Jace Ding
0%

ELK环境搭建

发表于 分类于

环境说明:

  • ElasticSearch:7.7.0

  • Kibana: 7.7.0

  • Linux: Centos7

环境准备

下面是原始的文件,修改配置后需要挂载到容器中:

elasticsearch.yml

1
2
cluster.name: "docker-cluster"
network.host: 0.0.0.0

jvm.options

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
## JVM configuration

################################################################
## IMPORTANT: JVM heap size
################################################################
##
## You should always set the min and max JVM heap
## size to the same value. For example, to set
## the heap to 4 GB, set:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
## for more information
##
################################################################

# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space

-Xms1g
-Xmx1g

################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don't tamper with them unless
## you understand what you are doing
##
################################################################

## GC configuration
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly

## G1GC Configuration
# NOTE: G1 GC is only supported on JDK version 10 or later
# to use G1GC, uncomment the next two lines and update the version on the
# following three lines to your version of the JDK
# 10-13:-XX:-UseConcMarkSweepGC
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
14-:-XX:G1ReservePercent=25
14-:-XX:InitiatingHeapOccupancyPercent=30

## JVM temporary directory
-Djava.io.tmpdir=${ES_TMPDIR}

## heap dumps

# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError

# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
-XX:HeapDumpPath=data

# specify an alternative path for JVM fatal error logs
-XX:ErrorFile=logs/hs_err_pid%p.log

## JDK 8 GC logging
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:logs/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m

# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m

kibana.yml

1
2
3
4
5
6
7
8
#
# ** THIS IS AN AUTO-GENERATED FILE **
#

# Default Kibana configuration for docker target
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200"]

elastic-stack-ca.p12

证书需要先生成,如果是使用基础版可以先生成一个,然后复制到宿主机

1
2
3
4
5
6
7
8
9
10
11
12
13
# 启动一个容器
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-
node" elasticsearch:7.7.0
# 进入容器
docker exec -it elasticsearch /bin/bash
# 生成证书
# 1. 会提示输入希望证书的输出路径,直接回车就行
# 2. 设置证书密码,建议不设置,直接回车
./bin/elasticsearch-certutil ca
# 复制证书到宿主机,注意:这条命令需要再宿主机执行
docker cp elasticsearch:/usr/share/elasticsearch/elastic-stack-ca.p12 /usr/es_kibana
# 检查证书已复制到相应目录就删除该容器
docker rm -f elasticsearch

log4j2.properties

有需要可以下载

下载log4j2.properties

部署

先创建目录/usr/es_kibana/es01/config

然后把修改后的elasticsearch.yml、jvm.options放入config目录中

目录结构如下

/usr/es_kibana:

  1. node01/conf
    1. elasticsearch.yml
    2. jvm.options
  2. node02/conf
    1. elasticsearch.yml
    2. jvm.options
  3. node03/conf
    1. elasticsearch.yml
    2. jvm.options
  4. kibana.yml
  5. elastic-stack-ca.p12
  6. docker-compose.yml

然后docker-compose up -d启动

此时,再进入主节点,如设置密码,然后docker-compose down,docker-compose up -d重启服务

elasticsearch.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
cluster.name: "docker-cluster"
network.host: 0.0.0.0

bootstrap.memory_lock: true

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "*"

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: elastic-stack-ca.p12
xpack.security.transport.ssl.truststore.path: elastic-stack-ca.p12

jvm.options

可以修改内存占用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
## JVM configuration

################################################################
## IMPORTANT: JVM heap size
################################################################
##
## You should always set the min and max JVM heap
## size to the same value. For example, to set
## the heap to 4 GB, set:
##
## -Xms4g
## -Xmx4g
##
## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
## for more information
##
################################################################

# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space

-Xms1g
-Xmx1g

################################################################
## Expert settings
################################################################
##
## All settings below this section are considered
## expert settings. Don't tamper with them unless
## you understand what you are doing
##
################################################################

## GC configuration
8-13:-XX:+UseConcMarkSweepGC
8-13:-XX:CMSInitiatingOccupancyFraction=75
8-13:-XX:+UseCMSInitiatingOccupancyOnly

## G1GC Configuration
# NOTE: G1 GC is only supported on JDK version 10 or later
# to use G1GC, uncomment the next two lines and update the version on the
# following three lines to your version of the JDK
# 10-13:-XX:-UseConcMarkSweepGC
# 10-13:-XX:-UseCMSInitiatingOccupancyOnly
14-:-XX:+UseG1GC
14-:-XX:G1ReservePercent=25
14-:-XX:InitiatingHeapOccupancyPercent=30

## JVM temporary directory
-Djava.io.tmpdir=${ES_TMPDIR}

## heap dumps

# generate a heap dump when an allocation from the Java heap fails
# heap dumps are created in the working directory of the JVM
-XX:+HeapDumpOnOutOfMemoryError

# specify an alternative path for heap dumps; ensure the directory exists and
# has sufficient space
-XX:HeapDumpPath=data

# specify an alternative path for JVM fatal error logs
-XX:ErrorFile=logs/hs_err_pid%p.log

## JDK 8 GC logging
8:-XX:+PrintGCDetails
8:-XX:+PrintGCDateStamps
8:-XX:+PrintTenuringDistribution
8:-XX:+PrintGCApplicationStoppedTime
8:-Xloggc:logs/gc.log
8:-XX:+UseGCLogFileRotation
8:-XX:NumberOfGCLogFiles=32
8:-XX:GCLogFileSize=64m

# JDK 9+ GC logging
9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m

kibana.yml

elasticsearch.username、elasticsearch.password 可以等配置完x-pack密码再设置

1
2
3
4
5
6
7
8
9
10
11
#
# ** THIS IS AN AUTO-GENERATED FILE **
#

# Default Kibana configuration for docker target
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://es01:9200"]

elasticsearch.username: elastic
elasticsearch.password: "elastic20200518"

docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
version: '3'
services:
  es01:
    image: elasticsearch:7.7.0
    container_name: es01
    privileged: true
    restart: always
    environment:
      - node.name=es01
      - cluster.name=es-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - TAKE_FILE_OWNERSHIP=true
      - TZ=Asia/Shanghai
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./node01/data:/usr/share/elasticsearch/data
      - ./node01/logs:/usr/share/elasticsearch/logs
      - ./node01/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./node01/config/jvm.options:/usr/share/elasticsearch/config/jvm.options
      - ./elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12
    ports:
      - 9201:9200
      - 9301:9300
    networks:
      - elastic
  es02:
    image: elasticsearch:7.7.0
    container_name: es02
    privileged: true
    restart: always
    environment:
      - node.name=es02
      - cluster.name=es-cluster
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - TAKE_FILE_OWNERSHIP=true
      - TZ=Asia/Shanghai
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./node02/data:/usr/share/elasticsearch/data
      - ./node02/logs:/usr/share/elasticsearch/logs
      - ./node02/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./node02/config/jvm.options:/usr/share/elasticsearch/config/jvm.options
      - ./elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12
    networks:
      - elastic
  es03:
    image: elasticsearch:7.7.0
    container_name: es03
    privileged: true
    restart: always
    environment:
      - node.name=es03
      - cluster.name=es-cluster
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - TAKE_FILE_OWNERSHIP=true
      - TZ=Asia/Shanghai
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./node03/data:/usr/share/elasticsearch/data
      - ./node03/logs:/usr/share/elasticsearch/logs
      - ./node03/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
      - ./node03/config/jvm.options:/usr/share/elasticsearch/config/jvm.options
      - ./elastic-stack-ca.p12:/usr/share/elasticsearch/config/elastic-stack-ca.p12
    networks:
      - elastic

  kibana:
    image: kibana:7.7.0
    container_name: kibana
    privileged: true
    restart: always
    environment:
      - SERVER_NAME=kibana
      - ELASTICSEARCH_HOSTS=http://es01:9200
      - I18N_LOCALE=zh-CN
      - XPACK_MONITORING_ENABLED=true
      - TZ=Asia/Shanghai
    volumes:
      - ./kibana.yml:/usr/share/kibana/config/kibana.yml
    ports:
      - 5601:5601
    networks:
      - elastic
    depends_on:
      - es01
      - es02
      - es03

networks:
  elastic:
    driver: bridge

配置 x-pack密码

先进入容器再设置密码

1
2
docker exec -it es01 /bin/bash
bin/elasticsearch-setup-passwords interactive

真分布式环境搭建

ElasticSearch版本:7.9.2

Kibana版本:7.9.2

服务器列表:

  1. 10.86.52.74
  2. 10.86.52.77
  3. 10.82.193.157

docker-compose.yml

可参考官方文档:https://www.elastic.co/guide/en/elasticsearch/reference/7.9/docker.html

10.86.52.74

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
version: '3'
services:
  es:
    image: elasticsearch:7.9.2
    container_name: es
    privileged: true
    restart: always
    network_mode: host
    environment:
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - TAKE_FILE_OWNERSHIP=true
      - TZ=Asia/Shanghai
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data:/usr/share/elasticsearch/data
      - ./logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml

配置说明:

  • 配置bootstrap.memory_lock=true,可以锁定物理内存地址,防止es内存被交换出去,也就是避免es使用swap交换分区,频繁的交换,会导致IOPS变高。
  • 配置TAKE_FILE_OWNERSHIP=true,可以解决volumes挂载权限问题。

10.86.52.77

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
version: '3'
services:
  es:
    image: elasticsearch:7.9.2
    container_name: es
    privileged: true
    restart: always
    network_mode: host
    environment:
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - TAKE_FILE_OWNERSHIP=true
      - TZ=Asia/Shanghai
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data:/usr/share/elasticsearch/data
      - ./logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml

10.82.193.157

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
version: '3'
services:
  es:
    image: elasticsearch:7.9.2
    container_name: es
    privileged: true
    restart: always
    network_mode: host
    environment:
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - TAKE_FILE_OWNERSHIP=true
      - TZ=Asia/Shanghai
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data:/usr/share/elasticsearch/data
      - ./logs:/usr/share/elasticsearch/logs
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml

elasticsearch.yml

创建elasticsearch.yml文件,添加如下内容:

10.86.52.74

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
cluster.name: "es-cluster"
node.name: es01
node.master: true
node.data: true
network.host: 10.86.52.74

bootstrap.memory_lock: true

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "*"

xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false

discovery.seed_hosts:
  - 10.86.52.77
  - 10.82.193.157
cluster.initial_master_nodes: 
  - 110.86.52.74
  - 10.86.52.77
  - 10.82.193.157

10.86.52.77

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
cluster.name: "es-cluster"
node.name: es02
node.master: true
node.data: true
network.host: 10.86.52.77

bootstrap.memory_lock: true

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "*"

xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false

discovery.seed_hosts:
  - 10.86.52.74
  - 10.82.193.157
cluster.initial_master_nodes: 
  - 110.86.52.74
  - 10.86.52.77
  - 10.82.193.157

10.82.193.157

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
cluster.name: "es-cluster"
node.name: es03
node.master: true
node.data: true
network.host: 10.82.193.157

bootstrap.memory_lock: true

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "*"

xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false

discovery.seed_hosts:
  - 10.86.52.74
  - 10.86.52.77
cluster.initial_master_nodes: 
  - 110.86.52.74
  - 10.86.52.77
  - 10.82.193.157

启动和验证

使用docker-compose up -d 分别启动,然后输入http://10.86.52.74:9200/_cat/nodes?v&pretty 查看是否成功

Kibana

docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
version: '3'
services:  
  kibana:
    image: kibana:7.9.2
    container_name: kibana
    privileged: true
    restart: always
    network_mode: host
    environment:
      - SERVER_NAME=kibana
      - TZ=Asia/Shanghai
    volumes:
      - ./kibana.yml:/usr/share/kibana/config/kibana.yml

kibana.yml

创建kibana.yml文件

1
2
3
4
5
6
7
8
9
10
11
12
#
# ** THIS IS AN AUTO-GENERATED FILE **
#

# Default Kibana configuration for docker target
server.name: kibana
server.host: "0"
elasticsearch.hosts: 
  - http://10.86.52.74:9200
  - http://10.86.52.77:9200
  - http://10.82.193.157:9200
i18n.locale: zh-CN

IK分词器

项目地址:https://github.com/medcl/elasticsearch-analysis-ik

选择和ES版本对应的ik分词器下载

1
2
3
4
# 选择和ES版本对应的ik分词器下载
wget https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.9.2/elasticsearch-analysis-ik-7.9.2.zip
# 解压
unzip -d ./ik elasticsearch-analysis-ik-7.9.2.zip

映射主机文件到容器中,如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
version: '3'
services:
  es:
    image: elasticsearch:7.9.2
    container_name: es
    privileged: true
    restart: always
    network_mode: host
    environment:
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - TAKE_FILE_OWNERSHIP=true
      - TZ=Asia/Shanghai
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data:/usr/share/elasticsearch/data
      - ./logs:/usr/share/elasticsearch/logs
      - ./ik:/usr/share/elasticsearch/plugins/ik
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml

然后重启即可

测试分词效果

默认分词器

POST http://10.86.52.74:9200/_analyze

1
2
3
{  
    "text": "我是中国人"  
}

返回值:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{
    "tokens": [
        {
            "token": "我",
            "start_offset": 0,
            "end_offset": 1,
            "type": "<IDEOGRAPHIC>",
            "position": 0
        },
        {
            "token": "是",
            "start_offset": 1,
            "end_offset": 2,
            "type": "<IDEOGRAPHIC>",
            "position": 1
        },
        {
            "token": "中",
            "start_offset": 2,
            "end_offset": 3,
            "type": "<IDEOGRAPHIC>",
            "position": 2
        },
        {
            "token": "国",
            "start_offset": 3,
            "end_offset": 4,
            "type": "<IDEOGRAPHIC>",
            "position": 3
        },
        {
            "token": "人",
            "start_offset": 4,
            "end_offset": 5,
            "type": "<IDEOGRAPHIC>",
            "position": 4
        }
    ]
}
ik分词器 smart模式

POST http://10.86.52.74:9200/_analyze

1
2
3
4
{  
    "analyzer": "ik_smart",
    "text": "我是中国人"  
}

返回值:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
    "tokens": [
        {
            "token": "我",
            "start_offset": 0,
            "end_offset": 1,
            "type": "CN_CHAR",
            "position": 0
        },
        {
            "token": "是",
            "start_offset": 1,
            "end_offset": 2,
            "type": "CN_CHAR",
            "position": 1
        },
        {
            "token": "中国人",
            "start_offset": 2,
            "end_offset": 5,
            "type": "CN_WORD",
            "position": 2
        }
    ]
}
ik分词器 max_word模式

POST http://10.86.52.74:9200/_analyze

1
2
3
4
{  
    "analyzer": "ik_max_word",
    "text": "我是中国人"  
}

返回值:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{
    "tokens": [
        {
            "token": "我",
            "start_offset": 0,
            "end_offset": 1,
            "type": "CN_CHAR",
            "position": 0
        },
        {
            "token": "是",
            "start_offset": 1,
            "end_offset": 2,
            "type": "CN_CHAR",
            "position": 1
        },
        {
            "token": "中国人",
            "start_offset": 2,
            "end_offset": 5,
            "type": "CN_WORD",
            "position": 2
        },
        {
            "token": "中国",
            "start_offset": 2,
            "end_offset": 4,
            "type": "CN_WORD",
            "position": 3
        },
        {
            "token": "国人",
            "start_offset": 3,
            "end_offset": 5,
            "type": "CN_WORD",
            "position": 4
        }
    ]
}

问题汇总

  1. max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

    修改配置sysctl.conf

    1
    2
    3
    4
    # 修改sysctl.conf,添加配置 vm.max_map_count=655360
    vim /etc/sysctl.conf
    # 使其生效
    sysctl -p

    然后重新启动elasticsearch

坚持原创技术分享,您的支持将鼓励我继续创作!