Centos7中ELK集群安装流程
说明:三个版本必须相同,这里安装5.1版。
一、安装Elasticsearch5.1
- hostnamectl set-hostname elk
- vim /etc/sysconfig/network修改HOSTNAME=elk
- 安装Java环境:yum install java-1.8.0-openjdk.x86_64
- 添加JAVA环境:vim /etc/profile,添加下列行,保存后执行source /etc/profile
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.151-1.b12.el7_4.x86_64
export CLASSPATH=.:$JAVA_HOME/jre/lib/rt.jar:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
export PATH=$PATH:$JAVA_HOME/bin - 配置网络:/etc/hosts中添加10.1.3.4 elk
- wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.1.1.rpm
- rpm -ivh elasticsearch-5.1.1.rpm
- chkconfig --add elasticsearch
- 安装目录:/usr/share/elasticsearch
配置文件:/etc/elasticsearch/elasticsearch.yml
日志路径:/var/log/elasticsearch/ - 使用vim命令修改配置文件/etc/elasticsearch/elasticsearch.yml,按:set number,显示行号,并修改如下行内容:
17:cluster.name: my-application #判别节点是否是统一集群,多台统一集群的名称要一致
23:node.name: elk #节点的hostname
54:network.host: 0.0.0.0 允许访问的ip
58:http.port: 9200 端口
69:discovery.zen.ping.unicast.hosts: [elk]# 手动发现节点 - 配置文件中添加下面两行,允许跨域,主要是5.1版的head插件和老版本不同:
http.cors.enabled: true
http.cors.allow-origin: "*" - 修改权限:执行 chmod 555 /tmp/elasticsearch 和 chmod 555 /tmp/elasticsearch/*
- 启动服务:systemctl start elasticsearch 并查看服务状态。服务启动后,可以访问网址:http://IP:9200来访问。
- 如果启动失败,查看/var/log/elasticsearch下的日志,有如下错误:max file descriptors [4096] for elasticsearch process likely too low, increase to at least [65536],则可如下解决:
编辑/etc/security/limits.conf,末尾添加:
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096 - 如果启动失败,找不到任何日志,请检查/etc/elasticsearch/elasticsearch.yml中配置的日志目录和数据目录的访问权限,或者注释掉目录的配置。
- 如果启动失败,日志中有如下错误:max number of threads [1024] for user [lishang] likely too low, increase to at least [2048],则可以如下 解决:
vi /etc/security/limits.d/90-nproc.conf修改如下内容:
* soft nproc 1024
#修改为
* soft nproc 2048
二、安装Elasticsearch-Head
- 安装Nodejs,cd /usr/local/
- wget https://nodejs.org/dist/v4.6.0/node-v4.6.0-linux-x64.tar.gz
- tar xf node-v4.6.0-linux-x64.tar.gz
- ln -s /usr/local/node-v4.6.0-linux-x64/bin/node /usr/sbin/node
- ln -s /usr/local/node-v4.6.0-linux-x64/bin/npm /usr/sbin/npm
- 更换安装源:npm config set registry https://registry.npm.taobao.org
- 安装grunt:npm install -g grunt
- ln -s /usr/local/node-v4.6.0-linux-x64/lib/node_modules/grunt/bin/grunt /usr/sbin/grunt
- cd /usr/local/
- yum install git.x86_64
- git clone git://github.com/mobz/elasticsearch-head.git
- cd elasticsearch-head-master
- vim ./_site/app.js的第4354行,中把locahost换成ip地址:
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://localhost:9200";
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://elk51.chinanorth.cloudapp.chinacloudapi.cn:9200"; - vim ./Gruntfile.js,在约93行处的port:9100前面添加hostname:'0.0.0.0', 保存并退出。
connect: {
server: {
options: {
hostname: '0.0.0.0',
port: 9100,
base: '.',
keepalive: true
}
}
} - 运行 npm install ./ 进行安装。
- 修改/etc/elasticsearch/elasticsearch.yml在末尾添加下面两行(如果有就不用不加了):
http.cors.enabled: true
http.cors.allow-origin: "*" - 重启elasticsearch:systemctl restart elasticsearch
- 启动elasticsearch-head:在head插件目录中执行 grunt server ,也可以后台启动:nohup grunt server &
- 因为grunt server命令必须在head插件目录下执行,因此可以新建一个sh角本/usr/local/elasticsearch-head/autostart.sh,角本内空是:
#!/bin/bash
cd /usr/local/elasticsearch-head/
nohup grunt server & - 设置开机自动运行:编缉/etc/rc.d/rc.local文件,并添加刚刚的角本全路径到末尾,然后执行chmod +x /etc/rc.d/rc.local
- 访问head:http://ip:9100。
三、安装Logstash5.1
- cd /usr/local
- wget https://artifacts.elastic.co/downloads/logstash/logstash-5.1.1.tar.gz
- tar xf logstash-5.1.1.tar.gz
- cd logstash-5.1.1
- vim conf/elastic.conf
- input {
file {
path => "var/log/nginx/access.log"
}
}
output {
elasticsearch {
hosts => "elk51.chinanorth.cloudapp.chinacloudapi.cn"
index => "logstash-nginx-access"
}
stdout {
codec => rubydebug
}
} - 启动:/usr/local/logstash-5.1.1/bin/logstash -f /usr/local/logstash-5.1.1/config/elastic.conf
- 设置开机自动运行:编缉/etc/rc.d/rc.local文件,并添加启动命令到末尾,然后执行chmod +x /etc/rc.d/rc.local
四、安装Kibana5.1
- wget https://artifacts.elastic.co/downloads/kibana/kibana-5.1.1-x86_64.rpm
- rpm -ivh kibana-5.1.1-x86_64.rpm
- 编辑/etc/kibana/kibana.yml修改如下信息:
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://elk:9200"; - 执行:nohup /usr/share/kibana/bin/kibana &后台启动。
- 设置开机自动运行:编缉/etc/rc.d/rc.local文件,并添加刚刚的角本全路径到末尾,然后执行chmod +x /etc/rc.d/rc.local