Centos7.4安装elasticsearch+kibana集群
主机环境
配置:
| 节点数 | 4 |
|---|---|
| 操作系统 | CentOS Linux release 7.4.1708 (Core) |
| 内存 | 16GB |
软件环境
| 软件 | 版本 | 下载地址 |
|---|---|---|
| jdk | jdk-8u172-linux-x64 | 点击下载 |
| elasticsearch | elasticsearch-6.3.1 | 点击下载 |
| kibana | kibana-6.3.1-linux-x86_64 | 点击下载 |
主机规划
4个节点角色规划如下:
| 主机名 | pycdhnode1 | pycdhnode2 | pycdhnode3 | pycdhnode4 |
|---|---|---|---|---|
| IP | 192.168.0.158 | 192.168.0.159 | 192.168.0.160 | 192.168.0.161 |
| master节点 | yes | yes | yes | yes |
| data节点 | yes | yes | yes | yes |
| kibana | yes | no | no | no |
注: 在实际生产中,还是建议master节点和data节点分离
主机安装前准备
- 关闭所有节点的
SELinux
sed -i 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config setenforce 0 - 关闭所有节点防火墙
firewalldoriptables
systemctl disable firewalld; systemctl stop firewalld; systemctl disable iptables; systemctl stop iptables; - 开启所有节点时间同步
ntpdate
echo "*/5 * * * * /usr/sbin/ntpdate asia.pool.ntp.org | logger -t NTP" >> /var/spool/cron/root - 设置所有节点语言编码以及时区
echo 'export TZ=Asia/Shanghai' >> /etc/profile echo 'export LANG=en_US.UTF-8' >> /etc/profile . /etc/profile - 所有节点添加elasticsearch用户
useradd -m elasticsearch
echo 'elasticsearch' | passwd --stdin elasticsearch 修改家目录
mv /home/elasticsearch /application chown -R elasticsearch. /application/elasticsearch vi /etc/passwd,修改elasticsearch用户家目录:
elasticsearch:x:1001:1001::/application/elasticsearch:/bin/bash 设置PS1
su - elasticsearch
echo 'export PS1="\u@\h:\$PWD>"' >> ~/.bash_profile echo "alias mv='mv -i' alias rm='rm -i'" >> ~/.bash_profile . ~/.bash_profile - 设置elasticsearch用户之间免密登录 首先在pycdhnode1主机生成秘钥
su - elasticsearch ssh-keygen -t rsa # 一直回车即可生成elasticsearch用户的公钥和私钥 cd .ssh vi id_rsa.pub # 去掉私钥末尾的主机名 elasticsearch@pycdhnode1 cat id_rsa.pub > authorized_keys chmod 600 authorized_keys 压缩.ssh文件夹
su - elasticsearch
zip -r ssh.zip .ssh 随后分发ssh.zip到pycdhnode2-4主机elasticsearch用户家目录解压即完成免密登录
- 主机内核参数优化以及最大文件打开数、最大进程数等参数优化 不同主机优化参数有可能不一样,故这里不作出具体优化方法,但如果elasticsearch环境用于正式生产,必须优化,linux默认参数可能会导致elasticsearch无法启动或者集群性能低下。
注: 以上操作需要使用 root 用户,到目前为止操作系统环境已经准备完成,以下开始正式安装,后面的操作如果不做特殊说明均使用 elasticsearch 用户
安装jdk1.8
所有节点都需要安装,安装方式都一样 解压 jdk-8u172-linux-x64.tar.gz
tar zxvf jdk-8u172-linux-x64.tar.gz mkdir -p /application/elasticsearch/app mv jdk-8u172-linux-x64 /application/elasticsearch/app/jdk rm -f jdk-8u172-linux-x64.tar.gz 配置环境变量 vi ~/.bash_profile 添加以下内容:
#java export JAVA_HOME=/application/elasticsearch/app/jdk export CLASSPATH=.:$JAVA_HOME/lib:$CLASSPATH export PATH=$PATH:$JAVA_HOME/bin:$JAVA_HOME/jre/bin 加载环境变量
. ~/.bash_profile 查看是否安装成功 java -version
java version "1.8.0_172" Java(TM) SE Runtime Environment (build 1.8.0_172-b11) Java HotSpot(TM) 64-Bit Server VM (build 25.172-b11, mixed mode) 如果出现以上结果证明安装成功。
安装elasticsearch
首先在pycdhnode1上安装 解压 elasticsearch-6.3.1.tar.gz
tar zxvf elasticsearch-6.3.1.tar.gz mv elasticsearch-6.3.1 /application/elasticsearch/app/elasticsearch rm -f elasticsearch-6.3.1.tar.gz 设置环境变量 vi ~/.bash_profile 添加以下内容:
#elasticsearch export ELASTICSEARCH_HOME=/application/elasticsearch/app/elasticsearch export PATH=$PATH:$ELASTICSEARCH_HOME/bin 加载环境变量
. ~/.bash_profile 添加配置文件 vi /application/elasticsearch/app/elasticsearch/config/elasticsearch.yml :
# ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. # Before you set out to tweak and tune the configuration, make sure you # understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # #cluster.name: py_es_6.3 # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # #node.name: pyesnode-1 # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # #path.data: /path/to/data # # Path to log files: # #path.logs: /path/to/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # #bootstrap.memory_lock: true # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # #network.host: 192.168.0.1 # # Set a custom port for HTTP: # #http.port: 9200 # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # #discovery.zen.ping.unicast.hosts: ["host1", "host2"] # # Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): # #discovery.zen.minimum_master_nodes: # # For more information, consult the zen discovery module documentation. # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # #gateway.recover_after_nodes: 3 # # For more information, consult the gateway module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true #集群的名称 cluster.name: pyes6.3 #节点名称,其余3个节点分别为pyesnode-2,pyesnode-3,pyesnode-4 node.name: pyesnode-1 #指定该节点是否有资格被选举成为master节点,默认是true,es是默认集群中的第一台机器为master,如果这台机挂了就会重新选举master node.master: true #允许该节点存储数据(默认开启) node.data: true #实际生产可以master节点和data数据分离 #索引数据的存储路径,多个目录使用 , 分割 path.data: /application/elasticsearch/data/esdata #日志文件的存储路径 path.logs: /application/elasticsearch/app/elasticsearch/logs #设置为true来锁住内存。因为内存交换到磁盘对服务器性能来说是致命的,当jvm开始swapping时es的效率会降低,所以要保证它不swap #bootstrap.memory_lock: true bootstrap.memory_lock: false #服务器内存小,设置允许使用swap #绑定的ip地址 network.host: 0.0.0.0 #设置对外服务的http端口,默认为9200 http.port: 9200 # 设置节点间交互的tcp端口,默认是9300 transport.tcp.port: 9300 #Elasticsearch将绑定到可用的环回地址,并将扫描端口9300到9305以尝试连接到运行在同一台服务器上的其他节点。 #这提供了自动集群体验,而无需进行任何配置。数组设置或逗号分隔的设置。每个值的形式应该是host:port或host #(如果没有设置,port默认设置会transport.profiles.default.port 回落到transport.tcp.port)。 #请注意,IPv6主机必须放在括号内。默认为127.0.0.1, [::1] discovery.zen.ping.unicast.hosts: ["pycdhnode1:9300", "pycdhnode2:9300", "pycdhnode3:9300", "pycdhnode4:9300"] #如果没有这种设置,遭受网络故障的集群就有可能将集群分成两个独立的集群 - 分裂的大脑 - 这将导致数据丢失,一般设置(N/2)+1 discovery.zen.minimum_master_nodes: 3 #为了使新加入的节点快速确定master位置,可以将data节点的默认的master发现方式有multicast修改为unicast:选择性配置 #discovery.zen.ping.multicast.enabled: false #discovery.zen.ping.unicast.hosts: ["pycdhnode1", "pycdhnode2", "pycdhnode3", "pycdhnode4"] - 其中的
node.name配置每个节点必须不一样
设置节点内存使用量 vi /application/elasticsearch/app/elasticsearch/config/jvm.options
-Xms3g -Xmx3g - 最小与最大必须设置一样
- 由于jvm内存回收的原因,当内存使用超过32G时,性能会降低,故每个节点推荐最高设置31G
- elasticsearch 2.x 版本设置内存使用在 $ELASTICSEARCH_HOME/bin/elasticsearch.in.sh中
ES_MIN_MEM=3g与ES_MAX_MEM=3g
创建所需目录
mkdir -p /application/elasticsearch/data/esdata 复制elasticsearch到pycdhnode2-4
scp ~/.bash_profile pycdhnode2:/application/elasticsearch scp ~/.bash_profile pycdhnode3:/application/elasticsearch scp ~/.bash_profile pycdhnode4:/application/elasticsearch scp -pr /application/elasticsearch/app/elasticsearch pycdhnode2:/application/elasticsearch/app scp -pr /application/elasticsearch/app/elasticsearch pycdhnode3:/application/elasticsearch/app scp -pr /application/elasticsearch/app/elasticsearch pycdhnode4:/application/elasticsearch/app ssh pycdhnode2 "mkdir -p /application/elasticsearch/data/esdata" ssh pycdhnode3 "mkdir -p /application/elasticsearch/data/esdata" ssh pycdhnode4 "mkdir -p /application/elasticsearch/data/esdata" - 修改pycdhnode1-4
/application/elasticsearch/app/elasticsearch/config/elasticsearch.yml中的node.namepycdhnode1为:pyesnode-1 ;pycdhnode2为:pyesnode-2 ;pycdhnode3为:pyesnode-3 ;pycdhnode4为:pyesnode-4
优化所有主机参数,否则无法启动 vi /etc/sysctl.conf
vm.max_map_count=655360 生效
sysctl -p vi /etc/security/limits.conf 添加以下内容:
* soft nofile 65536 * hard nofile 65536 * soft nproc 65536 * hard nproc 65536 vi /etc/security/limits.d/20-nproc.conf 添加以下内容:
* soft nproc 65536 root soft nproc unlimited 重启登录 ulimit -a 查看是否生效
$ ulimit -a
core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 63488 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 65536 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 65536 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited 启动elasticsearch 4个节点均启动
/application/elasticsearch/app/elasticsearch/bin/elasticsearch -d - -d 后台服务的方式启动
- 如果启动异常,查看日志
/application/elasticsearch/app/elasticsearch/logs/pyes6.3.log
查看进程
jps 其中 Elasticsearch 进程即为 elasticsearch
停止elasticsearch
kill pid 查看集群状态
$ curl pycdhnode1:9200/_cat/health?v epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent 1531123674 16:07:54 pyes6.3 green 4 4 0 0 0 0 0 0 - 100.0% - es 集群一共3种状态:
green,yellow,red - 可以看到集群节点有4个,集群状态为
green,正常
head插件安装
ElasticSearch-head是一个H5编写的ElasticSearch集群操作和管理工具,可以对集群进行傻瓜式操作。
- 显示集群的拓扑,并且能够执行索引和节点级别操作
- 搜索接口能够查询集群中原始json或表格格式的检索数据
- 能够快速访问并显示集群的状态
- 有一个输入窗口,允许任意调用RESTful API。这个接口包含几个选项,可以组合在一起以产生有趣的结果;
- 5.0版本之前可以通过plugin安装,直接解压便可运行,很绿色,5.0之后安装就需要使用nodejs,然后以独立服务的方式启动,不太方便,可以直接通过安装谷歌浏览器插件 elasticsearch-head-chrome。
首先在es集群所有节点添加配置文件 vi /application/elasticsearch/app/elasticsearch/config/elasticsearch.yml
http.cors.enabled: true http.cors.allow-origin: "*" 在pycdhnode1上面安装,然后其他主机可以选装,安装方法一样。
安装NodeJS
wget https://npm.taobao.org/mirrors/node/latest-v4.x/node-v4.5.0-linux-x64.tar.gz tar zxvf node-v4.5.0-linux-x64.tar.gz mv node-v4.5.0-linux-x64 app/node rm -f node-v4.5.0-linux-x64.tar.gz 添加环境变量 vi ~/.bash_profile
#node export NODE_HOME=/application/elasticsearch/app/node export PATH=$PATH:$NODE_HOME/bin export NODE_PATH=$NODE_HOME/lib/node_modules 加载环境变量
. ~/.bash_profile 安装npm与grunt
npm install -g cnpm --registry=https://registry.npm.taobao.org npm install -g grunt npm install -g grunt-cli --registry=https://registry.npm.taobao.org --no-proxy 下载head插件并安装
wget https://github.com/mobz/elasticsearch-head/archive/master.zip unzip master.zip mv elasticsearch-head-master app 修改配置文件 vi /application/elasticsearch/app/elasticsearch-head-master/Gruntfile.js, 修改以下内容
connect: { server: { options: { hostname: '0.0.0.0', port: 9100, base: '.', keepalive: true } } } - 可以不修改,默认监听9100
继续编辑 vi /application/elasticsearch/app/elasticsearch-head-master/_site/app.js, 修改以下内容
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://pycdhnode1:9200"; - 如不修改,默认连接
http://pycdhnode1:9200,这里可以修改为集群任一主机
下载依赖安装
cd /application/elasticsearch/app/elasticsearch-head-master npm install - 必须在head插件目录中操作
启动 head 插件 方法1:使用npm
cd /application/elasticsearch/app/elasticsearch-head-master npm run start 方法2:直接使用grunt
cd /application/elasticsearch/app/elasticsearch-head-master
grunt server - 必须在head插件目录中操作
- npm 启动方式本质上都是调用grunt启动
- 两种启动方式都不是后台启动,如需后台运行,请使用nohup
访问 head:
停止 head: 首先通过 ps aux|grep grunt 查找到进程 pid ,然后 kill pid
ElasticHQ管理工具安装
ElasticHQ 是一款开源的具有良好体验、直观和功能强大的 ElasticSearch 的管理和监控工具。提供实时监控、全集群管理、搜索和查询,无需额外软件安装。最新版本支持ElasticSearch 2.x, 5.x, 6.x。 特点: 1、激活ES集群和节点实时监控; 2、管理索引、分片、映射、别名、节点; 3、为多个索引查询提供查询UI; 4、REST UI,不需要cURL和繁琐的JSON格式; 5、100%基于浏览器,不需下载软件; 6、免费;
ElasticHQ 是基于python的Django开发的,最新版本的安装需要python3.4以上,安装与启动程序比较简单,但要安装python3.4以上环境比较麻烦,故我们直接采用官方提供的docker容器安装,简单方便
首先在pull最新官方镜像
docker pull elastichq/elasticsearch-hq 启动容器
docker run -d -p 9999:5000 --name es elastichq/elasticsearch-hq 访问
- 打开首页后在输入框输入es集群随意一台节点地址确认即可
更多详情参见:https://github.com/ElasticHQ/elasticsearch-HQ
kibana安装
Kibana 是一个开源的分析和可视化平台,旨在与 Elasticsearch 合作。Kibana 提供搜索、查看和与存储在 Elasticsearch 索引中的数据进行交互的功能。开发者或运维人员可以轻松地执行高级数据分析,并在各种图表、表格和地图中可视化数据。
kibana本身只提供单点安装,如果想避免单点故障,需要结合lvs,haproxy,nginx等负载均衡软件实现高可用,在这里我们 只在pycdhnode1上面安装,然后其他主机可以选装,安装方法一样。
安装kibana
tar -zxvf kibana-6.3.1-linux-x86_64.tar.gz mv kibana-6.3.1-linux-x86_64 app/kibana rm -f kibana-6.3.1-linux-x86_64.tar.gz 添加环境变量 vi ~/.bash_profile
#kibana export KIBANA_HOME=/application/elasticsearch/app/kibana export PATH=$PATH:$KIBANA_HOME/bin 加载环境变量
. ~/.bash_profile 配置文件 vi /application/elasticsearch/app/kibana/config/kibana.yml
# Kibana is served by a back end server. This setting specifies the port to use. server.port: 5601 # 监听端口 # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. # The default is 'localhost', which usually means remote machines will not be able to connect. # To allow connections from remote users, set this parameter to a non-loopback address. server.host: "0.0.0.0" # 监听地址 # Enables you to specify a path to mount Kibana at if you are running behind a proxy. # Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath # from requests it receives, and to prevent a deprecation warning at startup. # This setting cannot end in a slash. #server.basePath: "" # Specifies whether Kibana should rewrite requests that are prefixed with # `server.basePath` or require that they are rewritten by your reverse proxy. # This setting was effectively always `false` before Kibana 6.3 and will # default to `true` starting in Kibana 7.0. #server.rewriteBasePath: false # The maximum payload size in bytes for incoming server requests. #server.maxPayloadBytes: 1048576 # The Kibana server's name. This is used for display purposes. server.name: "pycdhnode1" # The URL of the Elasticsearch instance to use for all your queries. elasticsearch.url: "http://pycdhnode1:9200" # es连接地址,只能配置一个节点地址,如果需要高可用,需要es集群配合lvs,haproxy负载均衡提供 # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host # that connects to this Kibana instance. #elasticsearch.preserveHost: true # Kibana uses an index in Elasticsearch to store saved searches, visualizations and # dashboards. Kibana creates a new index if the index doesn't already exist. #kibana.index: ".kibana" # The default application to load. #kibana.defaultAppId: "home" # If your Elasticsearch is protected with basic authentication, these settings provide # the username and password that the Kibana server uses to perform maintenance on the Kibana # index at startup. Your Kibana users still need to authenticate with Elasticsearch, which # is proxied through the Kibana server. #elasticsearch.username: "user" #elasticsearch.password: "pass" # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively. # These settings enable SSL for outgoing requests from the Kibana server to the browser. #server.ssl.enabled: false #server.ssl.certificate: /path/to/your/server.crt #server.ssl.key: /path/to/your/server.key # Optional settings that provide the paths to the PEM-format SSL certificate and key files. # These files validate that your Elasticsearch backend uses the same key files. #elasticsearch.ssl.certificate: /path/to/your/client.crt #elasticsearch.ssl.key: /path/to/your/client.key # Optional setting that enables you to specify a path to the PEM file for the certificate # authority for your Elasticsearch instance. #elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ] # To disregard the validity of SSL certificates, change this setting's value to 'none'. #elasticsearch.ssl.verificationMode: full # Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of # the elasticsearch.requestTimeout setting. #elasticsearch.pingTimeout: 1500 # Time in milliseconds to wait for responses from the back end or Elasticsearch. This value # must be a positive integer. #elasticsearch.requestTimeout: 30000 # List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side # headers, set this value to [] (an empty list). #elasticsearch.requestHeadersWhitelist: [ authorization ] # Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten # by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration. #elasticsearch.customHeaders: {} # Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable. #elasticsearch.shardTimeout: 30000 # Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying. #elasticsearch.startupTimeout: 5000 # Logs queries sent to Elasticsearch. Requires logging.verbose set to true. #elasticsearch.logQueries: false # Specifies the path where Kibana creates the process ID file. #pid.file: /var/run/kibana.pid # Enables you specify a file where Kibana stores log output. #logging.dest: stdout # Set the value of this setting to true to suppress all logging output. #logging.silent: false # Set the value of this setting to true to suppress all logging output other than error messages. #logging.quiet: false # Set the value of this setting to true to log all events, including system usage information # and all requests. #logging.verbose: false # Set the interval in milliseconds to sample system and process performance # metrics. Minimum is 100ms. Defaults to 5000. #ops.interval: 5000 # The default locale. This locale can be used in certain circumstances to substitute any missing # translations. #i18n.defaultLocale: "en" xpack.security.enabled: false # 关闭xpack验证;由于集群为配置xpack,故必须关闭,否则无法正常连接es集群 启动 kibana 方法1:控制台启动
kibana - 退出回话或者
ctrl + c会退出
方法2:使用nohup后台启动
cd /application/elasticsearch/app/kibana mkdir logs nohup kibana > logs/server.log 2>&1 & 访问 kibana:
停止 kibana: 首先通过 ps aux|grep kibana 查找到进程 pid ,然后 kill pid
更多kibana使用方法参考官网:https://www.elastic.co/guide/en/kibana/6.3/index.html