ELK集群搭建简略记录 _ELK集群

一身转战三千里，一剑曾百万师。这篇文章主要讲述ELK集群搭建简略记录相关的知识，希望能为你提供帮助。
ELK集群搭建简略记录
1.规划三台主机搭建集群，对应关系如下

10.0.0.4 node1

10.0.0.8 node2

10.0.0.9 node3

2.添加host（各节点）

cat > > /etc/hosts < < EOF

10.0.0.4 node1

10.0.0.8 node2

10.0.0.9 node3

EOF

3.下载安装elk（各节点）

mkdir /elastic

mkdir -p /data/elasticsearch/{data,logs}

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.15.2-linux-x86_64.tar.gz

tar -xzf elasticsearch-7.15.2-linux-x86_64.tar.gz -C /elastic

mv /elastic/elasticsearch-7.15.2 /elastic/elasticsearch

cd /elastic/elasticsearch

useradd elastic

chown -R elastic:elastic /elastic

chown -R elastic:elastic /data/elasticsearch

3.修改jvm.options（各节点）#参考(java最大只能分配32G内存，建议分配为内存的一半)

-Xms4g

-Xmx4g

4.修改使用elk自带的jdk（各节点）#修改使用自带的java虚拟机,修改/elastic/elasticsearch/bin/elasticsearch-env配置#在if [ ! -z "$ES_JAVA_HOME" ]; then前添加配置

sed -i/ "$ES_JAVA_HOME/iES_JAVA_HOME=/elastic/elasticsearch/jdk//elastic/elasticsearch/bin/elasticsearch-env

5.生成集群间通信的SSL证书（各节点）#只有配置这个才能使用用户认证#生成证书,记得拷贝到其他节点,如果要拷贝其他节点，记得添加ipsan; 如果不添加，把证书拷贝到其他节点，单独生成证书 #先通过elasticsearch-certutil ca先生成公钥 #再通过elasticsearch-certutil cert 生成证书

cd /elastic/elasticsearch/

/elastic/elasticsearch/bin/elasticsearch-certutil ca

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12 --ip "10.0.0.4","10.0.0.8","10.0.0.9"

cd /elastic/elasticsearch/

mkdir /elastic/elasticsearch/config/certs

mv elastic-certificates.p12 /elastic/elasticsearch/config/certs

chown -R elastic:elastic /elastic/elasticsearch/config/certs

scp xxx nodex:xxx

6.生成用于客户端访问的SSL证书（各节点）【ELK集群搭建简略记录】#当然也可以复用tls生成的#这个命令不仅会生成node节点的证书和配置文件，也会生成kibana所需要的配置 #具体参考? ?https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html??#如果麻烦可以不启用

cd /elastic/elasticsearch/

/elastic/elasticsearch/bin/elasticsearch-certutil http

scp xxx node1:xxxx

7.集群配置文件参考

#集群名称

cluster.name: bl-els

# 节点名称，3个节点对应名称["node-1","node-2","node-3"]

node.name: node-1

# ES数据存储路径

path.data: /data/elasticsearch/data

# ES日志存储路径

path.logs: /data/elasticsearch/logs

# 锁定内存

bootstrap.memory_lock: true

# HTTP访问IP，内网IP、外网IP都可以访问

network.host: 0.0.0.0

# HTTP访问端口

http.port: 9200

# 集群访问端口

transport.tcp.port: 9300

# 种子节点的地址列表

discovery.seed_hosts: ["node1", "node2", "node3"]

# 可以成为主节点的名称列表

cluster.initial_master_nodes: ["node1", "node2", "node3"]

#设置elk 账号和密码登录

#节点间安全通信，只有配置这个才能配置用户认证

#elasticsearch-certutil ca cert 之类的命令生成

#参考 https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#generate-certificates

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.keystore.path: /elastic/elasticsearch/config/certs/elastic-certificates.p12

xpack.security.transport.ssl.truststore.path: /elastic/elasticsearch/config/certs/elastic-certificates.p12

#接口使用https通信(视情况使用)面向客户端，面向浏览器可以使用 elasticsearch-certutil http生成；配置完成后需要在kinaba启用https

#参考https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html

xpack.security.http.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

xpack.security.http.ssl.keystore.path: /elastic/elasticsearch/config/certs/elastic-certificates.p12

xpack.security.http.ssl.truststore.path: /elastic/elasticsearch/config/certs/elastic-certificates.p12

8.调整系统参数配置

echo "vm.max_map_count = 655300" > > /etc/sysctl.conf

echo "* - memlock unlimited" > > /etc/security/limits.conf

echo "* - nofile 655360" > > /etc/security/limits.conf

echo "* - as unlimited" > > /etc/security/limits.conf

echo "* - nproc 2056474" > > /etc/security/limits.conf

echo "* - fsize unlimited" > > /etc/security/limits.conf

echo "net.ipv4.tcp_abort_on_overflow = 1" > > /etc/sysctl.conf

echo "net.core.somaxconn = 2048" > > /etc/sysctl.conf

sysctl -p

9.调整systemd相关参数

cat > > /etc/systemd/system.conf < < EOF

DefaultLimitNOFILE=65536

DefaultLimitNPROC=32000

DefaultLimitMEMLOCK=infinity

EOF

10.设置开机启动-initd方式

cat > /etc/init.d/elasticsearch < < EOF

#!/bin/sh

#chkconfig: 2345 80 05

#description: elasticsearch

els_user=elastic

els_menu=/elastic/elasticsearch

case "$1" in

start)

su $els_user< < !

cd $els_menu

./bin/elasticsearch -d

exit

!

echo "elasticsearch startup"

; ;

stop)

els_pid=`ps aux | grep org.elasticsearch.bootstrap.Elasticsearch | grep -v grep | awk {print $2}`

kill $els_pid

echo "elasticsearch stopped"

; ;

restart)

els_pid=`ps aux | grep org.elasticsearch.bootstrap.Elasticsearch | grep -v grep | awk {print $2}`

kill $els_pid

echo "elasticsearch stopped"

su $els_user< < !

cd $els_menu

./bin/elasticsearch -d

exit

!

echo "elasticsearch startup"

; ;

*)

echo "start|stop|restart"

; ;

esac

exit $?

EOF

chmod +x /etc/init.d/elasticsearch

chkconfig --add elasticsearch

11.设置开机启动-systemd方式

cat > /lib/systemd/system/elasticsearch.service< < EOF

[Unit]

Description=elasticsearch

After=network.target

[Service]

Type=simple

LimitMEMLOCK=infinity

WorkingDirectory=/elastic/elasticsearch/

ExecStart=/elastic/elasticsearch/bin/elasticsearch

ExecReload=/bin/kill -HUP $MAINPID #重载时执行的命令

LimitNOFILE=65536

User=elastic

PrivateTmp=true

[Install]

WantedBy=multi-user.target

EOF

systemctl enable elasticsearch

systemctl restart elasticsearch

systemctl status elasticsearch

12.生成用户和密码//自动随机生成密码，并输出到控制台

/elastic/elasticsearch/bin/elasticsearch-setup-passwords auto

//生成的密码如下：

Changed password for user apm_system

PASSWORD apm_system = gmxadlfgV2KLdgW2uCmi

Changed password for user kibana_system

PASSWORD kibana_system = 0FmCua51aWuiuuS30Pbw

Changed password for user kibana

PASSWORD kibana = 0FmCua51aWuiuuS30Pbw

Changed password for user logstash_system

PASSWORD logstash_system = UaMTgwThhCkpwA9piaf5

Changed password for user beats_system

PASSWORD beats_system = 7SxJtzLeCfE53n8It3Qk

Changed password for user remote_monitoring_user

PASSWORD remote_monitoring_user = dgkVtG5SYSmj8AN7y8PQ

Changed password for user elastic

PASSWORD elastic = Jmrb6idz2EPOlajZpIvD

13.安装kibana

mkdir /elastic/kibana

curl -O https://artifacts.elastic.co/downloads/kibana/kibana-7.15.1-linux-x86_64.tar.gz

tar -xzf kibana-7.15.1-linux-x86_64.tar.gz-C /elastic/

mv/elastic/kibana-7.15.1-linux-x86_64//elastic/kibana

cd /elastic/kibana/

chown -R elastic:elastic /elastic/kibana

14.修改配置文件

修改kinaba 配置文件

/elastic/kibana/config/kibana.yml

server.port: 5601

server.host: "0.0.0.0"

server.name: "es-node1"

elasticsearch.hosts: ["http://10.0.0.4:9200"]

kibana.index: ".kibana"

i18n.locale: "zh-CN"

elasticsearch.username: "elastic"

elasticsearch.password: "kibana_passwd"

#如果启动用https访问

#这个是访问elk需要的，不是指kibana开启ssl

elasticsearch.ssl.certificateAuthorities: $KBN_PATH_CONF/elasticsearch-ca.pem

#如果kibana开启ssl,需要另外设置

15.设置开机启动

cat > /lib/systemd/system/kibana.service< < EOF

[Unit]

Description=kibana

After=network.target

[Service]

Type=simple

WorkingDirectory=/elastic/kibana/

ExecStart=/elastic/kibana/bin/kibana

ExecReload=/bin/kill -HUP $MAINPID #重载时执行的命令

LimitNOFILE=65536

User=elastic

PrivateTmp=true

[Install]

WantedBy=multi-user.target

EOF

systemctl daemon-reload

systemctl startkibana

systemctl statuskibana

systemctl enable kibana

ELK集群搭建简略记录

推荐阅读

都市快节奏白领如何过慢生活，快节奏都市生活状态

家里防蛇的最好办法家蛇

怎么杀老鼠

房屋拆迁是否有强制性强制拆迁的性质

王者荣耀瑶攻略原来是这样玩的

ios 谷歌分析集成

8种养在花盆里可以多年生长的草本蔬菜, 不养几盆就,常见多年生蔬菜有哪些

手机|华为nova9系列再次破局，让我们重拾了我们对于华为的信心

车厘子可以每天吃吗

澄清石灰水怎么做

芋头蒸不软是怎么回事

2015年我国网民数量和上网时间统计数据分析

信用卡变成呆账了怎么办信用卡变成呆账了怎么办多还了怎么办

mongodb怎么连接服务器 mongodb的当前连接

双系统安装步骤及遇到问题的解决方式

wil源代码分析,gcc源代码分析

2023年长沙城区普通高中特长招生项目一览

佳能单反最好的相机佳能相机单反哪款轻便

千锋培训机构靠谱吗，请问要选择UI培训班的话千锋靠谱吗谢谢

面包机第一次使用要怎样清洗，烤面包机第一次使用怎么清洗