记录：ELK7.6.2安装（一）：Elasticsearch压缩包的安装

symaiky

已于 2025-08-21 21:07:12 修改

阅读量448

点赞数

CC 4.0 BY-SA版权

分类专栏： Linux 文章标签： elasticsearch centos

于 2020-05-06 13:42:11 首次发布

本文链接：https://blog.csdn.net/syk123why/article/details/105940435

Linux 专栏收录该内容

3 篇文章

订阅专栏

本文记录了在CentOS 8.1.1911上安装Elasticsearch 7.6.2的详细步骤，包括配置yum源、解决root权限问题、修改配置文件以允许网络访问，并调整系统参数以确保顺利运行。通过这些步骤，成功启动并测试了Elasticsearch服务。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

ELK官方网址：https://www.elastic.co/cn/

参考官方文档：https://www.elastic.co/guide/en/elasticsearch/reference/7.6/index.html 和互联网实现安装及问题解决

初步学习和了解ELK，计划所有组件全部安装在同一虚拟机

系统环境：CentOS 8.1.1911

软件版本：elasticsearch-7.6.2

计划安装成Filebeat+Redis+Elasticsearch+Logstash+Kibana

一、配置yum安装源为国内资源

修改/etc/yum.repos.d下的三个文件：CentOS-AppStream.repo、CentOS-Base.repo和CentOS-Epel.repo

[root@localhost yum.repos.d]# cat CentOS-AppStream.repo
# CentOS-AppStream.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[AppStream]
name=CentOS-$releasever - AppStream
baseurl=http://mirrors.aliyun.com/centos/$releasever/AppStream/$basearch/os/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=AppStream&infra=$infra
#baseurl=http://mirror.centos.org/$contentdir/$releasever/AppStream/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

[root@localhost yum.repos.d]# cat CentOS-Base.repo
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client.  You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#

[BaseOS]
name=CentOS-$releasever - Base
baseurl=http://mirrors.aliyun.com/centos/$releasever/BaseOS/$basearch/os/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=BaseOS&infra=$infra
#baseurl=http://mirror.centos.org/$contentdir/$releasever/BaseOS/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

[root@localhost yum.repos.d]# cat CentOS-Epel.repo
[epel]
name=CentOS-$releasever - Epel
baseurl=http://mirrors.aliyun.com/epel/8/Everything/$basearch
enabled=1
gpgcheck=0

dnf clean all

dnf make cache

yum -y update

二、Elasticsearch压缩包安装

先把redis安装，后面可能会用到

[root@localhost /]# dnf install redis
CentOS-8 - AppStream                                                                               47 kB/s | 4.3 kB     00:00
CentOS-8 - Base                                                                                    71 kB/s | 3.9 kB     00:00
CentOS-8 - Epel                                                                                    44 kB/s | 4.7 kB     00:00
CentOS-8 - Extras                                                                                 2.6 kB/s | 1.5 kB     00:00
Dependencies resolved.
==================================================================================================================================
 Package               Architecture           Version                                             Repository                 Size
==================================================================================================================================
Installing:
 redis                 x86_64                 5.0.3-1.module_el8.0.0+6+ab019c03                   AppStream                 927 k
Enabling module streams:
 redis                                        5

Transaction Summary
==================================================================================================================================
Install  1 Package

Total download size: 927 k
Installed size: 3.3 M
Is this ok [y/N]: y
Downloading Packages:
redis-5.0.3-1.module_el8.0.0+6+ab019c03.x86_64.rpm                                                1.7 MB/s | 927 kB     00:00
----------------------------------------------------------------------------------------------------------------------------------
Total                                                                                             1.7 MB/s | 927 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                          1/1
  Running scriptlet: redis-5.0.3-1.module_el8.0.0+6+ab019c03.x86_64                                                           1/1
  Installing       : redis-5.0.3-1.module_el8.0.0+6+ab019c03.x86_64                                                           1/1
  Running scriptlet: redis-5.0.3-1.module_el8.0.0+6+ab019c03.x86_64                                                           1/1
  Verifying        : redis-5.0.3-1.module_el8.0.0+6+ab019c03.x86_64                                                           1/1

Installed:
  redis-5.0.3-1.module_el8.0.0+6+ab019c03.x86_64

Complete!

下载elasticsearch包，解压，我选择安装在/etc/路径下

wget https://mirrors.huaweicloud.com/elasticsearch/7.6.2/elasticsearch-7.6.2-linux-x86_64.tar.gz

[root@localhost ~]# tar -zxvf elasticsearch-7.6.2-linux-x86_64.tar.gz

[root@localhost ~]# mv ./elasticsearch-7.6.2 /etc/

[root@localhost elasticsearch-7.6.2]# ./bin/elasticsearch
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
[2020-05-05T23:32:04,098][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [localhost.localdomain] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.RuntimeException: can not run elasticsearch as root
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-7.6.2.jar:7.6.2]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) ~[elasticsearch-7.6.2.jar:7.6.2]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.6.2.jar:7.6.2]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125) ~[elasticsearch-cli-7.6.2.jar:7.6.2]
        at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.6.2.jar:7.6.2]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) ~[elasticsearch-7.6.2.jar:7.6.2]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.6.2.jar:7.6.2]
Caused by: java.lang.RuntimeException: can not run elasticsearch as root
        at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:105) ~[elasticsearch-7.6.2.jar:7.6.2]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:172) ~[elasticsearch-7.6.2.jar:7.6.2]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) ~[elasticsearch-7.6.2.jar:7.6.2]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.6.2.jar:7.6.2]
        ... 6 more
uncaught exception in thread [main]
java.lang.RuntimeException: can not run elasticsearch as root
        at org.elasticsearch.bootstrap.Bootstrap.initializeNatives(Bootstrap.java:105)
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:172)
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349)
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170)
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
        at org.elasticsearch.cli.Command.main(Command.java:90)
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)
For complete error details, refer to the log at /etc/elasticsearch-7.6.2/logs/elasticsearch.log

错误日志：can not run elasticsearch as root，解决方法参考：https://www.zhangbj.com/p/264.html

ELK禁止root账号进行安装，创建其它账号和用户组并授权

groupadd elsearch
useradd elsearch -g elsearch
passwd elsearch
chown -R elsearch:elsearch /etc/elasticsearch-7.6.2

切换用户su elsearch，再次执行/etc/elasticsearch-7.6.2/bin/elasticsearch

执行/etc/elasticsearch-7.6.2/bin/elasticsearch -d

测试是否可以正常访问

[elsearch@localhost elasticsearch-7.6.2]$ curl http://192.X.X.X:9200
curl: (7) Failed to connect to 192.X.X.X port 9200: Connection refused

错误日志，解决方法参考：https://blog.csdn.net/Struggle99/article/details/102896821

[elsearch@localhost elasticsearch-7.6.2]$ ERROR: [3] bootstrap checks failed
[1]: max file descriptors [4096] for elasticsearch process is too low, increase to at least [65535]
[2]: max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
[3]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
ERROR: Elasticsearch did not exit normally - check the logs at /etc/elasticsearch-7.6.2/logs/elasticsearch.log

修改配置文件/etc/elasticsearch-7.6.2/config/elasticsearch.yml

bootstrap.memory_lock: false

network.host: 0.0.0.0

http.port: 9200

修改 etc/security/limits.conf，添加参数

* soft nofile 65536
* hard nofile 65536
* soft nproc 4096
* hard nproc 4096

修改 /etc/sysctl.conf，添加参数

vm.max_map_count=262144

重新加载配置文件

sysctl -p

重新启动elasticsearch，需要先查找进程id，并结束进程id

查找elasticsearch进程，ps -ef | grep elastic

[root@localhost elasticsearch-7.6.2]# ps -ef | grep elastic
elsearch  8651     1  0 01:17 ?        00:02:22 /etc/elasticsearch-7.6.2/jdk/bin/java -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=COMPAT -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.io.tmpdir=/tmp/elasticsearch-6027927097867659117 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data -XX:ErrorFile=logs/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m -XX:MaxDirectMemorySize=536870912 -Des.path.home=/etc/elasticsearch-7.6.2 -Des.path.conf=/etc/elasticsearch-7.6.2/config -Des.distribution.flavor=default -Des.distribution.type=tar -Des.bundled_jdk=true -cp /etc/elasticsearch-7.6.2/lib/* org.elasticsearch.bootstrap.Elasticsearch -d
elsearch  8666  8651  0 01:17 ?        00:00:00 /etc/elasticsearch-7.6.2/modules/x-pack-ml/platform/linux-x86_64/bin/controller
root     15535 14055  0 13:19 pts/0    00:00:00 grep --color=auto elastic

结束进程，kill 8651

重新启动服务/etc/elasticsearch-7.6.2/bin/elasticsearch -d，没有错误日志输出

检查服务是否重新启动，ps -ef | grep elastic

curl http://192.X.X.X:9200 测试正常

[root@localhost elasticsearch-7.6.2]# curl http://192.X.X.X:9200
{
  "name" : "localhost.localdomain",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "su1pzhJQRtmnd5A39toViw",
  "version" : {
    "number" : "7.6.2",
    "build_flavor" : "default",
    "build_type" : "tar",
    "build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
    "build_date" : "2020-03-26T06:34:37.794943Z",
    "build_snapshot" : false,
    "lucene_version" : "8.4.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"