- Docker安装
- ElasticSearch部署
- 集群名称cluster.name: es-cluster#当前该节点的名称node.name: es-1.0.0.1#是不是有资格竞选主节点node.master: true#是否存储数据node.data: true#最大集群节点数node.max_local_storage_nodes: 3#数据存档位置path.data: /usr/share/elasticsearch/data#日志存放位置path.logs: /usr/share/elasticsearch/log#设置绑定的ip地址,可以是ipv4或ipv6的,默认为0.0.0.0network.host: 0.0.0.0#设置其它结点和该结点交互的ip地址,如果不设置它会自动判断,值必须是个真实的ip地址,设置当前物理机地址,#如果是docker安装节点的IP将会是配置的IP而不是docker网管ipnetwork.publish_host: 1.0.0.1#设置映射端口http.port: 9200#内部节点之间沟通端口transport.tcp.port: 9300#是否支持跨域,默认为falsehttp.cors.enabled: true#当设置允许跨域,默认为,表示支持所有域名,如果我们只是允许某些网站能访问,那么可以使用正则表达式。比如只允许本地地址。/https?:\ /\ /localhost(:[0-9]+)?/http.cors.allow-origin: ““#设置集群中master节点的初始列表,可以通过这些节点来自动发现新加入集群的节点discovery.zen.ping.unicast.hosts: [“es-1.0.0.1:9300”, “es-1.0.0.2:9300”, “es-1.0.0.3:9300”]#设置这个参数来保证集群中的节点可以知道其它N个有master资格的节点。默认为1,对于大的集群来说,可以设置大一点的值(2-4)discovery.zen.minimum_master_nodes: 1#设置集群中自动发现其它节点时ping连接超时时间,默认为3秒,对于比较差的网络环境可以高点的值来防止自动发现时出错discovery.zen.ping_timeout: 5sbootstrap.memory_lock: true#删除索引是是否需要显示其名称,默认为显示action.destructive_requires_name: truecluster.initial_master_nodes: [“es-1.0.0.1”, “es-1.0.0.2”, “es-1.0.0.3”]
- xpack认证
- 新增配置xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
- Kibana部署
- http://1.0.0.1:9200","http://1.0.0.2:9200","http://1.0.0.3:9200"]#设置页面语言,中文使用zh-CN,英文使用eni18n.locale: “zh-CN”elasticsearch.username: “username”elasticsearch.password: “password”
xpack.monitoring.ui.container.elasticsearch.enabled: true">Kibana的映射端口server.port: 5601#网关地址server.host: “0.0.0.0”#Kibana实例对外展示的名称server.name: “kibana-1.0.0.1”#Elasticsearch的集群地址,也就是说所有的集群IPelasticsearch.hosts: [“http://1.0.0.1:9200","http://1.0.0.2:9200","http://1.0.0.3:9200"]#设置页面语言,中文使用zh-CN,英文使用eni18n.locale: “zh-CN”elasticsearch.username: “username”elasticsearch.password: “password”
xpack.monitoring.ui.container.elasticsearch.enabled: true - Logstash部署
- IK插件安装
目标:3台服务器搭建一个ELK集群,安装 ElasticSearch、Logstash、Kibana 软件和 IK 中文分词插件。
服务器IP:1.0.0.1 & 1.0.0.2 & 1.0.0.3
Docker安装
必要的工具包
yum install -y yum-utils device-mapper-persistent-data lvm2
软件源信息
yum-config-manager —add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
查看可安装版本
yum list docker-ce.x86_64 —showduplicates | sort -r
安装指定版本的docker服务
yum -y install docker-ce-20.10.16-3.el8
设置 USTC 镜像站
mkdir -p /etc/docker
vim /etc/docker/daemon.json
写入数据{ “registry-mirrors”: [“https://docker.mirrors.ustc.edu.cn“] }
启动docker
systemctl start docke
其他指令
停止docker systemctl stop docker重启docker systemctl restart docker状态查看docker systemctl status docker
设置开机启动
systemctl enable docker
docker-compose
curl -L “https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)” -o /usr/local/bin/docker-compose
curl -k “https://dl.cactifans.com/zabbix_docker/docker-compose“ -o /usr/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ElasticSearch部署
节点配置
docker镜像拉取
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.9.3
创建映射目录
注意磁盘空间大小,创建在合理目录下
mkdir -p /mnt/es/{config,data,log,plugins}
权限设置
chmod 777 -R /mnt/es
编写 elasticsearch.yml
集群名称cluster.name: es-cluster#当前该节点的名称node.name: es-1.0.0.1#是不是有资格竞选主节点node.master: true#是否存储数据node.data: true#最大集群节点数node.max_local_storage_nodes: 3#数据存档位置path.data: /usr/share/elasticsearch/data#日志存放位置path.logs: /usr/share/elasticsearch/log#设置绑定的ip地址,可以是ipv4或ipv6的,默认为0.0.0.0network.host: 0.0.0.0#设置其它结点和该结点交互的ip地址,如果不设置它会自动判断,值必须是个真实的ip地址,设置当前物理机地址,#如果是docker安装节点的IP将会是配置的IP而不是docker网管ipnetwork.publish_host: 1.0.0.1#设置映射端口http.port: 9200#内部节点之间沟通端口transport.tcp.port: 9300#是否支持跨域,默认为falsehttp.cors.enabled: true#当设置允许跨域,默认为,表示支持所有域名,如果我们只是允许某些网站能访问,那么可以使用正则表达式。比如只允许本地地址。/https?:\ /\ /localhost(:[0-9]+)?/http.cors.allow-origin: ““#设置集群中master节点的初始列表,可以通过这些节点来自动发现新加入集群的节点discovery.zen.ping.unicast.hosts: [“es-1.0.0.1:9300”, “es-1.0.0.2:9300”, “es-1.0.0.3:9300”]#设置这个参数来保证集群中的节点可以知道其它N个有master资格的节点。默认为1,对于大的集群来说,可以设置大一点的值(2-4)discovery.zen.minimum_master_nodes: 1#设置集群中自动发现其它节点时ping连接超时时间,默认为3秒,对于比较差的网络环境可以高点的值来防止自动发现时出错discovery.zen.ping_timeout: 5sbootstrap.memory_lock: true#删除索引是是否需要显示其名称,默认为显示action.destructive_requires_name: truecluster.initial_master_nodes: [“es-1.0.0.1”, “es-1.0.0.2”, “es-1.0.0.3”]
编写 docker-compose.yml
version: ‘3’services: es: image: elasticsearch:7.9.3 container_name: es-1.0.0.1 environment: - “ES_JAVA_OPTS=-Xms8g -Xmx8g” ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - /mnt/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro - /mnt/es/data:/usr/share/elasticsearch/data:rw - /mnt/es/log:/usr/share/elasticsearch/log:rw - /mnt/es/plugins:/usr/share/elasticsearch/plugins:rw ports: - 9200:9200 - 9300:9300 extra_hosts: - “es-1.0.0.1:1.0.0.1” - “es-1.0.0.2:1.0.0.2” - “es-1.0.0.3:1.0.0.3”
启动容器
进入docker-compose.yml 文件目录,执行下面 ↓
docker-compose stopdocker-compose rmdocker-compose up -d
相关错误解决
- max file descriptors [4096] for elasticsearch process is too low, increase to at least [65536]
编辑 /etc/security/limits.conf,追加以下内容
soft nofile 65536 hard nofile 65536
- max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
编辑 /etc/sysctl.conf,追加以下内容
vm.max_map_count=655360
保存后,执行
sysctl -p
重新启动容器
上述步骤 * 3
三个节点重复执行上述指令(宝,记得更改节点 ip地址 和 节点名称)
检测是否成功
浏览器输入地址 ↓
http://1.0.0.1:9200/_cat/nodes?pretty
如下展示则表示成功
xpack认证
生成证书
docker exec -ti es-1.0.0.1 bash
执行命令,一路回车
/usr/share/elasticsearch/bin/elasticsearch-certutil ca/usr/share/elasticsearch/bin/elasticsearch-certutil cert —ca elastic-stack-ca.p12
复制证书
#退出容器_exit
#在宿主机中复制_docker cp es-1.0.0.1:/usr/share/elasticsearch/elastic-certificates.p12 ./datadocker cp es-1.0.0.1:/usr/share/elasticsearch/elastic-stack-ca.p12 ./data
证书转移授权
#复制证书到config目录cp /mnt/es/data/elastic- /mnt/es/config/
#授权chmod 644 elastic-chown 1000:10000 elastic*
复制证书到其他节点
复制证书到其他节点
scp /mnt/es/config/elastic- 1.0.0.2:/mnt/es/configscp /mnt/es/config/elastic- 1.0.0.3:/mnt/es/config
修改 elasticsearch.yml
新增配置xpack.security.enabled: truexpack.security.transport.ssl.enabled: truexpack.security.transport.ssl.verification_mode: certificatexpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
修改 docker-compose.yml
version: ‘3’services: es: image: elasticsearch:7.9.3 container_name: es-1.0.0.1 environment: - “ES_JAVA_OPTS=-Xms8g -Xmx8g” ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - /mnt/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro - /mnt/es/data:/usr/share/elasticsearch/data:rw - /mnt/es/log:/usr/share/elasticsearch/log:rw - /mnt/es/plugins:/usr/share/elasticsearch/plugins:rw - /mnt/es/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12:ro - /mnt/es/config/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12:ro ports: - 9200:9200 - 9300:9300 extra_hosts: - “es-1.0.0.1:1.0.0.1” - “es-1.0.0.2:1.0.0.2” - “es-1.0.0.3:1.0.0.3”
Kibana部署
kibana服务只需在集群中一台节点部署即可
docker镜像拉取
docker pull kibana:7.9.3
创建映射目录
mkdir -p /mnt/kibana/config
编写kibana.yml
Kibana的映射端口server.port: 5601#网关地址server.host: “0.0.0.0”#Kibana实例对外展示的名称server.name: “kibana-1.0.0.1”#Elasticsearch的集群地址,也就是说所有的集群IPelasticsearch.hosts: [“http://1.0.0.1:9200","http://1.0.0.2:9200","http://1.0.0.3:9200"]#设置页面语言,中文使用zh-CN,英文使用eni18n.locale: “zh-CN”elasticsearch.username: “username”elasticsearch.password: “password”
xpack.monitoring.ui.container.elasticsearch.enabled: true
编写 docker-compose.yml
version: ‘3’services: es: image: elasticsearch:7.9.3 container_name: es-1.0.0.1 environment: - “ES_JAVA_OPTS=-Xms8g -Xmx8g” ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - /mnt/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro - /mnt/es/data:/usr/share/elasticsearch/data:rw - /mnt/es/log:/usr/share/elasticsearch/log:rw - /mnt/es/plugins:/usr/share/elasticsearch/plugins:rw - /mnt/es/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12:ro - /mnt/es/config/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12:ro ports: - 9200:9200 - 9300:9300 extra_hosts: - “es-1.0.0.1:1.0.0.1” - “es-1.0.0.2:1.0.0.2” - “es-1.0.0.3:1.0.0.3” kibana: image: kibana:7.9.3 container_name: kibana-1.0.0.1 restart: always environment: - TZ=”Asia/Shanghai” ports: - 5601:5601 volumes: - /mnt/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro depends_on: - es
或者通过如下构建kibana容器
docker run -di -p 5601:5601 -v /mnt/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml —network es-net —name kibana kibana:7.9.3
启动容器
进入docker-compose.yml 文件目录,执行下面 ↓
docker-compose stopdocker-compose rmdocker-compose up -d
检测是否成功
登录网址:http://1.0.0.1:5601/app/home#/
Logstash部署
docker镜像拉取
docker pull logstash:7.9.3
创建映射目录
mkdir -p /mnt/logstash/{config,logs,pipeline}
编写 logstash.yml
进入config目录,编写文件
http.host: “0.0.0.0”xpack.monitoring.enabled: truexpack.monitoring.elasticsearch.hosts: “http://1.0.0.1:9200“ #es地址xpack.monitoring.elasticsearch.username: “username” #es xpack账号密码xpack.monitoring.elasticsearch.password: “password” #es xpack账号密码path.config: /usr/share/logstash/pipelinepath.logs: /usr/share/logstash/logs
编写 logstash.conf
进入pipeline目录,编写文件
input { tcp { port => 5044 codec => “json” }}output { elasticsearch { hosts => [“1.0.0.1:9200”,”1.0.0.2:9200”,”1.0.0.3:9200”] index => “%{[index]}-%{+YYYY-MM}” user => “username” password => “password” }}
编写 docker-compose.yml
version: ‘3’services: es: image: elasticsearch:7.9.3 container_name: es-1.0.0.1 environment: - “ES_JAVA_OPTS=-Xms8g -Xmx8g” ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 volumes: - /mnt/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro - /mnt/es/data:/usr/share/elasticsearch/data:rw - /mnt/es/log:/usr/share/elasticsearch/log:rw - /mnt/es/plugins:/usr/share/elasticsearch/plugins:rw - /mnt/es/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12:ro - /mnt/es/config/elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12:ro ports: - 9200:9200 - 9300:9300 extra_hosts: - “es-1.0.0.1:1.0.0.1” - “es-1.0.0.2:1.0.0.2” - “es-1.0.0.3:1.0.0.3” kibana: image: kibana:7.9.3 container_name: kibana-1.0.0.1 restart: always environment: - TZ=”Asia/Shanghai” ports: - 5601:5601 volumes: - /mnt/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro depends_on: - es logstash: restart: always image: logstash:7.9.3 deploy: replicas: 1 restart_policy: condition: on-failure max_attempts: 3 volumes: - /mnt/logstash/config:/usr/share/logstash/config:rw - /mnt/logstash/pipeline:/usr/share/logstash/pipeline:rw ports: - “9600:9600” - “5044:5044” depends_on:
启动容器
通过docker-compose重启容器,或者执行以下命令
docker run —rm -it -v /mnt/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml -v /mnt/logstash/pipeline/:/usr/share/logstash/pipeline/ logstash:7.9.3
注:记得开通服务器端口号
上述步骤 * 3
三个节点重复执行上述指令
IK插件安装
下载安装包
创建目录
mkdir -p /mnt/es/plugins/elasticsearch-analysis-ik-7.9.3
解压到对应 plugins 文件夹
unzip elasticsearch-analysis-ik-7.9.3.zip -d /mnt/es/plugins/elasticsearch-analysis-ik-7.9.3
重启容器
进入 docker-compose.yml 执行
docker-compose up -d
搭建完成后凭着记忆整理的文档,如有错误还望指正,其他问题可以添加小编微信随时交流~
若有收获,就点个赞吧
0 人点赞
