introduction
This article is the first in a series on the Elasticsearch , Logstash , Kibana ( ELK ) stack . This series of articles is aimed at those who are just getting started with the ELK stack , and contains the minimum required knowledge to successfully launch their first ELK cluster .
This cycle will cover topics such as:
installing and configuring ELK components ,
cluster security, data replication and sharding,
configuring Logstash and Beat to build and send data to Elasticsearch,
visualization in Kibana
starting a stack in Docker.
This article will cover the procedure for installing Elasticsearch and configuring the cluster.
Action plan:
Download and install Elasticsearch.
Setting up a cluster.
We start and check the cluster performance.
Making important settings.
Download and install Elasticsearch
Elasticsearch, . . , Deb
, RPM
tar.gz
Linux .
Deb
Elasticsearch PGP :
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
apt-transport-https
:
sudo apt-get install apt-transport-https
Elastic:
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
Elasticsearch :
sudo apt-get update && sudo apt-get install elasticsearch
Elasticsearch :
sudo /bin/systemctl daemon-reload && sudo /bin/systemctl enable elasticsearch.service
RPM
Elasticsearch PGP :
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
/etc/yum.repos.d/
Elasticsearchelasticsearch.repo
:
[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
Elasticsearch c ,
yum
dnf
CentOS
,Red Hat
,Fedora
zypper
OpenSUSE
:
# Yum
sudo yum install --enablerepo=elasticsearch elasticsearch
# Dnf
sudo dnf install --enablerepo=elasticsearch elasticsearch
# Zypper
sudo zypper modifyrepo --enable elasticsearch && \
sudo zypper install elasticsearch; \
sudo zypper modifyrepo --disable elasticsearch
tar.gz
Elasticsearch
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.10.1-linux-x86_64.tar.gz
Elasticsearch:
tar -xzf elasticsearch-7.10.1-linux-x86_64.tar.gz
cd elasticsearch-7.10.1/
, $ES_HOME
.
$ES_HOME/config/
.
.
Elasticsearch , Elasticsearch .
Elasticsearch. .
Elasticsearch YAML
, /etc/elasticsearch/elasticsearch.yml
Deb
RPM
$ES_HOME/config/elasticsearch.yml
- .
es-node01.
, .
.
master
data
:
# ------------------------------------ Node ------------------------------------
node.name: es-node01 #
node.roles: [ master, data ] #
master
,
data
, :
# ---------------------------------- Network -----------------------------------
network.host: 10.0.3.11 #
http.port: 9200 #
0.0.0.0
0
, Elasticsearch .
master
:
# ---------------------------------- Cluster -----------------------------------
cluster.name: es_cluster #
cluster.initial_master_nodes: ["es-node01","es-node02","es-node03"] #
cluster.initial_master_nodes
, , . ( ), .
.
master
:
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["10.0.3.11", "10.0.3.12", "10.0.3.13"] #
7.0 Elasticsearch
discovery.zen.minimum_master_nodes
, . , Split Brain,master
. 7.0 , . , , .
,
# ----------------------------------- Paths ------------------------------------
path.data: /var/lib/elasticsearch #
path.logs: /var/log/elasticsearch #
:
# ------------------------------------ Node ------------------------------------
node.name: es-node01 #
node.roles: [ master, data ] #
#
# ---------------------------------- Network -----------------------------------
network.host: 10.0.3.11 #
http.port: 9200 #
#
# ---------------------------------- Cluster -----------------------------------
cluster.name: es_cluster #
cluster.initial_master_nodes: ["es-node01","es-node02","es-node03"] #
#
# --------------------------------- Discovery ----------------------------------
discovery.seed_hosts: ["10.0.3.11", "10.0.3.12", "10.0.3.13"] #
#
# ----------------------------------- Paths ------------------------------------
path.data: /var/lib/elasticsearch #
path.logs: /var/log/elasticsearch #
:
9200
- HTTP (http.port
). Elasticsearch 9200-9300 .
9300-9400
- ( ) . Elasticsearch ( Elasticsearchtransport.port
).
elasticsearch
:
sudo systemctl start elasticsearch.service
:
$ES_HOME/bin/elasticsearch
Elasticsearch , :
$ES_HOME/bin/elasticsearch -d -p pid
Ctrl-C
( )pkill -F pid
.
, , , master
:
[es-node01] master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster, and this node must discover master-eligible nodes [es-node01, es-node02, es-node03] to bootstrap a cluster: have discovered [{es-node01}{olhmN6eCSuGxF4yH0Q-cgA}{CHniuFCYS-u67R5mfysg8w}{10.0.3.11}{10.0.3.11:9300}{dm}{xpack.installed=true, transform.node=false}]; discovery will continue using [10.0.3.12:9300, 10.0.3.13:9300] from hosts providers and [{es-node01}{olhmN6eCSuGxF4yH0Q-cgA}{CHniuFCYS-u67R5mfysg8w}{10.0.3.11}{10.0.3.11:9300}{dm}{xpack.installed=true, transform.node=false}] from last-known cluster state; node term 0, last-accepted version 0 in term 0
, :
[es-node01] master node changed {previous [], current [{es-node02}{VIGgr6_aS-C39yrnmoZQKw}{pye7sBQUTz6EFh7Pqn7CJA}{10.0.3.12}{10.0.3.12:9300}{dm}{xpack.installed=true, transform.node=false}]}, added {{es-node02}{VIGgr6_aS-C39yrnmoZQKw}{pye7sBQUTz6EFh7Pqn7CJA}{10.0.3.12}{10.0.3.12:9300}{dm}{xpack.installed=true, transform.node=false}}, term: 1, version: 1, reason: ApplyCommitRequest{term=1, version=1, sourceNode={es-node02}{VIGgr6_aS-C39yrnmoZQKw}{pye7sBQUTz6EFh7Pqn7CJA}{10.0.3.12}{10.0.3.12:9300}{dm}{xpack.installed=true, transform.node=false}}
, :
curl -X GET "http://10.0.3.11:9200/_cluster/health?pretty"
{
"cluster_name" : "es_cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
, master
. es-node02
:
curl -X GET "http://10.0.3.11:9200/_cat/master?pretty"
VIGgr6_aS-C39yrnmoZQKw 10.0.3.12 10.0.3.12 es-node02
.
Heap size
Elasticsearch Java, «» (heap size
). Elasticsearch jvm.options
, , - 1 . , jvm.options.d
, .
-Xms16g
-Xmx16g
Xms
Xmx
heap size
, 16 . :
Xmx
Xms
50% . Elasticsearch .heap size
, ;
,
JVM
,compressed object pointers
. 32 . ,heap size
JVM
,zero-based compressed oops
( 26 ). .
Elasticsearch, JVM
. :
. Elasticseach .
sudo swapoff -a
vm.swappiness=1
sysctl
.
mlockall
.
mlockall
Elasticseach elasticsearch.yml
bootstrap.memory_lock
true
.
bootstrap.memory_lock: true
Elasticsearch :
curl -X GET "http://10.0.3.12:9200/_nodes?filter_path=**.mlockall&pretty"
{
"nodes" : {
"olhmN6eCSuGxF4yH0Q-cgA" : {
"process" : {
"mlockall" : true
}
},
"VIGgr6_aS-C39yrnmoZQKw" : {
"process" : {
"mlockall" : true
}
},
"hyfhcEtyQMK3kKmvYQdtZg" : {
"process" : {
"mlockall" : true
}
}
}
}
Elasticsearch :
[1] bootstrap checks failed
[1]: memory locking requested for elasticsearch process but memory is not locked
, , :
ulimit -l unlimited
Elasticsearch memlock
unlimited
/etc/security/limits.conf
.
RPM Deb
MAX_LOCKED_MEMORY
unlimited
/etc/sysconfig/elasticsearch
rpm
/etc/default/elasticsearch
dep
.
systemd
Elasticsearch, LimitMEMLOCK
. :
sudo systemctl edit elasticsearch
:
[Service] LimitMEMLOCK=infinity
Elasticsearch , . 65 536.
Elasticsearch
RPM
Deb
, .
/etc/security/limits.conf
nofile
, Elasticsearch.elasticsearch
:
elasticsearch - nofile 65536
:
curl -X GET "http://10.0.3.11:9200/_nodes/stats/process?filter_path=**.max_file_descriptors&pretty"
{
"nodes" : {
"olhmN6eCSuGxF4yH0Q-cgA" : {
"process" : {
"max_file_descriptors" : 65535
}
},
"VIGgr6_aS-C39yrnmoZQKw" : {
"process" : {
"max_file_descriptors" : 65535
}
},
"hyfhcEtyQMK3kKmvYQdtZg" : {
"process" : {
"max_file_descriptors" : 65535
}
}
}
}
Elasticsearch mmapfs
, mmap
. - root
:
sysctl -w vm.max_map_count=262144
, vm.max_map_count
/etc/sysctl.conf
.
Elasticsearch RPM
Deb
, .
, , Elasticsearch , 4096.
, ulimit -u 4096
nproc
4096 /etc/security/limits.conf
.
Elasticsearch systemd
, .
DNS
Elasticsearch DNS 60 10 . , es.networkaddress.cache.ttl
es.networkaddress.cache.negative.ttl
, JVM
/etc/elasticsearch/jvm.options.d/
RPM
Deb
$ES_HOME/config/jvm.options.d/
.
JNA
Elasticsearch Java Native Access (JNA)
, , /tmp
. , noexec
, .
/tmp
noexec
, JVM
, -Djna.tmpdir=<new_path>
.
Elasticsearch .
, Elasticsearch.
Kibana Logstash. Kibana.