pengantar
Artikel ini adalah yang pertama dalam serangkaian di Elasticsearch , Logstash , Kibana ( ELK ) tumpukan . Seri artikel ini ditujukan bagi mereka yang baru memulai ELK stack , dan berisi pengetahuan minimum yang diperlukan agar berhasil meluncurkan cluster ELK pertama mereka .
Siklus ini akan membahas topik-topik seperti:
menginstal dan mengkonfigurasi komponen ELK,
keamanan cluster, replikasi dan sharding data,
mengonfigurasi Logstash dan Beat untuk membuat dan mengirim data ke Elasticsearch,
visualisasi di Kibana
memulai tumpukan di Docker.
Artikel ini akan membahas prosedur untuk menginstal Elasticsearch dan mengkonfigurasi cluster.
Rencana aksi:
Unduh dan instal Elasticsearch.
Menyiapkan cluster.
Kami memulai dan memeriksa kinerja cluster.
Membuat pengaturan penting.
Unduh dan instal Elasticsearch
Elasticsearch, . . , Deb
, RPM
tar.gz
Linux .
Deb
Elasticsearch PGP :
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
apt-transport-https
:
sudo apt-get install apt-transport-https
Elastic:
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
Elasticsearch :
sudo apt-get update && sudo apt-get install elasticsearch
Elasticsearch :
sudo /bin/systemctl daemon-reload && sudo /bin/systemctl enable elasticsearch.service
RPM
Elasticsearch PGP :
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
/etc/yum.repos.d/
Elasticsearchelasticsearch.repo
:
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
Elasticsearch c ,
yum
dnf
CentOS
,Red Hat
,Fedora
zypper
OpenSUSE
:
# Yum
sudo yum install --enablerepo=elasticsearch elasticsearch
# Dnf
sudo dnf install --enablerepo=elasticsearch elasticsearch
# Zypper
sudo zypper modifyrepo --enable elasticsearch && \
sudo zypper install elasticsearch; \
sudo zypper modifyrepo --disable elasticsearch
tar.gz
Elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.1-linux-x86_64.tar.gz
Elasticsearch:
tar -xzf elasticsearch-7.10.1-linux-x86_64.tar.gz
cd elasticsearch-7.10.1/
, $ES_HOME
.
$ES_HOME/config/
.
.
Elasticsearch , Elasticsearch .
Elasticsearch. .
Elasticsearch YAML
, /etc/elasticsearch/elasticsearch.yml
Deb
RPM
$ES_HOME/config/elasticsearch.yml
- .
es-node01.
, .
.
master
data
:
# ------------------------------------ Node ------------------------------------
node.name: es-node01 #
node.roles: [ master, data ] #
master
,
data
, :
# ---------------------------------- Network -----------------------------------
network.host: 10.0.3.11 #
http.port: 9200 #
0.0.0.0
0
, Elasticsearch .
master
:
# ---------------------------------- Cluster -----------------------------------
cluster.name: es_cluster #
cluster.initial_master_nodes: ["es-node01","es-node02","es-node03"] #
cluster.initial_master_nodes
, , . ( ), .
.
master
:
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["10.0.3.11", "10.0.3.12", "10.0.3.13"] #
7.0 Elasticsearch
discovery.zen.minimum_master_nodes
, . , Split Brain,master
. 7.0 , . , , .
,
# ----------------------------------- Paths ------------------------------------
path.data: /var/lib/elasticsearch #
path.logs: /var/log/elasticsearch #
:
# ------------------------------------ Node ------------------------------------
node.name: es-node01 #
node.roles: [ master, data ] #
#
# ---------------------------------- Network -----------------------------------
network.host: 10.0.3.11 #
http.port: 9200 #
#
# ---------------------------------- Cluster -----------------------------------
cluster.name: es_cluster #
cluster.initial_master_nodes: ["es-node01","es-node02","es-node03"] #
#
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["10.0.3.11", "10.0.3.12", "10.0.3.13"] #
#
# ----------------------------------- Paths ------------------------------------
path.data: /var/lib/elasticsearch #
path.logs: /var/log/elasticsearch #
:
9200
- HTTP (http.port
). Elasticsearch 9200-9300 .
9300-9400
- ( ) . Elasticsearch ( Elasticsearchtransport.port
).
elasticsearch
:
sudo systemctl start elasticsearch.service
:
$ES_HOME/bin/elasticsearch
Elasticsearch , :
$ES_HOME/bin/elasticsearch -d -p pid
Ctrl-C
( )pkill -F pid
.
, , , master
:
[es-node01] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [es-node01, es-node02, es-node03] to bootstrap a cluster: have discovered [{es-node01}{olhmN6eCSuGxF4yH0Q-cgA}{CHniuFCYS-u67R5mfysg8w}{10.0.3.11}{10.0.3.11:9300}{dm}{xpack.installed=true, transform.node=false}]; discovery will continue using [10.0.3.12:9300, 10.0.3.13:9300] from hosts providers and [{es-node01}{olhmN6eCSuGxF4yH0Q-cgA}{CHniuFCYS-u67R5mfysg8w}{10.0.3.11}{10.0.3.11:9300}{dm}{xpack.installed=true, transform.node=false}] from last-known cluster state; node term 0, last-accepted version 0 in term 0
, :
[es-node01] master node changed {previous [], current [{es-node02}{VIGgr6_aS-C39yrnmoZQKw}{pye7sBQUTz6EFh7Pqn7CJA}{10.0.3.12}{10.0.3.12:9300}{dm}{xpack.installed=true, transform.node=false}]}, added {{es-node02}{VIGgr6_aS-C39yrnmoZQKw}{pye7sBQUTz6EFh7Pqn7CJA}{10.0.3.12}{10.0.3.12:9300}{dm}{xpack.installed=true, transform.node=false}}, term: 1, version: 1, reason: ApplyCommitRequest{term=1, version=1, sourceNode={es-node02}{VIGgr6_aS-C39yrnmoZQKw}{pye7sBQUTz6EFh7Pqn7CJA}{10.0.3.12}{10.0.3.12:9300}{dm}{xpack.installed=true, transform.node=false}}
, :
curl -X GET "http://10.0.3.11:9200/_cluster/health?pretty"
{
"cluster_name" : "es_cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
, master
. es-node02
:
curl -X GET "http://10.0.3.11:9200/_cat/master?pretty"
VIGgr6_aS-C39yrnmoZQKw 10.0.3.12 10.0.3.12 es-node02
.
Heap size
Elasticsearch Java, «» (heap size
). Elasticsearch jvm.options
, , - 1 . , jvm.options.d
, .
-Xms16g
-Xmx16g
Xms
Xmx
heap size
, 16 . :
Xmx
Xms
50% . Elasticsearch .heap size
, ;
,
JVM
,compressed object pointers
. 32 . ,heap size
JVM
,zero-based compressed oops
( 26 ). .
Elasticsearch, JVM
. :
. Elasticseach .
sudo swapoff -a
vm.swappiness=1
sysctl
.
mlockall
.
mlockall
Elasticseach elasticsearch.yml
bootstrap.memory_lock
true
.
bootstrap.memory_lock: true
Elasticsearch :
curl -X GET "http://10.0.3.12:9200/_nodes?filter_path=**.mlockall&pretty"
{
"nodes" : {
"olhmN6eCSuGxF4yH0Q-cgA" : {
"process" : {
"mlockall" : true
}
},
"VIGgr6_aS-C39yrnmoZQKw" : {
"process" : {
"mlockall" : true
}
},
"hyfhcEtyQMK3kKmvYQdtZg" : {
"process" : {
"mlockall" : true
}
}
}
}
Elasticsearch :
[1] bootstrap checks failed
[1]: memory locking requested for elasticsearch process but memory is not locked
, , :
ulimit -l unlimited
Elasticsearch memlock
unlimited
/etc/security/limits.conf
.
RPM Deb
MAX_LOCKED_MEMORY
unlimited
/etc/sysconfig/elasticsearch
rpm
/etc/default/elasticsearch
dep
.
systemd
Elasticsearch, LimitMEMLOCK
. :
sudo systemctl edit elasticsearch
:
[Service] LimitMEMLOCK=infinity
Elasticsearch , . 65 536.
Elasticsearch
RPM
Deb
, .
/etc/security/limits.conf
nofile
, Elasticsearch.elasticsearch
:
elasticsearch - nofile 65536
:
curl -X GET "http://10.0.3.11:9200/_nodes/stats/process?filter_path=**.max_file_descriptors&pretty"
{
"nodes" : {
"olhmN6eCSuGxF4yH0Q-cgA" : {
"process" : {
"max_file_descriptors" : 65535
}
},
"VIGgr6_aS-C39yrnmoZQKw" : {
"process" : {
"max_file_descriptors" : 65535
}
},
"hyfhcEtyQMK3kKmvYQdtZg" : {
"process" : {
"max_file_descriptors" : 65535
}
}
}
}
Elasticsearch mmapfs
, mmap
. - root
:
sysctl -w vm.max_map_count=262144
, vm.max_map_count
/etc/sysctl.conf
.
Elasticsearch RPM
Deb
, .
, , Elasticsearch , 4096.
, ulimit -u 4096
nproc
4096 /etc/security/limits.conf
.
Elasticsearch systemd
, .
DNS
Elasticsearch DNS 60 10 . , es.networkaddress.cache.ttl
es.networkaddress.cache.negative.ttl
, JVM
/etc/elasticsearch/jvm.options.d/
RPM
Deb
$ES_HOME/config/jvm.options.d/
.
JNA
Elasticsearch Java Native Access (JNA)
, , /tmp
. , noexec
, .
/tmp
noexec
, JVM
, -Djna.tmpdir=<new_path>
.
Elasticsearch .
, Elasticsearch.
Kibana Logstash. Kibana.