Einführung
Dieser Artikel ist der erste in einer Reihe über den Stapel Elasticsearch , Logstash , Kibana ( ELK ). Diese Artikelserie richtet sich an diejenigen, die gerade erst mit dem ELK- Stack beginnen , und enthält das erforderliche Mindestwissen, um ihren ersten ELK- Cluster erfolgreich zu starten .
Dieser Zyklus behandelt Themen wie:
Installieren und Konfigurieren von ELK- Komponenten ,
Clustersicherheit, Datenreplikation und Sharding,
Konfigurieren von Logstash und Beat zum Erstellen und Senden von Daten an Elasticsearch,
Visualisierung in Kibana
Starten eines Stacks in Docker.
Dieser Artikel behandelt die Vorgehensweise zum Installieren von Elasticsearch und zum Konfigurieren des Clusters.
Aktionsplan:
Laden Sie Elasticsearch herunter und installieren Sie es .
Einrichten eines Clusters.
Wir starten und überprüfen die Clusterleistung.
Wichtige Einstellungen vornehmen.
Laden Sie Elasticsearch herunter und installieren Sie es
Elasticsearch, . . , Deb
, RPM
tar.gz
Linux .
Deb
Elasticsearch PGP :
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
apt-transport-https
:
sudo apt-get install apt-transport-https
Elastic:
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
Elasticsearch :
sudo apt-get update && sudo apt-get install elasticsearch
Elasticsearch :
sudo /bin/systemctl daemon-reload && sudo /bin/systemctl enable elasticsearch.service
RPM
Elasticsearch PGP :
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
/etc/yum.repos.d/
Elasticsearchelasticsearch.repo
:
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
Elasticsearch c ,
yum
dnf
CentOS
,Red Hat
,Fedora
zypper
OpenSUSE
:
# Yum
sudo yum install --enablerepo=elasticsearch elasticsearch
# Dnf
sudo dnf install --enablerepo=elasticsearch elasticsearch
# Zypper
sudo zypper modifyrepo --enable elasticsearch && \
sudo zypper install elasticsearch; \
sudo zypper modifyrepo --disable elasticsearch
tar.gz
Elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.1-linux-x86_64.tar.gz
Elasticsearch:
tar -xzf elasticsearch-7.10.1-linux-x86_64.tar.gz
cd elasticsearch-7.10.1/
, $ES_HOME
.
$ES_HOME/config/
.
.
Elasticsearch , Elasticsearch .
Elasticsearch. .
Elasticsearch YAML
, /etc/elasticsearch/elasticsearch.yml
Deb
RPM
$ES_HOME/config/elasticsearch.yml
- .
es-node01.
, .
.
master
data
:
# ------------------------------------ Node ------------------------------------
node.name: es-node01 #
node.roles: [ master, data ] #
master
,
data
, :
# ---------------------------------- Network -----------------------------------
network.host: 10.0.3.11 #
http.port: 9200 #
0.0.0.0
0
, Elasticsearch .
master
:
# ---------------------------------- Cluster -----------------------------------
cluster.name: es_cluster #
cluster.initial_master_nodes: ["es-node01","es-node02","es-node03"] #
cluster.initial_master_nodes
, , . ( ), .
.
master
:
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["10.0.3.11", "10.0.3.12", "10.0.3.13"] #
7.0 Elasticsearch
discovery.zen.minimum_master_nodes
, . , Split Brain,master
. 7.0 , . , , .
,
# ----------------------------------- Paths ------------------------------------
path.data: /var/lib/elasticsearch #
path.logs: /var/log/elasticsearch #
:
# ------------------------------------ Node ------------------------------------
node.name: es-node01 #
node.roles: [ master, data ] #
#
# ---------------------------------- Network -----------------------------------
network.host: 10.0.3.11 #
http.port: 9200 #
#
# ---------------------------------- Cluster -----------------------------------
cluster.name: es_cluster #
cluster.initial_master_nodes: ["es-node01","es-node02","es-node03"] #
#
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["10.0.3.11", "10.0.3.12", "10.0.3.13"] #
#
# ----------------------------------- Paths ------------------------------------
path.data: /var/lib/elasticsearch #
path.logs: /var/log/elasticsearch #
:
9200
- HTTP (http.port
). Elasticsearch 9200-9300 .
9300-9400
- ( ) . Elasticsearch ( Elasticsearchtransport.port
).
elasticsearch
:
sudo systemctl start elasticsearch.service
:
$ES_HOME/bin/elasticsearch
Elasticsearch , :
$ES_HOME/bin/elasticsearch -d -p pid
Ctrl-C
( )pkill -F pid
.
, , , master
:
[es-node01] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [es-node01, es-node02, es-node03] to bootstrap a cluster: have discovered [{es-node01}{olhmN6eCSuGxF4yH0Q-cgA}{CHniuFCYS-u67R5mfysg8w}{10.0.3.11}{10.0.3.11:9300}{dm}{xpack.installed=true, transform.node=false}]; discovery will continue using [10.0.3.12:9300, 10.0.3.13:9300] from hosts providers and [{es-node01}{olhmN6eCSuGxF4yH0Q-cgA}{CHniuFCYS-u67R5mfysg8w}{10.0.3.11}{10.0.3.11:9300}{dm}{xpack.installed=true, transform.node=false}] from last-known cluster state; node term 0, last-accepted version 0 in term 0
, :
[es-node01] master node changed {previous [], current [{es-node02}{VIGgr6_aS-C39yrnmoZQKw}{pye7sBQUTz6EFh7Pqn7CJA}{10.0.3.12}{10.0.3.12:9300}{dm}{xpack.installed=true, transform.node=false}]}, added {{es-node02}{VIGgr6_aS-C39yrnmoZQKw}{pye7sBQUTz6EFh7Pqn7CJA}{10.0.3.12}{10.0.3.12:9300}{dm}{xpack.installed=true, transform.node=false}}, term: 1, version: 1, reason: ApplyCommitRequest{term=1, version=1, sourceNode={es-node02}{VIGgr6_aS-C39yrnmoZQKw}{pye7sBQUTz6EFh7Pqn7CJA}{10.0.3.12}{10.0.3.12:9300}{dm}{xpack.installed=true, transform.node=false}}
, :
curl -X GET "http://10.0.3.11:9200/_cluster/health?pretty"
{
"cluster_name" : "es_cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
, master
. es-node02
:
curl -X GET "http://10.0.3.11:9200/_cat/master?pretty"
VIGgr6_aS-C39yrnmoZQKw 10.0.3.12 10.0.3.12 es-node02
.
Heap size
Elasticsearch Java, «» (heap size
). Elasticsearch jvm.options
, , - 1 . , jvm.options.d
, .
-Xms16g
-Xmx16g
Xms
Xmx
heap size
, 16 . :
Xmx
Xms
50% . Elasticsearch .heap size
, ;
,
JVM
,compressed object pointers
. 32 . ,heap size
JVM
,zero-based compressed oops
( 26 ). .
Elasticsearch, JVM
. :
. Elasticseach .
sudo swapoff -a
vm.swappiness=1
sysctl
.
mlockall
.
mlockall
Elasticseach elasticsearch.yml
bootstrap.memory_lock
true
.
bootstrap.memory_lock: true
Elasticsearch :
curl -X GET "http://10.0.3.12:9200/_nodes?filter_path=**.mlockall&pretty"
{
"nodes" : {
"olhmN6eCSuGxF4yH0Q-cgA" : {
"process" : {
"mlockall" : true
}
},
"VIGgr6_aS-C39yrnmoZQKw" : {
"process" : {
"mlockall" : true
}
},
"hyfhcEtyQMK3kKmvYQdtZg" : {
"process" : {
"mlockall" : true
}
}
}
}
Elasticsearch :
[1] bootstrap checks failed
[1]: memory locking requested for elasticsearch process but memory is not locked
, , :
ulimit -l unlimited
Elasticsearch memlock
unlimited
/etc/security/limits.conf
.
RPM Deb
MAX_LOCKED_MEMORY
unlimited
/etc/sysconfig/elasticsearch
rpm
/etc/default/elasticsearch
dep
.
systemd
Elasticsearch, LimitMEMLOCK
. :
sudo systemctl edit elasticsearch
:
[Service] LimitMEMLOCK=infinity
Elasticsearch , . 65 536.
Elasticsearch
RPM
Deb
, .
/etc/security/limits.conf
nofile
, Elasticsearch.elasticsearch
:
elasticsearch - nofile 65536
:
curl -X GET "http://10.0.3.11:9200/_nodes/stats/process?filter_path=**.max_file_descriptors&pretty"
{
"nodes" : {
"olhmN6eCSuGxF4yH0Q-cgA" : {
"process" : {
"max_file_descriptors" : 65535
}
},
"VIGgr6_aS-C39yrnmoZQKw" : {
"process" : {
"max_file_descriptors" : 65535
}
},
"hyfhcEtyQMK3kKmvYQdtZg" : {
"process" : {
"max_file_descriptors" : 65535
}
}
}
}
Elasticsearch mmapfs
, mmap
. - root
:
sysctl -w vm.max_map_count=262144
, vm.max_map_count
/etc/sysctl.conf
.
Elasticsearch RPM
Deb
, .
, , Elasticsearch , 4096.
, ulimit -u 4096
nproc
4096 /etc/security/limits.conf
.
Elasticsearch systemd
, .
DNS
Elasticsearch DNS 60 10 . , es.networkaddress.cache.ttl
es.networkaddress.cache.negative.ttl
, JVM
/etc/elasticsearch/jvm.options.d/
RPM
Deb
$ES_HOME/config/jvm.options.d/
.
JNA
Elasticsearch Java Native Access (JNA)
, , /tmp
. , noexec
, .
/tmp
noexec
, JVM
, -Djna.tmpdir=<new_path>
.
Elasticsearch .
, Elasticsearch.
Kibana Logstash. Kibana.