目录
一、集群基础环境初始化
1.1 准备虚拟机
操作系统 Centos 7.9:
| 主机名 | IP | CPU | 内存 | 磁盘 | 集群角色 |
| elk101 | 192.168.170.132 | 2 core | 4 G | 30 G | ES node |
| elk102 | 192.168.170.133 | 2 core | 4 G | 30 G | ES node |
| elk103 | 192.168.170.134 | 2 core | 4 G | 30 G | ES node |
1.2 环境初始化
按照我的这篇文章来操作:(7条消息) CentOS 7 初始化系统_centos7初始化_Stars.Sky的博客-CSDN博客
温馨提示:可以先弄完一台,打个快照,然后再克隆两台即可!(以下步骤都需要在三台机器上执行!)
1.3 修改 sshd 服务优化
sed -ri 's@^#UseDNS yes@UseDNS no@g' /etc/ssh/sshd_config
sed -ri 's#^GSSAPIAuthentication yes#GSSAPIAuthentication no#g' /etc/ssh/sshd_config
grep ^UseDNS /etc/ssh/sshd_config
grep ^GSSAPIAuthentication /etc/ssh/sshd_config1.4 配置集群免密登录及同步脚本
#1. 修改主机列表
cat >> /etc/hosts <<'EOF'
192.168.170.132 elk101
192.168.170.133 elk102
192.168.170.134 elk103
EOF
#2. 在 elk101 节点上⽣成密钥对
[root@elk101 ~]# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa -q
#3. elk101 配置所有集群节点的免密登录
[root@elk101 ~]# for ((host_id=101;host_id<=103;host_id++)); do ssh-copy-id elk${host_id}; done
#4. 所有节点安装 rsync 数据同步⼯具
yum -y install rsync
#5. 在 elk101 上编写同步脚本
[root@elk101 ~]# vim /usr/local/sbin/data_rsync.sh
#!/bin/bash
if [ $# -ne 1 ];then
echo "Usage: $0 /path/to/file(绝对路径)"
exit
fi
# 判断⽂件是否存在
if [ ! -e $1 ];then
echo "[ $1 ] dir or file not find!"
exit
fi
# 获取父路径
fullpath=`dirname $1`
# 获取子路径
basename=`basename $1`
# 进入到父路径
cd $fullpath
for ((host_id=102;host_id<=103;host_id++))
do
# 使得终端输出变为绿色
tput setaf 2
echo ===== rsyncing elk${host_id}: $basename =====
# 使得终端恢复原来的颜色
tput setaf 7
# 将数据同步到其他两个节点
rsync -az $basename `whoami`@elk${host_id}:$fullpath
if [ $? -eq 0 ];then
echo "命令执行成功!"
fi
done
[root@elk101 ~]# chmod +x /usr/local/sbin/data_rsync.sh 二、ElasticSearch 单点部署
2.1 下载指定的 ES 版本
ElasticSearch 7.17.3 下载地址:https://www.elastic.co/cn/downloads/past-releases#elasticsearch
2.2 单点部署 ElasticSearch
2.2.1 安装服务
把下载好的 elasticsearch-7.17.3-x86_64.rpm 上传到 elk101:
[root@elk101 ~]# ls
anaconda-ks.cfg elasticsearch-7.17.3-x86_64.rpm
[root@elk101 ~]# yum -y localinstall elasticsearch-7.17.3-x86_64.rpm
2.2.2 修改配置⽂件
[root@elk101 ~]# vim /etc/elasticsearch/elasticsearch.yml
# 集群名称,若不指定,则默认是"elasticsearch",⽇志⽂件的前缀也是集群名称
cluster.name: elk
# 指定节点的名称,可以⾃定义,推荐使⽤当前的主机名,要求集群唯⼀
node.name: elk101
# 数据路径
path.data: /var/lib/elasticsearch
# 日志路径
path.logs: /var/log/elasticsearch
# ES 服务监听的 IP 地址
network.host: 0.0.0.0
# 服务发现的主机列表,对于单点部署⽽⾔,主机列表和"network.host"字段配置相同即可
discovery.seed_hosts: ["192.168.170.132"]2.2.3 启动服务
[root@elk101 ~]# systemctl enable --now elasticsearch.service
2.2.4 查看集群信息
[root@elk101 ~]# curl 127.0.0.1:9200
{
"name" : "elk101",
"cluster_name" : "elk",
"cluster_uuid" : "_na_",
"version" : {
"number" : "7.17.3",
"build_flavor" : "default",
"build_type" : "rpm",
"build_hash" : "5ad023604c8d7416c9eb6c0eadb62b14e766caff",
"build_date" : "2022-04-19T08:11:19.070913226Z",
"build_snapshot" : false,
"lucene_version" : "8.11.1",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
三、ElasticSearch 分布式集群部署
3.1 elk102、103 安装 ES
[root@elk101 ~]# scp elasticsearch-7.17.3-x86_64.rpm elk102:/root/
[root@elk101 ~]# scp elasticsearch-7.17.3-x86_64.rpm elk103:/root/
[root@elk102 ~]# yum -y localinstall elasticsearch-7.17.3-x86_64.rpm
[root@elk103 ~]# yum -y localinstall elasticsearch-7.17.3-x86_64.rpm
3.2 elk101 修改配置⽂件
[root@elk101 ~]# vim /etc/elasticsearch/elasticsearch.yml
discovery.seed_hosts: ["elk101", "elk102", "elk103"]
cluster.initial_master_nodes: ["elk101", "elk102", "elk103"]
[root@elk101 ~]# systemctl stop elasticsearch.service
3.3 同步配置⽂件到集群的其他节点
# elk101 同步配置⽂件到集群的其他节点
[root@elk101 ~]# data_rsync.sh /etc/elasticsearch/elasticsearch.yml
# elk102 节点配置
[root@elk102 ~]# vim /etc/elasticsearch/elasticsearch.yml
node.name: elk102
# elk103 节点配置
[root@elk103 ~]# vim /etc/elasticsearch/elasticsearch.yml
node.name: elk1033.4 elk101 节点删除之前的临时数据
注意:生产环境中只需要更改下路径即可,谨慎操作!
[root@elk101 ~]# rm -rf /var/{lib,log}/elasticsearch/*
3.5 所有节点启动服务
systemctl enable --now elasticsearch.service3.6 验证集群是否正常
[root@elk101 ~]# curl elk101:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
192.168.170.132 25 94 37 0.96 0.38 0.17 cdfhilmrstw * elk101
192.168.170.134 18 95 43 1.25 0.56 0.24 cdfhilmrstw - elk103
192.168.170.133 8 94 43 1.04 0.43 0.19 cdfhilmrstw - elk102上面可以看到,elk101 为 master 节点!
四、部署 Kibana 服务
4.1 安装 Kibana
Kibana 7.17.3 下载地址:Kibana 7.17.3 | Elastic
把下载好的包 kibana-7.17.3-x86_64.rpm 上传到 elk101(可以安装在任一节点):
[root@elk101 ~]# yum -y localinstall kibana-7.17.3-x86_64.rpm
4.2 修改 Kibana 的配置⽂件
[root@elk101 ~]# vim /etc/kibana/kibana.yml
server.host: "0.0.0.0"
server.name: "elk-kibana"
elasticsearch.hosts: ["http://192.168.170.132:9200", "http://192.168.170.133:9200", "http://192.168.170.134:9200"]
i18n.locale: "zh-CN"
4.3 启动 Kibana 服务
[root@elk101 ~]# systemctl enable --now kibana.service
4.4 访问 kibana 的 WebUI
在浏览器访问:http://192.168.170.132:5601/
上一篇文章:【Elastic (ELK) Stack 实战教程】01、Elastic Stack 概述_Stars.Sky的博客-CSDN博客