深入解析:ELK Stack技术栈

ES集群安装部署

#>>> 创建用于启动ES的用户
$ useradd es
$ id es
uid=1000(elasticsearch) gid=1000(elasticsearch)=1000(elasticsearch)
#>>> 创建ES数据目录和日志目录存放目录
$ mkdir -p /opt/{data,logs
}
$ install -d /opt/{data,logs
}/es -o es -g es
#>>> 解压es安装包到指定目录
$ tar xf elasticsearch-7.17.11-linux-x86_64.tar.gz -C /opt/
#>>> 更改目录名
$ cd /opt/ &&
mv elasticsearch-7.17.11 es
#>>> 创建ES环境变量
$ vim >> /etc/profile.d/es.sh <<-EOF
#! /bin/bash
export ES_HOME=/opt/es
export PATH=\$PATH:\$ES_HOME/bin
EOF
#>>> 重新加载环境变量
$ source /etc/profile.d/es.sh
#>>> 修改elasticsearch属主和数组
$ chown -R es,es /opt/es
#>>> 修改es需要的limits参数(重新连接会话框才能成功加载参数)
$ cat >> /etc/security/limits.d/elk.conf <<-EOF
* soft nofile 65535
* hard nofile 131070
EOF
#>>> 查看limits参数是否加载
$ ulimit -Sn
65535
$ ulimit -Hn
131070
#>>> 修改内核参数
$ cat > /etc/sysctl.d/elk.conf <<
EOF
vm.max_map_count = 262144
EOF
#>>> 加载内核参数
$ sysctl -f /etc/sysctl.d/elk.conf
vm.max_map_count = 262144
$ sysctl -q vm.max_map_count
vm.max_map_count = 262144
#>>> 修改堆内存大小(最大设置为32G,要么内存的一半)
$ vim /opt/elasticsearch-7.17.11/config/jvm.options
···
-Xms256m
-Xmx256m
···
#>>> elk01修改配置文件
$ egrep -v "^(#|$)" /opt/es/config/elasticsearch.yml
cluster.name: study-elk-cluster
node.name: elk01
path.data: /opt/data/es # 指定数据目录
path.logs: /opt/logs/es # 指定日志目录
network.host: 0.0.0.0
discovery.seed_hosts: ["192.168.100.160","192.168.100.161","192.168.100.162"]
cluster.initial_master_nodes: ["192.168.100.160","192.168.100.161","192.168.100.162"]
ingest.geoip.downloader.enabled: false
#>>> elk02修改配置文件
$ egrep -v "^(#|$)" /opt/es/config/elasticsearch.yml
cluster.name: study-elk-cluster
node.name: elk02
path.data: /opt/data/es
path.logs: /opt/logs/es
network.host: 0.0.0.0
discovery.seed_hosts: ["192.168.100.160","192.168.100.161","192.168.100.162"]
cluster.initial_master_nodes: ["192.168.100.160","192.168.100.161","192.168.100.162"]
ingest.geoip.downloader.enabled: false
#>>> elk03修改配置文件
$ egrep -v "^#|^$" /opt/es/config/elasticsearch.yml
cluster.name: study-elk-cluster
node.name: elk03
path.data: /opt/data/es
path.logs: /opt/logs/es
network.host: 0.0.0.0
discovery.seed_hosts: ["192.168.100.160","192.168.100.161","192.168.100.162"]
cluster.initial_master_nodes: ["192.168.100.160","192.168.100.161","192.168.100.162"]
ingest.geoip.downloader.enabled: false
#>>> 所有节点添加elk启动脚本
$ cat > /usr/lib/systemd/system/es.service <<
EOF
[Unit]
Description=ELK
After=network.target
[Service]
Type=forking
ExecStart=/opt/es/bin/elasticsearch -d
Restart=no
User=es
Group=es
LimitNOFILE=131070
[Install]
WantedBy=multi-user.target
EOF
#>>> 所有节点重新加载并启动
$ systemctl daemon-reload
$ systemctl restart es
#>>> 测试集群
[root@elk01 ~]# curl 192.168.100.160:9200/_cat/nodes
192.168.100.160 40 59 8 0.14 0.10 0.06 cdfhilmrstw * elk01
192.168.100.161 54 30 11 0.55 0.29 0.11 cdfhilmrstw - elk02
192.168.100.162 48 28 8 0.29 0.16 0.06 cdfhilmrstw - elk03
posted @ 2025-07-27 16:11  wzzkaifa  阅读(9)  评论(0)    收藏  举报