- 環境:linux7 elasticsearch7.10.1 kibana 7.10.1
- 下載下傳elk: https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.1-linux-x86_64.tar.gz
- https://artifacts.elastic.co/downloads/kibana/kibana-7.10.1-linux-x86_64.tar.gz
- https://artifacts.elastic.co/downloads/logstash/logstash-7.10.1-linux-x86_64.tar.gz
- 下載下傳完成後将上傳到伺服器上:
- 解壓:elasticsearch-7-master elasticsearch-7-node
- 配置:需要改變一些參數的大小,避免啟動es報錯。
vim /etc/security/limits.conf * soft nofile 65537 * hard nofile 65537 * soft nproc 65537 * hard nproc 65537 vim /etc/sysctl.conf vm.max_map_count = 262144 net.core.somaxconn = 65535 net.ipv4.ip_forward = 1
- 建立使用者及使用者組:由于es不能使用root啟動,故建立elastic 使用者組和使用者elastic。
建立使用者組: groupadd elastic 建立使用者: useradd elastic -g elastic
- 建立data 和logs 目錄,并将權限賦予elastic:
## 建立es目錄 mkdir var/elastic/data mkdir var/elastic/logs mkdir var/elasticX/data mkdir var/elasticX/logs ## 賦予權限: chown -R elastic:elastic /var/elastic chown -R elastic:elastic /var/elasticX chown -R elastic:elastic /usr/local/elasticsearch-7-master chown -R elastic:elastic /usr/local/elasticsearch-7-node
- 修改配置檔案:maste 配置檔案:elasticsearch.yml 配置檔案不要包含中文字元
cluster.name: my-application node.name: node1-serasp node.max_local_storage_nodes: 2 node.attr.rack: r1 path.data: /var/elastic/data path.logs: /var/elastic/logs network.host: 0.0.0.0 network.publish_host: xx.xx.xx.xx http.port: 9200 transport.tcp.port: 9300 discovery.seed_hosts: ["xx.xx.xx.xx:9301"] cluster.initial_master_nodes: ["node1","node2"] xpack.security.enabled: true http.cors.enabled: true http.cors.allow-origin: "*" transport.tcp.compress: true node.master: true ## xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
- node 配置檔案:xx.xx.xx.xx 代表你本機ip.
cluster.name: my-application node.name: node1-serasp node.max_local_storage_nodes: 2 node.attr.rack: r1 path.data: /var/elasticX/data path.logs: /var/elasticX/logs network.host: 0.0.0.0 network.publish_host: xx.xx.xx.xx http.port: 9201 transport.tcp.port: 9301 discovery.seed_hosts: ["xx.xx.xx.xx:9300"] cluster.initial_master_nodes: ["node1","node2"] xpack.security.enabled: true http.cors.enabled: true http.cors.allow-origin: "*" transport.tcp.compress: true node.master: false ## xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
- 生成密鑰p12檔案:
進入es master 主節點目錄/usr/locall/elasticsearch-7-master 按如下補足生成證書檔案: 檔案根目錄下執行 ./bin/elasticsearch-certutil ca 依次輸入回車(檔案使用預設名),密碼: 之後執行bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 依次輸入上一個步驟的密碼。回車(檔案使用預設名),密碼(建議與上一步密碼相同) 執行bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password 并輸入第一步輸入的密碼 執行bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password 并輸入第一步輸入的密碼 将生成的elastic-certificates.p12、elastic-stack-ca.p12檔案mv到config目錄下,并連同elasticsearch.keystore 檔案 複制到其他節點的config目錄中。
- 啟動主節點:切換到elastic使用者去啟動: su elastic
-
背景啟動模式:
./bin/elasticsearch -d -p node.pid
- 啟動後:需要打開防火牆端口:
檢視所有已開的防火牆的端口: firewall-cmd --list-all 新增開放端口: firewall-cmd --add-port=9200/tcp 永久新增開放端口: firewall-cmd --permanent --add-port=9200/tcp
- 啟動成功後:執行如下指令:自動修改密碼, 然後記錄下密碼:
-
bin/elasticsearch-setup-passwords auto
- 通路:http://xxx:9200/_cluster/health?pretty
- 即可檢視叢集資訊:
- 然後再去啟動node節點。
- 再次通路即可。
- kibana 配置:配置之前生成的使用者名密碼,啟動kibana,打開kibana端口,在遠端即可通路。
elasticsearch.username: "kibana" elasticsearch.password: ""
- 通路時:輸入elastic 即密碼,超級使用者登入。