory_lock: false
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
# 本机地址
network.host: 10.10.61.205
#
# Set a custom port for HTTP:
# http端口
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.zen.ping.unicast.hosts: ["10.10.61.205", "10.10.61.158","10.10.61.238"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
# 为防止"脑裂",此处数值填(集群主机数量/2+1)
discovery.zen.minimum_master_nodes: 2
#
# For more information, consult the zen discovery module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
ELK2机(ip:10.10.61.158)
在ELK1机配置基础上修改node.name、network.host两处即可。
ELK3机(ip:10.10.61.238)
在ELK1机配置基础上修改node.name、network.host两处即可。
- Elasticsearch集群运行
- ELK1机Elasticsearch前台启动
./elasticsearch
异常1现象:
[WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [elk1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
异常1原因:
Elasticsearch只能使用非root用户启动。
异常1解决:
创建用户
adduser elk1
passwd elk1
系统会判断密码强度,不过可以强行忽略。
异常2现象:
main ERROR Could not register mbeans java.security.AccessControlException: access denied ("javax.management.MBeanTrustPermission" "register")
异常2原因:
当前用户不是Elasticsearch文件夹的拥有者。
异常2解决:
将Elasticsearch文件夹的拥有者改为当前用户。
chown -R elk1 /usr/elasticsearch-5.6.15/
异常3现象
ERROR: [2] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]。
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]。
异常3原因
[1]:对于elasticsearch进程,max文件描述符[4096]过低,至少增加到[65536]。
[2]:最大虚拟内存区域vm.max_map_count[65530]太低,至少增加到[262144]。
异常3解决
[1]
vim /etc/security/limits.conf
limits.conf末尾添加下面代码块中内容:
- ELK1机Elasticsearch前台启动
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096
[2]
当前环境设置
sysctl -w vm.max_map_count=262144
设置查询
sysctl -a|grep vm.max_map_count
写入配置
vim /etc/sysctl.conf
sysctl.conf文末添加如下代码块:
vm.max_map_count=262144
ELK1机Elasticsearch前台启动成功
- ELK1机Elasticsearch前台停止
按组合键ctrl+c即可停止Elasticsearch运行。 - ELK1机Elasticsearch后台启动
./elasticsearch -d
- ELK1机Elasticsearch进程查询
ps -ef|grep elasticsearch
- ELK1机Elasticsearch后台停止
kill -9 14377
14377为上步查询出的pid。 - ELK2机、ELK3机同ELK1机方式运行
- 获取集群中节点列表
10.10.61.205:9200/_cat/nodes?v
- 集群健康检查
curl '10.10.61.205:9200/_cat/health?v'
- 获取ElasticSearch索引
curl '10.10.61.205:9200/_cat/indices?v'
- 查看ELK集群中cluster的状态
10.10.61.205.9200/_cluster/stats
