ELK 保姆级部署教学
- 首先去官网下载安装包版本,这个我使用的是7.17.18,经量各个插件都是用同一个版本的
mkdir -p /data/elasticsearch /data/logstash /data/kibana
tar -zxvf elasticsearch-7.17.18-linux-x86_64.tar.gz
mv elasticsearch-7.17.18 /data/elasticsearch/
ln -Tfs elasticsearch-7.17.18/ elasticsearch
tar -zxvf logstash-7.17.18-linux-x86_64.tar.gz
mv logstash-7.17.18 /data/logstash/
ln -Tfs kibana-7.17.18-linux-x86_64/ kibana
tar -zxvf kibana-7.17.18-linux-x86_64.tar.gz
mv kibana-7.17.18-linux-x86_64 /data/kibana/
ln -Tfs logstash-7.17.18/ logstash
export JAVA_HOME=/path/to/your/java
export PATH=$JAVA_HOME/bin:$PATH
2。设置密码及CA证书
[root@localhost bin]# ./elasticsearch-certutil ca --out /home/elasticsearch/certs/elastic-stack-ca.p12
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL/TLS in the Elastic stack.
The 'ca' mode generates a new 'certificate authority'
This will create a new X.509 certificate and private key that can be used
to sign certificate when running in 'cert' mode.
Use the 'ca-dn' option if you wish to configure the 'distinguished name'
of the certificate authority
By default the 'ca' mode produces a single PKCS#12 output file which holds:
* The CA certificate
* The CA's private key
If you elect to generate PEM format certificates (the -pem option), then the output will
be a zip file containing individual files for the CA certificate and private key
Directory /home/elasticsearch/certs does not exist. Do you want to create it? [Y/n]y
Enter password for elastic-stack-ca.p12 : s4UY7ySFnrtxWUBe #这里是你设置的证书密码
./elasticsearch-certutil cert --name es1 \
--dns es1 \
--ip xxxxxxxx \ #这里是你的服务器ip
--ca /home/elasticsearch/certs/elastic-stack-ca.p12 \
--ca-pass s4UY7ySFnrtxWUBe \
--out /home/elasticsearch/certs/es1.p12
编写启动脚本
#### es启动脚本
[Unit]
Description=Elasticsearch
Wants=network-online.target
After=network-online.target
[Service]
# 用于指定服务的启动类型
Type=forking
RuntimeDirectory=elasticsearch
PrivateTmp=true
# Environment 属性允许你直接在服务单元文件中设置环境变量
Environment=ES_HOME=/homeelasticsearch
Environment=ES_PATH_CONF=/home/elasticsearch/config
Environment=PID_DIR=/home/elasticsearch
Environment=ES_SD_NOTIFY=true
# 变量参数文件,kv格式,可以被下面读取,如$OPTIONS
# EnvironmentFile 属性允许你将环境变量的设置放在一个独立的文件中,以便更轻松地管理和维护。如果存在重复的环境变量,Environment 中的设置会覆盖 EnvironmentFile 中的设置。
# EnvironmentFile=-/etc/default/elasticsearch
# 工作目录
WorkingDirectory=/home/elasticsearch
# 启动用户和用户组
User=elastic
Group=elastic
# 启动
ExecStart=/home/elasticsearch/bin/elasticsearch -d -p ${PID_DIR}/elasticsearch.pid
ExecReload=/bin/kill -HUP $MAINPID
# systemd会在服务退出状态不是成功时触发自动重启
Restart=on-failure
# 指定在尝试重启之前等待的时间间隔。这有助于防止在服务启动问题导致的无限重启循环。
RestartSec=42s
# 标准输出配置为重定向到journalctl,因为在es日志系统初始化之前,一些错误消息可能会记录在标准输出中。Elasticsearch将其日志存储在属性{path.logs}定义的日志目录中,并且默认情况下不使用JournalCtl。如果您还想启用journalctl日志记录,您可以简单地从ExecStart中删除“quiet”选项。
StandardOutput=journal
StandardError=inherit
# 指定此进程可以打开的最大文件数
LimitNOFILE=655350
# 指定此进程可以打开的最大进程数
LimitNPROC=65535
# 指定最大虚拟内存virtual memory
LimitAS=infinity
# 指定最大文件大小
LimitFSIZE=infinity
# 超时设置 0-永不超时,一直等待,直到进程停止
TimeoutStopSec=0
# SIGTERM是停止java进程的信号
KillSignal=SIGTERM
# 信号只发送给给JVM而不是其控制组
KillMode=process
# java进程不会被杀掉
SendSIGKILL=no
# 当JVM接收到SIGTERM信号时,它以代码143退出(定义正常退出状态)
SuccessExitStatus=143
# 允许在systemd通知模块启动之前缓慢启动以延长超时时间
TimeoutStartSec=900
[Install]
WantedBy=multi-user.target
Elasticsearch 默认使用 mmapfs 方式管理索引文件,需要较大的内存映射区域。当前系统设置的 vm.max_map_count=65530 无法满足需求,必须将其提升至 262144 或更高。
echo "vm.max_map_count=262144" >> /etc/sysctl.conf # 调大配置
systemctl daemon-reload
systemctl restart elasticsearch.service
systemctl status elasticsearch.service
systemctl enable --now elasticsearch
cd /data/elasticsearch-7.17.24/bin
./elasticsearch-setup-passwords interactive
root@elk:/data/elasticsearch/bin# ./elasticsearch-setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,apm_system,kibana,kibana_system,logstash_system,beats_system,remote_monitoring_user.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N] y
Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana_system]:
Reenter password for [kibana_system]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
验证状态
curl -u elastic:<password> 'http://192.168.0.111:19200/_cat/nodes?v'
curl -u elastic:<password> 'http://192.168.0.112:19200/_cat/nodes?v'
curl -u elastic:<password> 'http://192.168.0.113:19200/_cat/nodes?v'
curl -u elastic:<password> 'http://192.168.0.111:19200/_cat/health?v'
curl -XPOST -u elastic:原密码 "http://localhost:9200/_security/user/elastic/_password" \
-H 'Content-Type: application/json' -d'{"password":"新密码"}' #重置密码
root@elk:/data/elasticsearch/bin# curl -u elastic:LsQ5dV\&nWYgXp\^ -X GET "http://192.168.2.5:9200/_cluster/health?pretty"
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "unable to authenticate user [elastic] for REST request [/_cluster/health?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
}
}
],
"type" : "security_exception",
"reason" : "unable to authenticate user [elastic] for REST request [/_cluster/health?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
}
},
"status" : 401
}
### kibana启动脚本
[Unit]
Description=kibana
After=network.target
[Service]
User=elastic
Group=elastic
ExecStart=/usr/local/kibana/bin/kibana
ExecStop=/usr/bin/kill -15 $MAINPID
ExecReload=/usr/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=42s
Type=simple
RemainAfterExit=yes
PrivateTmp=true
# file size
LimitFSIZE=infinity
# cpu time
LimitCPU=infinity
# virtual memory size
LimitAS=infinity
# open files
LimitNOFILE=65535
# processes/threads
LimitNPROC=64000
# locked memory
LimitMEMLOCK=infinity
# total threads (user+kernel)
TasksMax=infinity
TasksAccounting=false
[Install]
WantedBy=multi-user.target
######logstarch启动脚本
[Unit]
Description=kibana
After=network.target
[Service]
User=elastic
Group=elastic
ExecStart=/usr/local/kibana/bin/kibana
ExecStop=/usr/bin/kill -15 $MAINPID
ExecReload=/usr/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=42s
Type=simple
RemainAfterExit=yes
PrivateTmp=true
# file size
LimitFSIZE=infinity
# cpu time
LimitCPU=infinity
# virtual memory size
LimitAS=infinity
# open files
LimitNOFILE=65535
# processes/threads
LimitNPROC=64000
# locked memory
LimitMEMLOCK=infinity
# total threads (user+kernel)
TasksMax=infinity
TasksAccounting=false
[Install]
WantedBy=multi-user.target
root@elkSingle:/usr/lib/systemd/system# cat logstash.service
[Unit]
Description=logstash
Wants=network-online.target
After=network-online.target
[Service]
User=root
ExecStart=/data/logstash/bin/logstash
Restart=always
[Install]
WantedBy=multi-user.target
#####filebeat启动脚本
[Unit]
Description=filebeat server daemon
Documentation=https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Wants=network-online.target
After=network-online.target
[Service]
User=root
Group=root
ExecStart=/data/filebeat/filebeat -e -c /data/filebeat/filebeat.yml
Restart=always
[Install]
WantedBy=multi-user.target
浙公网安备 33010602011771号