【Elasticsearch01】企业级日志分析系统ELK之Elasticsearch单机部署

Elasticsearch 单机部署

Elasticsearch 安装说明

官方文档

https://www.elastic.co/guide/en/elastic-stack/index.html
https://www.elastic.co/guide/en/elasticsearch/reference/master/install-elasticsearch.html

部署方式

包安装
二进制安装
Docker 部署
Ansible 批量部署

ES支持操作系统版本和 Java 版本官方说明

https://www.elastic.co/cn/support/matrix

Elasticsearch 安装前准备

安装前环境初始化

CPU 2C 
内存4G或更多
操作系统: Ubuntu22.04,Ubuntu20.04,Ubuntu18.04,Rocky8.X,Centos 7.X
操作系统盘50G
主机名设置规则为nodeX
生产环境建议准备单独的数据磁盘

主机名

#各服务器配置自己的主机名
[root@ubuntu1804 ~]# hostnamectl set-hostname es-node1

关闭防火墙和SELinux

关闭防所有服务器的防火墙和 SELinux

 #RHEL系列的系统执行下以下配置
[root@es-node1 ~]# systemctl disable firewalld[root@es-node1 ~]# systemctl  disable NetworkManager[root@es-node1 ~]# sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config[root@es-node1 ~]# reboot

各服务器配置本地域名解析

[root@es-node1 ~]# vim /etc/hosts
10.0.0.101 es-node1
10.0.0.102 es-node2
10.0.0.103 es-node3

优化资源限制配置

修改内核参数

内核参数 vm.max_map_count 用于限制一个进程可以拥有的VMA(虚拟内存区域)的数量
使用默认系统配置，二进制安装时会提示下面错误，包安装会自动修改此配置

#查看默认值
[root@es-node1 ~]#sysctl  -a |grep vm.max_map_count 
vm.max_map_count = 65530#修改配置
[root@es-node1 ~]#echo "vm.max_map_count = 262144" >> /etc/sysctl.conf#设置系统最大打开的文件描述符数
[root@es-node1 ~]#echo "fs.file-max = 1000000" >> /etc/sysctl.conf
[root@es-node1 ~]#sysctl  -p 
vm.max_map_count = 262144#Ubuntu22.04默认值已经满足要求
[root@ubuntu2204 ~]#sysctl fs.file-max
fs.file-max = 9223372036854775807

范例: Ubuntu 基于包安装后会自动修改文件

[root@node1 ~]#cat /usr/lib/sysctl.d/elasticsearch.confvm.max_map_count=262144

修改资源限制配置(可选)

[root@es-node1 ~]#vi /etc/security/limits.conf*                soft    core            unlimited*                hard    core            unlimited*                soft    nproc           1000000*                hard    nproc           1000000*                soft    nofile          1000000*                hard    nofile          1000000*                soft    memlock         32000*                hard    memlock         32000*                soft    msgqueue        8192000*                hard    msgqueue        8192000

安装 Java 环境 (可选)

Elasticsearch 是基于java的应用,所以依赖JDK环境

注意: 安装7.X以后版本官方建议要安装集成JDK的包,所以无需再专门安装 JDK

关于JDK环境说明

1.x 2.x 5.x 6.x都没有集成JDK的安装包，也就是需要自己安装java环境
7.x 版本的安装包分为带JDK和不带JDK两种包，带JDK的包在安装时不需要再安装java，如果不带JDK的包
仍然需要自己去安装java
8.X 版本内置JDK，不再支持自行安装的JDK

如果安装no-jdk的包,才需要安装java环境

官网JAVA版支持说明

https://www.elastic.co/cn/support/matrix#matrix_jvm

因为 Elasticsearch 服务运行需要 Java环境，如果要安装没有JDK的包，需要提前安装JAVA环境，可以使
用以下方式安装
如果没有java 环境,安装elasticsearch时会出下面错误提示

[root@node1 ~]#dpkg -i elasticsearch-7.14.0-no-jdk-amd64.deb

方式一：直接使用包管理器yum/apt安装openjdk

 [root@es-node1 ~]#yum -y install java-1.8.0-openjdk[root@es-node1 ~]#apt update;apt -y install openjdk-8-jdk

方式二：本地安装在oracle官网下载rpm安装包：

[root@es-node1 ~]# yum -y install jdk-8u92-linux-x64.rpm

方式三：安装二进制包并自定义环境变量

下载地址：http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

[root@es-node1 ~]# tar xvf jdk-8u121-linux-x64.tar.gz -C /usr/local/ 
[root@es-node1 ~]# ln -sv /usr/local/jdk1.8.0_121 /usr/local/jdk
[root@es-node1 ~]# ln -sv /usr/local/jdk/bin/java /usr/bin/
[root@es-node1 ~]# vim /etc/profile
export HISTTIMEFORMAT="%F %T `whoami` "
export JAVA_HOME=/usr/local/jdk
export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin
[root@es-node1 ~]# source /etc/profile
[root@es-node1 ~]# java -version
java version "1.8.0_121" #确认可以出现当前的java版本号
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)

Elasticsearch 安装

有两种包: 包含jdk和no-jdk的包

注意: 官方提示no-jdk的包将被淘汰,建议使用包含JDK的包

下载地址：

#包含JDK的版本下载
https://www.elastic.co/downloads/elasticsearch
https://mirrors.tuna.tsinghua.edu.cn/elasticstack/
#不包含JDK的版本下载
https://www.elastic.co/cn/downloads/elasticsearch-no-jdk

范例: 查看两种包

[root@node1 ~]#ll -h elasticsearch-7.14.0-*
-rw-r--r-- 1 root root 329M Aug 15 19:39 elasticsearch-7.14.0-amd64.deb
-rw-r--r-- 1 root root 183M Aug 15 19:38 elasticsearch-7.14.0-no-jdk-amd64.deb

包安装 Elasticsearch

安装 Elasticsearch 包

下载链接

https://www.elastic.co/cn/downloads/elasticsearch
https://mirrors.tuna.tsinghua.edu.cn/elasticstack/

elasticsearch8_216">范例：安装 elasticsearch-8

[root@es-node1 ~]#wget https://mirrors.tuna.tsinghua.edu.cn/elasticstack/8.x/apt/pool/main/e/elasticsearch/elasticsearch-8.8.2-amd64.deb
[root@es-node1 ~]#dpkg -i elasticsearch-8.8.2-amd64.deb #内置JAVA
[root@es-node1 ~]#/usr/share/elasticsearch/jdk/bin/java -version
openjdk version "20.0.1" 2023-04-18
OpenJDK Runtime Environment (build 20.0.1+9-29)
OpenJDK 64-Bit Server VM (build 20.0.1+9-29, mixed mode, sharing)#JVM优化
[root@es-node1 ~]#vim /etc/elasticsearch/jvm.options
## -Xms4g
-Xms128m
## -Xmx4g
-Xmx128m[root@es-node1 ~]#systemctl enable --now elasticsearch.service#默认8.X开启xpack安全，导致无法直接访问
[root@es-node1 ~]#curl http://127.0.0.1:9200/
curl: (52) Empty reply from server#关闭xpack安全功能
[root@es-node1 ~]#vim /etc/elasticsearch/elasticsearch.yml
xpack.security.enabled: false  #默认值为true[root@es-node1 ~]#systemctl restart elasticsearch.service
[root@es-node1 ~]#curl http://127.0.0.1:9200/
{"name" : "es-node1","cluster_name" : "elasticsearch","cluster_uuid" : "FfKWUsCiSrG4irk119yiCQ","version" : {"number" : "8.8.2","build_flavor" : "default","build_type" : "deb","build_hash" : "98e1271edf932a480e4262a471281f1ee295ce6b","build_date" : "2023-06-26T05:16:16.196344851Z","build_snapshot" : false,"lucene_version" : "9.6.0","minimum_wire_compatibility_version" : "7.17.0","minimum_index_compatibility_version" : "7.0.0"},"tagline" : "You Know, for Search"
}

elasticsearch7__268">范例: Ubuntu 安装包含JDK的elasticsearch-7 包

[root@node1 ~]#dpkg -i elasticsearch-7.14.0-amd64.deb
[root@node1 ~]#systemctl daemon-reload
[root@node1 ~]#systemctl enable --now elasticsearch.service
[root@node1 ~]#pstree -p |grep java|-java(1341)-+-controller(1538)-+-{controller}(1540)|            |-{java}(1519)|            |-{java}(1520)|            |-{java}(1521)|            |-{java}(1522)[root@node1 ~]#ss -ntl
[root@node1 ~]#curl 127.0.0.1:9200{"name" : "node1","cluster_name" : "elasticsearch","cluster_uuid" : "vvp4iBkkTfOJPf_rtcE0Og","version" : {"number" : "7.14.0","build_flavor" : "default","build_type" : "deb",
"build_hash" : "dd5a0a2acaa2045ff9624f3729fc8a6f40835aa1","build_date" : "2021-07-29T20:49:32.864135063Z","build_snapshot" : false,"lucene_version" : "8.9.0","minimum_wire_compatibility_version" : "6.8.0","minimum_index_compatibility_version" : "6.0.0-beta1"},"tagline" : "You Know, for Search"}
[root@node1 ~]#curl 127.0.0.1:9300
this is not an HTTP port

elasticsearch__304">范例: Ubuntu 安装不包含 JDK 的elasticsearch 包

[root@ubuntu1804 ~]#apt update
[root@ubuntu1804 ~]#apt -y install openjdk-8-jdk
#默认无法找到Java,安装失败
[root@ubuntu1804 ~]#dpkg -i elasticsearch-7.14.0-no-jdk-amd64.deb
[root@ubuntu1804 ~]#java -version
openjdk version "1.8.0_292"
OpenJDK Runtime Environment (build 1.8.0_292-8u292-b10-0ubuntu1~18.04-b10)
OpenJDK 64-Bit Server VM (build 25.292-b10, mixed mode)
[root@ubuntu1804 ~]#which java 
/usr/bin/java
#配置JAVA环境
[root@ubuntu1804 ~]#mkdir /usr/share/elasticsearch/jdk/bin/ -p
[root@ubuntu1804 ~]#ln -s /usr/bin/java /usr/share/elasticsearch/jdk/bin/java
#提示非no-jdk的发行版将被淘汰,建议使用包含JDK的包
[root@ubuntu1804 ~]#dpkg -i elasticsearch-7.14.0-no-jdk-amd64.deb 
[root@ubuntu1804 ~]#systemctl daemon-reload 
[root@ubuntu1804 ~]#systemctl enable --now elasticsearch.service
[root@ubuntu1804 ~]#curl 127.0.0.1:9200{"name" : "node2","cluster_name" : "elasticsearch","cluster_uuid" : "hNlDtBjMTyerjIBt2dNjKg","version" : {"number" : "7.14.0","build_flavor" : "default","build_type" : "deb","build_hash" : "dd5a0a2acaa2045ff9624f3729fc8a6f40835aa1","build_date" : "2021-07-29T20:49:32.864135063Z","build_snapshot" : false,"lucene_version" : "8.9.0","minimum_wire_compatibility_version" : "6.8.0","minimum_index_compatibility_version" : "6.0.0-beta1"},"tagline" : "You Know, for Search"}

CentOS 7 安装 Elasticsearch

[root@centos7 ~]#yum -y install elasticsearch-7.6.2-x86_64.rpm

Ubuntu18.04 安装 Elasticsearch

[root@ubuntu1804 ~]#dpkg -i elasticsearch-7.6.2-amd64.deb