关于elasticsearch:elk-stack安装教程

1. elasticsearch 装置教程(linux_x86_64)

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.16.0-linux-x86_64.tar.gz

# 增加新用户
useradd elsearch

# 创立一个 soft 目录，寄存下载的软件
mkdir /soft

# 进入，而后通过 xftp 工具，将刚刚下载的文件拖动到该目录下
cd /soft

# 解压缩
tar -zxvf elasticsearch-7.9.1-linux-x86_64.tar.gz

#重命名
mv elasticsearch-7.9.1/ elsearch

chown elsearch:elsearch /soft/ -R


cd /soft/elsearch/config

#关上配置文件
vim elasticsearch.yml 

#设置 ip 地址，任意网络均可拜访
network.host: 0.0.0.0 
# 勾销正文，并保留一个节点
node.name: node-1
cluster.initial_master_nodes: ["node-1"]
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "*"

• 在 Elasticsearch 中如果，network.host 不是 localhost 或者 127.0.0.1 的话，就会认为是生产环境，会对环境的要求比拟高，咱们的测试环境不肯定可能满足，个别状况下须要批改 2 处配置，如下：

# 批改 jvm 启动参数
vim conf/jvm.options

#依据本人机器状况批改
-Xms128m 
-Xmx128m

• 而后在批改第二处的配置，这个配置要求咱们到宿主机器上来进行配置

# 到宿主机上关上文件
vim /etc/sysctl.conf
# 减少这样一条配置，一个过程在 VMAs(虚拟内存区域)创立内存映射最大数量
vm.max_map_count=655360
# 让配置失效
sysctl -p

启动ElasticSearch

su - elsearch

# 进入 bin 目录
cd /soft/elsearch/bin
# 后盾启动
./elasticsearch -d

启动胜利后，拜访上面的 URL

$elsurl:9200/

如果呈现了上面的信息，就示意曾经胜利启动了

![image.png](/img/bVcWCa5)

谬误剖析
如果呈现上面的错误信息

java.lang.RuntimeException: can not run elasticsearch as root
    at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:111)
    at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393)
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)
    at org.elasticsearch.cli.Command.main(Command.java:90)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)
For complete error details, refer to the log at /soft/elsearch/logs/elasticsearch.log
[root@e588039bc613 bin]# 2020-09-22 02:59:39,537121 UTC [536] ERROR CLogger.cc@310 Cannot log to named pipe /tmp/elasticsearch-5834501324803693929/controller_log_381 as it could not be opened for writing
2020-09-22 02:59:39,537263 UTC [536] INFO  Main.cc@103 Parent process died - ML controller exiting

就阐明你没有切换成 elsearch 用户，因为不能应用 root 操作 es

谬误状况 2

[1]:max file descriptors [4096] for elasticsearch process is too low, increase to at least[65536]

解决办法：切换到 root 用户，编辑 limits.conf 增加如下内容

vi /etc/security/limits.conf

# ElasticSearch 增加如下内容:
* soft nofile 65536
* hard nofile 131072
* soft nproc 2048
* hard nproc 4096

谬误剖析 3

也就是最大线程数设置的太低了，须要改成 4096

# 解决：切换到 root 用户，进入 limits.d 目录下批改配置文件。vi /etc/security/limits.d/90-nproc.conf
#批改如下内容：* soft nproc 1024
#批改为
* soft nproc 4096

谬误状况 4

[elsearch@e588039bc613 bin]$ Exception in thread "main" org.elasticsearch.bootstrap.BootstrapException: java.nio.file.AccessDeniedException: /soft/elsearch/config/elasticsearch.keystore
Likely root cause: java.nio.file.AccessDeniedException: /soft/elsearch/config/elasticsearch.keystore
    at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:90)
    at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
    at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
    at java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:219)
    at java.base/java.nio.file.Files.newByteChannel(Files.java:375)
    at java.base/java.nio.file.Files.newByteChannel(Files.java:426)
    at org.apache.lucene.store.SimpleFSDirectory.openInput(SimpleFSDirectory.java:79)
    at org.elasticsearch.common.settings.KeyStoreWrapper.load(KeyStoreWrapper.java:220)
    at org.elasticsearch.bootstrap.Bootstrap.loadSecureSettings(Bootstrap.java:240)
    at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349)
    at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
    at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)
    at org.elasticsearch.cli.Command.main(Command.java:90)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)
    at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)

咱们通过排查，发现是因为 /soft/elsearch/config/elasticsearch.keystore 存在问题

也就是说该文件还是所属于 root 用户，而咱们应用 elsearch 用户无奈操作，所以须要把它变成 elsearch

chown elsearch:elsearch elasticsearch.keystore

谬误状况 5

[1]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
ERROR: Elasticsearch did not exit normally - check the logs at /soft/elsearch/logs/elasticsearch.log

持续批改配置 elasticsearch.yaml

# 勾销正文，并保留一个节点
node.name: node-1
cluster.initial_master_nodes: ["node-1"]