Elasticsearch Kibana x-pack安装与环境搭建
环境要求
安装 Elasticsearch 之前,你需要先安装一个较新的版本的 Java,最好的选择是,你可以从 www.java.com 获得官方提供的最新版本的 Java。安装Elasticsearch之前,需要检查你的Java版本
java -version
安装Elasticsearch
创建安装目录
cd /usr/local/ && mkdir elasticsearch && cd elasticsearch/
下载并解压软件
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.4.tar.gz
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-6.2.4.tar.gz.sha512
shasum -a 512 -c elasticsearch-6.2.4.tar.gz.sha512
tar -xzf elasticsearch-6.2.4.tar.gz
移动内容/userl/local/elasticsearch
cd elasticsearch-6.2.4 && mv * .. && cd ..
建立用户并授权(es不能用root运行)
创建用户组
groupadd elk
创建新用户,-g elk 设置其用户组为 elk,-p elk 设置其密码为 elk
useradd elk -g elk -p elk
更改 /usr/local/elasticsearch 文件夹及内部文件的所属用户及组为 elk:elk
# 假设你的 elasticsearch 安装在 /usr/local/elasticsearch 目录下
chown -R elk:elk /usr/local/elasticsearch
创建日志及数据存储目录
cd /data && mkdir elasticsearch && cd /log && mkdir elasticsearch
更改日志及数据目录存储权限
chown -R elk:elk /log/elasticsearch
chown -R elk:elk /data/elasticsearch
编辑elasticsearch配置文件
vim /usr/local/elasticsearch/config/elasticsearch.yml
修改一下配置(这里仅仅简单演示安装测试使用,高级特性配置后续篇章说明)
#集群名称
cluster.name: test-cluster
#节点名称
node.name: node-test-1
#数据路径
path.data: /data/elasticsearch
#日志路径
path.logs: /log/elasticsearch
#指明host(允许外网访问)
network.host: 0.0.0.0
#指明端口
http.port: 9200
启动
./usr/local/elasticsearch/bin/elasticsearch
此时启动会失败,因为Elasticsearch不允许root启动(安全原因,理论上软件都不应该root启动运行)
切换刚刚创建的账户
su elk
此时启动可能出现问题及解决方案如下:
切换root账户
su root
问题一
max file descriptors [4096] for elasticsearch process likely too low, increase to at least [65536]
解决
vi /etc/security/limits.conf
#增加改行配置:
* soft nofile 819200
* hard nofile 819200
问题二
max number of threads [1024] for user [work] likely too low, increase to at least [2048]
解决
vi /etc/security/limits.conf
#增加改行配置:
* soft nproc 2048
* hard nproc 4096
问题三
max virtual memory areas vm.max_map_count [65530] likely too low, increase to at least [262144]
解决
vi /etc/sysctl.conf
#增加改行配置:
vm.max_map_count=655360
#保存退出后,执行:
sysctl -p
此时再切换elk账户应该可以正常启动
su elk
./usr/local/elasticsearch/bin/elasticsearch
备注:
#查看帮助说明
./usr/local/elasticsearch/bin/elasticsearch -h
#后台运行启动
./usr/local/elasticsearch/bin/elasticsearch -d
x-pack 安全控件安装
X-Pack是一个Elastic Stack扩展,将安全性,警报,监控,报告,机器学习和图形功能捆绑到一个易于安装的软件包中。要访问此功能,您必须 在Elasticsearch中安装X-Pack
要安装x-pack必须要和Elasticsearch的版本相匹配
如果您是在现有群集上首次安装X-Pack,则必须执行完整群集重新启动。安装X-Pack后,必须在群集中的所有节点上启用安全性和安全性才能使群集正常运行。
su elk
cd /usr/local/elasticsearch
./bin/elasticsearch-plugin install x-pack
-> Downloading x-pack from elastic
[=================================================] 100%??
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin requires additional permissions @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
* java.io.FilePermission \\.\pipe\* read,write
* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries
* java.lang.RuntimePermission getClassLoader
* java.lang.RuntimePermission setContextClassLoader
* java.lang.RuntimePermission setFactory
* java.net.SocketPermission * connect,accept,resolve
* java.security.SecurityPermission createPolicy.JavaPolicy
* java.security.SecurityPermission getPolicy
* java.security.SecurityPermission putProviderProperty.BC
* java.security.SecurityPermission setPolicy
* java.util.PropertyPermission * read,write
See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html
for descriptions of what these permissions allow and the associated risks.
Continue with installation? [y/N]y
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: plugin forks a native controller @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
This plugin launches a native controller that is not subject to the Java
security manager nor to system call filters.
Continue with installation? [y/N]y
Elasticsearch keystore is required by plugin [x-pack-security], creating...
-> Installed x-pack with: x-pack-watcher,x-pack-deprecation,x-pack-graph,x-pack-security,x-pack-ml,x-pack-logstash,x-pack-monitoring,x-pack-upgrade,x-pack-core
#setup-passwords命令是第一次设置内置用户密码的最简单的方法
bin/x-pack/setup-passwords interactive
Initiating the setup of passwords for reserved users elastic,kibana,logstash_system.
You will be prompted to enter passwords as the process progresses.
Please confirm that you would like to continue [y/N]y
Enter password for [elastic]: elastic
Reenter password for [elastic]: elastic
Enter password for [kibana]: elastic
Reenter password for [kibana]: elastic
Enter password for [logstash_system]: elastic
Reenter password for [logstash_system]: elastic
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [elastic]
kibana安装
Kibana 是通向 Elastic 产品集的窗口。 它可以在 Elasticsearch 中对数据进行视觉探索和实时分析。
切换root账户
su
创建kibana安装目录
cd /usr/local/ && mkdir kibana && cd kibana
下载kibana
wget https://artifacts.elastic.co/downloads/kibana/kibana-6.2.4-linux-x86_64.tar.gz
解压文件
tar -zxvf kibana-6.2.4-linux-x86_64.tar.gz
cd kibana-6.2.4-linux-x86_64
编辑配置conf
vi config/kibana.yml
#设置端口
server.port: 5601
#设置host 改成自己的IP
server.host: "127.0.0.1"
#指明elasticsearch地址
elasticsearch.url: "http://127.0.0.1:9200"
#指明kibana的索引
kibana.index: ".kibana"
kibana安装x-pack
直接安装
bin/kibana-plugin install x-pack
下载x-pack
wget https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-6.2.4.zip
安装
./kibana-6.2.4-linux-x86_64/bin/kibana-plugin install file:///usr/local/kibana/kibana-6.2.4-linux-x86_64/x-pack-6.2.4.zip
Attempting to transfer from file:///elk/kibana/x-pack-6.2.4.zip
Transferring 264988487 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Extracting plugin archive
Extraction complete
Optimizing and caching browser bundles...
Plugin installation complete
配置x-pack账号密码
vim ./config/kibana.yml
elasticsearch.username: "kibana"
elasticsearch.password: "elastic"
启动
bin/kibana
使用kibana
访问IP:5601输入账号密码进入kibana控制台
我们可以在Kiban Dev Tools直接操作Elasticsearch
