Es的安装
官方地址: https://www.elastic.co/cn/downloads
rpm包安装 (7.15)版本
单点部署
1.安装
rpm -ivh elasticsearch-7.17.5-x86_64.rpm
2.修改配置文件
vim /etc/elasticsearch/elasticsearch.yml
...
# ES服务监听对外暴露服务的地址
network.host: 0.0.0.0
# 指定ES集群的节点IP
discovery.seed_hosts: ["10.0.0.101"]
# 指定参与master选举的节点
cluster.initial_master_nodes: ["10.0.0.101"]
[root@elk101 app]# egrep -v '^#|^$' /etc/elasticsearch/elasticsearch.yml
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.seed_hosts: ["10.0.0.101"]
cluster.initial_master_nodes: ["10.0.0.101"]
3.启动
systemctl daemon-reload
systemctl enable elasticsearch.service --now
4.检测
[root@elk101 app]# netstat -lntup | grep java
tcp6 0 0 :::9200 :::* LISTEN 13469/java
tcp6 0 0 :::9300 :::* LISTEN 13469/java
[root@elk101 app]# curl 10.0.0.101:9200
{
"name" : "elk101",
"cluster_name" : "elasticsearch", ### 集群名称
"cluster_uuid" : "Z7a4DtzqRWCeLhLes65Bkw", ### 集群 id
"version" : {
"number" : "7.17.5",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "8d61b4f7ddf931f219e3745f295ed2bbc50c8e84",
"build_date" : "2022-06-23T21:57:28.736740635Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
如果遇到集群的uuid为"_na_"情况时,可以执行如下操作:
systemctl stop elasticsearch.service
rm -rf /var/lib/elasticsearch/* /var/log/elasticsearch/* /tmp/*
systemctl start elasticsearch.service
curl 10.0.0.101:9200
elk做数据清空
rm -rf /var/lib/elasticsearch/* /var/log/elasticsearch/* /tmp/*
集群部署
1.安装
[root@elk101 ~]# rpm -ivh elasticsearch-7.17.5-x86_64.rpm
[root@elk102 ~]# rpm -ivh elasticsearch-7.17.5-x86_64.rpm
[root@elk103 ~]# rpm -ivh elasticsearch-7.17.5-x86_64.rpm
2.编辑配置文件
vim /etc/elasticsearch/elasticsearch.yml
[root@elk101 app]# egrep -v '^#|^$' /etc/elasticsearch/elasticsearch.yml
cluster.name: elk7
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
discovery.seed_hosts: ["10.0.0.101","10.0.0.101","10.0.0.103"]
cluster.initial_master_nodes: ["10.0.0.101","10.0.0.101","10.0.0.103"]
[root@elk101 app]# scp /etc/elasticsearch/elasticsearch.yml 10.0.0.102:/etc/elasticsearch/
[root@elk101 app]# scp /etc/elasticsearch/elasticsearch.yml 10.0.0.103:/etc/elasticsearch/
3.启动
systemctl daemon-reload
systemctl enable elasticsearch.service --now
4.检测
[root@elk101 app]# curl 10.0.0.101:9200/_cat/nodes
10.0.0.101 6 90 6 0.27 0.29 0.18 cdfhilmrstw - elk101
10.0.0.102 9 89 25 0.90 0.45 0.23 cdfhilmrstw * elk102
10.0.0.103 6 89 20 0.59 0.35 0.18 cdfhilmrstw - elk103
面试题1:
9200端口作用:
对ES集群外部提供http/https服务。可以理解为对客户端提供服务。
9300端口作用:
对ES集群内部进行数据通信传输端口。走的时候tcp协议。
二进制安装
#!/bin/bash
# elk配置集群免密登录及同步脚本
# 修改主机列表
cat >> /etc/hosts <<'EOF'
10.0.0.101 elk101
10.0.0.102 elk102
10.0.0.103 elk103
EOF
# elk101节点上生成密钥对
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa -q
# elk101配置所有集群节点的免密登录
for ((host_id=101;host_id<=103;host_id++));do ssh-copy-id elk${host_id} ;done
# 链接测试
ssh 'elk101'
ssh 'elk102'
ssh 'elk103'
# 所有节点安装rsync数据同步工具 方便后续同步
yum -y install rsync
# 编写同步脚本
cat > /usr/local/sbin/data_rsync.sh <<'EOF'
#!/bin/bash
if [ $# -ne 1 ];then
echo "Usage: $0 /path/to/file(绝对路径)"
exit
fi
# 判断文件是否存在
if [ ! -e $1 ];then
echo "[ $1 ] dir or file not find!"
exit
fi
# 获取父路径
fullpath=`dirname $1`
# 获取子路径
basename=`basename $1`
# 进入到父路径
cd $fullpath
for ((host_id=102;host_id<=103;host_id++))
do
# 使得终端输出变为绿色
tput setaf 2
echo ===== rsyncing elk${host_id}: $basename =====
# 使得终端恢复原来的颜色
tput setaf 7
# 将数据同步到其他两个节点
rsync -apz $basename `whoami`@elk${host_id}:$fullpath
if [ $? -eq 0 ];then
echo "命令执行成功!"
fi
done
EOF
# 给脚本授权
chmod +x /usr/local/sbin/data_rsync.sh
1. 环境准备
useradd elk -M -s /sbin/nologin
mkdir /{app,data}
mkdir /data/es7/{data,logs} -p
chown elk.elk /data/es7 -R
chown -R elk.elk /app/elasticsearch/
install -d /data/es7/{data,logs}/ -o elk
tar xf elasticsearch-7.17.5-linux-x86_64.tar.gz -C /app/
ln -s elasticsearch-7.17.5/ elasticsearch
### 修改文件打开数量上线,修改后需要断开会话
[root@elk101 ~]# cat /etc/security/limits.d/es7.conf
* soft nofile 65535
* hard nofile 131070
* hard nproc 8192
[root@elk101 ~]#
[root@elk101 ~]# ulimit -Sn
65535
[root@elk101 ~]#
[root@elk101 ~]# ulimit -Hn
131070
### 调大内核虚拟内存映射值
[root@elk101 ~]# cat /etc/sysctl.d/es.conf
vm.max_map_count=524288
[root@elk101 ~]# sysctl -q vm.max_map_count
vm.max_map_count = 65530
[root@elk101 ~]# sysctl -f /etc/sysctl.d/es.conf
vm.max_map_count = 524288
[root@elk101 ~]# sysctl -q vm.max_map_count
vm.max_map_count = 524288
### 同步调优文件
[root@elk101 ~]# data_rsync.sh /etc/sysctl.d/es.conf
[root@elk101 ~]# data_rsync.sh /etc/security/limits.d/es7.conf
[root@elk101 ~]# data_rsync.sh /etc/hosts
2.修改配置文件
vim /app/elasticsearch/config/elasticsearch.yml
[root@elk101 config]# egrep -v '^#|^$' /app/elasticsearch/config/elasticsearch.yml
cluster.name: elk7
path.data: /data/es7/data
path.logs: /data/es7/logs
network.host: 0.0.0.0
discovery.seed_hosts: ["elk101", "elk102", "elk103"]
cluster.initial_master_nodes: ["elk101", "elk102", "elk103"]
3.启动测试 后台启动es服务
su elk -c '/app/elasticsearch/bin/elasticsearch -d'
4. 检测
[root@elk101 ~]# curl 10.0.0.101:9200/_cat/nodes
10.0.0.103 22 83 19 0.54 0.28 0.16 cdfhilmrstw - elk103
10.0.0.101 14 92 2 0.14 0.08 0.06 cdfhilmrstw - elk101
10.0.0.102 12 84 24 0.52 0.23 0.11 cdfhilmrstw * elk102
systemd管理
systemctl 管理elk
1.elk101停止ES服务
pkill java
2.elk101编写ES启动脚本
cat > /usr/lib/systemd/system/es7.service <<EOF
[Unit]
Description=oldboyedu linux85 es7
After=network.target
[Service]
Type=simple
ExecStart=/oldboyedu/softwares/es7/elasticsearch-7.17.5/bin/elasticsearch
User=oldboyedu
LimitNOFILE=131070
[Install]
WantedBy=multi-user.target
EOF
3.elk101加载脚本
systemctl daemon-reload
4.elk101设置开机自启动
systemctl enable --now es7
5.elk101查看服务是否正常运行
systemctl status es7
ss -ntl
curl 10.0.0.101:9200/_cat/nodes
加入oracle jdk管理
# elk101解压JDK软件包
tar xf jdk-8u291-linux-x64.tar.gz -C /app/ojdk/
# 编写环境变量
cat /etc/profile.d/jdk.sh
#!/bin/bash
export JAVA_HOME=/app/jdk1.8.0_291
export PATH=$PATH:$JAVA_HOME/bin
. /etc/profile
java -version
java version "1.8.0_291"
Java(TM) SE Runtime Environment (build 1.8.0_291-b10)
Java HotSpot(TM) 64-Bit Server VM (build 25.291-b10, mixed mode)
## elk101修改启动脚本
cat > /usr/lib/systemd/system/es7.service <<EOF
[Unit]
Description=es7
After=network.target
[Service]
Type=simple
Environment=JAVA_HOME=/app/jdk1.8.0_291
ExecStart=/app/elasticsearch-7.17.5/bin/elasticsearch
User=elk
LimitNOFILE=131070
LimitNPROC=8192
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl start es7
## elk101同步配置到其他节点
data_rsync.sh /etc/profile.d/jdk.sh
data_rsync.sh /usr/lib/systemd/system/es7.service
data_rsync.sh /app/
. /etc/profile
systemctl daemon-reload && systemctl restart es7
## 检测
[root@elk101 app]# curl 10.0.0.101:9200/_cat/nodes
10.0.0.102 20 71 1 0.87 0.26 0.13 cdfhilmrstw * elk102
10.0.0.103 15 70 0 0.64 0.18 0.10 cdfhilmrstw - elk103
10.0.0.101 11 82 1 0.01 0.07 0.07 cdfhilmrstw - elk101
[root@elk101 ~]# jps
14644 Elasticsearch
14911 Jps
修改es环境堆(heap)内存大小
# 官方推荐 生产环境 是内存的一半 最大不要超过32G
vim /app/elasticsearch-7.17.5/config/jvm.options
...
-Xms256m
-Xmx256m
elk101重启服务并验证堆内存大小,若不配置,默认1GB
systemctl restart es7
jmap -heap `jps | awk '/Elasticsearch/{print $1}'` | grep MaxHeapSize
MaxHeapSize = 268435456 (256.0MB)
elk101同步环境到其他节点
data_rsync.sh /app/elasticsearch-7.17.5/config/jvm.options
es的多实例
(1)elk101解压软件包
tar xf elasticsearch-6.8.23.tar.gz -C /app/
chown elk:elk -R /app/elasticsearch-6.8.23/
install -d /data/es6/{data,logs} -o elk
(2)elk101修改配置文件
egrep '^#|^$' /app/elasticsearch-6.8.23/config/elasticsearch.yml
cluster.name: es6
node.name: elk101
path.data: /data/data/es6
path.logs: /data/es6/logs
network.host: 0.0.0.0
http.port: 19200
transport.tcp.port: 19300
discovery.zen.ping.unicast.hosts: ["elk101","elk102","elk103"]
discovery.zen.minimum_master_nodes: 2
(3)elk101修改堆内存大小
vim /app/elasticsearch-6.8.23/config/jvm.options
...
-Xms256m
-Xmx256m
(6)elk101编写启动脚本
cat > /usr/lib/systemd/system/es6.service <<EOF
[Unit]
Description=es6
After=network.target
[Service]
Type=simple
Environment=JAVA_HOME=/app/jdk1.8.0_291
ExecStart=/app/elasticsearch-6.8.23/bin/elasticsearch
User=elk
LimitNOFILE=131070
[Install]
WantedBy=multi-user.target
EOF
(4)elk101同步配置文件
data_rsync.sh /app/
data_rsync.sh /usr/lib/systemd/system/es6.service
(5)修改各节点的配置文件
vim /app/elasticsearch-6.8.23/config/elasticsearch.yml
...
node.name: elk102
vim /app/elasticsearch-6.8.23/config/elasticsearch.yml
...
node.name: elk103
(6)启动服务
systemctl daemon-reload && systemctl enable --now es6
## 查看集群是否正常
[root@elk101 ~]# curl 10.0.0.101:19200/_cat/nodes
10.0.0.101 49 85 26 0.22 0.12 0.07 mdi - elk101
10.0.0.103 47 55 23 0.42 0.13 0.08 mdi - elk103
10.0.0.102 59 57 30 0.13 0.05 0.05 mdi * elk102
常见报错
常见报错:
1.java.lang.RuntimeException: can not run elasticsearch as root
报错原因:
不能以root用户启动ES服务。
解决方案:
使用普通用户启动服务即可。
2.bootstrap check failure [1] of [3]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
报错原因:
程序默认的的文件打开数量上线过低。
解决方案:
调大文件打开数量上限即可。
3.bootstrap check failure [2] of [3]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
报错原因:
内核参数虚拟内存映射过低。
解决方案:
调大内核虚拟内存映射值即可。
4.bootstrap check failure [3] of [3]: max number of threads [3795] for user [oldboyedu] is too low, increase to at least [4096]
报错原因:
程序打开的线程数量设置过低。
解决方案:
调大程序打开的线程数量即可。
5.initial heap size [268435456] not equal to maximum heap size [1031798784]; this can cause resize pauses and prevents mlockall from locking the entire heap
报错原因:
初始化堆内存和最大堆内存大小不一致。
解决方案:
观察配置是否生效,建议将"-Xms"和"-Xmx"值配置一致。