In Elasticsearch 5.6.6 download package.
tar -zxvf elasticsearch-5.6.6.tar.gz
ln -s elasticsearch-5.6.6 elasticsearch
groupadd elk
useradd elk -g elk
chown -R elk:elk /application/elasticsearch-5.6.6
chown -R elk:elk /application/elasticsearch
The /application/elasticsearch/pluginscopied files over
to /application/elasticsearch/configthe x-pack也复制过来
will /application/elasticsearch/bincopied in x-pack
Note permission:
chown -R elk:elk /application/elasticsearch/config/x-pack
chown -R elk:elk /application/elasticsearch/logs
chown -R elk:elk /application/elasticsearchplugins
After the start, suggesting
[2019-04-18T10:58:25,586][ERROR][o.e.b.Bootstrap ] [bwhs199] node validation exception
[2] bootstrap checks failed
[1]: max file descriptors [65535] for elasticsearch process is too low, increase to at least [65536]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
Execute the following command to restart
vi /etc/sysctl.conf
# 添加
vm.max_map_count=655360
#再执行此命令
sysctl -p
vi /etc/security/limits.conf
# 添加下面两行
* hard nofile 65536
* soft nofile 65536
Es in the current node, add their own host, execution ./elasticsearch -dcan
then you can see the effect es dynamic equilibrium, adjustment of the balancing mechanism is controlled by the shard es itself in the kibana, other nodes do not need to restart es
from the FIG. see the index data has been written
back in accordance with the above operation, es evenly distributed, will bring a problem. If there is a relatively small disk, he will allocate as much shard, quickly leading to disk alarm occurs. Just balance partitions, so nodes are the same, it is easy to extend and maintain
Well, I compromise, and then hung on to a disk, although the configuration is very simple, but after changing the configuration, how graceful restart es it?
chown -R elk:elk /appdata/elasticsearch/data
View the official document Rolling Upgrades , and how elasticsearch safe restart node
1, stop partition
PUT _cluster/settings
{
"transient": {
"cluster.routing.allocation.enable": "none"
}
}
2, stops need to be upgraded node
attention curl -XPOST http://10.101.3.199:9200/_cluster/nodes/_local/_shutdownthis has been set aside.
ps -ef|grep elasticsearch
kill -9 xxx(pid)
3, start the need to upgrade the node
sudo su -
su - elk
cd /application/elasticsearch/bin
./elasticsearch -d
4, the recovery partition is assigned
to perform GET _cat/nodesto see whether the node is up, do GET _cluster/healthsee if the cluster monitor, if there is no problem, then the recovery partition, so on it.
PUT _cluster/settings
{
"transient": {
"cluster.routing.allocation.enable": "all"
}
}
This distribution operations consume significant computing resources
