ELK Lesson 4：Elasticsearch基本設定

ELK用於基礎架構監控與維運 / 2021-06-20 / Jovepater

設定JVM的記憶體使用參數

設定檔：/etc/elasticsearch/jvm.options

#-Xms1g   #初始化最低記憶體
-Xms2g
#-Xmx1g   #最高使用記憶體
-Xmx2g

建議將最低與最高的記憶體數量皆設定為主機總體記憶體的50%，建議最高設定為32GB，意味每台Elasticsearch主機最高記憶體配置為64GB即可。

設定Elasicsearch

設定檔：/etc/elasticsearch/elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
#cluster.name: my-application
cluster.name: elk-lab-cluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-1
node.name: lab-elk-1.example.com
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
network.host: 192.168.50.101
#
# Set a custom port for HTTP:
#
#http.port: 9200
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
discovery.seed_hosts: ["lab-elk-1.example.com", "lab-elk-2.example.com", "lab-elk-3.example.com"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
cluster.initial_master_nodes: ["lab-elk-1.example.com", "lab-elk-2.example.com", "lab-elk-3.example.com"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
# ------------------------------- Customization --------------------------------
#
node.roles: [ master, data, ingest ]

設定參數說明：

• cluster.name: elk-lab-cluster
  # 這個Cluster的名稱，所有的主機都要設定相同的名稱。

• node.name: lab-elk-1.example.com
  # 該節點的名稱，同一個Cluster內不能重複。

• network.host: 192.168.50.101
  # Elasticsearch使用的IP，若設定為0.0.0.0代表不指定。

• http.port: 9200
  # 指定Elasticsearch通訊埠為9200。

• discovery.seed_hosts: [“lab-elk-1.example.com”, “lab-elk-2.example.com”, “lab-elk-3.example.com”]
  # 指定這個Cluster內所有節點。

• cluster.initial_master_nodes: [“lab-elk-1.example.com”, “lab-elk-2.example.com”, “lab-elk-3.example.com”]
  # 指定這個Cluster內所有master角色的節點。

• node.roles: [ master, data, ingest ]
  # 指定該節點的角色，角色詳細分類如官網。

以上所有參數都必須在所有的節點上做相應的設定喔！

啟動Elasticsearch Cluster

分別在所有節點使用systemctl啟動Elasticsearch，並設定開機啟動。

$ sudo systemctl start elasticsearch
$ sudo systemctl enable elasticsearch

檢查一下Elasticsearch的服務啟動狀態。

$ sudo systemctl status elasticsearch

若看到以下資訊，表示Elasticsearch服務已經正常啟動了。

● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; disabled; vendor preset: disabled)
   Active: active (running) since 日 2021-06-20 20:41:03 CST; 3min 38s ago
     Docs: https://www.elastic.co
 Main PID: 25536 (java)
   CGroup: /system.slice/elasticsearch.service
           ├─25536 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -De...
           └─25722 /usr/share/elasticsearch/modules/x-pack-ml/platform/li...

 6月 20 20:40:23 lab-elk-1.example.com systemd[1]: Starting Elasticsearc...
 6月 20 20:41:03 lab-elk-1.example.com systemd[1]: Started Elasticsearch.
Hint: Some lines were ellipsized, use -l to show in full.

檢查Elasticsearch Cluster服務

在任何的瀏覽器連到任一台Elasticsearch Cluster的節點，並鍵入以下網址：

http://[IP or Hostname]:9200/_cluster/health

正常情況，會看到以下訊息：

{"cluster_name":"elk-lab-cluster","status":"green","timed_out":false,"number_of_nodes":3,"number_of_data_nodes":3,"active_primary_shards":0,"active_shards":0,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}

• cluster_name #這個Cluster的名稱。
• status = green #表示這個Cluster是正常的。
• number_of_nodes = 3 #總共有多少個節點。
• number_of_data_nodes = 3 #共有多少個data節點。

以上資訊代表Elasticsearch Cluster正常啟動，且服務皆正常。

~ END ~

---

< ELK Lesson 3：安裝Elasticsearch

ELK Lesson 5：設定Elasticsearch加密傳輸 >

Elasticsearch, ELK