概述
本文主要讲解如何二进制安装Linux二进制集群
环境信息
| 主机名 | IP地址 | 系统 |
|---|---|---|
| ELK01 | 10.0.0.40 | Ubuntu22.04 |
| ELK02 | 10.0.0.41 | Ubuntu22.04 |
| ELK03 | 10.0.0.42 | Ubuntu22.04 |
实操
安装JDK(所有节点都需要安装)
ElasticSearch是使用Java语言开发的,所以运行时依赖JDK
安装JDK可以参考这篇文章:https://www.cnblogs.com/huangSir-devops/p/18919758
ElasticSearch版本和Java版本对应关系,可以阅读这篇文章:https://www.elastic.co/support/matrix#matrix_jvm
我们这里安装ELasticSearch7.17.x版本的,我们安装JDK11版本
# 下载
[root@master ~]# wget https://mirrors.huaweicloud.com/openjdk/11.0.2/openjdk-11.0.2_linux-x64_bin.tar.gz
[root@master ~]# ll openjdk-11.0.2_linux-x64_bin.tar.gz
-rw-r--r-- 1 root root 187513052 Jan 18 2019 openjdk-11.0.2_linux-x64_bin.tar.gz
# 解压
[root@master ~]# tar -xvf openjdk-11.0.2_linux-x64_bin.tar.gz
# 创建软连接
[root@master ~]# ln -s /root/jdk-11.0.2 /usr/local/jdk11
[root@master ~]# ll /usr/local/jdk11
lrwxrwxrwx 1 root root 16 Jun 14 21:09 /usr/local/jdk11 -> /root/jdk-11.0.2/
# 配置环境变量
[root@master ~]# vim /etc/profile
# 根据实际安装路径修改
export JAVA_HOME=/usr/local/jdk11/
export PATH=$JAVA_HOME/bin:$PATH
export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
# 加载环境变量
[root@master ~]# source /etc/profile
# 验证
[root@master ~]# java -version
openjdk version "11.0.2" 2019-01-15
OpenJDK Runtime Environment 18.9 (build 11.0.2+9)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)配置主机名及添加hosts解析
ELK01节点设置
[root@master ~]# hostnamectl set-hostname ELK01
[root@master ~]# hostname
ELK01ELK02节点设置
[root@master ~]# hostnamectl set-hostname ELK02
[root@master ~]# hostname
ELK02ELK03节点设置
[root@master ~]# hostnamectl set-hostname ELK03
[root@master ~]# hostname
ELK03三台节点都添加hosts解析
[root@master ~]# vim /etc/hosts
10.0.0.40 ELK01
10.0.0.41 ELK02
10.0.0.42 ELK03配置时间同步(所有节点都需配置)
[root@master ~]# ln -svf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#下载ntpdate 工具
[root@master ~]# apt -y install ntpdate
[root@master ~]# ntpdate ntp.aliyun.com
[root@master ~]# echo "*/5 * * * * /usr/sbin/ntpdate ntp.aliyun.com" > /var/spool/cron/crontabs/root系统配置(所有节点都需配置)
优化系统参数
[root@master ~]# vim /etc/sysctl.conf
# ES 需要大量文件描述符来处理索引和网络连接,建议设置为较高值:
fs.file-max = 655360
# ES 使用 mmap 技术加载索引,需增大虚拟内存区域限制:
vm.max_map_count = 2147483642
# 禁用交换空间(swap分区)
vm.swappiness = 1
# 网络参数优化
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 60
net.ipv4.tcp_keepalive_probes = 10
net.ipv4.tcp_max_syn_backlog = 4096
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 16384
net.core.rmem_max = 262144
net.core.wmem_max = 262144
# 使参数生效
[root@master ~]# sysctl -p /etc/sysctl.conf
# 查询参数,验证是否生效
[root@master ~]# sysctl -q vm.max_map_count
vm.max_map_count = 2147483642创建es存储目录
[root@master ~]# mkdir -p /data/elasticsearch/
[root@master ~]# mkdir -p /var/log/elasticsearch/创建es用户
[root@master ~]# useradd elasticsearch
[root@master ~]# id elasticsearch
uid=2002(elasticsearch) gid=2003(elasticsearch) groups=2003(elasticsearch)
# 授权
[root@master ~]# chown elasticsearch:elasticsearch -R /data/elasticsearch/
[root@master ~]# chown elasticsearch:elasticsearch -R /var/log/elasticsearch/添加es用户的限制
[root@master ~]# vim /etc/security/limits.conf
# 最大文件描述符数
elasticsearch hard nofile 655360
elasticsearch soft nofile 655360
# 最大进程数
elasticsearch hard nproc 8192
elasticsearch soft nproc 8192
# 锁定内存限制
elasticsearch hard memlock unlimited
elasticsearch soft memlock unlimited下载并配置ElasticSearch(所有节点操作)
官方下载地址:https://www.elastic.co/downloads/past-releases#elasticsearch
下载解压ElasticSearch
# 下载ElasticSearch
[root@master ~]# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.26-linux-x86_64.tar.gz
[root@master ~]# ll elasticsearch-7.17.26-linux-x86_64.tar.gz
-rw-r--r-- 1 root root 325410598 Dec 3 2024 elasticsearch-7.17.26-linux-x86_64.tar.gz
# 解压
[root@master ~]# tar -xvf elasticsearch-7.17.26-linux-x86_64.tar.gz
# 移动到/data目录下
[root@master ~]# mv elasticsearch-7.17.26 /data/
# 授权
[root@master ~]# chown elasticsearch:elasticsearch -R /data/elasticsearch-7.17.26/
# 创建软连接
[root@master ~]# ln -s /data/elasticsearch-7.17.26 /usr/local/es7
[root@master ~]# ll /usr/local/es7
lrwxrwxrwx 1 root root 27 Jun 14 21:50 /usr/local/es7 -> /data/elasticsearch-7.17.26/修改配置文件
[root@master ~]# vim /usr/local/es7/config/elasticsearch.yml
cluster.name: es7
path.data: /data/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["ELK01", "ELK02", "ELK03"]
cluster.initial_master_nodes: ["ELK01", "ELK02", "ELK03"]
# 根据节点名称来进行修改此字段
# node.name: ELK01
# node.name: ELK02
node.name: ELK03启动ElasticSearch集群(三个节点都执行)
创建systemd文件
[root@master ~]# vim /lib/systemd/system/es.service
[Unit]
Description=elasticsearch service
Documentation=https://www.cnblogs.com/huangSir-devops
After=network.target auditd.service
[Service]
LimitMEMLOCK=infinity
User=elasticsearch
ExecStart=/usr/local/es7/bin/elasticsearch
TimeoutStopSec=0
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target加载systemd文件
[root@master ~]# systemctl daemon-reload启动es
[root@master ~]# systemctl start es
[root@master ~]# systemctl status es
● es.service - elasticsearch service
Loaded: loaded (/lib/systemd/system/es.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2025-06-14 21:51:19 CST; 34s ago
Docs: https://www.cnblogs.com/huangSir-devops
Main PID: 1420 (java)
Tasks: 43 (limit: 4519)
Memory: 2.1G
CPU: 54.474s
CGroup: /system.slice/es.service
├─1420 /usr/local/es7/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -D
file.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.
maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j2.formatMsgNoLookups=true -Djava.locale.providers=SPI,COMPAT
--add-opens=java.base/java.io=ALL-UNNAMED -Djava.security.manager=allow -XX:+UseG1GC -Djava.io.tmpdir=/tmp/elasticsearch-1928841724883000105 -XX:+HeapDumpOnOutOfMemoryError -XX:+ExitOnOutOfM
emoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log "-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m" -XX:+UnlockDiagnosticVMOpt
ions -XX:G1NumCollectionsKeepPinned=10000000 -Xms1937m -Xmx1937m -XX:MaxDirectMemorySize=1016070144 -XX:G1HeapRegionSize=4m -XX:InitiatingHeapOccupancyPercent=30 -XX:G1ReservePercent=15 -Des
.path.home=/usr/local/es7 -Des.path.conf=/usr/local/es7/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp "/usr/local/es7/lib/*" org.elasticsearch.
bootstrap.Elasticsearch
└─1603 /usr/local/es7/modules/x-pack-ml/platform/linux-x86_64/bin/controller
Jun 14 21:51:47 ELK01 elasticsearch[1420]: [2025-06-14T21:51:47,200][INFO ][o.e.n.Node ] [ELK01] starting ...
Jun 14 21:51:47 ELK01 elasticsearch[1420]: [2025-06-14T21:51:47,216][INFO ][o.e.x.s.c.f.PersistentCache] [ELK01] persistent cache index loaded
Jun 14 21:51:47 ELK01 elasticsearch[1420]: [2025-06-14T21:51:47,217][INFO ][o.e.x.d.l.DeprecationIndexingComponent] [ELK01] deprecation component started
Jun 14 21:51:47 ELK01 elasticsearch[1420]: [2025-06-14T21:51:47,374][INFO ][o.e.t.TransportService ] [ELK01] publish_address {10.0.0.40:9300}, bound_addresses {[::]:9300}
Jun 14 21:51:47 ELK01 elasticsearch[1420]: [2025-06-14T21:51:47,391][INFO ][o.e.x.m.Monitoring ] [ELK01] creating template [.monitoring-alerts-7] with version [7]
Jun 14 21:51:47 ELK01 elasticsearch[1420]: [2025-06-14T21:51:47,400][INFO ][o.e.x.m.Monitoring ] 检查集群节点
# 检查集群节点
[root@master /var/log/elasticsearch]# curl 10.0.0.40:9200/_cat/nodes
10.0.0.40 22 97 12 0.41 0.38 0.26 cdfhilmrstw * ELK01
10.0.0.42 6 97 13 0.30 0.26 0.15 cdfhilmrstw - ELK03
10.0.0.41 21 97 12 0.23 0.19 0.11 cdfhilmrstw - ELK02
# 查看集群是否健康
[root@master /var/log/elasticsearch]# curl 10.0.0.40:9200/_cat/health?v
epoch timestamp cluster status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1749909982 14:06:22 es7 green 3 3 4 2 0 0 0 0 - 100.0%记一下:下一次可以写一下Docker和K8s搭建ES的集群