Elasticsearch集群安装、配置

        ELK实战：https://blog.csdn.net/beyond_qjm/article/details/81943187

一、安装（elasticsearch-6.2.3）

     1. 下载链接

             https://www.elastic.co/downloads/past-releases

             https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.3.tar.gz

      2. 创建新用户（高版本elasticsearch为安装考虑已禁止使用root启动）

             useradd elk

             passwd elk

      3. 解压 安装包

             安装目录 /home/elk

             tar -xvf elasticsearch-6.2.3.tar.gz

      4. 创建数据保存目录

              mkdir /home/elk/data/elasticsearch/data

      5. 创建日志信息保存目录

              mkdir /home/elk/data/elasticsearch/logs

二、配置

      配置文件（/home/elk/elasticsearch-6.2.3/config/elasticsearch.yml）

      1.  配置说明（红色为必配置，绿色建议配置，其他可以为默认）

#集群的名称 cluster.name: elk #节点名称,不能相同 node.name: node-1 #指定该节点是否有资格被选举成为master节点，默认是true，es是默认集群中的第一台机器为master，如果这台机挂了就会重新选举master node.master: true #允许该节点存储数据(默认开启) node.data: true #索引数据的存储路径 path.data: /home/elk/data/elasticsearch/data #日志文件的存储路径 path.logs: /home/elk/data/elasticsearch/logs #设置为true来锁住内存。因为内存交换到磁盘对服务器性能来说是致命的，当jvm开始swapping时es的效率会降低，所以要保证它不swap bootstrap.memory_lock: true #绑定的ip地址，默认为localhost如果在别的PC可能无法通过浏览器访问 network.host: 172.17.0.183 #设置对外服务的http端口，默认为9200 http.port: 9200 # 设置节点间交互的tcp端口,默认是9300 transport.tcp.port: 9300 #Elasticsearch将绑定到可用的环回地址，并将扫描端口9300到9305以尝试连接到运行在同一台服务器上的其他节点。 #这提供了自动集群体验，而无需进行任何配置。数组设置或逗号分隔的设置。每个值的形式应该是host:port或host #（如果没有设置，port默认设置会transport.profiles.default.port 回落到transport.tcp.port）。 #请注意，IPv6主机必须放在括号内。默认为127.0.0.1, [::1] discovery.zen.ping.unicast.hosts: ["172.17.0.181:9300", "172.17.0.182:9300", "172.17.0.183:9300"] #如果没有这种设置,遭受网络故障的集群就有可能将集群分成两个独立的集群 - 分裂的大脑 - 这将导致数据丢失 discovery.zen.minimum_master_nodes: 3 #主节点需要配置否侧 _head 插件无法连接 #开启跨域访问支持，默认为false http.cors.enabled: true #跨域访问允许的域名地址，(允许所有域名)以上使用正则 http.cors.allow-origin: "*"

      2. 配置

# ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. #       Before you set out to tweak and tune the configuration, make sure you #       understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # cluster.name: elk # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # node.name: node-183 # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): # path.data: /home/elk/data/elasticsearch/data # # Path to log files: # path.logs: /home/elk/data/elasticsearch/logs # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # bootstrap.memory_lock: false bootstrap.system_call_filter: false # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): # network.host: 172.17.0.183 # # Set a custom port for HTTP: # http.port: 9200 transport.tcp.port: 9300 #是否作为主机 node.master: true #是否作为数据节点 node.data: false # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when new node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # discovery.zen.ping.unicast.hosts: ["172.17.0.181:9300", "172.17.0.182:9300","172.17.0.183:9300"] # # Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1): # #discovery.zen.minimum_master_nodes: 2 # # For more information, consult the zen discovery module documentation. # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # #gateway.recover_after_nodes: 3 # # For more information, consult the gateway module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true http.cors.enabled: true http.cors.allow-origin: "*"

三、安装可能报错

     错误

         [1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536

        编辑 limits.conf 在第一行加上如下内容

        vi /etc/security/limits.conf

* soft nofile 65536 * hard nofile 131072 * soft nproc 2048 * hard nproc 4096

    错误

        [2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

        编辑 limits.conf 在第一行加上如下内容

        vi /etc/sysctl.conf

vm.max_map_count = 655360

        执行 sysctl -p

        sysctl -p

     错误

        [3]: ERROR: bootstrap checks failed system call filters failed to install; check the logs and fix your configuration or disable system call filters at your own risk

        这是在因为Centos6不支持SecComp，而ES5.2.0默认bootstrap.system_call_filter为true进行检测，所以导致检测失败，失败后直接导致ES不能启动。

        编辑elasticsearch.yml中配置bootstrap.system_call_filter为false，注意要在Memory下面

bootstrap.memory_lock: false bootstrap.system_call_filter: false