elasticsearch7.3 ELK7.3 xpack 单机简单部署 发表于 2019-08-23 | 分类于 ELK | 暂无评论 ## 一.环境配置 ```shell [root@test96 ~]# cat /etc/redhat-release CentOS Linux release 7.6.1810 (Core) [root@test96 ~]# uname -r 3.10.0-957.el7.x86_64 ``` ### 1.修改文件限制 ```shell vi /etc/security/limits.conf * hard nofile 65536 * soft nproc 4096 * hard nproc 4096 * soft memlock unlimited * hard memlock unlimited ``` ### 2.调整进程数 ```shell vi /etc/security/limits.d/20-nproc.conf * soft nproc 4096 root soft nproc unlimited ``` ### 3.调整虚拟内存&最大并发连接 ```shell vi /etc/sysctl.conf vm.max_map_count=262144 fs.file-max=65535 ``` ## 二.配置elasticsearch kibana用户及目录 ### 1.创建用户 ```shell useradd elk ``` ### 2.创建目录 ```shell mkdir /data/servers ``` ### 3.压缩包解压 ```shell cd /data/servers tar -xf elasticsearch-7.3.0-linux-x86_64.tar.gz tar -xf kibana-7.3.0-linux-x86_64.tar.gz mv kibana-7.3.0-linux-x86_64 kibana-7.3.0 ``` ### 4.赋权 ```shell chown -R elk:elk /data/servers/elasticsearch-7.3.0 chown -R elk:elk /data/servers/kibana-7.3.0 ``` ### 三.配置elasticsearch kibana ### 配置elasticsearch ```shell su - elk cd /data/servers/elasticsearch-7.3.0 vi config/elasticsearch.yml ``` 备注:单机默认配置无需修改 Elasticsearch 7 不需要单独安装jdk Elasticsearch是使用Java构建的,并且包含来自每个发行版中的JDK维护者(GPLv2 + CE)的捆绑版本的 OpenJDK。捆绑的JVM是推荐的JVM,位于jdk Elasticsearch主目录的目录中。 要使用您自己的Java版本,请设置JAVA_HOME环境变量。如果必须使用与捆绑的JVM不同的Java版本,我们建议使用受支持的 LTS版本的Java。如果使用已知错误的Java版本,Elasticsearch将拒绝启动。使用自己的JVM时,可能会删除捆绑的JVM目录 ### 配置kibana ```shell su - elk cd /data/servers/kibana-7.3.0 vi config/kibana.yml server.port: 5601 server.host: "0.0.0.0" elasticsearch.hosts: ["http://127.0.0.1:9200"] ``` ## 四.启动 ```shell elk用户启动 ./bin/elasticsearch -d nohup bin/kibana & ss -tlnp 查看监听端口 ``` ## 五.Kibana开启中文语言 Kibana在6.7以后的版本,支持了多种语言。并且自带在安装包里。 开启方式: ```shell vi config/kibana.yml i18n.locale: "zh-CN" ``` 重启即可。 ## 六.开启xpack 7.1版本:基础安全免费。 https://www.elastic.co/cn/subscriptions#request-info 在Elasticsearch7.3,x-pack已经作为默认的插件集成在Elasticsearch里面了,所以无需在bin/elasticsearch-plugin install x-pack了,直接在配置文件中启用就可以了 ### elasticsearch ```shell # 开启x-pack安全验证 xpack.security.enabled: true xpack.license.self_generated.type: basic # 如果是basic license的话需要加入下面这一行,不然的话restart elasticsearch之后会报错。 xpack.security.transport.ssl.enabled: true #(可选)启用审核以跟踪与Elasticsearch集群的尝试和成功交互 xpack.security.audit.enabled: true ``` ### 设置密码 ```shell [elk@test96 elasticsearch-7.3.0]$ bin/elasticsearch-setup-passwords interactive Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]: Reenter password for [elastic]: Enter password for [apm_system]: Reenter password for [apm_system]: Enter password for [kibana]: Reenter password for [kibana]: Enter password for [logstash_system]: Reenter password for [logstash_system]: Enter password for [beats_system]: Reenter password for [beats_system]: Enter password for [remote_monitoring_user]: Reenter password for [remote_monitoring_user]: Changed password for user [apm_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic] ``` ### kibana设置 ```shell vi kibana-7.3.0/config/kibana.yml 添加 elasticsearch.username: "elastic" elasticsearch.password: "123456" ``` ## 七.访问kibana http://192.168.1.96:5601 账号: elastic 密码:123456