CentOS 6.8 Installation elasticsearch5.2 cluster

More and more enterprises have adopted the Elk solution to analyze the log generated by their company, the author recently started to deploy their own elk stack in the production environment, this paper introduces the implementation of elasticsearch5.2 cluster in elk.

First, the Environment preparation

1. System: CentOS 6.8

IP and role: 192.168.1.121 (Master node) 192.168.122 (Data node) 192.168.123 (client node)

2. JDK

# I am using JDK version jdk-8u121-linux-x64.rpm, below gives the JDK version that can be downloaded directly

wget--no-cookies--no-check-certificate--header "COOKIE:GPW_E24=HTTP%3A%2F%2FWWW.ORACLE.COM%2F; Oraclelicense=accept-securebackup-cookie "" http://download.oracle.com/otn-pub/java/jdk/8u77-b02/jdk-8u77-linux-x64.rpm "

3, Elasticsearch installation

# Install elastic on three servers, with Yum installation as an example

RPM--import https://artifacts.elastic.co/GPG-KEY-elasticsearch
# Add Elasticsearch source
echo ' [ elasticsearch-5.x]
Name=elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/ Packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/gpg-key-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | sudo tee/etc/yum.repos.d/elasticsearch.repo
# 
Yum Makecache && Yum Install elasticsearch-y

Second, elastic configuration detailed

1, Elasticsearch cluster three kinds of characters
The Master Node:master node is primarily used for metadata (metadata) processing, such as new, deleted, and fragmented indexes
Data node:data nodes are saved
The client node:client node acts as a routing request and can be seen as a load balancer

2. Node selection
# Three modes for configuring high-performance cluster topologies are given in the configuration file, as follows:
-If you want the node to never be elected as the primary node, only to store the data, as a load

Node.master:false
Node.data:true

-If you want the node to be the primary node and do not store any data and keep idle resources, you can act as the coordinator

Node.master:true
Node.data:false

-If you want a node to be neither a master nor a data node, you can use it as a finder, get data from a node, generate search results, and so on.

Node.master:false
Node.data:false

3, ELASTICSEARCH.YAML configuration detailed

# elastic-a1 (192.168.1.121), master node [root@elastic-a1 ~]# egrep-v "^#|^$"/etc/elasticsearch/elasticsearch.yml
Cluster.name:es-cluster node.name:es-node-a1 node.master:true node.data:true path.logs:/var/log/elasticsearch
Bootstrap.memory_lock:false network.host:192.168.1.121 http.port:9200 transport.tcp.port:9300 Discovery.zen.ping.unicast.hosts: ["192.168.1.121", "192.168.1.122", "192.168.1.123"] Discovery.zen.minimum_master _nodes:1 gateway.recover_after_nodes:2 gateway.recover_after_time:5m gateway.expected_nodes:1 bootstrap.system_ Call_filter:false Script.engine.groovy.inline.search:on Script.engine.groovy.inline.aggs:on Indices.recovery.max_ BYTES_PER_SEC:20MB http.cors.enabled:true http.cors.allow-origin: "*" 

# ELASTIC-A2, Data node (192.168.1.122)

[Root@elastic-a2 ~]# egrep-v "^#|^$"/etc/elasticsearch/elasticsearch.yml
cluster.name:es-cluster
NODE.NAME:ES-NODE-A2
node.master:false
node.data:true
path.logs:/var/log/elasticsearch
Bootstrap.memory_lock:false
network.host:192.168.1.122
http.port:9200
transport.tcp.port:9300
Discovery.zen.ping.unicast.hosts: ["192.168.1.121", "192.168.1.122", "192.168.1.123"]
discovery.zen.minimum_ Master_nodes:1
gateway.recover_after_nodes:2
gateway.recover_after_time:5m
gateway.expected_ Nodes:1
bootstrap.system_call_filter:false
script.engine.groovy.inline.search:on
Script.engine.groovy.inline.aggs:on
INDICES.RECOVERY.MAX_BYTES_PER_SEC:20MB

# elastic-a3,client Node (192.168.1.123)

[root@elastic-a3 ~]# egrep-v "^#|^$"/etc/elasticsearch/elasticsearch.yml cluster.name:es-cluster node.name:
Es-node-a3 node.master:false node.data:false path.logs:/var/log/elasticsearch bootstrap.memory_lock:false network.host:192.168.1.123 http.port:9200 transport.tcp.port:9300 discovery.zen.ping.unicast.hosts: [" 192.168.1.121 "," 192.168.1.122 "," 192.168.1.123 "] discovery.zen.minimum_master_nodes:1 gateway.recover_after_nodes
: 2 gateway.recover_after_time:5m gateway.expected_nodes:1 Bootstrap.system_call_filter:false Script.engine.groovy.inline.search:on Script.engine.groovy.inline.aggs:on indices.recovery.max_bytes_per_sec: 20MB 

# Note, recommended configuration reference this article configuration, collective to do not want the meaning of the parameter, here is not specific to you, self-google,baidu, if the reader does not have enough hosts to implement Es-cluster, can be configured on the same host, here only need to modify the following line:

Discovery.zen.ping.unicast.hosts: ["192.168.1.121", "192.168.1.122", "192.168.1.123"] change to Discovery.zen.ping.unicast.hosts: ["0.0.0.0:9300", "0.0.0.0:9301", "0.0.0.0:9302"]

Third, elastic cluster start-up

1. Start the Elasticsearch service on three hosts, and check if the boot log is an error

/etc/init.d/elasticsearch Start Tailf
/var/log/elasticsearch/es-cluster.log

2. Successful launch, browser access Http://192.168.1.121:9200/_cluster/health?pretty=true
# here Elasticsearch cluster has been deployed to complete, specific use of the details please go to the Elsatic official website, view the Crown document four, head plug-in installation

# (Installed on ELASTIC-A1 node)

1. Reference: Https://github.com/mobz/elasticsearch-head

Yum install npm git-y

cd/usr/share/elasticsearch/

git clone git://github.com/mobz/elasticsearch-head.git

CD elasticsearch-head && npm install

npm install-g Grunt

2. Plug-in configuration

cd/usr/share/elasticsearch/elasticsearch-head/# Move to plugin project directory

vim +4329 _site/app.js # Modify app.js in localhost for node IP for easy connection Es-cluster

3. Running plugins in the background

cd/usr/share/elasticsearch/elasticsearch-head/
 nohup Grunt Server &

4, through the plug-in es-cluster status # http://192.168.1.121:9100/()
V. Summary

1. Unable to install Syscall filter

echo "Bootstrap.system_call_filter:false" >>/etc/elasticsearch/elasticsearch.yml # Fix the error.

When using local IP (127.0.0.1), Elasticsearch enters dev mode, which is only accessible from the native computer and displays only warnings.

After using the LAN IP, you can access it from other machines, but enter production mode at startup, and Bootstrap check, it is possible to error the wrong system parameters.

2, installation considerations are mainly Elasticsearch configuration files, ensure that the configuration file is correct, and then to start the Elastic node reference link: http://blog.csdn.net/gamer_gyt/article/details/59077189#reply
Https://www.gitbook.com/book/chenryn/elk-stack-guide-cn/details
Https://www.elastic.co/guide/index.html