ELK集群搭建简略记录 _ELK集群

一身转战三千里，一剑曾百万师。这篇文章主要讲述ELK集群搭建简略记录相关的知识，希望能为你提供帮助。
ELK集群搭建简略记录
1.规划三台主机搭建集群，对应关系如下

10.0.0.4 node1

10.0.0.8 node2

10.0.0.9 node3

2.添加host（各节点）

cat > > /etc/hosts < < EOF

10.0.0.4 node1

10.0.0.8 node2

10.0.0.9 node3

EOF

3.下载安装elk（各节点）

mkdir /elastic

mkdir -p /data/elasticsearch/{data,logs}

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.15.2-linux-x86_64.tar.gz

tar -xzf elasticsearch-7.15.2-linux-x86_64.tar.gz -C /elastic

mv /elastic/elasticsearch-7.15.2 /elastic/elasticsearch

cd /elastic/elasticsearch

useradd elastic

chown -R elastic:elastic /elastic

chown -R elastic:elastic /data/elasticsearch

3.修改jvm.options（各节点）#参考(java最大只能分配32G内存，建议分配为内存的一半)

-Xms4g

-Xmx4g

4.修改使用elk自带的jdk（各节点）#修改使用自带的java虚拟机,修改/elastic/elasticsearch/bin/elasticsearch-env配置#在if [ ! -z "$ES_JAVA_HOME" ]; then前添加配置

sed -i/ "$ES_JAVA_HOME/iES_JAVA_HOME=/elastic/elasticsearch/jdk//elastic/elasticsearch/bin/elasticsearch-env

5.生成集群间通信的SSL证书（各节点）#只有配置这个才能使用用户认证#生成证书,记得拷贝到其他节点,如果要拷贝其他节点，记得添加ipsan; 如果不添加，把证书拷贝到其他节点，单独生成证书 #先通过elasticsearch-certutil ca先生成公钥 #再通过elasticsearch-certutil cert 生成证书

cd /elastic/elasticsearch/

/elastic/elasticsearch/bin/elasticsearch-certutil ca

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --ip "10.0.0.4","10.0.0.8","10.0.0.9"

cd /elastic/elasticsearch/

mkdir /elastic/elasticsearch/config/certs

mv elastic-certificates.p12 /elastic/elasticsearch/config/certs

chown -R elastic:elastic /elastic/elasticsearch/config/certs

scp xxx nodex:xxx

6.生成用于客户端访问的SSL证书（各节点）【ELK集群搭建简略记录】#当然也可以复用tls生成的#这个命令不仅会生成node节点的证书和配置文件，也会生成kibana所需要的配置 #具体参考? ?https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html??#如果麻烦可以不启用

cd /elastic/elasticsearch/

/elastic/elasticsearch/bin/elasticsearch-certutil http

scp xxx node1:xxxx

7.集群配置文件参考

#集群名称

cluster.name: bl-els

# 节点名称，3个节点对应名称["node-1","node-2","node-3"]

node.name: node-1

# ES数据存储路径

path.data: /data/elasticsearch/data

# ES日志存储路径

path.logs: /data/elasticsearch/logs

# 锁定内存

bootstrap.memory_lock: true

# HTTP访问IP，内网IP、外网IP都可以访问

network.host: 0.0.0.0

# HTTP访问端口

http.port: 9200

# 集群访问端口

transport.tcp.port: 9300

# 种子节点的地址列表

discovery.seed_hosts: ["node1", "node2", "node3"]

# 可以成为主节点的名称列表

cluster.initial_master_nodes: ["node1", "node2", "node3"]

#设置elk 账号和密码登录

#节点间安全通信，只有配置这个才能配置用户认证

#elasticsearch-certutil ca cert 之类的命令生成

#参考 https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#generate-certificates

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.keystore.path: /elastic/elasticsearch/config/certs/elastic-certificates.p12

xpack.security.transport.ssl.truststore.path: /elastic/elasticsearch/config/certs/elastic-certificates.p12

#接口使用https通信(视情况使用)面向客户端，面向浏览器可以使用 elasticsearch-certutil http生成；配置完成后需要在kinaba启用https

#参考https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html

xpack.security.http.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

xpack.security.http.ssl.keystore.path: /elastic/elasticsearch/config/certs/elastic-certificates.p12

xpack.security.http.ssl.truststore.path: /elastic/elasticsearch/config/certs/elastic-certificates.p12

8.调整系统参数配置

echo "vm.max_map_count = 655300" > > /etc/sysctl.conf

echo "* - memlock unlimited" > > /etc/security/limits.conf

echo "* - nofile 655360" > > /etc/security/limits.conf

echo "* - as unlimited" > > /etc/security/limits.conf

echo "* - nproc 2056474" > > /etc/security/limits.conf

echo "* - fsize unlimited" > > /etc/security/limits.conf

echo "net.ipv4.tcp_abort_on_overflow = 1" > > /etc/sysctl.conf

echo "net.core.somaxconn = 2048" > > /etc/sysctl.conf

sysctl -p

9.调整systemd相关参数

cat > > /etc/systemd/system.conf < < EOF

DefaultLimitNOFILE=65536

DefaultLimitNPROC=32000

DefaultLimitMEMLOCK=infinity

EOF

10.设置开机启动-initd方式

cat > /etc/init.d/elasticsearch < < EOF

#!/bin/sh

#chkconfig: 2345 80 05

#description: elasticsearch

els_user=elastic

els_menu=/elastic/elasticsearch

case "$1" in

start)

su $els_user< < !

cd $els_menu

./bin/elasticsearch -d

exit

!

echo "elasticsearch startup"

; ;

stop)

els_pid=`ps aux | grep org.elasticsearch.bootstrap.Elasticsearch | grep -v grep | awk {print $2}`

kill $els_pid

echo "elasticsearch stopped"

; ;

restart)

els_pid=`ps aux | grep org.elasticsearch.bootstrap.Elasticsearch | grep -v grep | awk {print $2}`

kill $els_pid

echo "elasticsearch stopped"

su $els_user< < !

cd $els_menu

./bin/elasticsearch -d

exit

!

echo "elasticsearch startup"

; ;

*)

echo "start|stop|restart"

; ;

esac

exit $?

EOF

chmod +x /etc/init.d/elasticsearch

chkconfig --add elasticsearch

11.设置开机启动-systemd方式

cat > /lib/systemd/system/elasticsearch.service< < EOF

[Unit]

Description=elasticsearch

After=network.target

[Service]

Type=simple

LimitMEMLOCK=infinity

WorkingDirectory=/elastic/elasticsearch/

ExecStart=/elastic/elasticsearch/bin/elasticsearch

ExecReload=/bin/kill -HUP $MAINPID #重载时执行的命令

LimitNOFILE=65536

User=elastic

PrivateTmp=true

[Install]

WantedBy=multi-user.target

EOF

systemctl enable elasticsearch

systemctl restart elasticsearch

systemctl status elasticsearch

12.生成用户和密码//自动随机生成密码，并输出到控制台

/elastic/elasticsearch/bin/elasticsearch-setup-passwords auto

//生成的密码如下：

Changed password for user apm_system

PASSWORD apm_system = gmxadlfgV2KLdgW2uCmi

Changed password for user kibana_system

PASSWORD kibana_system = 0FmCua51aWuiuuS30Pbw

Changed password for user kibana

PASSWORD kibana = 0FmCua51aWuiuuS30Pbw

Changed password for user logstash_system

PASSWORD logstash_system = UaMTgwThhCkpwA9piaf5

Changed password for user beats_system

PASSWORD beats_system = 7SxJtzLeCfE53n8It3Qk

Changed password for user remote_monitoring_user

PASSWORD remote_monitoring_user = dgkVtG5SYSmj8AN7y8PQ

Changed password for user elastic

PASSWORD elastic = Jmrb6idz2EPOlajZpIvD

13.安装kibana

mkdir /elastic/kibana

curl -O https://artifacts.elastic.co/downloads/kibana/kibana-7.15.1-linux-x86_64.tar.gz

tar -xzf kibana-7.15.1-linux-x86_64.tar.gz-C /elastic/

mv/elastic/kibana-7.15.1-linux-x86_64//elastic/kibana

cd /elastic/kibana/

chown -R elastic:elastic /elastic/kibana

14.修改配置文件

修改kinaba 配置文件

/elastic/kibana/config/kibana.yml

server.port: 5601

server.host: "0.0.0.0"

server.name: "es-node1"

elasticsearch.hosts: ["http://10.0.0.4:9200"]

kibana.index: ".kibana"

i18n.locale: "zh-CN"

elasticsearch.username: "elastic"

elasticsearch.password: "kibana_passwd"

#如果启动用https访问

#这个是访问elk需要的，不是指kibana开启ssl

elasticsearch.ssl.certificateAuthorities: $KBN_PATH_CONF/elasticsearch-ca.pem

#如果kibana开启ssl,需要另外设置

15.设置开机启动

cat > /lib/systemd/system/kibana.service< < EOF

[Unit]

Description=kibana

After=network.target

[Service]

Type=simple

WorkingDirectory=/elastic/kibana/

ExecStart=/elastic/kibana/bin/kibana

ExecReload=/bin/kill -HUP $MAINPID #重载时执行的命令

LimitNOFILE=65536

User=elastic

PrivateTmp=true

[Install]

WantedBy=multi-user.target

EOF

systemctl daemon-reload

systemctl startkibana

systemctl statuskibana

systemctl enable kibana

ELK集群搭建简略记录

推荐阅读

你们认为诗仙李白最好的一首诗是哪一首？

一天喝多少牛奶合适？

青芒的热量高吗

花胶有什么营养价值

土大黄的功效与作用土大黄的副作用

美国冲突升级!武装民兵冲进议会大厦,议员吓的穿防弹衣上班,州长命令被废,大乱了吗？

最新热门的12个最佳博客平台合集（以及如何选择一个）

买笔记本电脑,处理器是选择i5还是i7？

妒组词语妒有哪些组词呢

熊童子简笔画

Photoshop制作沧桑颓废的城市海报

手机停机怎么连接网络，手机停机怎么连接网络电视

176升冰箱购买指南及故障维修解决方案

早晨八点半

升级换代，让您的打印更高效 epsonL3153变成2710

海带有味道了还能吃吗

照门是什么意思照门的含义

获嘉天气30天获嘉天气预报

核酸检测假阳性怎么处理

分享一首小诗（相信）