CentOS 安装 Logstash 2.2.0 和 Elasticsearch 2.2.0

本文介绍安装 logstash 2.2.0 和 elasticsearch 2.2.0,操作系统环境版本是 CentOS/Linux 2.6.32-504.23.4.el6.x86_64。

安装 JDK 是必须的,一般操作系统都会有,只是版本的问题,后面会提到。

而 Kibana 只是一个用纯 JavaScript 写的前端 UI,暂不介绍。因为,最近公司需要分析所有系统的日志,才搞 ELK,但人员和时间有限,三个框架都研究,不太现实。

ElasticSearch 的详细介绍:请点这里
ElasticSearch 的下载地址:请点这里

Elasticsearch

Elasticsearch(简称,ES)提供 ZIP、TAR、DEB 和 RPM 包。但 Github 上提供了一个针对中文环境的 Elasticsearch-RTF,RTF 即 Ready To Fly,它是一个针对中文的发行版,换句话说,帮你入门的。本文针对 Elasticsearch-RTF 为例。基本上,elasticsearch 解压后就能使用。

CentOS 安装 Logstash 2.2.0 和 Elasticsearch 2.2.0

假设你已经从 Github 上下载 elasticsearch-rtf,名为 elasticsearch-master.zip,并上传到你的 Linux 服务器 /usr/local/elasticsearch目录(如果没有,就用 mkdir 命令创建一个)。
•现在,解压,并重新命名文件夹:


[root@linuxidc local]# cd /usr/local/elasticsearch
 
 [root@linuxidc local]# unzip elasticsearch-master.zip
 
 [root@linuxidc elasticsearch]# ls
 
 elasticsearch-master  elasticsearch-master.zip
 
 [root@linuxidc local]# mv elasticsearch-master elasticsearch
 
 [root@linuxidc elasticsearch]# ls
 
 elasticsearch  elasticsearch-master.zip
•尝试运行 elasticsearch:

Linux 环境:


[root@linuxidc elasticsearch]# pwd
 
 /usr/local/elasticsearch/elasticsearch
 
 [root@linuxidc elasticsearch]# bin/elasticsearch


windows 环境,执行相应的 .bat 文件,即 elasticsearch.bat。

但报错了:


[root@linuxidc elasticsearch]# bin/elasticsearch
 
 Exception in thread "main" java.lang.RuntimeException: Java version: Oracle Cooration 1.7.0_51 [Java HotSpot(TM) 64-Bit Server VM 24.51-b03] suffers from crical bug https://bugs.openjdk.java.net/browse/JDK-8024830 which can cause dataorruption.
 
 Please upgrade the JVM, see http://www.elastic.co/guide/en/elasticsearch/referce/current/_installation.html for current recommendations.
 
 If you absolutely cannot upgrade, please add -XX:-UseSuperWord to the JAVA_OPT environment variable.
 
 Upgrading is preferred, this workaround will result in degraded performance.
 
        at org.elasticsearch.bootstrap.JVMCheck.check(JVMCheck.java:123)
 
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:283)
 
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:3
 
 Refer to the log for complete error details.

大意是:Java 运行时异常,本机版本 JDK 有 bug……让升级 JVM。如果实在不能升级,就向 JAVA_OPT 环境变量添加 -XX:-UseSuperWord 选项。

于是,看一下本机的Java 版本:


 [root@linuxidc elasticsearch]# java -version
 
 java version "1.7.0_51"
 
 Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
 
 Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)
 
 [root@linuxidc elasticsearch]# echo $JAVA_HOME
 
 /usr/java/jdk1.7.0_51
 
 [root@linuxidc elasticsearch]#
 

版本是 1.7.0_51。再在官网查了一下,说:“Elasticsearch requires at least Java 7. Specifically as of this writing, it is recommended that you use the Oracle JDK version 1.8.0_72. Java installation varies from platform to platform so we won’t go into those details here. Oracle’s recommended installation documentation can be found on Oracle’s website. Suffice to say, before you install Elasticsearch, please check your Java version first by running (and then install/upgrade accordingly if needed):”,大意是,ES 至少要求 7,推荐使用 1.8.0_72。
•那就删除之前的版本,按个新的吧。先删掉之前的 JDK,然后再用 yum 按个新的:


[root@linuxidc elasticsearch]# yum list installed | grep java
 
 [root@linuxidc elasticsearch]# yum list installed | grep jdk
 
 jdk.x86_64                          2000:1.7.0_51-fcs                installed
 
 [root@linuxidc elasticsearch]# yum -y remove jdk.x86_64
 
 ……
 
 [root@linuxidc elasticsearch]#yum -y install java-1.8.0-openjdk*
 
 ……

注意:java-1.8.0-openjdk*”,后面有个星号,即安装 java 全部相关的东西~
•安装完成后,设置 JDK 的环境变量:


[root@linuxidc elasticsearch]# export JAVA_HOME=/usr/lib/jvm/java-1.8.0
 
 [root@linuxidc elasticsearch]# export PATH=$JAVA_HOME/bin:$PATH
 
 [root@linuxidc elasticsearch]# export CLASSPATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar
 
 [root@linuxidc elasticsearch]# java -version
 
 openjdk version "1.8.0_71"
 
 OpenJDK Runtime Environment (build 1.8.0_71-b15)
 
 OpenJDK 64-Bit Server VM (build 25.71-b15, mixed mode)
 
 [root@linuxidc elasticsearch]# echo $JAVA_HOME
 
 /usr/lib/jvm/java-1.8.0
 
 [root@linuxidc elasticsearch]#

另外,JDK 安装在了我机器的 /usr/lib/jvm 目录下,自己确认一下你的路径。
•再次运行:


 [root@linuxidc elasticsearch]# bin/elasticsearch
 
 Exception in thread "main" java.lang.RuntimeException: don't run elasticsearch as root.
 
        at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:93)
 
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:144)
 
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:285)
 
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
 
 Refer to the log for complete error details.
 
 [root@linuxidc elasticsearch]#
•又报错,elasticsearch 不能用 root 用户运行,那就建立一个:


[root@linuxidc elasticsearch]# groupadd es
 
 [root@linuxidc elasticsearch]# useradd -g es es
 
 [root@linuxidc elasticsearch]# passwd es
 
 Changing password for user es.
 
 New password:
 
 BAD PASSWORD: it is WAY too short
 
 BAD PASSWORD: is too simple
 
 Retype new password:
 
 passwd: all authentication tokens updated successfully.
 
 [root@linuxidc elasticsearch]#
 
 [root@linuxidc elasticsearch]# chown -R root .
 
 [root@linuxidc elasticsearch]# chown -R es .
 
 [root@linuxidc elasticsearch]# chgrp -R es .
 
 [root@linuxidc elasticsearch]# ls -l
 
 total 4
 
 drwxr-xr-x 7 es es 4096 Mar  1 03:07 elasticsearch
 
 [root@linuxidc elasticsearch]#
•重新打开一个终端,用 es 用户登录,并运行 elasticsearch:


[root@linuxidc ~]$ cd /usr/local/elasticsearch/elasticsearch
 
 [root@linuxidc elasticsearch]$ bin/elasticsearch
 
 [2016-03-01 05:11:48,413][WARN ][bootstrap                ] unable to install syscall filter: seccomp unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER are needed
 
 [2016-03-01 05:11:48,750][INFO ][node                    ] [Googam] version[2.1.1], pid[15042], build[40e2c53/2015-12-15T13:05:55Z]
 
 [2016-03-01 05:11:48,750][INFO ][node                    ] [Googam] initializing ...
 
 [2016-03-01 05:11:49,088][INFO ][plugins                  ] [Googam] loaded [elasticsearch-analysis-ik, elasticsearch-analysis-mmseg, elasticsearch-analysis-stconvert, elasticsearch-analysis-pinyin], sites []
 
 [2016-03-01 05:11:49,121][INFO ][env                      ] [Googam] using [1] data paths, mounts [[/ (/dev/mapper/vg_linuxidc-lv_root)]], net usable_space [26.1gb], net total_space [34.8gb], spins? [possibly], types [ext4]
 
 [2016-03-01 05:11:51,119][INFO ][mmseg-analyzer          ] [Dict Loading] chars loaded time=42ms, line=12638, on file=chars.dic
 
 ……
•此时,在另一个终端,访问 elasticsearch:


[root@linuxidc elasticsearch]# curl -X GET http://localhost:9200
 
 {
 
  "name" : "Captain Savage",
 
  "cluster_name" : "elasticsearch",
 
  "version" : {
 
    "number" : "2.1.1",
 
    "build_hash" : "40e2c53a6b6c2972b3d13846e450e66f4375bd71",
 
    "build_timestamp" : "2015-12-15T13:05:55Z",
 
    "build_snapshot" : false,
 
    "lucene_version" : "5.3.1"
 
  },
 
  "tagline" : "You Know, for Search"
 
 }
 
 [root@linuxidc elasticsearch]#
 

ES 已经安装成功。

但此时的 ES 不能通过IP访问,所以,你要修改 config/elasticsearch.yml。找到“network.host”行,那个示例,添加一行:


network.host: your id address

就能通过IP,或浏览器访问。

相关推荐