本次部署是以单机部署，服务器IP为：192.168.1.101，ELK版本为7.1.1

一、环境准备

　　1) ELK需要JDK 8.*支持

~]$ vim /etc/profile　　　export JAVA_HOME=/usr/local/jdk1.8.0_201　　　export JAVA_BIN=/usr/local/jdk1.8.0_201/bin　　　export PATH=$PATH:$JAVA_BIN　　　export CLASSPATH=$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar　　　export PATH=$JAVA_HOME/bin:$JRE_HOME/bin:$PATH　　　export JAVA_HOME JAVA_BIN PATH CLASSPATH~]$ source /etc/profile   #刷新环境变量 ~]$ java -version   #查看java版本 　　java version "1.8.0_201" 　　Java(TM) SE Runtime Environment (build 1.8.0_201-b09) 　　Java HotSpot(TM) 64-Bit Server VM (build 25.201-b09, mixed mode)

　　2) 系统设置

#修改系统连接数 ~]$ vim /etc/sysctl.conf　vm.max_map_count = 655360　fs.file = 1000000 ~]$ sysctl -p  #刷新配置 #修改系统打开文件数为65535 ~]$ vim /etc/security/limits.conf 　　* soft nofile 65536 　　* hard nofile 65536 　　* soft nproc 65536 　　* hard nproc 65536 ~]$ ulimit -n  #查看系统文件数 　　ulimit -n 65535  #如果系统 ~]$ vim /etc/security/limits.d/20-nproc.conf *  soft  nproc 1024 修改为  * soft nproc 2048

　　3）将ELK组件包上传到服务器，本次部署版本为7.1.1

　　kibana-7.1.1-linux-x86_64.tar

　　elasticsearch-7.1.1-linux-x86_64.tar

　　logstash-7.1.1.tar

　   elasticsearch-head-master.zip

二、Elasticsearch部署

1）解压ES安装包 tar -xf elasticsearch-7.1.1-linux-x86_64.tar mv elasticsearch-7.1.1-linux-x86_64.tar /apps/elasticsearch 2）创建启动用户useradd  elastic 3）创建启动日志目录,数据目录，PID目录mkdir -p /apps/log/elasticsearchmkdir -p /apps/lib/elasticsearchmkdir -p /apps/run/elasticsearch 4）赋予对应权限 chown -R elastic:elastic /apps/elasticsearch chown -R elastic:elastic /apps/log/elasticsearch chown -R elastic:elastic /apps/lib/elasticsearch chown -R elastic:elastic /apps/run/elasticsearch

5）修改ES配置文件 ~]$ vim /etc/elasticsearch/config/elasticsearch.yml # ======================== Elasticsearch Configuration ========================= # # NOTE: Elasticsearch comes with reasonable defaults for most settings. #       Before you set out to tweak and tune the configuration, make sure you #       understand what are you trying to accomplish and the consequences. # # The primary way of configuring a node is via this file. This template lists # the most important settings you may want to configure for a production cluster. # # Please consult the documentation for further information on configuration options: # https://www.elastic.co/guide/en/elasticsearch/reference/index.html # # ---------------------------------- Cluster ----------------------------------- # # Use a descriptive name for your cluster: # #判断节点是否属于统一集群，多台ES集群名称要一致 cluster.name: daoran # # ------------------------------------ Node ------------------------------------ # # Use a descriptive name for the node: # #节点名称，写主机名就行 node.name: node-1 # # Add custom attributes to the node: # #node.attr.rack: r1 # # ----------------------------------- Paths ------------------------------------ # # Path to directory where to store the data (separate multiple locations by comma): #ES数据目录 path.data: /apps/lib/elasticsearch # # Path to log files: #ES日志目录 path.logs: /apps/log/elasticsearch # # ----------------------------------- Memory ----------------------------------- # # Lock the memory on startup: # #解决centos6可能会报错，所以添加这行 bootstrap.memory_lock: false bootstrap.system_call_filter: false # # Make sure that the heap size is set to about half the memory available # on the system and that the owner of the process is allowed to use this # limit. # # Elasticsearch performs poorly when the system is swapping the memory. # # ---------------------------------- Network ----------------------------------- # # Set the bind address to a specific IP (IPv4 or IPv6): #network.host: 172.17.0.2只能本地访问，如果想浏览器访问改为0.0.0.0 network.host: 192.168.1.101 # # Set a custom port for HTTP: # #默认ES端口 http.port: 9200 # # For more information, consult the network module documentation. # # --------------------------------- Discovery ---------------------------------- # # Pass an initial list of hosts to perform discovery when this node is started: # The default list of hosts is ["127.0.0.1", "[::1]"] # #discovery.seed_hosts: ["host1", "host2"] # # Bootstrap the cluster using an initial set of master-eligible nodes: # #开启这行注释(集群初始主节点) cluster.initial_master_nodes: ["node-1"] # # For more information, consult the discovery and cluster formation module documentation. # # ---------------------------------- Gateway ----------------------------------- # # Block initial recovery after a full cluster restart until N nodes are started: # #gateway.recover_after_nodes: 3 # # For more information, consult the gateway module documentation. # # ---------------------------------- Various ----------------------------------- # # Require explicit names when deleting indices: # #action.destructive_requires_name: true #添加新参数，这样head插件可以访问ES #是否支持跨域，默认为false http.cors.enabled: true #当设置允许跨域，默认为*,表示支持所有域名，如果我们只是允许某些网站能访问，那么可以使用正则表达式。比如只允许本地地址。 /https?:\/\/localhost(:[0-9]+)?/ http.cors.allow-origin: "*" #解决如果安装了x-pack插件会导致head访问不了问题,未安装x-pack不需要添加 http.cors.allow-headers: "Authorization,X-Requested-With,Content-Length,Content-Type" #是否开启x-pack验证，默认是false（此项需要理解ES运行后再开启，否则坑比较多，前期建议先关闭），如果开启还需要增加ssl方式，否认则会报错 xpack.security.enabled: false xpack.security.transport.ssl.enabled: false

6）设置jvm内存，一般设置为物理内存一半~]$vim /apps/elasticsearch/config/jvm.options　　-Xms1g　　-Xmx1g 7）以守护进程启动Elasticsearch ~]$ su elastic      #不能用root启动，否则会报错 elastic]$ cd /apps/elasticsearch elastic]$ ./bin/elasticsearch -d

     8）打开网页输入 192.168.1.101:9200，如果启动正常就会看到如下页面

二、部署Elasticsearch-head

~]$ yum install httpd -y ~]$ unzip -o elasticsearch-head-master.tar ~]$ cp -r elasticsearch-head-master/* /var/www/html/ ~]$ vim /var/www/html/_site/app.js 　　将配置文件中的 　　this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://localhost:9200"; 　　修改为： 　　this.base_uri = this.config.base_uri || this.prefs.get("app-base_uri") || "http://192.168.1.101:9200"; #启动httpd服务 ~]$ service httpd start

 服务器启动正常情况下， 在浏览器输入 192.168.1.101，就会看到如下页面：

 

 

 三、部署Kibana

~]$ tar -xf kibana-7.1.1-linux-x86_64.tar ~]$ mv kibana-7.1.1-linux-x86_64 /apps/kibana ~]$ vim /apps/kibana/config/kibana.yml # Kibana is served by a back end server. This setting specifies the port to use. #Kibana默认服务端口 server.port: 5601 # Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values. # The default is 'localhost', which usually means remote machines will not be able to connect. # To allow connections from remote users, set this parameter to a non-loopback address. #服务访问地址 server.host: "192.168.1.101" # Enables you to specify a path to mount Kibana at if you are running behind a proxy. # Use the `server.rewriteBasePath` setting to tell Kibana if it should remove the basePath # from requests it receives, and to prevent a deprecation warning at startup. # This setting cannot end in a slash. #server.basePath: "" # Specifies whether Kibana should rewrite requests that are prefixed with # `server.basePath` or require that they are rewritten by your reverse proxy. # This setting was effectively always `false` before Kibana 6.3 and will # default to `true` starting in Kibana 7.0. #server.rewriteBasePath: false # The maximum payload size in bytes for incoming server requests. #server.maxPayloadBytes: 1048576 # The Kibana server's name.  This is used for display purposes. #server.name: "your-hostname" # The URLs of the Elasticsearch instances to use for all your queries. #连接Elasticsearch elasticsearch.hosts: ["http://192.168.1.101:9200"] # When this setting's value is true Kibana uses the hostname specified in the server.host # setting. When the value of this setting is false, Kibana uses the hostname of the host # that connects to this Kibana instance. #elasticsearch.preserveHost: true # Kibana uses an index in Elasticsearch to store saved searches, visualizations and # dashboards. Kibana creates a new index if the index doesn't already exist. #Kibana日志 kibana.index: ".kibana" # The default application to load. #kibana.defaultAppId: "home" ················ # Set the interval in milliseconds to sample system and process performance # metrics. Minimum is 100ms. Defaults to 5000. #ops.interval: 5000 # Specifies locale to be used for all localizable strings, dates and number formats. #i18n.locale: "en" #添加中文支持 i18n.locale: "zh-CN"

 

由于Kibana是需要在前台运行，所以使用screen ~]$screen   #这样就另开启一个终端窗口了 ~]$cd /apps/kibana/ ~]$./bin/kibana

　　启动后按ctrl+a+d组合键，这样在上面另启的screen屏里启动的kibana服务就一直运行在前台了....

正常启动后，访问 192.168.1.101:5601就可以看到如下页面：

 

 四、部署Logstash

　Logstash只需解压就行，没有特别需要更改的

~]$tar -xf logstash-7.1.1.tar.gz ~]$mv logstash-7.1.1 /apps/logstas

 

五、x-pack登录认证（有这方面需求的可以配置一下）

由于ELK现在版本已经自带了x-pack所以不需要再去安装x-pack只需开启就行 ##############################################Elasticsearch 修改Elasticsearch配置文件，开启x-pack验证 ~]$vim /apps/elasticsearch/config/elasticsearch.yml ········ xpack.security.enabled: true xpack.security.transport.ssl.enabled: true 重新启动Elasticsearch ~]$su elastic elastic]$cd /apps/elasticsearch/ elastic]$./bin/elasticsearch

##############################################Logstach 修改Logstach配置文件，取消如下几行的注释并修改内容 ~]$vim /apps/logstash/config/logstash.yml ········· xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.username: "elastic" xpack.monitoring.elasticsearch.password: "changeme" xpack.monitoring.elasticsearch.hosts: ["https://192.168.1.101:9200"]

再次访问 192.168.1.101:9200页面就会需要账户/密码验证，默认：elastic / changeme

 

############################################## Elasticsearch-head 重启head插件 ~]# service httpd restartStopping httpd:                                            [  OK  ]Starting httpd:                                            [  OK  ] 再次访问head时，URL需要加上账户和密码，否则访问不到页面： 192.168.1.101/?auth_user=elastic&auth_password=changeme

##############################################Kibana~] 取消连接Elasticsearch账户的注释 ~]$vim /apps/kibana/config/kibana.yml ········ elasticsearch.username: "elastic" elasticsearch.password: "changeme" 重启Kibana，就会看到如下登录页面