【Linux | ELK 8.2】搭建ELKB集群Ⅰ—— 实验环境说明和搭建Elasticsearch集群

news2024/12/18 22:23:13

目录

  • 1. 实验环境
      • 1.1 实验工具
      • 1.2 操作系统
      • 1.3 架构版本、IP地址规划与虚拟机配置要求
      • 1.4 拓扑图
      • 1.5 其他要求
  • 2. 实验步骤
    • 2.1 安装Elasticsearch(单节点)
      • (1)检查系统jdk版本
      • (2)下载elasticsearch
      • (3)安装elasticsearch
      • (4)配置elasticsearch
      • (5)启动与查看服务
      • (6)访问elasticsearch
    • 2.2 搭建Elasticsearch集群
      • (1)安装elasticsearch
      • (2)配置elasticsearch集群
        • 设置节点192.168.100.31
        • 设置节点192.168.100.32
        • 总结
      • (3)重启elasticsearch服务
      • (4)查看es集群信息
  • 参考资料
  • 关联博文

1. 实验环境

1.1 实验工具

VMware® Workstation 16 Pro

1.2 操作系统

CentOS 7.9.2009 (Linux)

1.3 架构版本、IP地址规划与虚拟机配置要求

开源软件虚拟机IP地址版本CPU与内存
Elasticsearch192.168.100.31,192.168.100.328.2.1大于1cpu, 大于1G内存
Logstash192.168.100.338.2.0大于1cpu, 大于1G内存
Kibana192.168.100.338.2.1大于1cpu, 大于1G内存
Filebeat192.168.100.31-338.2.1大于1cpu, 大于1G内存

1.4 拓扑图

在这里插入图片描述

1.5 其他要求

  • 所有虚拟机需要连接互联网,虚拟机网卡模式设置为NAT或桥接模式

2. 实验步骤

以下操作需要在三台虚拟机上同时进行

关闭防火墙

systemctl stop firewall
systemctl disabled firewall

将SELinux设置为disabled

vim /etc/selinux/config 

SELINUX=disabled

同步服务器时间

yum install ntp            #安装ntp服务
systemctl start ntpd       #启动ntp
systemctl enable ntpd      #设置开机自启
date                       #三台服务器的时间一致即可

2.1 安装Elasticsearch(单节点)

官方安装包下载地址:https://www.elastic.co/cn/downloads/elasticsearch

(1)检查系统jdk版本

rpm -qa | grep openjdk
java -version

如果系统没有java环境,需要自行安装。

yum install java

再次检查jdk环境

在这里插入图片描述

(2)下载elasticsearch

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.2.2-x86_64.rpm

(3)安装elasticsearch

rpm -ivh elasticsearch-8.2.2-x86_64.rpm 
警告:elasticsearch-8.2.2-x86_64.rpm: 头V4 RSA/SHA512 Signature, 密钥 ID d88e42b4: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:elasticsearch-0:8.2.2-1          ################################# [100%]
--------------------------- Security autoconfiguration information ------------------------------

Authentication and authorization are enabled.
TLS for the transport and HTTP layers is enabled and configured.

The generated password for the elastic built-in superuser is : GjKOXtfn5q1ZlHq7dM2K    #内置超级用户密码

If this node should join an existing cluster, you can reconfigure this with           #加入现有集群的命令
'/usr/share/elasticsearch/bin/elasticsearch-reconfigure-node --enrollment-token <token-here>'
after creating an enrollment token on your existing cluster.

You can complete the following actions at any time:

Reset the password of the elastic built-in superuser with                          #重置es内置超级用户的密码
'/usr/share/elasticsearch/bin/elasticsearch-reset-password -u elastic'.

Generate an enrollment token for Kibana instances with                           #为 Kibana 实例生成一个注册令牌
 '/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s kibana'.

Generate an enrollment token for Elasticsearch nodes with                #为 Elasticsearch 节点生成一个注册令牌
'/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node'.

-------------------------------------------------------------------------------------------------
### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable elasticsearch.service
### You can start elasticsearch service by executing
 sudo systemctl start elasticsearch.service

使用rpm包安装的elasticsearch其配置目录在/etc/elasticsearch;安装目录在/usr/share/elasticsearch

小技巧:通过rpm -qc命令查看elasticsearch的配置文件路径

# rpm -qc elasticsearch-8.2.2-1.x86_64
/etc/elasticsearch/elasticsearch-plugins.example.yml
/etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/jvm.options
/etc/elasticsearch/log4j2.properties
/etc/elasticsearch/role_mapping.yml
/etc/elasticsearch/roles.yml
/etc/elasticsearch/users
/etc/elasticsearch/users_roles
/etc/sysconfig/elasticsearch
/usr/lib/sysctl.d/elasticsearch.conf
/usr/lib/systemd/system/elasticsearch.service

(4)配置elasticsearch

vim /etc/elasticsearch/elasticsearch.yml 
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: elk-cluster                    #自定义集群名
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1                           #自定义节点名
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch            #elasticsearch数据存放路径
#
# Path to log files:
#
path.logs: /var/log/elasticsearch            #elasticsearch日志存放路径
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: 0.0.0.0            #设置能访问elasticsearch的IP地址,0.0.0.0表示所有IP都能访问,监听所有IP
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200                 #设置elasticsearch数据传输端口号,即监听端口,默认为9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# --------------------------------- Readiness ----------------------------------
#
# Enable an unauthenticated TCP readiness endpoint on localhost
#
#readiness.port: 9399
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically      
# generated to configure Elasticsearch security features on 04-06-2022 20:18:05
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: true                             #elasticsearch v7以后自动开启安全模式

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["vms31.rhce.cc"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

修改完后使用cat命令查看设置

# cat /etc/elasticsearch/elasticsearch.yml | grep -Ev "#|^$" 
cluster.name: elk-cluster
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["vms31.rhce.cc"]
http.host: 0.0.0.0

(5)启动与查看服务

启动服务

systemctl start elasticsearch.service 
systemctl enable elasticsearch.service   

查看启动端口

# netstat -ntlup | grep java
tcp6       0      0 :::9200                 :::*                    LISTEN      24625/java          
tcp6       0      0 :::9300                 :::*                    LISTEN      24625/java          

其中9200是数据传输端口,9300示集群通信端口。

(6)访问elasticsearch

使用curl命令访问

# curl -u elastic:GjKOXtfn5q1ZlHq7dM2K https://192.168.100.31:9200/ --insecure
{
  "name" : "vms31.rhce.cc",
  "cluster_name" : "elk-cluster",
  "cluster_uuid" : "4IoxZ9U5T_-7T26soNLm8A",
  "version" : {
    "number" : "8.2.2",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "9876968ef3c745186b94fdabd4483e01499224ef",
    "build_date" : "2022-05-25T15:47:06.259735307Z",
    "build_snapshot" : false,
    "lucene_version" : "9.1.0",
    "minimum_wire_compatibility_version" : "7.17.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "You Know, for Search"
}

使用浏览器访问:https://192.168.100.31:9200/

在这里插入图片描述

2.2 搭建Elasticsearch集群

为了安装elasticsearch集群,我们将

  • 192.168.100.31节点设置为master
  • 192.168.100.32和192.168.100.33节点视为node

(1)安装elasticsearch

根据2.1的(1)——(3),在另外两台服务器192.168.100.32和192.168.100.33上安装elasticsearch

(2)配置elasticsearch集群

设置节点192.168.100.31

# cat /etc/elasticsearch/elasticsearch.yml | grep -v "#"
cluster.name: elk-cluster
node.name: node-1
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: 
  - 192.168.100.31:9300
  - 192.168.100.32:9300
cluster.initial_master_nodes: ["node-1", "node-2"]


xpack.security.enabled: false

xpack.security.enrollment.enabled: true

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

http.host: 0.0.0.0

设置节点192.168.100.32

# cat /etc/elasticsearch/elasticsearch.yml | grep -v "#"
cluster.name: elk-cluster
node.name: node-2
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["192.168.100.31:9300", "192.168.100.32:9300"]
cluster.initial_master_nodes: ["node-1", "node-2"]


xpack.security.enabled: false

xpack.security.enrollment.enabled: true

xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

http.host: 0.0.0.0

总结

初始化集群时,所有节点的

  • 集群名cluster.name要一致,
  • 集群IP地址discovery.seed_hosts要一致,

(3)重启elasticsearch服务

systemctl restart elasticsearch  

(4)查看es集群信息

# curl http://192.168.100.31:9200/_cluster/health?pretty
{
  "cluster_name" : "elk-cluster",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 2,
  "number_of_data_nodes" : 2,
  "active_primary_shards" : 2,
  "active_shards" : 4,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

# curl http://192.168.100.31:9200/_nodes/process?pretty
{
  "_nodes" : {
    "total" : 2,
    "successful" : 2,
    "failed" : 0
  },
  "cluster_name" : "elk-cluster",
  "nodes" : {
    "8bB4P1EET2mjhecE4fez9Q" : {
      "name" : "node-2",
      "transport_address" : "192.168.100.32:9300",
      "host" : "192.168.100.32",
      "ip" : "192.168.100.32",
      "version" : "8.2.2",
      "build_flavor" : "default",
      "build_type" : "rpm",
      "build_hash" : "9876968ef3c745186b94fdabd4483e01499224ef",
      "roles" : [
        "data",
        "data_cold",
        "data_content",
        "data_frozen",
        "data_hot",
        "data_warm",
        "ingest",
        "master",
        "ml",
        "remote_cluster_client",
        "transform"
      ],
      "attributes" : {
        "ml.machine_memory" : "4122771456",
        "ml.max_jvm_size" : "2063597568",
        "xpack.installed" : "true"
      },
      "process" : {
        "refresh_interval_in_millis" : 1000,
        "id" : 52915,
        "mlockall" : false
      }
    },
    "c69H-_ToSLOsbiiIZnY6QA" : {
      "name" : "node-1",
      "transport_address" : "192.168.100.31:9300",
      "host" : "192.168.100.31",
      "ip" : "192.168.100.31",
      "version" : "8.2.2",
      "build_flavor" : "default",
      "build_type" : "rpm",
      "build_hash" : "9876968ef3c745186b94fdabd4483e01499224ef",
      "roles" : [
        "data",
        "data_cold",
        "data_content",
        "data_frozen",
        "data_hot",
        "data_warm",
        "ingest",
        "master",
        "ml",
        "remote_cluster_client",
        "transform"
      ],
      "attributes" : {
        "xpack.installed" : "true",
        "ml.max_jvm_size" : "2063597568",
        "ml.machine_memory" : "4122771456"
      },
      "process" : {
        "refresh_interval_in_millis" : 1000,
        "id" : 38585,
        "mlockall" : false
      }
    }
  }
}

参考资料

  • Elasticsearch介绍:Elasticsearch 是什么?
  • Elasticsearch文档:Elasticsearch Guide
  • Logstash文档:Logstash Reference
  • Kibana文档:Kibana Guide
  • Filebeat文档:Filebeat Reference

关联博文

由于篇幅原因,关于搭建ELKB集群其他内容请查阅:
安装 Logstash 和 Kibana
安装 Filebeat和问题与解决方案

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/371955.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

格式化串漏洞

格式化字符串漏洞本身并不算缓冲区溢出漏洞&#xff0c;这里作为比较典型的一类漏洞进行简单介绍。为了能够将字符串、变量、地址等数据按照指定格式输出&#xff0c;通常使用包含格式化控制符的常量字符串作为格式化串&#xff0c;然后指定用相应变量来代替格式化串中的格式化…

进程管理之基本概念

目录 关于进程的基本概念 进程描述符 查看进程 进程标识 进程的生命周期 僵尸进程、孤儿进程 写时拷贝技术 fork()函数 vfork()函数 终止进程 进程优先级和权重 进程地址空间 关于进程的基本概念 进程和程序是操作系统领域的两个重要的概念&#xff0c;进程是执行…

LeetCode 145. 二叉树的中序遍历

LeetCode 145. 二叉树的中序遍历 难度&#xff1a;easy\color{Green}{easy}easy 题目描述 给你一棵二叉树的根节点 rootrootroot &#xff0c;返回其节点值的 后序遍历 。 示例 1&#xff1a; 输入&#xff1a;root [1,null,2,3] 输出&#xff1a;[3,2,1]示例 2&#xff1a…

mitmproxy使用总结

mitmproxy is a free and open source interactive HTTPS proxy. 这官网上的一句话说明mitmproxy的身份&#xff0c;MITM 即中间人攻击&#xff08;Man-in-the-middle attack&#xff09;&#xff0c;与charles、fidder之类的抓包工具不同的是可以增加一些自定义处理的扩展脚本…

aws appmesh 在ec2上部署和使用appmesh

参考资料 Getting started with AWS App Mesh and Amazon EC2 之前的文章中我们已经介绍了aws的服务网格场频appmesh&#xff0c;并且在eks环境中进行了部署和简单功能的测试。由于eks环境较为复杂&#xff0c;本文在ec2环境下手动配置appmesh网格环境 需求&#xff1a; 两个…

【Spring 基础】

【Spring 基础】 一、 Spring 介绍 1. 简述 Spring 技术是 JavaEE 开发必备技能&#xff0c;企业开发技术选型专业角度 简化开发&#xff0c;降低企业级开发的复杂性 IoCAOP 事务处理 框架整合&#xff0c;高效整合其他技术&#xff0c;提高企业级应用开发与运行效率 MyBat…

Linux内核中的软中断、tasklet和工作队列

软中断、tasklet和工作队列并不是Linux内核中一直存在的机制&#xff0c;而是由更早版本的内核中的“下半部”&#xff08;bottom half&#xff09;演变而来。下半部的机制实际上包括五种&#xff0c;但2.6版本的内核中&#xff0c;下半部和任务队列的函数都消失了&#xff0c;…

5M240ZT144C5N【CPLD】5M240ZT144I5N,5M570ZT100I5N满足低功耗设计

MAX V设备系列的特点&#xff1a;低成本、低功耗、非易失性CPLD架构即时启动(0.5 ms或更短)配置时间待机电流低至25A&#xff0c;快速下电/复位操作快速传播延迟和时钟到输出时间内部振荡器模拟RSDS输出支持&#xff0c;数据速率高达200 Mbps模拟LVDS输出支持&#xff0c;数据速…

手把手教你做微信公众号

手把手教你做微信公众号 微信公众号可以通过注册的方式来建立。 1.进入微信公众平台 首先&#xff0c;在浏览器中搜索微信公众号&#xff0c;网页第一个就是&#xff0c;如下图所示&#xff0c;我们点进去。 2.注册微信平台账号 进入官网之后&#xff0c;如下图所示&#…

day53【代码随想录】单调栈之每日温度、下一个更大元素 I、下一个更大元素 II

文章目录前言一、每日温度&#xff08;力扣739&#xff09;二、下一个更大元素 I&#xff08;力扣496&#xff09;三、下一个更大元素 II&#xff08;力扣503&#xff09;【环形数组】思路一思路二前言 单调栈&#xff1a;栈内元素保证递增或递减的 1、每日温度 2、下一个更大…

“AI板块凉了”说法有失公允?AI板块CNTM其发展的关键!

今年区块链所有的建设都围绕着以太坊&#xff0c;存储板块开年也是火爆了一把&#xff0c;龙头FIL更是一路前行&#xff0c;短期虽有回落但热度依然在&#xff0c;后期市场热度还是会给到存储&#xff0c;未来可期。目前市场上新出一个区块链覆盖多个赛道的项目——Filswan和AI…

Hive的视图与索引

Hive的视图其实是一个虚表&#xff0c;视图可以允许保存一个查询&#xff0c;并像对待表一样对这个查询进行操作&#xff0c;视图是一个逻辑结构&#xff0c;并不会存储数据。 Hive中的索引只有有限的功能&#xff0c;Hive中没有主键和外键的概念&#xff0c;可以通过对一些字段…

【CS224W】(task6)Google的PageRank算法

note 求解pagerank&#xff1a;用power iteration&#xff08;幂迭代&#xff09;方法求解 rM⋅r\mathbf{r}\mathbf{M} \cdot \mathbf{r}rM⋅r ( MMM 是重要度矩阵)用random uniform teleporation解决dead-ends&#xff08;自己指向自己&#xff09;和spider-traps&#xff08…

Linear()全连接层+矩阵原理

Linear()全连接层矩阵原理) Linear()全连接层矩阵原理 Linear&#xff08;&#xff09;参数 原文地址&#xff1a;https://blog.csdn.net/horizonwys/article/details/125933921 。 矩阵原理 在 NLP中 x 一般为一行 故 *linear()中输出为 x W x的维度为 &#xff08;tok…

二叉树—— 二叉搜索树中的搜索

二叉搜索树中的搜索 链接 给定二叉搜索树&#xff08;BST&#xff09;的根节点 root 和一个整数值 val。 你需要在 BST 中找到节点值等于 val 的节点。 返回以该节点为根的子树。 如果节点不存在&#xff0c;则返回 null 。 示例 1: 输入&#xff1a;root [4,2,7,1,3], val…

jsp图书借阅管理系统Myeclipse开发mysql数据库web结构java编程计算机网页项目

一、源码特点 JSP 图书借阅管理系统是一套完善的java web信息管理系统&#xff0c;对理解JSP java编程开发语言有帮助&#xff0c;系统采用serlvetdaobean&#xff0c;系统具有完整的源代码和数据库&#xff0c;系统主要采用B/S模式开发。开发环境为TOMCAT7.0,Myeclipse8.…

[oeasy]python0093_电子游戏起源_视频游戏_达特茅斯_Basic_家酿俱乐部

编码进化 回忆上次内容 Ed Robert 的 创业之路 从 售卖 diy 组装配件到进军 计算器市场最后 发布 牛郎星8800 intel 8080 的出现 让 人人都有 自己的 个人电脑 Bill Gate 和 Paul Allen 要去 新墨西哥州 朝圣这场 奥德赛 会发生什么呢&#xff1f;&#x1f914; 奥德赛 当…

【并发编程学习篇】ReentrantLock设计思想剖析

一、AQS原理剖析 什么是AQS java.util.concurrent包中的大多数同步器实现都是围绕着共同的基础行为&#xff0c;比如 等待队列、条件队列、独占获取、共享获取等而这些行为的抽象就是基于AbstractQueuedSynchronizer&#xff08;简称AQS&#xff09;实现的&#xff0c;AQS是一…

【python】函数详解

注&#xff1a;最后有面试挑战&#xff0c;看看自己掌握了吗 文章目录基本函数-function模块的引用模块搜索路径不定长参数参数传递传递元组传递字典缺陷&#xff0c;容易改了原始数据&#xff0c;可以用copy()方法避免变量作用域全局变量闭包closurenonlocal 用了这个声明闭包…

C语言基础相关内容

文章目录前言1. 关键字2. C语言数据类型3. 标志符4. 常量类型5. 内存模型变量内存分析数组6. printf & scanfpuchar&getchar7 main函数8 字面值常量前言 本文简明扼要的介绍了部分C语言的一些基本内容。 1. 关键字 12345678charshortintlongfloatdoubleifelsereturnd…