【centos】安裝ELK之ElasticSearch

部署環境：

• centos 6.X
• jdk 1.7
• elasticsearch 2.3.1 https://www.elastic.co/downloads/elasticsearch
• logstash 2.3.1 https://www.elastic.co/downloads/logstash
• Kibana 4.5.0 https://www.elastic.co/downloads/kibana

 

下載資源：

　　Elasticsearch：https://www.elastic.co/downloads 比如下載的是tar.gz包；根據自己習慣，可以下載rpm，或者zip 都可以。

需要提前注意的是，對端口的火牆策略；

# vim /etc/sysconfig/iptables  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9200 -j ACCEPT  
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9292 -j ACCEPT  
# service iptables restart  

還就是安裝JDK

　　略

 

將其解壓到/usr/local 下的elasticsearch文件夾下，然后Run bin/elasticsearch on Unix orbin\elasticsearch.bat on Windows

但是，如果是用root權限運行，會提示“java.lang.RuntimeException: don't run elasticsearch as root.” 原因是這是出於系統安全考慮設置的條件。由於ElasticSearch可以接收用戶輸入的腳本並且執行，為了系統安全考慮， 建議創建一個單獨的用戶用來運行ElasticSearch

[root@candaotool bin]# ./elasticsearch
Exception in thread "main" java.lang.RuntimeException: don't run elasticsearch as root.
    at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:93)
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:144)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:270)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
Refer to the log for complete error details.

• 創建elsearch用戶組及elsearch用戶

  groupadd elsearch
  useradd elsearch -g elsearch -p elasticsearch

• 更改elasticsearch文件夾及內部文件的所屬用戶及組為elsearch:elsearch

  cd /opt
  chown -R elsearch:elsearch  elasticsearch

• 切換到elsearch用戶再啟動

• su elsearch cd elasticsearch/bin
  ./elasticsearch

  運行輸出：

• [elasticsearch@candaotool bin]$ ./elasticsearch
  [2016-04-14 16:22:19,887][WARN ][bootstrap                ] unable to install syscall filter: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, 
  CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
  [2016-04-14 16:22:20,200][INFO ][node                     ] [Jack O'Lantern] version[2.3.1], pid[2805], build[bd98092/2016-04-04T12:25:05Z]
  [2016-04-14 16:22:20,201][INFO ][node                     ] [Jack O'Lantern] initializing ...
  [2016-04-14 16:22:20,806][INFO ][plugins                  ] [Jack O'Lantern] modules [lang-groovy, reindex, lang-expression], plugins [], sites []

• ElasticSearch后端啟動命令　　

  ./elasticsearch -d

• 檢驗服務是否正常，如果想通過IP地址訪問，那么需要修改config/elasticsearch.yml文件中的network.host: 192.168.87.8，這樣就可以通過http://192.168.87.8:9200訪問了。后續kibana中也可以順利配置這個IP和端口了。

• curl -X GET http://localhost:9200

  [elasticsearch@candaotool bin]$ curl -X GET http://localhost:9200
  {
    "name" : "Spectral",
    "cluster_name" : "elasticsearch",
    "version" : {
      "number" : "2.3.1",
      "build_hash" : "bd980929010aef404e7cb0843e61d0665269fc39",
      "build_timestamp" : "2016-04-04T12:25:05Z",
      "build_snapshot" : false,
      "lucene_version" : "5.5.0"
    },
    "tagline" : "You Know, for Search"
  }

  到此，表示服務正常運行！

    如果搭建ES（2.X版本以后）集群的話，需要手動修改一下elasticsearch.yml文件：

# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
# discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1):
#
# discovery.zen.minimum_master_nodes: 3
#
# For more information, see the documentation at:
# <http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html>

 

• 資源參考：

  • https://www.elastic.co/download
    https://www.elastic.co/downloads/elasticsearch
    http://my.oschina.net/topeagle/blog/591451
    http://stackoverflow.com/questions/34920801/how-to-run-elasticsearch-2-1-1-as-root-user-in-linux-machine

  • http://kibana.logstash.es/content/kibana/v4/setup.html
  • https://www.elastic.co/guide/en/kibana/current/setup.html 提到了安裝為服務的方法