一、安装部署ELK

1.环境准备

2.设置主机名和host解析

三台主机都需配置
[root@node1 ~]# cat /etc/hosts
192.168.43.111 node1
192.168.43.112 node2
192.168.43.113 node3
1
2
3
4
5

3.时间同步

三台主机都需配置
[root@node1 ~]# yum install chrony
[root@node1 ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp1.aliyun.com iburst

开机自起
[root@node1 ~]# systemctl enable --now chronyd

查看
[root@node1 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 120.25.115.20                 2   6    17    38   -313us[+1107us] +/-   29ms
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

4.部署jdk

[root@node1 ~]# ll
total 124452
-rw-------. 1 root root      1450 Jul 21 21:15 anaconda-ks.cfg
-rw-r--r--  1 root root 127431820 Aug  2 16:22 jdk-8u261-linux-x64.rpm

发送给node2，node3
[root@node1 ~]# scp jdk-8u261-linux-x64.rpm node2:/root
The authenticity of host 'node2 (192.168.43.112)' can't be established.
ECDSA key fingerprint is SHA256:X/a9lO6iG4mWSFRUk+rb+bkBMiPOES32ySUKJaWcejM.
ECDSA key fingerprint is MD5:d0:c5:f7:5a:26:33:d3:bb:a0:c1:f9:5c:57:68:00:29.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2,192.168.43.112' (ECDSA) to the list of known hosts.
root@node2's password: 
jdk-8u261-linux-x64.rpm                                                                                           100%  122MB  98.8MB/s   00:01    
[root@node1 ~]# scp jdk-8u261-linux-x64.rpm node3:/root
The authenticity of host 'node3 (192.168.43.113)' can't be established.
ECDSA key fingerprint is SHA256:X/a9lO6iG4mWSFRUk+rb+bkBMiPOES32ySUKJaWcejM.
ECDSA key fingerprint is MD5:d0:c5:f7:5a:26:33:d3:bb:a0:c1:f9:5c:57:68:00:29.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node3,192.168.43.113' (ECDSA) to the list of known hosts.
root@node3's password: 
jdk-8u261-linux-x64.rpm                                                                                           100%  122MB  96.9MB/s   00:01    

三台主机同时操作
[root@node1 ~]# yum localinstall -y jdk-8u261-linux-x64.rpm 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

二、部署ElasticSearch集群环境

1.安装 Elasticsearch

三台机器都部署
使用清华镜像源，本文安装7.2.0
[root@node1 ~]# yum install https://mirrors.tuna.tsinghua.edu.cn/elasticstack/yum/elastic-7.x/7.2.0/elasticsearch-7.2.0-x86_64.rpm
1
2
3

2.配置Elasticsearch集群

node1节点的配置

备份elasticsearch.yml
[root@node1 ~]# cd /etc/elasticsearch/
[root@node1 elasticsearch]# ls
elasticsearch.keystore  elasticsearch.yml  jvm.options  log4j2.properties  role_mapping.yml  roles.yml  users  users_roles
[root@node1 elasticsearch]# cp elasticsearch.yml{,.bak}

修改下放列出的配置文件的信息
[root@node1 elasticsearch]# vim elasticsearch.yml

# ---------------------------------- Cluster -----------------------------------
cluster.name: my-elk

# ------------------------------------ Node ------------------------------------
node.name: node1

# ---------------------------------- Network -----------------------------------
network.host: 192.168.43.111
http.port: 9200

# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["node1", "node2", "node3"]
cluster.initial_master_nodes: ["node1"]

主节点没有则添加的内容
node.master: true
node.data: false
node.ingest: false
node.ml: false
cluster.remote.connect: false

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

安装head插件

在5.0版本之后不支持直接把插件包放入es安装目录的plugin目录下，需要单独安装。

1>安装环境支持，需要安装nodejs
[root@node1 elasticsearch]# yum install -y nodejs npm

2>下载head插件
[root@node1 ~]# cd /var/lib/elasticsearch/

“-c”支持断点续传
[root@node1 elasticsearch]# wget  https://github.com/mobz/elasticsearch-head/archive/master.zip -c

查看并解压
[root@node1 elasticsearch]# ls
master.zip
[root@node1 elasticsearch]# unzip master.zip 
1
2
3
4
5
6
7
8
9
10
11
12
13

3>安装依赖包
[root@node1 elasticsearch-head-master]# yum install openssl bzip2 unzip -y

下载运行head必要的文件（放置在文件夹/tmp下）
[root@node1 elasticsearch-head-master]# cd /tmp
[root@node1 tmp]# wget https://npm.taobao.org/mirrors/phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2

用以下命令把下载到的包添加到npm cache目录中
[root@node1 tmp]# npm cache add phantomjs
1
2
3
4
5
6
7
8
9

返回/var/lib/elasticsearch/elasticsearch-head-master目录并安装依赖
注：直接使用npm安装时间久，依赖网络，替换为淘宝的cnpm
npm install -g cnpm --registry=https://registry.npm.taobao.org
安装依赖
cnpm install

[root@node1 elasticsearch]# cd elasticsearch-head-master/
[root@node1 elasticsearch-head-master]# npm install -g cnpm --registry=https://registry.npm.taobao.org

added 355 packages in 20s

11 packages are looking for funding
  run `npm fund` for details
npm notice 
npm notice New minor version of npm available! 8.5.5 -> 8.16.0
npm notice Changelog: https://github.com/npm/cli/releases/tag/v8.16.0
npm notice Run npm install -g npm@8.16.0 to update!
npm notice 
1
2
3
4
5
6
7
8
9
10
11
12

4>修改配置文件
[root@node1 elasticsearch-head-master]# vim Gruntfile.js
添加一项hostname，允许所有人访问
options: {
              port: 9100,
              base: '.',
              keepalive: true,
              hostname: '*'
}

[root@node1 elasticsearch-head-master]# vim _site/app.js
搜索匹配下列字符串修改
this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri")
1
2
3
4
5
6
7
8
9
10
11
12
13

5>修改elasticSearch配置文件并启动ElasticSearch
修改elasticsearch的配置文件elasticsearch.yml，以允许跨域访问，在文末追加如下代码即可
[root@node1 elasticsearch-head-master]# vim /etc/elasticsearch/elasticsearch.yml
http.cors.enabled: true
http.cors.allow-origin: "*"

设置开机自起
[root@node1 elasticsearch-head-master]# systemctl enable --now elasticsearch.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.

启动插件
[root@node1 elasticsearch-head-master]# cd /var/lib/elasticsearch/elasticsearch-head-master/
[root@node1 elasticsearch-head-master]# nohup ./node_modules/grunt/bin/grunt server &
1
2
3
4
5
6
7
8
9
10
11
12
13

安装Bigdesk插件

上传bigdesk-master.zip 到/var/lib/elasticsearch/
[root@node1 elasticsearch-head-master]# cd /var/lib/elasticsearch/
[root@node1 elasticsearch]# unzip bigdesk-master.zip 
[root@node1 elasticsearch]# cd bigdesk-master/
[root@node1 bigdesk-master]# ls
bigdesk_es2.png  LICENSE  NOTICE  plugin-descriptor.properties  README.md  _site
[root@node1 bigdesk-master]# cd _site/
[root@node1 _site]# nohup python -m SimpleHTTPServer &
[root@node1 _site]# netstat -lunpt | grep 8000
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      4696/python
1
2
3
4
5
6
7
8
9
10

进入IP:8000并点击connect

安装cerebro插件

上传 cerebro-0.8.3.tgz 到/var/lib/elasticsearch/ 并解压到该目录
[root@node1 _site]# cd ../..
[root@node1 elasticsearch]# ls
bigdesk-master  bigdesk-master.zip  elasticsearch-head-master  master.zip  nodes
[root@node1 elasticsearch]# ls
bigdesk-master  bigdesk-master.zip  cerebro-0.8.3.tgz  elasticsearch-head-master  master.zip  nodes
[root@node1 elasticsearch]# tar xf cerebro-0.8.3.tgz 
[root@node1 elasticsearch]# ls
bigdesk-master  bigdesk-master.zip  cerebro-0.8.3  cerebro-0.8.3.tgz  elasticsearch-head-master  master.zip  nodes
做一个软连接修改名称（比较长）
[root@node1 elasticsearch]# ln -sv cerebro-0.8.3 cerebro
‘cerebro’ -> ‘cerebro-0.8.3’
进入cerebro目录并启动
[root@node1 elasticsearch]# cd cerebro
[root@node1 cerebro]# nohup ./bin/cerebro &
查看端口状态
[root@node1 cerebro]# netstat -lnupt | grep 9000
tcp6       0      0 :::9000                 :::*                    LISTEN      15912/java 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

浏览器访问9000端口

按如下格式输入

配置插件开机自启动

[root@node1 cerebro]# vim /etc/rc.d/rc.local
cd /var/lib/elasticsearch/elasticsearch-head-master/ && /usr/bin/nohup ./node_modules/grunt/bin/grunt server &
cd /var/lib/elasticsearch/bigdesk/_site && /usr/bin/nohup python -m SimpleHTTPServer &
cd /var/lib/elasticsearch/cerebro && /usr/bin/nohup ./bin/cerebro &

必须给予权限，否则无法执行
[root@node1 cerebro]# chmod +x /etc/rc.d/rc.local 
1
2
3
4
5
6
7

node2和node3的配置

复制配置文件修改：修改为本机的hostname
node.name: node3
network.host: 192.168.43.113
node.master: false
node.data: true
node.ingest: false
node.ml: false
cluster.remote.connect: false

node1复制配置文件到node2和node3
[root@node1 cerebro]# scp /etc/elasticsearch/elasticsearch.yml node2:/etc/elasticsearch/
root@node2's password: 
elasticsearch.yml                                                                                                 100% 2985     2.9MB/s   00:00    
[root@node1 cerebro]# scp /etc/elasticsearch/elasticsearch.yml node3:/etc/elasticsearch/
root@node3's password: 
elasticsearch.yml                                                                                                 100% 2985     1.6MB/s   00:00 

node2修改对应配置文件（node3同理）
[root@node2 ~]# vim /etc/elasticsearch/elasticsearch.yml 
node.name: node2

network.host: 192.168.43.112

node.master: false
node.data: true
node.ingest: false
node.ml: false
cluster.remote.connect: false

设置开机自启动
[root@node2 ~]# systemctl enable --now elasticsearch.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.


node3修改配置
[root@node3 ~]# vim /etc/elasticsearch/elasticsearch.yml 
node.name: node2

network.host: 192.168.43.112

node.master: false
node.data: true
node.ingest: false
node.ml: false
cluster.remote.connect: false

开机自启
[root@node3 ~]# systemctl enable --now elasticsearch.service 
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

三、检查Elasticsearch集群

1.查看集群状态（任意节点执行）

2.查看各个节点的信息

[root@node1 cerebro]#  curl -XGET '192.168.43.111:9200/_nodes/process?pretty'
1

3.查看单个节点的信息

修改节点IP即可
[root@node1 ~]# curl -XGET '192.168.43.111:9200/'
1
2

也可插件查询