ES集群部署

1. 安装部署ElasticSearch集群

1.1. 下载并安装

官方网站下载地址:https://www.elastic.co/cn/downloads/elasticsearch

$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.0-x86_64.rpm
$ rpm -ivh elasticsearch-7.14.0-x86_64.rpm

1 2	$ wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.14.0-x86_64.rpm $ rpm -ivh elasticsearch-7.14.0-x86_64.rpm

1.2. 修改相关文件夹权限（用户名随意）

出于安全考虑，elasticsearch默认不允许以root账号运行。
通过rpm安装时,其中默认创建elasticsearch用户和用户组.所以,需要把配置文件夹及文件的对应用户组改变即可. 需要注意一下es文件的用户和用户组，并修改为elasticsearch; 在es的服务文件中，将以elasticsearch用户和用户组运行程序。

#创建用户：useradd elasticsearch
#设置密码：passwd elasticsearch
#切换用户：su - elasticsearch
chown -R elasticsearch:elasticsearch /home/elasticsearch #用户目录
chown -R elasticsearch:elasticsearch /etc/elasticsearch #配置文件目录
chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/  #es安装目录
chown -R elasticsearch:elasticsearch /var/lib/elasticsearch #运行目录
chown -R elasticsearch:elasticsearch /var/log/elasticsearch #日志目录

#创建用户：useradd elasticsearch

#设置密码：passwd elasticsearch

#切换用户：su - elasticsearch

chown -R elasticsearch:elasticsearch /home/elasticsearch #用户目录

chown -R elasticsearch:elasticsearch /etc/elasticsearch #配置文件目录

chown -R elasticsearch:elasticsearch /usr/share/elasticsearch/ #es安装目录

chown -R elasticsearch:elasticsearch /var/lib/elasticsearch #运行目录

chown -R elasticsearch:elasticsearch /var/log/elasticsearch #日志目录

1.3. 修改配置文件

配置文件保持三台服务器一样（node.name要改成自己的）

$ grep -vE '#' /etc/elasticsearch/elasticsearch.yml 
cluster.name: myels  # 集群名称
node.name: node-1   # 节点名称

path.data: /var/lib/elasticsearch  # 数据存储路径
path.logs: /var/log/elasticsearch  # ES日志存储路径
network.host: 11.32.16.13   # 监听地址
http.port: 9200     # http端口
discovery.seed_hosts: ["11.32.16.13", "11.32.16.14", "11.32.16.15"] #集群主机列表
cluster.initial_master_nodes: ["11.32.16.13", "11.32.16.14"] #启动全新的集群时需要此参数，再次重新启动时此参数可免。集群初始化master节点

http.cors.enabled: true  #是否开启跨域访问
http.cors.allow-origin: "*" #开启跨域访问后的地址限制，*表示无限制

#开启安全模式，警告需要验证
#xpack.security.enabled: false

配置文件保持三台服务器一样（node.name要改成自己的）

$ grep -vE '#' /etc/elasticsearch/elasticsearch.yml

cluster.name: myels # 集群名称

node.name: node-1 # 节点名称

path.data: /var/lib/elasticsearch # 数据存储路径

path.logs: /var/log/elasticsearch # ES日志存储路径

network.host: 11.32.16.13 # 监听地址

http.port: 9200 # http端口

discovery.seed_hosts: ["11.32.16.13", "11.32.16.14", "11.32.16.15"] #集群主机列表

cluster.initial_master_nodes: ["11.32.16.13", "11.32.16.14"] #启动全新的集群时需要此参数，再次重新启动时此参数可免。集群初始化master节点

http.cors.enabled: true #是否开启跨域访问

http.cors.allow-origin: "*" #开启跨域访问后的地址限制，*表示无限制

#开启安全模式，警告需要验证

#xpack.security.enabled: false

这里集群配置是重点,参数seed_hosts和initial_master_nodes.
第一次配置集群时,一定要配置好合适的initial_master_nodes,当所有可选主节点启动后将通过9300端口建立连接并在其中选择主节点.建立连接文件存储在/var/lig/elaticsearch目录中.

initial_master_nodes在第一次配置集群之后,最好删掉.不要用该方式添加节点.如果想要添加,可以采用官方API进行临时性/永久性/配置文件的修改,即热修改.文档见important-settings

1.4. 启动ES

$ systemctl enable elasticsearch
$ systemctl start elasticsearch

1 2	$ systemctl enable elasticsearch $ systemctl start elasticsearch

1.5. 检查ES集群和节点状态

#查看是否启动端口
$ curl -XGET http://11.32.16.13:9200/

#查看节点,查看到主节点13
$ curl -XGET http://11.32.16.13:9200/_cat/nodes?v
ip          heap.percent ram.percent cpu load_1m load_5m load_15m node.role   master name
11.32.16.14            4          19   0    0.63    0.47     0.52 cdfhilmrstw -      test-env-zj01-control-11e32e16e14
11.32.16.13            2          67   0    0.11    0.09     0.13 cdfhilmrstw *      test-env-zj01-control-11e32e16e13
11.32.16.15            3          28   0    0.16    0.49     0.37 cdfhilmrstw -      test-env-zj01-control-11e32e16e15

这里可以看到,这几点时
#查看集群状态,"status":"green"表示正常运行
$ curl -XGET http://11.32.16.13:9200/_cluster/health
{"cluster_name":"vnet","status":"green","timed_out":false,"number_of_nodes":3,"number_of_data_nodes":3,"active_primary_shards":0,"active_shards":0,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}

#放开端口
iptables -I INPUT -p tcp -m multiport --dports 9200 -j ACCEPT

#删除index库
curl -XDELETE localhost:9200/eip-metric-2021-9-6
curl -XDELETE localhost:9200/eip-metric-2021-9-7

#查看是否启动端口

$ curl -XGET http://11.32.16.13:9200/

#查看节点,查看到主节点13

$ curl -XGET http://11.32.16.13:9200/_cat/nodes?v

ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name

11.32.16.14 4 19 0 0.63 0.47 0.52 cdfhilmrstw - test-env-zj01-control-11e32e16e14

11.32.16.13 2 67 0 0.11 0.09 0.13 cdfhilmrstw * test-env-zj01-control-11e32e16e13

11.32.16.15 3 28 0 0.16 0.49 0.37 cdfhilmrstw - test-env-zj01-control-11e32e16e15

这里可以看到,这几点时

#查看集群状态,"status":"green"表示正常运行

$ curl -XGET http://11.32.16.13:9200/_cluster/health

{"cluster_name":"vnet","status":"green","timed_out":false,"number_of_nodes":3,"number_of_data_nodes":3,"active_primary_shards":0,"active_shards":0,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}

#放开端口

iptables -I INPUT -p tcp -m multiport --dports 9200 -j ACCEPT

#删除index库

curl -XDELETE localhost:9200/eip-metric-2021-9-6

curl -XDELETE localhost:9200/eip-metric-2021-9-7

2. 安装部署Kibana

官方网站下载地址:[https://www.elastic.co/cn/downloads/kibana}

$ wget https://artifacts.elastic.co/downloads/kibana/kibana-7.14.0-x86_64.rpm
$ rpm -ivh kibana-7.14.0-x86_64.rpm

1 2	$ wget https://artifacts.elastic.co/downloads/kibana/kibana-7.14.0-x86_64.rpm $ rpm -ivh kibana-7.14.0-x86_64.rpm

2.1. 修改配置文件

$ vim config/kibana.yml
# 放开注释,将默认配置改成如下：
server.port: 5601
server.host: "localhost"
elasticsearch.url: "http://11.32.16.13:9200"
kibana.index: ".kibana"

$ vim config/kibana.yml

# 放开注释,将默认配置改成如下：

server.port: 5601

server.host: "localhost"

elasticsearch.url: "http://11.32.16.13:9200"

kibana.index: ".kibana"

2.2. 启动kibana

$ systemctl enable kibana
$ systemctl start kibana
$ systemctl status kibana

# 查看kibana
$ curl 127.0.0.1:5601/app/kibana

#放开端口
iptables -I INPUT -p tcp -m multiport --dports 5601 -j ACCEPT

$ systemctl enable kibana

$ systemctl start kibana

$ systemctl status kibana

# 查看kibana

$ curl 127.0.0.1:5601/app/kibana

#放开端口

iptables -I INPUT -p tcp -m multiport --dports 5601 -j ACCEPT

3. 问题排查

查看日志排查问题：

less /var/log/elasticsearch/stockQA.log

1	less /var/log/elasticsearch/stockQA.log

也可以通过直接运行二进制文件，查看问题；这里使用elasticsearch执行该二进制文件。

su - elasticsearch -c /usr/share/elasticsearch/bin/elasticsearch
su - elasticsearch -c /usr/share/elasticsearch/bin/systemd-entrypoint

1 2	su - elasticsearch -c /usr/share/elasticsearch/bin/elasticsearch su - elasticsearch -c /usr/share/elasticsearch/bin/systemd-entrypoint

3.1. 最大文件描述符和虚拟存储

问题

ERROR: [5] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

ERROR: [5] bootstrap checks failed

[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]

[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

方法

#切换root用户
vi /etc/security/limits.conf

#在倒数第二行
* soft nofile 65536
* hard nofile 131072
* soft nproc 4096
* hard nproc 4096
# End of file

vi /etc/sysctl.conf
#添加

vm.max_map_count=655360

#保存后执行
sysctl -p

#切换root用户

vi /etc/security/limits.conf

#在倒数第二行

* soft nofile 65536

* hard nofile 131072

* soft nproc 4096

* hard nproc 4096

# End of file

vi /etc/sysctl.conf

#添加

vm.max_map_count=655360

#保存后执行

sysctl -p

3.2. 最大线程数

>[1]: max number of threads [1024] for user [es] is too low, increase to at least [4096]

1	>[1]: max number of threads [1024] for user [es] is too low, increase to at least [4096]

vi /etc/security/limits.d/90-nproc.conf
#修改
*          soft    nproc     1024
#为
*          soft    nproc     4096

vi /etc/security/limits.d/90-nproc.conf

#修改

* soft nproc 1024

#为

* soft nproc 4096

3.3. 最大线程数

bin/service/elasticsearch +
console 在前台运行es
start 在后台运行es
stop 停止es
install 使es作为服务在服务器启动时自动启动
remove 取消启动时自动启动

在service目录下有个elasticsearch.conf配置文件，主要是设置一些java运行环境参数，其中比较重要的是下面的

参数：

#es的home路径，不用用默认值就可以
set.default.ES_HOME=<Path to ElasticSearch Home>

#分配给es的最小内存
set.default.ES_MIN_MEM=256

#分配给es的最大内存
set.default.ES_MAX_MEM=1024

# 启动等待超时时间（以秒为单位）
wrapper.startup.timeout=300
# 关闭等待超时时间（以秒为单位）
wrapper.shutdown.timeout=300
# ping超时时间(以秒为单位)
wrapper.ping.timeout=300
## 运行ES服务
#https://blog.csdn.net/choulao8648/article/details/100745709

bin/service/elasticsearch +

console 在前台运行es

start 在后台运行es

stop 停止es

install 使es作为服务在服务器启动时自动启动

remove 取消启动时自动启动

在service目录下有个elasticsearch.conf配置文件，主要是设置一些java运行环境参数，其中比较重要的是下面的

参数：

#es的home路径，不用用默认值就可以

set.default.ES_HOME=<Path to ElasticSearch Home>

#分配给es的最小内存

set.default.ES_MIN_MEM=256

#分配给es的最大内存

set.default.ES_MAX_MEM=1024

# 启动等待超时时间（以秒为单位）

wrapper.startup.timeout=300

# 关闭等待超时时间（以秒为单位）

wrapper.shutdown.timeout=300

# ping超时时间(以秒为单位)

wrapper.ping.timeout=300

## 运行ES服务

#https://blog.csdn.net/choulao8648/article/details/100745709

3.4. ES服务启动超时

超时启动 elasticsearch.service start operation timed out. Terminating

#排除服务问题To tail the journal:
sudo journalctl -f
#排除服务问题To list journal entries for the elasticsearch service:
sudo journalctl --unit elasticsearch

vim /usr/lib/systemd/system/elasticsearch.service
# Allow a slow startup before the systemd notifier module kicks in to extend the timeout
TimeoutStartSec=300

#排除服务问题To tail the journal:

sudo journalctl -f

#排除服务问题To list journal entries for the elasticsearch service:

sudo journalctl --unit elasticsearch

vim /usr/lib/systemd/system/elasticsearch.service

# Allow a slow startup before the systemd notifier module kicks in to extend the timeout

TimeoutStartSec=300

https://www.elastic.co/guide/en/elasticsearch/reference/current/starting-elasticsearch.html

参考文档:ES简介与安装

赞赏

微信赞赏支付宝赞赏